I just got done setting up a backup DNS server for a DirectAdmin customer and wanted to share with others as I think this is useful in many situations
Background
I was setting up a single DirectAdmin web hosting server for a customer. I wanted them to be able to use DirectAdmin for DNS control and automation but also have the redundancy of an off-site DNS server.
Method
I read the "What options do I have for setting up an external dns server" article in the knowledgebase (link) but wasn't happy with any of those options
- to me it seems easier to make use of DNS zone transfers built into bind, since dns inherently is made to work on multiple servers. The cluster tool in DA would probably work well but I didn't see the value in setting up another DA server just for doing DNS.
So, my method is to:
How to set it up
For the sake of example, 192.168.1.1 is the IP of the DA server and 10.1.1.1 is the IP of the external dns server
Step 1: Configure named.conf on DA server
Modify your options section to look like this:
Remove all of the junk/useless zones from your named.conf file such as localhost, localdomain, 0.0.127, etc. I left the root hits zone ( zone "." ) and of course the real zones we have setup in DA
Confirm that your /etc/named.conf file is world-readable (mine was already 644).
Restart named
Step 2: Setup SSH key logins
We must setup ssh key-based logins between DA server and EXTDNS server
Select a user account on DA server, mine is user "admin"
Of course, the keys should not require a passphrase since this will all be automated. Setting up the key-based login is out of the scope of this post but if you google for "ssh key login" you can find plenty of guides.
Confirm that you can ssh in both directions listed above without entering a password/passphrase
Step 3: Setup checker script on DA server
put the script check-namedconf.php in /root/bin directory
Run this command to seed the /etc/named.conf.time file:
Step 4: Configure named.conf on EXTDNS server
Modify your options section to look like this:
Again remove the junk zones in /etc/named.conf that are unneeded
Make sure you have a "slaves" directory in your named root directory (my named root is /var/named) and that the "slaves" directory is writable by named (i.e. chown named /var/named/slaves)
Add this line to the bottom of your /etc/named.conf
Restart named
Make sure rndc works, i.e. rndc status
Step 5: Add sync-zones.sh script on EXTDNS
Place the sync-zones.sh script in /root/bin on EXTDNS
Modify the script appropriately for your usernames/IPs
Chmod the script to 700
Test the script out - you should be able to run it and not see errors
Step 6: Test script from DA server
Now on the DA server you should be able to run this:
this should initiate the sync-zones.sh script on EXTDNS server. If you run it again, nothing should happen because it sees your named.conf file hasn't been updated. You can make an edit to the comments in your /etc/named.conf file and then it should run again when you execute it. It only runs sync-zones.sh on EXTDNS when the local named.conf file has been modified
Step 7: add to cron
If you got past step 6 with no errors, then add this to root's cron on DA server to check named.conf every 5 minutes
Note: When you modify a DNS zone in DA, it will take up to 1 minute until the change is seen on EXTDNS. This is because DA doesn't tell named to reload zones instantly, it happens through the system queue.
Note 2: In order for BIND on DA server to notify the EXTDNS server, the zone must have a NS record in it indicating that EXTDNS is a nameserver for that domain. example in a dns zone:
ns1.myhosting.com resolves to 192.168.1.1 (DA server)
ns2.myhosting.com resolves to 10.1.1.1 (EXTDNS server)
Let me know what you think. The scripts are in the attached zip file. Make sure you modify them with your usernames/IPs. Although most of what I do is FreeBSD in this example I am working with Linux systems. Your paths may be different.
Background
I was setting up a single DirectAdmin web hosting server for a customer. I wanted them to be able to use DirectAdmin for DNS control and automation but also have the redundancy of an off-site DNS server.
