Secondary DNS

Last Update 22 June 2008

Since I wrote this ISPCP have produced a much neated way of working

I recently started using isPCP on one of my servers, its a realy great piece of software but I couldn't find a way to get the dns replication working, so this is an attempt to get somthing working.

This guide assumes you already have working bind dns servers and just want to automate slave servers. It is aimed at users of Debian Linux. The configuration options are generic, but the location of files and version of the software might be different on other Linux flavours. If anyone has any comments, or manages to make this guide work for other Linux flavours please tell me, and I will add the comments to the guide.

My Network

First a few details about my network structure, there are two DNS servers. The primary (master) is beta and the secondary (slave) mars.

Ispcp automatically creates the zones on beta and I want to transfer this information to the slave. My idea was to build on a script I found and automate the end to end process.

Master server config

First on the master server create a user to run the script. I made a new user dnstrans in the bind group.

useradd -g bind -m -p password dnstrans

Next with the help of a little googling I found a script that scanned the bind zone files directory looking for *.db file then cut out the name to create a new file. It didn't work for me initially so I made a few mods and saved the script as /usr/local/sbin/trans.

#!/bin/bash
# Replace "x.y.z.w" with the IP address of your master DNS
MASTER=x.y.z.w
DB_PATH=/var/cache/bind/
user=dnstrans
group=bind
file=/home/$user/`hostname`sec
echo "#start" > $file #empties transfer file
pushd $DB_PATH # changes to directory path and stores pwd
#ls -1 *.db | awk -v m=$MASTER -v path=$DB_PATH '{ print gensub(/(.*)\.db/,"zone\"\\1\" { type slave; file \""path"/manual/\\1.db\"; masters { "m"; }; };", g,$9); }'
ls -1 /var/cache/bind/ |gawk -v m=$MASTER '{print gensub(/(.*)\.db/,"zone \"\\1\" { type slave; masters { "m"; }; file \""path"\\1.db\"; };",1) }' >> $file
chown $user.$group $file
popd # pops back to pwd

You will need to make this execuatable.

chmod +x /usr/local/sbin/trans

This should create a file in dnstrans home directory called xxxsec (where xxx is the hostname of your server).

Next add the update into your crontab, I update every 15 minutes

crontab -e
15 * * * * /usr/local/sbin/trans > /dev/null

Slave server

The next step is to get the secondary zone file from the master server and include it on your secondary server. So on the secondary server create a script to get the dns file I put it in /usr/local/sbin/getdns. You will need to use the password you set up for the dnstrans user earlier

#/bin/bash
cd /etc/bind/
wget ftp://dnstrans:password@master.server.tld/betasec --passive-ftp #download the zone file
rndc reload #reload the dns domains

Edit your bind config adding an include to the new zone file.

echo 'include "/etc/bind/hostnamesec";' >> /etc/bind/named.conf.local

Next add the update into your crontab, I update every hour at 9 minutes past.

crontab -e
09 * * * * /usr/local/sbin/getdns