Home > other > Confused abaut Primary and Secondary DNS Servers configuration.

Confused abaut Primary and Secondary DNS Servers configuration.

August 16Hits:2
Advertisement

I am confused abaut primary and secondary dns servers configuration. i have read a lot of manuals tutorials abaut how to do it, but i think they do not adapt to my needs.

I set up two servers (like a tell on previous post). I now have configured second server (slave secondary dns server) to run in multiserver mode.

I configure two server entries in my administration panel.

If i mark "Is mirror of Server" on second server configuration i lost the posibility of create new websites into it. If i unmark seems dns replication in secondary dns server dont work.

I want to have two servers, controlled by one control panel in multisite mode I can get it if i not mark "Is a mirror site" in server configuration, i think this is the corret way. Mirror is for redundant purposes (i think) not for two independent server alocating diferent websites. So i have to active other services also like mail, etc in the second server.

I want also have my own nameservers ns1.domain.com ns2.domain.com. So i have created a zone with A record "ns1" pointing to primary server ip, and NS record domain.com pointing to ns1.domain.com. I have the same records for the other server with secondary server ip (A ns1 second ip and domain.com to ns2.domain.com).

Is this correct?, i have to do anything in secondary dns?. What i have to do in order to get the ns1.domains.com zones transfered to ns2.domain.com? without mirror one server into other one (i dont want mirror sites, etc).

I could get zone transfer by hand one by one, but i dont want to do this because i think this is not the way, the way is tranfer all zones froms ns1.domain.com to ns2.domain.com automatically.

Thanks for your responses and your help. I really need help with this.

Answers

For secondary DNS i`m using:

puck.nether.net.

If i learned right, the secondary server need be in another IP.

The secondary as mirror i think will work as load balance for your internal network, frst requisition will ask ns1.server.com, second will ask ns2.server.com, etc... Not sure if is it.

For the second DNS (puck.nether.net), i just set to allow zone transfer.
On the primary DNS you need add an A record point for your domain to your public IP ns1.yourdomain.com
Yes, thats correct.

You can create primary and secondary dns that gets synced automatically like this:

1) Create a new primary zone on the ns1 server, this zone has one ns recod for the ns1 server and a second ns record for the ns2 server plus a A-record for ns1 that points to the ip address of the first server and a A-record for ns2 which points to the IP address of the second server. In the field "Allow zone transfers to
these IPs (comma separated list)" of this zone, add the IP address of the secondary ns server. In the first step, we created the full primary dns record.

2) In this step, wer create the record for the ns2. Go to DNS > Secondary DNS > Secondary zones and click on the add button. Enter the zone name in the zone field (the zone is the same that we created in 1) and in the ns field you add the IP address of the primary dns server (your first server) and click on save. Bind will now transfer the zone data automatically between the servers and will get updates from the primary server automatically.
Thanks Till and Wisdown

Thanks Till and Wisdown.

Till your response is the solution. Thanks, i was trying for hours. Now works perfectly.

So my conclusion is that althought i installed first server as standar mode, setting up second as an expert mode connected to first work fine, and do not have to reinstall first server ispconfig in expert mode.

And second conclusion is your response, "how to setup two dns servers master and slave" could be a good title on how-to forge.

I think if i want, in the future, add a third dns slave server i will only have to do the same with the third server (add an entry to secondary dns of first server and add the zones needed in zones).

Thanks a lot. Best regards Till and Wisdown.
Can't get the slave to sync

Hi all,
I followed this howto:
http://www.howtoforge.com/how-to-ru...-secondary-with-ispconfig-3-debian-squeeze-p2

And this section post:
2) In this step, wer create the record for the ns2. Go to DNS > Secondary DNS > Secondary zones and click on the add button. Enter the zone name in the zone field (the zone is the same that we created in 1) and in the ns field you add the IP address of the primary dns server (your first server) and click on save. Bind will now transfer the zone data automatically between the servers and will get updates from the primary server automatically.

