DirectSlave - solution to add and remove zones on slave without DirectAdmin

hi roman,

thanks for the patch and that didn't work neither same error same line. What version of perl is this written for. Maybe I can install the version of perl this is confirmed to work on.

Edit: Didnt take out first line. silly me. Okay no error now. Just need to work these permissions.
 
Last edited:
does the rndc.key need to be in /etc/named.conf, cause when I reload rndc I get an error rndc: connect failed: 127.0.0.1#953: connection refused (centos 6.3)

Solution FIXED:

Code: 
hwclock --systohc

date was wrong.
 
Last edited:
also everything went fine with --check got OK to everything. so I moved onto --debug throws an error, Im thinking it has to do with rndc cant connect that's my previous post.
Code: 
[root@slave etc]# /usr/local/directslave/bin/directslave --debug
Config: $VAR1 = {
          'port' => '2222',
          'ssl' => 'off',
          'access_log' => '/usr/local/directslave/log/access.log',
          'ssl_cert' => '/usr/local/directslave/ssl/server.crt',
          'named_workdir' => '/etc/secondary',
          'authfile' => '/usr/local/directslave/etc/passwd',
          'retry_time' => '1200',
          'named_conf' => '/etc/secondary/named.conf',
          'error_log' => '/usr/local/directslave/log/error.log',
          'ssl_key' => '/usr/local/directslave/ssl/server.key',
          'server_type' => 'HTTP',
          'debug' => 1,
          'sslport' => '2224',
          'rndc_path' => '/usr/sbin/rndc',
          'allow' => '162.220.100.105/32',
          'action_log' => '/usr/local/directslave/log/action.log',
          'background' => 0,
          'pid' => '/usr/local/directslave/run/directslave.pid',
          'gid' => 'named',
          'uid' => 'named',
          'host' => '162.220.100.104'
        };
Listen ports: $VAR1 = [
          '2222'
        ];
Couldn't find pid in existing pid_file at /usr/lib/perl5/site_perl/5.18.1/Net/Server/Daemonize.pm line 48.
2013/11/21-00:45:59 Couldn't find pid in existing pid_file at /usr/lib/perl5/site_perl/5.18.1/Net/Server/Daemonize.pm line 48.

  at line 145 in file /usr/lib/perl5/site_perl/5.18.1/Net/Server.pm
2013/11/21-00:45:59 Server closing!

Otherwise I'm 90% with directslave working.

NOTES: still have error, and
empty pid: /usr/local/directslave/run/directslave.pid
 
Last edited:
Can someone check I have all the right permissions:

Code: 
[root@slave directslave]# ls -la /usr/local/directslave/*
-rw-r--r-- 1 named named 8970 Aug 27 13:33 /usr/local/directslave/README
-rw-r--r-- 1 named named 1096 Aug 27 13:36 /usr/local/directslave/UPDATING

/usr/local/directslave/bin:

drwxr-xr-x 2 named named 4096 Nov 20 23:08 .
drwxr-xr-x 8 named named 4096 Aug 27 13:36 ..
-rwxr-xr-x 1 named named 8972 Aug 27 13:24 directslave
-rwxr-xr-x 1 named named 1306 Aug 23 10:07 pass

/usr/local/directslave/etc:

drwxr-xr-x 3 named named 4096 Nov 21 04:01 .
drwxr-xr-x 8 named named 4096 Aug 27 13:36 ..
-rw-r----- 1 named named  595 Nov 21 00:23 directslave.conf
-rw-r----- 1 named named  187 Nov 21 04:01 passwd
drwxr-xr-x 2 named named 4096 Nov 20 23:08 rc.d

/usr/local/directslave/lib:

drwxr-xr-x 2 named named   4096 Nov 20 23:08 .
drwxr-xr-x 8 named named   4096 Aug 27 13:36 ..
-r--r--r-- 1 named named 261558 Nov 20 23:45 DSGI.pm

/usr/local/directslave/log:
total 8
drwxr-xr-x 2 named named 4096 Nov 20 23:08 .
drwxr-xr-x 8 named named 4096 Aug 27 13:36 ..
-rw-r--r-- 1 named named    0 Aug 27 12:46 access.log
-rw-r--r-- 1 named named    0 Aug 27 12:46 action.log
-rw-r--r-- 1 named named    0 Aug 27 12:46 error.log

