DNS/NS issue

[BruceLee]

well it's working, but poorly.
If you feel fine with this situation, stay with that.
I don't want to force you to anything.

[laughingbuddha]

I just don't understand what further should be done. Do I have to add the IP of NS1 in the Common ACL of NS2? I added the IP of NS2 in the Common ACL of NS1.

I've now run a check on ukclubdj.com, a domain hosted on the main server (s1 / ns1), and it's say "Some name servers are not authoritative for this domain name" in regards to ns2.youandtheweb.net. Why?

I thought having 2 seperate nameservers was the best method, but ever since doing that things have started to go wrong. Why is this?

If I have to add a domain to both servers inorder to get it to work correctly, I might as well just move ns2 back to the same server as ns1.

I found, and followed guides like these two http://wiki.spry.com/Plesk_basic_setup http://www.jodohost.com/plesk/Creating_ ... rvers.html to setup the nameservers, but it seems now its not that simple. Why someone can't write a simple guide to something that is such a common thing I don't know.

Matt

[faris]

Hi Matt,

I'm afraid I got lost in the first few posts on how you had set things up, so I've not really commented until now.

I think the key thing with nameservers and DNS is to understand the "why" before actually then figuring out the "how".

Having said that, I suspect (and I am seriously guessing here) that a big proportion of your problem is down to trying to use Plesk server as a secondary DNS server.

Ignoring the above, here are some things to look out for.

1) A secondary will not update its zone records unless the zone's serial number is lower than the master's.

2) You need to have UDP port 53 open as well as TCP to make sure zone transfers work (I think). EDIT-- no, this is nonsense. DNS normally uses UDP anyway.

OK, now maybe someone can correct me if I'm wrong on any of this because I'm not 100% confident I'm right....

3) Adding the IP of the secondary DNS server to the Common ACL list in the Primary Plesk server basically adds the IP to a list of servers that is allowed to ask the Primary for DNS info (Zone transfer). That's all this does. It does not magically cause transfers to happen.
But if you do not add the IP of the secondary to the Common ACL list, named will not allow the zone transfer to happen and your DNS will not be in synch. Maybe this is the problem?

4) The Secondary always initiates a zone transfer. This means the secondary needs to know which domains to ask the primary about. If you are using another plesk server as the Secondary, this will require you to add, manually, every single domain you host on the Primary to the Secondary.....and this is where things are going to go wrong, potentially. I mean you are going to have a mess of things because you will have to add the domain but not hosting, switch off email and stuff like that. And of course you will have to switch the DNS type to secondary.

The result of 4 is, as I mentioned, a potential mess and complications.

In the old days, 4psa had a product that you could add to a Plesk installation, easily, that automated everything for you. A script runs on the primary which dumps the domain names. The program running on the secondary/plesk loads this, and asks the primary for the zone info. All this without you having to do anything, and without having to add the domains to plesk on the secondary.

However, the latest version of the program is not designed to coexist with plesk - it needs its own server with no plesk. I'm not sure why they made this decision, other than the potential complications involved with having some other program as well as plesk fiddle with dns stuff.

Scott has a script that does much the same thing on a non-plesk server.

There's also this: http://www.bodhost.com/forum/linux-serv ... uster.html which its author seems to indicate DOES work on two plesk servers (but note the bit about manually adding an entry to the plesk database to add the common-allow-transfer thing isn't needed in modern Plesk installs as there's an option in the DNS section to do this for you.

Faris.

[faris]

Oh yes. One more thing. The slave won't request new info from the master unless the refresh interval (as specified in the SOA) has expired.

I think if you restart named on the secondary you can force a refresh though. I think.

Watching /var/log/messages on both systems is a good idea to see what's happening.

Faris.

[faris]

Ooh. Something else I thought of......
I don't think you've got the DNS settings right for secure.thatdomain.tld

On the dedicated server, you have set up all the necessary dns records for thatdomain.tld

On the VPS you have set up all the necessary DNS records for secure.thatdomain.tld

So, at this stage only the VPS knows the DNS settings for secure.thatdomain.tld

Having an A record in the DNS on the dedicated server pointing to the VPS does NOT delegate DNS responsibilities to the VPS. It only sayes that secure.thatdomain.tld is at a certain IP.

