Hi there,
Is there any news on the support of external DNS servers as primary servers? We already have a primary and two slaves and we'd elike to continue using those instead of setting up nameservers for every DA machine.

Are there similar developments planned for mail and potentially webhosting?

Thanks!

Hello,

It's still in the desgin phase, but won't take too long once it's figured out.

Multi-server *everthing* will eventually be added, but other services are much farther off.

John

Great! Can't wait! Any more precise estimates on when this will be available?

Hans

Sorry, can't give you any timeline. After the backups (admin, reseller, user).. it will probably be the next thing on the list.

John

Originally posted by DirectAdmin Support
Sorry, can't give you any timeline. After the backups (admin, reseller, user).. it will probably be the next thing on the list.

John

If we are using externel DNS servers until your update has been released do we have to still have bind installed on the server that uses DA?

Without DA creating the zone files for a newly setup up web site will DA still work for email setup and web accesss?

Thanks

Jon

Hello,

You don't need bind on the server with DA. Just let DA *think* you have bind by leaving all the zone files intact, without the binary. Change the boot script to:

#!/bin/sh
exit 0;

So that DA thinks all is well and in /usr/local/directadmin/data/admin/services.status, set named to OFF.

Even without named, as long as you have the zones setup on some other server and they resolve, everything should function just fine.

John

Do you mean delete:

/usr/sbin/named
/usr/sbin/named-bootconf
/usr/sbin/named-checkconf
/usr/sbin/named-checkzone

/var/run/named/
/etc/rc.d/init.d/named
/etc/rc.d/rc0.d/K45named
/etc/rc.d/rc1.d/K45named
/etc/rc.d/rc2.d/K45named
/etc/rc.d/rc3.d/K45named
/etc/rc.d/rc4.d/K45named
/etc/rc.d/rc5.d/K45named
/etc/rc.d/rc6.d/K45named
/etc/logrotate.d/named
/etc/log.d/conf/services/named.conf
/etc/log.d/scripts/services/named

WITHOUT deleting from command line using rpm -e named?

I can rid the sytem of bind-utils as well.

Jon

Hello,

You can delete everything except:

/etc/rc.d/init.d/named (the boot script to edit)
/etc/named.conf
/var/named/*

The rest doesn't matter, DA doesn't touch the binary directly. It uses the boot script, but you'll edit it to do nothing.

John

Any update on when externel dns servers will be supported?

regards

Jon

I've it ALMOST running.

But i figured out that BIND only sends a notify / axfr to the first nameserver (master, the one in the SOA)

I want that he also noitfy the slave's, is this possible?

I've this:


Hosting server: --- DA - PLESK ----
NAmeservers: | |
1st PowerDNS (ns1) 2nd powerdns (ns2)


when I set ns1 as nameserver 1, then he got's notified

when I set ns2 as nameserver 1, then he got's notified

So, is it possible to let bind notify both servers?

Tim

I'd be interested to know how you have setup the primary dns to be notified from DA.

I hope DA support are still planning some form of inclusion in DA for external DNS support.

Jon

Originally posted by jjma
Tim

I'd be interested to know how you have setup the primary dns to be notified from DA.

I hope DA support are still planning some form of inclusion in DA for external DNS support.

Jon the Primary DNS server is, as i told, PowerDNS.

That one is " Nameserver 1 " in DA. DA automaticly notify's the Pdns server.

You must setup the masterserver in the database.

Originally posted by Tim
the Primary DNS server is, as i told, PowerDNS.

That one is " Nameserver 1 " in DA. DA automaticly notify's the Pdns server.

You must setup the masterserver in the database.

Ok I have to login to the DA panel > select DNS administration > enter dns for a domain > DA automagically notify's the Primary DNS?

A couple of caveets that I have presupposed: 1) that you did not uninstall the bind deamon 2) You have set your external Primary DNS server as namerserver 1 in your DA setup.

Is this correct.


thanks

Jon

This thread has gotten me quite confused.

DA doesn't directly notify any other nameservers; all it does is create new zone files for the instance of the named daemon on the server it runs on, and then tells named to reload the zone files.

You can do what you want to do by having the DA server run as a "hidden master", and your other server set to slave the domains on the DA server. If you google "DNS hidden master" (without the quotes) you should be able to get some information.

We do DNS this way for many servers.

Jeff

Originally posted by jlasman
This thread has gotten me quite confused.

DA doesn't directly notify any other nameservers; all it does is create new zone files for the instance of the named daemon on the server it runs on, and then tells named to reload the zone files.

You can do what you want to do by having the DA server run as a "hidden master", and your other server set to slave the domains on the DA server. If you google "DNS hidden master" (without the quotes) you should be able to get some information.

We do DNS this way for many servers.

It would be useful to be able to have DA be able to communicate with externel DNS servers - it has been discussed as a possible addition and it is something I would certainly appreciate.

regards

Jon

Perhaps we've misunderstood each other.

Slave DNS is the accepted protocol used by DNS (and by BIND) to replicate zones across servers. However, the automatic setup of slave nameservers is NOT implemented in either DNS or in BIND.

Are you asking that DA include a method for replicating master zone files across servers?

While I'm not planning on creating such a functionality for myself (I'm happily accepting the concept of hidden masters), someone else might be. So perhaps you should give us your idea of a product specification. Don't forget that any such specification will have to include a method of authenticating the two servers to each other to avoid (a) unwanted zone transfers out (where you give up information on your zones to others not entitled to it), and (b) unwanted zone transfers in (where someone else can use your server without your knowledge).

Or are you willing to accept that DA can be used as a hidden master, which is the method implemented in DNS and in BIND?

Future versions of DA (no time frame yet) will probably allow services to be created across multiple servers, but all will probably need to be running DA.

Jeff

The initial request for 'external dns' support was for DA to take a newly added domain and fire it over to the 'external dns' which may or may not be running DA software.

Orginally I imagined some way to get around manually adding domains to our dns server for new client signups, so if the orginal point is possible then I'm interested.

regards

Jon

P.S I do not run dns on our DA box.

for those users, wanting to use the system with hidden master, you could do the following.

set the ns1 from the da interface to the hostname running da.
set ns2 from the da interface to the first external nameserver

login to the da server with ssh and edit the following file

/usr/local/directadmin/data/templates/dns_ns.conf

and add a third line for your second external dns server


seconddns.yourcompany.com.=|DOMAIN|.

now everytime you create a domain it has you da server as master dns and 2 slave dns servers. afterwards you only have to create the corresponding entries for the newly created domain in the named.conf of your 2 external server. and say there your master server is the da server.

so you could use 2 external name server for as many da server you have and your customers only need to register these 2 name server while registering their domain.

i will also create some automation for creating the named.conf entries on the external server. i will let you know about it

also if you add new subdomains or make changes via dns administration the changes would be propagated to the 2 external dns servers

regards
fabrizio

If this works and you can provide the automation then this is just what I am looking for - until DA bring out their own system.

Jon

Thanks for your excellent tutorial. I bring up the following not in any way to belittle your excellent post, but merely to point out a few minor issues with it...

Originally posted by stffabi
login to the da server with ssh and edit the following file

/usr/local/directadmin/data/templates/dns_ns.conf

and add a third line for your second external dns server
Following the above instructions will make a change that could easily be overwritten by a future DA update.

DA has advised that the proper way to change a template is to first copy it to:

/usr/local/directadmindata/templates/custom

And make the changes to it there. They've pledged to not overwrite files in the custom subdirectory.

now everytime you create a domain it has you da server as master dns and 2 slave dns servers.
This will not fully hide the nameserver on your DA system.

"Hiding" means not allowing other nameservers to query your nameserver. To make sure that doesn't happen you should also delete the first line in the template; the one that reads:

|NS1|=|DOMAIN|.

While you didn't mention it in your tutorial, I will add for those of us who might otherwise question it, that in setting up hidden nameservers we should not change the name of the first nameserver in the SOA record; doing may break the way DNS gets updated. While it's probably not important to those of us who only do webhosting, it could make a difference if any of our clients are using their DNS to publish their own records and using NOTIFY commands.

afterwards you only have to create the corresponding entries for the newly created domain in the named.conf of your 2 external server. and say there your master server is the da server.
There's an excellent somewhat generic How-To on hidden primary nameservers here (http://www.dyndns.org/support/kb/hiddenprimary.html).

i will also create some automation for creating the named.conf entries on the external server. i will let you know about it
I've had the automation project for creating slave DNS on other nameservers on the back-burner for some time now; I'll ask my programmer later today where he stands on it.

Jeff

I'm looking forward to when we don't have to use a "hack" to make DA think that we are running DNS on it.

Originally posted by jlasman
[B]
DA has advised that the proper way to change a template is to first copy it to:

/usr/local/directadmindata/templates/custom

And make the changes to it there. They've pledged to not overwrite files in the custom subdirectory.


I'm new with da, so it didn't know that. Thank you for bringing this up to my mind.

Originally posted by blacknight
I'm looking forward to when we don't have to use a "hack" to make DA think that we are running DNS on it.
I'm running BIND on a lot of DA servers, and I'd love to know what you mean, since I haven't had to hack anything.

Jeff

We do not run DNS on any servers running control panels as we have a proper redundant DNS system for this.

If we ran Bind on each and every server on our network our clients would have to use crazy hostnames like ns45.domain.tld

Then what do you mean?

I don't see any other posts from you on this thread.

You can always use the "hidden master" approach.

Far from being a "hack", the hidden master approach is a recognized way to update public masters.

What would you like to see?

Jeff

Originally posted by blacknight
We do not run DNS on any servers running control panels as we have a proper redundant DNS system for this.

If we ran Bind on each and every server on our network our clients would have to use crazy hostnames like ns45.domain.tld

Nothing against crazy hostnames ;)
We use 2 real servers for DNS stuff, all other servers just send stuff to those 2 servers.
So server 3 also has DNS capabilities, but they're not used, due to the fact our primairy and secundairy DNS (ns1.domain.com through ns4.domain.com) are doing all the real work.

Originally posted by DirectAdmin Support
Hello,

It's still in the design phase, but won't take too long once it's figured out.

Multi-server *everthing* will eventually be added, but other services are much farther off.

John

John

Are you able to supply an eta or give some progression indication on this?

regards

Jon

Originally posted by jlasman
Then what do you mean?

I don't see any other posts from you on this thread.

You can always use the "hidden master" approach.

Far from being a "hack", the hidden master approach is a recognized way to update public masters.

What would you like to see?

Jeff


This thread is very confusing now and like most users I would like to manage external nameservers (at least ONE primary - no slave).

Basically,

server 1 2 3 are for my customers and 4 is the nameserver (with ns1 and ns2 setup). All servers are running DA.

How the DNS modifications of my customers (pointers, sub-domains) can be transmitted to server A automatically?

Thank you.

And an eta on when DA will incorporate external dns in the control panel.

regards

Jon

Originally posted by jjma
And an eta on when DA will incorporate external dns in the control panel.

regards

Jon

How is this done now ?
Is it only possible to have the DNS on the DA machine ?
If so, how does blacknight do it ?

We're waiting on our programmer to fix one small issue before we offer a free script to manage slave DNS on an external DNS server.

Jeff

Jeff

can you pm me with a link to the script?

Thanks

Jon

would also like pm with link thanks

We will post a link to the script as soon as it's done.

Jeff

Is this post somewhere or are there other options comming for external master and slave DNS

This thread was never updated but there's a product announcement elsewhere on these forums.

The download is here (http://www.nobaloney.net/downloads/dns-master2slave/DirectAdmin/).

Jeff

I see that the script is still in Beta - does that mean it hasn't changed in the last year?

Jon

The script hasn't changed. Many of us use it.

The reason I haven't taken it out of beta is because for us it sometimes finds and reports duplicates when there aren't any (and therefore doesn't slave those domains until the next time it runs).

Has anyone else noticed this?

The dupechecking routine is currently written in perl, a write once / read never :) language.

Is anyone volunteering to debug it? To rewrite it, perhaps in PHP?

Jeff

I'm in the process of implementing a hidden master-setup, and I've approached the challenge of keeping zones up-to-date on the slaves a little differently. I'll post my result when I'm done.. Not exactly a rewrite per say, but still it might be useful.

Looking forward to your post.

Jon

I'm quite new to DA, and do not wish to run my own nameservers, so I got 2 nameservers I can use from my domain seller.

However: I wish customers who I offer hosting including domain registration to manage their own dns records if they like.

Now I read the trick with the hidden master. Can I make these dns servers from my reseller to become slaves after my hidden master? (I do not have access to their systems) Or am I missing an important DNS functionality here?

It's quite possible, as long as you have a method of telling the slaves which zones they're supposed to slave for you. The rest is just a basic hidden master-setup which you can read about alot of places. Try a google-search.

There are also several threads about this on these forums.

Thanks!
I will try to look this up :-)
Can this by any way be done with the SOA record in the zone file?
( Then I know if i'm on the right way )