Use WHM's Edit Setup
in WHM goto
Server Setup -& Edit Setup -& the last field &Master Name Server&
Enter the hostname or IP address of a primary nameserver (if this is not a primary nameserver.) that domain and subdomain updates should be sent to. If you turn this option on you will turn this server into a slave server. A trust key relationship must be established beforing entering the hostname (Optional).
Examples: trusted.server.com, ns1.myhost.com, ns2.anotherhost.com
then press Save
Also make sure /etc/resolv.conf of the second server has correct info.
If you want to make sure your settings are correct?
Connect to your second server via SSH then type:
dig domain.com
* replace domain.com in above command with one of hosted domains in your first server it's recommended to test two domains, one your server domain and one the other hosted.
you should see DNS settings.
in WHM goto
Server Setup -& Edit Setup -& the last field &Master Name Server&
Enter the hostname or IP address of a primary nameserver (if this is not a primary nameserver.) that domain and subdomain updates should be sent to. If you turn this option on you will turn this server into a slave server. A trust key relationship must be established beforing entering the hostname (Optional).
Examples: trusted.server.com, ns1.myhost.com, ns2.anotherhost.com
then press Save
Also make sure /etc/resolv.conf of the second server has correct info.
If you want to make sure your settings are correct?
Connect to your second server via SSH then type:
dig domain.com
* replace domain.com in above command with one of hosted domains in your first server it's recommended to test two domains, one your server domain and one the other hosted.
you should see DNS settings.
Wish it was that easy
I spent months trying to get the two server setup working properly and never could until I paid someone to do it that was an expert with the control panel interface. Yes it will all work but it's not very easy to get it all together properly. The bigest problem from the start, is to get the named.conf entries for each server on both servers. If you don't have that right, you will continually have problems and they will never update each other.
The previous comment will get it working but not properly and in fact the site will only go to the nameserver listed for that particular machine and not the master also. I placed a lot of post about this but none of the comments ever worked so I would say getting some expert help is well worth it.
I spent months trying to get the two server setup working properly and never could until I paid someone to do it that was an expert with the control panel interface. Yes it will all work but it's not very easy to get it all together properly. The bigest problem from the start, is to get the named.conf entries for each server on both servers. If you don't have that right, you will continually have problems and they will never update each other.
The previous comment will get it working but not properly and in fact the site will only go to the nameserver listed for that particular machine and not the master also. I placed a lot of post about this but none of the comments ever worked so I would say getting some expert help is well worth it.
Get your Slave DNS working (secondary DNS)
This is a complete step by step instruction:
Get your Slave DNS working (Secondary DNS)
A) Declarations:
We consider
ns1.domain.com as primary DNS
ns2.domain.com as secondary DNS (Slave DNS)
Server 1 which contains your Primary DNS
server1.domain.com
Server 2 which will contain your Slave DNS after following these Steps
server2.domain.com
We consider Server 2 as a clean server I mean a server without DNS zones (Customers' domains) also if you have DNS zones already on the server 2 additional settings and commands are necessary which should be done by an expert IT engineer and is beyond the size of this post due to its various cases.
But if you can delete server2 domains & users you can go ahead, don’t forget to use this command at next :
On server 2 In WHM -& DNS Functions -& Perform a DNS Cleanup
B) Before you Begin:
1. Make sure your /etc/hosts & /etc/resolv.conf are correct on all servers
/etc/hosts :
# Do not remove the following line, or various programs
# That requires network functionality will fail.
127.0.0.1 localhost.localdomain localhost
Server2-IP domain.com Server2
/etc/resolv.conf :
domain domain.com
search domain.com
nameserver 127.0.0.1
nameserver IP-of-nameserver
nameserver IP-of-nameserver
2. Connect to server 2 by SSH and type:
dig axfr domain.com @ip-of-ns1.domain.com
i.e.
dig @10.20.30.40 domain.com axfr
You should see your domain.com DNS records, it ensures that you have domain transfer right
Notice: If you want to know more read about AXFR and IXFR protocols or refer to BIND documents
3. You should have SSH on both servers set-up and working correctly.
4. Initial Name Server (BIND) on Server 2
C) Setting up Slave DNS on Server 2
* Go to server2 WHM and follow these steps
1. Server Setup -& Edit Setup -& in “Master Name Server” field add the IP address of ns1.domain.com
* all other fields should have valid information like BIND version, name servers and etc.
