DirectSlave - solution to add and remove zones on slave without DirectAdmin

[Richard G]

Check the directslave error log.

I found recently after some OS or bind update that the /etc/named directory restored original permissions and owner from root.
So now I changed it and now use a self created /etc/namedb directory with correct owner and permission and things work again.

However, in your case it might be something else, so it's always best to check the logs at the directslave server to see why things went wrong.

 

[reonhoub2]

Of course. I also checked the log data on the Directslave server. There is no entry for deleting the domain. New zones can be added without any problems.

directadmin error log:

/var/log/directadmin/error.log:2025:12:15-19:05:01: Cluster ns1.mydomain.de: Error deleting remote dns zone (gwefibgw.de): No action taken
/var/log/directadmin/error.log:2025:12:15-19:05:02: Cluster ns2.mydomain.de: Error deleting remote dns zone (gwefibgw.de): No action taken

directslave access log:

2025/12/15 19:04:02 [xxx.xxx.xxx.xxx] "GET /CMD_API_DNS_ADMIN?action=exists&domain=gwefibgw.de HTTP/1.0"
2025/12/15 19:04:06 [xxx.xxx.xxx.xxx] "GET /CMD_API_DNS_ADMIN?action=exists&domain=gwefibgw.de HTTP/1.0"
2025/12/15 19:04:06 [xxx.xxx.xxx.xxx] "POST/CMD_API_DNS_ADMIN?action=rawsave&domain=gwefibgw.de&username=admin&hostname=mydomain.de HTTP/1.0"
2025/12/15 19:04:06 [xxx.xxx.xxx.xxx] "POST/CMD_API_DNS_ADMIN?action=rawsave&domain=gwefibgw.de&username=admin&hostname=mydomain.de HTTP/1.0"
2025/12/15 19:04:46 [xxx.xxx.xxx.xxx] "GET /CMD_API_DNS_ADMIN?action=exists&domain=gwefibgw.de HTTP/1.0"
2025/12/15 19:04:46 [xxx.xxx.xxx.xxx] "GET /CMD_API_DNS_ADMIN?action=exists&domain=gwefibgw.de HTTP/1.0"
2025/12/15 19:04:46 [xxx.xxx.xxx.xxx] "POST/CMD_API_DNS_ADMIN?action=rawsave&domain=gwefibgw.de&named_reload=yes&username=admin&hostname=mydomain.de HTTP/1.0"
2025/12/15 19:04:46 [xxx.xxx.xxx.xxx] "POST/CMD_API_DNS_ADMIN?action=rawsave&domain=gwefibgw.de&named_reload=yes&username=admin&hostname=mydomain.de HTTP/1.0"
2025/12/15 19:05:03 [xxx.xxx.xxx.xxx] "POST /CMD_API_DNS_ADMIN HTTP/1.0"

directslave action log:

2025/12/15 19:04:02 Authorization passed for myserver from xxx.xxx.xxx.xxx
2025/12/15 19:04:02 Checking gwefibgw.de from xxx.xxx.xxx.xxx
2025/12/15 19:04:02 Domain gwefibgw.de not exists
2025/12/15 19:04:06 Authorization passed for myserver from xxx.xxx.xxx.xxx
2025/12/15 19:04:06 Checking gwefibgw.de from xxx.xxx.xxx.xxx
2025/12/15 19:04:06 Domain gwefibgw.de not exists
2025/12/15 19:04:06 Authorization passed for myserver from xxx.xxx.xxx.xxx
2025/12/15 19:04:06 Domain gwefibgw.de added with primary xxx.xxx.xxx.xxx
2025/12/15 19:04:17 RNDC queue triggered with 1 events
2025/12/15 19:04:18 RNDC output: server reload successful
2025/12/15 19:04:46 Authorization passed for myserver from xxx.xxx.xxx.xxx
2025/12/15 19:04:46 Checking gwefibgw.de from xxx.xxx.xxx.xxx
2025/12/15 19:04:46 Domain gwefibgw.de exists on primary xxx.xxx.xxx.xxx
2025/12/15 19:04:46 Authorization passed for myserver from xxx.xxx.xxx.xxx
2025/12/15 19:04:46 Checking gwefibgw.de from xxx.xxx.xxx.xxx
2025/12/15 19:04:46 Domain gwefibgw.de exists on primary xxx.xxx.xxx.xxx
2025/12/15 19:04:46 Authorization passed for myserver from xxx.xxx.xxx.xxx
2025/12/15 19:04:46 Reloaded gwefibgw.de from master xxx.xxx.xxx.xxx
2025/12/15 19:04:48 RNDC queue triggered with 1 events
2025/12/15 19:04:49 RNDC output: server reload successful
2025/12/15 19:05:03 Authorization passed for myserver from xxx.xxx.xxx.xxx
2025/12/15 19:16:43 Authorization passed for myserver from xxx.xxx.xxx.xxx

