Asking for help

nealdxmhost

nealdxmhost

Verified User
Joined
Jan 1, 2009
Messages
232
Location
Los Angeles CA
Hey guys, some of you know me and some don't.

Anyhow when Jeff aka NoBaloney passed away I ended up inheriting his servers and customers and slowly I am winding my way through sorting things out but I need to reach out on a couple of things that I am having the worst time making any sense of.

1.) Master/Slave DNS the way Jeff does it. Trying like the devil to wrap my head around it but all it looks like I am doing is pounding my head against a wall. Trying to figure out the best route to go and these are the options I think I am looking at:
a.) DirectAdmin Multi Server setup
b.) DirectSlave (which I have seen discussed a bit on the board)
c.) PowerDNS
d.) Continue with Master/Slave if there is someone here who can explain it all to me in a way that I am able to wrap my head around.
Naturally my biggest concern here is not have anyone go down if we change the way the DNS is running.​
2.) A couple of Jeff's customers contacted me this week telling me that they have been getting bombarded with spam lately. I updated SpamAssassin, is there anything else I should be doing?
3.) Any other insights would be most welcome and for what it is worth, let's just say I have some pull with a certain datacenter if anyone needs anything, I might be in a position to help out.
 
I am using a PowerDNS cluster for my clients. It is very fast and easy to use.

I know the problem of spam. I am setting up a new mail cluster for my clients with MailCleaner. When done I will publish a tutorial on the DirectAdmin forums. Maybe you can use it.
 
As far as i remember Jeff was going to pass from his own Master/Slave to DirectSlave, but i'm not sure if he did it or not.

What i can tell you is that would need a bit of work but for sure would be better pass to DirectSlave, the downtime it depend if you arrange a new box for DNS and start sync there or if you wanna drop the actual DNS servers.

For the Spam, it may also be possible that Jeff had a custom copy of exim configuration since he was working on it, unless he did pass to latest official 4.3, you may start to check what version was he using.

@Petertjuh360:
I already did a MailCleaner cluster and it was working pretty nice, but once SB 4.3 came out, i did test it and i was having same results that MailCleaner was offering, so i did switch off that project cause as far as i remember was not getting updated anymore, are you sure it is worthed to use that?

Regards
 
SeLLeRoNe said:
@Petertjuh360:
I already did a MailCleaner cluster and it was working pretty nice, but once SB 4.3 came out, i did test it and i was having same results that MailCleaner was offering, so i did switch off that project cause as far as i remember was not getting updated anymore, are you sure it is worthed to use that?

Regards
Click to expand...

Originally I was searching for a mail fallback solution. Beside the fallback solution I was searching for a central solution to filter spam and handle emails (I want to have everything in clusters, mail, web, mysql). MailCleaner does both and you can use loadbalancing. With a MailCleaner solution I keep off the load from the DirectAdmin servers and can manage and change everything in one interface.

When I look at their website, the last update is of October 2014.

How did you setup the MailCleaner cluster? Which records did you use in the DNS and how did you add allowed domains to MailCleaner? I am writing a custom script.
 
I'd setup the cluster for a test, but never implemented scripts to create domains on MailCleaner side, just pointed two test domain DNS to it :)

Regards
 
If there is a choice, I would use multiserver setup. Easy to use and to setup. If every server which needs it has DA on it, it's the easyst thing to do.
I would only choose for Directslave if there is a server used as nameserver, which does not have DA running on it.

As far as spam, I never have a lot of spam. I use spamassassin and RBL's, amongst which is barracudacentral, you need to subscribe for that, but it's free.
Next to that, we have disabled catch-all email for all packages, which was generating a lot of spam too.
Customers now only get this on special request if they really need it. But only for company's, we don't enable it for non-business accounts anymore.

Next to that, Sellerone has installed spamblocker on one of hour servers, which also works great. :)
 
I had me a bit of a brain burp as I posted about an issue related to this just a few minutes ago. Completely forgot that I had started this thread. Anyhow I am looking real hard at going with DA multi server setup as I think in the long run it will keep things a whole lot simpler, perhaps with multiple A records for NS1 and NS2 (if that is a good idea, if not I hope someone can hit me over the head and ask me what the heck I was thinking?)
 
