Issue description: I have two servers with ISPConfig 3.1.13 using a multi-server setup and one control interface only. I have set the primary server as Primary DNS, and under "Client > Limits (tab) > DNS Server I have configured as follow: When I update the DNS the second server gets notified and does nothing. Under /etc/named.conf.local the zone is set as master on the second server (as well as in the first) but this file is largely outdated. I haven't edited files manually. Also, new domains I add are not transferred to the second server. Environment: Server OS: CentOS Server OS version: CentOS 7 ISPConfig version: 3.1.13 On the master server: Code: Sep 12 10:30:03 de-pri named[28854]: zone lostroom.pt/IN: loaded serial 2018091212 (DNSSEC signed) Sep 12 10:30:03 de-pri named[28854]: zone lostroom.pt/IN: sending notifies (serial 2018091212) On the secondary server: Code: (old) Sep 12 09:36:02 de-seg named[1151]: client 173.249.53.238#47877: received notify for zone 'lostroom.pt' ... (old) Sep 12 10:02:03 de-seg named[1151]: client 173.249.53.238#12705: received notify for zone 'lostroom.pt' ... Sep 12 10:30:03 de-seg named[1151]: client 173.249.53.238#5571: received notify for zone 'lostroom.pt' Querying master: Code: horus:~ mendesrm$ dig @de-pri.gdcltd.pt lostroom.pt SOA +short de-pri.gdcltd.pt. admin.lostroom.pt. 2018091212 7200 540 604800 3600 Querying slave: Code: horus:~ mendesrm$ dig @de-seg.gdcltd.pt lostroom.pt SOA +short de-pri.gdcltd.pt. admin.gdcltd.pt. 2018091001 7200 540 604800 3600 Thank you.
There is an error on your second server that prevents the DNS server from reloading; look for a zone file ending with .err, rename it to the normal pri.whatever file name, restart DNS and check logs for an error, then fix that.
Hi Jesse thank you for your reply. There is no such file on my second server. Also, the DNS service on the second server is running without errors and receiving the notifications as indicated above.
The notification is from your other DNS server, but that is not how mirrored DNS servers update in ISPConfig. Try running the ISPConfig cronjob manually in debug mode on the second server, and see if it shows any errors. You could also just stop and start the DNS server and see if any errors are mentioned.
Please be more specific. Which notification is from my other DNS server? The notification comes from the primary server that propagates to the servers configured to do so, and that are present under the allow-notify. named.service must be running to accept the connection and receive the notification. I have no .err files. I have restarted the named service plenty, as I mentioned before, it starts normally with no errors or warnings. the cron.log doesn't have any error or warning either: Code: Wed Sep 12 17:01:01 WEST 2018 Wed Sep 12 17:01:01 WEST 2018 Wed Sep 12 17:01:01 WEST 2018 finished. Wed Sep 12 17:02:02 WEST 2018 Wed Sep 12 17:02:02 WEST 2018 Wed Sep 12 17:02:02 WEST 2018 finished. Wed Sep 12 17:03:01 WEST 2018 Wed Sep 12 17:03:01 WEST 2018 Wed Sep 12 17:03:01 WEST 2018 finished. Wed Sep 12 17:04:01 WEST 2018 Wed Sep 12 17:04:01 WEST 2018 Wed Sep 12 17:04:01 WEST 2018 finished.
There are two ways to setup dns master/slave in ISPConfig. Do you use DNS mirroring in ISPConfig? Under system services, second DNS server, is 'is mirror of server' set to the first dns server? If yes, then you use automatic dns mirroring which means that the zone is automatically created on both servers, dns notifications etc. are not used then. That's what @Jesse Norell refers to. If the mirroring is not on, then you can use traditional BIND zone exchange, which means that you create a master zone on the first server and a slave zone on the second server, both in ISPConfig dns manager. You don't have to set a notify IP as BIND notifies it's slave server automatically.
Hi @till thank you for your reply. To make it clear that my option is of having a master/slave setup, I am not mirroring the DNS service. Following your instructions on to setup secondary zones I succeeded. Thank you. Code: horus:~ mendesrm$ dig @de-pri.gdcltd.pt soa gdcltd.pt +short de-pri.gdcltd.pt. admin.gdcltd.pt. 2018091203 7200 540 604800 3600 horus:~ mendesrm$ dig @de-seg.gdcltd.pt soa gdcltd.pt +short de-pri.gdcltd.pt. admin.gdcltd.pt. 2018091203 7200 540 604800 3600 P.S. - When a customer has assigned a primary and secondary DNS, shouldn't this be automatic?
Sorry, @maverickws, indeed I was referring to a mirrored setup, which was a wrong assumption/misread. Glad you got it working. It is not automatic; what "should" happen is debatable and varies. If you setup mirrored DNS, the second server will be updated automatically.
@jesse thanks. I am fairly new to ISPConfig, I come from cPanel, but so far so good I am enjoying this plenty and the response to questions is also good so overall I'm glad I chose ISPConfig. The OS is CentOS as I am fairly used and comfortable with it so all good, the perfect server tutorial is almost flawless. I understand this is a robust software and probably has it tweaks and twists I'm still not aware of. About the "should" happen, this is my understanding (maybe wrong?): When you setup the service with a mirrored configuration, it will copy the files / service exactly as is. This means that, despite the DNS files being copied, it does precisely that: copy. under /etc/named.conf.local the zones will appear as "master" despite this server not being the master. It will respond to DNS queries bc the zone file was copied. When you setup with multi-server config and without mirroring, you select which server should have what. I have one website on server A, other client's website on server B, etc. Under the client, on the limit tab, there is the ability to select a primary and a secondary DNS server. So here I understand when a domain is created under this client, the master/slave configuration should be automatic, without the need of going to the DNS > Secondary and adding manually. Also bc I understand (haven't tested) that this "secondary" area under DNS config would permit to add secondary zones where the master is not part of the "cluster".
With mirrored DNS servers, both servers are configured as 'master' in the named config. Technically the zone file is not copied from one to the other, both servers generate the file locally; they connect to the master ispconfig server and read a list of changes (sys_datalog table) they should make, so when everything is working normally, both servers will read eg. "add dns_rr A record for somehost" , "update soa record", etc. type commands for them to perform, and in the end they both generate identical zone files. One thing to realize in planning your setup is right now in ISPConfig, if you mirror one server to another, all services will be mirrored (this will be improved eventually to allow mirroring only select services). That means if you only have 2 services, you can't put website1 on server1, website2 on server2, and mirror DNS; you would have to use a DNS master/slave setup as you have now. The servers will be set for the client automatically, but that does not add any DNS zone/records automatically (neither to the primary server or the secondary). You could probably script that to happen automatically by writing a simple plugin (act on the "add dns zone" event when it gets added to the primary server and add it to the slave server, too). You could also log a feature request at https://git.ispconfig.org/ispconfig/ispconfig3/issues and it might get added some day, eg. as a configurable option. Probably this issue would be a good solution for you (ie. allow just DNS service to be mirrored), and it is planned, though no timeframe on it. That is correct (and you cannot do that with mirrored DNS servers, though you could still add a secondary DNS zone, it would simply be setup as a secondary zone on both of the mirrored servers - which may or may not be what you want).
Once again, amazing answer! I am aware about the "mirroring limitation" meaning it will mirror all services. I have not activated this option nor it is my intent for now to use the mirroring features. The solution to mirror only the DNS service is also not what I am looking for. I believe that so far this is alright. For now I don't think I have further questions about DNS. Thank you.
if your 2nd dns is not reloading the data from the master, you may have two binds running on the slave instead of one.