No relevant entries in directslave error log.

I therefore assumed that it was a general problem. Does deleting still work for you with DA 1.690 and Directslave 3.4.3?

 

[Richard G]

Does deleting still work for you with DA 1.690 and Directslave 3.4.3?

Even worse.

I just tested for you and I got my testdomain in the directslave.inc file but the testdomain.nl.db file wasn't even created.
Also no error in the error log.

And I also found testdomains in the directslave.inc file which were created a couple of days ago when I changed the connection to SSL.

Looks indeed something in Directadmin 1.690 or 1.689 maybe changed which has influence on Directslave. Maybe @romans knows?

However it's still odd that DS does create the line in Directslave but then does not create the .db file. So I'm not sure if this is something of an OS update or DA update.
I'm running DS on Almalinux 8.10.

Edit: also in my case only an error notice in the directadmin error.log which oddly enough is in an already rotaded logfile:

2025:12:16-02:07:47: Cluster directslave.server.nl: Error deleting remote dns zone (eventesten.com): No action taken

Odd thing, this is the file:
error.log-20251214

Now logrotate it probably at 02.00 hours, but in the normal error.log file I see this:

2025:12:16-02:00:30: Socket::curl_request: curl returned code 6: curl: (6) Could not resolve host: (null)
2025:12:16-02:00:36: Socket::curl_request: curl returned code 6: curl: (6) Could not resolve host: (null)
2025:12:16-02:00:43: Socket::curl_request: curl returned code 6: curl: (6) Could not resolve host: (null)
2025:12:16-02:01:15: clean_dangerious_env_vars:Spam::saveSettings: cleared dangerous variable: SAFE_CODE=
2025:12:16-02:01:16: getHomeDir: username is empty!:

No clue what it means, but just strange that what happens at 02.07 hours is logged to an older already rotated logfile.

 

[romans]

Even worse.

I just tested for you and I got my testdomain in the directslave.inc file but the testdomain.nl.db file wasn't even created.
Also no error in the error log.

And I also found testdomains in the directslave.inc file which were created a couple of days ago when I changed the connection to SSL.

Looks indeed something in Directadmin 1.690 or 1.689 maybe changed which has influence on Directslave. Maybe @romans knows?

However it's still odd that DS does create the line in Directslave but then does not create the .db file. So I'm not sure if this is something of an OS update or DA update.
I'm running DS on Almalinux 8.10.

Edit: also in my case only an error notice in the directadmin error.log which oddly enough is in an already rotaded logfile:

2025:12:16-02:07:47: Cluster directslave.server.nl: Error deleting remote dns zone (eventesten.com): No action taken

Odd thing, this is the file:
error.log-20251214

Now logrotate it probably at 02.00 hours, but in the normal error.log file I see this:

2025:12:16-02:00:30: Socket::curl_request: curl returned code 6: curl: (6) Could not resolve host: (null)
2025:12:16-02:00:36: Socket::curl_request: curl returned code 6: curl: (6) Could not resolve host: (null)
2025:12:16-02:00:43: Socket::curl_request: curl returned code 6: curl: (6) Could not resolve host: (null)
2025:12:16-02:01:15: clean_dangerious_env_vars:Spam::saveSettings: cleared dangerous variable: SAFE_CODE=
2025:12:16-02:01:16: getHomeDir: username is empty!:

No clue what it means, but just strange that what happens at 02.07 hours is logged to an older already rotated logfile.

