DirectSlave/GO 3 - public beta

elson_freitas

New member
Joined
Dec 10, 2021
Messages
2
I managed to install and DirectAdmin is communicating correctly, sending the information and appearing in "domains" in the DirectSlave panel.

The problem is that the added domain is not returned as authoritative by the Slave, generating a DNS error/failure.

What could this error be?
 

mrcool

New member
Joined
Jan 29, 2022
Messages
2
Guys, been working at this most of the night. I have so close to having it working and I think I am just tired. Here is what I have. CentOS following the guide from https://regularguy.info/directadmin/directslave-for-dns/

I see in my messages log the following error..

Jan 29 10:28:34 ip-172-24-1-254 named[983]: zone xxx.com/IN: transferred serial 2022012912
Jan 29 10:28:34 ip-172-24-1-254 named[983]: transfer of 'xxx.com/IN' from x.x.x.x#53: Transfer status: success
Jan 29 10:28:34 ip-172-24-1-254 named[983]: transfer of 'xxx.com/IN' from x.x.x.x#53: Transfer completed: 1 messages, 29 records, 891 bytes, 0.038 secs (23447 bytes/sec)
Jan 29 10:28:34 ip-172-24-1-254 named[983]: zone xxx.com/IN: sending notifies (serial 2022012912)
Jan 29 10:28:34 ip-172-24-1-254 named[983]: dumping master file: /etc/namedb/secondary/tmp-orCcDHYUTX: open: permission denied

I "think" it's a permissions issue for named writing to the secondary folder but for the life of me I can't get it to work. I am a newbie on linux and have tried changing permissions.


Here is the namedb folder
drwxrwxr-x+ 3 named named 46 Jan 29 06:16 .
drwxr-xr-x. 79 root root 8192 Jan 29 08:44 ..
-rwxr-xr-x. 1 named named 7423 Jan 29 08:31 directslave.inc
drwxrwxr-x+ 2 named named 24 Jan 29 09:50 secondary
Here is the secondary folder
drwxrwxr-x+ 2 named named 24 Jan 29 09:50 .
drwxrwxr-x+ 3 named named 46 Jan 29 06:16 ..
-rwxr-xr-x. 1 named named 0 Jan 29 07:04 named.conf

I assume I am supposed to see db files in the secondary folder for each domain and I do not..
 

bdacus01

Verified User
Joined
Jul 22, 2017
Messages
3,741
Location
Murfreesboro
Guys, been working at this most of the night. I have so close to having it working and I think I am just tired. Here is what I have. CentOS following the guide from https://regularguy.info/directadmin/directslave-for-dns/
Sorry you are having trouble. My original link in the post here was never made a sticky. I am working on updating the script and the guide as it is several years old. The guide was built on using centos7 standalone server the server you run the script on or do the guide one should not have DA installed on it. You might look at the original post on it to gleam some more help.

 

mrcool

New member
Joined
Jan 29, 2022
Messages
2
Thank you for the responses. I downloaded the latest version and am still having the same issue. This is on a clean CentOS 7 load and Directadmin is not on this machine. It's trying to sync from a directadmin server using the multihome service. When I run the "check" from the Directadmin server it passes. Still can't write the db files in the secondary folder. Am I missing something?
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
8,980
Location
Maastricht
When I run the "check" from the Directadmin server it passes.
In that case the issue is local. As you already said it's a permission problem. I don't remember if I ever used a secondary directory.

However, can you show us the directory permissions, so not the content, you already posted that, but the directory permissions from both namedb and secondary?
 

lordlex

Verified User
Joined
Aug 17, 2008
Messages
55
Location
Romania
Hi!

Please look at the log files - action.log and error.log, what do you see about domains you removed/added?
Hi. On RHEL and its derivatives, /etc/named is owned by root:named, and the permissions are 750. Problem solved...
 

hendranata

New member
Joined
Jul 29, 2019
Messages
2
sorry i face issue during directslave installation on almalinux 8.5

[[email protected] ~]# systemctl start directslave
[[email protected] ~]# systemctl status directslave
● directslave.service - DirectSlave for DirectAdmin
Loaded: loaded (/etc/systemd/system/directslave.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2022-03-09 06:43:23 EST; 234ms ago
Main PID: 2247 (directslave)
Tasks: 7 (limit: 11409)
Memory: 4.5M
CGroup: /system.slice/directslave.service
└─2247 /usr/local/directslave/bin/directslave --run