/usr/local/directslave/run:

drwxr-xr-x 2 named named 4096 Nov 21 04:01 .
drwxr-xr-x 8 named named 4096 Aug 27 13:36 ..
-rw-r--r-- 1 named root     0 Nov 21 04:01 directslave.pid

/usr/local/directslave/ssl:

drwxr-xr-x 2 named named 4096 Aug 27 12:53 .
drwxr-xr-x 8 named named 4096 Aug 27 13:36 ..
 
okay thanks sellerone appreciate it, even regenerating the directslave.pid file defaults to named:root, unfortunately didn't make any difference still getting Daemonize.pm error and never starts, directslave.pid is empty.
 
Yes,
Code: 
drwxr-xr-x  8 named named  4096 Aug 27 13:36 directslave

In directslave.conf
uid: named
gid: named

Still the directslave.pid is empty & logs error on --debug then closes no how many I remove and reload it.

Code: 
Couldn't find pid in existing pid_file at /usr/lib/perl5/site_perl/5.18.1/Net/Server/Daemonize.pm line 48.

Installed: perl v5.18.1 with these modules
POSIX v(1.32) bundled
FindBin v(1.51) bundled
CGI v(3.63) bundled
Crypt::PasswdMD5 v(1.40) CPAN
Digest::MD5 v(2.53) CPAN
Config::Auto v(0.42) CPAN
MIME::Base64 v(3.14) CPAN
Net::Server (2.007) CPAN
Net::CIDR v(0.17) CPAN

The script isnt generating the pid for the pid file directslave.pid
 
okay tried that, both ways, chown all changed in DS conf. Same error, no pid in pid_file.
The odd part is after removing the directslave.pid file and running --check again pid file is generated & is empty, though ownership is defaulted to named:root even though in DS conf specifically states root:named or the prior named:named, access.log, action.log, error.log are always empty.

What OS version & Perl version did you get this running, or is recommended to work 100%, cause it wont work on the versions I'm running that's for sure.
 
Okay so I gave up on centos, I did however get this running on this configuration with a minor permission error that I cant figure out the permission is denied.
Directslave v1.3
OS: Ubuntu 12.04.3 (3.8.0-29-generic #42~precise1-Ubuntu)
Perl: v5.14.2

When I add
Code: 
include "/etc/slave/named.conf"
in /etc/bind/named.conf bind restart fails.

I checked /var/log/syslog

This is the error.
Code: 
Nov 25 05:54:22 slave named[5974]: starting BIND 9.8.1-P1 -u bind
Nov 25 05:54:22 slave named[5974]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '-$
Nov 25 05:54:22 slave named[5974]: adjusted limit on open files from 4096 to 1048576
Nov 25 05:54:22 slave named[5974]: found 1 CPU, using 1 worker thread
Nov 25 05:54:22 slave named[5974]: using up to 4096 sockets
Nov 25 05:54:22 slave named[5974]: loading configuration from '/etc/bind/named.conf'
Nov 25 05:54:22 slave named[5974]: /etc/bind/named.conf:12: open: /etc/slave/named.conf: permission denied
Nov 25 05:54:22 slave named[5974]: loading configuration: permission denied
Nov 25 05:54:22 slave named[5974]: exiting (due to fatal error)

/etc/slave* Permissions is root:bind , 644 (folder and conf file).
all the folders and files in /usr/local/directslave are also chown root:bind
Directslave works, DA connects, slave receives zone from master, but as soon as I add the include bind fails on restart with permission denied.

Any ideas, I figured if /etc/bind/named.conf has permissions root:bind then whats the problem opening /etc/slave/named.conf, the permission is root:bind checked it twice. I did try chown /etc/slave/named.conf bind:bind. bind:root still fail.

What am I doing wrong.
 
I would not use /etc as path.

I usually put slaves in /var/named/slaves that should be a better place to have "all togheter".. is a designed path.. so use it cause i suppose your problem is more related on the use of /etc

Regards
 
I gave it a go.
changed named_workdir /var/named/slaves
changed named_conf /var/named/slaves/named.conf

chown -R root:bind /var/named
chmod -R 775 /var/named

made sure after check /var/named/slaves/named.conf was root:bind & 775 permission. OK

start bind, OK
--check OK, looks like it mightwork.... lets go live with include file.