Could you confirm that it works fine if you downgrade your DA version to 1.689 (stable release) ?

 

[Richard G]

I would like to try if you have the command to downgrade safely to 1.689.

 

[Richard G]

@reonhoub2 do you have the dnssec-enable yes; option in any of your /etc/named.conf files?
Edit: Also check if you change records. On 1.689 creating and deleting works fine but changing records doesn't work.

 

[Richard G]

@DrWizzle Did you posted (and removed the post) that you experienced the same issues with DS and 1.690? If yes it's important to mention it.

 

[reonhoub2]

@reonhoub2 do you have the dnssec-enable yes; option in any of your /etc/named.conf files?
Edit: Also check if you change records. On 1.689 creating and deleting works fine but changing records doesn't work.

I just checked. On my DirectAdmin servers, the default setting is

dnssec-enable yes;

in named.conf. However, this is not the case on the DNS cluster servers (Directslave). We do not use dnssec in general.

 

[DrWizzle]

@DrWizzle Did you posted (and removed the post) that you experienced the same issues with DS and 1.690? If yes it's important to mention it.

Apologies Richard, yeah, I deleted it as i'm rewriting it.

In a nutshell I have DA on a VPS as a master, and also use DNS on one of my Dedis (With Ubuntu as that's my go to distro) , and a few VPS with Alma 9 and Directslave on.

Zone files are created fine on DA and echoed fine to DS at /etc/namedb/secondary/domain.com.db

Zone edits are sketchy, some apply, some don't (evidenced by mismatched SOA serials)

Domain deletes are OK on DA, they don't delete on DS so have to be manually deleted.

It was all fine a few versions ago as you all posted here.
Just for now, until a fix is sorted (and I fully appreciate the Dev is Ukrainian and the struggles they face at the moment) I'm reverting back to a few copied of DA Personal Plus as I'm awfully busy here at mo with business, and a sick wife and father. That way it should be a little more stable and i'll revert back after. I've taken snapshots of the servers and it's only cost ing 0.011c a GB per month so not that expensive!

Hope you guys sort it! I'm watching for the moment

[Quick edit] I'm using DA 1.690 I believe as it auto updates, forgot to mention that aboeve (Must sort that out)

 

[Richard G]

On my DirectAdmin servers, the default setting is

You can remove that line, it's obsolete. Seemed on my Directslave after removing that line, at least creating and deleting after this went fine in 1.689 (not 1.690)
Updating (even with the multi-server task.queue command) did not change anything in either version.

Domain deletes are OK on DA, they don't delete on DS so have to be manually deleted.

So the same issue we are also experiencing with 1.690. Same for updating records (soa serial and missing changed content is proof).
Thank you for confirming you also experiencing delete and change issues in 1.690 at least.

As you can see in 1.689 some things were better but not all, so the issue might have started even earlier but we can't go back that far.

Sorry to hear from your wife and father. I wish them all the best and hope they will get well soon. Take care!

Edit:
This is a debug line from my Directslave server. Maybe somebody sees something odd.

2025/12/16 18:55:07 DEBUG: &{Method:POST URL:/CMD_API_DNS_ADMIN?action=rawsave&domain=testdomain.nl&username=admin&hostname=my.directadmin.nl Pro
to:HTTP/1.0 ProtoMajor:1 ProtoMinor:0 Header:map[Authorization:[Basic d21wcjpLdExqTzR1MV8zdkd6] Content-Length:[1659] User-Agent:[DA-Socket-Class]] Bo
dy:0xc00014e380 GetBody:<nil> ContentLength:1659 TransferEncoding:[] Close:true Host:my.dsvps.nl Form:map[action:[rawsave] domain:[testdomain.nl]
 hostname:[my.directadmin.nl] username:[admin]] PostForm:map[] MultipartForm:<nil> Trailer:map[] RemoteAddr:88.99.62.187:35544 RequestURI:/CMD_API_
DNS_ADMIN?action=rawsave&domain=testdomain.nl&username=admin&hostname=my.directadmin.nl TLS:<nil> Cancel:<nil> Response:<nil> ctx:0xc0002fc8a0}

 

[DrWizzle]

Sorry to hear from your wife and father. I wish them all the best and hope they will get well soon. Take care!

