DirectSlave/GO 3 - public beta

[galuh82]

Are saying you did not set up a hostname on the box?
You should for sure do that before you start. All server need hostnames and host files.


Correct it does not. I could add it but I might be best the Admin control outside access to the box.

noted, good work

thanks

 

[galuh82]

OMG, sorry I forgot allow port 53 on iptables, now its working good.
Thank you very much @bdacus01 for your very meaningful explanation

Thank you @kang28ivan for reminding me too, maybe the next update @bdacus01 also added firewall rules for DNS ports and other related ports

regards

 

[galuh82]

Are you saying you did not set up a hostname on the box?
You should for sure do that before you start. All server need hostnames and host files.

trying on openvz with centos 7 64 bit

etc/hosts

127.0.0.1 localhost.localdomain localhost localhost4.localdomain4 localhost4
# Auto-generated hostname. Please do not remove this comment.
xxx.zzz.ccc.vvv ns2.domain.net  ns2
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

hostname -I|awk '{print $1}'

127.0.0.1

its solve when we change it as

hostname -I | awk '{ print $2 }'

hostname command result

ns2.domain.net

for firewall rule, we have to add manually. log install say firewalld not running when adding the rule. in case firewalld not running well

but its ok, we still have solution to solve this isue.

regards.

 

[factor]

trying on openvz with centos 7 64 bit

etc/hosts

127.0.0.1 localhost.localdomain localhost localhost4.localdomain4 localhost4
# Auto-generated hostname. Please do not remove this comment.
xxx.zzz.ccc.vvv ns2.domain.net  ns2
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

hostname -I|awk '{print $1}'

127.0.0.1

its solve when we change it as

hostname -I | awk '{ print $2 }'

hostname command result

ns2.domain.net

for firewall rule, we have to add manually. log install say firewalld not running when adding the rule. in case firewalld not running well

but its ok, we still have solution to solve this isue.

regards.

hostname -I is the get the IP address of the server.

https://linux.die.net/man/1/hostname
-I, --all-ip-addressesDisplay all network addresses of the host. This option enumerates all configured addresses on all network interfaces. The loopback interface and IPv6 link-local addresses are omitted. Contrary to option -i, this option does not depend on name resolution. Do not make any assumptions about the order of the output.

Could be this messing it up .

Do not make any assumptions about the order of the output.

if you run

hostname -I

you should get a list of all the ip address assigned to the server.

hostname -I
ip 4 here ###.###.###.###  ip6 here Xxxx:xxx:xxX:XxXX:

the IP should be the real IP of the server. if it's not you have something wrong.
looks like you have loopback set as ip 127.0.0.1 which is weird.

to check your hostname is set do

hostnamectl

Should get

static hostname: servername.hostname.com
         Icon name: 
           Chassis:
        Machine ID: 
           Boot ID: 
    Virtualization: kvm
  Operating System: CentOS Linux 7 (Core)
       CPE OS Name: cpe:/o:centos:centos:7
            Kernel:
      Architecture: x86-64

to set a hostname

do

hostnamectl set-hostname servername.hostname.com

I would make your host file more readable as well
like

127.0.0.1                    localhost.localdomain  localhost 
:1                          localhost localhost.localdomain localhost
###.###.###.###              servername.hostname.com servername

 

[galuh82]

hello, problem found in openvz, there is no significant problem in kvm

 

[factor]

Great glad it helped... Good luck in the migrations.

 

[susanID]

ssl not work

I tried to enable SSL, check ok, but not work with error message below.
What should be I do?

Server xxxxxxxx:2224 start error! tls: failed to find any PEM data in certificate input

# /usr/local/directslave/bin/directslave --check

DEBUG: Running as root (0), dropping privileges to 25:25
DirectSlave GO/3.2 Advanced (c) Roman Mazur <[email protected]> 2012-2018

Here we do some test to check if your config ...
 /usr/local/directslave/etc/directslave.conf is good.

Reading /usr/local/directslave/etc/directslave.conf ... OK

Trying to drop privileges to 25 25 ... OK

Running tests as UID:25, GID:25

Opening/creating file 'access_log' -> /usr/local/directslave/log/access.log ... OK

Opening/creating file 'error_log' -> /usr/local/directslave/log/error.log ... OK

Opening/creating file 'action_log' -> /usr/local/directslave/log/action.log ... OK

Opening/creating file 'named_conf' -> /etc/namedb/directslave.inc ... OK

Opening/creating file 'pid' -> /usr/local/directslave/run/directslave.pid ... OK

SSL is on! Testing CERT and KEY accessibility:

Opening file 'ssl_cert' -> /usr/local/directslave/ssl/fullchain.pem ... OK

Opening file 'ssl_key' -> /usr/local/directslave/ssl/privkey.pem ... OK

Testing named_workdir acesssibility /etc/namedb/secondary ... OK

Testing RNDC util accessibility at path /usr/sbin/rndc ... OK

*** All OK! You can safely run with --run flag.

 

[susanID]

I tried to enable SSL, check ok, but not work with error message below.
What should be I do?

My bad, it's working after I generate self-sign ssl key and cert and copy them into /usr/local/directslave/ssl/privkey.pem and /usr/local/directslave/ssl/fullchain.pem

 

[factor]

My bad, it's working after I generate self-sign ssl key and cert and copy them into /usr/local/directslave/ssl/privkey.pem and /usr/local/directslave/ssl/fullchain.pem

SusanID,

Welcome to the forum and welcome to directadmin. Glad you sorted it out. If you used my script hope it worked well. It currently doesn't support ssl in the script.

 

[galuh82]

yes, it must be done manually

make adjustments or additions to the directslave.conf configuration

ssl on
sslport 2224 (or other)
ssl_cert /usr/local/directslave/ssl/fullchain.pem (copy from ca.crt)
ssl_key /usr/local/directslave/ssl/privkey.pem (copy from ca.key)

open 2224 port on firewall

SSL connection to DirectSlave should be done successfully

 

[Sab]

Added domain2.com to DA. DirectSlave shows the zone file synced to it by DA. But when I do

#dig A +noadditional +noquestion +nocomments +nocmd +nostats domain2.com. @DirectSlave

I get no answer, but other domains are working fine on DirectSlave...???

update: appears /etc/namedb/secondary/domain2.com.db is missing on DirectSlave...

update2: appears DirectSlave is no longer working in any newly added domains, only old ones work. Connections are successfull. I think it's related to latest DirectAdmin update ver 1.58.2 Maybe it broke DirectSlave...

Anyone else experiencing the same issue after update?

 

[galuh82]

same with us, not working with latest update directadmin.

we have to move all directslave to directadmin personal license $24/years

 

[DanielP]

It works for us or there is an option it never to worked as intended from the start and we just make it work... during the initial tests (centos 7 + epel) I notice that zones are not created and slaves log the error that master do not allow transfer so in addition to allow notify on the slave from the master ip we added to the master named.conf


allow-transfer { xxx.xxx.xxx.xxx; yyy.yyy.yyy.yyy; }; xxx... yyy ips of the slaves nameservers

which is not mentioned here but that make entire setup to works so we leave it that way

It works for A domain account created on server A then terminated from whmcs and created on server B ... to further verify that it works i added adon domain to account on the server B which is not existed before in any DA server intodns says it resolves ok

So definitely works

 

[Sab]

we added to the master named.conf
allow-transfer { xxx.xxx.xxx.xxx; yyy.yyy.yyy.yyy; }; xxx... yyy ips of the slaves nameservers

This worked for me! thanks

 

[codes9]

Can't authenticate from DirectAdmin

I love the simplicity DirectSlave brings to syncing up a Secondary DNS in DirectAdmin.

I'm very new to DirectSlave and DirectAdmin (coming from the Cpanel side)

I've recently installed Directslave easily enough and the documentation included is actually quite detailed.
I'm just not able to authenticate from DirectAdmin and get errors in the logs about this.

I'm using Ubuntu 18.04

DirectAdmin setup

• Enabled Multi-Server
• Added a server for DNS sync with the admin username & password used in directslave.
• Testing from DirectAdmin shows:

"Error during connection test
***.***.***.*** : DirectSlave GO/3.2 Advanced : Error: Login failed"

My server IP is blanked but I've verified that it shows up correctly in the above notice.

Troubleshooting steps with the password

• Changed out the password as & throws out the ../directslave --password ... procedure
• Tried a less complex password for testing (also did not work)
• Temporarily disabled SSL (a whole other topic - trying to get it to work with Letsencrypt suspect it won't due to a permissions issue and inability to move certs)
• Teporarily disabled RNDC after it's misconfig avoided password setting from completing.

DirectSlave config

background      1

host ***.***.***.*** (the ip of the server directslave is installed on)

port            2222
sslport         2224

ssl             off
ssl_cert        /etc/letsencrypt/live/server.***/fullchain.pem
ssl_key         /etc/letsencrypt/live/server.***/privkey.pem

cookie_sess_id  DS_SESSID
cookie_auth_key ********************************************** (long random string)

debug           0
uid             53
gid             53

pid             /usr/local/directslave/run/directslave.pid
access_log      /usr/local/directslave/log/access.log
error_log       /usr/local/directslave/log/error.log
action_log      /usr/local/directslave/log/action.log

named_workdir   /etc/namedb/secondary
named_conf      /etc/namedb/directslave.inc
retry_time      1200
rndc_path       'none'
named_format    text

authfile        /usr/local/directslave/etc/passwd

Anyone able to spot any misconfigurations in my setup?
Your suggestions will be welcome.

 

[roman_m]

Hi all!

Some DirectSlave users reported an issue when RNDC is disabled, so

this is UPDATE to version 3.3

==================
+ Fixed XSS vulnerability on login screen
+ Fixed check errors when rndc is disabled
-> Minor bugs fixed
==================

Please, download update at https://directslave.com/download

 

[Sab]

Hi all!

Some DirectSlave users reported an issue when RNDC is disabled, so

this is UPDATE to version 3.3

==================
+ Fixed XSS vulnerability on login screen
+ Fixed check errors when rndc is disabled
-> Minor bugs fixed
==================

Please, download update at https://directslave.com/download

To upgrade do we have to reinstall?

 

[roman_m]

Nope. Just copy suitable binary for your system from archive bin/ folder into your existing DS installation tree.

Package bin directory contains 6 binary files built for different systems. There is Linux, FreeBSD and MacOS versions for 32/64 bit architectures. You need to choose binary for your system. For example, on Linux/64 it will be directslave-linux-amd64, and directslave-freebsd-i386 for FreeBSD i386 (obviously).

So you must rename that binary to directslave. Then restart directslave.

No configuration options/webroot templates change needed.

 

[Brenden]

I just setup letsencrypt for SSL (using cloudflare DNS challenge not http challenge) and i'm getting this error in Direct Admin when trying to connect to SSL, http works fine. I can also login to https://dns-secondary.domain:2224 fine.

dns-secondary.domain :  : Unable to connect to 140.238.199.117: Operation now in progress
Unable to connect to secure socket
Some I/O error occurred.  The OpenSSL error queue may contain more information on the error.  If the error queue is empty (i.e. ERR_get_error() returns 0), ret can be used to find out more about the error: If ret == 0, an EOF was observed that violates the protocol.  If ret == -1, the underlying BIO reported an I/O error (for socket I/O on Unix systems, consult errno for details).
openssl error queue:
empty error queue.  ret=-1
errno: Bad file descriptor

It also starts fine

 ./linux.directslave start
Starting DirectSlave:
*** Starting DirectSlave GO/3.3 Advanced server ***
*** (c) Roman Mazur <[email protected]> 2012-2019 ***

Using user UID:53, GID:53

Using secondary conf: /etc/namedb/directslave.inc
Creating HTTP PLAIN socket on: *:2222
Creating HTTP/2 TLS socket on: *:2224
Using certificate: /etc/letsencrypt/live/dns-secondary.domain/fullchain.pem
Using certificate key: /etc/letsencrypt/live/dns-secondary.domain/privkey.pem

Staying foreground.

Any ideas? Can I use a self signed cert here instead perhaps?

 

[Arieh]

I just installed DirectSlave on Debian 10, for this or other systems running AppAmor, it will prevent bind from writing into the secondary dir.

Related error in syslog:

dumping master file: /etc/bind/secondary/tmp-XXX: open: permission denied

Solution: We need to give write access to this dir.

nano /etc/apparmor.d/usr.sbin.named

Under:

/etc/bind/** r,

Add:

/etc/bind/secondary/** rw,

Then:

service apparmor restart
service bind9 restart