DirectSlave/GO 3 - public beta

[Richard G]

Version >= 3.0 lost this behaviour for a reason:

Aha.... so there it's coming from. I missed this change so I didn't know and I thought something was wrong. This loosing the connection can happen with DA too, so I wonder how they have fixed this.

I did get it to work and know how, but I'm glad to know this was an intended change and no bug. Thanks for explaining.

 

[roman_m]

This loosing the connection can happen with DA too, so I wonder how they have fixed this.

Exactly. They never fixed this

You are very welcome!

Full DirectSlave version history: https://directslave.com/download

 

[Richard G]

Exactly. They never fixed this

Aha, so in fact DA waits until the next change or named restart and then it's done again... hmmz... Good to know.

 

[roman_m]

It's impossible to do passive transfer of master zone in ISC Bind. You should configure notify* channels and always have secondary as @true secondary@, or will have a headache when SOA records out of sync between your servers. DS brings order to this chaos, but require some skills & knowledge about how DNS infrastructure works.

Also, then then you have about 100K zones on your secondary, this is not a good idea to restart named every minute. It's no need to restart named at all.

 

[zEitEr]

Exactly. They never fixed this

Has it ever been requested? For now we use the following commands to force update of existing zones and add missing ones:

cd /usr/local/directadmin
echo "action=rewrite&value=named" >> data/task.queue
./dataskq

It might be executed as a crontask or with a custom script comparing a list of zones from a set of servers.

 

[roman_m]

Imho, rebuilding things all the time it's not a right way to minimize point-of-failure. Use 3 subsystems instead of one - i'ts a hipster way

 

[dfz]

greetings everyone, I just came across DS yesterday and would like to say that this is what I was looking for for a while. I was hoping that a reinstall of bind/named on the secondary server and installing DS would get my second name server up and running. However when i try to run the binary which is the most appropriate for my system linux-amd64 it throws out the following errors.

The seconday server is running CentOS 7.9 x64

Any input would be greatly appreciated. Thanks

 

[roman_m]

greetings everyone, I just came across DS yesterday and would like to say that this is what I was looking for for a while. I was hoping that a reinstall of bind/named on the secondary server and installing DS would get my second name server up and running. However when i try to run the binary which is the most appropriate for my system linux-amd64 it throws out the following errors.

The seconday server is running CentOS 7.9 x64

Any input would be greatly appreciated. Thanks

DO NOT RUN DS AS ROOT. NEVER EVER please! Or you will have a lot of troubles in your environment. Set uid and gid to the same the bind uses.
After that, check permissions of log files & /usr/local/directslave/etc/passwd file - set it to uid:gid defimed in /usr/local/directslave/etc/directslave.conf.

 

[sawe]

Hi all! Can anyone help me out in the update frm version 3.4.2 to 3.4.3? The instructions in README look like a bit old... (2018).
Thanks all!

 

[frog9394]

Hi all! Can anyone help me out in the update frm version 3.4.2 to 3.4.3? The instructions in README look like a bit old... (2018).
Thanks all!

Just replace the binary (directslave) from the latest download in /usr/local/directslave/bin. I think there is no other update from 3.4.2 to 3.4.3 other than the binary.

 

[Konfuzed]

New to DA (migrating from cPanel) so just been setting up DirectSlave on a new Centos 8 system.

The readme is rather confusing (could do with some clarifications in places, and is missing some dependencies)

Couldn't get the executable to run at all, then found the installation script on this thread which fixed the problem (installed some missing dependencies) so when the readme says "There is no prerequisites any more." which is clearly not the case.

I'm now able to run DS via the console, but can't get it to run as a service.

[root@server5 ~]# systemctl status directslave
● directslave.service - DirectSlave for DirectAdmin
   Loaded: loaded (/etc/systemd/system/directslave.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2020-07-01 21:23:18 BST; 11h ago
  Process: 2443 ExecStart=/usr/local/directslave/bin/directslave --run (code=exited, status=203/EXEC)
 Main PID: 2443 (code=exited, status=203/EXEC)

Jul 01 21:23:17  systemd[1]: directslave.service: Main process exited, code=exited, status=203/EXEC
Jul 01 21:23:17  systemd[1]: directslave.service: Failed with result 'exit-code'.
Jul 01 21:23:18  systemd[1]: directslave.service: Service RestartSec=100ms expired, scheduling resta>
Jul 01 21:23:18  systemd[1]: directslave.service: Scheduled restart job, restart counter is at 5.
Jul 01 21:23:18  systemd[1]: Stopped DirectSlave for DirectAdmin.
Jul 01 21:23:18  systemd[1]: directslave.service: Start request repeated too quickly.
Jul 01 21:23:18  systemd[1]: directslave.service: Failed with result 'exit-code'.
Jul 01 21:23:18  systemd[1]: Failed to start DirectSlave for DirectAdmin.
[ICODE]