Mar 09 06:43:23 ns1.hidden-server.net systemd[1]: Started DirectSlave for DirectAdmin.
Mar 09 06:43:23 ns1.hidden-server.net directslave[2247]: *** Starting DirectSlave GO/3.4.2 Advanced server ***
Mar 09 06:43:23 ns1.hidden-server.net directslave[2247]: *** (c) Roman Mazur <[email protected]> 2012-2020 ***
Mar 09 06:43:23 ns1.hidden-server.net directslave[2247]: Going background.
Mar 09 06:43:23 ns1.hidden-server.net directslave[2247]: Spawning main() server with pid 2247
Mar 09 06:43:23 ns1.hidden-server.net directslave[2247]: Pidfile writen as /usr/local/directslave/run/directslave.pid
[[email protected] ~]# systemctl status directslave
● directslave.service - DirectSlave for DirectAdmin
Loaded: loaded (/etc/systemd/system/directslave.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2022-03-09 06:43:25 EST; 638ms ago
Process: 2269 ExecStart=/usr/local/directslave/bin/directslave --run (code=exited, status=250)
Main PID: 2269 (code=exited, status=250)

Mar 09 06:43:25 ns1.hidden-server.net systemd[1]: directslave.service: Main process exited, code=exited, status=250/n/a
Mar 09 06:43:25 ns1.hidden-server.net systemd[1]: directslave.service: Failed with result 'exit-code'.
Mar 09 06:43:25 ns1.hidden-server.net systemd[1]: directslave.service: Service RestartSec=100ms expired, scheduling restart.
Mar 09 06:43:25 ns1.hidden-server.net systemd[1]: directslave.service: Scheduled restart job, restart counter is at 5.
Mar 09 06:43:25 ns1.hidden-server.net systemd[1]: Stopped DirectSlave for DirectAdmin.
Mar 09 06:43:25 ns1.hidden-server.net systemd[1]: directslave.service: Start request repeated too quickly.
Mar 09 06:43:25 ns1.hidden-server.net systemd[1]: directslave.service: Failed with result 'exit-code'.
Mar 09 06:43:25 ns1.hidden-server.net systemd[1]: Failed to start DirectSlave for DirectAdmin.
[[email protected] ~]#


[[email protected] ~]# /usr/local/directslave/bin/directslave --check

DEBUG: Running as root (0), dropping privileges to 25:25
DirectSlave GO/3.4.2 Advanced (c) Roman Mazur <[email protected]> 2012-2020

Here we do some test to check if your config ...
/usr/local/directslave/etc/directslave.conf is good.

Reading /usr/local/directslave/etc/directslave.conf ... OK

Trying to drop privileges to 25 25 ... OK

Running tests as UID:25, GID:25

Opening/creating file 'pid' -> /usr/local/directslave/run/directslave.pid ... OK

Opening/creating file 'access_log' -> /usr/local/directslave/log/access.log ... OK

Opening/creating file 'error_log' -> /usr/local/directslave/log/error.log ... OK

Opening/creating file 'action_log' -> /usr/local/directslave/log/action.log ... OK

Opening/creating file 'named_conf' -> /etc/namedb/directslave.inc ... OK

SSL is on! Testing CERT and KEY accessibility:

Opening file 'ssl_cert' -> /usr/local/directslave/ssl/fullchain.pem ... OK

Opening file 'ssl_key' -> /usr/local/directslave/ssl/privkey.pem ... OK

Testing named_workdir acesssibility /etc/namedb/secondary ... OK

Testing RNDC util accessibility at path /usr/sbin/rndc ... OK

*** All OK! You can safely run with --run flag.


status directslave is running just a couple second and then they stop working
any idea?
 

realcryptonight

Verified User
Joined
Nov 16, 2019
Messages
340
Sorry (in advance) for my possibly stupid questions.

I am running debian 11 on all my servers and have no desire to change to something else.
But I only see CentOS as used OS for DirectSlave. So does this mean only CentOS is supported? (Can cannot find a supported OS list anywhere.)

And if debian 11 is supported what are the installation steps? (I know that there is a README file and that it says that nothing needs to be installed first but when I read into it it seems you needs the DNS software already installed? (My servers apart from the DA server are clean debian 11 installs.))

And last, is there an install script/instructions for debian 11? Since the README file really makes me confused more then anything.
 

cjd

Verified User
Joined
Feb 1, 2021
Messages
227
Location
Canada
I have it installed on a couple Debian 10 installs for some customers (reminds me I need to update them to 11).