2. DNS Functions -& “Establish A Trust Relationship With a Primary Nameserver”
What you will need to enter during the process is the Master NameServer (server 1) root password
*This Step uses SSH to connect to the Master Server
3. DNS Functions -& “Synchronize DNS Records With Primary Nameserver”
4. DNS Functions -& Edit a DNS Zone
All of the Zones on Server 1 should be appeared
Congratulations! OK that’s it. Now you have the Slave DNS (Secondary) Online.
Don’t use above instructions if you don’t understand the steps.
This is a complete step by step instruction:
Get your Slave DNS working (Secondary DNS)
A) Declarations:
We consider
ns1.domain.com as primary DNS
ns2.domain.com as secondary DNS (Slave DNS)
Server 1 which contains your Primary DNS
server1.domain.com
Server 2 which will contain your Slave DNS after following these Steps
server2.domain.com
We consider Server 2 as a clean server I mean a server without DNS zones (Customers' domains) also if you have DNS zones already on the server 2 additional settings and commands are necessary which should be done by an expert IT engineer and is beyond the size of this post due to its various cases.
But if you can delete server2 domains & users you can go ahead, don’t forget to use this command at next :
On server 2 In WHM -& DNS Functions -& Perform a DNS Cleanup
B) Before you Begin:
1. Make sure your /etc/hosts & /etc/resolv.conf are correct on all servers
/etc/hosts :
# Do not remove the following line, or various programs
# That requires network functionality will fail.
127.0.0.1 localhost.localdomain localhost
Server2-IP domain.com Server2
/etc/resolv.conf :
domain domain.com
search domain.com
nameserver 127.0.0.1
nameserver IP-of-nameserver
nameserver IP-of-nameserver
2. Connect to server 2 by SSH and type:
dig axfr domain.com @ip-of-ns1.domain.com
i.e.
dig @10.20.30.40 domain.com axfr
You should see your domain.com DNS records, it ensures that you have domain transfer right
Notice: If you want to know more read about AXFR and IXFR protocols or refer to BIND documents
3. You should have SSH on both servers set-up and working correctly.
4. Initial Name Server (BIND) on Server 2
C) Setting up Slave DNS on Server 2
* Go to server2 WHM and follow these steps
1. Server Setup -& Edit Setup -& in “Master Name Server” field add the IP address of ns1.domain.com
* all other fields should have valid information like BIND version, name servers and etc.
2. DNS Functions -& “Establish A Trust Relationship With a Primary Nameserver”
What you will need to enter during the process is the Master NameServer (server 1) root password
*This Step uses SSH to connect to the Master Server
3. DNS Functions -& “Synchronize DNS Records With Primary Nameserver”
4. DNS Functions -& Edit a DNS Zone
All of the Zones on Server 1 should be appeared
Congratulations! OK that’s it. Now you have the Slave DNS (Secondary) Online.
Don’t use above instructions if you don’t understand the steps.
[quote:727a2d995b][i:727a2d995b]Originally posted by itf[/i:727a2d995b]
2. DNS Functions -& “Establish A Trust Relationship With a Primary Nameserver”
What you will need to enter during the process is the Master NameServer (server 1) root password
*This Step uses SSH to connect to the Master Server then processing the right commands; SSH connection could be established by various ciphering algorithms -SSH(1) & RSA keys, SSH(2) DSS/DSA keys-, I mean SSH is required on both servers working properly to pass this step. If you experienced any problem about SSH just Post a reply I’ll write another Instruction about How to make SSH key pairs.
[/quote:727a2d995b]
Hi,
When I try to establish a trust relationship with my primary nameserver, I get this error message after the script sent the root password:
Permission denied, please try again.
I tried it again and again, but it didn't help. Can you please explain to me how to make SSH key pairs, or what I possibly did wrong? Thanks!