Thank you Richard, That's very kind and appreciated.

 

[reonhoub2]

I received feedback from the Directslave developer by email today. It seems that the project will continue! That's good news.

On 12/17/25 06:04, Roman M wrote:
I have a bunch of reports like this.
It's a DA related issue, they may have changed or mispelled some API entry points, I am already investigating this.

 

[Richard G]

Yep he contacted me too looking for access to a server and a DS server. I'm afraid I can't give that because servers is not mine.
But since we discovered the issue we might be able to help him anyway.

 

[DrWizzle]

Yep he contacted me too looking for access to a server and a DS server. I'm afraid I can't give that because servers is not mine.
But since we discovered the issue we might be able to help him anyway.

Does he not have any servers? If the DA team are able to give me (or the dev) a free dev license (personal plus should do it) for a month, I'll spin up 2 servers for him to use and he can test to his hearts content for 30 days if that helps? Unfortunately, i'm unable to give him access to my DNS servers as they are production servers. I am however happy to give him 2 dev servers to help the cause

 

[roman_m]

Does he not have any servers? If the DA team are able to give me (or the dev) a free dev license (personal plus should do it) for a month, I'll spin up 2 servers for him to use and he can test to his hearts content for 30 days if that helps? Unfortunately, i'm unable to give him access to my DNS servers as they are production servers. I am however happy to give him 2 dev servers to help the cause

Hi!

When I started receiving reports about incompatibility with 1.69, I didn’t have an active Linux server for development and testing (only FreeBSD, where DA is frozen at 1.642 and works 100%). I’ve now launched a DO instance to test and adjust the DA / DS integration.

When the new version is released, you will receive a notification in the DS web interface. Please make sure you are currently running version 3.4.3.

 

[DrWizzle]

Hi!

When I started receiving reports about incompatibility with 1.69, I didn’t have an active Linux server for development and testing (only FreeBSD, where DA is frozen at 1.642 and works 100%). I’ve now launched a DO instance to test and adjust the DA / DS integration.

When the new version is released, you will receive a notification in the DS web interface. Please make sure you are currently running version 3.4.3.

Thank you so much. Your contribution to the DA community is a very valuable and appreciated offering.

I'll keep my eye out

 

[Richard G]

When the new version is released, you will receive a notification in the DS web interface.

Thank you very much. I wrote you a mail about the web interface.
Also yesterday I discovered an issue where I had change DS to another directory and restarted (both DS and named) but it still used the /etc/namedb/secondary directory.
Only after I added a trailing / after the new directory and restarted both again, it used the new directory. The example is without trailing slash.

And there is a little bug. When there is no directslave.inc file present, it will throw an error. So maybe you can create some "if not exists" line so a file like directslave.inc (or other file like setup in the .conf file) will be created if not present.
Just little improvement if possible.

 

[DrWizzle]

Hi!

Excuse the quote, I can't tag you for some reason. I would just like to ask, what your advice is on OS selection? Currently i'm using AlmaLinux 9 for my Directslave instances, Is that the recommended version, or would 8 or 10 be better?

 

[roman_m]

Excuse the quote, I can't tag you for some reason. I would just like to ask, what your advice is on OS selection? Currently i'm using AlmaLinux 9 for my Directslave instances, Is that the recommended version, or would 8 or 10 be better?

Linux has never been my primary platform. I chose a different path and have been using FreeBSD exclusively for all my tasks for about 25 years. For this reason, I’m not in a good position to recommend a specific Linux distribution.

DS is designed to work reliably regardless of the Linux distribution.

 

[DrWizzle]

Linux has never been my primary platform. I chose a different path and have been using FreeBSD exclusively for all my tasks for about 25 years. For this reason, I’m not in a good position to recommend a specific Linux distribution.

DS is designed to work reliably regardless of the Linux distribution.

Thank you Roman, I was never one to get on the FreeBSD wagon so don't know as much about it although I do have a copy of it running pfSense I need to sort when I get a few hours. My go to is the Debian / Ubuntu distros.