Page 1 of 2 12 LastLast
Results 1 to 40 of 44
  1. #1
    Join Date
    May 2010
    Location
    Pakistan
    Posts
    187

    Hosting DNS on a VPS

    A n00b question!

    I want to host my own DNS on a VPS (an not use Godaddy DNS or Affraid.org etc), I am assuming I would need a

    1. VPS
    2. Two ips on different subnets (one for ns1 and one for ns2)


    are my assumptions right? Someone told me It can do with just one ip but I am not sure how.

    Please advise
    VPS benchmarks, personal opinions and more at my personal blog asim.pk

  2. #2
    Join Date
    Jul 2008
    Location
    Minneapolis, MN
    Posts
    276
    You could do it all with one IP, but if that server goes down you will have no dns responses what-so-ever, which would be bad.

    And #2 should actually be two different VPS's on two different subnets, ideally.
    01 Networks / Hosting and Consulting Services
    Pay as you Go hosting -- the cheapest prices in town.
    Zimbra (Network Edition and Open Source) Hosting
    100% full uptime guarantee / 24x7x365 support

  3. #3
    Join Date
    May 2006
    Location
    San Francisco
    Posts
    7,200
    If your DNS is being hosted on only one server, it doesn't matter if you only use one IP or not.

  4. #4
    Join Date
    May 2010
    Location
    Pakistan
    Posts
    187
    Thanks for the reply,

    How will the two vpses (DNS Cluster) be setup? any tutorial for that? I think its some sort of round-robin for ubuntu?
    VPS benchmarks, personal opinions and more at my personal blog asim.pk

  5. #5
    Join Date
    Jul 2007
    Location
    Ashburn, VA
    Posts
    1,314
    Quote Originally Posted by asimzeeshan View Post
    Thanks for the reply,

    How will the two vpses (DNS Cluster) be setup? any tutorial for that? I think its some sort of round-robin for ubuntu?
    It's trivial with something like cPanel. For Ubuntu, I'm pretty sure you would have to do some of the dirty stuff yourself (like syncing the DNS entries).
    Preetam Jinka

    Isomerous - High performance web services for business and individuals.
    Bitcable Colocation, KVMs, cPanel hosting, Oracle expertise, and more.

  6. #6
    Join Date
    Mar 2010
    Posts
    34
    Cpanel dns only maybe .

  7. #7
    Join Date
    May 2010
    Location
    Pakistan
    Posts
    187
    CPanel DNS-Only requires a cpanel license, isn't it?
    VPS benchmarks, personal opinions and more at my personal blog asim.pk

  8. #8
    Join Date
    May 2006
    Location
    San Francisco
    Posts
    7,200
    Quote Originally Posted by asimzeeshan View Post
    CPanel DNS-Only requires a cpanel license, isn't it?
    You can freely install it but you can only use them with cPanel clusters.

  9. #9
    Join Date
    May 2010
    Location
    Pakistan
    Posts
    187
    Thank you for taking the time to read and reply to my question

    Two concerns

    1) CPanel DNSONLY requires a CPANEL license
    2) CPanel takes lot of resouces (obviously) and it will require min 512 linux box

    So, I am looking for a ubuntu/linux alternate that can run on lowend boxes and still be scalable e.g. hosting NS1 on VPS1 and NS2 on VPS2

    How can I do that? any advise or tutorial would be welcome
    VPS benchmarks, personal opinions and more at my personal blog asim.pk

  10. #10
    You don't need IPs on different subnets - they can be on the same subnet. And if you have one web site on one box, it probably doesn't matter if your DNS is down if the web site is also down
    My advice and reviews of VPS providers based on my personal experience: VPSadvice.com

  11. #11
    Join Date
    May 2010
    Location
    Pakistan
    Posts
    187
    You are right, but first things first. I want to have redundancy in DNS (distributed among at least two different vpses) so please advise how to do that
    VPS benchmarks, personal opinions and more at my personal blog asim.pk

  12. #12
    Join Date
    Jan 2010
    Location
    San Francisco
    Posts
    1,799
    Quote Originally Posted by raindog308 View Post
    And if you have one web site on one box, it probably doesn't matter if your DNS is down if the web site is also down
    There are other benefits to redundant DNS besides websites -- email for example, if one is to use Google Apps or have a dedicated mail server elsewhere.

