Secondary DNS on another machine

[philmcdonnell]

Can I set DirectAdmin up to allow secondary DNS on another machine? I will do the DNS settings on the other machine manually. How can I tell DA to use the nameserver on the second machine? Do I add the IP address of the second machine?

Would it be better to just leave first and second DNS on the DA machine and add a third DNS manually for each domain? This would be a pain though, how would I know if a client needs DNS added for a domain?

I just don't understand how all these control panels only allow DNS on one machine? It doesn't make sense to use ns1 & ns2 on the same box, if the box goes down so does all your dns.... I know if the box is down then your site is down, but atleast if dns is working somewhere else you will get a dns reply so that email will be held and visitors won't get a no such domain name.

Regards,
Phil

 

[existenz]

Currently DirectAdmin does not do secondary DNS. I hope in a future (soon ) release that we can have a seperate option to do secondary DNS.

DirectAdmin allows zone transfers, you can setup another box manually to do your DNS for you. It does not have the security that you could setup on your own (ip restrictions on zone transfers) unless you manually edit the BIND files.

I can see your concern because we also have the same concern at our offices. We have recently switched to DirectAdmin for our Virtual Hosted customers and would like to eliminate some of the extra boxes. This would require both Secondary DNS and Backup MX to be built in.

 

[philmcdonnell]

Currently DirectAdmin does not do secondary DNS. I hope in a future (soon ) release that we can have a seperate option to do secondary DNS.

When you say it doesn't do secondary DNS do you mean that it doesn't actually setup a second DNS server on the same box? If that is true why do we assign a second IP in the admin panel?

If it doesn't do secondary DNS, can I add an IP address through the admin panel that does not belong to the DA box? What does the IP manager do in the admin panel?

What I need to do is this. I am willing to use DA for my primary DNS server. I would setup a new account on the DA server and would manually add a secondary dns entry to another box. I would like my users/resellers to use the ns1 on the DA box, and the ns2 on the other box. How can I setup DA to assign the ns1 / ns2 automatically to their accounts. I will setup the secondary manually.

Regards,
Phil

 

[ProWebUK]

When you say it doesn't do secondary DNS do you mean that it doesn't actually setup a second DNS server on the same box? If that is true why do we assign a second IP in the admin panel?

It uses 2, simply due to the fact you usually need 2 nameservers to place a domain on. The second is just 'virtual' and basically an alias of the primary IP.

Secondary DNS can be done, if you know how to setup secondary DNS you should be able to do it.

Chris

 

[S2S-Robert]

well I agree that this would be a usefull option to have, preferably including automatic nameserver updates, because manually maintaining it would be a tremendous load of work.

Perhaps a how-to is in place if this can't be integrated in the main control panel? This would be a nice feature to include "transfer this nameserver to another DA slave server", beat the competition

 

[DirectAdmin Support]

Hello,

It's not too far off. I'll be adding that and bit of other things like server backsup and user transfers too. Will all be in the "multi server control" area... they'll be added in pieces and released over a few versions.

John

 

[existenz]

Looking forward to Secondary DNS!

Keep up the great work!

 

[l0rdphi1]

Me too. Can't wait!

 

[nobaloney]

When you say it doesn't do secondary DNS do you mean that it doesn't actually setup a second DNS server on the same box? If that is true why do we assign a second IP in the admin panel?

There's no reason to set up a second DNS server (technically, an instance of the named daemon) on the same system; one instance will happily answer all the requests.

The reason for assigning two IP#s is so that you can register two nameserver names (since all registrars require two nameservers though you've only got one system.

If it doesn't do secondary DNS, can I add an IP address through the admin panel that does not belong to the DA box?

Where are you adding an IP#? In "IP Manager"? No, that's only for IP#s hosted on the box.

Under "Administrator Settings" you set up two nameservers, ns1 and ns2 (which by the way don't have to be named ns1 or ns2). There you just put FQDNs (fully qualified domain names) for the two nameservers you wan't used by the automatic DNS setup. They do NOT have to be hosted on the box, but if you want automatic DNS setup to work at least one of them should be.

What does the IP manager do in the admin panel?

