Krzysztof, thank you for excellent howto.
I have some questions to you:
1. Is there any reasons why "Doesn't work with domain-aliasses"? I have improved script "/var/www/ispcp/gui/domain/index.php" to serve domain-aliasses too.
2. Although you configured secure zone transfer between primary NS and secondary NS, but by default BIND configuration in ispCP installation allows AFXR to any. Do you know why?
And some improvements:
1. Let`s fix AXFR issue: edit "options" section in /etc/bind/named.conf.options on ISPCP_SERVER:
Code:
allow-transfer { SECONDARY_DNS_IP; };
transfer-source BASE_SERVER_IP;
Do not forget restart BIND.
2. I use nsd3 software for secondary NS on FreeBSD, this is my version of /var/www/ispcp/gui/domain/index.php file:
Code:
<?php
require '../include/ispcp-lib.php';
$cfg = ispCP_Registry::get('Config');
$sql = ispCP_Registry::get('Db');
$SECONDARY_DNS_IP = "5.6.7.8";
$count_query = "
SELECT
COUNT(`domain_id`) AS cnt
FROM
`domain`
";
$start_index = 0;
$rows_per_page = 100;
$query = "
SELECT
`domain_name`
FROM
`domain`
ORDER BY
`domain_id` ASC
LIMIT $start_index, $rows_per_page";
$rs = exec_query($sql, $count_query);
$records_count = $rs->fields['cnt'];
$rs = exec_query($sql, $query);
if ($rs->rowCount() == 0) {
echo "#NO DOMAINS LISTED";
} else {
echo "#$records_count DOMAINS LISTED ON $cfg->SERVER_HOSTNAME [$cfg->BASE_SERVER_IP]\n";
while (!$rs->EOF){
echo "zone:\n";
echo "\tname: \"".$rs->fields['domain_name']."\"\n";
echo "\tzonefile: \"slave/".$rs->fields['domain_name']."\"\n";
echo "\toutgoing-interface: $SECONDARY_DNS_IP\n";
echo "\tallow-notify: $cfg->BASE_SERVER_IP TRANSFERS\n";
echo "\trequest-xfr: AXFR $cfg->BASE_SERVER_IP TRANSFERS\n";
echo "\n";
$rs->moveNext();
}
echo "#END DOMAINS LIST\n";
}
$count_query2 = "
SELECT
COUNT(`alias_id`) AS cnt2
FROM
`domain_aliasses`
";
$query2 = "
SELECT
`alias_name`
FROM
`domain_aliasses`
ORDER BY
`alias_id` ASC
LIMIT $start_index, $rows_per_page";
$rs2 = exec_query($sql, $count_query2);
$records_count2 = $rs2->fields['cnt2'];
$rs2 = exec_query($sql, $query2);
if ($rs2->rowCount() == 0) {
echo "#NO ALIASES LISTED";
} else {
echo "#$records_count2 ALIASES LISTED ON $cfg->SERVER_HOSTNAME [$cfg->BASE_SERVER_IP]\n";
while (!$rs2->EOF){
echo "zone:\n";
echo "\tname: \"".$rs2->fields['alias_name']."\"\n";
echo "\tzonefile: \"slave/".$rs2->fields['alias_name']."\"\n";
echo "\toutgoing-interface: $SECONDARY_DNS_IP\n";
echo "\tallow-notify: $cfg->BASE_SERVER_IP TRANSFERS\n";
echo "\trequest-xfr: AXFR $cfg->BASE_SERVER_IP TRANSFERS\n";
echo "\n";
$rs2->moveNext();
}
echo "#END ALIASES LIST\n";
}
?>
Main NSD3 config (zonefile generated by script above, is included in main NSD3 conf file):
Code:
# cat /usr/local/etc/nsd/nsd.conf
server:
ip-address: 5.6.7.8
identity: "DNS"
hide-version: yes
ip4-only: yes
database: "/var/db/nsd/nsd.db"
identity: "unidentified server"
logfile: "/var/log/nsd.log"
server-count: 1
tcp-count: 10
tcp-query-count: 0
pidfile: "/var/run/nsd/nsd.pid"
port: 53
statistics: 3600
username: bind
zonesdir: "/usr/local/etc/nsd"
difffile: "/var/db/nsd/ixfr.db"
xfrdfile: "/var/db/nsd/xfrd.state"
xfrd-reload-timeout: 10
verbosity: 0
include: "/usr/local/etc/nsd/nsd.slaves.conf"
key:
name: "TRANSFERS"
algorithm: hmac-md5
secret: "6alK9JEHMqH/ZDpFHtlstg=="
Cron job to update zonefile "/usr/local/etc/nsd/nsd.slaves.conf":
Code:
*/30 * * * * root /usr/local/etc/nsd/update-nsd.sh > /dev/null
Script "/usr/local/etc/nsd/update-nsd.sh":
Code:
#!/bin/sh
RCDIR=/usr/local/etc/rc.d
EXECS=/usr/local/bin
SEXEC=/usr/local/sbin
NSDDIR=/usr/local/etc/nsd
${EXECS}/wget -q --bind-address=5.6.7.8 http://1.2.3.4/domain/index.php \
-O ${NSDDIR}/nsd.slaves.conf && ${RCDIR}/nsd stop && ${SEXEC}/nsdc rebuild \
&& ${RCDIR}/nsd start && ${SEXEC}/nsdc patch && /usr/bin/logger "ispCP: Backup zones updated."
Search
Member List
Calendar
Help
/
[HOWTO] Secondary DNS server with automatic zone creation and transfer from master se