In ispconfig >DNS>secondary DNS
I have Server: it's the primary or master ( I can't see the secondary)
Client : any
DNS zone: ns2.domain.com
NS : IP of primary server/DNS
Allow: IP of secondary DNS
Active : check

The two server just don't sync...

In the ns2 log I have
Jan 15 16:51:02 dns2 named[28492]: client xx.xx.xx.xx#12282: received notify for zone 'domain.com'

But there is no pri.file in the /etc/bind or /etc/bind/slave
If I query the ns2 IT doesn't answer for the domain.com

How can I know if they sync? Is it in the log somewhere?

I'm just lost here, please any solution idea or trail to look...

Thanks
Any other lines in the log of the ns2 server? There should be either a success or a failure message after this line. You might also want to check if the bind server can write to /etc/bind/slave
Here is the full log of ns2 from the notify line until the error:

I was able to sync the 2 ns at one time 4 month ago when I set everything up but the SOA mismatch since then so I deleted all the /etc/bind/pri.* file hoping that bind would resync them. AS you can see that came without succes.

As far as I can see there is probably a config error now...

Jan 15 16:51:02 Server named[28492]: client xx.xx.xx.xx#12282: received notify for zone 'domain3.com'
Jan 15 16:51:42 Server named[28492]: client 93.113.174.225#14424: query (cache) 'adobe.com/A/IN' denied
Jan 15 16:52:01 Server CRON[7674]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log)
Jan 15 16:52:11 Server named[28492]: received control channel command 'stop -p'
Jan 15 16:52:11 Server named[28492]: shutting down: flushing changes
Jan 15 16:52:11 Server named[28492]: stopping command channel on 127.0.0.1#953
Jan 15 16:52:11 Server named[28492]: stopping command channel on ::1#953
Jan 15 16:52:11 Server named[28492]: no longer listening on ::#53
Jan 15 16:52:11 Server named[28492]: no longer listening on 127.0.0.1#53
Jan 15 16:52:11 Server named[28492]: no longer listening on 10.0.9.2#53
Jan 15 16:52:11 Server named[28492]: exiting
Jan 15 16:52:35 Server named[7724]: starting BIND 9.8.1-P1 -u bind
Jan 15 16:52:35 Server named[7724]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro' 'CPPFLAGS=-D_FORTIFY_SOURCE=2'
Jan 15 16:52:35 Server named[7724]: adjusted limit on open files from 4096 to 1048576
Jan 15 16:52:35 Server named[7724]: found 2 CPUs, using 2 worker threads
Jan 15 16:52:35 Server named[7724]: using up to 4096 sockets
Jan 15 16:52:35 Server named[7724]: loading configuration from '/etc/bind/named.conf'
Jan 15 16:52:35 Server named[7724]: reading built-in trusted keys from file '/etc/bind/bind.keys'
Jan 15 16:52:35 Server named[7724]: using default UDP/IPv4 port range: [1024, 65535]
Jan 15 16:52:35 Server named[7724]: using default UDP/IPv6 port range: [1024, 65535]
Jan 15 16:52:35 Server named[7724]: listening on IPv6 interfaces, port 53
Jan 15 16:52:35 Server named[7724]: listening on IPv4 interface lo, 127.0.0.1#53
Jan 15 16:52:35 Server named[7724]: listening on IPv4 interface eth0, 10.0.9.2#53
Jan 15 16:52:35 Server named[7724]: generating session key for dynamic DNS
Jan 15 16:52:35 Server named[7724]: sizing zone task pool based on 183 zones
Jan 15 16:52:35 Server named[7724]: using built-in root key for view _default
Jan 15 16:52:35 Server named[7724]: set up managed keys zone for view _default, file 'managed-keys.bind'
Jan 15 16:52:35 Server named[7724]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
Jan 15 16:52:35 Server named[7724]: automatic empty zone: 254.169.IN-ADDR.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: D.F.IP6.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: 8.E.F.IP6.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: 9.E.F.IP6.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: A.E.F.IP6.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: B.E.F.IP6.ARPA
Jan 15 16:52:35 Server named[7724]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Jan 15 16:52:35 Server named[7724]: command channel listening on 127.0.0.1#953
Jan 15 16:52:35 Server named[7724]: command channel listening on ::1#953
Jan 15 16:52:35 Server named[7724]: zone 0.in-addr.arpa/IN: loaded serial 1
Jan 15 16:52:35 Server named[7724]: zone 127.in-addr.arpa/IN: loaded serial 1
Jan 15 16:52:35 Server named[7724]: zone 255.in-addr.arpa/IN: loaded serial 1
Jan 15 16:52:35 Server named[7724]: zone domain.com/IN: loading from master file /etc/bind/pri.domain.com failed: file not found
Jan 15 16:52:35 Server named[7724]: zone domain.com/IN: not loaded due to errors.
Jan 15 16:52:35 Server named[7724]: zone domain2.com/IN: loading from master file /etc/bind/pri.domain2.com failed: file not found
Jan 15 16:52:35 Server named[7724]: zone domain2.com/IN: not loaded due to errors.

