[BETA] DNS master2slave

nobaloney · Mar 31, 2011

I can't tell why you're having a problem. I paid to have the product created, and I offer it at no charge, as open source. I do offer installation as a commercial service; please let me know if you're interested, by sending me an email.

Jeff

urgido · Mar 31, 2011

give me a quote. PM.

SeLLeRoNe · Apr 1, 2011

Ok this is curios, ive just donwloaded for starting test of m2s dns replicator beta version and i was going to read README.txt file for installation guide and seems to be messed up...

Here a "short" view

Master2Slave README-0.1.4

Master2Slave-0.1.4-RC6 README
========================================================================
Description:
This system has two parts; Master & Slave, & converts a master zone file
to a slave zone file ready for Bind to accept as slave configuration.

========================================================================
Installation: Master Server.
On the master server(s):
1) Create user account:
ï¿½ ï¿½# /usr/sbin/adduser -g named -d /home/namedftp -s /bin/sh namedftp

ï¿½ï¿½ Then verify that the last line in /etc/shadow, the one which begins:
ï¿½ ï¿½namedftp:
ï¿½ï¿½ï¿½looks something like this:
ï ï¿½namedftp:!!:<more here>
ï¿½ or
ï¿½namedftp:*:<more here>

ï¿½ ï¿½If not, then edit it to put either the two explanation points (!!)
ï¿½ ï¿½or the asterisk (*) between those first two colons.

ï¿½ ï¿½If there is no entry for namedftp, check that there was no errors rngning the adduser command.

2) Extract the archive into the correct folder..
ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½# cd <source / download folder>
ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½# tar -zxf master2slave-0.1.4-RC6.tar.gz

Regards

nobaloney · Apr 1, 2011

SeLLeRoNe said:
Ok this is curios, ive just donwloaded for starting test of m2s dns replicator beta version and i was going to read README.txt file for installation guide and seems to be messed up...

Here a "short" view

Master2Slave README-0.1.4

Master2Slave-0.1.4-RC6 README
========================================================================
Description:
This system has two parts; Master & Slave, & converts a master zone file
to a slave zone file ready for Bind to accept as slave configuration.

========================================================================
Installation: Master Server.
On the master server(s):
1) Create user account:
� �# /usr/sbin/adduser -g named -d /home/namedftp -s /bin/sh namedftp

I get a similar problem on my Kubuntu Linux desktop. When I open the downloaded tarball my system tells me it's opening it in UTF-8 encoding and can't read it properly.

I originally uploaded it with Mandriva Linux. I suppose the problem is that it's been uploaded in an encode that other sysems don't like. The problem occurs on lines with multiple spaces. I don't know why.

If anyone suggests a more reasonable encode to use, and will tell me how to convert, I'll be happy to repackage it and reupload it.

I look forward to your input.

Jeff

SeLLeRoNe · Apr 1, 2011

mmmmh maybe just edit it change the wrong chars and save again directly on the box where is hosted should fix this, but is just an opinion.

If you want i can clear it and post the file so you can re-upload it

Regards

nobaloney · Apr 2, 2011

That would work today but it won't work into the future if I continue to use this particular Linux desktop distribution. I'm looking for a longterm solution. Surely someone must know how to change the coding on a file.

Feel free to clean up the file and email it to me, as a zip or a tarball, and I'll put it on the server and open it there to see if it still has a problem.

Jeff

urgido · Apr 4, 2011

finally, it works.

Code:

The following domains were not slaved at the time of this email because master
zones were reported on more than one server.  Please resolve this issue so the
domains will be slaved the next time the update routine is run.

Is this an error or what?

nobaloney · Apr 5, 2011

Was it followed by any domains? this is part of the code to let you know if there are any duplicates in your DNS. It does false-alarm from time to time, and I'm not sure why. When it does, it usually gives a list of all or most of the domains. I've seen this from time to time but you're the first person other than me to report it.

To check to see if it's a false alarm check DNS while logged into your slave server:

Code:

dig @localhost example.com

where example.com is replaced with one of the domains in your list. If it works, then it's a false alarm.

Has anyone else seen the problem?

I've tried over and over to find the bug, and so far I've not been able to find it. If anyone else would try, I'd appreciate it; I'm not that familiar with php; I'm an admin, not programmer.

Jeff

vivalafe · Dec 23, 2011

I have the same problem as Urgido here.
I am using Centos 6 and get the same cp: accessing `/var/www/html/namedftp/MYIP.named.conf': Permission denied
Any ideas?
Urgido, did you got this solved?