So you need to either add secure.thatdomain.tld to the dedicated server and switch it to slave DNS (and add the IP of the dedicated server to the Common ACL on the slave) OR add all the dns records you have on the VPS for secure.thatdomain.tld to the DNS section of thatdomain.tld then set the DNS for secure.thatdomain.tld to slave on the VPS.

Sorry if all this is wrong (I've said this before -- I think I understand DNS until I try to explain things, at which point I often realise I don't!) or if I've misunderstood things. I'm totally confused at this point.

Faris

Faris.

[laughingbuddha]

Wow, this is looking hilariously complecated and almost un-funny.

So basicly I would have to add every domain on the primary to the secondary, switch each on that I don't host on the secondary to slave, and then do this every time I add a domain.

Hummmm, really seems like a waist of time. I now wish I had stuck with the original config where both ns1 and ns2 where on the same server. Seems allot less hassle.

As I'm a newbie, I can't see myself getting my head around installing 3rd party apps to do it either. It just seems to me that there must be a much simpler way of doing what I'm trying to do.

All I want to do is have 2 nameservers, one is redundent/slave to the other so if ones offline, the other takes over. Also so I can add domains to NS2 (s2.youandtheweb.net) and then tell the domain holder to set the namerserver entries for his domain to ns1.youandtheweb.net and ns2.youandtheweb.net.

The reason for putting the subdomains on the second server (NS2 / VPS) is to spread the load of that domain. The dedicated servers co-lo plan has crazy restrictions, and until the contract expires in December, or I pay out for another server, I can't do anything about it.

I hope that explains more clearly what I'm trying to do. As simple solution as possible for a linux lumpty newbie would be helpful

Oh and one other thing, NS2 is now offline, thanks in no part to Webfusions cr*p Ubuntu VPS install. Every time reboot Plesk, it fails to come back up. Roll on when I can get another dedicated in place.

Thanks to every one for your continued patients and help on this matter.

Matt

[faris]

What you say in terms of what you have to do is exactly correct, except you can always try using that pair of scripts in the link I mentioned which will, in theory, automate the process for you.

Faris.

[BruceLee]

I just don't understand what further should be done.

you never configured secure.limegardens.co.uk on s2/ns2 as a slave under Plesk.
why don't you start doing all that was proposed? implement the half is not the best
and definitely no reason to wonder

anyway. what faris is the same that was mentioned before.

adding NS Record in the DNs config of a domain is not enough to start a zone transfer and not
enough for both servers to have any DNS records.

I've now run a check on ukclubdj.com, a domain hosted on the main server (s1 / ns1), and it's say "Some name servers are not authoritative for this domain name" in regards to ns2.youandtheweb.net. Why?

do you have configured the dns settingson ns2 for that domain? no, adding ns as an ns record on ns is not what i talk about. it's abouit having the exact same config tranfered via zone transfer.

I thought having 2 seperate nameservers was the best method, but ever since doing that things have started to go wrong. Why is this?

best method are 2 nameservers set up as primary/secondary via zoen transfer on NON hosting servers.

If I have to add a domain to both servers inorder to get it to work correctly, I might as well just move ns2 back to the same server as ns1.

having one server with two ip's and configure those 2 ip's as ns1 and ns2 helps you only for migration or
if those two ip's are used with to totaly seperated internet connections. otherwise is totally useless.
getting rid of the necessity of two nameservers by doing that is wrong.

Why someone can't write a simple guide to something that is such a common thing I don't know.

if i would start giving you the correct answer for that, the answer would be.
don't try to use your hosting servers as dns servers. thats not the way it should be done.
get two seperated servers and configure them in primary/secondary mode.
the problem you have is the following.
you want to use plesk with servers that have different domains hosted.
configuring plesk on s1/ns1 with acl and s2/ns2 as slave under the domains would do it.
but you have also other domains hosted on s2/ns2 that are not configured on s1/ns1.
and there the problem begins.
Explaining DNS in all details would take too long, even if it's only based on your situation.

