Hi guys I have my main ISPCofig installation running on a VPS. It has dual roles - web server & nameserver. I have another duplicate installation running on a physical server - providing the second nameserver. However this machine is soon being decommissioned, so I want to build a second fresh installation just to be used as a nameserver. I found the guide which I will follow; Setting up your own name service (DNS) with ISPConfig However the Ubuntu VPS which I plan to host this on has the option of an ARM CPU, which fails whenever I try to install ISPConfig... or a very low powered AMD instance - 1Gb RAM + 1 vCPU. When I install ISPConfig on the AMD instance it runs for a bit and then freezes. Whenever I manage to run htop before the crash it shows as 100% CPU usage, etc. So, I was wondering if there is a guide, or a way, of doing a very minimal installation without any not required services - or a way to remove anything & everything not needed to run just as a nameserver? Will just unticking the services not required in Server>Services uninstall/stop them to free up resources? Or should I uninstall them from Ubuntu - if so, which ones and what is the best way to uninstall them? Many thanks
Examine the ISPConfig Multiserver- and cluster environment perfect server guide, there a host with only name service running is set up. Also the ISPConfig Manual has instructions on installing name service only -slave host. My guess is the AMD instance has too little memory, so it needs swap. See if you can set it up with 1 GB memory and 4 GB swap.
Many thanks Taleman - I checked the Ubuntu VPS, which I had abandoned as unreliable, and the swapfile was 0G - so I changed it to 4G and it has been up for 40 mins now - which is the longest its ever worked with ISPConfig installed for. So, my plan is to reinstall Ubuntu, so I am starting with a fresh image, set the swapfile to 4G then reinstall ISPConfig to use as my second nameserver. I started reading the tutorial on installing ISPConfig just as a nameserver and the first thing I tested, as instructed was the local name service resolution using my public IP (and did test with 127.0.0.1 - just incase) using; Code: root@server:~# host mywebsite.com xxx.xxx.xxx.xxx However I get the response; Code: ;; connection timed out; no servers could be reached If I run the same test using the public IP address of my other (being decomissioned) ISPConfig installation - which is currently listed as my secondary nameserver, I get; Code: mywebsite.com has address xxx.xxx.xxx.xxx mywebsite.com mail is handled by 10 mail.mywebsite.com. I also tried; Code: dig @xxx.xxx.xxx.xxx mywebsite.com response; Code: ; <<>> DiG 9.16.1-Ubuntu <<>> @xxx.xxx.xxx.xxx mywebsite.com ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached If I use the IP address of the secondary name server its working fine... Code: ; <<>> DiG 9.16.1-Ubuntu <<>> @xxx.xxx.xxx.xxx mywebsite.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46311 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 6c6172db949b98710100000063cacba4f6e4d6381fad7b5b (good) ;; QUESTION SECTION: ;mywebsite.com. IN A ;; ANSWER SECTION: mywebsite.com. 3600 IN A 190.92.134.231 ;; Query time: 12 msec ;; SERVER: xxx.xxx.xxx.xxx#53(xxx.xxx.xxx.xxx) ;; WHEN: Fri Jan 20 17:13:08 UTC 2023 ;; MSG SIZE rcvd: 98 So, this would imply that the local nameserver on this new setup is not actually working!?! Given the SSL issues I encountered, because the DNS hadn't been updated prior to to the migration, I am concerned that this is another element which hasn't installed properly as a result of this?! I haven't tried rebooting the instance yet as there are live sites on it - but plan to try this later tonight. Thanks
Seems so. Provided the IP-address xxx is the IP of the name server host in Code: host mywebsite.com xxx.xxx.xxx.xxx What did you mean by testing 127.0.0.1? Did you follow the instructions in the DNS tutorial to see if the name service process is running?