  13. #13
    Join Date
    May 2010
    Location
    Pakistan
    Posts
    187
    Hi there,

    Thanks for dropping by and posting the comment, can you guide me to setup DNS server/cluster? any tutorial? link?
    VPS benchmarks, personal opinions and more at my personal blog asim.pk

  14. #14
    Quote Originally Posted by WickedFactor View Post
    There are other benefits to redundant DNS besides websites -- email for example, if one is to use Google Apps or have a dedicated mail server elsewhere.
    Yes, that is a good point.
    My advice and reviews of VPS providers based on my personal experience: VPSadvice.com

  15. #15
    Join Date
    Jun 2005
    Posts
    2,574
    If you are thinking to maintain VPSs and DNS servers for just a few domains I suggest you use third-party professional DNS providers like DNSMadeEasy (BTW I don't see a good reason not to use Godaddy DNS services).
    You will only find out how good a provider is when the going gets tough

  16. #16
    Join Date
    Mar 2009
    Location
    Austin, TX
    Posts
    934
    There are many ways to do this. I can suggest two.

    1) Get 2 256MB VPSs, run PowerDNS and supermaster one.
    2) Get 1 256MB VPS, run PowerDNS and find free DNS host that allows AXFR to it as secondary slave (i.e. He.net).

    Your pick.
    SysAdmin.xyz
    Having severs with customer data on it without proper monitoring is like having one night stand without using protections - eventually, there will be an 'oh s**t!' moment.

  17. #17
    Join Date
    Jun 2003
    Location
    California
    Posts
    2,766
    If you have one cPanel box, the cPanel DNSONLY installs are no charge (no extra license needed).

    I think you are looking to save the money and resources of a cPanel install on your 512MB box. You might look at DNS clustering for Kloxo or Webmin, which are free and have a lower memory footprint.

  18. #18
    Join Date
    Dec 2007
    Posts
    471
    I used this (https://forum.ramhost.us/bbs/viewtopic.php?pid=1473) tutorial for setting up master nsd3 on my most reliable VPS. Then I used the same tutorial for setting up slave nsd3 on a few other of my VPS.

    Then I made a free account at https://dns.he.net/ and used their free service as more slaves.

    Ultimately everything is driven from the 1 master nsd3 instance and LOTS of slaves between my other VPS and the HE dns service.

    Here's some more info :
    http://www.lowendtalk.com/questions/...r-own-dns/2527
    Last edited by portalgod; 05-03-2011 at 06:38 PM.

  19. #19
    Join Date
    Apr 2010
    Location
    North Carolina
    Posts
    430
    I would recommend using NSD on at least 2 VPSs, My two VPSs for just DNS are using less than 32mb RAM.

    123systems.net's $10/year VPS would be a great option for a secondary/tertiary DNS box.

  20. #20
    Join Date
    Mar 2009
    Posts
    3,807
    You can always just run one server and pay to have it slaved off

  21. #21
    Join Date
    Jul 2007
    Location
    Ashburn, VA
    Posts
    1,314
    Quote Originally Posted by dmmcintyre3 View Post
    123systems.net's $10/year VPS would be a great option for a secondary/tertiary DNS box.
    Yeah, those are great.
    Preetam Jinka

    Isomerous - High performance web services for business and individuals.
    Bitcable Colocation, KVMs, cPanel hosting, Oracle expertise, and more.

  22. #22
    Join Date
    Mar 2009
    Location
    Austin Tx
    Posts
    2,001
    Quote Originally Posted by dotHostel View Post
    If you are thinking to maintain VPSs and DNS servers for just a few domains I suggest you use third-party professional DNS providers like DNSMadeEasy (BTW I don't see a good reason not to use Godaddy DNS services).
    I second that, or, at the very least, use a free DNS service to act as a secondary.
    At least your email, etc. can be reached. Or, if things go really bad, you can switch the secondary to a primary (hey..it's already listed as an NS on your domain) and get things re-pointed until you can repair / move your primary DNS server.

