DNS slaves (master > slave, slave > slave)

Greetings!

Regarding setting up the dns slave / cluster: (http://www.virtualmin.com/documentation/dns/slave-configuration)

I have virtualmin pro on one box with a couple domains and virtualmin gpl on the other also with a couple domains. I would like the two servers to be a dns slave / backup for the other. So I am wondering if this is the correct approach? I read in another post ( http://www.virtualmin.com/node/18343 ) "One option would be for all your systems to be slaves of the others. That way when registering a zone that is hosted on any of them, you can use the IPs of some or all systems. A system doesn't actually have to be the primary nameserver for a domain to be the nameserver you supply to the registrar .." This sounds like what i need..?

Specifically this is what i have currently:

On the pro server i have targetmyad.net as the dns / nameserver. On godaddy the hosts (ns1 & ns2) point to the x.x.x.10 ip which is also the eth0 on this server.

Here is the config:

$ttl 38400
@ IN SOA ns1.targetmyad.net. root.ns1.targetmyad.net. (
1325982560
10800
3600
604800
38400 )
@ IN NS ns1.targetmyad.net.
@ IN NS ns2.targetmyad.net.
targetmyad.net. IN A 98.142.218.10
www.targetmyad.net. IN A 98.142.218.10
ftp.targetmyad.net. IN A 98.142.218.10
m.targetmyad.net. IN A 98.142.218.10
ns1.targetmyad.net. IN A 98.142.218.10
ns2.targetmyad.net. IN A 98.142.218.10
admin.targetmyad.net. IN A 98.142.218.10
localhost.targetmyad.net. IN A 127.0.0.1
webmail.targetmyad.net. IN A 98.142.218.10
targetmyad.net. IN TXT "v=spf1 a mx a:mail01.targetmyad.net ip4:98.142.218.10 include:spf.mailjet.com ?all"

On the gpl server i have dealbent.net as the dns / nameserver. On godaddy the hosts (ns1 & ns2) point to the x.x.x.20 ip which is also the eth0 on this server.

Here is the config:

$ttl 1800s
@ IN SOA ns1.dealbent.net. root.ns1.dealbent.net. (
1325276677
10800
3600
604800
38400 )
@ IN NS ns1.dealbent.net.
dealbent.net. IN A 98.142.218.20
www.dealbent.net. IN A 98.142.218.20
ftp.dealbent.net. IN A 98.142.218.20
m.dealbent.net. IN A 98.142.218.20
localhost.dealbent.net. IN A 127.0.0.1
webmail.dealbent.net. IN A 98.142.218.20
admin.dealbent.net. IN A 98.142.218.20
mail.dealbent.net. IN A 98.142.218.20
dealbent.net. IN MX 5 mail.dealbent.net.
dealbent.net. IN TXT "v=spf1 a mx a:dealbent.net ip4:98.142.218.20 ?all"
ns1.dealbent.net. IN A 98.142.218.20
ns2.dealbent.net. IN A 98.142.218.20
dealbent.net. IN NS ns2.dealbent.net.

So what i am thinking is that i need to update the host ip's at godaddy like this:

From current setup:
ns1.targetmyad.net -> 98.142.218.10
ns2.targetmyad.net -> 98.142.218.10

ns1.dealbent.net -> 98.142.218.20
ns2.dealbent.net -> 98.142.218.20


To this setup:
ns1.targetmyad.net -> 98.142.218.10
ns2.targetmyad.net -> 98.142.218.20

ns1.dealbent.net -> 98.142.218.20
ns2.dealbent.net -> 98.142.218.10

Now this is where i am a little confused... specifically how to set up the records on each box. Do I just add A records for the other? After reading tickets here for a couple hours I am more confused than before.. Also would i change records after setting up the "cluster" per http://www.virtualmin.com/documentation/dns/slave-configuration or should that be done before?

A little help here would be appreciated...

Also If I missed anything please let me know. Thank you!