Method
I read the "What options do I have for setting up an external dns server" article in the knowledgebase (link) but wasn't happy with any of those options
- to me it seems easier to make use of DNS zone transfers built into bind, since dns inherently is made to work on multiple servers. The cluster tool in DA would probably work well but I didn't see the value in setting up another DA server just for doing DNS.So, my method is to:
- Authorize zone transfers on DA to external dns box
- configure external dns box as dns slave for all zones on DA
- When a new zone is added on DA, it must be added to named.conf on external dns
- when a zone is modified on DA, the change will automatically be pushed to external dns by use of DNS notifications from BIND on DA server
- external dns box is a small cheap VPS in another datacenter
How to set it up
For the sake of example, 192.168.1.1 is the IP of the DA server and 10.1.1.1 is the IP of the external dns server
Step 1: Configure named.conf on DA server
Modify your options section to look like this:
Code:
options {
directory "/var/named";
recursion no;
allow-transfer {
127.0.0.1;
10.1.1.1; // allow transfers to our external dns server
};
notify yes;
};Remove all of the junk/useless zones from your named.conf file such as localhost, localdomain, 0.0.127, etc. I left the root hits zone ( zone "." ) and of course the real zones we have setup in DA
Confirm that your /etc/named.conf file is world-readable (mine was already 644).
Restart named
Step 2: Setup SSH key logins
We must setup ssh key-based logins between DA server and EXTDNS server
Select a user account on DA server, mine is user "admin"
- root user on DA server should be able to ssh to root user on EXTDNS server
- root user on EXTDNS server should be able to ssh to admin user on DA server
Of course, the keys should not require a passphrase since this will all be automated. Setting up the key-based login is out of the scope of this post but if you google for "ssh key login" you can find plenty of guides.
Confirm that you can ssh in both directions listed above without entering a password/passphrase
Step 3: Setup checker script on DA server
put the script check-namedconf.php in /root/bin directory
Run this command to seed the /etc/named.conf.time file:
Code:
echo 0 > /etc/named.conf.timeStep 4: Configure named.conf on EXTDNS server
Modify your options section to look like this:
Code:
options {
directory "/var/named";
recursion no;
allow-transfer {
127.0.0.1;
};
};Again remove the junk zones in /etc/named.conf that are unneeded
Make sure you have a "slaves" directory in your named root directory (my named root is /var/named) and that the "slaves" directory is writable by named (i.e. chown named /var/named/slaves)
Add this line to the bottom of your /etc/named.conf
Code:
include "/etc/named.zones.conf";Restart named
Make sure rndc works, i.e. rndc status
Step 5: Add sync-zones.sh script on EXTDNS
Place the sync-zones.sh script in /root/bin on EXTDNS
Modify the script appropriately for your usernames/IPs
Chmod the script to 700
Test the script out - you should be able to run it and not see errors
Step 6: Test script from DA server
Now on the DA server you should be able to run this:
Code:
/usr/local/bin/php /root/bin/check-namedconf.phpthis should initiate the sync-zones.sh script on EXTDNS server. If you run it again, nothing should happen because it sees your named.conf file hasn't been updated. You can make an edit to the comments in your /etc/named.conf file and then it should run again when you execute it. It only runs sync-zones.sh on EXTDNS when the local named.conf file has been modified
Step 7: add to cron
If you got past step 6 with no errors, then add this to root's cron on DA server to check named.conf every 5 minutes
Code:
*/5 * * * * /usr/local/bin/php /root/bin/check-namedconf.php 1>/dev/null 2>&1Note: When you modify a DNS zone in DA, it will take up to 1 minute until the change is seen on EXTDNS. This is because DA doesn't tell named to reload zones instantly, it happens through the system queue.
Note 2: In order for BIND on DA server to notify the EXTDNS server, the zone must have a NS record in it indicating that EXTDNS is a nameserver for that domain. example in a dns zone:
Code:
exampledomain.com. NS ns1.myhosting.com.
exampledomain.com. NS ns2.myhosting.com.ns1.myhosting.com resolves to 192.168.1.1 (DA server)
ns2.myhosting.com resolves to 10.1.1.1 (EXTDNS server)
Let me know what you think. The scripts are in the attached zip file. Make sure you modify them with your usernames/IPs. Although most of what I do is FreeBSD in this example I am working with Linux systems. Your paths may be different.
Last edited:
