Bind Cluster Server problem

6 posts / 0 new
Last post
#1 Wed, 09/05/2018 - 21:50
kilmarac

Bind Cluster Server problem

I am attempting to cluster a server on webmin and bind and running into the old "is not running Webmin version 1.202 or above."

I have gone through a dozen different articles here and on the web and all of them seem to point to a problem in the firewall. Ive opened ports 10000-10014 on both TCP and UDP. Server A is running Debian 9, Server B using FirewallD is running Ubuntu 18.04LTS using Linux Firewall.

I am able to connect it in the webmin cluster page and clicking on its button loads its control panel in the screen, however, I cannot for the life of me get it to connect to auto-slave BIND from Server A.

Im at a loss.

Thu, 09/06/2018 - 05:22
noisemarine

The only ports you need to open are 53TCP/UDP for DNS, and your Webmin port and Webmin port + 1 (ie. 53, 10000, 10001). If you're like me, you'll restrict the IPs that can access these ports to the other servers in your cluster, and your own personal/work network.

Don't use the Webmin Cluster stuff for this. Here's how to do it.

On the SLAVE server/s, create a new Webmin user. Give it only access to BIND. Use a ridiculously unguessable username and password. Other than this connection, you'll never use it (that means, don't use "root"!).

On the MASTER server, go to Webmin -> Webmin Servers Index and click "Register a new server".

Fill in the details using the new user/s you just created. You should end up with an icon that if you click it, it logs you into your slave server and you can access BIND.

Once that works, on the MASTER simply go to Webmin -> Servers -> BIND DNS Server -> Cluster Slave Servers. Follow your nose from here and you should be good to go.

Thu, 09/06/2018 - 08:51
scotwnw

Steps to check for cluster slave dns setup.
1. is the slave managed in webmin by main server under >webmin>webmin servers index
2. On main server, go to > servers > Bind Dns server > cluster slave servers. Should give you list of servers to add as slaves,pick server. Change "Create secondary on slave when creating locally" to yes, and "Create all existing master zones on slave?" to yes. Click add now.
3. On main server still. > servers > bind dns server > zone defaults. In bottom left, "Also notify slaves.." click "listed" check box and put in slave IP(s). Also be sure "Notify slaves of changes?" is set to yes. This tells main to notify slaves of dns changes. So main is now setup.
4. On the slave(s), > servers > bind dns server > zone defaults. Set "Allow transfers from.." to the IP of the main dns server. Now the "zone defaults" are setfor bind itself. Restart bind on slave, then restart bind on main. Should see new zones on the slave now.
5. Now have to clear "zone defaults" for individual zones(domains). On the slave(s), > servers > bind dns server > domain name> zone defaults. The 2 "default" check boxes should be checked and all four text boxes should be blank. I believe "127.0.01, local" defaults to one of those boxes, which wont work. Restart the slave Dns and cluster should now work. (NOTE) You'll have to manually be sure each domain zone doesn't have the 127.0.0.1,local host each time a new zone is created.

Thu, 07/18/2019 - 09:21
eugenevdm.host
eugenevdm.host's picture

@kilmarac did you resolve this problem? I see lots different answers in this post, and on the internet. On my server I have port 10000 and 53 UDP and TCP open, this all seems good but I still get a long timeout and then that message. This post suggested 10014 but also adding UDP/TCP 10014 did not work:

https://sourceforge.net/p/webadmin/discussion/600155/thread/55dc9679/

Another post, no clear answer, just frustration:

https://www.virtualmin.com/node/41718

and more:

https://www.virtualmin.com/node/44932

How does this replication work?

Port 53 UDP? Port 53 TCP? Port 53 UDP and TCP? Ports 10000? Ports 10000-10010? Port 10014?

Eugene van der Merwe https://vander.host

Thu, 07/18/2019 - 10:12
eugenevdm.host
eugenevdm.host's picture

Ok mystery solved with my good old friend TCPDUMP.

Adding slave.domain.com ..
Server slave.domain.com is not running Webmin version 1.202 or above.

It appears TCP port 10001 is needed. See tcpdump trace below, first 10 TCP initiations on port 10000 (webmin), and then over to port 10001.

