DirectSlave/GO 3 - public beta

kamolot

Verified User
Joined
Jul 29, 2020
Messages
9
Location
Poland
Here is my ns2 named.conf
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local"; <---old file for zones - should i comment it out?
include "/etc/bind/named.conf.default-zones";
include "/etc/bind/directslave.inc"; <--- file for zones

named.conf.options:
acl trusted { 127.0.0.1; 46.xx.xx.xx; 172.xx.xx.xx; };
options {
directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

// forwarders {
// 0.0.0.0;
// };

//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;

auth-nxdomain no; # conform to RFC1035
listen-on-v6 { no; };
notify no;
also-notify { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };
allow-recursion { trusted; };
};

directslave.conf
background 1

host *

port 2222
sslport 2224

ssl off
ssl_cert /usr/local/directslave/ssl/fullchain.pem
ssl_key /usr/local/directslave/ssl/privkey.pem

cookie_sess_id DS_SESSID
cookie_auth_key Change_this_line_to_something_long_&_secure

debug 0
uid 53
gid 53

pid /usr/local/directslave/run/directslave.pid
access_log /usr/local/directslave/log/access.log
error_log /usr/local/directslave/log/error.log
action_log /usr/local/directslave/log/action.log

named_workdir /var/cache/bind
named_conf /etc/bind/directslave.inc
retry_time 1200
rndc_path /usr/sbin/rndc
named_format text

authfile /usr/local/directslave/etc/passwd
 

Arieh

Verified User
Joined
May 27, 2008
Messages
1,252
Location
The Netherlands
If the connection is working, but you're not getting any domains; have you told DA to start sending all the current domains?


If you need to transfer all of your zones from your current machine to the servers listed in your multi-server IP list, then you can type:
Code:
echo "action=rewrite&value=named" >> /usr/local/directadmin/data/task.queue

which will rewrite all local zone, thus triggering the transfer of them to the remote servers.
 

Arieh

Verified User
Joined
May 27, 2008
Messages
1,252
Location
The Netherlands
Or if you have a large number of domains, you could probably test it by adding a subdomain on a test account or something.
 

kamolot

Verified User
Joined
Jul 29, 2020
Messages
9
Location
Poland
Still no go. I added manually zone to the zone file:
zone "pingu.ovh" {type slave; file "pingu.ovh.db"; masters {172.xx.xx.xx; }; };

and that transferred successfully, and only that - others are still getting not authoritative message .
DS still has no sign of working as nothing is logged in the log files of ds. Logs (syslog) for successfully transfered domain are:

Jul 31 15:27:02 ns2 named[9102]: client 172.xx.xx.xx#43582: received notify for zone 'pingu.ovh'
Jul 31 15:27:02 ns2 named[9102]: zone pingu.ovh/IN: notify from 172.xx.xx.xx#43582: serial 2020073100
Jul 31 15:27:02 ns2 named[9102]: client 172.xx.xx.xx#43582: received notify for zone 'pingutest.pl': not authoritative
Jul 31 15:27:02 ns2 named[9102]: client 172.xx.xx.xx#43582: received notify for zone 'presta.test': not authoritative
Jul 31 15:27:02 ns2 named[9102]: zone pingu.ovh/IN: Transfer started.
Jul 31 15:27:02 ns2 named[9102]: transfer of 'pingu.ovh/IN' from 172.xx.xx.xx#53: connected using 172.xx.xx.xx#48175
Jul 31 15:27:02 ns2 named[9102]: zone pingu.ovh/IN: transferred serial 2020073100
Jul 31 15:27:02 ns2 named[9102]: transfer of 'pingu.ovh/IN' from 172.xx.xx.xx#53: Transfer status: success
Jul 31 15:27:02 ns2 named[9102]: transfer of 'pingu.ovh/IN' from 172.xx.xx.xx#53: Transfer completed: 1 messages, 14 records, 383 bytes, 0.001 secs (383000 bytes/sec)

so that is working but only when added manually.
 

SeLLeRoNe

Super Moderator
Joined
Oct 9, 2004
Messages
6,800
Location
A Coruña, Spain
What do you mean no reaction?
Did you add a new domain to see if it gets added?
Already existing domains are not sent across unless you use a command from SSH, so to test you need to create a new test domain (even an invalid one as test.com) and see if the slaves.conf file get populated

If that happen, then you can see if the .db file gets created, if that doesn't happen you are missing configuration on named.

So, let's check one thing at time:
1 - DS is running, great! - If not, DS issue.
2 - DA can add the multi-server and communicate with it? - If not, DS issue or network (firewall for instance)
3 - Adding a domain does add the line in slaves.conf on the nameserver? - If not, DS issue, but if #2 worked this should work too, or file permission
4 - An newrly added domain get it's own zone file (.db) on the nameserver? - If not, named config (either receiver or sender config).

Hope this helps
 

kamolot

Verified User
Joined
Jul 29, 2020
Messages
9
Location
Poland
By no reaction i meant nothing was happening after adding new domain in DA- no new entries in ds logs, no new entries for zones (slaves.conf) and no db files.
1. Yup it's runnig
2. Yup
3. Nope
4. Nope
I was observing connections via netstat - after adding new domain there is a connection from DA server with directslave client - but nothing is happenning.

After disabling DS - and adding manually zone to the conf file - re-adding domain in DA - transfer of the zone is OK - logs and conf files posted earlier.
 

wtptrs

Verified User
Joined
Jul 13, 2015
Messages
101
Only info about starting and stopping DS - action.log is empty.

Not sure if you're still looking for an answer, but do the directory and file you specified in directslave.conf under 'named_workdir' and 'named_conf' have bind:bind permissions? I had a similar problem and that was the issue for me. I did receive an error about this in the directslave error log though.
 

kamolot

Verified User
Joined
Jul 29, 2020
Messages
9
Location
Poland
Yes it had bind:bind permissions. I Stopped playing with directslave and managed to fix my problems with bash script running every 5 minutes with cron.
 
Top