It allows you to add IP#s to the box, and assign them to resellers (who can then assign them to users).

What I need to do is this. I am willing to use DA for my primary DNS server. I would setup a new account on the DA server and would manually add a secondary dns entry to another box. I would like my users/resellers to use the ns1 on the DA box, and the ns2 on the other box. How can I setup DA to assign the ns1 / ns2 automatically to their accounts.

The way I mentioned above. Under Administrator Settings put in the URLs of two nameservers (I've got ns1.ns-one.net and ns2.ns-one.net there). both URLs must resolve, one to the main IP# of the server and one to the main IP# of your second machine.

I will setup the secondary manually.

You don't have to.

You can use a cron job to write the contents of the /var/named directory (at least all the contents ending in .db) to a file, then clean up the file by removing any path prefixes from the resulting file lines, and the .db suffix as well.

Then transfer the file to your slave nameserver (overwriting the previous file). You can do this for multiple master servers to one slave server, each with it's own uploaded file (that's how we do it).

Then concatenate all those files uploaded from the multiple master servers, sort them alphabetically, remove all duplicates (perhaps sending the list of duplicates to a human who can call someone to find out why two servers were hosting the same domain).

Removing the duplicates is important; if you don't, the server won't reload it's domains, which is the last step.

Then build a new /etc/bind.conf file in the slave server. Then do a "service named reload" and if you get an error send the error to a human to check out the problem.

We first started doing it this way about nine or ten years ago when we first started doing slave DNS (it was called "secondary DNS" then ).

I wrote this reply from memory, but I believe I've got all the steps right.

I'll go ahead and write a system from scratch in a few days to a few weeks, and I'll post the howto.

We've offered slave DNS hosting for many years, we currently offer it for Sun Cobalt RaQs and Plesk servers as well as DirectAdmin servers, and I suppose we could offer it for others as well.

Jeff

 

[l0rdphi1]

Sounds like grounds for a script to me

Maybe I'll take a shot at it some time soon.

 

[philmcdonnell]

Jeff (jlasman),

Thank you for your very concise and accurate reply. I would love to see your how to if you do write it. I have been going back and forth with this for several weeks now trying to figure out the best way to move clients onto the DA box. I can see the light now, thank you... thank you...

Regards,
Phil

 

[thoroughfare]

Hi,

I'm in a similar situation but I'm still not sure what to do.

I've got a Debian VDS running as just a secondary MX server and a slave DNS server.

I've got everything configured ok on the VDS, but what do I need to do in DA? I don't have admin access on the main box (I'm a reseller).

So far, I've added to the DNS for my domain xxxxxx.net using my DA *user* account (the one that owns my domain xxxxxx.net):

• an 'A' entry for backup.xxxxxx.net pointing to the VDS's IP
• an MX entry for backup.xxxxxxxx.net set to priority of 10
• an NS entry for backup.xxxxxxx.net pointing to the VDS's IP

Anything else I need to do? Like add the nameservers in my reseller panel?

Sorry if this sounds really basic, I get very confused by DNS.

Thanks in advance,
Matt

 

[nobaloney]

Have you configured your "backup" server to be a slave server for the domain(s) in question? You'll need to do this manually if you don't have access to the files I mentioned.

You should configure the ns2.example.com (or whatever you call it) as a nameserver in your reseller panel.

And you should make sure all the domains you want slaved on the backup machine have the ns2.example.com record in their DNS.

And if you haven't already registered the ns2.example.com nameserver with the registrar of it's parent domain, you need to do that as well.

Jeff

 

[thoroughfare]

Thanks for the info Jeff.

Have you configured your "backup" server to be a slave server for the domain(s) in question? You'll need to do this manually if you don't have access to the files I mentioned.

Yes, I've done it in the bind configuration, seems to be ok.

You should configure the ns2.example.com (or whatever you call it) as a nameserver in your reseller panel.

I've done that now, had to add it as a virtual nameserver though. What's the difference?

And you should make sure all the domains you want slaved on the backup machine have the ns2.example.com record in their DNS.

Done.

d if you haven't already registered the ns2.example.com nameserver with the registrar of it's parent domain, you need to do that as well.

