This guide describes how to prepare automaticly creation of newly added zones on secondary DNS server.
ENVIROMENT
ispCP 1.7, Debian Lenny. Should work on other OS.
CONFIGURATION
ON ISPCP SERVER
vim /etc/ispcp/ispcp.conf
Uncomment SECONDARY_DNS = and put your secondary DNS server IP in # BIND data section. Now your zone files will have to NS entries (ns1.mydomain.com and ns2.mydomain.com) pointing to 2 IP's (ns1 to ispcp it self, and ns2 pointing to IP sett in SECONDARY_DNS).
> mkdir /var/www/ispcp/gui/domain
cd /var/www/ispcp/gui/domain
vim index.php
And put there:
<?php require '../include/ispcp-lib.php'; $cfg = ispCP_Registry::get('Config'); $sql = ispCP_Registry::get('Db'); $count_query = " SELECT COUNT(`domain_id`) AS cnt FROM `domain` "; $start_index = 0; $rows_per_page = 100; $query = " SELECT `domain_name` FROM `domain` ORDER BY `domain_id` ASC LIMIT $start_index, $rows_per_page"; $rs = exec_query($sql, $count_query); $records_count = $rs->fields['cnt']; $rs = exec_query($sql, $query); if ($rs->rowCount() == 0) { echo "//NO DOMAINS LISTED"; } else { echo "//$records_count DOMAINS LISTED ON $cfg->SERVER_HOSTNAME [$cfg->BASE_SERVER_IP]\n"; while (!$rs->EOF){ echo "zone \"".$rs->fields['domain_name']."\"{\n"; echo "\ttype slave;\n"; echo "\tfile \"/var/cache/bind/".$rs->fields['domain_name'].".db\";\n"; echo "\tmasters { $cfg->BASE_SERVER_IP; };\n"; echo "\tallow-notify { $cfg->BASE_SERVER_IP; };\n"; echo "};\n"; $rs->moveNext(); } } echo "//END DOMAINS LIST\n"; ?>
vim .htaccess
<Files index.php> Order Deny,Allow Deny from all Allow from SECONDARY_DNS </Files>
vim /etc/apache2/sites-enabled/00_master.conf
Change configuration for gui directory AllowOverride(to enable .htaccess) from
<Directory /var/www/ispcp/gui> Options -Indexes Includes FollowSymLinks MultiViews AllowOverride None Order allow,deny Allow from all </Directory>
to:
<Directory /var/www/ispcp/gui> Options -Indexes Includes FollowSymLinks MultiViews AllowOverride Limit Order allow,deny Allow from all </Directory>
chown vu2000:www-data -R /var/www/ispcp/gui/domain
Create keys for zone transfer
cd /etc/bind
dnssec-keygen -a hmac-md5 -b 128 -n HOST TRANSFER
The key is in the file Ktransfer.+157+37782.private. Nothing directly uses this file, but the base-64 encoded string following “Key:” can be extracted from the file and used as a shared secret:
Key: 6alK9JEHMqH/ZDpFHtlstg==
The string “6alK9JEHMqH/ZDpFHtlstg==” can be used as the shared secret. We need to put it in bind configuration on ispCP server (and later on on secondary DNS server).
vim /etc/bind/named.conf.options
Add at the end of file
// //SECONDARY NS // key "TRANSFER" { algorithm hmac-md5; secret "6alK9JEHMqH/ZDpFHtlstg=="; }; server SECONDARY_DNS_IP { keys { TRANSFER; }; };
ON SECONDARY DNS SERVER
include "/etc/bind/named.conf.backup"
> vim /etc/bind/named.conf.options Add at the end of file
// //SECONDARY NS // key "TRANSFER" { algorithm hmac-md5; secret "6alK9JEHMqH/ZDpFHtlstg=="; }; server ISPCP_SERVER_IP { keys { TRANSFER; }; };
> vi /etc/cron.d/dnsupdate
*/10 * * * * root /usr/bin/wget --no-check-certificate https://YOUR_ISPCP_DOMAIN/domain/ -O /etc/bind/named.conf.backup && /etc/init.d/bind9 reload&&/usr/bin/logger "ispCP: Backup zones updated\!"
/etc/init.d/cron reload
/etc/init.d/bind restart
THAT'S IT Please check log's to check if it's working.