This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

How to setup secondary name server
#11
RE: How to setup secondary name server
Hi,

I'm running a zpanel (for now) with Bind in master/slave (multiserver) configuration and auto zone file sync.

Solution I've used is a simple passwordless (cert exchange) rsync connection from slave server to master, where i check for new zone files every 5min (cron). After new domain is added on master, slave server grabs the new file, corrects the permissions and refreshes bind service on slave server.

If U're interested, i can upload .sh file.
Reply
Thanks given by: TGates , R0Bzombie
#12
RE: How to setup secondary name server
I would be interested, please send it my way Smile
(12-20-2014, 08:09 AM)paknet Wrote: Hi,

I'm running a zpanel (for now) with Bind in master/slave (multiserver) configuration and auto zone file sync.

Solution I've used is a simple passwordless (cert exchange) rsync connection from slave server to master, where i check for new zone files every 5min (cron). After new domain is added on master, slave server grabs the new file, corrects the permissions and refreshes bind service on slave server.

If U're interested, i can upload .sh file.

I would be interested, please send it my way Smile
Reply
Thanks given by:
#13
RE: How to setup secondary name server
(12-20-2014, 08:09 AM)paknet Wrote: Hi,

I'm running a zpanel (for now) with Bind in master/slave (multiserver) configuration and auto zone file sync.

Solution I've used is a simple passwordless (cert exchange) rsync connection from slave server to master, where i check for new zone files every 5min (cron). After new domain is added on master, slave server grabs the new file, corrects the permissions and refreshes bind service on slave server.

If U're interested, i can upload .sh file.

Yes, I too would be interested in this very much so. Please upload the .sh file for us to peruse.
Everyone makes mistakes, but to truly screw up it takes the root password!
Reply
Thanks given by:
#14
RE: How to setup secondary name server
Hi,

sry for delay. I'm almost at the end with server migration. We've decided to migrate all of our servers to Blades so I'm kinda busy =).
Please hold on for another day or two and I promise i will write the whole procedure from start to end. Scripts included.
Reply
Thanks given by: R0Bzombie , Blooddarkness
#15
RE: How to setup secondary name server
paknet, are you going to upload multiserver .sh for Sentora?
Reply
Thanks given by:
#16
RE: How to setup secondary name server
Guys be patient haha
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Reply
Thanks given by:
#17
RE: How to setup secondary name server
mmmmm
How is this settings going to be updated?
Reply
Thanks given by:
#18
RE: How to setup secondary name server
Here’s how we do DNS master slave auto replication… or better… slave —> master pull replication

Overview

On master DNS server we need to generate Bind slave zone file for rsync to fetch it from slave DNS server.

Than we need to set passwordless authentication between slave and master server. To do that we need to create and exchange private SSH keys (slave —> master).

Third part is rsyncing zone file(s) via secure socket from master to slave. After that we only need to reload bind service and we are done.

Step by step guide…

Master DNS server

Create folder for executable script
Code:
mkdir /root/bin
Create sh file, copy paste the content and set the “x” bit
Code:
vi /root/bin/generate_slave_zones.sh
Copy/Paste/change IP/save the following (Change the MASTER-SERVER-IP!!!)
Code:
#!/bin/sh
#
# Print out all domains listed in Sentora named.conf.
for domain in `/bin/grep ^zone /etc/sentora/configs/bind/etc/named.conf | grep -v '"."' | grep -vi in-addr | /bin/awk '{print $2}'| /bin/awk -F\" '{print $2}'`

# Print out all domains listed in zPanel named.conf.
# for domain in `/bin/grep ^zone /etc/zpanel/configs/bind/etc/named.conf | grep -v '"."' | grep -vi in-addr | /bin/awk '{print $2}'| /bin/awk -F\" '{print $2}'`

do
       # Generate Bind slave zone file with correct master DNS IP.
       /usr/bin/printf "zone \"${domain}\" {\n\ttype slave;\n\tfile \"slaves/${domain}.zone\";\n\tmasters { MASTER-SERVER-IP; };\n};\n"

       # Write the file in exchange foder
       done > /root/named_slave_zones_transfer/named.conf.slave.zones
Set the eXecute bit
Code:
chmod a+x /root/bin/generate_slave_zones.sh

Create zone exchange folder
Code:
mkdir /root/named_slave_zones_transfer

Run the script and check generated file contents
Code:
/root/bin/generate_slave_zones.sh
cat /root/named_slave_zones_transfer/named.conf.slave.zones
You should see something like this…
Code:
zone “domain.com” {
   type slave;
   file "slaves/domain.com.zone";
   masters { MASTER-SERVER-IP; };
};

Add script to crontab… 
Code:
crontab -e
Copy/paste/save the following. Script will be executed every 5 minutes. Change this according to your needs
Code:
# Named slave zone generator
*/5 * * * * /root/bin/generate_slave_zones.sh