Thanks in advance!

NoBaloney2 · Dec 23, 2011

There's a permissions error somewhere in your path, or you haven't installed the package properly (possible).

I've never installed it on CentOS 6. I can't debug your installation here on the forums but I can certainly offer the installation as a guaranteed paid service at a fixed price.

Jeff

vivalafe · Dec 27, 2011

How I got it to work

Hello,

I just wanted to share how I got this solved.
In the master, to solve the permission error, I added the namedftp user to the group of the directory showing the permission denial (maybe somebody else could bring a better solution).
In the slave, as well, I found other errors that had to figure out how to work. As stated in another post, I needed to chmod 755 all the path to /var/named/slaves/namedftp/MASTER-IP/ (each parent directory) since there was a lot of permission denied error in logs while named tried to transfer the domain zones.
Before this, I was getting a transfer refused error, in the logs as well, for every domain.
I had to figure out that I needed to set the following line in master server /etc/named.conf:

allow-transfer { 1.1.1.1; };

(Change 1.1.1.1 with slave server IP)

This is not documented in README.txt. Now it's evident to me, but not at the moment I was in the bottom of the learning curve of setting up this software.
Only after these changes I got queries to the slave server resolving to domains in master server.
Hope this helps somebody with a similar problem not to spend as much time as I had to.
Thanks Jeff for bringing this software to the community.

Isaias

SeLLeRoNe · Jun 12, 2012

Finally i did found time to test it, and i must say, is awesome.

I did some customization on the username and paths but is working great.

The only issue (ive read is not yet solved or there is no a solution now) is for removed zones, files doesnt get deleted but zones doesnt reply anymore, so, is quite ok... Maybe just a cron once a month to remove all files and do a mass-resync (dont know if should be a too huge load but should work as workaround).

The script ive managed to make for name server creation is:

Code:

        SERVER=http://MYURL
        ROOT_HOME=/root
        yum -y install bind
        wget -q -O /var/named/named.ca $SERVER/confs/named.ca
        wget -q -O /var/named/localhost.zone $SERVER/confs/localhost.zone
        wget -q -O /etc/named.conf $SERVER/confs/named.conf
        $INIT_PATH/named restart
        /usr/sbin/adduser -g named -d /home/nameserver -s /bin/sh nameserver
        cd $ROOT_HOME
        wget -q -O $ROOT_HOME/dns-replicator-server.tar.gz $SERVER/scripts/dns-replicator-server.tar.gz
        tar zxfv $ROOT_HOME/dns-replicator-server.tar.gz
        mv $ROOT_HOME/dns-replicator-server/* /home/nameserver/
        rm -rf $ROOT_HOME/dns-replicator-server*
        mkdir /home/nameserver/tmp
        mkdir /home/nameserver/zones
        chown -R nameserver:named /home/nameserver/*
        echo "*/15 * * * * root su - nameserver -c /home/nameserver/getmaster2slave.dns.sh; /etc/init.d/named restart >/dev/null 2>&1" >> /etc/crontab
        echo "30 0 0 1 * root rm -rf /var/named/slaves/*; su - nameserver -c /home/nameserver/getmaster2slave.dns.sh; /etc/init.d/named restart >/dev/null 2>&1" >> /etc/crontab

Hope this can be helpful to someone.

I did edit the server and "client" scripts to fit my needs and paths (for example i use hostname instead of ips and not going to put in the public www folder /var/www/html/) but i suppose those installation step can at least guide you all on installation. Of course, keep original README on other hand for check correct paths and edit the original files for fit this setup if you want.

Regards

nobaloney · Jun 13, 2012

Thanks for your notes of encouragement, SeLLeRoNe.

The author (whom I paid to write it for me) disappeared before it was completed, so I've never made any changes to it, but I and a lot of others still use it.

In my experience to clean you subdirectories of no longer used zone files all you need to do is remove all the zone files and then restart BIND. Check it before you depend on it, but if I recall correctly, I've tried it and it works.

I use IP#s rather than hostnames because I also offer it as a service.

I've thought of rewriting it to use FTP or even SCP rather than apache to the main directories, but so far that's worked. Another thing I'd do is clean the file on the master end instead of on the slave end; all you really need is the IP# or nameserver name of the master and the domain name. That would give a bit more privacy.

From time to time I get duplication error emails, but when I test (even immediately thereafter), the DNS works as it should.

