Automated Secondary DNS

czotos

Verified User
Joined
Oct 19, 2007
Messages
216
Are you running DirectAdmin on your primary server and would like all of your newly-created domains (zone files) to be replicated on a secondary server automatically? If yes, then this guide is for you! This guide will help you setup a secondary (slave) DNS server, for a primary (master) server which is running DirectAdmin.

Note: This guide is intended for secondary DNS servers that are NOT running DirectAdmin. Only the primary server will be running DirectAdmin.

Please replace the IP addresses below with your own public/static IP addresses!

Primary server = Debian Linux with DirectAdmin
Primary server IP address = 192.168.0.1
Primary server name = server1
Required software: SSH (apt-get install ssh) and BIND9 (apt-get install bind9 dnsutils)


Secondary server = Debian Linux without DirectAdmin
Secondary server IP address = 192.168.0.2
Secondary server name = server2
Required software: SSH (apt-get install ssh) and BIND9 (apt-get install bind9 dnsutils)

Let's begin...

1) Generate a set of public and private SSH keys to allow the root user to log in from 'server1' to 'server2'...

Login as root on server1 and execute the following two commands and enter nothing at the prompts:

Code:
server1:~# cd /root/
server1:~# ssh-keygen -t dsa

Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa): [B]<PRESS ENTER TO ACCEPT DEFAULT>[/B]
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): [B]<PRESS ENTER FOR NO PASSPHRASE>[/B]
Enter same passphrase again: [B]<PRESS ENTER FOR NO PASSPHRASE>[/B]
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
41:03:aa:dc:cc:b9:39:50:65:bc:ee:7b:36:d2:64:7a root@server1

2) Copy the public key from 'server1' to 'server2'...

Code:
server1:~# scp /root/.ssh/id_dsa.pub [B]192.168.0.2[/B]:/root/.ssh/authorized_keys

(You will probably be asked for the root password for server2 - which you should enter in order to proceed!)

3) Edit the BIND configuration file on both servers to accept DNS zone transfers...

Add the following in the /etc/bind/named.conf.options file on server1 - somewhere in between the options { }; tags:

Code:
notify explicit;
also-notify { 192.168.0.2; };
allow-notify { 192.168.0.2; };
allow-transfer { 192.168.0.2; };

Add the following in the /etc/bind/named.conf.options file on server2 - somewhere in between the options { }; tags:

Code:
notify explicit;
also-notify { 192.168.0.1; };
allow-notify { 192.168.0.1; };
allow-transfer { 192.168.0.1; };

4) Restart the BIND service on both servers...

Code:
server1:~# /etc/init.d/bind9 restart

server2:~# /etc/init.d/bind9 restart

5) Create the DirectAdmin custom scripts on 'server1' which will execute after new domains are created and/or after existing domains have deleted...

Code:
server1:~# touch /usr/local/directadmin/scripts/custom/dns_create_post.sh
server1:~# touch /usr/local/directadmin/scripts/custom/dns_delete_post.sh
server1:~# chmod 700 /usr/local/directadmin/scripts/custom/dns_create_post.sh
server1:~# chmod 700 /usr/local/directadmin/scripts/custom/dns_delete_post.sh
server1:~# chown diradmin:diradmin /usr/local/directadmin/scripts/custom/dns_create_post.sh
server1:~# chown diradmin:diradmin /usr/local/directadmin/scripts/custom/dns_delete_post.sh

6) Now add the following bash code into both the 'dns_create_post.sh' and 'dns_delete_post.sh' script files on 'server1'...

/usr/local/directadmin/scripts/custom/dns_create_post.sh must contain the following:

Code:
#!/bin/sh
/usr/bin/ssh root@[B]192.168.0.2[/B] '/bin/echo "zone \"'$domain'\" { type slave; file \"/var/cache/bind/'$domain'\"; masters { 192.168.0.1; }; };" >> /etc/bind/named.conf; /etc/init.d/bind9 restart'
exit 0;

/usr/local/directadmin/scripts/custom/dns_delete_post.sh must contain the following:

Code:
#!/bin/sh
/usr/bin/ssh root@[B]192.168.0.2[/B] -- /bin/sed -e "'/^zone \"$domain\"/d'" -i /etc/bind/named.conf \&\& /bin/rm -f /var/cache/bind/$domain \&\& /etc/init.d/bind9 restart
exit 0;

Done!! You may now add and remove domains on your primary DirectAdmin server and all the DNS zone files will automatically be created and transferred to your secondary DNS server. You no longer need to add manual DNS entries on the secondary server and tamper with the BIND configuration files.

I hope this helps!
 
Last edited:
Hi GXX

As far as I know, the Multi-Server (DNS Clustering) option that comes with DirectAdmin will only work if both the server machines are running DirectAdmin.