I have the option do this in my registrar control panel, but I don't see why it must be done? What does it do exactly?

Thanks for the help, I *really* appreciate it.

Peace,
Matt

 

[nobaloney]

I've done that now, had to add it as a virtual nameserver though. What's the difference?

I'm not sure if this will do what you want or not.

Did it allow you to enter the IP# of your backup box as the reseller for the second nameserver? You may need that, or you may not, to get the nameserver automatically listed in DNS for new domains. It would depend on how John and Mark implemented it whether the IP# is imortant.

I have the option do this in my registrar control panel, but I don't see why it must be done? What does it do exactly?

DNS is possibly the world's most distributed database. Registering the nameserver with the registrar who the domain is registered with puts a "glue record" for it into the root nameservers for the Internet, so the nameserver DNS can be found.

As a much simplified example, say ns1.example.net does DNS for www.example.com.

Now someone who has never looked at your site before, using JeffsISP (jeffsisp.com ) wants to look at your site.

He types "www.example.com" into his browser, and his browser asks ns1.jeffsisp.com for the IP for www.example.com so it can find the IP# for the site, and get the index.html page.

If ns1.jeffsisp.com doesn't know the IP# for the site, it has to ask's the site's nameserver. It check's the rootservers to find it out. The rootservers have a record for example.com (note, NOT for www.example.com) pointing to the authoritative nameserver, which is ns1.example.net.

If the rootservers have a glue-record for ns1.example.net they'll also return the IP# for ns1.example.net, and ns1.isp.com can immediately query ns1.example.net, get the IP# for www.example.com, and deliver it back to the user's machine, so the user can request index.html from the website.

However, since the rootservers handle DNS for the entire Internet and are very busy, they don't do recursive lookups. They only return information they have.

So if the rootservers don't have a glue record for ns1.example.net, they just return the name of the nameserver. Then, if ns1.jeffsisp.com doesn't have the address of ns1.example.net, they have to ask the rootservers again, this time for the IP# of example.net (note, again, NOT ns1.example.net).

The rootservers now look up the IP# for example.net, and return the IP# of the nameservers for example.net.

And so on....

As you can see, if the rootservers don't have the IP#s and don't know who to ask for them, the whole thing breaks down.

Much more complex (and therefore more accurate) explanations are available on various DNS sites .

Jeff

 

[thoroughfare]

Thanks Jeff, makes perfect sense to me.

I'll sort that out then with my registrar.

I'm quite proud I've managed to set all this up, I'm really *not* experienced at linux sys admin.


Thanks again!
Matt

 

[existenz]

John,

Still working on Secondary DNS for a soon to be released update? Just wondering...

 

[nobaloney]

existenz,

I still haven't had time to develop any automatic scripting to do this, and I'm hoping John will so I won't have to <smile>...

In the meantime, if you'd like to do secondary DNS manually on your DA server and don't know how, let me know, and I'll develop a quick-and-dirty how-to.

Jeff

 

[l0rdphi1]

I tried to get my main domain's zone to be transferable to everydns.net, without luck. If anyone has any experience with that, I'd love to figure it out.

Here what I've done: I tried changing the default DA line in /etc/hosts.conf to:

zone "liquenox.net" {
       type slave;
       allow-transfer{ 64.158.219.3; }; // FAQ entry [url=http://faq.everybox.com/index.php/If%20I%20want%20a%20copy%20of%20my%20zone%20from%20everydns.net%2C%20what%20IP%20should%20I%20query%3F]here[/url]
       file "/var/named/liquenox.net.db";
};

but that along with a few variants get me no where (unless 'getting somewhere' can be defined as breaking DNS for the whole box!)

Hmm.. does the IP need placed in some type of file? What about /var/named/liquenox.net.db, will that file need modified from the DA default any?

Any help possible will be great

Thanks.

 

[existenz]

Sorry I was NOT looking for a script. Though the thought is appreciated. I was waiting to see when John was going to include it in DA. He said he would sometime after the users backups were in place. I could do it via command line but I am positive that my managed customer will never figure it all out.