    DNSME rocks. Been using it for better part of a decade now. Love it.
    This is the best signature in the world....Tribute!
    (It is not the best signature in the world, no. This is just a tribute)

  23. #23
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,039
    Quote Originally Posted by asimzeeshan View Post

    1) CPanel DNSONLY requires a CPANEL license
    cPanel DNS Only is FREE and doesn't need a cPanel license to operate its merely a very stripped down version of cPanel

    Quote Originally Posted by asimzeeshan View Post
    2) CPanel takes lot of resouces (obviously) and it will require min 512 linux box
    Incorrect, cPanel DNS Only will work with half of that Ram

    I've even known it to work with 128MB Ram if your prepaired to get your hands dirty.

    I do advise you use 256MB/512MB Burst as the installation of cPanel DNS Only does require abit of Ram to get installed, But once installed you can turn off "innodb" which will save you Ram, I think an DNS Only installation with "innodb" turned off idles at around 100MB Ram or so...

    Quote Originally Posted by asimzeeshan View Post
    How will the two vpses (DNS Cluster) be setup? any tutorial for that? I think its some sort of round-robin for ubuntu?
    For a semi-decent DNS Cluster your going to need 2 VPSes running the likes of cPanel DNS ONLY in 2 different geographical locations in different datacenters with different providers, this provides a layer of redundancy which TRUE DNS clusters have.

    If your trying to cluster a cPanel server with DNS ONLY its pretty straight forward.

    Have a read here: http://docs.cpanel.net/twiki/bin/vie...nfigureCluster
    Last edited by Server Management; 05-04-2011 at 05:06 AM.

  24. #24
    Join Date
    Apr 2008
    Location
    Tulsa, OK, USA
    Posts
    372
    Quote Originally Posted by asimzeeshan View Post
    Thank you for taking the time to read and reply to my question

    Two concerns

    1) CPanel DNSONLY requires a CPANEL license
    2) CPanel takes lot of resouces (obviously) and it will require min 512 linux box

    So, I am looking for a ubuntu/linux alternate that can run on lowend boxes and still be scalable e.g. hosting NS1 on VPS1 and NS2 on VPS2

    How can I do that? any advise or tutorial would be welcome
    try looking at powerdns with it's mysql or sqlite backend. it should be plenty scalable even on lowend boxes.

  25. #25
    Join Date
    Oct 2007
    Posts
    446
    Quote Originally Posted by quad3datwork View Post
    1) Get 2 256MB VPSs, run PowerDNS and supermaster one.
    2) Get 1 256MB VPS, run PowerDNS and find free DNS host that allows AXFR to it as secondary slave (i.e. He.net).

    Have you actually set this up and seed how easy it is to flood the name servers? On a normal VPS with what you are saying you can bring down the name servers with about 20 Mbps of DNS traffic....
    My 4 year old nephew can write a script to generate more traffic than that with false UDP queries.

    If that's a win for you.... then woot!

  26. #26
    Join Date
    Jun 2003
    Location
    California
    Posts
    2,766
    Quote Originally Posted by SLDHosting View Post
    I've even known it to work with 128MB Ram if your prepaired to get your hands dirty.

    I do advise you use 256MB/512MB Burst as the installation of cPanel DNS Only does require abit of Ram to get installed, But once installed you can turn off "innodb" which will save you Ram, I think an DNS Only installation with "innodb" turned off idles at around 100MB Ram or so...
    Just to confirm, I have cPanel DNSONLY running on a $15 a year VPS from BuyVM using 103MB:

    Code:
    root [~]# free -m
                 total       used       free     shared    buffers     cached
    Mem:           256        103        152          0          0          0
    -/+ buffers/cache:        103        152
    Swap:            0          0          0
    I have both "skip-innodb" and "skip-bdb" in my.cnf, and reduced some of apache's memory usage as well to get there.

  27. #27
    Join Date
    Apr 2010
    Location
    North Carolina
    Posts
    430
    Quote Originally Posted by fshagan View Post

    I have both "skip-innodb" and "skip-bdb" in my.cnf, and reduced some of apache's memory usage as well to get there.
    Just stop apache, it's not needed on cPanel DNS Only.

  28. #28
    Join Date
    Jun 2003
    Location
    California
    Posts
    2,766
    Quote Originally Posted by dmmcintyre3 View Post
    Just stop apache, it's not needed on cPanel DNS Only.
    Hmmm ... I'll look at that. I am using the little VPS as backup storage too, but I suppose rsync and ssh doesn't need apache either.