Add Slave DNS server to acl trusted-servers pool in named.conf
Code:
vi /etc/named.conf
Modify the following … (add the SLAVE-SERVER-IP). Without this line Bind zone transfer from Slave DNS server will fail!!!
Code:
acl trusted-servers {
   MASTER-SERVER-IP;     // ns1
   SLAVE-SERVER-IP;      // ns2
};

Install rsync
Code:
yum install rsync


Slave DNS server

Create public and private keys using ssh-keygen on slave server
Code:
ssh-keygen
Confirm default file name to save the key and leave empty passphrase. 
This will generate the following files
Code:
ll /root/.ssh/id*
-rw------- 1 root root 1.7K Feb  6 00:33 /root/.ssh/id_rsa
-rw-r--r-- 1 root root  403 Feb  6 00:33 /root/.ssh/id_rsa.pub
Tighten up file permissions
Code:
chmod 700 /root/.ssh
chmod 600 /root/.ssh/*
ls -ld /root/.ssh & ls -l /root/.ssh
Now copy the public key to the master server and fix permissions (you will be prompted for the root password)
Code:
ssh root@MASTER-SERVER-IP 'mkdir -p /root/.ssh'
scp /root/.ssh/id_rsa.pub root@MASTER-SERVER-IP:/root/.ssh/authorized_keys
ssh root@MASTER-SERVER-IP 'chmod  700 /root/.ssh'
ssh root@MASTER-SERVER-IP 'chmod  600 /root/.ssh/*'
You should now be able to ssh from slave to master server without providing a password
Code:
ssh root@MASTER-SERVER-IP

On Slave DNS server install rsync package
Code:
yum install rsync
create folder for executable script
Code:
mkdir /root/bin
Create sh file, copy paste the content and set the “x” bit
Code:
vi /root/bin/named-fetch-slave-zones.sh
Copy/Paste/change IP/save the following (Change the MASTER-SERVER-IP and MASTER-HOSTNAME!!!)
Code:
#!/bin/bash

# tmp direcotry
DIRECTORY=/root/named-slave-fetch

# Create dir if not exists
if [ ! -d "$DIRECTORY" ]; then
   mkdir $DIRECTORY
fi
cd $DIRECTORY

# Rsync via ssh from master to slave
/usr/bin/rsync -e ssh root@MASTER-SERVER-IP:/root/named_slave_zones_transfer/named.conf.slave.zones .

if [ $? -eq 0 ]
then
       # Copy zone file to bind zone slave folder and rename it
       /bin/cp -u named.conf.slave.zones /var/named/slaves/slave-zones-MASTER-HOSTNAME.conf
       # Change ownership permissions
       /bin/chown root.named /var/named/slaves/slave-zones-MASTER-HOSTNAME.conf
       # Change file permissions
       /bin/chmod 644 /var/named/slaves/slave-zones-MASTER-HOSTNAME.conf
       # Reload Bind (named) - CENTOS 6
       /sbin/service named reload
       # Reload Bind (named) - CENTOS 7
       # /usr/sbin/service named reload
else
       echo "Slave zone file download failed."
fi
Set the eXecute bit
Code:
chmod a+x /root/bin/named-fetch-slave-zones.sh
Include the slave zone file in named.conf
Code:
vi /etc/named.conf
On the end of the file add the following line (change the hostname)
Code:
include "/var/named/slaves/slave-zones-MASTER-HOSTNAME.conf";
Run the sh script
Code:
/root/bin/named-fetch-slave-zones.sh
Check the messages log file. You should see something like
Code:
zone domain.com/IN: Transfer started.
transfer of ‘domain.com/IN' from MASTER-SERVER-IPCool site...: connected using SLAVE-SERVER-IP#49764
zone domain.com/IN: transferred serial 000000000
transfer of ‘domain.com/IN' from MASTER-SERVER-IPCool site...: Transfer completed:

Last step… edit the crontab
Code:
crontab -e
and add
Code:
# Named - Fetch slave zones from master
*/5 * * * * /root/bin/named-fetch-slave-zones.sh

This was tested in Centos 6/7 environment, but with minor changes it should also work on Ubuntu.

Thats it. Hope it helps.
Reply
Thanks given by: Me.B , ryucz , Blooddarkness , s0rk
#19
RE: How to setup secondary name server
Good one. But the optimal would be to flag the new added zones/deleted would be more efficient I think.

M B
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Reply
Thanks given by:
#20
RE: How to setup secondary name server
In some VPS providers, have a resource named "virtual private network". Isn't better use this network to transfer data from master to slave? I think that doesn't use bandwidth quota.
Reply
Thanks given by:


Possibly Related Threads…
Thread Author Replies Views Last Post
Ubuntu: How to setup TLS on postfix and dovecot Diablo925 28 110 ,116 02-15-2018, 08:46 PM
Last Post: duane
[How-To] Install the perfect Sentora server using CentOS 7 betatester3.0 0 6 ,429 10-18-2017, 12:55 AM
Last Post: betatester3.0
Centos 7 : Setup Spamassassin Untouchable 8 54 ,164 03-26-2017, 06:35 PM
Last Post: chongma

Forum Jump:


Users browsing this thread: 1 Guest(s)