Jeff

SeLLeRoNe · Jun 14, 2012

Yep ive set to remove files in slaves once an month and re-sync. with this cron:

Code:

30 0 0 1 * root rm -rf /var/named/slaves/*; su - nameserver -c /home/nameserver/getmaster2slave.dns.sh; /etc/init.d/named restart >/dev/null 2>&1

Im gonn think about a sync using ftp or ftp via ssh when i will have some other free time and i'll update here with also the script.

Regards

nobaloney · Jun 14, 2012

I see that you remove the entire path under /var/named/slaves. Note that for anyone who uses my default system that doing this will break the system; it will remove both the subdirectory system under which the zone files are saved, and the slaves.named.conf file which must be included for the system to work. While the slaves.named.conf file will be rebuilt, the slave zones won't get properly rebuilt if the paths designated for them don't exist.

Jeff

SeLLeRoNe · Jun 14, 2012

mmmh you're right, ive added this:

Code:

mkdir -p $dnspath/$ip

in getmaster2slave.dns.sh
after

Code:

master_ip=`nslookup $ip | grep Add | grep -v '#' | cut -f 2 -d ' '`

I think i should suggest you to do the same, if directory exist is skipped, if not it create the directory and will prevent a fail as you described.

Regards

SeLLeRoNe · Jun 15, 2012

Ive managed to integrate your master2slave with Arieh rsync way (http://www.directadmin.com/forum/showthread.php?t=43866&p=223413#post223413).

I'll post the script soon.

Regards

SeLLeRoNe · Jun 15, 2012

Ok i sayd it too loud too soon but im on a good way.

Basing on master2slave from Jeff the important file to change are:

getzone.dns.sh (on master server):

Code:

#!/bin/bash
umask 033

masterip=`grep 'IPADDR' /etc/sysconfig/network-scripts/ifcfg-eth0|cut -d "=" -f 2|head -1`;

namedpath='/var/named';
namedconf='/etc/named.conf';
masterconf='/home/nameserver/'$HOSTNAME'_named.master.conf'
nameserverip='YOUR_NAME_SERVER_HOST';

echo "# Created by CrazyNetwork Master2Slave Replicator" > $masterconf
echo "# based on orignal master2slave created by Jeff Lasman" >> $masterconf

echo "Server: $masterip";

grep "^zone" $namedconf|grep -v '^#'|grep -v "/DNS/"|grep "type master" >> $masterconf

for include in `grep "^include" $namedconf|grep -v 'rndc.key'|grep -v "/DNS/"|cut -d " " -f 2|cut -d "\"" -f 2|uniq`
    do echo "Include: $include";
    if echo $include | grep -qe "^/"
       then  grep "^zone" $include|grep -v '^#'|grep -v "/DNS/"|grep "type master" >> $masterconf
    else
        grep "^zone" $namedpath/$include|grep -v '^#'|grep -v "/DNS/"|grep "type master" >> $masterconf
   fi
   done

/usr/bin/rsync -a -e ssh -z --delete '/home/nameserver/'$HOSTNAME'_named.master.conf' 'nameserver@'$nameserverip':/home/nameserver/tmp/'

On slave server the file to edit is:
getmaster2slave.dns.sh

Code:

#!/bin/sh

cd /home/nameserver/

rm -f zones/master.named.conf
rm -f zones/slaves.named.conf
rm -f zones/slaves.named.tmp

umask 033 ./tmp
umask 033 ./zones

## modify to suit the webserver types
webinfo='http://';
path='DNS';
dnspath='/var/named/slaves';

for host in `cat /home/nameserver/masterlist|grep -v '#'|uniq;`

   do   echo "Server: $host";
        #umask 011
        master_ip=`nslookup $host | grep Add | grep -v '#' | cut -f 2 -d ' '`
        mkdir -p $dnspath/$host
        chmod 775 $dnspath/$host
        mv '/home/nameserver/tmp/'$host'_named.master.conf' /home/nameserver/tmp/named.master.conf
        cp -f ./tmp/named.master.conf ./zones/named.master.conf
        ## --

        for domain in `grep "^zone" ./zones/named.master.conf|grep 'master'|grep -v 'type slave'| cut -d"\"" -f 2`

                do
                echo "Domain: $domain";
                SLAVELINE="zone \"$domain\" { type slave; file \"$dnspath/$host/$domain.db\"; masters { $master_ip; }; };";
                echo "${SLAVELINE}" >> ./zones/slaves.named.tmp;

        done

        rm -rf /home/nameserver/tmp/named.master.conf

   done

echo '-------------------------'
## start sorting


perl checkdomains.pl

### modify to suit your installation.
cp /home/nameserver/zones/slaves.named.conf /var/named/slaves/slaves.named.conf

Here the steps to make it work:
MASTER:

