Automatically replicate DNS zones between NS Master and NS Slave

hebero

New member
Joined
Apr 15, 2020
Messages
6
Location
Balneário Piçarras, Brazil
Hello,

I'm setting up a hosting server using the Directadmin panel, I had some problems regarding emails but they were solved with the help of this forum.
Now I have a problem regarding DNS, when I inform NS1 and NS2 in Registro.br (domain registration in Brazil) he accuses Slave 1, unknown domain, the NS1 master he normally accepts. Checking the named.conf.local of the NS slave I see that the record for the domain was not created. and when checking the status of the bind he presents this message:

client xxx.xxx.xxx.14 # 43765: received notify for zone 'dominio.com.br': not authoritative

The question I have is: Is it possible to perform this automatic update? Or will it have to be done manually with each domain registration on the panel?

Follow my settings.

NS1 MASTER ############
### named.conf.options ###
acl "trusted" {
xxx.xxx.xxx.14; # ns1
xxx.xxx.xxx.205; # ns2
};
options {
directory "/ var / cache / bind";
recursion yes;
allow-recursion {trusted; };
listen-on {xxx.xxx.xxx.14; };
allow-transfer {xxx.xxx.xxx.205; };
// forwarders {
// 8.8.8.8;
// 8.8.4.4;
//};
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 {any; };
};

### named.conf - ns1 master ###
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
zone "domain_server.net" {type master; file "/etc/bind/dominio_server.net.db"; allow-transfer {xxx.xxx.xxx.205;}; };
zone "dominio.com.br" {type master; file "/etc/bind/dominio.com.br.db"; }; <- (record created by the DA)


NS2 Slave ############
### named.conf.options ###
acl "trusted" {
xxx.xxx.xxx.14; # ns1
xxx.xxx.xxx.205; # ns2
};
options {
directory "/ var / cache / bind";
recursion yes;
allow-recursion {trusted; };
listen-on {xxx.xxx.xxx.205; };
allow-transfer {xxx.xxx.xxx.14; };
allow-query {any; };
// forwarders {
// 8.8.8.8;
// 8.8.4.4;
//};
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 {any; };
};

### named.conf.local - NS2 slave ###
zone "domain_server.net" {type slave; file "domain_server.net.db"; masters {xxx.xxx.xxx.14; }; };


Note that NS2's named.conf.local does not have the "dominio.com.br" zone registration unless it is manually informed. Is it possible to replicate automatically?

I am using Debian 9 as a server.
 

hebero

New member
Joined
Apr 15, 2020
Messages
6
Location
Balneário Piçarras, Brazil
In order not to leave the topic unanswered and also to be able to help someone else who may have the same problem and doubt that I do, I will post here the solution I found to solve my problem.

Well what I did was create a script and put it to run in the cron every minute, this script, is testing the file named.conf to see if it is more recent than named.conf.valida which is a copy of named .conf, if it is newer it means that it has been updated either manually or via the directadmin panel, if it is not newer it does not do anything. follows the script.

I don't know if it's the best solution, but at this point it solved my problem, if someone has another solution, share it.


Code:
#!/bin/bash

## loads named.conf into file 1
## loads named.conf.valida in file 2 (copy of named.conf)
arquivo1=/etc/bind/named.conf

arquivo2=/etc/bind/scripts/named.conf.valida



## tests whether named.conf is newer than named.conf.valida
if [ $arquivo1 -nt $arquivo2 ]
then

   ## if named.conf is newer do
   ## exchange the master type for slave and save it in /etc/bind/scripts/named.conf.local
   echo "$(sed 's/ type master; / type slave; /g' /etc/bind/named.conf)" > /etc/bind/scripts/named.conf.local

   ## removes the file path in the file parameter and saves it in /etc/bind/scripts/named.conf.local
   echo "$(sed 's|/etc/bind/||g' /etc/bind/scripts/named.conf.local)" > /etc/bind/scripts/named.conf.local

   ## exchange allow-transfer {ip slave} for masters {ip master} and save to /etc/bind/scripts/named.conf
   echo "$(sed 's/ allow-transfer { ip-slave; }; / masters { ip-master; }; /g' /etc/bind/scripts/named.conf.local)" > /etc/bind/scripts/named.conf.local

   ## delete all lines that start with include
   sed -i '/include/d' /etc/bind/scripts/named.conf.local

   ## transfers the /etc/bind/scripts/named.conf.local file from NS1 to NS2 saving as /etc/bind/named.conf.local
   scp /etc/bind/scripts/named.conf.local root@ip-slave:/etc/bind/named.conf.local

   ## pause execution for 5 seconds (to ensure that the file was transferred before restart)
   sleep 5

   ## restart bind on NS2
   ssh root@ip-slave '/etc/init.d/bind9 restart'

   ## copies the updated named.conf to named.conf.valida in the scripts folder
   cp /etc/bind/named.conf /etc/bind/scripts/named.conf.valida

   ## logs the execution to / etc / bind / scripts / log_execucao
   echo "Rodou em " $(date +%d/%m/%Y" - "%H:%M:%S) >> /etc/bind/scripts/log_execucao

fi
 
Top