• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question AlmaLinux 9.1: bind configuration for slave dns

F

FYI

Basic Pleskian
Server operating system version
AlmaLinux 9.1
Plesk version and microupdate number
Obsidian
Hey guys,

i actually preparing 2 AlmaLinux 9.1 servers to work with DNS Slave Manager Extension. I already installed bind, but have some questions about the configuration.

I have read this article:
www.plesk.com

Slave DNS and Plesk

Updated: April 2021 Preface There are several reasons why you might need at least two DNS servers for serving your sites: You purchased a domain name from a domain registrar. To delegate the domain, many registrars require the domain zone to be served by at least two name servers residing in...
www.plesk.com www.plesk.com

But the configuration of bind on AlmaLinux is different to debian/ubuntu servers. So the named.conf isnt within /etc/bind/named.conf.option. I researched a bit and found out, that its within /etc/named.conf and the bind folder itself is /etc/named.

In the example there will get set the "allow-new-zones yes;" in the options directive. As i can set it, but there is no default option from that. So my question is if i should set it or there should be a default set for that option?

Another question would be - i want to build authoritive servers. In the default named configuration recursion is active. Does i need to disable it?

maybe someone already configured successfull named on AlmaLinux 9.x and can tell me, if there need to get something else configured or just the things from the named example?

Best regards
 
Okay, i answered on my self with bind9 documentation.

Just for reference, i need to disable recursion to be a authorative only dns. Further i just need to add the allow new zones to option directive and then follow again the guide above.
 
I got an error while restarting bind and maybe someone can help me.

The error:
Code: 
Jan 31 15:33:09 ns2.geeks64.de bash[2083]: /etc/named.conf.local:6: missing ';' before ','
Jan 31 15:33:09 ns2.geeks64.de bash[2083]: /etc/named.conf.local:6: missing ';' before '"'

my named.conf.local:
Code: 
key "plesk-key" {
   algorithm hmac-md5;
   secret "mysecretkey";
};
controls {
    inet * port 953 allow { 12.12.12.12; 127.0.0.1; } keys {"rndc-key", "plesk-key"; };
};
 
And thats something i did not getting solved alone...

So i setup now 2 bind9 servers as from guide above and added them into Slave DNS Manager, but thats reporting:
Code: 
rndc: connect failed: 159.69.14.206#953

Thats something i need your help with guys :)
 
So i just was debugging a bit... maybe someone can help to dig deeper.

  • When i do a telnet from my plesk server to nameserver on port 953 i get a "no route to host".
  • If i check with ss -ltn the open ports on ns1 and ns2 their is 953 listed on 0.0.0.0
  • a ping from the plesk server to nameserver works
  • i checked iptables but everything is open
  • the hardware firewall from hetzner did not block outgoing traffic, income is also not blocked
  • when i do a nmap -sS -p 953 plesk.server.ip.addr its responding "953/tcp filtered rndc"
  • im audit.log des ns1 und ns2 ist nichts was auf die ip des plesk servers oder lport=953 passt
  • if i do "tcpdump -i ens3 tcp port 953" to ns1 and a telnet from plesk server on port 953 this is the sequence
    • "IP p1.domain.tld.39478 > ns1.domain.tld.rndc: Flags , seq 566242001, win 64240, options [mss 1460,sackOK,TS val 2597433348 ecr 0,nop,wscale 7], length 0"

i'm starting to struggle...
 
You must log in or register to reply here.

Similar threads

S
Issue DNS multiple entries for 0.0.127.in-addr.arpa
Replies
5
Views
562
scsa20
scsa20
C
Issue Slave DNS Manager
Replies
1
Views
561
AYamshanov
AYamshanov
webdig
Question Multiple servers in same nameserver
Replies
4
Views
1K
Tobias Sorensson
T
N
Question Two Plesk Obsidian Linux Servers Master and Slave DNS
Replies
2
Views
875
Geisti
G
H.W.B
Issue DNSSEC with Ubuntu Problems
Replies
6
Views
3K
Kaspar@Plesk
Kaspar@Plesk
Back
Top