Status: 
Active

Comments

Howdy -- well, once you perform the configuration found in the "DNS Slave Auto-configuration" documentation -- any new Virtual Server you add to Virtualmin will cause it to automatically create a new DNS zone on both DNS servers.

You wouldn't have to manually create any records for new Virtual Servers, except for creating an ns1 and ns2 entry.

Such a setup is designed to be done before creating any Virtual Servers though.

If you happen to have any existing Virtual Servers (which it sounds like may be the case here) -- you could either manually create the various DNS records you need on the other server, or you could delete and then re-add the Virtual Server once you've setup the DNS slave.

I would wait until after setting up your DNS cluster, as at that point, new domains that you add will be correctly setup on both systems.

Thanks a lot.

I am running into a weird problem.. I was able to add the server through the Webmin Servers Index but when i get to adding "Cluster Slave Servers" I am getting the below timeout error. I opened ports 10000-10010 on both servers with csf.. as per this chain:

28      10   600 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpts:10001:10010 Adding host01.dealbent.net ..

Failed to connect to host01.dealbent.net : Failed to connect to host01.dealbent.net:10000 : Connection timed out

Should the IP be used and not the hostname maybe? ( or should i create A records for the server hostnames?)

Thank you!

The firewall rule you're showing there shows these ports as open:

10001:10010

That doesn't include port 10000 though, which would also need to be open.

Oh wow... i feel stupid... i corrected that, but still getting the same result... connection timed out? This is frustrating..

Well, I'm unfortunately not familiar with the specifics of CSF... however, it does sound like you're dealing with a firewall issue of some sort.

You can verify that by running this command on the slave server:

netstat -an | grep :10000

That will show whether Webmin is listening on port 10000.

If it is, that means something along the way is blocking access to that port.

You could always temporarily disable CSF just to see if things begin working at that point.

I was thinking the same thing. Its listening on both servers.. - now one thing i noticed is if i go to the Webmin Severs Index list and i click on the server (host01.dealbent.net) I get: The server at host01.dealbent.net can't be found, because the DNS lookup failed.

I then added A records for the hostname of each server - and all connected. I never noticed but it vmin didnt add the hostnames to the dns records automatically... is this normal?

Quick question: if i delete a domain and re-create it through the restore (from a backup) will it create the DNS zones on both servers now or should i create the domain manually and then import the backup?

Also how can I confirm this is working properly?

Thanks a lot!

edit:

Hmmm... Would it be possible to get you to peek at my servers on this bind setup? I got the slave connected but something doesnt seem right. Unfortunately I do not know the best way to explain it but it doesnt appear to be setup right somewhere. (I added a test domain (dealbent.com) to see what happens and when it created the dns zones it had several errors. Apparently it is writing incorrect zone info on creation. - i am leaving this as is for review / troubleshooting) Also, it doesn't appear that the records were transferred in both directions between servers? Thanks - please advise. :)

Hi, I am not sure, but there may be a bug in the virt server creation... specifically on the dns records. When i look at the records for the domain just created it has entered domainkey info for a completely different domain on the server.. (This did not happen prior to setting up the slave i believe...) and i now have added domainkey entries in the other domains records as well? Something is amiss.... :0

Quick question: if i delete a domain and re-create it through the restore (from a backup) will it create the DNS zones on both servers now or should i create the domain manually and then import the backup?

I think so, though I'm not entirely certain. That may be a question Jamie needs to chime in on :-)

I added a test domain (dealbent.com) to see what happens and when it created the dns zones it had several errors

Can you let us know what errors it is you're seeing?

specifically on the dns records. When i look at the records for the domain just created it has entered domainkey info for a completely different domain on the server

Well, you mentioned adding a test domain "dealbent.com" -- could you show us what DNS records were added for it? That might help us figure out what's going awry there. Thanks!

If you delete and then restore a domain from a backup, it should get created on all the slave systems.