  29. #29
    Join Date
    Apr 2011
    Location
    Las Vegas, NV
    Posts
    1,627
    Quote Originally Posted by asimzeeshan View Post
    Hi there,

    Thanks for dropping by and posting the comment, can you guide me to setup DNS server/cluster? any tutorial? link?
    I'm working on a tutorial for that right now. It will be specific for two CentOS 5.x machines, both running BIND. But I can tell you right now that the tutorial will use the rsync method, as opposed to the built-in AXFR functions that come with BIND.

    AXFR, and IXFR for that matter, both really suck. It's a slow, clumsy, archaic, and a downright stupid way of replicating zone files. Moreover, contemporary BIND releases are buggy with respect to using the "NOTIFY" feature, so you may be stuck waiting until your Expiry Time is up anyway.

    I couldn't say those things unless I was able to get it working. I wasted DAYS fooling with it, then when I had it working the way it was supposed to work and saw how lame the whole setup was, I pulled-out the "allow-transfer" statements and setup rsync. You'll find rsync to be much easier to setup, which is a disgrace considering that BIND 9.x already comes setup with AXFR. You'll also find rsync to be more orderly and also more reliable.

    Anyway, I'll try to get a howto posted in the next few days.

  30. #30
    Join Date
    May 2010
    Location
    Pakistan
    Posts
    187
    Quote Originally Posted by ajonate View Post
    I'm working on a tutorial for that right now. It will be specific for two CentOS 5.x machines, both running BIND. But I can tell you right now that the tutorial will use the rsync method, as opposed to the built-in AXFR functions that come with BIND.

    AXFR, and IXFR for that matter, both really suck. It's a slow, clumsy, archaic, and a downright stupid way of replicating zone files. Moreover, contemporary BIND releases are buggy with respect to using the "NOTIFY" feature, so you may be stuck waiting until your Expiry Time is up anyway.

    I couldn't say those things unless I was able to get it working. I wasted DAYS fooling with it, then when I had it working the way it was supposed to work and saw how lame the whole setup was, I pulled-out the "allow-transfer" statements and setup rsync. You'll find rsync to be much easier to setup, which is a disgrace considering that BIND 9.x already comes setup with AXFR. You'll also find rsync to be more orderly and also more reliable.

    Anyway, I'll try to get a howto posted in the next few days.

    Thank you very much for replying here. Although I want it to be setup on Ubuntu but still am looking forward to your tutorial because I can replicate the same and use on my distro.

    Keep me posted please
    VPS benchmarks, personal opinions and more at my personal blog asim.pk

  31. #31
    Join Date
    Apr 2011
    Location
    Las Vegas, NV
    Posts
    1,627
    Quote Originally Posted by quad3datwork View Post
    Get 1 256MB VPS, run PowerDNS and find free DNS host that allows AXFR to it as secondary slave (i.e. He.net).
    You can do that as long as you only have a few domains to host and you are aware of all of them. The problem is that when resellers start adding domains it starts becoming difficult to keep up with.

    The AXFR protocol transfers zone file information only when it is requested by the secondary DNS server. AXFR can't poll your server for a list of domains you are hosting. You need to somehow let the secondary DNS server know which domains it needs AXFR information for. As I said, that's fine if you only have a limited number of domains. In that case you might try BuddyNS.com, which is a free service.

    http://www.buddyns.com

    You can use BuddyNS for your secondary DNS server for as many domains as you like, still for free, and it's pretty good service.

    But if you are going to be hosting a lot of domains, particularly with resellers adding domains to your server without your knowledge, then you will need a more automated solution.

  32. #32
    Join Date
    Mar 2009
    Location
    Austin, TX
    Posts
    934
    I'm not an expert in DNS, nor I claimed myself to be... let me put that up front. I'm here learning just like everyone else.


    Quote Originally Posted by BuffaloBill View Post
    Have you actually set this up and seed how easy it is to flood the name servers? On a normal VPS with what you are saying you can bring down the name servers with about 20 Mbps of DNS traffic....
    My 4 year old nephew can write a script to generate more traffic than that with false UDP queries.