Code:

ns_password=`</dev/urandom tr -dc A-Za-z0-9 | head -c10`
/usr/sbin/adduser -g named -d /home/nameserver -s /bin/bash nameserver
echo $ns_password | passwd nameserver --stdin
COPY THE getzone.dns.sh IN /home/nameserver/

add this line:

Code:

su nameserver -c "/home/nameserver/getzone.dns.sh"

in:

Code:

/usr/local/directadmin/scripts/custom/domain_create_post.sh

Code:

/usr/local/directadmin/scripts/custom/domain_delete_post.sh

Code:

/usr/local/directadmin/scripts/custom/domain_change_post.sh

on SLAVE BOX (PRESUMING YOU DID ALREADY INSTALLED BIND)

Code:

ns_password=`</dev/urandom tr -dc A-Za-z0-9 | head -c10`
/usr/sbin/adduser -g named -d /home/nameserver -s /bin/bash nameserver
echo $ns_password | passwd nameserver --stdin
follow the Jeff instruction from master2slave.tar.gz file for directory creation 
overwrite the getmaster2slave.dns.sh up here

add those line to /etc/crontab

Code:

*/15 * * * * root su - nameserver -c /home/nameserver/getmaster2slave.dns.sh; /etc/init.d/named restart >/dev/null 2>&1
30 0 0 1 * root rm -rf /var/named/slaves/*; su - nameserver -c /home/nameserver/getmaster2slave.dns.sh; /etc/init.d/named restart >/dev/null 2>&1

For let this work you need to log as nameserver user (su nameserver) and create auth keys for ssh for dont need to put password anywhere. (created random password on script up here).

The only problem im facing now is on directadmin scripts cause apprarently cant run rsync ssh from another user, gonna fix it soon, please consider this still in BETA.

Once ive solved rsync issue i'll post an url with a complete package with script for installation master and client side.

If you does have any hint, feel free to comment here, send me an email or contact me via private message on this forum.

Jeff, i hope this, once complete, will help you aswell.

Regards

SeLLeRoNe · Jun 15, 2012

rsync issue solved.

Using the ssh key for auth work like a charm

Now, next step is sync deleted domains and make a installation script, at least something that reduce the commands to minimum.

Regards

SeLLeRoNe · Jun 19, 2012

Ok, it is ready.

Please feel free to test it and post suggestions.

Download URL: http://repository.custombuild.it/scripts/dns-replicator.tar.gz

For sure it need something more to be fixed.

It use SSH/RSYNC in this way:

DA add/modify domain -> post domain create/modify script call the executable script -> script create a file with domain list and send it to remote nameserver(s) using rsync and touch a reload file -> remote nameserver use cron for check if reload file is present, if yes, it check zones and restart named.
DA remove domain -> post domain destroy script call executable script -> script create file with domain list and sent it to remove nameserver(s) using rsync, touch a reload file and a remove file -> remote nameserver use cron for check if reload is present, if yes, it check zones and restart (the check zones check for remove file, if present remove all zones frome the requested server before re-add).
DNS edits without add/modify/remove domain are done from BIND with his own master/slave capability.

Ive created an installation script inside the file that work this way:

./install server (for nameserver side presuming you got bind up and running)
./install client (for da server side)

The install script ask for remote server host/ip and nameserver user password (and local server ip) and create key and connect nameserver and localserver using ssh-key so no password will be needed.

There are some things you have to know:
You have to manual allow ip on nameserver side in named.conf for transfer/notify
For now, is da-server side that add nameservers, im studing how make that is the nameserver that add servers to check (but would be hard cause using this current way we are sure when a re-sync is needed, other way still ive no idea on how to do that).

Any suggestion is appreciated.

Feel free to edit script where needed and, if is not too much disturb, let me know what edit for make it better.

Regards

[BETA] DNS master2slave

NoBaloney Internet Svcs - In Memoriam †

Verified User

Super Moderator

NoBaloney Internet Svcs - In Memoriam †

Super Moderator

NoBaloney Internet Svcs - In Memoriam †

Verified User

NoBaloney Internet Svcs - In Memoriam †

Verified User

NoBaloney Internet Svcs.

Verified User

Super Moderator

NoBaloney Internet Svcs - In Memoriam †

Super Moderator

NoBaloney Internet Svcs - In Memoriam †

Super Moderator

Super Moderator

Super Moderator

Super Moderator

Super Moderator