====== How do i configure my other nameserver? ======
To keep the secondary nameserver in sync with the primary you can follow these steps.
===== NS1 =====
Edit **/etc/bind/named.conf** and add this to the top:
options {
directory "/var/cache/bind";
forwarders {
[DNS.FROM.ISP];};
auth-nxdomain no;
dnssec-enable yes;
};
key "TRANSFER" {
algorithm hmac-md5;
secret "[HASHKEY]";
};
server [YOUR.NS2.IP] {
keys {
TRANSFER;
};
};
Parts of this used to be in **named.conf.options**, but we will not use that file. Remove the include line to. It should include a nameserver from your isp as forwarder and we use dnssec-enable to do encrypted zone-transfers. Also remove ALL comments!
You need a key for secure zonetransfers on both nameservers. You can create a key with: (its in the **.private** file, only needed once and only on your NS1)
# dnssec-keygen -a hmac-md5 -b 512 -n host [YOUR.NS1.FQDN]
Restart bind.
# /etc/init.d/bind9 restart
===== NS2 =====
Edit **/etc/bind/named.conf** and add this to the top:
options {
directory "/var/cache/bind";
forwarders {
[DNS.FROM.ISP];};
auth-nxdomain no;
dnssec-enable yes;
};
key "TRANSFER" {
algorithm hmac-md5;
secret "[HASHKEY]";
};
server [YOUR.NS1.IP] {
keys {
TRANSFER;
};
};
Look at the NS1 remarks.
Create a script (cron of course) to configure new zone files. The actual records will be imported with a zone-transfer.
# nano dnsupdate.sh
#!/bin/sh
NAMED="/etc/bind/named.conf.local"
TMPNAMED="/tmp/zns-441245.temp"
TMPZONEFILE="/tmp/zones.txt"
TMP="/tmp/zns-732.temp"
ZONELOCATION="/var/cache/bind"
echo -n "Checking for new named.conf... "
wget -q https://[YOUR.NS1.IP]:10801/named/named.conf -O $TMPNAMED
if [ -e $TMPNAMED ]
then
echo "done."
else
echo "no new data!"
exit
fi
echo -n "Generating zone names... "
cat $TMPNAMED |grep zone |cut -d" " -f"2" |cut -d"\"" -f2 > $TMPZONEFILE
sed '1,5d' $TMPZONEFILE > $TMP
mv $TMP $TMPZONEFILE
echo "done. ("$TMPZONEFILE")"
echo "Generating zone info... "
cat $TMPZONEFILE |while read ZONE; do
if [ -e $ZONELOCATION/$ZONE.db ]
then
echo "Zone $ZONE already available."
else
echo -n "New zone available ($ZONE)... "
echo "zone \"$ZONE\" {
type slave;
file \"$ZONELOCATION/$ZONE.db\";
masters { [YOUR.NS1.IP]; };
allow-notify { [YOUR.NS1.IP]; };
};" >> $NAMED
echo "added."
echo "Restarting Bind"
/etc/init.d/bind9 restart
fi
done
rm $TMPZONEFILE
rm $TMPNAMED
Use cron to let it check for updates every hour.
===== ispCP server =====
Edit your site config file and add this:
Alias /named /etc/bind
Order Deny,Allow
Deny from all
Allow from [YOUR.NS2.IP]
Restart apache and try the script on NS2. It should download the **named.conf** (containing the domainnames) and add those to its own configuration. Right after bind reloads it should transfer the zone itself.
===== NS3 =====
The Control Panel only accepts an IP for your secondary nameserver. If you really need NS3 you can manually edit the correct files in **/etc/vhcs/bind/parts/**.