As for the /etc/bind/slave folder
Here is the dir ls -al
drwxrws--- 2 root bind 4096 Sep 15 12:50 slave

So yes it should have the right to write.

Thanks Till
How did you configure the sync? ISPConfig has 2 options, the server mirror mode or slave zones.
At first I put miror mode like in the howto. And then after when I saw It didn't work I tried with secondary zone without more succes.

In any case, is there a question of user or password to create to grand acces. How the sync is supposed to occure. By witch mean the sync is done? By ssh,
ftp, port 52 by bind? I just don't understand this process...
There is no connection possible by ssh. I don't have any users created.

A sync log would be a nice to have! Or an option like sync now. I saw there is something in option but I don't know what that thing sync... Not the DNS...
Ok. You can not use both together.

The problem is that you deleted the pri.* files manually,as tehy will not be generated again. Instead of deleting them, you could have used the resync tool to force a update. Please remove the secondary dns records that you added as they will cause a conflict in bind so that the dns server must fail.

The slave server connects to the mysql database on the master server, fetcehs the changes that wer made trough the ispconfig interface and miirors them to the mysql database of the slave and then changes the config files. I described this in several posts here in the forum in the past.

There is a sticky post that describes what to do when your server is not writing changes to disk:

http://www.howtoforge.com/forums/showthread.php?t=58408

That log exists, all you have to do is enable debugging for the slave as explained in the sticky post.
I took out the secondary dns entry.
Tried resyn in ispconfig>>tools without succes
I have no pri.* files in the ns2 server either in /etc or /etc/bind
What are the ports I need open on both server:
Here is what I have now:
On primary:
tcp: 20,21,22,25,53,80,110,143,443,463,587,993,995,3306,8080,8081 UDP: 53,3306
On secondary:
TCP : 22,53 UDP : 53

What is the data flow? Is it the ns2 that connect to ns1 or the other way around?
ns2 is connecting to ns1. i posted a link that conatins the instructions to debug this in my last post. Please follow the instructions to debug your issue.
I followed what you said and reconfigured miror as the howto said.
Rsync the pri.* files manually in /etc/bind on ns2.
Everything is ok if I querry any dns but when I change dns entry on master server it doesn't sync the ns2 and I'm back with SOA mismatch and dns entry not in sync...

I'm kind a back to square one,

If I modify a zone on the master this is the log on the slave ns2:

Jan 21 10:17:13 server named[883]: client xx.xx.xx.xx#33142: received notify for zone 'domain.com'

Here is the log for ns1 master:

Jan 21 10:17:02 Server named[839]: received control channel command 'reload'
Jan 21 10:17:02 Server named[839]: loading configuration from '/etc/bind/named.conf'
Jan 21 10:17:03 Server named[839]: reading built-in trusted keys from file '/etc/bind/bind.keys'
Jan 21 10:17:03 Server named[839]: using default UDP/IPv4 port range: [1024, 65535]
Jan 21 10:17:03 Server named[839]: using default UDP/IPv6 port range: [1024, 65535]
Jan 21 10:17:09 Server named[839]: reloading configuration succeeded
Jan 21 10:17:09 Server named[839]: reloading zones succeeded
Jan 21 10:17:12 Server named[839]: zone domain.com/IN: domain.com.domain.com/NS 'ns5.domain.com.domain.com' has no REQUIRED GLUE address records (A or AAAA)
Jan 21 10:17:12 Server named[839]: zone domain.com/IN: loaded serial 2013012102
Jan 21 10:17:13 Server named[839]: zone domain.com/IN: sending notifies (serial 2013012102)

Any suggestion...
1) Did you delete all secondary zones in ispconfig like I suggested?

If no, then do it now.

if Yes, then you have a general problem with your ispconfig multiserver setup, e.g. the /etc/hosts file was not configured in the way described in the tutorial before ispconfig was installed on the master and slave server. If the file is not setup corrcetly before you install ispconfig, the sync must fail later as the slave server is not able to conect to the mysql master database then to get the required domain infos for the sync.

To test this, enable loglevel debug for the slave server in ispconfig, disable the server.sh script in the root crontb of the slave and run it manually. See sticky post in this forum for detailed instructions.
This post is directed to Wisdown, or anyone else who is/was using puck.nether.net as a secondary DNS server.

WHAT HAPPENED TO PUCK.NETHER.NET?

I have been using puck.nether.net secondary DNS for several years, recently I noticed some dns errors on my domain. I traced it to puck.nether.net using the cool free DNS tool http://ww2.infoblox.com/services/dns_advisor_tool.cfm

It seems as though this service has fallen off the face of the internet. Is this true or am I being stupid? My last status message from puck.nether.net was on Nov 29, 2012.

Any comments?

-John

Tags:

Related Articles

  • Confused abaut Primary and Secondary DNS Servers configuration.August 16

    I am confused abaut primary and secondary dns servers configuration. i have read a lot of manuals tutorials abaut how to do it, but i think they do not adapt to my needs. I set up two servers (like a tell on previous post). I now have configured seco

  • Help:two isp3 servers primary and secondary dnsAugust 24

    I have isp3 server at home.(mydns) Now I setting up idp3 server @ work.(BIND) How I can set them up so they function as redundant dns servers to each other? So far I use configuration on my home server that ns1 and ns2 points to the same isp3 server

  • What do I set as the Primary and Secondary DNS when hosting an internal DNS Server?December 7

    I have an internal DNS server and a router. I can never figure out what I should set as my Primary and Secondary DNS on the router and dns server. Let's say my internal DNS server is 192.168.0.2 and my router is 192.168.0.1. This is what I have setup

  • Primary and secondary name servers : Do they have to be hosted in same company?January 9

    I have my domain hosted and I received to two name servers to be updated with my domain registrar ns1.hostingcompany.com ns2.hostingcompany.com , I know if the primary name server goes down DNS server automatically point my domain to the secondary na

  • Setting up primary and secondary dns on one server July 30

    This question already has an answer here: Why should one have a secondary DNS server? 8 answers I'm configuring a vps to be used as webserver, and everything is going well, but now I am coming to the point of DNS. The VPS has two working IP Addresses

  • Is my Windows 7 primary and secondary DNS setting correct?

    Is my Windows 7 primary and secondary DNS setting correct?July 23

    I use a Windows 7 desktop PC with a TP Link Wireless N ADSL2 + Modem Router. My PC is connected to the TP Link via a LAN cable while another 2 PCs of my secretaries are connected via WiFi. I am not good at networking. I wonder if my primary and secon

  • Howto on primary and secondary DNS questionsJuly 22

    http://www.howtoforge.com/how-to-run-your-own-dns-servers-primary-and-secondary-with-ispconfig-3-debian-squeeze The version referenced here no longer links. What version can I use that follows the same paths and will work for this project? Since our

  • how to set 1 ip to primary and secondary DNS?

