DirectSlave/GO 3 - public beta

bdacus01

Verified User
Joined
Jul 22, 2017
Messages
1,036
Location
Murfreesboro
If all three servers have directadmin. You don't need directslave. Directslave was designed to be for a separate piece of hardware (server) to be a Slave of the Master DirectAdmin.
 

SeLLeRoNe

Super Moderator
Joined
Oct 9, 2004
Messages
6,794
Location
A Coruña, Spain
Also, DNS are DNS, a Slave replicate a Master in for the whole list of domains.

There is really no point on having a slave that only serves specific domain present in a master, that's not what the salve is there for.
It is literally a failover for the master, so it needs to be able whatever the master is serving.

As Brent said, you don't need DirectSlave at all for this, you need to use DirectAdmin Multi Server Setup.

Also note, as slave doesn't fordward zones to additional slaves, so server 2 shoudln't send server 1 DNS entries to Server 3.
The only way that could happen is that you added Server 3 into Server 1 as a Salve.
 

Rido

Verified User
Joined
May 28, 2011
Messages
6
Hi!

Yesterday I set up my DirectSlave server on Ubuntu 20 and after some adjustments it works almost flawlessly. The only problem I encounter is that the RNDC trigger from DirectSlave does not seem to work properly with a DNS change.

When I add an A-record in DirectAdmin I see these log lines on the DirectSlave server:
Code:
2020/05/24 14:30:19 Authorization passed for xxxx from xxx.xxx.xxx.xxx
2020/05/24 14:30:19 Reloaded xxxx.nl from master xxx.xxx.xxx.xxx
2020/05/24 14:30:27 RNDC queue triggered with 1 events
2020/05/24 14:30:27 RNDC output: server reload successful
However, the zone file has not been updated.

When I execute the command manually, the zone file is updated correctly:
Code:
/usr/sbin/rndc reload xxxx.nl
This is the DirectSlave config:
Code:
background     1

host          *

port          2222
sslport        2224

ssl        off
ssl_cert    /usr/local/directslave/ssl/fullchain.pem
ssl_key        /usr/local/directslave/ssl/privkey.pem

cookie_sess_id  DS_SESSID
cookie_auth_key xxxxxxx

debug        1
uid          117  # bind
gid         123  # bind

pid          /usr/local/directslave/run/directslave.pid
access_log    /usr/local/directslave/log/access.log
error_log    /usr/local/directslave/log/error.log
action_log    /usr/local/directslave/log/action.log

named_workdir    /var/cache/bind
named_conf    /var/cache/bind/directslave.inc
retry_time    1
rndc_path    /usr/sbin/rndc
named_format    text

authfile    /usr/local/directslave/etc/passwd
/etc/bind/named.conf:
Code:
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/cache/bind/directslave.inc";
/etc/bind/named.conf.options:
Code:
options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        // forwarders {
        //      0.0.0.0;
        // };

        allow-query     { any; };
        allow-notify    { xxx.xxx.xxx.xxx; }; // master server ip
        allow-update    { xxx.xxx.xxx.xxx; }; // master server ip
        allow-transfer  { none; };
        allow-recursion { none;};
        recursion no;

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        listen-on-v6 { any; };
};

logging {
        channel default_debug {
                file "/var/cache/bind/default_debug.log";
                severity dynamic;
        };
};
Hopefully somebody can help me.

Thank you!
 
Top