DirectSlave - solution to add and remove zones on slave without DirectAdmin

I'm sorry, did not find a pro on master2slave except for the fact that it's fairly easy to setup, but you have to run part as root.
Directslave is also easy to setup and also works with DA's multi server setup which is a great benefit imho.

But isn't the "drop support" question more something which should be asked in the master2slave thread? Because I presume most users of master2slave would visit that thread rather than this Directslave one.;)
 
Hi Richard,

i presum that Jeff's post was more about asking pro/con of DirectSlave vs Master2Slave instead of a official comunication of dropping support on his product ;)

Regards
 
I have tried both Master2Slave and DirectSlave:
Master2Slave:
Pros:
It can be installed on a small vps.
Cons:
the named.conf is not secured:
http://<masterip>/namedftp/<masterip>.named.conf
and even though you can password protect the namedftp folder, I still dont feel comfortabble and that's the main reason why I switch to DirectSlave

DirectSlave:
Cons:
it will be hard to install the perl modules on a small vps. I have tried this on a 128mb (256mb burst) vps and I couldn't install those modules as there are insufficient ram. Had to install it on my 2gb vps.
Pros:
It works much better than Master2Slave.

both are not easy to install IMO. With Master2Slave the readme is outdated. Had some permission error and had to read thru the whole thread to figure out how to fix them. For some reason the author didn't update the readme properly.

I also found that the DirectSlave readme is a bit confusing. But with Richard's help I can installed it on my vps. Still using it right now :)
 
Hi Sellerone:

Well... he said it like this:
I'm seriously considering dropping support for my Master2Slave DNS Replicator
Click to expand...
So you could be right, but this gave me the impression.:)

That's why I gave the pro of Master2slave is that you can also use it on non-DA servers. The readme is indeed outdated.
 
You're correct, Andrea.

When I had Master2Slave DNS Replicator written, I did so not only to use it with my own DirectAdmin Servers, but also to offer it as a service. Now I have only two clients using it as a service, so it's no longer important to me. Others either set up DirectAdmin Multi-Server Option themselves, or else use only their one server.

The other advantage to me was that I didn't need a larger VPS, with a DirectAdmin license, for each of multiple remote nameservers. But with DirectSlave I need neither the license nor a VPS specified with enough resources to run DirectAdmin. So I'm considering simplifying how I do DNS for me and for my two clients (who both use DirectAdmin so will be able to use Multi-Server Option with my copy of DirectSlave).

Jeff
 
I see Jeff,

as i menthioned before, my only problem is the missing of feature for multiple logins, so, for me as for you, may be risky to give all customers same credentials for dns replications, so, once a customer decide to dont use your replications as service anymore, than, you will need to change password and change it to all you customers.

That's the only problem i see with it, nothing more.

Regards
 
I, too, would prefer multiple logins, but I believe I can manage access using my firewall. I believe I can set up to only allow access from IP#s (machines) I've specifically allowed to use my service. I can do this because my slave servers only run DNS and nothing else.

Have you tried this?

Jeff
 
It would also be nice not having to run part of it as root or at least not place the slave files in a public_html folder.
Maybe something can be done with sftp or something.

But I'm still wondering why this isn't discussed in the master2slave thread when you want to make master2slave better?
It hasn't anything to do with Directslave, does it? Only comparison, but no Directslsave related problems or questions.
 
Last edited:
I could be wrong but the last few post definitely were about DirectSlave. We now have a solution to manage customer access, through firewalls. Still multiple users would be preferred (feature request).
 
Well Arieh. Directslave is already multi user.
And multiple logins are already possible with DS, so imho you are indeed mistaken or I'm getting very confused.

We now have a solution to manage customer access, through firewalls.
Click to expand...
How would you do that on the DA server side?

Still multiple users would be preferred (feature request).
Click to expand...
Is already possible on the slave side with DS. Multi-server setup is a DA function which was always intended to be admin only and you can setup multiple connections with DS.

So as I said, I'm really getting confused about what you're all talking about then if it's about DS.
 
