Evening all, I've seen a few threads about past week or so and DirectSlave has popped up a few times but some users aren't sure about it or how to use it. I use it, and with a script wrote by @ericosman [THANK YOU!! 
] on GitHub, it's been made a whole lot easier. I've added in SSL Certificate for secure transfers, and explained a bit further about other bits as the install progresses.
Requirements: Any web server 1 CPU+, 2GB ram recommended, Alma Linux [I'm using Alma Linux 9 for this tutorial, an x86 Server, 2vCPU and 4GB ram, 40GB SSD and use 3 of the same for my real world DNS needs]
Spin up your new Server. Update the software:
Then install TAR, Certbot for SSL and an SSL cert for the hostname: [replace HOSTNAME for the FQDN of your server]
Now we'll down
Now we'll download the install scripts and run them. Make sure you are logged in as root for this or it will fail. Also replace ADMIN with an Admin name, PASSWORD with a memorable secure password, and IP-ADDR as the Master DNS Server's IP (That will be your DirectAdmin Server)
The script will then ask you if you want to change the port for SSH (Recommended for security, but it's your call). Here I will use port 22022. The outlook will look as follows:
Now, with the above script once it's run, it will have installed DirectSlave on your server and also disabled access to the root account via SSH. You can always go into sshd_config file and enable it again if like me you login with keys rather than passwords. The Firewall will also have been installed, so now you have to be careful. Try in another terminal to login via SSH with either your admin username, or root (if you've reenabled it) on the new port. I found new SSH port was blocked so I opened it. Remember, if you don't test the login before you logout of this session, you'll be locked out of the server. You can block port 22 later.
Open the necessary ports:
Now we need to edit the directslave.conf file. I opened port 2224 above in case I need to have plain HTTP and not HTTPS, but I prefer HTTPS when I have a hostname. If you are NOT using Certbot and an SSL cert, then do not put the SSL lines in, and simply set "ssl off". Also the IP of this server is noted at the top. You can remove this if you want and set it to * .The finished file should look something like this:
And now for the final few bits. If you restarted DirectSlave now, it would fail as the permissions on the SSL Certs that Certbot gave us earlier are different to what we need, so we need to create a new group (I call is ssl-cert) and add named to it. Once we've done that, we'll set permissions on the certificates and folders so the permissions can traverse across to Directslave.
Now you can check DirectSlave is loaded and working
One final thing to do is check / edit the named.conf on this server. We're setting it up to allow transfers from the main DirectAdmin server. Make sure the IP address in the allow directives match your DirectAdmin server IP. Also, this is an IPv6 enabled server, so in the DNS zone for the FQDN hostname of this server wherever you have it hosted, you can also setup another NS record with AAAA, aiding axtra connectivity. In the named.conf file you would change the listen-on-v6 port 53 {} directive to { any; }; as i've done below. If you are happy with just IPv4, leave it as { none; }; In this example it shows 200.200.200.200 which is what we setup at the very beginning.
And the very last thing is to go to your Directadmin Server and edit the /etc/bind/named.conf.options. Add in the IP addresses of all your slave servers so they get authorised to receive the zones and transfers.
And that's about it. Go to your DA Master and setup Multi Server for the new server and check it connects ok.
If you have a new server, and you've paired it with the IP addresses in the named.conf files above, you can run the following command and it should send all the zone files to your freshly setup DirectSlave server. It'll take a few minutes so be patient. you MUST run this command from the master Directadmin Server for it to work.
Now you should have the DirectSlave server setup and working. You can have as many or as few servers attached as you like. I have the main Directadmin Server and 3 other DNS servers spotted about.
Good luck!!
] on GitHub, it's been made a whole lot easier. I've added in SSL Certificate for secure transfers, and explained a bit further about other bits as the install progresses.Requirements: Any web server 1 CPU+, 2GB ram recommended, Alma Linux [I'm using Alma Linux 9 for this tutorial, an x86 Server, 2vCPU and 4GB ram, 40GB SSD and use 3 of the same for my real world DNS needs]
Spin up your new Server. Update the software:
Bash:
# yum -y updateThen install TAR, Certbot for SSL and an SSL cert for the hostname: [replace HOSTNAME for the FQDN of your server]
Bash:
# sudo dnf install epel-release -y
# sudo dnf install certbot -y
# systemctl start certbot-renew.timer
# systemctl enable certbot-renew.timer
# systemctl status certbot-renew.timer
# certbot certonly --standalone -d HOSTNAMENow we'll down
Now we'll download the install scripts and run them. Make sure you are logged in as root for this or it will fail. Also replace ADMIN with an Admin name, PASSWORD with a memorable secure password, and IP-ADDR as the Master DNS Server's IP (That will be your DirectAdmin Server)
Bash:
# wget https://raw.githubusercontent.com/osmanboy/directslave-install/master/directslave-install.sh
# chmod +x directslave-install.sh
// example: ./directslave-install.sh admin2025 fatDoggy9 200.200.200.200The script will then ask you if you want to change the port for SSH (Recommended for security, but it's your call). Here I will use port 22022. The outlook will look as follows:
Bash:
Bingo! you are root. Continue on....
Saving most outputs to /root/install.log
doing updates and installs
creating user admin2025 and adding to wheel
Disabling root access to ssh use admin2025.
Enter SSH port to change (recommended) from 22: 22022
Your ssh port is 22022
installing and configuring directslave
Added user admin2025 to authfile.............Now, with the above script once it's run, it will have installed DirectSlave on your server and also disabled access to the root account via SSH. You can always go into sshd_config file and enable it again if like me you login with keys rather than passwords. The Firewall will also have been installed, so now you have to be careful. Try in another terminal to login via SSH with either your admin username, or root (if you've reenabled it) on the new port. I found new SSH port was blocked so I opened it. Remember, if you don't test the login before you logout of this session, you'll be locked out of the server. You can block port 22 later.
Open the necessary ports:
Bash:
# sudo firewall-cmd --state
# sudo firewall-cmd --permanent --add-service=http
# sudo firewall-cmd --permanent --add-service=https
# sudo firewall-cmd --add-port=22022/tcp
# sudo firewall-cmd --permanent --add-port=22022/tcp
# sudo firewall-cmd --add-port=2224/tcp
# sudo firewall-cmd --permanent --add-port=2224/tcp
# sudo firewall-cmd --reload
# systemctl restart sshdNow we need to edit the directslave.conf file. I opened port 2224 above in case I need to have plain HTTP and not HTTPS, but I prefer HTTPS when I have a hostname. If you are NOT using Certbot and an SSL cert, then do not put the SSL lines in, and simply set "ssl off". Also the IP of this server is noted at the top. You can remove this if you want and set it to * .The finished file should look something like this:
And now for the final few bits. If you restarted DirectSlave now, it would fail as the permissions on the SSL Certs that Certbot gave us earlier are different to what we need, so we need to create a new group (I call is ssl-cert) and add named to it. Once we've done that, we'll set permissions on the certificates and folders so the permissions can traverse across to Directslave.
Bash:
# sudo groupadd ssl-cert
# sudo usermod -aG ssl-cert named
# groups named
named : named ssl-cert (just to see it worked)
# sudo chgrp ssl-cert /etc/letsencrypt/live /etc/letsencrypt/archive
# sudo chmod 750 /etc/letsencrypt/live /etc/letsencrypt/archive
# sudo chgrp -R ssl-cert /etc/letsencrypt/live/your.hostname.co.uk
# sudo chmod 750 /etc/letsencrypt/live/your.hostname.co.uk
# sudo chgrp -R ssl-cert /etc/letsencrypt/archive/your.hostname.co.uk
# sudo chmod 750 /etc/letsencrypt/archive/your.hostname.co.uk
# sudo chgrp ssl-cert /etc/letsencrypt/archive/your.hostname.co.uk/*.pem
# sudo chmod 640 /etc/letsencrypt/archive/your.hostname.co.uk/*.pemNow you can check DirectSlave is loaded and working
One final thing to do is check / edit the named.conf on this server. We're setting it up to allow transfers from the main DirectAdmin server. Make sure the IP address in the allow directives match your DirectAdmin server IP. Also, this is an IPv6 enabled server, so in the DNS zone for the FQDN hostname of this server wherever you have it hosted, you can also setup another NS record with AAAA, aiding axtra connectivity. In the named.conf file you would change the listen-on-v6 port 53 {} directive to { any; }; as i've done below. If you are happy with just IPv4, leave it as { none; }; In this example it shows 200.200.200.200 which is what we setup at the very beginning.
And the very last thing is to go to your Directadmin Server and edit the /etc/bind/named.conf.options. Add in the IP addresses of all your slave servers so they get authorised to receive the zones and transfers.
And that's about it. Go to your DA Master and setup Multi Server for the new server and check it connects ok.
If you have a new server, and you've paired it with the IP addresses in the named.conf files above, you can run the following command and it should send all the zone files to your freshly setup DirectSlave server. It'll take a few minutes so be patient. you MUST run this command from the master Directadmin Server for it to work.
Bash:
# echo "action=rewrite&value=named" >> /usr/local/directadmin/data/task.queueNow you should have the DirectSlave server setup and working. You can have as many or as few servers attached as you like. I have the main Directadmin Server and 3 other DNS servers spotted about.
Good luck!!
Last edited: