DirectSlave/GO 3 - public beta

galuh82

Verified User
Joined
Jul 1, 2019
Messages
37
Are saying you did not set up a hostname on the box?
You should for sure do that before you start. All server need hostnames and host files.


Correct it does not. I could add it but I might be best the Admin control outside access to the box.
noted, good work

thanks
 

galuh82

Verified User
Joined
Jul 1, 2019
Messages
37
OMG, sorry I forgot allow port 53 on iptables, now its working good.
Thank you very much @bdacus01 for your very meaningful explanation
Thank you @kang28ivan for reminding me too, maybe the next update @bdacus01 also added firewall rules for DNS ports and other related ports :D

regards
 

galuh82

Verified User
Joined
Jul 1, 2019
Messages
37
Are you saying you did not set up a hostname on the box?
You should for sure do that before you start. All server need hostnames and host files.
trying on openvz with centos 7 64 bit

etc/hosts

Code:
127.0.0.1 localhost.localdomain localhost localhost4.localdomain4 localhost4
# Auto-generated hostname. Please do not remove this comment.
xxx.zzz.ccc.vvv ns2.domain.net  ns2
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
Code:
hostname -I|awk '{print $1}'

127.0.0.1
its solve when we change it as

Code:
hostname -I | awk '{ print $2 }'
hostname command result

Code:
ns2.domain.net
for firewall rule, we have to add manually. log install say firewalld not running when adding the rule. in case firewalld not running well

but its ok, we still have solution to solve this isue.

regards.
 

bdacus01

Verified User
Joined
Jul 22, 2017
Messages
572
Location
Murfreesboro
trying on openvz with centos 7 64 bit

etc/hosts

Code:
127.0.0.1 localhost.localdomain localhost localhost4.localdomain4 localhost4
# Auto-generated hostname. Please do not remove this comment.
xxx.zzz.ccc.vvv ns2.domain.net  ns2
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
Code:
hostname -I|awk '{print $1}'

127.0.0.1
its solve when we change it as

Code:
hostname -I | awk '{ print $2 }'
hostname command result

Code:
ns2.domain.net
for firewall rule, we have to add manually. log install say firewalld not running when adding the rule. in case firewalld not running well

but its ok, we still have solution to solve this isue.

regards.
hostname -I is the get the IP address of the server.

https://linux.die.net/man/1/hostname
-I, --all-ip-addressesDisplay all network addresses of the host. This option enumerates all configured addresses on all network interfaces. The loopback interface and IPv6 link-local addresses are omitted. Contrary to option -i, this option does not depend on name resolution. Do not make any assumptions about the order of the output.
Could be this messing it up .
Do not make any assumptions about the order of the output.
if you run
Code:
hostname -I
you should get a list of all the ip address assigned to the server.

Code:
hostname -I
ip 4 here ###.###.###.###  ip6 here Xxxx:xxx:xxX:XxXX:
the IP should be the real IP of the server. if it's not you have something wrong.
looks like you have loopback set as ip 127.0.0.1 which is weird.

to check your hostname is set do

Code:
hostnamectl
Should get
Code:
static hostname: servername.hostname.com
         Icon name: 
           Chassis:
        Machine ID: 
           Boot ID: 
    Virtualization: kvm
  Operating System: CentOS Linux 7 (Core)
       CPE OS Name: cpe:/o:centos:centos:7
            Kernel:
      Architecture: x86-64
to set a hostname

do
Code:
hostnamectl set-hostname servername.hostname.com
I would make your host file more readable as well
like

Code:
127.0.0.1                    localhost.localdomain  localhost 
:1                          localhost localhost.localdomain localhost
###.###.###.###              servername.hostname.com servername
 
Last edited:

susanID

Verified User
Joined
Jul 26, 2019
Messages
8
ssl not work

I tried to enable SSL, check ok, but not work with error message below.
What should be I do?

Code:
Server xxxxxxxx:2224 start error! tls: failed to find any PEM data in certificate input
Code:
# /usr/local/directslave/bin/directslave --check

DEBUG: Running as root (0), dropping privileges to 25:25
DirectSlave GO/3.2 Advanced (c) Roman Mazur <roman.mazur@gmail.com> 2012-2018

Here we do some test to check if your config ...
 /usr/local/directslave/etc/directslave.conf is good.

Reading /usr/local/directslave/etc/directslave.conf ... OK

Trying to drop privileges to 25 25 ... OK

Running tests as UID:25, GID:25

Opening/creating file 'access_log' -> /usr/local/directslave/log/access.log ... OK

Opening/creating file 'error_log' -> /usr/local/directslave/log/error.log ... OK

Opening/creating file 'action_log' -> /usr/local/directslave/log/action.log ... OK

Opening/creating file 'named_conf' -> /etc/namedb/directslave.inc ... OK

Opening/creating file 'pid' -> /usr/local/directslave/run/directslave.pid ... OK

SSL is on! Testing CERT and KEY accessibility:

Opening file 'ssl_cert' -> /usr/local/directslave/ssl/fullchain.pem ... OK

Opening file 'ssl_key' -> /usr/local/directslave/ssl/privkey.pem ... OK

Testing named_workdir acesssibility /etc/namedb/secondary ... OK

Testing RNDC util accessibility at path /usr/sbin/rndc ... OK

*** All OK! You can safely run with --run flag.
 

susanID

Verified User
Joined
Jul 26, 2019
Messages
8
I tried to enable SSL, check ok, but not work with error message below.
What should be I do?
My bad, it's working after I generate self-sign ssl key and cert and copy them into /usr/local/directslave/ssl/privkey.pem and /usr/local/directslave/ssl/fullchain.pem
 

bdacus01

Verified User
Joined
Jul 22, 2017
Messages
572
Location
Murfreesboro
My bad, it's working after I generate self-sign ssl key and cert and copy them into /usr/local/directslave/ssl/privkey.pem and /usr/local/directslave/ssl/fullchain.pem


SusanID,

Welcome to the forum and welcome to directadmin. Glad you sorted it out. If you used my script hope it worked well. It currently doesn't support ssl in the script.
 

galuh82

Verified User
Joined
Jul 1, 2019
Messages
37
yes, it must be done manually

make adjustments or additions to the directslave.conf configuration

ssl on
sslport 2224 (or other)
ssl_cert /usr/local/directslave/ssl/fullchain.pem (copy from ca.crt)
ssl_key /usr/local/directslave/ssl/privkey.pem (copy from ca.key)

open 2224 port on firewall
SSL connection to DirectSlave should be done successfully
 

Sab

Verified User
Joined
Jul 1, 2019
Messages
20
Added domain2.com to DA. DirectSlave shows the zone file synced to it by DA. But when I do

#dig A +noadditional +noquestion +nocomments +nocmd +nostats domain2.com. @DirectSlave

I get no answer, but other domains are working fine on DirectSlave...???

update: appears /etc/namedb/secondary/domain2.com.db is missing on DirectSlave...

update2: appears DirectSlave is no longer working in any newly added domains, only old ones work. Connections are successfull. I think it's related to latest DirectAdmin update ver 1.58.2 Maybe it broke DirectSlave...

Anyone else experiencing the same issue after update?
 
Last edited:

galuh82

Verified User
Joined
Jul 1, 2019
Messages
37
same with us, not working with latest update directadmin.

we have to move all directslave to directadmin personal license $24/years ;)
 

DanielP

Verified User
Joined
Jun 28, 2019
Messages
82
It works for us or there is an option it never to worked as intended from the start and we just make it work... during the initial tests (centos 7 + epel) I notice that zones are not created and slaves log the error that master do not allow transfer so in addition to allow notify on the slave from the master ip we added to the master named.conf


allow-transfer { xxx.xxx.xxx.xxx; yyy.yyy.yyy.yyy; }; xxx... yyy ips of the slaves nameservers

which is not mentioned here but that make entire setup to works so we leave it that way

It works for A domain account created on server A then terminated from whmcs and created on server B ... to further verify that it works i added adon domain to account on the server B which is not existed before in any DA server intodns says it resolves ok

So definitely works
 
Last edited:

codes9

New member
Joined
Sep 5, 2019
Messages
3
Can't authenticate from DirectAdmin

I love the simplicity DirectSlave brings to syncing up a Secondary DNS in DirectAdmin.

I'm very new to DirectSlave and DirectAdmin (coming from the Cpanel side)

I've recently installed Directslave easily enough and the documentation included is actually quite detailed.
I'm just not able to authenticate from DirectAdmin and get errors in the logs about this.

I'm using Ubuntu 18.04

DirectAdmin setup
  • Enabled Multi-Server
  • Added a server for DNS sync with the admin username & password used in directslave.
  • Testing from DirectAdmin shows:

Code:
"Error during connection test
***.***.***.*** : DirectSlave GO/3.2 Advanced : Error: Login failed"
:) My server IP is blanked but I've verified that it shows up correctly in the above notice.
Troubleshooting steps with the password
  • Changed out the password as & throws out the ../directslave --password ... procedure
  • Tried a less complex password for testing (also did not work)
  • Temporarily disabled SSL (a whole other topic - trying to get it to work with Letsencrypt suspect it won't due to a permissions issue and inability to move certs)
  • Teporarily disabled RNDC after it's misconfig avoided password setting from completing.