    If that's a win for you.... then woot!
    Sorry, but I failed to understand what you trying to say. Wouldn't it be the same w/ cPanel DNS cluster setups? Or any baremetal BIND cluster setups? Or this only affects PowerDNS? Please do provide informative details and/or links. Plus, won't a rate-throttle firewall setup prevent this type of attacks?


    Quote Originally Posted by ajonate View Post
    You can do that as long as you only have a few domains to host and you are aware of all of them. The problem is that when resellers start adding domains it starts becoming difficult to keep up with.

    The AXFR protocol transfers zone file information only when it is requested by the secondary DNS server. AXFR can't poll your server for a list of domains you are hosting. You need to somehow let the secondary DNS server know which domains it needs AXFR information for. As I said, that's fine if you only have a limited number of domains. In that case you might try BuddyNS.com, which is a free service.

    http://www.buddyns.com

    You can use BuddyNS for your secondary DNS server for as many domains as you like, still for free, and it's pretty good service.

    But if you are going to be hosting a lot of domains, particularly with resellers adding domains to your server without your knowledge, then you will need a more automated solution.
    What you saying is... any new domains created won't get AXFR off to the slaves?
    SysAdmin.xyz
    Having severs with customer data on it without proper monitoring is like having one night stand without using protections - eventually, there will be an 'oh s**t!' moment.

  33. #33
    Join Date
    Apr 2011
    Location
    Las Vegas, NV
    Posts
    1,627
    Quote Originally Posted by quad3datwork View Post
    What you saying is... any new domains created won't get AXFR off to the slaves?
    Yes, that's correct. AXFR is a protocol designed to transfer zone information when requested. You need to find another solution to make the slave DNS server aware of new domains, as well as any deleted domains.

    I do this in two phases:

    1) In the first phase the master DNS server runs a script that creates a .conf file containing the zone listing (but not the detailed zone file information), then writes the .conf file to a web accessible location. A second slave server script fetches the .conf file with wget and places it where BIND can find it, then restarts BIND so BIND can create the new zone files automatically as it starts.

    2) Once Bind is aware of the new zones from the above .conf file, you can either run AXFR or rsync to fetch the zone file information. From then on AXFR or rsync can take care of the zones, at least until the .conf file lets the slave DNS server know that a zone has been deleted.

  34. #34
    This is very interesting topic...
    Any recomended free dns provider on the internet?
    SerayaHost.com :: Care Hosting With Value Price
    Email : sales @ serayahost.com | cPanel & US Server
    Your Domain Reseller Partner

  35. #35
    Join Date
    Apr 2011
    Location
    Las Vegas, NV
    Posts
    1,627
    Quote Originally Posted by SerayaHost View Post
    This is very interesting topic...
    Any recomended free dns provider on the internet?
    If you don't mind entering your domains manually, buddyns.com is a great free service. But I'm not aware of any free service that has a solution for making the secondary DNS server aware of new or removed zones automatically.

  36. #36
    Join Date
    Apr 2011
    Location
    Las Vegas, NV
    Posts
    1,627
    This is the tutorial on how to write a couple of scripts for a slave DNS server to fetch the zone listing from a master DNS server. I'll do this in a couple of installments, this being the master DNS server configuration part, since my descriptions are detailed. Really, this involves little more that creating a short & simple script, but I want you to know exactly how to edit the script.

    Note that my master DNS server is in Dallas and my slave DNS server is in Denver. I identify the scripts accordingly (i.e., updatedenver, getdallas, etc.). I hope that makes the tutorial more clear and not more confusing.

    MASTER SERVER CONFIGURATION

    The first thing that needs to be done is to create a zone listing file in the master DNS server machine that can be used as a .conf file by BIND in the slave DNS server. However, we’ll use the file extension .txt in this script, since Apache is funny about transferring .conf files.

    You will need to determine where the active .conf file is on the master DNS server. The BIND default location is /etc/named.conf, but I use the Kloxo control panel so my conf file happens to be:

    /var/named/chroot/etc/kloxo.named.conf

    Also you need to decide where you want the zone files in the slave machine to end up. In my case I wanted the files to be in the following directory.

