DirectSlave/GO 3 - public beta

[factor]

If all three servers have directadmin. You don't need directslave. Directslave was designed to be for a separate piece of hardware (server) to be a Slave of the Master DirectAdmin.

 

[SeLLeRoNe]

Also, DNS are DNS, a Slave replicate a Master in for the whole list of domains.

There is really no point on having a slave that only serves specific domain present in a master, that's not what the salve is there for.
It is literally a failover for the master, so it needs to be able whatever the master is serving.

As Brent said, you don't need DirectSlave at all for this, you need to use DirectAdmin Multi Server Setup.

Also note, as slave doesn't fordward zones to additional slaves, so server 2 shoudln't send server 1 DNS entries to Server 3.
The only way that could happen is that you added Server 3 into Server 1 as a Salve.

 

[Rido]

Hi!

Yesterday I set up my DirectSlave server on Ubuntu 20 and after some adjustments it works almost flawlessly. The only problem I encounter is that the RNDC trigger from DirectSlave does not seem to work properly with a DNS change.

When I add an A-record in DirectAdmin I see these log lines on the DirectSlave server:

2020/05/24 14:30:19 Authorization passed for xxxx from xxx.xxx.xxx.xxx
2020/05/24 14:30:19 Reloaded xxxx.nl from master xxx.xxx.xxx.xxx
2020/05/24 14:30:27 RNDC queue triggered with 1 events
2020/05/24 14:30:27 RNDC output: server reload successful

However, the zone file has not been updated.

When I execute the command manually, the zone file is updated correctly:

/usr/sbin/rndc reload xxxx.nl

This is the DirectSlave config:

background     1

host          *

port          2222
sslport        2224

ssl        off
ssl_cert    /usr/local/directslave/ssl/fullchain.pem
ssl_key        /usr/local/directslave/ssl/privkey.pem

cookie_sess_id  DS_SESSID
cookie_auth_key xxxxxxx

debug        1
uid          117  # bind
gid         123  # bind

pid          /usr/local/directslave/run/directslave.pid
access_log    /usr/local/directslave/log/access.log
error_log    /usr/local/directslave/log/error.log
action_log    /usr/local/directslave/log/action.log

named_workdir    /var/cache/bind
named_conf    /var/cache/bind/directslave.inc
retry_time    1
rndc_path    /usr/sbin/rndc
named_format    text

authfile    /usr/local/directslave/etc/passwd

/etc/bind/named.conf:

// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/cache/bind/directslave.inc";

/etc/bind/named.conf.options:

options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        // forwarders {
        //      0.0.0.0;
        // };

        allow-query     { any; };
        allow-notify    { xxx.xxx.xxx.xxx; }; // master server ip
        allow-update    { xxx.xxx.xxx.xxx; }; // master server ip
        allow-transfer  { none; };
        allow-recursion { none;};
        recursion no;

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        listen-on-v6 { any; };
};

logging {
        channel default_debug {
                file "/var/cache/bind/default_debug.log";
                severity dynamic;
        };
};

Hopefully somebody can help me.

Thank you!

 

[chrisdewey]

Hi,

I am new to this. So sorry for any stupid questions. I am running this on Cento 8 but when I restart the VPS the DirectSlave does not auto restart. How do I enable it to restart on system reboot?

 

[chrisdewey]

Hi,

I am new to this. So sorry for any stupid questions. I am running this on Cento 8 but when I restart the VPS the DirectSlave does not auto restart. How do I enable it to restart on system reboot?

Scrap that. Found server fully crashed

 

[neilspellings]

New to DA (migrating from cPanel) so just been setting up DirectSlave on a new Centos 8 system.

The readme is rather confusing (could do with some clarifications in places, and is missing some dependencies)

Couldn't get the executable to run at all, then found the installation script on this thread which fixed the problem (installed some missing dependencies) so when the readme says "There is no prerequisites any more." which is clearly not the case.

I'm now able to run DS via the console, but can't get it to run as a service.

[root@server5 ~]# systemctl status directslave
● directslave.service - DirectSlave for DirectAdmin
   Loaded: loaded (/etc/systemd/system/directslave.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2020-07-01 21:23:18 BST; 11h ago
  Process: 2443 ExecStart=/usr/local/directslave/bin/directslave --run (code=exited, status=203/EXEC)
 Main PID: 2443 (code=exited, status=203/EXEC)

Jul 01 21:23:17  systemd[1]: directslave.service: Main process exited, code=exited, status=203/EXEC
Jul 01 21:23:17  systemd[1]: directslave.service: Failed with result 'exit-code'.
Jul 01 21:23:18  systemd[1]: directslave.service: Service RestartSec=100ms expired, scheduling resta>
Jul 01 21:23:18  systemd[1]: directslave.service: Scheduled restart job, restart counter is at 5.
Jul 01 21:23:18  systemd[1]: Stopped DirectSlave for DirectAdmin.
Jul 01 21:23:18  systemd[1]: directslave.service: Start request repeated too quickly.
Jul 01 21:23:18  systemd[1]: directslave.service: Failed with result 'exit-code'.
Jul 01 21:23:18  systemd[1]: Failed to start DirectSlave for DirectAdmin.
[ICODE]

My systemd config file:

[CODE]
[root@server5 ~]# cat /etc/systemd/system/directslave.service
[Unit]
Description=DirectSlave for DirectAdmin
After=network.target
[Service]
Type=simple
User=named
ExecStart=/usr/local/directslave/bin/directslave --run
Restart=always
[Install]
WantedBy=multi-user.target

And my DS config:

[root@server5 etc]# cat directslave.conf
background      1
host            <obscured>
port            2222
ssl             off
cookie_sess_id  DS_SESSID
cookie_auth_key <obscured>
debug           0
uid             25
gid             25
pid             /usr/local/directslave/run/directslave.pid
access_log      /usr/local/directslave/log/access.log
error_log       /usr/local/directslave/log/error.log
action_log      /usr/local/directslave/log/action.log
named_workdir   /etc/namedb/secondary
named_conf      /etc/namedb/directslave.inc
retry_time      1200
rndc_path       /usr/sbin/rndc
named_format    text
authfile        /usr/local/directslave/etc/passwd

When run as a console app via ssh, everything works just fine.

