External DNS

villah

Verified User
Joined
Jan 2, 2004
Messages
29
Hi there,
Is there any news on the support of external DNS servers as primary servers? We already have a primary and two slaves and we'd elike to continue using those instead of setting up nameservers for every DA machine.

Are there similar developments planned for mail and potentially webhosting?

Thanks!
 
Hello,

It's still in the desgin phase, but won't take too long once it's figured out.

Multi-server *everthing* will eventually be added, but other services are much farther off.

John
 
Great! Can't wait! Any more precise estimates on when this will be available?

Hans
 
Sorry, can't give you any timeline. After the backups (admin, reseller, user).. it will probably be the next thing on the list.

John
 
DirectAdmin Support said:
Sorry, can't give you any timeline. After the backups (admin, reseller, user).. it will probably be the next thing on the list.

John

If we are using externel DNS servers until your update has been released do we have to still have bind installed on the server that uses DA?

Without DA creating the zone files for a newly setup up web site will DA still work for email setup and web accesss?

Thanks

Jon
 
Hello,

You don't need bind on the server with DA. Just let DA *think* you have bind by leaving all the zone files intact, without the binary. Change the boot script to:

#!/bin/sh
exit 0;

So that DA thinks all is well and in /usr/local/directadmin/data/admin/services.status, set named to OFF.

Even without named, as long as you have the zones setup on some other server and they resolve, everything should function just fine.

John
 
Do you mean delete:

/usr/sbin/named
/usr/sbin/named-bootconf
/usr/sbin/named-checkconf
/usr/sbin/named-checkzone

/var/run/named/
/etc/rc.d/init.d/named
/etc/rc.d/rc0.d/K45named
/etc/rc.d/rc1.d/K45named
/etc/rc.d/rc2.d/K45named
/etc/rc.d/rc3.d/K45named
/etc/rc.d/rc4.d/K45named
/etc/rc.d/rc5.d/K45named
/etc/rc.d/rc6.d/K45named
/etc/logrotate.d/named
/etc/log.d/conf/services/named.conf
/etc/log.d/scripts/services/named

WITHOUT deleting from command line using rpm -e named?

I can rid the sytem of bind-utils as well.

Jon
 
Hello,

You can delete everything except:

/etc/rc.d/init.d/named (the boot script to edit)
/etc/named.conf
/var/named/*

The rest doesn't matter, DA doesn't touch the binary directly. It uses the boot script, but you'll edit it to do nothing.

John
 
I've it ALMOST running.

But i figured out that BIND only sends a notify / axfr to the first nameserver (master, the one in the SOA)

I want that he also noitfy the slave's, is this possible?

I've this:
PHP:
Hosting server: --- DA -  PLESK ----
NAmeservers:          |         |
            1st PowerDNS (ns1)     2nd powerdns (ns2)

when I set ns1 as nameserver 1, then he got's notified

when I set ns2 as nameserver 1, then he got's notified

So, is it possible to let bind notify both servers?
 
Tim

I'd be interested to know how you have setup the primary dns to be notified from DA.

I hope DA support are still planning some form of inclusion in DA for external DNS support.

Jon
 
jjma said:
Tim

I'd be interested to know how you have setup the primary dns to be notified from DA.

I hope DA support are still planning some form of inclusion in DA for external DNS support.

Jon
the Primary DNS server is, as i told, PowerDNS.

That one is " Nameserver 1 " in DA. DA automaticly notify's the Pdns server.

You must setup the masterserver in the database.
 
Tim said:
the Primary DNS server is, as i told, PowerDNS.

That one is " Nameserver 1 " in DA. DA automaticly notify's the Pdns server.

You must setup the masterserver in the database.

Ok I have to login to the DA panel > select DNS administration > enter dns for a domain > DA automagically notify's the Primary DNS?

A couple of caveets that I have presupposed: 1) that you did not uninstall the bind deamon 2) You have set your external Primary DNS server as namerserver 1 in your DA setup.

Is this correct.


thanks

Jon
 
This thread has gotten me quite confused.

DA doesn't directly notify any other nameservers; all it does is create new zone files for the instance of the named daemon on the server it runs on, and then tells named to reload the zone files.

You can do what you want to do by having the DA server run as a "hidden master", and your other server set to slave the domains on the DA server. If you google "DNS hidden master" (without the quotes) you should be able to get some information.

