|
|
|
Home  Projects Automatic Secondary Server creation
|
|
Automatic Secondary Server creation |
|
|
|
Written by scott
|
|
Wednesday, 03 May 2006 |
One issue I've always had a problem with is managing multiple DNS servers in an efficient (read lazy) way. In this latest article I've documented how to create automatic secondary server configurations between multiple systems that should require no admin overhead to maintain.
The idea here with my system is to have 2 (or more) servers happily generate their own zone files, and then automatically act as secondaries for each other with NO administrative effort. Aside from the initial setup, you shouldnt have to do anything ever again. Just admin your domains like normal in the CP, and they will automatically be updated to the other server(s). This is done by making both servers secondaries to each other, and in addition to regular zone transfers between servers, there is an added step of transferring a list of all domains from one server to the other which is used to generate an external include file.
Setup
You will first need 2 servers running bind, and a web server. They do not have to be PSA servers, as this is entirely done external to PSA.
Step 1) add the following line to /etc/named.conf on both servers:
include "/etc/secondaries.include";
This is the file which will contain all of your secondary zone configurations. (Note: This is not managed by the control panel on the secondary.)
Step 2) install the following 2 scripts into /var/named/run-root/etc
gen-secondaries.sh
This generates the secondaries.include file for your secondary server(s)
xfer-config.sh
This downloads the secondaries.include from the master server(s).
You will need to edit the line "MASTER=CHANGEME" in both files, where CHANGEME is the IP address of the master server.
Step 3) create a directory /var/named/run-root/var/slave owned by the named user.
Step 4) Create 3 root cron jobs to generate configs, transfer files, and restart named .
0 */6 * * * /var/named/run-root/etc/gen-secondaries.sh > /dev/null 2>&1
10 */6 * * * /var/named/run-root/etc/xfer-config.sh > /dev/null 2>&1
20 */6 * * * /etc/init.d/named restart > /dev/null 2>&1
(Note: */6 means every 6 hours, adjust accordingly)
Step 5) add a global allow rule into the PSA database on each server for each secondary server, as root:
mysql -u admin -p psa
insert misc values ('DNS_Allow_TransferXX', '<IP>');
where XX is a unique number for each secondary server, and <IP> is the ip address for your secondary.
Ex: insert misc values ('DNS_Allow_Transfer01','10.10.192.13');
Step 6) In the PSA control panel, log in as admin, goto Server->DNS->Add NS records for each secondary server
Questions, comments, etc can be directed to me, scott AT atomicrocketturtle.com. No warranty, expressed or implied, yadda yadda. If this breaks things on your server, I'll be sad for you, but not responsible. :)
|
Subject: Excellent guide, needed a little fine tu
Written by Mrgastix on 2007-11-07 14:34:02
This is a great guide, it helped me a lot!
There are few things I needed to take care of and I decided to share it here.
First, you put gen-secondaries.sh and xfer-config.sh on your both servers (S1 and S2, with IP1 and IP2). So on S1 you put MASTER=IP1 in gen-secondaries.sh and MASTER=IP2 in xfer-config.sh and vice versa on S2.
Also STEP 5 you can edit in PLESK under Server->DNS->ACL.
And (I lost my nerves over this one) if you run named under SELinux (I had it on CentOS 5) be sure to allow it to write the slave files (I had constant dumping master file: slave/tmp... open: permission denied error in /var/log/messages in spite named owning the slave dir). Read man pages for named(8) and selinux(8) how to allow it.
| | Subject: Errors I encountered
Written by jphilipson on 2008-01-27 11:34:25
After setting this up I had errors when the slave tried updating zones...
from /var/log/messages
"dumping master file: sl/tmp-XXXX5il3sQ: open: permission denied"
I had var/slave chowned to named.named with read/write permissions and it wouldn't work. I chmodded var/slave to 777 and all works. This was on RHEL4 with selinux off and named running in a chrooted environment (standard for plesk installs).
| | Subject: Error
Written by naseer679 on 2008-04-22 09:01:57
already exists previous definition: /etc/named.conf
I get the following error on the plesk server with named service running if I add include "/etc/secondaries.include"; to /etc/named.conf and named service fails to start.Please let me know how to fix this.
| | Subject: Small bug in gen-secondaries.sh
Written by Nettihotelli on 2008-11-14 03:52:45
This is an excellent script, though I noticed small bug in gen-secondaries.sh that should be fixed.
gen-secondaries.sh creates "domains" file from named.conf file and cuts of any default example domain configuration lines that has "arpa" mentioned.
The problem is that if there is this paraphrase "arpa" included in any of the real domains too, it will be cut of from the domains file and secondary name server won't be created for that domain - for. e.g. "karpaasi.com" or "arpajaiset.net" would be withouth secondary name server and that could cause problems.
The bug fix for this is to change line in gen-secondaries.sh as follows:
egrep "^zone" $NAMED_ROOT/named.conf |egrep -iv "arpa|"." | awk -F" '{print $2}' > $NAMED_ROOT/domains
TO
egrep "^zone" $NAMED_ROOT/named.conf |egrep -iv ".arpa|"." | awk -F" '{print $2}' > $NAMED_ROOT/domains
and this should correct the problem. Thank you for your excellent script, though! ;)
| |
Only registered users can write comments.
Please login or register. Powered by AkoComment 2.0.3! |
|
Last Updated ( Tuesday, 30 May 2006 )
|
|