Kill directslave, added include "/var/named/slaves/named.conf"; to /etc/bind/named.conf.

restart bind9
Code: 
root@slave:/etc/bind# /etc/init.d/bind9 restart
 * Stopping domain name service...bind9
rndc: connect failed: 127.0.0.1#953: connection refused                                  [ OK ]
 * Starting domain name service...bind9                                                         [fail]

Nuts...

Besides if I don't include /var/named/slaves/named.conf inside /etc/bind/named.conf the domain.com.db isn't copied over to the slave server anyway only the line in /var/named/slaves/named.conf exists as below,
Code: 
zone "domain.com" { type slave; file "/var/named/slaves/domain.com.db"; masters { 162.112.100.101; }; max-retry-time 1200; min-retry-time 1200; };
if I change from slave to master in directslave.conf the domain.com.db its copied over, is that normal?
I was under the assumption that the .com.db would appear in /var/named/slaves dir when in slave mode.
 
I do remember something about the master/slave configuration for directslave but i also remember that with the latest version this thing was removed.. did i miss something?

Btw, i do use it as master... but.. i dont get why you got error once you load those files...

Regards
 
I managed to stop the error rndc error for now.
I did try at first regeneration of the rndc.key
Code: 
rndc-confgen
though that didn't make a difference at least I got a new fresh shiny key,
so I looked closer at /var/log/syslog I did notice AppArmor DENIED the include so I stopped AppArmor with teardown
Code: 
sudo /etc/init.d/apparmor stop
sudo /etc/init.d/apparmor teardown

uncommented the line previously added
include "/var/named/slaves/named.conf"
in /etc/bind/named.conf.local

Next, Reload bind9 and she started. Well well.
Checked /var/named/slaves directory and the test .com.db are present, named.conf has the zone input as it should.

I dont know much about apparmor and what security problems I might face disabling it for the dns slave only server though it did allow bind to be reloaded with out the pesky error, and all zones are present on the slave now.
 
In case anyone is interested. My company contacted Roman a while back to ask if we could work together to implement some features to allow DirectSlave to work with PowerDNS.
However, he didn't reply to my mail.

Due to the fact we are going live with this soon, I completed a merge (still untested) and have opensourced it.
If you're interested, it's freely available on Bitbucket: https://bitbucket.org/sebastianberm/directslave-pdns

We will probably expand this to also support DNSSEC keysigning and go live with it before the end of the year.
Is there anyone interested in such a fork?
 
Hi Everyone,

Roman thank you for your contribution! now i have an error, its not starting. Any ideas anyone? Perl issue?

/usr/local/directslave/bin/directslave --debug
Config: $VAR1 = {
'rndc_path' => '/usr/sbin/rndc',
'retry_time' => '1200',
'ssl_cert' => '/usr/local/directslave/ssl/server.crt',
'named_conf' => '/etc/namedb/directslave.conf',
'pid' => '/usr/local/directslave/run/directslave.pid',
'ssl_key' => '/usr/local/directslave/ssl/server.key',
'debug' => 1,
'authfile' => '/usr/local/directslave/etc/passwd',
'action_log' => '/usr/local/directslave/log/action.log',
'server_type' => 'HTTP',
'error_log' => '/usr/local/directslave/log/error.log',
'uid' => 'named',
'ssl' => 'on',
'access_log' => '/usr/local/directslave/log/access.log',
'background' => 0,
'port' => '2222',
'host' => '0.0.1.144',
'sslport' => '2224',
'named_workdir' => '/etc/namedb/secondary',
'allow' => '0.0.0.0/0',
'gid' => 'named'
};
Listen ports: $VAR1 = [
'2222',
'2224/ssl'
];
Recursive inheritance detected in package 'Net::Server::HTTP' at /usr/share/perl5/vendor_perl/Net/Server/MultiType.pm line 72.
Recursive inheritance detected in package 'Net::Server::HTTP' at /usr/share/perl5/vendor_perl/Net/Server/MultiType.pm line 72.
Click to expand...
 
Last edited:
You must log in or register to reply here.
Back
Top