setup question w/ master2slave

[truenegative]

hello, i'm just asking some preliminary functionality questions....

From reading on here, it seems as DA w/ master2slave is exactly what I want. I have my main webserver, which will run DA, but I also have two other servers (dual p3's) which will be solely for DNS. I had wanted them to be master and slave for all my domains.

With that said, I read that using master2slave I can acomplish this. This would mean that anytime people put in a subdomain or what not on their account in DA, it would automatically get propagated to the master/slave DNS combo??

thanks in advance for any help

 

[nobaloney]

master2slave will use DA as your master and slave them on both your other servers.

No one except the servers in question care if a box is a slave or a master, as both are authoritative, so while it will use both your other servers as slaves, this shouldn't affect anything.

You can advertise both your other servers and not advertise your DA server for DNS at all. To see how that's done you might want to google hidden master.

Jeff

 

[truenegative]

yeah I had read about the hidden master. It seems like the best solution.

Another question then...if I eventually have multiple DA servers, can they all use master2slave to the same DNS servers?

ie a setup similar to this:

DA server ->
DA server -> DNS1 -> DNS2, etc
DA server ->


So master2slave would replicate to DNS1, then DNS1 would replicate to any other DNS servers I might have.

 

[nobaloney]

master2slave only replicates masters. It doesn't replicate slaves.

So it won't replicate (in your example) DNS1 to DNS2.

You'd be better served replicating each master to both DNS1 and to DNS2.

Note that if a domain has masters on more than one server and those servers all use the same slave(s) master2slave won't know which master to consider correct, so it won't slave at all, but will send you an email warning.

This can happen, for example, while you're moving a site from one machine to another.

Jeff

 

[truenegative]

Since I won't be running DA on DNS1 or DNS2, can I use any DNS software? I was recommended by a friend to use powerdns which uses mysql replication for its master/slave-ness.

I'm just trying to figure out the best way to set it up to have a DA server (multiples in the future), and between 2 and 4 dedicated DNS servers, running BIND/DJBDNS/POWERDNS or something similar.

Can you explain the best way to set that up?

 

[nobaloney]

master2slave is designed to create slave zone entries for a BIND named.conf file, from master zone entries in a different BIND named.conf file.

If the other servers use standard named.conf files it'll work. If not, it won't.

Hint: the other DNS servers do not use named.conf file format.

So the answer is no.

Use this solution with BIND. We use the solution as part of a system hosting DSN for many thousands of domain names and we carefully considered other solutions before we decided on this method.

Jeff

 

[truenegative]

ok great! thanks so much for the help, Jeff Sounds like it'll be a good solution. I'll have to figure something else to do with those DNS servers because its a lot of horsepower just for BIND hehe

 

[truenegative]

Update question...

Here's my situation...Currently all the domains I have are registered with either mydomain.com or my enom account (slowly moving all to enom account), and they all have their DNS settings pointing to my DA server's IP in the enom/mydomain control panel...

Whats the best steps to take to migrate these to being able to be managed by the DA server, and then replicated to the two dedicated servers?

(The two dedicated servers are ready yet, and I'm not sure when I'll be able to get them on the net, so I'd also like a temp solution that can easily move to the final one)

Thanks!

 

[nobaloney]

I'm not sure which step you're asking about.

Do you need to create a nameserver? Move an existing nameserver to a new IP#?

Or move all the data between the two servers?

Jeff

 

[truenegative]

Well I can handle the transfer of domains from mydomain to enom.

I can probably take care of getting the two dedicated dns servers installed and configured.

I guess my main question is should I leave the DNS records with enom/mydomain, or move them to the DA server, and point ns1.xxx.com and ns2.xxx.com to the DA Server's IP?

Keeping in mind, the final solution will be using master2slave from all my DA servers to replicate to the two dedicated servers in a hidden master fashion

 

[truenegative]

any ideas jeff, or anyone else?

 

[nobaloney]

I'd suggest:

First login to your Enom account and create two nameservers on the domain you want to use for your nameservers (for example ns1.example.com and ns2.example.com), with two different IP#s on your own server.

When that change goes through those nameservers will be working from your server.

Then setup master2slave or some other method for creating slaves on another server. When it's working properly for both servers, log back into the Enom account and change the ns2.example.com record to point to the new IP#.

Make sure DA settings show the correct IP#s for both nameservers.

Then adding domains to your DA server will get DNS set up for them automatically on both servers.

Jeff

 

[truenegative]

oh ok, that sounds simple enough! Once I have that in place, i can use whatever replication method from that 1st dedicated dns server to the 2nd,3rd, etc....

so that from any DA server, it master2slave's to the first dedicated DNS server, then the DNS servers replicate amongst themselves...

[DA servers] ---(master2slave)--> DNS1 ---(bind replication)--> DNS2, etc

Sounds like an ideal plan for a hidden master.

Thanks jeff, now I just need to decide on a domain convention.

 

[nobaloney]

Masters and slaves do NOT replicate among themselves; you should install master2slave as a master on your DA server(s) and install master2slave as a slave on all your other DNS servers.

Jeff

 

[truenegative]

Masters and slaves do NOT replicate among themselves; you should install master2slave as a master on your DA server(s) and install master2slave as a slave on all your other DNS servers.

Jeff

oooh ok so master2slave as master on all my DA servers, then master2slave as a slave on my two dedicated DNS servers??

 

[nobaloney]

Yep!



Jeff

 

[truenegative]

awesome thanks for all your help Any suggestions for locking down the DNS servers? I was thinking CentOS, leaving SELinux enabled, AFP + BFD (only DNS and SNMP), rkhunter, LSM, etc

 

[nobaloney]

Me ?

I don't use SELinux. I don't know anyone who does in a production box, but there are probably a lot of admins who do.

The standard CentOS 4.x install will set up BIND in a chrooted environment.

If you're really not setitng up all the daemons then kiss will be all you'll need, but you can certainly use APF+BFD if you wish.

Build a whole server for slave DNS is major overkill.

Just find an inexpensive VPS provider somewhere .

Jeff

 

[truenegative]

Build a whole server for slave DNS is major overkill.

Just find an inexpensive VPS provider somewhere .

Jeff

hmm i never thought about find a VPS provider somewhere....or the other option is that since I have two compaq servers (dual 1.26, 512mb ram, 2x18.2 10k scsi), I could essentially virtually split each of those into two servers, and have 4 slave dns out there only paying for two spaces...