Can I set DirectAdmin up to allow secondary DNS on another machine? I will do the DNS settings on the other machine manually. How can I tell DA to use the nameserver on the second machine? Do I add the IP address of the second machine?

Would it be better to just leave first and second DNS on the DA machine and add a third DNS manually for each domain? This would be a pain though, how would I know if a client needs DNS added for a domain?

I just don't understand how all these control panels only allow DNS on one machine? It doesn't make sense to use ns1 & ns2 on the same box, if the box goes down so does all your dns.... I know if the box is down then your site is down, but atleast if dns is working somewhere else you will get a dns reply so that email will be held and visitors won't get a no such domain name.

Regards,
Phil

Currently DirectAdmin does not do secondary DNS. I hope in a future (soon :D) release that we can have a seperate option to do secondary DNS.

DirectAdmin allows zone transfers, you can setup another box manually to do your DNS for you. It does not have the security that you could setup on your own (ip restrictions on zone transfers) unless you manually edit the BIND files.

I can see your concern because we also have the same concern at our offices. We have recently switched to DirectAdmin for our Virtual Hosted customers and would like to eliminate some of the extra boxes. This would require both Secondary DNS and Backup MX to be built in.

Originally posted by existenz
Currently DirectAdmin does not do secondary DNS. I hope in a future (soon :D) release that we can have a seperate option to do secondary DNS.

When you say it doesn't do secondary DNS do you mean that it doesn't actually setup a second DNS server on the same box? If that is true why do we assign a second IP in the admin panel?

If it doesn't do secondary DNS, can I add an IP address through the admin panel that does not belong to the DA box? What does the IP manager do in the admin panel?

What I need to do is this. I am willing to use DA for my primary DNS server. I would setup a new account on the DA server and would manually add a secondary dns entry to another box. I would like my users/resellers to use the ns1 on the DA box, and the ns2 on the other box. How can I setup DA to assign the ns1 / ns2 automatically to their accounts. I will setup the secondary manually.

Regards,
Phil

Originally posted by philmcdonnell
When you say it doesn't do secondary DNS do you mean that it doesn't actually setup a second DNS server on the same box? If that is true why do we assign a second IP in the admin panel?

It uses 2, simply due to the fact you usually need 2 nameservers to place a domain on. The second is just 'virtual' and basically an alias of the primary IP.

Secondary DNS can be done, if you know how to setup secondary DNS you should be able to do it.

Chris

well I agree that this would be a usefull option to have, preferably including automatic nameserver updates, because manually maintaining it would be a tremendous load of work.

Perhaps a how-to is in place if this can't be integrated in the main control panel? This would be a nice feature to include "transfer this nameserver to another DA slave server", beat the competition ;)

Hello,

It's not too far off. I'll be adding that and bit of other things like server backsup and user transfers too. Will all be in the "multi server control" area... they'll be added in pieces and released over a few versions.

John

Looking forward to Secondary DNS!

Keep up the great work!

Me too. Can't wait! ;) :D

Originally posted by philmcdonnell
When you say it doesn't do secondary DNS do you mean that it doesn't actually setup a second DNS server on the same box? If that is true why do we assign a second IP in the admin panel?
There's no reason to set up a second DNS server (technically, an instance of the named daemon) on the same system; one instance will happily answer all the requests.

The reason for assigning two IP#s is so that you can register two nameserver names (since all registrars require two nameservers though you've only got one system.

If it doesn't do secondary DNS, can I add an IP address through the admin panel that does not belong to the DA box?
Where are you adding an IP#? In "IP Manager"? No, that's only for IP#s hosted on the box.

Under "Administrator Settings" you set up two nameservers, ns1 and ns2 (which by the way don't have to be named ns1 or ns2). There you just put FQDNs (fully qualified domain names) for the two nameservers you wan't used by the automatic DNS setup. They do NOT have to be hosted on the box, but if you want automatic DNS setup to work at least one of them should be.
What does the IP manager do in the admin panel?
It allows you to add IP#s to the box, and assign them to resellers (who can then assign them to users).
What I need to do is this. I am willing to use DA for my primary DNS server. I would setup a new account on the DA server and would manually add a secondary dns entry to another box. I would like my users/resellers to use the ns1 on the DA box, and the ns2 on the other box. How can I setup DA to assign the ns1 / ns2 automatically to their accounts.
The way I mentioned above. Under Administrator Settings put in the URLs of two nameservers (I've got ns1.ns-one.net and ns2.ns-one.net there). both URLs must resolve, one to the main IP# of the server and one to the main IP# of your second machine.
I will setup the secondary manually.
You don't have to.

You can use a cron job to write the contents of the /var/named directory (at least all the contents ending in .db) to a file, then clean up the file by removing any path prefixes from the resulting file lines, and the .db suffix as well.

Then transfer the file to your slave nameserver (overwriting the previous file). You can do this for multiple master servers to one slave server, each with it's own uploaded file (that's how we do it).

Then concatenate all those files uploaded from the multiple master servers, sort them alphabetically, remove all duplicates (perhaps sending the list of duplicates to a human who can call someone to find out why two servers were hosting the same domain).

Removing the duplicates is important; if you don't, the server won't reload it's domains, which is the last step.

Then build a new /etc/bind.conf file in the slave server. Then do a "service named reload" and if you get an error send the error to a human to check out the problem.

We first started doing it this way about nine or ten years ago when we first started doing slave DNS (it was called "secondary DNS" then :) ).

I wrote this reply from memory, but I believe I've got all the steps right.

I'll go ahead and write a system from scratch in a few days to a few weeks, and I'll post the howto.

We've offered slave DNS hosting for many years, we currently offer it for Sun Cobalt RaQs and Plesk servers as well as DirectAdmin servers, and I suppose we could offer it for others as well.

Jeff

Sounds like grounds for a script to me :D

Maybe I'll take a shot at it some time soon.

Jeff (jlasman),

Thank you for your very concise and accurate reply. I would love to see your how to if you do write it. I have been going back and forth with this for several weeks now trying to figure out the best way to move clients onto the DA box. I can see the light now, thank you... thank you...

Regards,
Phil

Hi,

I'm in a similar situation but I'm still not sure what to do.

I've got a Debian VDS running as just a secondary MX server and a slave DNS server.

I've got everything configured ok on the VDS, but what do I need to do in DA? I don't have admin access on the main box (I'm a reseller).

So far, I've added to the DNS for my domain xxxxxx.net using my DA *user* account (the one that owns my domain xxxxxx.net):


an 'A' entry for backup.xxxxxx.net pointing to the VDS's IP
an MX entry for backup.xxxxxxxx.net set to priority of 10
an NS entry for backup.xxxxxxx.net pointing to the VDS's IP


Anything else I need to do? Like add the nameservers in my reseller panel?

Sorry if this sounds really basic, I get very confused by DNS.

Thanks in advance,
Matt :)

Have you configured your "backup" server to be a slave server for the domain(s) in question? You'll need to do this manually if you don't have access to the files I mentioned.

You should configure the ns2.example.com (or whatever you call it) as a nameserver in your reseller panel.

And you should make sure all the domains you want slaved on the backup machine have the ns2.example.com record in their DNS.

And if you haven't already registered the ns2.example.com nameserver with the registrar of it's parent domain, you need to do that as well.

Jeff

Thanks for the info Jeff.

Have you configured your "backup" server to be a slave server for the domain(s) in question? You'll need to do this manually if you don't have access to the files I mentioned.

Yes, I've done it in the bind configuration, seems to be ok.

You should configure the ns2.example.com (or whatever you call it) as a nameserver in your reseller panel.

I've done that now, had to add it as a virtual nameserver though. What's the difference?

And you should make sure all the domains you want slaved on the backup machine have the ns2.example.com record in their DNS.

Done.

d if you haven't already registered the ns2.example.com nameserver with the registrar of it's parent domain, you need to do that as well.

I have the option do this in my registrar control panel, but I don't see why it must be done? What does it do exactly?

Thanks for the help, I *really* appreciate it.

Peace,
Matt

Originally posted by thoroughfare
I've done that now, had to add it as a virtual nameserver though. What's the difference?
I'm not sure if this will do what you want or not.

Did it allow you to enter the IP# of your backup box as the reseller for the second nameserver? You may need that, or you may not, to get the nameserver automatically listed in DNS for new domains. It would depend on how John and Mark implemented it whether the IP# is imortant.

I have the option do this in my registrar control panel, but I don't see why it must be done? What does it do exactly?
DNS is possibly the world's most distributed database. Registering the nameserver with the registrar who the domain is registered with puts a "glue record" for it into the root nameservers for the Internet, so the nameserver DNS can be found.

As a much simplified example, say ns1.example.net does DNS for www.example.com.

Now someone who has never looked at your site before, using JeffsISP (jeffsisp.com :) ) wants to look at your site.

He types "www.example.com" into his browser, and his browser asks ns1.jeffsisp.com for the IP for www.example.com so it can find the IP# for the site, and get the index.html page.

If ns1.jeffsisp.com doesn't know the IP# for the site, it has to ask's the site's nameserver. It check's the rootservers to find it out. The rootservers have a record for example.com (note, NOT for www.example.com) pointing to the authoritative nameserver, which is ns1.example.net.

If the rootservers have a glue-record for ns1.example.net they'll also return the IP# for ns1.example.net, and ns1.isp.com can immediately query ns1.example.net, get the IP# for www.example.com, and deliver it back to the user's machine, so the user can request index.html from the website.

However, since the rootservers handle DNS for the entire Internet and are very busy, they don't do recursive lookups. They only return information they have.

So if the rootservers don't have a glue record for ns1.example.net, they just return the name of the nameserver. Then, if ns1.jeffsisp.com doesn't have the address of ns1.example.net, they have to ask the rootservers again, this time for the IP# of example.net (note, again, NOT ns1.example.net).

The rootservers now look up the IP# for example.net, and return the IP# of the nameservers for example.net.

And so on....

As you can see, if the rootservers don't have the IP#s and don't know who to ask for them, the whole thing breaks down.

Much more complex (and therefore more accurate) explanations are available on various DNS sites :) .

Jeff

Thanks Jeff, makes perfect sense to me.

I'll sort that out then with my registrar.

I'm quite proud I've managed to set all this up, I'm really *not* experienced at linux sys admin.

:)
Thanks again!
Matt :D

John,

Still working on Secondary DNS for a soon to be released update? Just wondering...

existenz,

I still haven't had time to develop any automatic scripting to do this, and I'm hoping John will so I won't have to <smile>...

In the meantime, if you'd like to do secondary DNS manually on your DA server and don't know how, let me know, and I'll develop a quick-and-dirty how-to.

Jeff

I tried to get my main domain's zone to be transferable to everydns.net, without luck. If anyone has any experience with that, I'd love to figure it out.

Here what I've done: I tried changing the default DA line in /etc/hosts.conf to:zone "liquenox.net" {
type slave;
allow-transfer{ 64.158.219.3; }; // FAQ entry here (http://faq.everybox.com/index.php/If%20I%20want%20a%20copy%20of%20my%20zone%20from%20everydns.net%2C%20what%20IP%20should%20I%20query%3F)
file "/var/named/liquenox.net.db";
};but that along with a few variants get me no where (unless 'getting somewhere' can be defined as breaking DNS for the whole box!)

Hmm.. does the IP need placed in some type of file? What about /var/named/liquenox.net.db, will that file need modified from the DA default any? :)

Any help possible will be great ;)

Thanks.

Sorry I was NOT looking for a script. Though the thought is appreciated. I was waiting to see when John was going to include it in DA. He said he would sometime after the users backups were in place. I could do it via command line but I am positive that my managed customer will never figure it all out.

Originally posted by l0rdphi1
I tried to get my main domain's zone to be transferable to everydns.net, without luck. If anyone has any experience with that, I'd love to figure it out.
Lots of experience, but first I want to make sure exactly what you're trying to do.

Looking at your whois record, it appears that you're trying to get everydns.net to handle both primary and secondary DNS for your system.

Is that correct?

If that's correct, then you need to set up your zone at everydns.net, according to instructions they provide. Sorry, but I don't have an account there and I don't know how to do it.

But everything must be entered there, including all the records within the zone.

Based on response I get from doing a dig on their servers, you may have already done that.

If so, then you should, using the DA gui interface, delete the DNS records for the entire liquenox.net domain.
Here what I've done: I tried changing the default DA line in /etc/hosts.conf to:zone "liquenox.net" {
type slave;
allow-transfer{ 64.158.219.3; }; // FAQ entry here (http://faq.everybox.com/index.php/If%20I%20want%20a%20copy%20of%20my%20zone%20from%20everydns.net%2C%20what%20IP%20should%20I%20query%3F)
file "/var/named/liquenox.net.db";
};but that along with a few variants get me no where (unless 'getting somewhere' can be defined as breaking DNS for the whole box!)
I don't have an /etc/hosts.conf file on any of my DA systems, so I'm not sure what you mean.

Do you mean your /etc/host.conf file?

That should just contain one line:

order hosts,bind

and nothing else.

Or do you mean your /etc/hosts file?

That should contain:

# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
65.58.240.229 da1.ns-one.net

where the bottom line should have your IP# and your system hostname instead of mine.

The sample code you show in your post is what you'd put into your /etc/named.conf if you wanted your system to be a slave server for the master server at everydns.net.

If you do that then you should create a nameserver with your registrar for your domain name, and in the zone file for your domain name at everydns.net you'll need both an a record for it (for example for ns1.liquenox.net) and also an ns record.

And you'll also need to reload your nameserver when you're done:

# service named reload
Hmm.. does the IP need placed in some type of file?
Depending on how your firewall is set up, you might need to open a hole in it for tcp/ip packets from the everydons.net server that would be updating yours.
What about /var/named/liquenox.net.db, will that file need modified from the DA default any?
If you're doing both master and slave DNS with everydns.net you shouldn't have that file. If you're using your box as a slave for the zone, then you still shouldn't create that file, as it will be created as part of the transfer process.

Of course you can only slave a zone mastered at everydns.net if they allow zone transfers. They may not. You'll have to ask them or experiment.

Jeff

Originally posted by jlasman
Looking at your whois record, it appears that you're trying to get everydns.net to handle both primary and secondary DNS for your system.Yes, I suppose. Is there a method that allows one to let DA populate /var/named/liquenox.net.db as it like, and only transfer the records over to the EveryDNS nightly/whenever they pull it.

Originally posted by jlasman
I don't have an /etc/hosts.conf file on any of my DA systems, so I'm not sure what you mean.Oh my... heh. I did mean /etc/named.conf. I guess that's what I get for posting when I'm so tired :D

Thanks for that excellent post by the way! It's very informative. :)

Originally posted by l0rdphi1
Is there a method that allows one to let DA populate /var/named/liquenox.net.db as it like, and only transfer the records over to the EveryDNS nightly/whenever they pull it.
Sure, but the key is what you wrote at the end...

"whenever they pull it". They (the folk at liquenox.net) have to pull it. They probably don't have a method for doing that. (We do that for our DNS clients, but we're not free).

You can create secondary (slave) DNS at EveryDNS, and let them pull it from your server that way. You'll need to create master DNS records on your DA server with NS records for both ns1.liquenox.net and the EveryDNS nameservers you want to use (see their instructions for slave DNS). You'll also need an A record for ns1.liquenox.net, and you'll need to register ns1.liquenox.net as a nameserver at your registrar, but NOT list it (also at your registrar) as one of the nameservers used for the domain. This creates what's called a "hidden master".

Why don't you want your server to be the advertised master nameserver?
Oh my... heh. I did mean /etc/named.conf. I guess that's what I get for posting when I'm so tired :D
Nevertheless, if that broke DNS for the whole box I'd like to see the entire file. Please do not post it to this forum, but instead email it to me (address in my sig) and I'll take a look at it. If you do email it to me, don't convert it to Windows line-endings (in other words, don't copy it to your system first using ftp in ascii mode), because I use a Linux desktop.

You can email me the file from your root prompt this way:

# mail my-address-from-my-sig </etc/named.conf

If you do mail me the file, be sure to send me a separate email referring me to this post and letting me know it's from you; the above command just sends the file contents.
Thanks for that excellent post by the way! It's very informative. :)
You're welcome. We've been offering worldwide master, master/slave and slave DNS services and consulting for DNS-related problems since 1998.

Jeff

Hello,

Yes, the remote DNS would be the next major feature after all of the backup stuff is in place. (Admin Backups, and server backups too)

John

Very good. I can't wait :D