So open port 10001.

root@ns3:~# tcpdump src ip_address_master_dns
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens4, link-type EN10MB (Ethernet), capture size 262144 bytes
14:56:43.412119 IP hostname_master_dns.46608 > ns3.us-west1-b.c.slave_dns_aws.webmin: Flags [S], seq 2463775063, win 29200, options [mss 1436,sackOK,TS val 143933017 ecr 0,nop,wscale 9], length 0
14:56:43.701689 IP hostname_master_dns.46608 > ns3.us-west1-b.c.slave_dns_aws.webmin: Flags [.], ack 2511385643, win 58, options [nop,nop,TS val 143933307 ecr 597203441], length 0
14:56:43.702056 IP hostname_master_dns.46608 > ns3.us-west1-b.c.slave_dns_aws.webmin: Flags [P.], seq 0:313, ack 1, win 58, options [nop,nop,TS val 143933307 ecr 597203441], length 313
14:56:44.002098 IP hostname_master_dns.46608 > ns3.us-west1-b.c.slave_dns_aws.webmin: Flags [.], ack 1409, win 63, options [nop,nop,TS val 143933608 ecr 597203741], length 0
14:56:44.002161 IP hostname_master_dns.46608 > ns3.us-west1-b.c.slave_dns_aws.webmin: Flags [.], ack 2633, win 69, options [nop,nop,TS val 143933608 ecr 597203741], length 0
14:56:44.002857 IP hostname_master_dns.46608 > ns3.us-west1-b.c.slave_dns_aws.webmin: Flags [P.], seq 313:655, ack 2633, win 69, options [nop,nop,TS val 143933608 ecr 597203741], length 342
14:56:44.294774 IP hostname_master_dns.46608 > ns3.us-west1-b.c.slave_dns_aws.webmin: Flags [P.], seq 655:740, ack 2883, win 74, options [nop,nop,TS val 143933900 ecr 597204034], length 85
14:56:44.626375 IP hostname_master_dns.46608 > ns3.us-west1-b.c.slave_dns_aws.webmin: Flags [P.], seq 740:1154, ack 2883, win 74, options [nop,nop,TS val 143934232 ecr 597204366], length 414
14:56:45.147149 IP hostname_master_dns.46608 > ns3.us-west1-b.c.slave_dns_aws.webmin: Flags [.], ack 3415, win 80, options [nop,nop,TS val 143934751 ecr 597204851], length 0

The crucial port 10000 to 10001 is about to happen...

