HowTo setup external secondary DNS?

[resolveit]

Can someone post a detailed how-to related to setting up a secondary DNS server on a seperate linux box.

I would prefer to have a how-to using Bind - notify to the other box for new zones and updates so we have up-to-date dns on both boxes.

Thanks to the gurus for indulging me with this how-to.

Kind Regards,
Onno Vrijburg

[jlasman]

First you have to install bind on another Linux system. How you do that is system dependent; on RHL you make sure that the bind rpms are installed.

Then you need to learn how to administer it; here's a howto on becoming a "small-time" DNS administrator:

http://langfeldt.net/DNS-HOWTO/BIND-8/

You'll need to create a directory where bind will store the "slave" dns information it gets from your master server, if your BIND installation doesn't set it up for you; on most linux systems it's at var/named/.

You'll need to create zone file records in your /etc/bind.cof file; you should be able to find information on that at:

http://langfeldt.net/DNS-HOWTO/BIND-...O-5.html#ss5.6

Though I generally use one line records rather than the multi-line one they show as an example:

zone "linux.bogus" { type slave; file "sz.linux.bogus"; masters { 192.168.196.2; }; };

I do it this way because I maintain these by scripts. Using scripts to maintain single line reocrds are simpler than scripts to maintain multiple line records.

You'll have to add these manually to the slave-server, or create your own method for creating them automatically, since bind has no mechanism for doing so.

Then reload the slave server; on RHL this works:

# service named reload

(I'm currently working on a script system for doing this, but we just had our first meeting last night; it will take a while.)

Jeff

[mainswitch]

Hi

How to setup an external secondary nameserver on a directadmin server? (box 2 with da will be the secondary)

[jlasman]

I'm not sure what you mean.

Do you mean that box 2 will slave dns for sites hosted on box 1?

Will box 2 also have it's own sites?

If so, will you want box 1 to slave sites hosted on box 2?

Jeff

[resolveit]

I have 3 DA boxes (A,B & C) running on RH9

Box A,B and C all host websites and run Primary DNS for the sites on the Box itself (currently each box also runs secondary for the sites on the box itself).

Situation I wish to create:

Box A primary for the sites on A, secondary for the sites on B & C
Box B primary for the sites on B, secondary for the sites on A & C
Box C primary for the sites on C, secondary for the sites on A & B

I've read the BIND manual and have attemted this without success, infact breaking the configuration was the result of my efforts (thankfully I had made backups).

I do not want to use unix scripting because BIND should be able to do this almost instantly with the notification mechanism and zone transfers. I have read and successfully configured secondary DNS manually but I would like to do things in an automated way. Some TLDs also require that your DNS be active before you can register a domain name with them.

I would like to see a step-by-step HOW-TO as I know for a fact there are other people like me who are not BIND specialists but would like thier hosting setup as stable as possible for the sake of thier customers.

I hope someone will be so kind as to share thier knowledge of BIND with the DA users.

Thank you very much for your time.

[jlasman]

Quote:

Originally posted by resolveit
Situation I wish to create:

Box A primary for the sites on A, secondary for the sites on B & C
Box B primary for the sites on B, secondary for the sites on A & C
Box C primary for the sites on C, secondary for the sites on A & B

The terms primary and secondary are no longer used; they've been replaced by master and slave. While most of us who are bind "gurus" will translate between the two terminologies and still be able to help you, we'll also see you as someone who doesn't fully understand or respect how DNS works. That's okay with me if it's okay with you .

Quote:

I've read the BIND manual and have attemted this without success, infact breaking the configuration was the result of my efforts (thankfully I had made backups).

I do not want to use unix scripting because BIND should be able to do this almost instantly with the notification mechanism and zone transfers.

BIND has an automatic mechanism for replicating master zones to slave zones.

What it doesn't have is any mechanism for telling a server it is supposed to be a slave for certain domains.

Really. If you ask this question on the bind-users list, or on the comp.protocolos.dns.bind newsgroup (please don't post on both; they're gated to each other) you'll be told (perhaps politely) to RTFM (read the fine manual).

Quote:

I have read and successfully configured secondary DNS manually but I would like to do things in an automated way.

You'll either have to script it or do it manually. Or wait for DA to script it for you. There's no other way to tell a BIND nameserver it's supposed to be a slave for a domain.

If there was, I could save a lot of money by telling, for example, ns2.earthlink.net, that it should slave my domains.

Quote:

Some TLDs also require that your DNS be active before you can register a domain name with them.

When you set up your nameservers has nothing to do with how you set them up.

Quote:

I would like to see a step-by-step HOW-TO as I know for a fact there are other people like me who are not BIND specialists but would like thier hosting setup as stable as possible for the sake of thier customers.

I've already done that.