Eric, sorry, i deleted it before i saw your reply - but i will see if i can replicate in a couple days when we move to the new physical server..... (we will then have a dev only box)

Thanks ~Scott

OK, I just created a virtual server (from scratch) through vmin. Now immediately after the creation i go to the dns records page for the domain and it has the errors at top of page in red:

Warning - errors were found in this domain's DNS records : The following errors were found in the DNS records : dns_master_load: /var/named/chroot/var/named/dealbent.com.hosts:20: unexpected end of line
dns_master_load: /var/named/chroot/var/named/dealbent.com.hosts:19: unexpected end of input
dns_master_load: /var/named/chroot/var/named/dealbent.com.hosts:20: syntax error
zone dealbent.com/IN: loading master file /var/named/chroot/var/named/dealbent.com.hosts: unexpected end of input

This is the DNS records created by vmin:

$ttl 30
@ IN SOA ns1.dealbent.net. root.ns1.dealbent.net. (
1326659636
10800
3600
604800
38400 )
@ IN NS ns1.dealbent.net.
dealbent.com. IN A 98.142.218.20
www.dealbent.com. IN A 98.142.218.20
ftp.dealbent.com. IN A 98.142.218.20
m.dealbent.com. IN A 98.142.218.20
localhost.dealbent.com. IN A 127.0.0.1
webmail.dealbent.com. IN A 98.142.218.20
admin.dealbent.com. IN A 98.142.218.20
mail.dealbent.com. IN A 98.142.218.20
dealbent.com. IN MX 5 mail.dealbent.com.
dealbent.com. IN TXT "v=spf1 a mx a:dealbent.com ip4:98.142.218.20 ?all"
ns1.dealbent.net
_domainkey.dealbent.com. IN TXT "t=y; o=-;"
2012._domainkey.dealbent.com. IN TXT "k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3uFOyz1FclbegTzRUzTE6WsJi6u2HBNACa99OahM9G1j39Cb0SuiA2/MbpKH/gY+DNi/6HcIONbY6K0WQeMfddDw0BSP3NUfH69zfgud+Y/GXYjaoDfD3aMTbhCQDP0/CUdAyYywMLWOdFOxXDs+3W1ZKZm5jHOZfz/NNfCbLdwIDAQAB"

If I am reading this correctly, it doesn't like the spf and domainkey lines... Any idea whats going on here?

I am wondering if i have the ns records setup incorrectly as well. (this dns stuff confuses me) So i am going to back up in case there is something else i may have screwed up...

I checked other items on both servers and this is what i see:

From Master

[root@mail01 ~]# hostname
mail01.targetmyad.net

[root@mail01 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
98.142.218.10   mail01.targetmyad.net

[root@mail01 ~]# grep myhostname /etc/postfix/main.cf
# The myhostname parameter specifies the internet hostname of this
# from gethostname(). $myhostname is used as a default value for many
#myhostname = host.domain.tld
#myhostname = virtual.domain.tld
# The default is to use $myhostname minus the first component.
# mail appears to come from. The default is to append $myhostname,
#myorigin = $myhostname
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
# The default is $myhostname + localhost.$mydomain.  On a mail domain
mydestination = $myhostname, localhost.$mydomain, localhost, mail01.targetmyad.net
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
# You MUST specify $myhostname at the start of the text. That is an
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
[root@mail01 ~]#

From slave

[root@host01 /]# hostname
host01.dealbent.net

[root@host01 /]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1               host01.dealbent.net host01 localhost.localdomain localhost
::1             localhost6.localdomain6 localhost6

[root@host01 /]# grep myhostname /etc/postfix/main.cf
# The myhostname parameter specifies the internet hostname of this
# from gethostname(). $myhostname is used as a default value for many
#myhostname = host.domain.tld
#myhostname = virtual.domain.tld
# The default is to use $myhostname minus the first component.
# mail appears to come from. The default is to append $myhostname,
#myorigin = $myhostname
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
# The default is $myhostname + localhost.$mydomain.  On a mail domain
mydestination = $myhostname, localhost.$mydomain, localhost, host01.dealbent.net
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
# You MUST specify $myhostname at the start of the text. That is an
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
[root@host01 /]#

What i am trying to accomplish should be (i think) pretty simple.. i am just lost...

  • On the first (master) server i have targetmyad.net as the dns / nameserver. On godaddy the hosts (ns1 & ns2) point to the x.x.x.10 ip which is also the eth0 on this server.
  • On the (slave) server i have dealbent.net as the dns / nameserver. On godaddy the hosts (ns1 & ns2) point to the x.x.x.20 ip which is also the eth0 on this server.

Now I know i need to change this but am not sure exactly how to do this.. Basically i want the servers to back each other up for dns but i am not sure what i need to change on the servers or at godaddy (i know i need to change the ns2 host ips, but where do i point each, etc. - also how would this need to be configured on vmin for each?)

I will be glad to let you guys log in to my servers and look cause i think i may have stuff wrong already.. which may be causing the new domain dns problems... please advise.

THANK YOU!!

Hmm, so the third line from the end there -- is there a line that simply reads "ns1.dealbent.net"?

If so, that appears to be the issue -- that's not a legitimate DNS entry.

If that's indeed the case, could you post a screenshot of your Server Configuration -> DNS Records screen? Thanks!

You are correct. That line with ns1.dealbent.net only is there. Screenshot of the other page attached... (strange indeed cause i dont see that on the screenshot)

PS: I just enabled Remote Login Privileges if needed...

I think i figured out why that lone NS entry was there. - I must have added it to the "Virtual server template details (BIND DNS domain)" in the "BIND DNS records for new domains" section.

I think i am getting close on this but if you could confirm a couple items that i am confused on for me i would appreciate it. (keeping in mind the master-slave setup)

Referencing this from vmin docs: After registering your nameservers at your domain name registrar -- you'll want to log into Virtualmin, select your "example.com" domain, click Server Configuration -> DNS Records, and create a new "A - IPv4 Address" record for ns1.example.com and ns2.example.com.

Lastly, you'll want to tell Virtualmin to use your nameservers when it generates NS records for new Virtual Servers that it creates. You can do that by going into 'System Settings' -> 'Server Templates' -> 'Default Settings' -> 'BIND DNS Domain', and set 'Master DNS server hostname' as well as 'Additional manually configured nameservers'.

  1. What do i actually need to enter for this section? "set 'Master DNS server hostname' as well as 'Additional manually configured nameservers'"

  2. For my nameservers at godaddy, right now i have both ns1.targetmyad.net and ns2.targetmyad.net pointed to the single main IP for the master system. (x.x.x.10) and both ns1.dealbent.net and ns2.dealbent.net pointed to the single main IP for the slave system. (x.x.x.20) -- I am not sure the best way to modify this as i havent setup a master-slave before.. Can you please let me know the best way?

  3. Finally, I believe I need to add A records on each server for the other but if you could provide details on what specifically needs to be added i would appreciate it!

Well, thats it. Hopefully this will be all for a good while.. Thank you again I appreciate all your help. Scott

Just for fun, I'll tackle these in the opposite order!

Finally, I believe I need to add A records on each server for the other but if you could provide details on what specifically needs to be added i would appreciate it!

Well, you only need to setup your nameservers once, for one domain. So if you're using 'ns1.dealbent.net' and 'ns2.dealbent.net' as your nameservers, that means you'd go to your dealbent.net Virtual Server, and add records for ns1 and ns2 to it.

For my nameservers at godaddy, right now i have both ns1.targetmyad.net and ns2.targetmyad.net pointed to the single main IP for the master system. (x.x.x.10) and both ns1.dealbent.net and ns2.dealbent.net pointed to the single main IP for the slave system. (x.x.x.20) -- I am not sure the best way to modify this as i havent setup a master-slave before

Well, I'm not entirely certain I understand what you're asking here...

But normally, if you have two different nameservers -- you'd setup one name to point to each... ns1.your_domain.tld pointing to the primary, and ns2.your_domain.tld pointing to the slave, giving you a total of two names pointing to two nameservers. And then you'd setup all your domains to use ns1.your_domain.tld and ns2.your_domain.tld.

What do i actually need to enter for this section? "set 'Master DNS server hostname' as well as 'Additional manually configured nameservers'"

In "Master DNS Server hostname", you'd enter the name of your primary DNS server. Something like "ns1.your_domain.tld".

When setting up the auto-slave configuration as you're doing, you don't need to enter anything in 'Additional manually configured nameservers' -- you'd only use that if you weren't using an automated slave setup such as you're doing (ie, some people manually configure a slave server with a new zone each time a domain is added to the primary).

OK This helps but I think i just didn't do a good job of explaining where i am confused.. (I may be over complicating this too, not sure..)

QUOTE: But normally, if you have two different nameservers -- you'd setup one name to point to each... ns1.your_domain.tld pointing to the primary, and ns2.your_domain.tld pointing to the slave, giving you a total of two names pointing to two nameservers. And then you'd setup all your domains to use ns1.your_domain.tld and ns2.your_domain.tld.

Since i have the two physical servers and want to use one as ns1 and the other as ns2 as well as have the "master-slave" backup running to provide redundancy for all domains on both machines, how do i deal with the actual domain or hostname for each box?

For example, say that at godaddy I set the "host" for ns1.targetmyad.net to point to x.x.x.10 and ns2.targetmyad.net to point to x.x.x.20. (godaddy hosts require you enter at least 2) For the server at x.x.x.10 that already has the targetmyad.net domain on it with its dns records do i just need to add an A record to point to the other box or is there something else i need to do here? ---> But this is where i am really confused: On the other box that is at x.x.x.20, right now it doesnt have the targetmyad.net domain on it so how do i make it become the ns2.targetmyad.net? Do i have to change the entire server setup and put the same targetmyad.net domain on it too or can the hostname remain host01.delabent.net and i just add NS and A records manually for targetmyad.net?

I hope you understand what i am trying to say here... ? I would be glad to do a google hangout or skype call if it will help...

THANK YOU!

I do want to offer, before we get too far -- that as you're seeing, setting up a DNS slave server can be complex. However, the benefits of that may be minimal for that amount of domains. It's not a requirement to run DNS on two different machines, and all doing so provides is to offload DNS requests across two systems, and that some DNS lookups will work if your primary server is down. But that doesn't really matter, since your primary server is still down :-) The majority of email providers will attempt to re-send email for days during any sort of outage.

A large scale provider may want to look into using multiple nameservers just to add to the level of redundancy they're offering, but most folks start out by using just one server to run the nameservers on.

I know that GoDaddy requires two different IP's, but you can use two different IP's on one server.

However, we'll work with you either way, and I'll answer your questions below --

Since i have the two physical servers and want to use one as ns1 and the other as ns2 as well as have the "master-slave" backup running to provide redundancy for all domains on both machines, how do i deal with the actual domain or hostname for each box?

I'd ignore the hostnames of the servers. Regardless of the hostnames, we're designating one server ns1.example.com, and the other ns2.example.com. They can have both a hostname, and the ns1/ns2 names.

You'd then need a DNS records for both the systems real hostname, as well as for ns1.example.com and ns2.example.com.

On the other box that is at x.x.x.20, right now it doesnt have the targetmyad.net domain on it so how do i make it become the ns2.targetmyad.net?

On your primary server that hosts the targetmyad.net domain, you'd go into Server Configuration -> DNS Domain, and add a DNS 'A' record that says that the domain "ns2.targetmyad.net" has an IP of "x.x.x.20".

Do i have to change the entire server setup and put the same targetmyad.net domain on it too or can the hostname remain host01.delabent.net and i just add NS and A records manually for targetmyad.net?

You don't need to change the hostnames. Just add a NS and A record for targetmyad.net on your primary server.