    how to set 1 ip to primary and secondary DNS?November 5

    Can I follow the step of How To Run Your Own DNS Servers (Primary And Secondary) With ISPConfig 3 (Debian Squeeze)? And I find that the topic is for two different IP....I only have public ip, how can I set up my server? I do want to use ns1.xxx.com a

  • I have too many DNS servers configuredMay 27

    The OS is Win 8.1. I have my laptop connecting to my wireless router, and I have told the router to issue out DNS via the DHCP lease. The laptop is configured to use the information. The router is configured to only issue two DNS server addresses fro

  • primary and secondary intemediate certificate Configuration in ApacheJune 4

    We are using Apache 2.2.27 and windows 2008 Standard server. It is a production web server. We had configured ssl earlier but now we have to renew the certificates. We got three certificates maincert.crt, primarycertificate.crt and secondarycertifica

  • MONGODB primary became secondary after servers restartFebruary 14

    I had this config before restart: { "_id" : "rs0", "version" : 5, "members" : [ { "_id" : 0, "host" : "Ubuntu12041vanilla:27017" }, { "_id" : 1, "host" : "slave

  • Primary and Secondary DNS - MultiserverAugust 4

    Hello all, Right now, I am setting DNS2 as mirror of DNS1. As I read in older posts, the DNS2 in this case WILL NOT be an exact copy of DNS1 so... If my server DNS1 dies and I want to change DNS2 as DNS1 (switch them permanently) I can't... in anothe

  • Master/Slave DNS setup vs. rsync'ed DNS serversApril 8

    We currently have primary and secondary DNS servers on our corporate network. They are setup in a master/slave type setup, where the slave gets its DNS information from the master. I'm trying to figure out what the real advantage is for the master/sl

  • Why should i use my hosting dns servers?September 22

    I recently adquried a new domain name with Godaddy. And rented a Dedicated server with another provider (OVH). I´ve found that Godaddy suggests to change the authoritative nameservers of the domain to my hosting dns servers, but... Why? (http://suppo

  • Good idea to use NLB for DNS servers?March 29

    Is it a good idea to use NLB to load balance DNS requests to primary and secondary dns servers on port 53? --------------Solutions------------- Using an explicit, separate load balancer for DNS is rarely sensible. DNS queries are automatically distri

  • Active Directory - List ISP DNS servers as Forwarders?

    Active Directory - List ISP DNS servers as Forwarders?May 9

    Background: I have a relatively small Active Directory domain (Windows 2003 Functional level) with two domain controllers, both running DNS servers. They are the primary and secondary DNS servers for the LAN. No other local DNS. I do not have any sub

  • Windows script to change DNS servers for all network adapters with *Management* in the adapter nameJanuary 4

    For ex: netsh interface ipv4 set dns management 10.111.253.41 netsh interface ipv4 add dns management 10.111.253.42 index=2 The management NIC is named: "Management Network" on one server and "Management-NIC" on another. I need to run

  • How to find which DNS server I am using (of the multiple configured dns servers)February 17

    I have two dns servers configured, which are listed when viewing ipconfig /all I would like to know which of the two servers I am using at the current time i.e. from my browser or via the tracert command. I believe that I will be using the first list

  • DNS performance: Does having multiple secondary NS servers improve performance?April 9

    When some domain have primary NS, and several secondary NSes, will clients ask them randomly to reduce the load, or they will hit primary NS only, and proceed to secondary only when primary fails? --------------Solutions------------- I will reuse the

  • ISPconfig 3 secondary dns not receiving updates

    ISPconfig 3 secondary dns not receiving updatesAugust 5

    I followed the howto at http://www.ispconfig.org/news/tutori...ebian-squeeze/. The secondary ns just sits there with it's thumb... there are no errors in /var/log/ispconfig/cron.log there is no related messages in /var/log/syslog I don't even know wh

Copyright (C) 2017 ceus-now.com, All Rights Reserved. webmaster#ceus-now.com 14 q. 0.555 s.