We do DNS this way for many servers.

Jeff
 
jlasman said:
This thread has gotten me quite confused.

DA doesn't directly notify any other nameservers; all it does is create new zone files for the instance of the named daemon on the server it runs on, and then tells named to reload the zone files.

You can do what you want to do by having the DA server run as a "hidden master", and your other server set to slave the domains on the DA server. If you google "DNS hidden master" (without the quotes) you should be able to get some information.

We do DNS this way for many servers.

It would be useful to be able to have DA be able to communicate with externel DNS servers - it has been discussed as a possible addition and it is something I would certainly appreciate.

regards

Jon
 
Perhaps we've misunderstood each other.

Slave DNS is the accepted protocol used by DNS (and by BIND) to replicate zones across servers. However, the automatic setup of slave nameservers is NOT implemented in either DNS or in BIND.

Are you asking that DA include a method for replicating master zone files across servers?

While I'm not planning on creating such a functionality for myself (I'm happily accepting the concept of hidden masters), someone else might be. So perhaps you should give us your idea of a product specification. Don't forget that any such specification will have to include a method of authenticating the two servers to each other to avoid (a) unwanted zone transfers out (where you give up information on your zones to others not entitled to it), and (b) unwanted zone transfers in (where someone else can use your server without your knowledge).

Or are you willing to accept that DA can be used as a hidden master, which is the method implemented in DNS and in BIND?

Future versions of DA (no time frame yet) will probably allow services to be created across multiple servers, but all will probably need to be running DA.

Jeff
 
The initial request for 'external dns' support was for DA to take a newly added domain and fire it over to the 'external dns' which may or may not be running DA software.

Orginally I imagined some way to get around manually adding domains to our dns server for new client signups, so if the orginal point is possible then I'm interested.

regards

Jon

P.S I do not run dns on our DA box.
 
for those users, wanting to use the system with hidden master, you could do the following.

set the ns1 from the da interface to the hostname running da.
set ns2 from the da interface to the first external nameserver

login to the da server with ssh and edit the following file

/usr/local/directadmin/data/templates/dns_ns.conf

and add a third line for your second external dns server

seconddns.yourcompany.com.=|DOMAIN|.

now everytime you create a domain it has you da server as master dns and 2 slave dns servers. afterwards you only have to create the corresponding entries for the newly created domain in the named.conf of your 2 external server. and say there your master server is the da server.

so you could use 2 external name server for as many da server you have and your customers only need to register these 2 name server while registering their domain.

i will also create some automation for creating the named.conf entries on the external server. i will let you know about it

also if you add new subdomains or make changes via dns administration the changes would be propagated to the 2 external dns servers

regards
fabrizio
 
If this works and you can provide the automation then this is just what I am looking for - until DA bring out their own system.

Jon
 
Thanks for your excellent tutorial. I bring up the following not in any way to belittle your excellent post, but merely to point out a few minor issues with it...
stffabi said:
login to the da server with ssh and edit the following file

/usr/local/directadmin/data/templates/dns_ns.conf

and add a third line for your second external dns server
Following the above instructions will make a change that could easily be overwritten by a future DA update.

DA has advised that the proper way to change a template is to first copy it to:

/usr/local/directadmindata/templates/custom

And make the changes to it there. They've pledged to not overwrite files in the custom subdirectory.
now everytime you create a domain it has you da server as master dns and 2 slave dns servers.
This will not fully hide the nameserver on your DA system.

"Hiding" means not allowing other nameservers to query your nameserver. To make sure that doesn't happen you should also delete the first line in the template; the one that reads:

|NS1|=|DOMAIN|.

While you didn't mention it in your tutorial, I will add for those of us who might otherwise question it, that in setting up hidden nameservers we should not change the name of the first nameserver in the SOA record; doing may break the way DNS gets updated. While it's probably not important to those of us who only do webhosting, it could make a difference if any of our clients are using their DNS to publish their own records and using NOTIFY commands.
afterwards you only have to create the corresponding entries for the newly created domain in the named.conf of your 2 external server. and say there your master server is the da server.
There's an excellent somewhat generic How-To on hidden primary nameservers here.
i will also create some automation for creating the named.conf entries on the external server. i will let you know about it
I've had the automation project for creating slave DNS on other nameservers on the back-burner for some time now; I'll ask my programmer later today where he stands on it.

Jeff
 
Back
Top