It's a pretty straight forward manual install, copy all the files to the recommended locations, create the required config/log directories, configure the sample config file, install latest bind from apt, and copy in the systemd start file, enable it in systemd and start it.

Check your bind config file to make sure it is only recursive for the host and includes the bind zones config file from DirectSlave.

They kind of expect you have some knowledge of how to administrate a linux/bsd system and how to run a bind/named server. All the information you need is in the README if you read carefully. Just have to remember that depending on the distribution bind/named can have a different name/location for it's configuration files.
 

realcryptonight

Verified User
Joined
Nov 16, 2019
Messages
340
I have it installed on a couple Debian 10 installs for some customers (reminds me I need to update them to 11).

It's a pretty straight forward manual install, copy all the files to the recommended locations, create the required config/log directories, configure the sample config file, install latest bind from apt, and copy in the systemd start file, enable it in systemd and start it.

Check your bind config file to make sure it is only recursive for the host and includes the bind zones config file from DirectSlave.

They kind of expect you have some knowledge of how to administrate a linux/bsd system and how to run a bind/named server. All the information you need is in the README if you read carefully. Just have to remember that depending on the distribution bind/named can have a different name/location for it's configuration files.
Thanks alot!

I got it up and running. Just need to fix a couple of ssl permission issues and then I ma done.
 

realcryptonight

Verified User
Joined
Nov 16, 2019
Messages
340
I have it almost working.
Only the letsencrypt certificates are giving me issues.

directslave --check output:
SSL is on! Testing CERT and KEY accessibility:

Opening file 'ssl_cert' -> /etc/letsencrypt/live/**myhostname**/fullchain.pem ...
ERROR: open /etc/letsencrypt/live/**myhostname**/fullchain.pem: permission denied
!!! FAIL !
Cant' read ssl_cert. Please check path & permissions.

Opening file 'ssl_key' -> /etc/letsencrypt/live/**myhostname**/fullchain.pem ...
ERROR: open /etc/letsencrypt/live/**myhostname**/fullchain.pem: permission denied
!!! FAIL !
Cant' read ssl_key. Please check path & permissions.

I already have tried to make the files and folder owned by bind and tried chmod 777 from the live directory but still getting permission denied.
Anyone an clue on why and how to fix this?
 

realcryptonight

Verified User
Joined
Nov 16, 2019
Messages
340
I have it almost working.
Only the letsencrypt certificates are giving me issues.

directslave --check output:


I already have tried to make the files and folder owned by bind and tried chmod 777 from the live directory but still getting permission denied.
Anyone an clue on why and how to fix this?
Fixed it by changing live to chmod 755. But if anyone has a better idea then I would like to hear it. :)
 

realcryptonight

Verified User
Joined
Nov 16, 2019
Messages
340
Oké, I have everything working and I can connect over port 2224 with ssl. (If I forget to add https:// I get an 400 error)

But when I add the domain to the multi-server setup and use port 2224 with SSL on I get this when clicking on test connection:
**directslave domain** : : Unable to connect to **directslave ip**: Connection refused
Unable to connect to secure socket
Some I/O error occurred. The OpenSSL error queue may contain more information on the error. If the error queue is empty (i.e. ERR_get_error() returns 0), ret can be used to find out more about the error: If ret == 0, an EOF was observed that violates the protocol. If ret == -1, the underlying BIO reported an I/O error (for socket I/O on Unix systems, consult errno for details).
openssl error queue:
empty error queue. ret=-1
errno: Bad file descriptor
Does anyone have any idea how to fix this?

EDIT:
Sorry for the spam. And for me being stupid.

In DirectAdmin the port 2224 is blocked by default of course.
 
Last edited:

realcryptonight

Verified User
Joined
Nov 16, 2019
Messages
340
Now I have it almost working right.

There is one thing that is still not working right.
When I add a new domain then only the domain record gets added to the directslave. (yourdomain.com)
But I am missing all the other dns entries like ftp, smtp, www, ect.

Does anyone know how to get also the other records on the directslave?
 

bdacus01

Verified User
Joined
Jul 22, 2017
Messages
3,741
Location
Murfreesboro
Does anyone know how to get also the other records on the directslave?

If you need to transfer all of your zones from your current machine to the servers listed in your MultiServer IP list, then you can type:

Code:
echo "action=rewrite&value=named" >> /usr/local/directadmin/data/task.queue

which will rewrite all local zones, and thus trigger the transfer of them to the remote servers
 
Top