Quote:

I hope someone will be so kind as to share thier knowledge of BIND with the DA users.

I've tried.

Jeff

[mainswitch]

Quote:

Originally posted by jlasman
I'm not sure what you mean.

Do you mean that box 2 will slave dns for sites hosted on box 1?

Will box 2 also have it's own sites?

If so, will you want box 1 to slave sites hosted on box 2?

Jeff

Yes

ns1 on box 1
ns2 on box 2

and visa versa

ns1 of box2 on 2
ns2 of box2 on 1

it's easy but how to setup this in DA ?

[jlasman]

You don't set it up in DA; DA currently has no facility for doing it.

What you can do is create your own file with secondary zones defined in it, and include it in your /etc/named.conf file; something like:

include "/etc/named/manual.named.conf";

and inside that /etc/named/manual.named.conf file you could have lines like this:

zone "lazersys.com" in { type slave; file "/etc/named/rwl/db.lazersys.com"; masters { 204.155.150.42; }; };

That works. And won't be overwritten by anything DA does.

Be sure to reload the nameserver when you're done:

# service named reload

And also to check the logs to make sure it started without error; look at /var/log/messages

And make sure it's running:

# ps waux | grep named

That's it.

Jeff

[mainswitch]

So new feature is born

We have a lot of customers with DA servers.
and most of them like the ns2 on an other server.

[jlasman]

We'll soon be offering a complete scripted method of doing slave DNS for lots of different kinds of hosting platforms.

Jeff

[resolveit]

This is indeed good news.

I moved accross from Windows to Linux because of stability but lost the automatic master - slave DNS facility that I enjoyed.

Thanks a lot for the contructive way in wich the DA people approach problems in thier comunity.

Kind regards,
Onno Vrijburg

[Webcart]

Quote:

jlasman wrote a very nice tutorial - thank you!

Just in case someone wants to create /etc/named/manual.named.conf file automatically, here is the script that can do that:

Quote:

#!/bin/bash

MASTER=x.y.z.w

pushd /etc/namedb
ls -la *.db | awk -v m=$MASTER '{ print gensub(/(.*)\.db/,"zone \"\\1\" { type slave; file \"/etc/namedb/manual/\\1.db\"; masters { "m"; }; };", g, $9); }'

Don't forget to create /etc/namedb/manual/ directory on the slave nameserver and replace x.y.z.w with the IP address of your master.

[jlasman]

Webcart,

I tried it, but I can't figure out where to put it and what directory I need to be in when I run it.

When I try to run it I get a file *.db not found error.

Jeff

[Webcart]

Quote:

Originally posted by jlasman
Webcart,

I tried it, but I can't figure out where to put it and what directory I need to be in when I run it.

When I try to run it I get a file *.db not found error.

Jeff

Jeff,
it was tested on FreeBSD, I guess you are using Linux and the path to *.db is different for you.
I will check it in a few days and will post here a portable version

[ProWebUK]

Assuming the FBSD path is /etc/namedb/manual/ then just replace that with /var/named I guess..

Chris

[Webcart]

Ok, here is updated version, which should work on both Red Hat Linux and FreeBSD:

Quote:

#!/bin/bash

# Replace "x.y.z.w" with the IP address of your master DNS
MASTER=x.y.z.w

#----------------------------------
#do not make changes below this line
#-----------------------------------

OS=`uname`
if [ $OS = "FreeBSD" ]; then
DB_PATH=/etc/namedb
else
DB_PATH=/var/named
fi

pushd $DB_PATH
ls -la *.db | awk -v m=$MASTER -v path=$DB_PATH '{ print gensub(/(.*)\.db/,"zone \"\\1\" { type slave; file \""path"/manual/\\1.db\"; masters { "m"; }; };", g, $9); }'
popd

I took DB_PATH setting code from DA's ipswap.sh script, so it should be ok but I could only test it on FreeBSD.
If someone could run it on Linux and post a feedback here, I would appreciate it.

This script could be run from any directory and outputs results to stdout, use redirect ">" to forward it to a file.

Do not forget to create manual directory on slave nameserver.
For FreeBSD it's
mkdir /etc/namedb/manual
For Linux it's
mkdir /var/named/manual

[DennisCitus]

Is there a way to update dns on both servers almost live? I do not want to wait 5minutes every time before being able to register an .nl-domain. (They require the dns to work already properly)

[etegration]

Quote:

Originally posted by jlasman
The terms primary and secondary are no longer used; they've been replaced by master and slave. While most of us who are bind "gurus" will translate between the two terminologies and still be able to help you, we'll also see you as someone who doesn't fully understand or respect how DNS works. That's okay with me if it's okay with you .
Jeff

i still see it being used as pri and sec most of the time even on NIC's levels. well, it's ok with me too.