Secondary/slave dns service

  • Which method are you using to setup the secondary dns 29

    1. Another server specific for slave dns (16) 55%
    2. External dns provider (such as http://www.xname.org) (9) 31%
    3. Fake configuration whithin i-mscp (4) 14%

    I would like to know what are you using to have a proper master-slave dns service, it's clear that i-mscp provides the master dns, but what about the secondary.
    There is several stuff in the forums, but having to setup a secondary server is a bit of a hassle.
    I found another thread related to this here
    Still I would like to know what are the people using :)

    Edited once, last by aseques ().


  • Ideally, I'm trying to implement PowerDNS with i-MSCP. That would be perfect.


    You mean for the sql support or for something else?

  • I use a separate server specific for secondary dns, which is secondary to multiple imscp primarys :)
    the synchronization i do with a simple php script on every primary dns (it reads domains and aliases from imscp db and generates an output for slave)
    on the slave there is a cron job, which calls the php scripts on the primarys with wget, saves to /etc/bind/hostname.conf, those are linked in named.conf
    bind ist configured to transfer the zones with rndc (with key)
    pretty simple and works fine for a few years :)


  • You mean for the sql support or for something else?


    mainly because of other systems that can also use powerdns. i admit, it is not solely for i-mscp's benefit, but is still open-source and allows flexibility. and in trying to make i-MSCP truly multi-server, it may be a good option...


    edit: and flames, would love to see your custom DNS scripts for that, bitte :)

    Edited once, last by anarking ().

  • [code=php]<?php


    require '../../library/imscp-lib.php';


    $cfg = iMSCP_Registry::get('config');
    $db = iMSCP_Registry::get('db');


    echo "//CONFIGURATION FOR MAIN DOMAIN\n";
    echo "zone \"$cfg->BASE_SERVER_VHOST\"{\n";
    echo "\ttype slave;\n";
    echo "\tfile \"/var/cache/bind/$cfg->BASE_SERVER_VHOST.db\";\n";
    echo "\tmasters { $cfg->BASE_SERVER_IP; };\n";
    echo "\tallow-notify { $cfg->BASE_SERVER_IP; };\n";
    echo "};\n";
    echo "//END CONFIGURATION FOR MAIN DOMAIN\n\n";


    $query = "SELECT `domain_id`,`domain_name` FROM `domain`";
    $rs = exec_query($query);
    if ($rs->rowCount() == 0) {
    echo "//NO DOMAINS LISTED";
    } else {
    $records_count = $rs->rowCount();
    echo "//$records_count HOSTED DOMAINS LISTED ON $cfg->SERVER_HOSTNAME [$cfg->BASE_SERVER_IP]\n";


    while (!$rs->EOF){
    echo "zone \"".$rs->fields['domain_name']."\"{\n";
    echo "\ttype slave;\n";
    echo "\tfile \"/var/cache/bind/".$rs->fields['domain_name'].".db\";\n";
    echo "\tmasters { $cfg->BASE_SERVER_IP; };\n";
    echo "\tallow-notify { $cfg->BASE_SERVER_IP; };\n";
    echo "};\n";
    $rs->moveNext();
    }
    }
    echo "//END DOMAINS LIST\n\n";


    $query = "SELECT `alias_id`,`alias_name` FROM `domain_aliasses`";
    $rs = exec_query($query);
    if ($rs->rowCount() == 0) {
    echo "//NO ALIASSES LISTED";
    } else {
    $records_count = $rs->rowCount();
    echo "//$records_count HOSTED ALIASSES LISTED ON $cfg->SERVER_HOSTNAME [$cfg->BASE_SERVER_IP]\n";


    while (!$rs->EOF){
    echo "zone \"".$rs->fields['alias_name']."\"{\n";
    echo "\ttype slave;\n";
    echo "\tfile \"/var/cache/bind/".$rs->fields['alias_name'].".db\";\n";
    echo "\tmasters { $cfg->BASE_SERVER_IP; };\n";
    echo "\tallow-notify { $cfg->BASE_SERVER_IP; };\n";
    echo "};\n";
    $rs->moveNext();
    }
    }
    echo "//END ALIASSES LIST\n";


    ?>[/php]


    put it into /var/www/imscp/gui/public/domain/index.php on your primary dns / imscp server
    create a .htaccess that allows only your secondary dns ip to call the script.


    on your secondary:
    create a cronjob
    */30 * * * * /usr/bin/wget http://IP-OF-PRIMARY-DNS/domain/ -O /etc/bind/named.hostname.conf && /etc/init.d/bind9 reload && /usr/bin/logger "i-MSCP: DNS zones updated from hostname\!"


    then in /etc/bind/named.conf add the line
    include "/etc/bind/named.hostname.conf";


    replace hostname with the hostname or something that identify your primary server


    not the best solution, but works. ofc here ist the bind configuration missing, if you want i can write a full howto. because you need to configure your primary and secondary for zone transfer, rndc keys and such :)

    Edited once, last by flames ().

  • sorry, i forgot about this thread. imscp configures bind already perfect for zone transfer, if you install one server with imscp and while setup choose primary + slave ip, and second server choose secondary + master ip. this feature is already for a while available in imscp. the only part imscp is missing, is in the previous post (php script on master + cronjob on slave)


    so i dont need to write any howto :P

  • there are multiple ways to secure the php script from foreign access, historically a .htaccess file is used to limit acces only from secondary DNS IP-address. it does not secure the php script from users who are potentially hosted on the secondary :)
    just create a .htaccess/.htpasswd with user/pass login, and change the wget cronjob...
    */30 * * * * /usr/bin/wget http://IP-OF-PRIMARY-DNS/domain/ -O /etc/bind/named.hostname.conf --user=htuser --password=htpass && /etc/init.d/bind9 reload && /usr/bin/logger "i-MSCP: DNS zones updated from hostname\!"

  • Hello,


    I tried the script and also the cronjob - both worked great but there is one point which I changed. Currently - at least on my machines - when the primary panel is not reachable via http the cron creates an empty files and the information about the secondary zones is not loaded anymore because it was overwritten. So I added an if-statement to the cron command and also the user which was missing (otherwise the cronjob did not run on my machines due to missing priviledges):


    */30 * * * * root /usr/bin/wget http://IP-OF-PRIMARY-DNS/domain/ -T -O /etc/bind/named.hostname.conf.download --user=htuser --password=htpass && if test -s /etc/bind/named.hostname.conf.download; then cp /etc/bind/named.hostname.conf.download /etc/bind/named.hostname.conf && /etc/init.d/bind9 reload && /usr/bin/logger "i-MSCP: DNS zones updated from hostname\!"; else /usr/bin/logger "i-MSCP: DNS zones could not be downloaded from hostname\!"; fi


    If you installed ssl I would also recommendate to use https:// instead of http:// (if you are using a self-signed certificate just add "--no-check-certificate" to the wget command).


    Regards Jörg