Question AlmaLinux 9.1: bind configuration for slave dns

[FYI]

Server operating system version

AlmaLinux 9.1

Plesk version and microupdate number

Obsidian

Hey guys,

i actually preparing 2 AlmaLinux 9.1 servers to work with DNS Slave Manager Extension. I already installed bind, but have some questions about the configuration.

I have read this article:

Slave DNS and Plesk

Updated: April 2021 Preface There are several reasons why you might need at least two DNS servers for serving your sites: You purchased a domain name from a domain registrar. To delegate the domain, many registrars require the domain zone to be served by at least two name servers residing in...

www.plesk.com

But the configuration of bind on AlmaLinux is different to debian/ubuntu servers. So the named.conf isnt within /etc/bind/named.conf.option. I researched a bit and found out, that its within /etc/named.conf and the bind folder itself is /etc/named.

In the example there will get set the "allow-new-zones yes;" in the options directive. As i can set it, but there is no default option from that. So my question is if i should set it or there should be a default set for that option?

Another question would be - i want to build authoritive servers. In the default named configuration recursion is active. Does i need to disable it?

maybe someone already configured successfull named on AlmaLinux 9.x and can tell me, if there need to get something else configured or just the things from the named example?

Best regards

 

[FYI]

Okay, i answered on my self with bind9 documentation.

Just for reference, i need to disable recursion to be a authorative only dns. Further i just need to add the allow new zones to option directive and then follow again the guide above.

 

[FYI]

I got an error while restarting bind and maybe someone can help me.

The error:

Jan 31 15:33:09 ns2.geeks64.de bash[2083]: /etc/named.conf.local:6: missing ';' before ','
Jan 31 15:33:09 ns2.geeks64.de bash[2083]: /etc/named.conf.local:6: missing ';' before '"'

my named.conf.local:

key "plesk-key" {
   algorithm hmac-md5;
   secret "mysecretkey";
};
controls {
    inet * port 953 allow { 12.12.12.12; 127.0.0.1; } keys {"rndc-key", "plesk-key"; };
};

 

[FYI]

Solved again, had a typing error.

 

[FYI]

And thats something i did not getting solved alone...

So i setup now 2 bind9 servers as from guide above and added them into Slave DNS Manager, but thats reporting:

rndc: connect failed: 159.69.14.206#953

Thats something i need your help with guys

 

[FYI]

So i just was debugging a bit... maybe someone can help to dig deeper.

• When i do a telnet from my plesk server to nameserver on port 953 i get a "no route to host".
• If i check with ss -ltn the open ports on ns1 and ns2 their is 953 listed on 0.0.0.0
• a ping from the plesk server to nameserver works
• i checked iptables but everything is open
• the hardware firewall from hetzner did not block outgoing traffic, income is also not blocked
• when i do a nmap -sS -p 953 plesk.server.ip.addr its responding "953/tcp filtered rndc"
• im audit.log des ns1 und ns2 ist nichts was auf die ip des plesk servers oder lport=953 passt
• if i do "tcpdump -i ens3 tcp port 953" to ns1 and a telnet from plesk server on port 953 this is the sequence
  • "IP p1.domain.tld.39478 > ns1.domain.tld.rndc: Flags , seq 566242001, win 64240, options [mss 1460,sackOK,TS val 2597433348 ecr 0,nop,wscale 7], length 0"

i'm starting to struggle...