Extensions How do i configure my other nameserver?2 How do i configure my other nameserver?
The Control Panel only accepts an IP for your secondary nameserver. If you really need NS3 you can manually edit the correct files /etc/vhcs/bind/parts/.
To keep the secondary nameserver in sync with the primary you can follow these steps:
NS1:
edit /etc/bind/named.conf and add this to the top:
--------------------------------------------------------------------------------------------------------------
options {
directory "/var/cache/bind";
forwarders {
[DNS.FROM.ISP];};
auth-nxdomain no;
dnssec-enable yes;
};
key "TRANSFER" {
algorithm hmac-md5;
secret "[HASHKEY]";
};
server [YOUR.NS2.IP] {
keys {
TRANSFER;
};
};
--------------------------------------------------------------------------------------------------------------
(Parts of this used to be in named.conf.options, but we will not use that file. Remove the include line to. It should include a nameserver from your isp as forwarder and we use dnssec-enable to do encrypted zone-transfers. Also remove ALL comments!)
--------------------------------------------------------------------------------------------------------------
options {
directory "/var/cache/bind";
forwarders {
[DNS.FROM.ISP];};
auth-nxdomain no;
dnssec-enable yes;
};
key "TRANSFER" {
algorithm hmac-md5;
secret "[HASHKEY]";
};
server [YOUR.NS2.IP] {
keys {
TRANSFER;
};
};
--------------------------------------------------------------------------------------------------------------
(Parts of this used to be in named.conf.options, but we will not use that file. Remove the include line to. It should include a nameserver from your isp as forwarder and we use dnssec-enable to do encrypted zone-transfers. Also remove ALL comments!)
You need a key for secure zonetransfers on both nameservers. You can create a key with: (its in the <bla>.private file, only needed once and only on your NS1)
dnssec-keygen -a hmac-md5 -b 512 -n host [YOUR.NS1.FQDN]
/etc/init.d/bind9 restart
NS2:
edit /etc/bind/named.conf and add this to the top:
--------------------------------------------------------------------------------------------------------------
options {
directory "/var/cache/bind";
forwarders {
[DNS.FROM.ISP];};
auth-nxdomain no;
dnssec-enable yes;
};
key "TRANSFER" {
algorithm hmac-md5;
secret "[HASHKEY]";
};
server [YOUR.NS1.IP] {
keys {
TRANSFER;
};
};
--------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------
options {
directory "/var/cache/bind";
forwarders {
[DNS.FROM.ISP];};
auth-nxdomain no;
dnssec-enable yes;
};
key "TRANSFER" {
algorithm hmac-md5;
secret "[HASHKEY]";
};
server [YOUR.NS1.IP] {
keys {
TRANSFER;
};
};
--------------------------------------------------------------------------------------------------------------
(look at NS1 remarks)
Create a script (cron ofcourse) to configure new zone files. The actual records will be imported with a zone-transfer.
nano dnsupdate.sh
--------------------------------------------------------------------------------------------------------------
#!/bin/sh
NAMED="/etc/bind/named.conf.local"
TMPNAMED="/tmp/zns-441245.temp"
TMPZONEFILE="/tmp/zones.txt"
TMP="/tmp/zns-732.temp"
ZONELOCATION="/var/cache/bind"
echo -n "Checking for new named.conf... "
wget -q https://[YOUR.NS1.IP]:10801/named/named.conf -O $TMPNAMED
if [ -e $TMPNAMED ]
then
echo "done."
else
echo "no new data!"
exit
fi
echo -n "Generating zone names... "
cat $TMPNAMED |grep zone |cut -d" " -f"2" |cut -d"\"" -f2 > $TMPZONEFILE
sed '1,5d' $TMPZONEFILE > $TMP
mv $TMP $TMPZONEFILE
echo "done. ("$TMPZONEFILE")"
echo "Generating zone info... "
cat $TMPZONEFILE |while read ZONE; do
if [ -e $ZONELOCATION/$ZONE.db ]
then
echo "Zone $ZONE already available."
else
echo -n "New zone available ($ZONE)... "
echo "zone \"$ZONE\" {
type slave;
file \"$ZONELOCATION/$ZONE.db\";
masters { [YOUR.NS1.IP]; };
allow-notify { [YOUR.NS1.IP]; };
};" >> $NAMED
echo "added."
echo "Restarting Bind"
/etc/init.d/bind9 restart
fi
done
rm $TMPZONEFILE
rm $TMPNAMED
--------------------------------------------------------------------------------------------------------------
nano dnsupdate.sh
--------------------------------------------------------------------------------------------------------------
#!/bin/sh
NAMED="/etc/bind/named.conf.local"
TMPNAMED="/tmp/zns-441245.temp"
TMPZONEFILE="/tmp/zones.txt"
TMP="/tmp/zns-732.temp"
ZONELOCATION="/var/cache/bind"
echo -n "Checking for new named.conf... "
wget -q https://[YOUR.NS1.IP]:10801/named/named.conf -O $TMPNAMED
if [ -e $TMPNAMED ]
then
echo "done."
else
echo "no new data!"
exit
fi
echo -n "Generating zone names... "
cat $TMPNAMED |grep zone |cut -d" " -f"2" |cut -d"\"" -f2 > $TMPZONEFILE
sed '1,5d' $TMPZONEFILE > $TMP
mv $TMP $TMPZONEFILE
echo "done. ("$TMPZONEFILE")"
echo "Generating zone info... "
cat $TMPZONEFILE |while read ZONE; do
if [ -e $ZONELOCATION/$ZONE.db ]
then
echo "Zone $ZONE already available."
else
echo -n "New zone available ($ZONE)... "
echo "zone \"$ZONE\" {
type slave;
file \"$ZONELOCATION/$ZONE.db\";
masters { [YOUR.NS1.IP]; };
allow-notify { [YOUR.NS1.IP]; };
};" >> $NAMED
echo "added."
echo "Restarting Bind"
/etc/init.d/bind9 restart
fi
done
rm $TMPZONEFILE
rm $TMPNAMED
--------------------------------------------------------------------------------------------------------------
Use cron to let it check for updates every hour.
Now edit /etc/bind/named.conf:
CP webserver
edit your site config file and add this:
--------------------------------------------------------
Alias /named /etc/bind
<directory /etc/bind>
Order Deny,Allow
Deny from all
Allow from [YOUR.NS2.IP]
</directory>
<directory /etc/bind>
Order Deny,Allow
Deny from all
Allow from [YOUR.NS2.IP]
</directory>
--------------------------------------------------------
Restart apache and try the script on NS2. It should download the named.conf (containing the domainnames) and add those to its own configuration. Right after bind reloads it should transfer the zone itself.
82,14% of 28 voters found this FAQ useful, I found this FAQ 
useful 
not useful
useful not useful| Next > |
|---|