automatical secondary DNS server

    Original: http://noe.wikidot.com/automat…ndary-dns-for-ispcp-howto
    It was revised for i-MSCP.


    [size=x-large]1. on i-MSCP server (primary DNS)[/size]


    [size=large]1.1. domain list query[/size]


    Create the /var/www/imscp/gui/public/domainlist.php file with the following content:

    PHP
    1. <?phprequire 'imscp-lib.php';$cfg = iMSCP_Registry::get('config');$db = iMSCP_Registry::get('db');$count_query = " SELECT COUNT(`domain_id`) AS cnt FROM `domain`";$query = " SELECT `domain_name` FROM `domain` ORDER BY `domain_id` ASC";$rs = execute_query($db, $count_query);$records_count = $rs->fields['cnt'];$rs = execute_query($sql, $query); if ($rs->rowCount() == 0) { echo "//NO DOMAINS LISTED"; } else { echo "//$records_count HOSTED DOMAINS LISTED ON $cfg->SERVER_HOSTNAME [$cfg->BASE_SERVER_IP]\n"; echo "//CONFIGURATION FOR MAIN DOMAIN\n"; echo "zone \"$cfg->BASE_SERVER_VHOST\"{\n"; echo "\ttype slave;\n"; echo "\tfile \"/var/cache/bind/$cfg->BASE_SERVER_VHOST.db\";\n"; echo "\tmasters { $cfg->BASE_SERVER_IP; };\n"; echo "\tallow-notify { $cfg->BASE_SERVER_IP; };\n"; echo "};\n"; while (!$rs->EOF){ echo "zone \"".$rs->fields['domain_name']."\"{\n"; echo "\ttype slave;\n"; echo "\tfile \"/var/cache/bind/".$rs->fields['domain_name'].".db\";\n"; echo "\tmasters { $cfg->BASE_SERVER_IP; };\n"; echo "\tallow-notify { $cfg->BASE_SERVER_IP; };\n"; echo "};\n"; $rs->moveNext(); } }echo "//END DOMAINS LIST\n";?>


    Change the owner of the file:

    Code
    1. chown vu2000:vu2000 -R /var/www/imscp/gui/public/domainlist.php


    To protect the domainlist.php create the /var/www/imscp/gui/public/.htaccess file with following content:

    Code
    1. <Files domainlist.php> Order Deny,Allow Deny from all Allow from <SECONDARY_DNS_IP_ADDRESS></Files>


    After that only the secondary DNS server can reach the file.


    [size=large]1.2. BIND9 setup[/size]


    Go to the directory of bind9 in order to create the communication key between the two bind9:

    Code
    1. cd /etc/binddnssec-keygen -a hmac-md5 -b 128 -n HOST TRANSFER


    To speed up the generation type something on the keyboard!


    After the key was created to view the key in base64 encoding form type the following command:

    Code
    1. cat Ktransfer.*.key | rev | cut -d' ' -f1 | rev


    It will be neccessary later!


    Append the following content to the /etc/bind/named.conf.options file (after the options {} content)

    Code
    1. ////SECONDARY NS//key "TRANSFER" { algorithm hmac-md5; secret "<base64-encrypted-key>";};server <SECONDARY_DNS_IP_ADDRESS> { keys { TRANSFER; };};


    After that restart the BIND9:

    Code
    1. service bind9 restart


    [size=x-large]2. On the secondary DNS server[/size]


    [size=large]2.1. BIND9 setup[/size]


    Append the following content to the /etc/bind/named.conf.local file:

    Code
    1. include "/etc/bind/named.conf.backup";


    Append the following content to the /etc/bind/named.conf.options file (after the options {} content)

    Code
    1. ////SECONDARY NS//key "TRANSFER" { algorithm hmac-md5; secret "<base64 encrypted key>";};server <IMSCP_SZERVER_IP_ADDRESS> { keys { TRANSFER; };};


    After that restart the BIND9:

    Code
    1. service bind9 restart


    Let's test to get the domain list from the primary server:

    Code
    1. /usr/bin/wget --no-check-certificate https://<IMSCP-URL>/domainlist.php -O -


    If we can see the DNS-zone definitions everything works well and we can set the automatic update by cron.
    Create the /etc/cron.d/imscp_dns_update file with the following content:

    Code
    1. */5 * * * * root /usr/bin/wget --no-check-certificate https://<IMSCP-URL>/domainlist.php -O /etc/bind/named.conf.backup && /etc/init.d/bind9 reload && /usr/bin/logger "i-MSCP: Backup zones updated\!"


    So the DNS-zone definitions are automatically updated every 5 minutes from the primary server. If we do everything properly, we can see the <domain>.db files in the /var/cache/bind/ directory.


    Finally hurray! :)

    thank you for the howto, but see, your domain.php script does not echo aliases.
    also a separate sql query is not needed just to count records.
    second, since rc1.3 (or even before) you don't need to configure bind with keys to transfer zones, bind is already configured fine by imscp while setup (selecting primary and secondary nameserver, allow notify and allow transfer)


    this howto is taken from the same old ispcp howto, where i took and updated the domains script here http://forum.i-mscp.net/Thread…ervice?pid=11995#pid11995
    properly updated, so domains and aliases are transfered

    Edited once, last by flames ().

    Sorry for my outdate solution.


    I didn't find your post when I searched for "auto secondary dns server".
    I only found the ispcp solution and I tried to modify that.


    Your solution is better, thank you!

    yea, one day i learn how to use the wiki :)
    btw. there i updated alternative idea to secure the php script.