Last edited:
I'm not currently using DirectSlave, but in the OP it says " - still no multiuser access". Yes you can use multiple boxes, but they all use the same slave credentials.

As I understand it, the issue is that if you give other people access to your slave, they will all have the same user/password. But if you limit this through a firewall, it isn't really a problem.

The firewall in this setup would be on the slave side, deciding whether to allow access through 2222 or not, so in case a customer leaves, you remove his IP address.
 
Thank you for explaining, you're indeed correct.
I was mixing up the configs. Master2slave you can use more users, DS on the slave side, you can't, at least not with different user and/or passwords.

But I still have my doubts about the firewall solution then. Indeed when a users leaves, you can remove his ip from the firewall.
But he still has your main admin password. So it would be wise then (not sure if you can do this with Multiserver setup) to use a username and pass which has nothing to do with any login stuff on the DA server.
This way the password can't be abused either.

+1 for the multi user feature for Directslave!
 
Note I was writing about DirectSlave; I'm sorry for any confusion. Master2Slave DNS Replicator doesn't use passwords at all on the master or slave side (except by the owner for administration); that's why the master side puts the list of domains under the html root directory. Once the master lists are merged and purged of duplicates, the rest happens through standard DNS protocol.

Note I've not yet even tried DirectSlave, I'm not familiar with the details. But because my slaves only run DNS and nothing else I can use my firewall to exclude everything, and allow only my administraton IP#s and the IP#s of the specific servers using the service.

What I'm not sure of is how much access the admin user requires on a server running only DirectSlave. If anyone has experience with this, I'd like to know.

Thanks.

Jeff
 
What I'm not sure of is how much access the admin user requires on a server running only DirectSlave. If anyone has experience with this, I'd like to know.
Click to expand...
I'm using Directslave, but I'm not sure if I understand your question correctly.
Directslave on client side (slave server) runs under the user "named" or maybe "bind" on Debian.

So normaly an admin has no business on the slave. Once DS is running, it only makes changes when on the main server with DA running on it, a change in DNS is made.
Then automatically the changes made are also made on the slave server (only running DS).
Admin does not need to be present or do anything anymore for this to happen.
But as I said... I might have misunderstood your question.
 
Hi Jeff,

what do you mean for "how much access the admin user require on a server running only DirectSlave"?

On DirectAdmin side you will just sed Multi-Server Setup to on with IP/User/Pass of the remote DirectSlave server (configurable in DirectSlave in a config file).

Regards
 
Last edited:
Reply to both of you...

By default, DirectAdmin asks to use admin so I'm thinking I'd set up an admin user on my DNS servers (probably not as admin but as admin2 or something else.

What I don't know is how to set it up on DirectSlave but per SeLLeRoNe's reply, it seems pretty simple.

Will this and my idea about using the firewall give me adequate protection?

Must the admin user have shell access? If not, then what will a malicious user be able to do if s/he has bought my service and has the username/password?

Thanks.

Jeff
 
What I don't know is how to set it up on DirectSlave but per SeLLeRoNe's reply, it seems pretty simple.
Click to expand...
Yes it is. It's just a little configuration file. You put the username in there. Then with a little commmandline tool you can encrypt the password. That encrypted password goes into that configuration file.
So if the slave would be compromised and somebody would get root acces, he only would have the encrypted pass.

Only root needs shell access to setup DS. Once setup, you normally don't need to access it anymore. Unless for updates.
 
Hi Jeff,

as Righard pointed out you will be able to call the user as you prefer.

DirectSlave will listen on a defined port and so the firewall can just close that port with exception for defined ip, that's will work for sure.

Also, if a customer using your service try to use those access on DirectSlave port will be just able to send command as DA does for add/edit dns.

Also, the user you choose for DirectSlave (in his config file) is not a shell user or system user, so, you'll not need to worry about it.

Regards
 
Thanks, Andrea. It appears I can safely move from to DirectSlave. So I'll announce end of support for Master2Slave DNS Replicator soon, and do my own conversion soon after the next version of SpamBlocker is out. (It's been a while, and that should come next.)

Jeff
 
You must log in or register to reply here.
Back
Top