You're quite correct. DA's own multiserver setup is surely not only the easiest to setup, but also easy to change when changing servers etc. without having to install or configure external things or make changes to named.conf.
However I don't think you can use multiple A records for nameservers, that will provide errors on nameserver checks.

I suggest firstly to configure NS2 with multiserver setup. If this works fine, then do the same for ns1.
 
Multiple A records for NS servers are fine. Here is a Russian hosting company which has:

Code: 
NS records got from your nameservers listed at the parent NS are:

ns.masterhost.ru  ['217.16.20.15', '217.16.20.20', '217.16.20.16', '217.16.20.30']   [TTL=900] 
ns1.masterhost.ru  ['217.16.16.16', '217.16.16.30', '217.16.16.20', '217.16.16.15']   [TTL=900] 
ns2.masterhost.ru  ['217.16.22.20', '217.16.22.15', '217.16.22.16', '217.16.22.30']   [TTL=900]

and they delegate domains not only .RU, but in all other zones.
 
Hmmz... that's odd because I can only setup 1 ip per ns as glue record with my domain registrars.
And I just had a look with intodns which let's me see that's no different with this .ru nameservers:
Code: 
ns3.masterhost.ru.   ['83.222.22.30']   [TTL=345600]
ns4.masterhost.ru.   ['83.222.24.30']   [TTL=345600]
ns5.masterhost.ru.   ['83.222.25.30']   [TTL=345600]
which you also get if you do a dig -t NS.

Only an nslookup gives those ip's as you state. But it seems the registrar only gives 3 with 3 different ip's.

I don't quite understand how this should work, if those nameserver ip's are not known with the registrar.
You can setup all the ip's in Directadmin if that DA machine has all those ip's.

Seems to me it's only simple A records like FTP and works only one way (from da -> outside) but not the other way (from outside -> DA).

Can you clarify this for us? Because as I see it, only 3 nameservers will work. I don't see any benefit of having ns, ns1 and ns2 present, or the range of ip's with them.
 
In my reply are shown:
ns.masterhost.ru, ns1.masterhost.ru, ns2.masterhost.ru - which they give for customers.

Code: 
[FONT=Verdana]# dig A ns.masterhost.ru[/FONT]

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 <<>> A ns.masterhost.ru
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26789
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0


;; QUESTION SECTION:
;ns.masterhost.ru.              IN      A


;; ANSWER SECTION:
ns.masterhost.ru.       16      IN      A       217.16.20.15
ns.masterhost.ru.       16      IN      A       217.16.20.20
ns.masterhost.ru.       16      IN      A       217.16.20.30
ns.masterhost.ru.       16      IN      A       217.16.20.16


;; Query time: 9 msec
;; SERVER: 4.2.2.2#53(4.2.2.2)
;; WHEN: Wed May 20 22:05:37 2015
;; MSG SIZE  rcvd: 98[FONT=Verdana]
[/FONT]


you posted about:

ns3.masterhost.ru, ns4.masterhost.ru, ns5.masterhost.ru.

For domain .RU you don't need to register NS servers at a registrar. They do not require it.

Godaddy (International registrar) allows to have multiple IPs for a host which you register via their interface as NS, and even now I use it to have IPv4 and IPv6 for a single NS.

Benefits? Well, every might find his/her own benefits. You may use 3 NS servers (ns1, ns2, ns3) and point your bandwidth to 3x3 servers, instead of having and managing: ns1, ns2, ns3, ns4, ns5, ns6, ns7, ns8, ns9...
 
I am slowly beginning to wrap my head around all of this. As it is right now I got three shared hosting machines running plus two customer machines as well and I am looking to wrap it all up neatly and make things a whole lot less confusing.
 
@zEitEr: Thanks for clarifying. I mostly use .nl domains and their nameservers do require glue records, so they have to be setup with the registrar too.
Maybe that's the difference. We almost never use .com or other tld nameservers.
 
You must log in or register to reply here.
Back
Top