14:56:45.147213 IP hostname_master_dns.46608 > ns3.us-west1-b.c.slave_dns_aws.*webmin*: Flags [F.], seq 1154, ack 3415, win 80, options [nop,nop,TS val 143934752 ecr 597204851], length 0
14:56:45.423627 IP hostname_master_dns.50708 > ns3.us-west1-b.c.slave_dns_aws.*10001*: Flags [S], seq 960827906, win 29200, options [mss 1436,sackOK,TS val 143935029 ecr 0,nop,wscale 9], length 0
14:56:45.710532 IP hostname_master_dns.50708 > ns3.us-west1-b.c.slave_dns_aws.10001: Flags [.], ack 2848130450, win 58, options [nop,nop,TS val 143935316 ecr 597205452], length 0
14:56:45.710618 IP hostname_master_dns.50708 > ns3.us-west1-b.c.slave_dns_aws.10001: Flags [P.], seq 0:36, ack 1, win 58, options [nop,nop,TS val 143935316 ecr 597205452], length 36
14:56:45.997300 IP hostname_master_dns.50708 > ns3.us-west1-b.c.slave_dns_aws.10001: Flags [P.], seq 36:106, ack 1, win 58, options [nop,nop,TS val 143935602 ecr 597205739], length 70
14:56:46.284877 IP hostname_master_dns.50708 > ns3.us-west1-b.c.slave_dns_aws.10001: Flags [.], ack 4, win 58, options [nop,nop,TS val 143935890 ecr 597206027], length 0
14:56:46.571601 IP hostname_master_dns.50708 > ns3.us-west1-b.c.slave_dns_aws.10001: Flags [.], ack 46, win 58, options [nop,nop,TS val 143936177 ecr 597206313], length 0
14:56:46.571766 IP hostname_master_dns.50708 > ns3.us-west1-b.c.slave_dns_aws.10001: Flags [P.], seq 106:143, ack 46, win 58, options [nop,nop,TS val 143936177 ecr 597206313], length 37
14:56:46.899773 IP hostname_master_dns.50708 > ns3.us-west1-b.c.slave_dns_aws.10001: Flags [P.], seq 143:262, ack 46, win 58, options [nop,nop,TS val 143936505 ecr 597206642], length 119
14:56:47.270383 IP hostname_master_dns.50708 > ns3.us-west1-b.c.slave_dns_aws.10001: Flags [.], ack 49, win 58, options [nop,nop,TS val 143936876 ecr 597206972], length 0
14:56:47.557245 IP hostname_master_dns.50708 > ns3.us-west1-b.c.slave_dns_aws.10001: Flags [.], ack 74, win 58, options [nop,nop,TS val 143937162 ecr 597207299], length 0
14:56:47.557448 IP hostname_master_dns.50708 > ns3.us-west1-b.c.slave_dns_aws.10001: Flags [P.], seq 262:299, ack 74, win 58, options [nop,nop,TS val 143937163 ecr 597207299], length 37
14:56:47.844130 IP hostname_master_dns.50708 > ns3.us-west1-b.c.slave_dns_aws.10001: Flags [P.], seq 299:456, ack 74, win 58, options [nop,nop,TS val 143937449 ecr 597207586], length 157
14:56:48.251371 IP hostname_master_dns.50708 > ns3.us-west1-b.c.slave_dns_aws.10001: Flags [.], ack 77, win 58, options [nop,nop,TS val 143937857 ecr 597207954], length 0
14:56:48.538218 IP hostname_master_dns.50708 > ns3.us-west1-b.c.slave_dns_aws.10001: Flags [.], ack 119, win 58, options [nop,nop,TS val 143938143 ecr 597208280], length 0
14:56:48.538282 IP hostname_master_dns.50708 > ns3.us-west1-b.c.slave_dns_aws.10001: Flags [P.], seq 456:493, ack 119, win 58, options [nop,nop,TS val 143938143 ecr 597208280], length 37
14:56:48.824923 IP hostname_master_dns.50708 > ns3.us-west1-b.c.slave_dns_aws.10001: Flags [P.], seq 493:630, ack 119, win 58, options [nop,nop,TS val 143938430 ecr 597208567], length 137
14:56:49.151396 IP hostname_master_dns.50708 > ns3.us-west1-b.c.slave_dns_aws.10001: Flags [.], ack 122, win 58, options [nop,nop,TS val 143938757 ecr 597208854], length 0
14:56:49.438161 IP hostname_master_dns.50708 > ns3.us-west1-b.c.slave_dns_aws.10001: Flags [.], ack 172, win 58, options [nop,nop,TS val 143939043 ecr 597209180], length 0
14:56:49.438445 IP hostname_master_dns.50708 > ns3.us-west1-b.c.slave_dns_aws.10001: Flags [P.], seq 630:667, ack 172, win 58, options [nop,nop,TS val 143939044 ecr 597209180], length 37
14:56:49.767775 IP hostname_master_dns.50708 > ns3.us-west1-b.c.slave_dns_aws.10001: Flags [P.], seq 667:801, ack 172, win 58, options [nop,nop,TS val 143939373 ecr 597209509], length 134
14:56:50.060993 IP hostname_master_dns.50708 > ns3.us-west1-b.c.slave_dns_aws.10001: Flags [.], ack 1586, win 63, options [nop,nop,TS val 143939666 ecr 597209802], length 0
14:56:50.061090 IP hostname_master_dns.50708 > ns3.us-west1-b.c.slave_dns_aws.10001: Flags [.], ack 4402, win 74, options [nop,nop,TS val 143939666 ecr 597209802], length 0
14:56:50.061162 IP hostname_master_dns.50708 > ns3.us-west1-b.c.slave_dns_aws.10001: Flags [.], ack 12850, win 107, options [nop,nop,TS val 143939666 ecr 597209802], length 0
14:56:50.347904 IP hostname_master_dns.50708 > ns3.us-west1-b.c.slave_dns_aws.10001: Flags [.], ack 14825, win 115, options [nop,nop,TS val 143939953 ecr 597210089], length 0
14:56:50.661476 IP hostname_master_dns.50708 > ns3.us-west1-b.c.slave_dns_aws.10001: Flags [F.], seq 801, ack 14825, win 115, options [nop,nop,TS val 143940267 ecr 597210089], length 0
14:56:50.966419 IP hostname_master_dns.50708 > ns3.us-west1-b.c.slave_dns_aws.10001: Flags [.], ack 14826, win 115, options [nop,nop,TS val 143940572 ecr 597210708], length 0

Eugene van der Merwe https://vander.host

Thu, 07/18/2019 - 21:27 (Reply to #5)
noisemarine

Yes, my bad. I have updated my original post to include the three ports. I had obviously forgotten about the Webmin+1 port when I originally wrote my post (I don't use 10000 & 10001 on my own servers). Thanks for the reminder. :)