Current time: 11-15-2024, 03:54 PM Hello There, Guest! (LoginRegister)


Post Reply 
[HOWTO] Secondary DNS server with automatic zone creation and transfer from master se
Author Message
klew Offline


Posts: 2
Joined: Jul 2010
Reputation: 0
Post: #1
[HOWTO] Secondary DNS server with automatic zone creation and transfer from master se
Hi,
I was missing some functionality, which I used on DTC (like mail, dns backup) and decided to add DNS backup HOWTO.

http://isp-control.net/documentation/how...aneous:dns

Comment's & improvements are welcome,

BR,
Krzysztof
09-29-2010 11:34 PM
Find all posts by this user Quote this message in a reply
vark Offline


Posts: 2
Joined: May 2011
Reputation: 0
Post: #2
RE: [HOWTO] Secondary DNS server with automatic zone creation and transfer from master se
Krzysztof, thank you for excellent howto.
I have some questions to you:
1. Is there any reasons why "Doesn't work with domain-aliasses"? I have improved script "/var/www/ispcp/gui/domain/index.php" to serve domain-aliasses too.
2. Although you configured secure zone transfer between primary NS and secondary NS, but by default BIND configuration in ispCP installation allows AFXR to any. Do you know why?

And some improvements:
1. Let`s fix AXFR issue: edit "options" section in /etc/bind/named.conf.options on ISPCP_SERVER:
Code:
allow-transfer { SECONDARY_DNS_IP; };
transfer-source BASE_SERVER_IP;
Do not forget restart BIND.

2. I use nsd3 software for secondary NS on FreeBSD, this is my version of /var/www/ispcp/gui/domain/index.php file:
Code:
<?php
require '../include/ispcp-lib.php';

$cfg = ispCP_Registry::get('Config');
$sql = ispCP_Registry::get('Db');
$SECONDARY_DNS_IP = "5.6.7.8";

$count_query = "
                         SELECT
                               COUNT(`domain_id`) AS cnt
                         FROM
                                `domain`
                           ";
$start_index = 0;
$rows_per_page = 100;

$query = "
                SELECT
                        `domain_name`
                FROM
                        `domain`
                ORDER BY
                        `domain_id` ASC
                LIMIT $start_index, $rows_per_page";

$rs = exec_query($sql, $count_query);

$records_count = $rs->fields['cnt'];
$rs = exec_query($sql, $query);
        if ($rs->rowCount() == 0) {
                echo "#NO DOMAINS LISTED";
        } else {
                echo "#$records_count DOMAINS LISTED ON $cfg->SERVER_HOSTNAME [$cfg->BASE_SERVER_IP]\n";
                while (!$rs->EOF){
                        echo "zone:\n";
                        echo "\tname: \"".$rs->fields['domain_name']."\"\n";
                        echo "\tzonefile: \"slave/".$rs->fields['domain_name']."\"\n";
                        echo "\toutgoing-interface: $SECONDARY_DNS_IP\n";
                        echo "\tallow-notify: $cfg->BASE_SERVER_IP TRANSFERS\n";
                        echo "\trequest-xfr: AXFR $cfg->BASE_SERVER_IP TRANSFERS\n";
                        echo "\n";
                        $rs->moveNext();
                        }
                echo "#END DOMAINS LIST\n";
                }

$count_query2 = "
                SELECT
                        COUNT(`alias_id`) AS cnt2
                FROM
                        `domain_aliasses`
        ";
$query2 = "
                SELECT
                        `alias_name`
                FROM
                        `domain_aliasses`
                ORDER BY
                        `alias_id` ASC
                LIMIT $start_index, $rows_per_page";

$rs2 = exec_query($sql, $count_query2);

$records_count2 = $rs2->fields['cnt2'];
$rs2 = exec_query($sql, $query2);
        if ($rs2->rowCount() == 0) {
                echo "#NO ALIASES LISTED";
        } else {
                echo "#$records_count2 ALIASES LISTED ON $cfg->SERVER_HOSTNAME [$cfg->BASE_SERVER_IP]\n";
                while (!$rs2->EOF){
                        echo "zone:\n";
                        echo "\tname: \"".$rs2->fields['alias_name']."\"\n";
                        echo "\tzonefile: \"slave/".$rs2->fields['alias_name']."\"\n";
                        echo "\toutgoing-interface: $SECONDARY_DNS_IP\n";
                        echo "\tallow-notify: $cfg->BASE_SERVER_IP TRANSFERS\n";
                        echo "\trequest-xfr: AXFR $cfg->BASE_SERVER_IP TRANSFERS\n";
                        echo "\n";
                        $rs2->moveNext();
                        }
                echo "#END ALIASES LIST\n";
        }
?>

Main NSD3 config (zonefile generated by script above, is included in main NSD3 conf file):
Code:
# cat /usr/local/etc/nsd/nsd.conf

server:
  ip-address: 5.6.7.8
  identity: "DNS"
  hide-version: yes
  ip4-only: yes
  database: "/var/db/nsd/nsd.db"
  identity: "unidentified server"
  logfile: "/var/log/nsd.log"
  server-count: 1
  tcp-count: 10
  tcp-query-count: 0
  pidfile: "/var/run/nsd/nsd.pid"
  port: 53
  statistics: 3600
  username: bind
  zonesdir: "/usr/local/etc/nsd"
  difffile: "/var/db/nsd/ixfr.db"
  xfrdfile: "/var/db/nsd/xfrd.state"
  xfrd-reload-timeout: 10
  verbosity: 0
  include: "/usr/local/etc/nsd/nsd.slaves.conf"

key:
  name: "TRANSFERS"
  algorithm: hmac-md5
  secret: "6alK9JEHMqH/ZDpFHtlstg=="

Cron job to update zonefile "/usr/local/etc/nsd/nsd.slaves.conf":
Code:
*/30    *       *       *       *       root    /usr/local/etc/nsd/update-nsd.sh > /dev/null

Script "/usr/local/etc/nsd/update-nsd.sh":
Code:
#!/bin/sh
RCDIR=/usr/local/etc/rc.d
EXECS=/usr/local/bin
SEXEC=/usr/local/sbin
NSDDIR=/usr/local/etc/nsd
${EXECS}/wget -q --bind-address=5.6.7.8 http://1.2.3.4/domain/index.php \
-O ${NSDDIR}/nsd.slaves.conf && ${RCDIR}/nsd stop && ${SEXEC}/nsdc rebuild \
&& ${RCDIR}/nsd start && ${SEXEC}/nsdc patch && /usr/bin/logger "ispCP: Backup zones updated."
(This post was last modified: 05-21-2011 08:08 AM by vark.)
05-20-2011 11:23 PM
Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)