Yes it is the public IP address of the server As the server I am testing is also my webserver (I only have 2 hosts), I wondered if using 127.0.0.1 would test it as localhost rather than from the public IP address. I am following the 'Setting up your own name service (DNS) with ISPConfig' tutorial - I will be using a 2 host solution - web+ns1 & ns2. As this was a migration, the DNS settings are already configured, and migrated, from the server which is due to be decommissioned imminently. The ns1.mywebsite.com DNS resolves to the correct IP address - but at the moment it seems my old IPSConfig server is the only working nameserver as the new one isnt working by the look of it Code: systemctl status bind9.service Returns Code: bind9.service - LSB: Start and stop bind9 Loaded: loaded (/etc/init.d/bind9; generated) Active: active (exited) since Thu 2023-01-19 10:24:24 UTC; 1 day 9h ago Docs: man:systemd-sysv-generator(8) Process: 140169 ExecStart=/etc/init.d/bind9 start (code=exited, status=0/SUCCESS) So, I tried named-checkzone XXX.XXX.XXX.in-addr.arpa /etc/bind/pri.XXX.XXX.XXX.in-addr.arpa.err and got; Code: zone XXX.XXX.XXX.in-addr.arpa/IN: loading from master file /etc/bind/pri.XXX.XXX.XXX.in-addr.arpa.err failed: file not found zone XXX.XXX.XXX.in-addr.arpa/IN: not loaded due to errors. Where XXX.XXX.XXX is the first part of the public IP address of the server. So at this point I dont know what the error is, so am wondering whether I need to (and how to) delete the existing DNS settings for all the domains I have registered and re-enter them into ISPConfig manually as they were pre-populated from the migrated source server. The only thing I can think of doing is migrating this setup to a spare VPS - reinstalling ISPConfig now that DNS is propagated, then migrate back from the spare VPS to the freshly built server?
Code: Active: active (exited) Should that not be active (running) if the process is OK? Are there any files ending in .err in that directory? Start bind, with command systemctl start bind9 (you may need to do systemctl stop bind9 first). Then examine what is in logs about bind9, and what is status systemctl shows. How did you set up the secondary name server in ISPConfig Panel? Have you verified the zone files are present in /etc/bind -subdirectories?
Hi @Taleman OK, there are no .err files in /etc/bind/ just a list of the domains (zone files?) which I am hosting DNS for. This is the same on my source installation (this is my secondary nameserver at the moment) and my target server (this one which DNS is not running on and Bind shows as Active (exited) ). I would expect Bind to show as 'Active (running)' - I stopped Bind and confirmed it showed as 'dead', then restarted it and it still shows as 'Active (exited)'. The whole route to this point (in respect to my secondary name server) is; Originally I was self-hosting ISPConfig and had a range of IP addresses... so I set ns1 & ns2 as consecutive IP addresses which were actually both NAT'd to my ISPConfig server. Due to running costs I am relocating to a VPS. So, I installed ISPConfig and use the Migrate Tool to copy everything to the VPS. As I only have a single IP address on my VPS I have set ns1 to point to the IP address of my VPS installation (this server which DNS seems to not be running on) and I have currently left ns2 pointing at my source ISPConfig server, which is still running at the moment. I have replicated the IP changes for web/ns1/ns2 on both instances of ISPConfig and everything seems to be working but DNS is only resolving because ns2 (my source installation) is still up and running. The aim, ultimately, is to have my target installation (this one with non-working DNS) to be my primary machine with websites on. Then I want to do a fresh ISPConfig installation on a very low-powered (free) VPS to just act as a second name server. Once this is done I can finally decommission my source (self-hosted) ISPConfig server. Sorry its so complicated/unusual - but hopefully this clarifies what I have done so far! Thanks
