HOWTO: ispCP Secondary DNS

Secondary DNS is a bit of an issue that is yet to be sorted fully in ispCP but if you want to do some hosting with it it is a requirement. So here is the documentation of the way we have implemented secondary DNS within ISPCP.

Here is a little diagram of what we are trying to achieve.

the servers go here.

The Master server is an ispCP box running several domains.

The Secondary server can also be an ispCP box with its own domains on or it could be just a bind server just for secondary DNS.

The Tertiary server is the same as the secondary server.

The zones for the domains running on Master are created automatically on the Master server but need to be transferred to the other two servers. Here is steps that we took to achieve this.

First off we need to create a user on all of our servers that will be used to do the transfer.
useradd -g bind -m -p password dnstrans

This will add a user called dnstrans in the group bind.

Next we need a script that will make the config file for the secondary servers this needs to be edited differently from the master servers config file. We found a script that was written to do the job but we found it not to work quite right. Here is a copy of our script.

# Replace "x.y.z.w" with the IP address of your master DNS
echo "#start" > $file #empties transfer file
pushd $DB_PATH # changes to directory path and stores pwd
#ls -1 *.db | awk -v m=$MASTER -v path=$DB_PATH '{ print gensub(/(.*)\.db/,"zone\"\\1\" { type slave; file \""path"/manual/\\1.db\"; masters { "m"; }; };", g,$9); }'
ls -1 /var/cache/bind/ |gawk -v m=$MASTER '{print gensub(/(.*)\.db/,"zone \"\\1\" { type slave; masters { "m"; }; file \""path"\\1.db\"; };",1) }' >> $file
chown $user.$group $file
popd # pops back to pwd

Place this script in /usr/local/sbin/trans. It will also need to be made executable with the following

chmod +x /usr/local/sbin/trans

This script will output a file the the dnstrans home called “xxxsec” were xxx is the host name of the master DNS server that has created this file. This will be the file that we need to transfer to the secondary servers.

Next we automate the creation of this file every hour using crontab.

crontab -e
02 * * * * /usr/local/sbin/trans

This will run at 2 minuites after the hour every hour.

That is it for the master server next we need to configure our secondary servers.

We have to pull the file that has been created to our secondary server with this script.

cd /etc/bind/
wget ftp://dnstrans:password@master.server.tld/betasec --passive-ftp #download the zone file
rndc reload #reload the dns domains

We also need this file to be placed in /usr/local/sbin/getdns and it will need to be made executable.

chmod +x /usr/local/sbin/getdns

This will pull the file to the secondary DNS servers /etc/bind/ folder. Next we need to edit the secondary DNS servers config to include the new file this is done with this command.

echo 'include "/etc/bind/hostnamesec";' >> /etc/bind/named.conf.local

Last off we need to automate the pull of the file this is done with a cron job on the secondary server as bellow.

crontab -e
09 * * * * /usr/local/sbin/getdns

This job will run at 9 minuites after the hour every hour.

John has also done a wright up of this project and as he did most of it his is probably better than mine so here is the link to his.