1) A secondary will not update its zone records unless the zone's serial number is lower than the master's.

a serial change in SOA Record is always necessary. serial changes under a prim/sec config the primary server is the only one where the change starts

2) You need to have UDP port 53 open as well as TCP to make sure zone transfers work (I think). EDIT-- no, this is nonsense. DNS normally uses UDP anyway.

yes and no. DNS requests come via 53 UDP. Zone transfers via 53 TCP.

3) Adding the IP of the secondary DNS server to the Common ACL list in the Primary Plesk server basically adds the IP to a list of servers that is allowed to ask the Primary for DNS info (Zone transfer). That's all this does. It does not magically cause transfers to happen.
But if you do not add the IP of the secondary to the Common ACL list, named will not allow the zone transfer to happen and your DNS will not be in synch. Maybe this is the problem?

correct, half of the job.

4) The Secondary always initiates a zone transfer.....

no. there are two methods.
no1. -notify process: the master informs slaves about changes (in the best way just incremental). Namserver configured in SOA record is Master. the rest of ns-resource record are slave.
no2. -slave-get process: the slave requests the config from the master with a special interval (refresh time; mostly 1hr configured). is the SOA record of the master higher than from slave in starts to transfer (in the best way just incremental).

process no1. is the standard today and is the preferred method.

It just seems to me that there must be a much simpler way of doing what I'm trying to do.

no, you just don't want to do it the correct way, sorry.
if you dont want to setup correct namesserver system or setup the "long way" via domain creation only on primary and slave is secondary dns, the only solution for you is the script from scott:
http://www.atomicrocketturtle.com/Jooml ... iew/50/29/

[breun]

if you dont want to setup correct namesserver system or setup the "long way" via domain creation only on primary and slave is secondary dns, the only solution for you is the script from scott:
http://www.atomicrocketturtle.com/Jooml ... iew/50/29/

No, that's not the only solution. I like to use PowerDNS with its supermaster feature (automatic provisioning of slaves) myself.

[BruceLee]

yes, these are the only solutions. pdns with his so called "supermaster" is nothing else than another dns server application
that helps you to configure nameservers correctly and thats what i suggested should be done.
if you do it with bind or pdns doenst matter, as long as in the end the config is correct.
It does not replace the zone transfer function nor is a different way of handling the logic task of zone transfers.
"supermaster"-feature is just an additional function for automatic provisioning of slaves.
So using pdns is not another solution, its just a solution that ends up in a correct namesserver system.
you don't need the supermaster function to run a prim/sec dns config correctly, even though it could be helpful for laughingbuddha

dont you agree, breun?

[breun]

Scott's script is also just another way of 'correctly configuring secondary nameservers', right?

The PowerDNS supermaster method only takes one entry in a MySQL table to make this work for a whole server with any number of domains. I'd say it doesn't get much easier than that.

[BruceLee]

Scott's script ....

it's a way, right.

The PowerDNS supermaster method....

that is a really good advantage of pdns, you are right.

I think we have the same opinion about this issue

[laughingbuddha]

Thanks for your time,

Right, I've read Scotts script, it looks good but I have no idea how to install that. I'm not a Linux guru, I'm a linux newbie. I don't know how to do most of those commands via root.

I don't have the funds to buy and host 2 servers just to do DNS, its not a cost effect route to take at this time.

It seems to me what set out as a good idea, has drastically turned into a mess. My only option at this point is to reset my hosting back to the way it was, and put both nameservers on the one server. It may not be correct, but it works. As for the VPS domains, I will just have to configure them via the 123-Reg control panel which is where most are registered anyway.

Only other option open to me is to use a 3rd party DNS service, but that will bring me back to the "How the hell do I set that up" stage.

Thanks for your time,

Matt

[BruceLee]

it's as easy as scott wrote. you just need access to your server and you can use e.g. winscp only.
basically it's downloading scotts files, edit them and the named.conf, create directories, set permission, upload files and make some changes under plesk (ACL and cronjobs).

you should really try it before you get back to previous state.
if errors show up i bet the forum will help you out.

[laughingbuddha]

The webfusion VPS is still offline (support is rubbish) so I've changed the IPs back.

I had enough problems trying to work out the commands to install Magento a few months back. Seriously, when I say newbie, I'm not kidding

Matt