Hi We have installed ISPConfig for a small ISP. The DNS server installed on it resolves request for the domains configured in ISPConfig and external domains too. Though the ISP has an IP range for its network, we want that hosts in its range could be able to resolve any domain, but external hosts (Internet) could resolve only domains configured in ISPConfig. How could this be done? Thanks
Public/Private and SplidDNS Please point me a direction, and I'll find solution. (witch script is for writing named.conf ?)
If you just want to set some basic named.conf settings, you dont have to change any scripts. Just change the named.conf.master template in /root/ispconfig/isp/conf/
"If you just want to set some basic named.conf settings" if I would lake that I wouldn't use ISPConfig. I need for every new zone (domain) to create "view internals" and "view externals", just help me start, and I'll contribute. please help and thanks, heeelp me helping you
hope this solve your case http://www.howtoforge.com/two_in_one_dns_bind9_views ________ Buy Digital Scale
Till Help me ! This doesn't do job ... Code: acl "internels" { 192.168.0.0/16; } options { pid-file "/var/lib/named/var/run/named/named.pid"; directory "{BINDDIR}"; auth-nxdomain no; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; }; // // a caching only nameserver config // view "internals" { match-clients { "internals"; }; recursion yes; allow-recursion { internals; localnets; localhost; }; allow-query { internals; localnets; localhost; }; allow-query-cache { internals; localnets; localhost; }; zone "." { type hint; file "root.hint"; }; zone "0.0.127.in-addr.arpa" { type master; file "127.0.0.zone"; }; <!-- BEGIN DYNAMIC BLOCK: named_int --> zone "{DOMAIN_INT}" { type master; file "int.{DOMAIN_INT}"; }; <!-- END DYNAMIC BLOCK: named_int --> }; view "externals" { match-clients { "any"; }; recursion no; <!-- BEGIN DYNAMIC BLOCK: named --> zone "{DOMAIN}" { type master; file "pri.{DOMAIN}"; }; <!-- END DYNAMIC BLOCK: named --> <!-- BEGIN DYNAMIC BLOCK: named_reverse --> zone "{ZONE}.in-addr.arpa" { type master; file "pri.{ZONE}.in-addr.arpa"; }; <!-- END DYNAMIC BLOCK: named_reverse --> <!-- BEGIN DYNAMIC BLOCK: named_slave --> zone "{DOMAIN}" { type slave; file "sec.{DOMAIN}"; masters { {MASTERS}; }; }; <!-- END DYNAMIC BLOCK: named_slave --> }; //// MAKE MANUAL ENTRIES BELOW THIS LINE! ////
FINALY !!! And some one chek this please ... ok, this is my HOW TO SPLIT DNS, I did get results 1. named.conf.master -> modify as I did above 2. root/ispconfig/scripts/lib/classes/ispconfig_bind.lib.php -> modify/add next lines ... $mod->tpl->define_dynamic( "named", "table" ); $mod->tpl->define_dynamic( "named_int", "table" ); $mod->tpl->define_dynamic( "named_slave", "table" ); ... ... if($domain != ""){ // Variablen zuweisen $mod->tpl->assign( array( 'DOMAIN' => $domain)); $mod->tpl->parse('NAMED',".named"); $mod->tpl->assign( array( 'DOMAIN_INT' => $domain)); $mod->tpl->parse('NAMED_INT',".named_int"); } ... ... $mod->file->wf($bind_file, $zonefile_text); $mod->file->add_trailing_newline($bind_file); $bind_int = $mod->system->server_conf["server_bind_zonefile_dir"]."/int.".$dns["dns_soa"]; $intzone_text = str_replace("195.152.62.2", "192.168.0.9", $zonefile_text); $mod->file->wf($bind_int, $intzone_text); $mod->file->add_trailing_newline($bind_int); $bind_restart = 1; } else { ... ... if(substr($file,-1) == '~'){ if(!$mod->system->grep($named_conf_content, substr($file,0,strlen($file)-1), 'w') && (substr($file,0,4) == "pri." || s ubstr($file,0,4) == "sec." || substr($file,0,4) == "int.")) $files[] = $dir.$file; } else { if(!$mod->system->grep($named_conf_content, $file, 'w') && (substr($file,0,4) == "pri." || substr($file,0,4) == "sec." || substr($file,0,4) == "int.")) $files[] = $dir.$file; } ... I told You ...
I'll be your beta tester Hi Tollan, I'll be your beta tester for it if your environment the same as I. From what I see, you need ISPconfig to create 2 zone - 1 created by ISPconfig (as usual) will be used as external views with IP 192.168.0.9 - then internal views for your LAN PC by accessing IP 192.168.100.1 so when outsider like I, calling domain.tld that hosted on your box. your DNS will gave me IP 192.168.0.9 but from your local PC, accessing domain.tld will resolve to 192.168.100.1 I have several question about it - What ISPconfig version you use? I am using the latest 2.2.21 - What IP address you use on your ISPconfig box? (Management >> Server >> Settings >> Server >> IP Address) is it 192.168.0.9? why are you using IP 192.168.0.9 for external views? isn't 192.168.x.x only be used as local network sorry a lot of question, I just started using ISPconfig and my box is on internal network (DMZ) using local IP (10.10.48.232) that NAT'ed by Firewall (202.158.48.232). I can ping and resolve domain with record 10.10.48.232 but when I change IP address used by ISPconfig into 202.158.48.232, I wont be able accesing hosted sites that's why I am also interesting with your topics. regards,
"I'll be your beta tester" no I didn't mean someone to test, but maybe author of that script to check if that's ok. I was bussy implementig ISPConfig at my plase. (Soo it means there only you and me need that ? 192.168.0.9 is local DMZ address 192.168.100.1 is bad example od Public IP address, for I'll change that to 194.23.34.46 A1. ISPConfig Version: 2.2.21 A2. I curently use from lan 192.168.0.9 and from outside 194.23.34.46 A3. Yes, it is 192.168.0.9 and hmmm give me 2 hours, to implement and check complet idea, and I'll comeback
right then... I'll be wait for your come back I think I am on same boat as you.. and you are right the author has to check and implement the code as we need field on ISPConfig (Management >> Server >> Settings >> Server >> IP Address) to enter our Private IP, rather than edit the code manually ________ Buy Vapir One
Wow how I like to spend time solving unfinished "How To" from some one, and bad install guides. It takes 5 min from someone and all he has to do is post ... Guys do that there... I did my split DNS, did 2xLANs and vhost, every thing is working fine, except PHP pleeeease help. ISPConfig Hosting Server width split DNS (DMZ) local IP: 192.168.0.9 public IP: 195.152.62.2 Split DNS, manual change 1. server -> settings -> server -> ip addres : public IP (ex. 195.152.62.2) 2. change named.conf.master Code: acl "internals" { 127.0.0.0/8; 192.168.0.0/16; }; acl "slave-dns" { 195.152.64.130; }; options { pid-file "/var/lib/named/var/run/named/named.pid"; directory "{BINDDIR}"; auth-nxdomain no; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; }; // // a caching only nameserver config // view "internals" { match-clients { "internals"; }; recursion yes; allow-recursion { internals; localnets; localhost; }; allow-query { internals; localnets; localhost; }; allow-query-cache { internals; localnets; localhost; }; zone "." { type hint; file "root.hint"; }; zone "0.0.127.in-addr.arpa" { type master; file "127.0.0.zone"; }; <!-- BEGIN DYNAMIC BLOCK: named_int --> zone "{DOMAIN_INT}" { type master; file "int.{DOMAIN_INT}"; allow-transfer {"none";}; notify no; }; <!-- END DYNAMIC BLOCK: named_int --> }; view "externals" { match-clients { "any"; }; recursion no; <!-- BEGIN DYNAMIC BLOCK: named --> zone "{DOMAIN}" { type master; file "pri.{DOMAIN}"; allow-transfer {"slave-dns";}; notify yes; }; <!-- END DYNAMIC BLOCK: named --> <!-- BEGIN DYNAMIC BLOCK: named_reverse --> zone "{ZONE}.in-addr.arpa" { type master; file "pri.{ZONE}.in-addr.arpa"; }; <!-- END DYNAMIC BLOCK: named_reverse --> <!-- BEGIN DYNAMIC BLOCK: named_slave --> zone "{DOMAIN}" { type slave; file "sec.{DOMAIN}"; masters { {MASTERS}; }; }; <!-- END DYNAMIC BLOCK: named_slave --> }; //// MAKE MANUAL ENTRIES BELOW THIS LINE! //// 3. change ispconfig_bind.lib.php (before this post explained) 4. change vhost.conf.master Code: {FP_RESOURCE_CONFIG} {FP_ACCESS_CONFIG} ################################### # # ISPConfig vHost Configuration File # Version 1.0 # ################################### # NameVirtualHost 192.168.0.9:80 # IMPORTANT: First webXX shouldbe Yours, First web is default WEB <!-- BEGIN DYNAMIC BLOCK: vhost --> ###################################### # Vhost: {SERVERNAME} ###################################### # # # enter here youe DMZ local IP, don't leave automatic <VirtualHost 192.168.0.9:80> {HTTPD_INCLUDE} {SUEXEC} ServerName {SERVERNAME} ServerAdmin {SERVERADMIN} DocumentRoot {DOCUMENTROOT} {SERVERALIAS} {DIRECTORYINDEX} {CGI} ErrorLog {WEB_ERROR_LOG} {PHP} {RUBY} {SSI} {WAP} {ERRORALIAS} {ERROR} # disable user userdirs # AliasMatch ^/~([^/]+)(/(.*))? {HTTPD_ROOT}/{WEB}/user/$1/web/$3 # AliasMatch ^/users/([^/]+)(/(.*))? {HTTPD_ROOT}/{WEB}/user/$1/web/$3 {REWRITE_RULE} {FRONTPAGE} </VirtualHost> # {SSL} # # <!-- END DYNAMIC BLOCK: vhost --> 02:50AM PHP is working ... ogame 5 min,... and gone ...
No, I don't think so. I'm trying to get a machine with ISPconfig running at our school, where I also encounter the split view problem. Unfortunately, they cannot put the machine directly on a real IP... And I suppose some more people who encountered the same problem have just not yet discovered this thread...
ok, super, ... see dl7und, we are growing bigger ! , if you need some help I'll be here My ISPConfig in DMZ with splitDNS is functional 100%. ISPConfig is on openSuse 10.3 64bit
if there are many users like us, I think till or falko can modified ISPconfig to support views in BIND and ISPConfig ________ CLK-AMG BLACK SERIES
OK, I've tried for a while to solve this manually (I don't like Bind much, I've been a fan of DJBDNS for years and I still think this all would be much easier with tinydns...), but with no success. Then I followed tollan's howto, but ran into a few problems: The new named.conf has one section that does not get processed, it's just copied over from the template. It's this one: Code: <!-- BEGIN DYNAMIC BLOCK: named_int --> zone "{DOMAIN_INT}" { type master; file "int.{DOMAIN_INT}"; allow-transfer {"none";}; notify no; }; <!-- END DYNAMIC BLOCK: named_int --> I also get a complaint from Bind regarding Code: view "externals" { (unknown option 'view') and another one because it is not satisfied with a closing bracket - though that could be due to code not properly processed before. I think I followed all instructions, I just rechecked. Any idea what could have gone wrong?
One addition: The "view externals" section is the last one copied over from the template, so a lot is still missing. I hope I will have some time tomorrow to check this further. Update: OK, I got results. This is a bit weird, but... After I created a record for the site in the DNS manager, everything showed up in named.conf. However, Bind complained about a missing root.hint (fixed this by creating one) and the location for the PID file seems to be incorrect. I had to revert that line in named.conf to the original from the tutorial: Code: options { pid-file "/var/run/bind/run/named.pid"; ... It seems to work now, at least here on the LAN. I will need to wait until evening to check the WAN side from home.
It's working! Nice job, tollan! Maybe one more person can test this howto and then it could be made "official", I'm sure some people would be happy to see it...
just to make sure that others will follow the same named.conf.master is located on /root/ispconfig/isp/conf located on /root/ispconfig/scripts/lib/classes/ located on /root/ispconfig/isp/conf now I am trying this method ________ Penny Stock Picks
works flawlessly, except for Code: ... allow-query-cache { internals; localnets; localhost; }; ... bind reject that line need about 2 days to make sure, everything OK. then I'll back... ________ Toyota Avensis History
