To keep the secondary nameserver in sync with the primary you can follow these steps.
Edit /etc/bind/named.conf and add this to the top:
options { directory "/var/cache/bind"; forwarders { [DNS.FROM.ISP];}; auth-nxdomain no; dnssec-enable yes; }; key "TRANSFER" { algorithm hmac-md5; secret "[HASHKEY]"; }; server [YOUR.NS2.IP] { keys { TRANSFER; }; };
Parts of this used to be in named.conf.options, but we will not use that file. Remove the include line to. It should include a nameserver from your isp as forwarder and we use dnssec-enable to do encrypted zone-transfers. Also remove ALL comments! You need a key for secure zonetransfers on both nameservers. You can create a key with: (its in the <bla>.private file, only needed once and only on your NS1) <cli> # dnssec-keygen -a hmac-md5 -b 512 -n host [YOUR.NS1.FQDN] </cli> Restart bind. <cli> # /etc/init.d/bind9 restart </cli>
Edit /etc/bind/named.conf and add this to the top:
options { directory "/var/cache/bind"; forwarders { [DNS.FROM.ISP];}; auth-nxdomain no; dnssec-enable yes; }; key "TRANSFER" { algorithm hmac-md5; secret "[HASHKEY]"; }; server [YOUR.NS1.IP] { keys { TRANSFER; }; };
Look at the NS1 remarks.
Create a script (cron of course) to configure new zone files. The actual records will be imported with a zone-transfer. <cli> # nano dnsupdate.sh </cli>
#!/bin/sh NAMED="/etc/bind/named.conf.local" TMPNAMED="/tmp/zns-441245.temp" TMPZONEFILE="/tmp/zones.txt" TMP="/tmp/zns-732.temp" ZONELOCATION="/var/cache/bind" echo -n "Checking for new named.conf... " wget -q https://[YOUR.NS1.IP]:10801/named/named.conf -O $TMPNAMED if [ -e $TMPNAMED ] then echo "done." else echo "no new data!" exit fi echo -n "Generating zone names... " cat $TMPNAMED |grep zone |cut -d" " -f"2" |cut -d"\"" -f2 > $TMPZONEFILE sed '1,5d' $TMPZONEFILE > $TMP mv $TMP $TMPZONEFILE echo "done. ("$TMPZONEFILE")" echo "Generating zone info... " cat $TMPZONEFILE |while read ZONE; do if [ -e $ZONELOCATION/$ZONE.db ] then echo "Zone $ZONE already available." else echo -n "New zone available ($ZONE)... " echo "zone \"$ZONE\" { type slave; file \"$ZONELOCATION/$ZONE.db\"; masters { [YOUR.NS1.IP]; }; allow-notify { [YOUR.NS1.IP]; }; };" >> $NAMED echo "added." echo "Restarting Bind" /etc/init.d/bind9 restart fi done rm $TMPZONEFILE rm $TMPNAMED
Use cron to let it check for updates every hour.
Edit your site config file and add this:
Alias /named /etc/bind <directory /etc/bind> Order Deny,Allow Deny from all Allow from [YOUR.NS2.IP] </directory>
Restart apache and try the script on NS2. It should download the named.conf (containing the domainnames) and add those to its own configuration. Right after bind reloads it should transfer the zone itself.
The Control Panel only accepts an IP for your secondary nameserver. If you really need NS3 you can manually edit the correct files in /etc/vhcs/bind/parts/.