My systemd config file:

[CODE]
[root@server5 ~]# cat /etc/systemd/system/directslave.service
[Unit]
Description=DirectSlave for DirectAdmin
After=network.target
[Service]
Type=simple
User=named
ExecStart=/usr/local/directslave/bin/directslave --run
Restart=always
[Install]
WantedBy=multi-user.target

And my DS config:

[root@server5 etc]# cat directslave.conf
background      1
host            <obscured>
port            2222
ssl             off
cookie_sess_id  DS_SESSID
cookie_auth_key <obscured>
debug           0
uid             25
gid             25
pid             /usr/local/directslave/run/directslave.pid
access_log      /usr/local/directslave/log/access.log
error_log       /usr/local/directslave/log/error.log
action_log      /usr/local/directslave/log/action.log
named_workdir   /etc/namedb/secondary
named_conf      /etc/namedb/directslave.inc
retry_time      1200
rndc_path       /usr/sbin/rndc
named_format    text
authfile        /usr/local/directslave/etc/passwd

When run as a console app via ssh, everything works just fine.

Any suggestions?

Regards

Neil

I managed to find out it had to do with SELinux, which I found out by checking /var/log/messages;
setroubleshoot[1150]: SELinux is preventing /usr/lib/systemd/systemd from execute access on the file directslave.

 

[linkoficial]

Hello!
Has anyone installed DS on AlmaLinux 9 or Debian 12?
Would it be DS compatible?

 

[zurf]

Hi,
I use it on two Debian 12 without problem.
Regards

 

[Richard G]

Trying DS on Almalinux 8.8 and getting the following issue:
/usr/local/directslave/bin/directslave: cannot execute binary file: Exec format error
I just copied the directslave-linux-amd64 to directslave so it can be used more easily.

But also with the full name it won't work and also the i386 version will throw the same error.

@linkoficial did you get it running on Alma 8 or 9?

 

[Richard G]

Never mind, it's not a Alma 8 issue. It's running fine on Centos 7 and Alma 8, but for some reason it's throwing this error on a Hetzner Cloud VPS with Alma 8.
So it's a VPS issue. Also tried to copy the file to the VPS in another way, same result.

Anybody a clue on how to fix this?

Edit: Was a Contabo issue with Alma 9. Reinstalled vps with Alma 8 and working instantly.

 

[Richard G]

Did anybody already has Directslave working with SSL certificate?

 

[Richard G]

@roman_m or anybody else.

Is it possible to get this working with real-time updates.
Just now I added some records in DA and then removed them again. I discovered that it took too long for the Letsencrypt TXT record to be send over.
Odd enough the named and rndc was reloaded, but the 5 minute TXT record was not put in. Probably because before I tried to renew the certificate I did this add and delete again action for a couple of records.

So I checked and now I see this on Directslave:
2023112401 ; serial
while in the meantime the master server got this already:
2023112405

As you can see it's out of sync now. Directslave has missed 4 updates in a short while.
And on DS it still contains an old 5 minute TXT acme_challenge record which should not be there anymore.

I got this setting in DS:
retry_time 600
but this time is also passed long already, and still the record of that domain is not updated/synchronised with the master.

I also notice some other odd thing.
@ IN SOA ns2.company.nl. hostmaster.userdomain.nl. (
Now ns2.company.nl is the DS server not the master server. Shouldn't this be ns1.company.nl in all records? I'm seeing this here both on the DS and on the DA master serve set to ns2.

Some are givig here ns2 and some domains are giving ns1 here. Or doesn't this matter?
I presume this is wrong, and if yes, how can I fix this?

Edit: I know about the named rewrite command, but I'm looking for a solution so the zones are synched more fast zo the serials can't get out of sync so fast and LE will update better.

Edit 2: OMG, the domain just updated to serial 2023112404 so that's the LE update, 46 minutes past the time it should have done this update. And still 1 missing because current serial is 05, not 04.
Probably it will still be updated but this is waaayyyyy too late.

 

[Active8]

Ditch it and use PowerDNS, works perfect with DA

 

[Richard G]

Nah, it's only for 1 server, maybe 2 in the future. I had a look at PowerDNS before. Nice if you have to manage multiple servers but too much work and resources needed for only 1 or 2.
And normally this works perfectly.

 

[Richard G]

Anybody else using this and having issues with DNSSEC?
Seems my normal domein.com.db files are send over, but Directslave will not add the .signed .private and .key files.

@Arieh any clue?