2. DNS Functions -& “Establish A Trust Relationship With a Primary Nameserver”
What you will need to enter during the process is the Master NameServer (server 1) root password
*This Step uses SSH to connect to the Master Server then processing the right commands; SSH connection could be established by various ciphering algorithms -SSH(1) & RSA keys, SSH(2) DSS/DSA keys-, I mean SSH is required on both servers working properly to pass this step. If you experienced any problem about SSH just Post a reply I’ll write another Instruction about How to make SSH key pairs.
[/quote:727a2d995b]
Hi,
When I try to establish a trust relationship with my primary nameserver, I get this error message after the script sent the root password:
Permission denied, please try again.
I tried it again and again, but it didn't help. Can you please explain to me how to make SSH key pairs, or what I possibly did wrong? Thanks!
[quote:73bf0b5059][i:73bf0b5059]Originally posted by autson[/i:73bf0b5059]
Does this mean that the slave dns server can never hold user accounts? Or can it AFTER the slave dns has been setup properly?
Thanks everyone.[/quote:73bf0b5059]
No! every time you make any modification to DNS settings primary DNS will be modified and Slave DNS will be updated automatically to affect that changes. It means both of them have your DNS settings with interaction by using axfr and ixfr protocols.
Does this mean that the slave dns server can never hold user accounts? Or can it AFTER the slave dns has been setup properly?
Thanks everyone.[/quote:73bf0b5059]
No! every time you make any modification to DNS settings primary DNS will be modified and Slave DNS will be updated automatically to affect that changes. It means both of them have your DNS settings with interaction by using axfr and ixfr protocols.
[quote:fef330fcf4][i:fef330fcf4]Originally posted by H2Hosting.com[/i:fef330fcf4]
how to solve &Permission denied& problem? Can you help? Thanks[/quote:fef330fcf4]
make sure you have /root/.ssh directory in both servers (Master and Slave)
Also make sure you entering the right password of master server.
how to solve &Permission denied& problem? Can you help? Thanks[/quote:fef330fcf4]
make sure you have /root/.ssh directory in both servers (Master and Slave)
Also make sure you entering the right password of master server.
itf how do your instructions address the need to maintain an updated named.conf on your primary nameserver as well as an updated name.conf on a secondary nameserver with the correct syntax reflecting they are slave zones.
Your solution appears to only cover half of the battle. Replicating zone file data and changes is one thing. Replicating new entries to a primary's named.conf and then having those entries reverse replicated to a secondary or tertiery name server that needs real time information is something that BIND doesn't support and something that must happen in order to have a functioning nameserver.
If you have a solution that entails bind and cpanel I would be interested to hear it. Otherwise it will require additionally scriptinging and sysadmin processes to accomplish the full task of maintaining a primary/secondary topology within a cpanel infrastructure.
Your solution appears to only cover half of the battle. Replicating zone file data and changes is one thing. Replicating new entries to a primary's named.conf and then having those entries reverse replicated to a secondary or tertiery name server that needs real time information is something that BIND doesn't support and something that must happen in order to have a functioning nameserver.
If you have a solution that entails bind and cpanel I would be interested to hear it. Otherwise it will require additionally scriptinging and sysadmin processes to accomplish the full task of maintaining a primary/secondary topology within a cpanel infrastructure.
[quote:422c360e4a][i:422c360e4a]Originally posted by btrieve[/i:422c360e4a]
itf how do your instructions address the need to maintain an updated named.conf on your primary nameserver as well as an updated name.conf on a secondary nameserver with the correct syntax reflecting they are slave zones.
Your solution appears to only cover half of the battle. Replicating zone file data and changes is one thing. Replicating new entries to a primary's named.conf and then having those entries reverse replicated to a secondary or tertiery name server that needs real time information is something that BIND doesn't support and something that must happen in order to have a functioning nameserver.
If you have a solution that entails bind and cpanel I would be interested to hear it. Otherwise it will require additionally scriptinging and sysadmin processes to accomplish the full task of maintaining a primary/secondary topology within a cpanel infrastructure.[/quote:422c360e4a]
What I wrote in this thread
&This is a complete step by step instruction:
Get your Slave DNS working (Secondary DNS)& ( http://forums.cpanel.net/read.php?TID=2886&page=1#12807 )
is how to set up Cpanel to get Slave DNS working, you don't need any additional scripts Cpanel will do it all for you. Just follow the instaructions.
But If you want to know How to do it manually on a non-Cpanel powered server that is another issue.
itf how do your instructions address the need to maintain an updated named.conf on your primary nameserver as well as an updated name.conf on a secondary nameserver with the correct syntax reflecting they are slave zones.
Your solution appears to only cover half of the battle. Replicating zone file data and changes is one thing. Replicating new entries to a primary's named.conf and then having those entries reverse replicated to a secondary or tertiery name server that needs real time information is something that BIND doesn't support and something that must happen in order to have a functioning nameserver.
If you have a solution that entails bind and cpanel I would be interested to hear it. Otherwise it will require additionally scriptinging and sysadmin processes to accomplish the full task of maintaining a primary/secondary topology within a cpanel infrastructure.[/quote:422c360e4a]
What I wrote in this thread
&This is a complete step by step instruction:
Get your Slave DNS working (Secondary DNS)& ( http://forums.cpanel.net/read.php?TID=2886&page=1#12807 )
is how to set up Cpanel to get Slave DNS working, you don't need any additional scripts Cpanel will do it all for you. Just follow the instaructions.
But If you want to know How to do it manually on a non-Cpanel powered server that is another issue.
These are the answers of most frequently asked questions that I received via private message or email regarding setting up Cpanel for Slave DNS from users of this board.
Q. “I used
dig @ip-of-master-server serverdomain.com axfr
but received transfer failed, Why?”
A. You haven’t A record for your serverdomain.com. try
dig @ip-of-master-server serverdomain.com
you can see you have no A record for serverdomain.com
but if you use
dig @ip-of-main-server host.serverdomain.com axfr
it works.
Q. “When I edit my serverdomain.com zone it is not like other zones, why?”
A. You can add those Resource Records manually or by adding an account to your server for serverdomain.com via WHM-&Account Functions-& Add an account, ([b:004cd9aa7a]Attention:[/b:004cd9aa7a] you should not add account like this host.serverdomain.com, [b:004cd9aa7a]but you can add an account for main domain like this serverdomain.com[/b:004cd9aa7a])
Q. “Does Cpanel do necessary configurations after maintenance of accounts to DNS records automatically with a Master/Slave DNS structure?”
A. YES
Q. “Can I have my secondary DNS outside of master subnet?”
A. Yes it is the best practice for Slave DNS
Q. “I used
dig @ip-of-master-server serverdomain.com axfr
but received transfer failed, Why?”
A. You haven’t A record for your serverdomain.com. try
dig @ip-of-master-server serverdomain.com
you can see you have no A record for serverdomain.com
but if you use
dig @ip-of-main-server host.serverdomain.com axfr
it works.
Q. “When I edit my serverdomain.com zone it is not like other zones, why?”
A. You can add those Resource Records manually or by adding an account to your server for serverdomain.com via WHM-&Account Functions-& Add an account, ([b:004cd9aa7a]Attention:[/b:004cd9aa7a] you should not add account like this host.serverdomain.com, [b:004cd9aa7a]but you can add an account for main domain like this serverdomain.com[/b:004cd9aa7a])
Q. “Does Cpanel do necessary configurations after maintenance of accounts to DNS records automatically with a Master/Slave DNS structure?”
A. YES
Q. “Can I have my secondary DNS outside of master subnet?”
A. Yes it is the best practice for Slave DNS
itf,
Thanks for the guide. We used it a couple of weeks ago and got everything running as we expected, however, yesterday we had an outage of BIND for about an hour on the primary server and for some reason requests didn't seem to start using the secondary server for about 30 minutes, so all sites were effectively down for that 30 minutes. Do you have any ideas why there was such a delay?
Thaks,
Jaz
Thanks for the guide. We used it a couple of weeks ago and got everything running as we expected, however, yesterday we had an outage of BIND for about an hour on the primary server and for some reason requests didn't seem to start using the secondary server for about 30 minutes, so all sites were effectively down for that 30 minutes. Do you have any ideas why there was such a delay?
Thaks,
Jaz
[quote:462b0a8852][i:462b0a8852]Originally posted by jsteel[/i:462b0a8852]
itf,
Thanks for the guide. We used it a couple of weeks ago and got everything running as we expected, however, yesterday we had an outage of BIND for about an hour on the primary server and for some reason requests didn't seem to start using the secondary server for about 30 minutes, so all sites were effectively down for that 30 minutes. Do you have any ideas why there was such a delay?
Thaks,
Jaz[/quote:462b0a8852]
That delay is not server side it is due to client side,
Many corporations' and ISPs' DNS servers cache DNS lookups from their clients also DNS lookups are cached by browsers too, When a user receives an IP address, it is cached. Once the cache expires, the user makes another request for the IP address associated with a logical name. That second request will be queried from your slave server in your scenario (primary DNS server down during requests)
However the delay is not exactly 30 minutes it varies due to clients requests, also sites are not down
itf,
Thanks for the guide. We used it a couple of weeks ago and got everything running as we expected, however, yesterday we had an outage of BIND for about an hour on the primary server and for some reason requests didn't seem to start using the secondary server for about 30 minutes, so all sites were effectively down for that 30 minutes. Do you have any ideas why there was such a delay?
Thaks,
Jaz[/quote:462b0a8852]
That delay is not server side it is due to client side,
Many corporations' and ISPs' DNS servers cache DNS lookups from their clients also DNS lookups are cached by browsers too, When a user receives an IP address, it is cached. Once the cache expires, the user makes another request for the IP address associated with a logical name. That second request will be queried from your slave server in your scenario (primary DNS server down during requests)
However the delay is not exactly 30 minutes it varies due to clients requests, also sites are not down
[quote:2f035483e4][i:2f035483e4]Originally posted by itf[/i:2f035483e4]
[quote:2f035483e4][i:2f035483e4]Originally posted by btrieve[/i:2f035483e4]
itf how do your instructions address the need to maintain an updated named.conf on your primary nameserver as well as an updated name.conf on a secondary nameserver with the correct syntax reflecting they are slave zones.
Your solution appears to only cover half of the battle. Replicating zone file data and changes is one thing. Replicating new entries to a primary's named.conf and then having those entries reverse replicated to a secondary or tertiery name server that needs real time information is something that BIND doesn't support and something that must happen in order to have a functioning nameserver.
If you have a solution that entails bind and cpanel I would be interested to hear it. Otherwise it will require additionally scriptinging and sysadmin processes to accomplish the full task of maintaining a primary/secondary topology within a cpanel infrastructure.[/quote:2f035483e4]
What I wrote in this thread
&This is a complete step by step instruction:
Get your Slave DNS working (Secondary DNS)& ( http://forums.cpanel.net/read.php?TID=2886&page=1#12807 )
is how to set up Cpanel to get Slave DNS working, you don't need any additional scripts Cpanel will do it all for you. Just follow the instaructions.
But If you want to know How to do it manually on a non-Cpanel powered server that is another issue.[/quote:2f035483e4]
People need to be aware that this is only going to allow for syncronization in regards to zone files and the data within zone files. Zone entries are also a critical aspect of BIND as a service. The question I posed was whether or not you knew of a cpanel solution to address the fact that BIND as a protocol is not capable of saying &these are the domains I am authorative for, here is the list.&
Let me give you an example -- you have your cpanel server which is a slave DNS. You add a new account to this particular server. The zone file is created, the zone entry in named.conf is made -- the slave relationship and 'allow-transfer'/'allow-update' directives allow for the zone file syncs to take place, HOWEVER, the primary nameserver must also be made aware of the zone entry it now requires in it's named.conf file. -- Without that entry it doesn't know that it is now an authority for a domain which was created on the slave server running cpanel.
Do you follow? This is an extremely important aspect of DNS topology which I would like to know whether or not cpanel addresses within WHM's trust relationships. I think it should be addressed for the benefit of everyone interested in DNS.
[quote:2f035483e4][i:2f035483e4]Originally posted by btrieve[/i:2f035483e4]
itf how do your instructions address the need to maintain an updated named.conf on your primary nameserver as well as an updated name.conf on a secondary nameserver with the correct syntax reflecting they are slave zones.
Your solution appears to only cover half of the battle. Replicating zone file data and changes is one thing. Replicating new entries to a primary's named.conf and then having those entries reverse replicated to a secondary or tertiery name server that needs real time information is something that BIND doesn't support and something that must happen in order to have a functioning nameserver.
If you have a solution that entails bind and cpanel I would be interested to hear it. Otherwise it will require additionally scriptinging and sysadmin processes to accomplish the full task of maintaining a primary/secondary topology within a cpanel infrastructure.[/quote:2f035483e4]
What I wrote in this thread
&This is a complete step by step instruction:
Get your Slave DNS working (Secondary DNS)& ( http://forums.cpanel.net/read.php?TID=2886&page=1#12807 )
is how to set up Cpanel to get Slave DNS working, you don't need any additional scripts Cpanel will do it all for you. Just follow the instaructions.
But If you want to know How to do it manually on a non-Cpanel powered server that is another issue.[/quote:2f035483e4]
People need to be aware that this is only going to allow for syncronization in regards to zone files and the data within zone files. Zone entries are also a critical aspect of BIND as a service. The question I posed was whether or not you knew of a cpanel solution to address the fact that BIND as a protocol is not capable of saying &these are the domains I am authorative for, here is the list.&
Let me give you an example -- you have your cpanel server which is a slave DNS. You add a new account to this particular server. The zone file is created, the zone entry in named.conf is made -- the slave relationship and 'allow-transfer'/'allow-update' directives allow for the zone file syncs to take place, HOWEVER, the primary nameserver must also be made aware of the zone entry it now requires in it's named.conf file. -- Without that entry it doesn't know that it is now an authority for a domain which was created on the slave server running cpanel.
Do you follow? This is an extremely important aspect of DNS topology which I would like to know whether or not cpanel addresses within WHM's trust relationships. I think it should be addressed for the benefit of everyone interested in DNS.
[quote:d91d7ac3d6][i:d91d7ac3d6]Originally posted by btrieve[/i:d91d7ac3d6]
FYI I was just able to confirm with a 3rd party that the WHM trust relationship extends beyond what BIND is capable of and transfers zone entries to named.conf.[/quote:d91d7ac3d6]
btrieve,
I think this is CPanel support forum not a manifesto forum and I know IT well (refer to my profile), the same for BIND, and have not to start from the very beginning
But if you read my posts in this thread I wrote Cpanel will do it all for you and no additional scripts are necessary.
FYI I was just able to confirm with a 3rd party that the WHM trust relationship extends beyond what BIND is capable of and transfers zone entries to named.conf.[/quote:d91d7ac3d6]
btrieve,
I think this is CPanel support forum not a manifesto forum and I know IT well (refer to my profile), the same for BIND, and have not to start from the very beginning
But if you read my posts in this thread I wrote Cpanel will do it all for you and no additional scripts are necessary.
[quote:4315a06d15][i:4315a06d15]Originally posted by hotice007[/i:4315a06d15]
dummy question...
what if server 1 (primary) is unreachable, will server 2 take over all the traffic?[/quote:4315a06d15]
Yes but I answered this question in another post just click on the link to go to that post in this thread (more details)
http://forums.cpanel.net/read.php?TID=2886&page=2#21003
dummy question...
what if server 1 (primary) is unreachable, will server 2 take over all the traffic?[/quote:4315a06d15]
Yes but I answered this question in another post just click on the link to go to that post in this thread (more details)
http://forums.cpanel.net/read.php?TID=2886&page=2#21003
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| A | External DNS Server | Domain Management | 2 | |
| N | domains should use my dns servers | Domain Management | 3 | |
| H | DNS Server is not working properly. | Domain Management | 11 | |
| A | Need to change DNS to $1 Nameservers. | Domain Management | 3 | |
| H | DNS Server Warning | Domain Management | 2 |