[HOWTO] Secondary DNS server with automatic zone creation and transfer from master se

[HOWTO] Secondary DNS server with automatic zone creation and transfer from master se - Printable Version

+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Contributions Area (/forum-40.html)
+--- Forum: Howtos (/forum-41.html)
+--- Thread: [HOWTO] Secondary DNS server with automatic zone creation and transfer from master se (/thread-11776.html)

[HOWTO] Secondary DNS server with automatic zone creation and transfer from master se - klew - 09-29-2010 11:34 PM

Hi,
I was missing some functionality, which I used on DTC (like mail, dns backup) and decided to add DNS backup HOWTO.

http://isp-control.net/documentation/howto:miscellaneous:dns

Comment's & improvements are welcome,

BR,
Krzysztof

RE: [HOWTO] Secondary DNS server with automatic zone creation and transfer from master se - vark - 05-20-2011 11:23 PM

Krzysztof, thank you for excellent howto.
I have some questions to you:
1. Is there any reasons why "Doesn't work with domain-aliasses"? I have improved script "/var/www/ispcp/gui/domain/index.php" to serve domain-aliasses too.
2. Although you configured secure zone transfer between primary NS and secondary NS, but by default BIND configuration in ispCP installation allows AFXR to any. Do you know why?

And some improvements:
1. Let`s fix AXFR issue: edit "options" section in /etc/bind/named.conf.options on ISPCP_SERVER:

Code:

allow-transfer { SECONDARY_DNS_IP; };

transfer-source BASE_SERVER_IP;

Do not forget restart BIND.

2. I use nsd3 software for secondary NS on FreeBSD, this is my version of /var/www/ispcp/gui/domain/index.php file:

Code:

<?php

require '../include/ispcp-lib.php';

$cfg = ispCP_Registry::get('Config');

$sql = ispCP_Registry::get('Db');

$SECONDARY_DNS_IP = "5.6.7.8";

$count_query = "

                         SELECT

                               COUNT(`domain_id`) AS cnt

                         FROM

                                `domain`

                           ";

$start_index = 0;

$rows_per_page = 100;

$query = "

                SELECT

                        `domain_name`

                FROM

                        `domain`

                ORDER BY

                        `domain_id` ASC

                LIMIT $start_index, $rows_per_page";

$rs = exec_query($sql, $count_query);

$records_count = $rs->fields['cnt'];

$rs = exec_query($sql, $query);

        if ($rs->rowCount() == 0) {

                echo "#NO DOMAINS LISTED";

        } else {

                echo "#$records_count DOMAINS LISTED ON $cfg->SERVER_HOSTNAME [$cfg->BASE_SERVER_IP]\n";

                while (!$rs->EOF){

                        echo "zone:\n";

                        echo "\tname: \"".$rs->fields['domain_name']."\"\n";

                        echo "\tzonefile: \"slave/".$rs->fields['domain_name']."\"\n";

                        echo "\toutgoing-interface: $SECONDARY_DNS_IP\n";

                        echo "\tallow-notify: $cfg->BASE_SERVER_IP TRANSFERS\n";

                        echo "\trequest-xfr: AXFR $cfg->BASE_SERVER_IP TRANSFERS\n";

                        echo "\n";

                        $rs->moveNext();

                        }

                echo "#END DOMAINS LIST\n";

                }

$count_query2 = "

                SELECT

                        COUNT(`alias_id`) AS cnt2

                FROM

                        `domain_aliasses`

        ";

$query2 = "

                SELECT

                        `alias_name`

                FROM

                        `domain_aliasses`

                ORDER BY

                        `alias_id` ASC

                LIMIT $start_index, $rows_per_page";

$rs2 = exec_query($sql, $count_query2);

$records_count2 = $rs2->fields['cnt2'];

$rs2 = exec_query($sql, $query2);

        if ($rs2->rowCount() == 0) {

                echo "#NO ALIASES LISTED";

        } else {

                echo "#$records_count2 ALIASES LISTED ON $cfg->SERVER_HOSTNAME [$cfg->BASE_SERVER_IP]\n";

                while (!$rs2->EOF){

                        echo "zone:\n";

                        echo "\tname: \"".$rs2->fields['alias_name']."\"\n";

                        echo "\tzonefile: \"slave/".$rs2->fields['alias_name']."\"\n";

                        echo "\toutgoing-interface: $SECONDARY_DNS_IP\n";

                        echo "\tallow-notify: $cfg->BASE_SERVER_IP TRANSFERS\n";

                        echo "\trequest-xfr: AXFR $cfg->BASE_SERVER_IP TRANSFERS\n";

                        echo "\n";

                        $rs2->moveNext();

                        }

                echo "#END ALIASES LIST\n";

        }

?>

Main NSD3 config (zonefile generated by script above, is included in main NSD3 conf file):

Code:

# cat /usr/local/etc/nsd/nsd.conf

server:

  ip-address: 5.6.7.8

  identity: "DNS"

  hide-version: yes

  ip4-only: yes

  database: "/var/db/nsd/nsd.db"

  identity: "unidentified server"

  logfile: "/var/log/nsd.log"

  server-count: 1

  tcp-count: 10

  tcp-query-count: 0

  pidfile: "/var/run/nsd/nsd.pid"

  port: 53

  statistics: 3600

  username: bind

  zonesdir: "/usr/local/etc/nsd"

  difffile: "/var/db/nsd/ixfr.db"

  xfrdfile: "/var/db/nsd/xfrd.state"

  xfrd-reload-timeout: 10

  verbosity: 0

  include: "/usr/local/etc/nsd/nsd.slaves.conf"

key:

  name: "TRANSFERS"

  algorithm: hmac-md5

  secret: "6alK9JEHMqH/ZDpFHtlstg=="

Cron job to update zonefile "/usr/local/etc/nsd/nsd.slaves.conf":

Code:

*/30    *       *       *       *       root    /usr/local/etc/nsd/update-nsd.sh > /dev/null

Script "/usr/local/etc/nsd/update-nsd.sh":

Code:

#!/bin/sh

RCDIR=/usr/local/etc/rc.d

EXECS=/usr/local/bin

SEXEC=/usr/local/sbin

NSDDIR=/usr/local/etc/nsd

${EXECS}/wget -q --bind-address=5.6.7.8 http://1.2.3.4/domain/index.php \

 -O ${NSDDIR}/nsd.slaves.conf && ${RCDIR}/nsd stop && ${SEXEC}/nsdc rebuild \

 && ${RCDIR}/nsd start && ${SEXEC}/nsdc patch && /usr/bin/logger "ispCP: Backup zones updated."