Secondary DNS zone files are not readable

Discussion in 'Installation/Configuration' started by ITI, Oct 17, 2017.

  1. ITI

    ITI Member

    Is there some sort of trick or editor to read the dns zone files on the slave dns server?
    Why are the slave zone files not in plain text?
    Is there a way to have them created in plain text?
  2. vk3heg

    vk3heg Member

    They are not readable in the standard sense, and have been like that since the start of time.
  3. ITI

    ITI Member

    This doesn't answer the question nor have I ever seen a slave server with non-readable zone files.
  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    For example mydns does not store zone data in a file. It uses a database for all name service data, including the zone file. You should check which program is in use to implement the name service and read the manual or settings file to see where zone data is stored.
    If You are using Bind, then indeed there should be a zone file even on the slaves. To see where those files are read the bind configuration files.
    Also, I would assume any name service has some way to print out the zone info.
  5. ITI

    ITI Member

    This is the whole point of my question. ISPconfig uses some form of "encryption" (although it's probably not encryption) to store the zone file in a text document that is not readable in an ordinary text editor.
    Does anybody know what it is they are doing and how they (the zone file) can be read on the slave servers.
  6. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    You keep secrets Yourself. What is that text document? My experience is ISPConfig stores name service data in its database. From there data goes to the application that provides name service. What app are You using? Mydns for example has mydnsexport command which prints out data in bind format.
    till likes this.
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    The zone data is stored in the ispconfig database, you can read it with phpmyadmin in the dns_* tables and then the zone data get's written to disk as a standard BIND config file. There are no encrypted or hidden files created by ISPConfig at all. And ISPConfig is not writing slave data files anyway, they are written by BIND itself if you use slave zones. The normall way of DNS mirroring in ISPConfig does not use that NIND mechanism btw, see multiserver guides.
  8. ITI

    ITI Member

    Finally someone that knows what they are talking about.
    This is correct on both counts and worth noting the config file written on the primary name server is in "plane text"
    With that said I searched "Bind slave format" and found this page:

    Which in summary says:
    "With BIND 9.9.x, the slave zone files are now saved in a default raw binary format. This was done to improve performance, but at the sacrifice of being able to easily view the contents of the files."

    Thanks Till, I will now investigate my bind configuration
    Last edited: Oct 28, 2017
  9. ITI

    ITI Member

    If you want readable zone files on your slave servers you will need to do the following only on the slave servers:
    1. copy "bind_named.conf.local.slave" from "/usr/local/ispconfig/server/conf" to "/usr/local/ispconfig/server/conf-custom"
    2. Edit the copy in /conf-custom adding the line "masterfile-format text;"
    3. Your edited file should look similar to this:
    <tmpl_loop name='zones'>
    <tmpl_if name='zone'>
    zone "<tmpl_var name='zone'>" {
            type slave;
            masterfile-format text;
    <tmpl_var name='options'>        file "<tmpl_var name='zonefile_path'>";
    I actually had "masterfile-format text;" in my original bind configuration files although I would never have remember what it was there for!
    Last edited: Oct 30, 2017
    ahrasis and till like this.

Share This Page