This is the only entry in syslog which I can see relating to bind (I have included a few lines after as well in case there is anything useful)... Code: Jan 21 10:29:27 server systemd[1]: Stopping LSB: Start and stop bind9... Jan 21 10:29:27 server systemd[1]: bind9.service: Succeeded. Jan 21 10:29:27 server systemd[1]: Stopped LSB: Start and stop bind9. Jan 21 10:29:42 server systemd[1]: Starting LSB: Start and stop bind9... Jan 21 10:29:42 server systemd[1]: Started LSB: Start and stop bind9. Jan 21 10:30:01 server CRON[313133]: (getmail) CMD (/usr/local/bin/run-getmail.sh > /dev/null 2>> /dev/null) Jan 21 10:30:01 server CRON[313132]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.l> Jan 21 10:30:01 server CRON[313134]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log> Jan 21 10:30:01 server pure-ftpd: (?@::1) [INFO] New connection from ::1 Jan 21 10:30:01 server pure-ftpd: (?@::1) [INFO] Logout. Jan 21 10:30:01 server dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<zfIKpsPyjJgAAAAAAAAAAAAAAAAAAAAB> Jan 21 10:30:01 server dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<6QgLpsPy+OwAAAAAAAAAAAAAAAAAAAAB> Jan 21 10:30:01 server postfix/smtpd[313232]: connect from localhost[::1] Jan 21 10:30:01 server postfix/smtpd[313232]: lost connection after CONNECT from localhost[::1] Jan 21 10:30:01 server postfix/smtpd[313232]: disconnect from localhost[::1] commands=0/0 Jan 21 10:30:59 server postfix/smtpd[313232]: warning: hostname 5.122.aries.link3.net does not resolve to address 123.200.5.122: Name or service not known Jan 21 10:30:59 server postfix/smtpd[313232]: connect from unknown[123.200.5.122] Jan 21 10:31:01 server CRON[313240]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log> Jan 21 10:31:01 server CRON[313241]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.l> Jan 21 10:31:08 server postfix/smtpd[313253]: connect from unknown[45.237.242.74] Jan 21 10:31:15 server postfix/smtpd[313253]: warning: unknown[45.237.242.74]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jan 21 10:31:16 server postfix/smtpd[313232]: lost connection after EHLO from unknown[123.200.5.122] Jan 21 10:31:16 server postfix/smtpd[313232]: disconnect from unknown[123.200.5.122] ehlo=1 commands=1 Jan 21 10:31:17 server postfix/smtpd[313232]: warning: hostname ratech.co.in does not resolve to address 122.169.117.182 Jan 21 10:31:17 server postfix/smtpd[313232]: connect from unknown[122.169.117.182] Jan 21 10:31:22 server postfix/smtpd[313232]: warning: unknown[122.169.117.182]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Interestingly I read this to say that someone from Brazil (45.237.242.74) has been trying to FTP into this machine - but that's another battle!
Please run the command: dig @localhost mydomain.tld run on this new nameserver where mydomain.tld is the zone you added in ISPConfig. In addition to that, post the settings of this zone from ISPConfig (the zone details tab and the records tab).
Code: ; <<>> DiG 9.16.1-Ubuntu <<>> @localhost 1on1hosting.co.uk ; (2 servers found) ;; global options: +cmd ;; connection timed out; no servers could be reached The Zone Settings show (I haven't redacted the domain/IP details for ease); Records tab shows:
Is bind running at all on that problem name server host? If nothing is written to log it looks like named never even starts. I assumed bind on Ubuntu logs to /var/log/syslog, but maybe I was mistaken. If it logs to some other file, try to find that with Code: grep named -r /var/log/ | less Try again stop and start to bind9 process.
Code: /var/log/apt/term.log:named-resolvconf.service is a disabled or a static unit not running, not starting it. /var/log/apt/term.log:named.service is a disabled or a static unit not running, not starting it. Binary file /var/log/journal/0f26a8b78c6840e9992eaf99c85c1e37/user-5020@3d77f5c913c74cc8abca4d5107a9f5f4-000000000000341d-0005f27e2772a6be.journal matches I then stopped bind9 and the status showed as "Active: anactive (dead)', reststarted it (shows as Active: active (exited) and re-ran 'grep named -r /var/log/ | less', which showed exactly the same as above.
Post the results of the test script from here: https://forum.howtoforge.com/threads/please-read-before-posting.58408/ Run Code: ispconfig_update.sh --force and when it asks reconfigure services answer yes. Then test again if bind9 is running and try to start it, then see logs.
I have attached the test script. I then tried Code: ispconfig_update.sh --force with the default reconfigure services [yes] and then when I check the bind9 status and it still shows - Active: active (exited) The only reference to bind9 in /var/log/syslog is; Code: Jan 21 20:09:57 server systemd[1]: Started pure-ftpd-mysql.service. Jan 21 20:09:57 server systemd[1]: Stopping LSB: Start and stop bind9... Jan 21 20:09:57 server systemd[1]: bind9.service: Succeeded. Jan 21 20:09:57 server systemd[1]: Stopped LSB: Start and stop bind9. Jan 21 20:09:57 server systemd[1]: Starting LSB: Start and stop bind9... Jan 21 20:09:57 server systemd[1]: Started LSB: Start and stop bind9. Jan 21 20:10:01 server cron[227]: (getmail) RELOAD (crontabs/getmail) Jan 21 20:10:01 server cron[227]: (root) RELOAD (crontabs/root)
The test report show Code: ***.***.***.***:53 (125/systemd-resolve) in listening ports. I have not run name service on Ubuntu, but I believe it should even on Ubuntu be named that is listening on port 53. I suspect Ubuntu using systemd-resolve prevents bind from running. How was Ubuntu installed on this host, was it installed as desktop system? Have you modified the bind configuration files in /etc/bind? ISPConfig setup may not be able to handle all starting conditions, the base system must be just installed plain default Ubuntu. What shows command Code: resolvectl status I found article in Ubuntu Wiki: https://help.ubuntu.com/community/BIND9ServerHowto
I agree with @Taleman's findings, systemd resolve probably blocks the port which BIND should be listening on, so you must stop systemd resolve and start bind.
Hi @Taleman OK, attached is the output from Code: resolvectl status Ubuntu is installed on a hosted VPS, so I have to take the shape that they offer. No, it wasn't a desktop O/S it is Ubuntu 20.04 LTS headless. Something I just remembered, which may be important, and apologies if it is as I just remembered. When I tried to install ISPConfig originally it wouldn't install and repeatedly showed this error; Code: Exception occured: ISPConfigOSException -> Command mount -o remount / 2>&1 && quotaoff -avug 2>&1 && quotacheck -avugm 2>&1 && quotaon -avug 2>&1 failed. (/ispconfig.ai.php:15) I'm no expert but assumed this was to do with having the ability to limit quotas to 'clients', so the only way I could install it was using the --no-quota flag. But as this is for me personally and a couple of friends I am not worried about setting quota limits. No, I have not made any modifications to Ubuntu other than the suggestions you guys have kindly made. Thanks @till - can I check that the correct way to do this is; Code: sudo systemctl disable systemd-resolved sudo systemctl stop systemd-resolved Given the issues I have had with wrong assumptions, I thought I'd check before making any changes. On the AskUbuntu website it also says to do this, but I dont know if its necessary; Many thanks again
I do not know what the correct way is, I have not used bind on Ubuntu I think never. But it is interesting that ISPConfig did not set this up correctly. There must be thousand ISPConfig setups on Ubuntu that run bind, so your setup can not be the usual case. Perhaps developers can enlighten how systemd-resolve is handled on Ubuntu setups? The Ubuntu wiki article about name service setup is from 2016, before systemd-resolve became a thing so does not say anything about it. I found https://www.linuxbabe.com/ubuntu/set-up-local-dns-resolver-ubuntu-20-04-bind9 but that is about setting a local resolve, not proper name service. Try Internet Search Engines until you find an article about setting up bind service on recent Ubuntu.