    /var/named/chroot/var/named/slaves/dallas/named/

    Note that I used “dallas” in the path, since my master DNS server VPS happens to be in Dallas. That not only leaves room for future server locations, but also keeps files orderly. With my master DNS server in Dallas and my slave DNS server in Denver, I keep things straight by referencing those locations. For that reason, I’ll called the script updatedenver. So you should use a text editor to create a file in /var/named called updatedenver, then paste the following code into it.

    #!/bin/sh
    #
    for domain in `grep ^zone /var/named/chroot/etc/kloxo.named.conf |grep "type master" |/bin/awk '{print $2}' |/bin/awk -F\" '{print $2}'`
    do
    /usr/bin/printf "zone \"${domain}\" { type slave; file \"/var/named/chroot/var/named/slaves/dallas/named/${domain}\"; masters { 174.34.133.23; }; };\n"
    done > /home/admin/entomy.com/dns/updatedenver.txt


    In the first line of code (the “for” statement), the only thing you need to change is the path to your named.conf file. In this case it will be the path to the kloxo.named.conf.

    In the “printf” statement, change the path to where you want to zone files to be put. When this conf file is eventually applied in the slave DNS server, BIND will create empty zone files in the slave server according to there you specify in this statement.

    In the last statement, enter the path to a web accessible location to deposit the output file of this script.

    Once done editing the file, save it. I called my script updatedenver and put it in /var/named/, which will work fine.

    Now login to SSH as root and enter the following command to make sure that the web accessible script is writable. You will edit the path to the web accessible location of your choice.

    # mkdir /home/admin/entomy.com/dns/
    # chown 755 /home/admin/entomy.com/dns/


    Now test run the script.

    # sh /var/named/updatedenver

    Check the output of the script buy navigating to the web accessible directory and opening the output file with a text editor. Mine is located at.

    /home/admin/entomy.com/dns/updatedenver.txt

    You should see a line in that file for each existing zone, specifying the path location for the zone file in the slave DNS machine.

    Once you get the script running properly, you should create a cron job to run the script at regular intervals. In this case, we’ll run it once per hour so there will always be a fresh listing of your zones available to the slave DNS server to fetch. Using webmin, click the System icon at the top and click the Scheduled Cron Jobs icon. Click the “Create a new scheduled cron job” link. Fill it out like this:

    http://entomy.com/dns_cron.jpg

    That concludes the Master DNS server configuration, at least as far as updating zone names is concerned.

  37. #37
    Join Date
    Apr 2011
    Location
    Las Vegas, NV
    Posts
    1,627
    This is the second half of the tutorial on how to configure a slave DNS server to fetch the zone name listing from a master DNS server. The previous section configured the master DNS server to make the listing available. This section will configure the slave DNS server.

    SLAVE DNS SERVER CONFIGURATION

    The objective of this section is to configure the slave DNS server to fetch a zone information file from the master DNS server, place the file in a location that is accessible to BIND, and then apply those zones to BIND by restarting the application. To do that you need to create a script.

    Create a text file and paste the following code into it:

    #!/bin/sh
    wget http://entomy.com/dns/updatedenver.txt -O /var/named/chroot/var/named/slaves/dallas.conf
    /etc/init.d/named restart


    The wget statement fetches the file from the master DNS server, and then saves it as a file called dallas.conf in the specified location. You will need to edit the URL of the text file location to the actual web accessible location you put it in on the master DNS server. Likewise, edit the name and location of the .conf file to your liking. When done, save the file. I called the file getdallas, since my master DNS server is in Dallas, and saved it in the var/named/chroot/var/named/slaves/ directory, the same location as I put the .conf file.

    Now open your named.conf file (normally found in /etc) and place this statement at the end of the file.

    include "/var/named/chroot/var/named/slaves/dallas.conf";

    You will need to edit the path and file name to match the location of the .conf file you specified in the script. Save the file.

    Now login to SSH as root and create the .conf file so it can be written to by your script, editing for the proper path and file name of course.

    # touch /var/named/chroot/var/named/slaves/dallas.conf

    Create the directory for the zone files to be created in, make the directory writable, and then restart BIND.

    # mkdir /var/named/chroot/var/named/slaves/dallas/
    # mkdir /var/named/chroot/var/named/slaves/dallas/named/
    # chown 777 /var/named/chroot/var/named/slaves/dallas/
    # chown named:named /var/named/chroot/var/named/slaves/dallas/
    # chown 777 /var/named/chroot/var/named/slaves/dallas/named/
    # chown named:named /var/named/chroot/var/named/slaves/dallas/named/
    # /etc/rc.d/init.d/named restart


    Of course, all of the above can be done a lot quicker & easier using the webmin file manager, but it works fine from the command prompt.

    With those tasks done, test run the script from the command prompt.

    /var/named/chroot/var/named/slaves/getdallas

    With any luck, your output will look like this.

    http://entomy.com/getdallas.jpg

    You can see from the output that the file was fetched, saved in the proper location, then named was restarted successfully.

    Once you have the script running the way you want it to, create a cron job to run the script soon after the script on the master DNS server runs. Scheduling the scripts to run once or twice an hour is normally sufficient for redundant DNS.

    Note that the zone files that were created from these scripts will be empty files. These scripts are only intended to make the slave DNS server aware of changes in the master DNS server zone listing. You will need to configure another solution to fetch the zone file contents, such as AXFR, rsync, or scp. However, it’s important to note that any zone files that existed in the slave DNS server before the script was run that already contained zone details will not be overwritten.

  38. #38
    Join Date
    Apr 2011
    Location
    Las Vegas, NV
    Posts
    1,627
    In this, my third and final installment of the tutorial, I will describe how I automatically update the contents of the zone files using rsync.

    UPDATE ZONE FILE CONTENTS

    Now that we have the zone files entered into the slave DNS server successfully, the zone files need to be populated with current information from the master DNS server. There are a number of ways to do that; AXFR (or IXFR), rsync, scp, etc. Setting up any of those methods is an involved process, and they all work (some better than others), but I’ve found rsync to be the most satisfactory solution for updating zone files.

    Before starting, confirm that both the master DNS server and the slave DNS server machines have the latest rsync installed.

    # yum install rsync

    On the master DNS server machine, create a user that has a password and login access. Using webmin you can click the System icon at the top and then click the Users and Groups icon. Click the “Create a new user” link. Fill it out like this.

    http://entomy.com/user.jpg

    Also, farther down the page next to “Primary group” select “Existing group” and enter named, like this.

    http://entomy.com/user1.jpg

    Click the Create button at the bottom.

    Determine where your zone files are located in your master DNS server. Those are usually in one of these two locations.

    /var/named/
    /var/named/chroot/var/named/

    If you are in the correct directory you will see individual files for each zone you maintain. The file naming convention is simply the domain name that the zone services.

    On the slave DNS server machine, test rsync by logging into SHH as root and issuing the following command.

    # rsync -avz -e ssh [email protected]:/var/named /var/named/slaves/

    Where “dnsdenver” is the user you created in the master DNS machine and example.com is the domain name (or IP address) of your master DNS server. The first /var/named entry is the location in your master DNS server where the zone files are located, and /var/named/slaves/ is the location in the slave DNS server where you want the zone files to be replicated.

    Note that if you are using a non-standard SSH port (555 in this example) that you will need to enter the command like this:

    # rsync -avz -e "shh -p 555" [email protected]:/var/named/ /var/named/slaves/dallas/

    The test run will ask for the password of the user, but we’ll take care of that later. Right now you want to get your source and target directories doing exactly what you want them to do. That is, rsync is finding the zone files in the master DNS server machine, and updating the zone files in the slave DNS server machine. Test run rsync as many times as you need to in order to get it working right.

    Note that rsync might be moving some sub directories to the slave DNS server machine that you don’t need. Don’t worry about that now, we’ll exclude those later.

    Once you are satisfied that rsync is doing exactly what you want it to do, we’ll move-on make rsync run without user interaction by installing a key.

    On the slave DNS server machine, login to SSH as root and issue the following commands.

    IMPORTANT: Don’t enter your password when prompted. If you enter your password rsync will still require user interaction. Just press Enter when prompted for a password.

    # mkdir /root/rsync
    # ssh-keygen -t dsa -b 1024 -f /root/rsync/mirror-rsync-key

    Now copy the key you just created to the master DNS server machine.

    # scp /root/rsync/mirror-rsync-key.pub [email protected]:/home/dnsdenver/

    If you have difficulty with the above command for some reason (perhaps a firewall issue from a non-standard SSH port) don’t fret over it too much. Use whatever method you wish to transfer the file, just make sure that it’s in the home directory for the user you created in the master DNS server machine.