In my guide, only the primary DNS server needs to be using DirectAdmin.

All the secondary servers can be various flavours of Linux without any hosting control panel software (such as DirectAdmin) running on them... All that is needed is BIND DNS.
 
Last edited:
Gotcha, didn't catch the mention of without DA in your quote above.
 
Happy to see another method that will update the dns records to non-directadmin slave servers automatically.:)

I am currently using jlasman's master2slave script currently. It do the same thing.

I think the main different between czotos's method and master2slave is that 1. master2slave script can also migrate existing dns records in addition to newly created directadmin records.
2. master2slave will also works even the master server is not directadmin server.
3. In case the slave server is temporary down when a new domain is created on the directadmin server, master2slave will automatically update the record when the slave server is up again.
 
I've never used the master2slave script before, so I can not say much about it - but I've definitely heard good things about it it terms of functionality.

However, correct me if I am wrong, but master2slave will execute periodically at a set time interval, right??

Well, in order for me to do domain registrations for my country's .CO.ZA top-level domain, at least two nameservers (primary and secondary) need to be active and authoritative before the domain registrar will accept any new applications!

So I needed a quick and easy method to ensure that the DNS zone files and data is transferred immediately from the primary to the secondary server - so that I could then proceed with the domain registation straight after I completed adding the user/domain to DirectAdmin.

I hope that makes sense...
 
Last edited:
yes, you are right, master2slave depends on cron jobs to get the updated zone record. So if you need immediate update to the slave servers, master2slave cannot do it.

yes, every users have different operating environment so that some script may be suitable for one user but not others.

I am not professional programmer and I surely unble to write scripts like the one you write. But I have a few questions about your method

1. If I have 2 servers, there is a domain "hello.com" on server A. And there is another curious user on server B who tried to create the same domain "hello.com" on server B (of course, the domain does not belong to him). Will the orignal record created by server A overwritten by server B?

2. if the original record will not be overwritten by server B, now if the user on server B remove the domain "hello.com" through directadmin , will it remove the record on the slave server created on Server A.

Not sure if your current method can handle this kind of condition. I think handling this kind of case is important if you have more than 1 directadmin server using the same set of slave servers.
 
I installed this as u discribe it but it does not work. How are the scripts like dns_create_post.sh activated?
I dont see how...
 
yes, you are right, master2slave depends on cron jobs to get the updated zone record. So if you need immediate update to the slave servers, master2slave cannot do it.

Maybe i'm wrong, but if you say that master2slave depends on cron jobs, then you can update zone record immediate on directadmin

just copy the same command from cron into both the 'dns_create_post.sh' and 'domain_create_post.sh' script files.

so it will run on update, but i don't know if master2slave will be working good if you rune it multiple times (probably sometimes da will spawn many many times dnscreate and domaincreate scripts).

but you can add if and test if some copy ow master2slave is running or not to prevent this.
 
Why not just setup your secondary nameserver using powerdns & poweradmin ? ;)

There is a guide somewhere on the forum and it's a lot safer then setting up cronjobs and letting servers login to each other.
Used it for about a year now, runs rocksolid.
 
Maybe i'm wrong, but if you say that master2slave depends on cron jobs, then you can update zone record immediate on directadmin

just copy the same command from cron into both the 'dns_create_post.sh' and 'domain_create_post.sh' script files.

so it will run on update, but i don't know if master2slave will be working good if you rune it multiple times (probably sometimes da will spawn many many times dnscreate and domaincreate scripts).
As the distributor of Master2Slave DNS Replicator I may be the best person to respond to this.

You're right that multiple runs of the master2slave scripts will step on each other and could break your DNS. It's never been tested because as written that doesn't happen.

And even if they didn't, they'd cause reloads and/or restarts of DNS to happen so often the server might end up unavailable for long timeframes. If your slave server does nothing but slaving (as ours do), then it won't matter if they're down occasionally, but you certainly don't want them down for a restart at the same time the masters are.

Jeff
 
Hi everyone!

I made some small adjustments to my guide above - please test it and let me know if you run into any problems...

I truly hope that this can help you with your DNS issues.
 
I think better way is (root is bad):
1) create user nsslave whith group named on server2
2) make named.conf and named dir writable for group named
3) create keys for ssh connections nsslave@server2
4) create keys for rndc management from server1 to server2
5) use rndc reload from server1 untill service named restart on server2
6) dont forget to use time sync (this si important for dns updating)
 
Last edited:
Why not just setup your secondary nameserver using powerdns & poweradmin ? ;)

There is a guide somewhere on the forum and it's a lot safer then setting up cronjobs and letting servers login to each other.
Used it for about a year now, runs rocksolid.

cant seem to find the guide for power dns.

Can you point me in the right location
 
Back
Top