Any suggestions?

Regards

Neil

 

[SeLLeRoNe]

In console I assume you start it as root, so my question would be, in the config have you checked the uid and gid to be the correct one?

The service start as user "named" so that might cause an issue if uid and gid are not for the user named.

 

[neilspellings]

In console I assume you start it as root, so my question would be, in the config have you checked the uid and gid to be the correct one?

The service start as user "named" so that might cause an issue if uid and gid are not for the user named.

Many thanks for the fast response.

Yes, I checked and they match:

[root@server5 etc]# cat /etc/passwd | grep named
named:x:25:25:Named:/var/named:/bin/false

Warm regards

Neil

 

[SeLLeRoNe]

When you start it manually do you use this command?
/usr/local/directslave/bin/directslave --run

 

[neilspellings]

When you start it manually do you use this command?
/usr/local/directslave/bin/directslave --run

Yes that works in the background but if the server reboots then it does not get started as a service automatically.

I tried creating a new user and running the service as that, but same issue occurs.

Regards

Neil

 

[SeLLeRoNe]

Maybe you need to remove the "User" line, I checked my config and this is what I use:

[Unit]
Description=DirectSlave
After=network.target

[Service]
Type=simple
ExecStart=/usr/local/directslave/bin/directslave --run
Restart=always

[Install]
WantedBy=multi-user.target

 

[neilspellings]

Maybe you need to remove the "User" line, I checked my config and this is what I use:

[Unit]
Description=DirectSlave
After=network.target

[Service]
Type=simple
ExecStart=/usr/local/directslave/bin/directslave --run
Restart=always

[Install]
WantedBy=multi-user.target

Thanks for the suggestion, but it didn't resolve the problem.

Regards

Neil

 

[SeLLeRoNe]

That's quite strange... it should simply work with the sevice config I provide since that simply run the application as root as if you were manually running the command.

Have you checked the system logs for error when you try to start it?

 

[kamolot]

Hello, i have a problem with directslave as it's not working with bind. After adding:

include "/usr/local/directslave/etc/directslave.conf";

to my slave named.conf i get error starting bind:

bind9.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2020-07-29 15:35:36 BST; 1s ago
Docs: man:named(8)
Process: 7860 ExecStop=/usr/sbin/rndc stop (code=exited, status=1/FAILURE)
Process: 7854 ExecStart=/usr/sbin/named -f $OPTIONS (code=exited, status=1/FAILURE)
Main PID: 7854 (code=exited, status=1/FAILURE)

Jul 29 15:35:36 ns4 named[7854]: using up to 4096 sockets
Jul 29 15:35:36 ns4 named[7854]: loading configuration from '/etc/bind/named.conf'
Jul 29 15:35:36 ns4 named[7854]: /usr/local/directslave/etc/directslave.conf:1: unknown option 'background'
Jul 29 15:35:36 ns4 named[7854]: /etc/bind/named.conf:13: unexpected token near end of file
Jul 29 15:35:36 ns4 named[7854]: loading configuration: unexpected token
Jul 29 15:35:36 ns4 systemd[1]: bind9.service: Main process exited, code=exited, status=1/FAILURE
Jul 29 15:35:36 ns4 rndc[7860]: rndc: connect failed: 127.0.0.1#953: connection refused

Did i messed up my conf files?

 

[Arieh]

/usr/local/directslave/etc/directslave.conf:1: unknown option 'background'

You should check the top of that directslave.conf file, what's in it. Because for some reason it contains the word background. It should only consist of lines starting with: zone "example.com"{ ...

 

[kamolot]

Ok so what it appears to be done here is that i included in my main slave named.conf a link to directslave main conf which has background as first in it. What i should do was to include the file that contains zones only. Is that correct? That was already there and it seems that is not working. Just tried it with new domain in DA. Nothing. I messed up something here.

 

[Arieh]

It's correct to load in directslave.conf, however that file should containes zones. It should have the zones that it receives from DA. So look in the file and see what that line or first few lines are in full. It only gives the first word in this error.

 

[kamolot]

OK i'm messing up names here propably as my main directslave.conf is not containing zones but has a normal config structure which begins with "background".
So the question is what file should i include. The one with zones i guess but that file is included already - bind is running as well as directslave but zones still are not transferred - i don't see any new zones in the files as well as no new db files. The only trace in logs (systemlog) are:
client 172.2xx.xx.xx#33180: received notify for zone 'pingu2.ovh': not authoritative

There is nothing in directslave logs except info of starting or stopping the service.
It's just like directslave was not doing anything. I messed up badly something here.

 

[SeLLeRoNe]

In the directslave config you need to specify the slave file for named and the folder:
named_workdir /var/named/slaves
named_conf /var/named/slaves.conf


In the named.conf you need to load the slaves.conf:
include "/var/named/slaves.conf";

That's it.

 

[kamolot]

Did that - no reaction - like there was no communication from ns1 - but it is working ( i checked Test ok). I'm getting only
not authoritative message
in syslog.
No info at all in DS logs. Nothing is happening.