DirectSlave/GO 3 - public beta

Here is my ns2 named.conf
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local"; <---old file for zones - should i comment it out?
include "/etc/bind/named.conf.default-zones";
include "/etc/bind/directslave.inc"; <--- file for zones

named.conf.options:
acl trusted { 127.0.0.1; 46.xx.xx.xx; 172.xx.xx.xx; };
options {
directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

// forwarders {
// 0.0.0.0;
// };

//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;

auth-nxdomain no; # conform to RFC1035
listen-on-v6 { no; };
notify no;
also-notify { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };
allow-recursion { trusted; };
};

directslave.conf
background 1

host *

port 2222
sslport 2224

ssl off
ssl_cert /usr/local/directslave/ssl/fullchain.pem
ssl_key /usr/local/directslave/ssl/privkey.pem

cookie_sess_id DS_SESSID
cookie_auth_key Change_this_line_to_something_long_&_secure

debug 0
uid 53
gid 53

pid /usr/local/directslave/run/directslave.pid
access_log /usr/local/directslave/log/access.log
error_log /usr/local/directslave/log/error.log
action_log /usr/local/directslave/log/action.log

named_workdir /var/cache/bind
named_conf /etc/bind/directslave.inc
retry_time 1200
rndc_path /usr/sbin/rndc
named_format text

authfile /usr/local/directslave/etc/passwd
 
If the connection is working, but you're not getting any domains; have you told DA to start sending all the current domains?


If you need to transfer all of your zones from your current machine to the servers listed in your multi-server IP list, then you can type:
Code:
echo "action=rewrite&value=named" >> /usr/local/directadmin/data/task.queue

which will rewrite all local zone, thus triggering the transfer of them to the remote servers.
 
Or if you have a large number of domains, you could probably test it by adding a subdomain on a test account or something.
 
Still no go. I added manually zone to the zone file:
zone "pingu.ovh" {type slave; file "pingu.ovh.db"; masters {172.xx.xx.xx; }; };

and that transferred successfully, and only that - others are still getting not authoritative message .
DS still has no sign of working as nothing is logged in the log files of ds. Logs (syslog) for successfully transfered domain are:

Jul 31 15:27:02 ns2 named[9102]: client 172.xx.xx.xx#43582: received notify for zone 'pingu.ovh'
Jul 31 15:27:02 ns2 named[9102]: zone pingu.ovh/IN: notify from 172.xx.xx.xx#43582: serial 2020073100
Jul 31 15:27:02 ns2 named[9102]: client 172.xx.xx.xx#43582: received notify for zone 'pingutest.pl': not authoritative
Jul 31 15:27:02 ns2 named[9102]: client 172.xx.xx.xx#43582: received notify for zone 'presta.test': not authoritative
Jul 31 15:27:02 ns2 named[9102]: zone pingu.ovh/IN: Transfer started.
Jul 31 15:27:02 ns2 named[9102]: transfer of 'pingu.ovh/IN' from 172.xx.xx.xx#53: connected using 172.xx.xx.xx#48175
Jul 31 15:27:02 ns2 named[9102]: zone pingu.ovh/IN: transferred serial 2020073100
Jul 31 15:27:02 ns2 named[9102]: transfer of 'pingu.ovh/IN' from 172.xx.xx.xx#53: Transfer status: success
Jul 31 15:27:02 ns2 named[9102]: transfer of 'pingu.ovh/IN' from 172.xx.xx.xx#53: Transfer completed: 1 messages, 14 records, 383 bytes, 0.001 secs (383000 bytes/sec)

so that is working but only when added manually.
 
What do you mean no reaction?
Did you add a new domain to see if it gets added?
Already existing domains are not sent across unless you use a command from SSH, so to test you need to create a new test domain (even an invalid one as test.com) and see if the slaves.conf file get populated

If that happen, then you can see if the .db file gets created, if that doesn't happen you are missing configuration on named.

So, let's check one thing at time:
1 - DS is running, great! - If not, DS issue.
2 - DA can add the multi-server and communicate with it? - If not, DS issue or network (firewall for instance)
3 - Adding a domain does add the line in slaves.conf on the nameserver? - If not, DS issue, but if #2 worked this should work too, or file permission
4 - An newrly added domain get it's own zone file (.db) on the nameserver? - If not, named config (either receiver or sender config).

Hope this helps
 
By no reaction i meant nothing was happening after adding new domain in DA- no new entries in ds logs, no new entries for zones (slaves.conf) and no db files.
1. Yup it's runnig
2. Yup
3. Nope
4. Nope
I was observing connections via netstat - after adding new domain there is a connection from DA server with directslave client - but nothing is happenning.

After disabling DS - and adding manually zone to the conf file - re-adding domain in DA - transfer of the zone is OK - logs and conf files posted earlier.
 
Only info about starting and stopping DS - action.log is empty.

Not sure if you're still looking for an answer, but do the directory and file you specified in directslave.conf under 'named_workdir' and 'named_conf' have bind:bind permissions? I had a similar problem and that was the issue for me. I did receive an error about this in the directslave error log though.
 
Yes it had bind:bind permissions. I Stopped playing with directslave and managed to fix my problems with bash script running every 5 minutes with cron.
 
Is it posible that my cpanel servers write zones to direct slave?
No it’s not a native feature. It works with DA masters with multi server logic. It wasn’t invented for cPanel.

for cPanel you all have DNS only or PowerDNS clustering.
 
When I look up my DNS servers at mxtoolbox I always get this error message for the directslave server: "At least one name server failed to respond in a timely manner"

It appears to work fine and zones get synced with no issue.

Is this normal?
 
Did you set up BIND on the Directslave?
Did you add all the needed A and NS records on the master for the Slave?
Did you open tcp and udp 53 on the slave firewall if there is one?
Code:
dig NS yourdomain.com
Do you see it here?
 
Did you set up BIND on the Directslave?
Did you add all the needed A and NS records on the master for the Slave?
Did you open tcp and udp 53 on the slave firewall if there is one?
Code:
dig NS yourdomain.com
Do you see it here?
Bind is running, yes.
I even disabled firewall just for testing, so that shouldn't be an issue.

In dig, it shows up in the answer section.
 
Bind is running, yes.
Did you go in and configure it?

The script I wrote hasn't been updated ina bit and is crude. It did work you might check out some of these posts around here

 
Hi, DS users,

DirectSlave updated to 3.4.1.

+ Fixed memory leaks in session storage & HTTPS requests which cause OOM killer events on Linux
+ Reduce disk operations on reading/writing zones conf file
+ Minor fixes

Warning: Debug version with pprof debugger enabled.

· pprof debugger is listening on http://127.0.0.1:2223/

If you aquire high memory usage (>50Mb) of directslave binary throug the time, please do
curl http://127.0.0.1:2223/debug/pprof/heap > heap.dump
and send me a heap.dump file to [email protected].

Feel free to update now.

https://directslave.com/download/directslave-3.4.1-advanced-all.tar.gz
MD5: 83889f5b6464ba18ef73f8243d641ab8
 
Guys, I'm in a bad situation(

Today I was robbed by a taxi guy - he stole all my cash (near 2,5k E) and all my of bank cards, leaving my family total out of income((

If you dear, please, support us on paypal - [email protected].

Thank you for supporting me in a bad time, I will take my best to produce more good and useful soft for you.
 
Last edited by a moderator:
Back
Top