DirectSlave config
Code:
background      1

host ***.***.***.*** (the ip of the server directslave is installed on)

port            2222
sslport         2224

ssl             off
ssl_cert        /etc/letsencrypt/live/server.***/fullchain.pem
ssl_key         /etc/letsencrypt/live/server.***/privkey.pem

cookie_sess_id  DS_SESSID
cookie_auth_key ********************************************** (long random string)

debug           0
uid             53
gid             53

pid             /usr/local/directslave/run/directslave.pid
access_log      /usr/local/directslave/log/access.log
error_log       /usr/local/directslave/log/error.log
action_log      /usr/local/directslave/log/action.log

named_workdir   /etc/namedb/secondary
named_conf      /etc/namedb/directslave.inc
retry_time      1200
rndc_path       'none'
named_format    text

authfile        /usr/local/directslave/etc/passwd
Anyone able to spot any misconfigurations in my setup?
Your suggestions will be welcome.
 

roman_m

Verified User
Joined
May 5, 2005
Messages
130
Location
Ukraine, Kiev
Hi all!

Some DirectSlave users reported an issue when RNDC is disabled, so

this is UPDATE to version 3.3

==================
+ Fixed XSS vulnerability on login screen
+ Fixed check errors when rndc is disabled
-> Minor bugs fixed
==================

Please, download update at https://directslave.com/download
 

Sab

Verified User
Joined
Jul 1, 2019
Messages
20
Hi all!

Some DirectSlave users reported an issue when RNDC is disabled, so

this is UPDATE to version 3.3

==================
+ Fixed XSS vulnerability on login screen
+ Fixed check errors when rndc is disabled
-> Minor bugs fixed
==================

Please, download update at https://directslave.com/download
To upgrade do we have to reinstall?
 

roman_m

Verified User
Joined
May 5, 2005
Messages
130
Location
Ukraine, Kiev
Nope. Just copy suitable binary for your system from archive bin/ folder into your existing DS installation tree.

Package bin directory contains 6 binary files built for different systems. There is Linux, FreeBSD and MacOS versions for 32/64 bit architectures. You need to choose binary for your system. For example, on Linux/64 it will be directslave-linux-amd64, and directslave-freebsd-i386 for FreeBSD i386 (obviously).

So you must rename that binary to directslave. Then restart directslave.

No configuration options/webroot templates change needed.
 

Brenden

Verified User
Joined
Oct 24, 2003
Messages
27
I just setup letsencrypt for SSL (using cloudflare DNS challenge not http challenge) and i'm getting this error in Direct Admin when trying to connect to SSL, http works fine. I can also login to https://dns-secondary.domain:2224 fine.

Code:
dns-secondary.domain :  : Unable to connect to 140.238.199.117: Operation now in progress
Unable to connect to secure socket
Some I/O error occurred.  The OpenSSL error queue may contain more information on the error.  If the error queue is empty (i.e. ERR_get_error() returns 0), ret can be used to find out more about the error: If ret == 0, an EOF was observed that violates the protocol.  If ret == -1, the underlying BIO reported an I/O error (for socket I/O on Unix systems, consult errno for details).
openssl error queue:
empty error queue.  ret=-1
errno: Bad file descriptor
It also starts fine

Code:
 ./linux.directslave start
Starting DirectSlave:
*** Starting DirectSlave GO/3.3 Advanced server ***
*** (c) Roman Mazur <roman.mazur@gmail.com> 2012-2019 ***

Using user UID:53, GID:53

Using secondary conf: /etc/namedb/directslave.inc
Creating HTTP PLAIN socket on: *:2222
Creating HTTP/2 TLS socket on: *:2224
Using certificate: /etc/letsencrypt/live/dns-secondary.domain/fullchain.pem
Using certificate key: /etc/letsencrypt/live/dns-secondary.domain/privkey.pem

Staying foreground.
Any ideas? Can I use a self signed cert here instead perhaps?
 

Arieh

Verified User
Joined
May 27, 2008
Messages
1,200
Location
The Netherlands
I just installed DirectSlave on Debian 10, for this or other systems running AppAmor, it will prevent bind from writing into the secondary dir.

Related error in syslog:
dumping master file: /etc/bind/secondary/tmp-XXX: open: permission denied
Solution: We need to give write access to this dir.

nano /etc/apparmor.d/usr.sbin.named
Under:
/etc/bind/** r,
Add:
/etc/bind/secondary/** rw,
Then:
service apparmor restart
service bind9 restart
 
Top