    On the master DNS server machine, login to SSH as the user you created (dnsdenver in my example) but NOT AS ROOT. You MUST login as the user you created. Enter the following commands.

    # mkdir ~/.ssh
    # chmod 700 ~/.ssh
    # mv ~/mirror-rsync-key.pub ~/.ssh/
    # cd ~/.ssh
    # touch authorized_keys
    # chmod 600 authorized_keys
    # cat mirror-rsync-key.pub >> authorized_keys

    Your key should now be installed in the master DNS machine and is ready for testing.

    On the slave DNS server machine, login to SSH as root and issue this more detailed rsync command (it is all one command, but wrapping to a new line).

    rsync -avz --delete --exclude=**/data --exclude=**/slaves -e "ssh -p 555 -i /root/mirror-rsync-key" [email protected]:/var/named /var/named/slaves/dallas

    Note that we’ve added a few things since we tested rsync earlier. The “--delete” entry tells rsync to remove any files that it finds on the slave DNS server that are no longer on the master DNS server. The “--exclude=” entries tell rsync to ignore the /data and /slaves directories, so they won’t be transferred any longer. The “ssh” commands between the double-quotes tells SSH to use the non-standard SSH port 555, and to authenticate using the specified key. If you are using the standard SSH port of 22 then you can enter the “ssh” entry like this.

    "ssh -i /root/mirror-rsync-key"

    The rest of the entries should be entered exactly as what worked well for you during the testing phase.

    If the command does what you want it to do, and runs without asking for a password, then you are ready to automate the process. To do that you will run the rsync to update zone file contents each time the zone file list is updated. We can do that by entering the final rsync command in the script that we wrote for the slave DNS server. In the example we called it getdallas and placed it in the following directory.

    /var/named/chroot/var/named/slaves/

    Edit the script with a text editor, adding the rsync command on a new line so it looks like this.

    http://entomy.com/script.jpg

    Test run the script using SSH as root on slave DNS machine, just to be sure everything works as it should. You don’t need to do anything else, since the cron job for that script was created in a previous step. You can run the scripts in the two machines as often as you wish, but bear in mind that the DNS server in the slave machine will be unavailable for the time it takes to restart named.
    Last edited by ajonate; 05-08-2011 at 10:34 PM.

  39. #39
    Join Date
    Apr 2011
    Location
    Las Vegas, NV
    Posts
    1,627
    This thread has inspired me to do some experiments that I've been wanting to do for some time regarding the mirroring of a BIND DNS server. The new implementation requires only a fraction of the configuration effort that the previous three posts require.

    The strategy is to configure both DNS servers as master servers, then rsync both the .conf file and the zone files directly to the secondary DNS server using a scheduled cron job. I can't believe how well it works, and how simple it was to setup.

  40. #40
    Join Date
    Apr 2010
    Location
    North Carolina
    Posts
    430
    I set 3 VPSs up as NSD "masters" and rsync the config and zones around, but I don't use a cron job. I place a script on the secondaries which pulls the changed zones and config from the primary box and restarts NSD. Then on the primary I have a script which runs the script on 2 secondary servers. Within 25 seconds of running the script on the primary server all 3 VMs are serving the updated zones.

Page 1 of 2 12 LastLast

Similar Threads

  1. 2 vps for DNS hosting
    By nel$on in forum VPS Hosting
    Replies: 12
    Last Post: 11-22-2010, 12:38 AM
  2. Cheap DNS, or cheap VPS provider that allows DNS hosting
    By Doktor Jones in forum Domain Names
    Replies: 25
    Last Post: 10-24-2010, 11:47 PM
  3. Using VPS for Backup / DNS hosting
    By HSVI-V in forum VPS Hosting
    Replies: 11
    Last Post: 09-20-2009, 04:14 PM
  4. DNS Hosting on a VPS
    By panki in forum Hosting Security and Technology
    Replies: 1
    Last Post: 09-18-2007, 01:02 AM
  5. Any cheap VPS for hosting DNS?
    By Qoo in forum VPS Hosting
    Replies: 6
    Last Post: 05-16-2005, 03:00 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •