Planned changes regarding DNS managements

  • During i-MSCP setup (or on reconfiguration), the administrator will be asked for

    • The <domain.tld> domain to use for the server, the control panel and the services (ftp, imap/pop, smtp)
    • The <panel>.<domain.tld> subdomain to use for the control panel
    • The <server>.<domain.tld> subdomain to use for the server hostname

    Then, the installer will in order

    • Configure the server hostname using the choosen <server>.<domain.tld> subdomain
    • Create a DNS zone for <domain.tld> instead of a zone for <panel>.<domain.tld>
    • Add a DNS record for the <panel>.<domain.tld> in the newly created zone
    • Add a DNS record for the <server>.<domain.tld> in the newly created zone
    • Add the DNS records for the services (smtp.<domain.tld>, pop.<domain.tld>, imap.<domain.tld>, ftp.<domain.tld>)

    Then

    • All users will access mail and ftp services through the same domain names
    • This will allows us to generate SSL certificates for all those names easily and avoid common name mismatch issues.
    • This will allow also to mitigate reverse DNS issues
    • Each customer will receive information for accessing the mail services.

    To be discussed


    Should we by default set the same NS in all zones? This is already possible with the https://github.com/i-MSCP/imsc…med/10_named_global_ns.pl listener file. The question is: should we do that by default.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    account_detailed.gif

  • I like your suggestions and would also like to see the same NS in all zones.


    Create a DNS zone for <domain> instead of a zone for sub.<domain>

    Is it possible to use the <domain> used for the server also as a domain in the panel?

  • Is it possible to use the <domain> used for the server also as a domain in the panel?

    Of course ;) You will just have to add it. The backend will be smart enough to reuse the DNS zone.


    I like your suggestions and would also like to see the same NS in all zones.

    I think that this would be the best too ;)

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    account_detailed.gif

  • Me too, but it should be configurable in the installer then ;)


    For me, the listener works fine as well.


    So, what will you do, just ask during the installation how to configure DNS?
    1. Use ns1.domain.tld only
    2. Use ns1.domain.tld and ns2.domain.tld (future use, when multiple servers are used)
    3. Use completely custom dns servers.


    Currently I'm also using https://github.com/i-MSCP/imsc…med_slave_provisioning.pl, but the hostnames are not related to the customer domains at all :)

  • @theemstra


    If the administrator choose to install bind9 on i-MSCP server, he will be asked for the NS label and the result will be <label>.<domain.tld> where <domain.tld> is the domain previously choosen for the server. To resume here, ns1 is no longer hardcoded.


    If the administrator want to configure one or many secondary DNS servers, it will be asked for both, the NS name (fully qualifed) and the IP.


    For your slave DNS server provisioning script, nothing will really change appart maybe some changes in the listener file according required API changes in core.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    account_detailed.gif

  • @theemstra


    Those changes are planned for i-MSCP version 1.3.9. The errata file will be updated when needed ;) Each time a major change is done, I add related notes in the errata file.


    Edit: And of course, deprecated listener will be removed.
    Edit: Change are planned for 1.4.x Serie according @Starlight recommendations

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    account_detailed.gif

  • It's great!


    Just a question:
    What if a customer use the old way, example <pop3/smtp/imap>.customerdomain.tld ?
    Is this work, just get ssl error message, or not?

    i-MSCP 1.5.3
    Plugins (latest version): ClamAV, CronJobs, DomainAutoApproval, LetsEncrypt, OpenDKIM, PanelRedirect, PhpSwitcher, PolicydSPF, Postgrey, RecaptchaPMA, RoundcubePlugins, SpamAssasin, WHMCS

  • @Dylan


    If an external DNS server is used and if the DNS records are still in the customerdomain.tld zone, this will work but of course, for SSL, the certificate will be invalid.



    For the rest, it is the administrator responsability to inform his customers.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    account_detailed.gif