• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • (Plesk for Windows):
    MySQL Connector/ODBC 3.51, 5.1, and 5.3 are no longer shipped with Plesk because they have reached end of life. MariaDB Connector/ODBC 64-bit 3.2.4 is now used instead.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Question AlmaLinux 9.1: bind configuration for slave dns

F

FYI

Basic Pleskian
Server operating system version
AlmaLinux 9.1
Plesk version and microupdate number
Obsidian
Hey guys,

i actually preparing 2 AlmaLinux 9.1 servers to work with DNS Slave Manager Extension. I already installed bind, but have some questions about the configuration.

I have read this article:
www.plesk.com

Slave DNS and Plesk

Updated: April 2021 Preface There are several reasons why you might need at least two DNS servers for serving your sites: You purchased a domain name from a domain registrar. To delegate the domain, many registrars require the domain zone to be served by at least two name servers residing in...
www.plesk.com www.plesk.com

But the configuration of bind on AlmaLinux is different to debian/ubuntu servers. So the named.conf isnt within /etc/bind/named.conf.option. I researched a bit and found out, that its within /etc/named.conf and the bind folder itself is /etc/named.

In the example there will get set the "allow-new-zones yes;" in the options directive. As i can set it, but there is no default option from that. So my question is if i should set it or there should be a default set for that option?

Another question would be - i want to build authoritive servers. In the default named configuration recursion is active. Does i need to disable it?

maybe someone already configured successfull named on AlmaLinux 9.x and can tell me, if there need to get something else configured or just the things from the named example?

Best regards
 
Okay, i answered on my self with bind9 documentation.

Just for reference, i need to disable recursion to be a authorative only dns. Further i just need to add the allow new zones to option directive and then follow again the guide above.
 
I got an error while restarting bind and maybe someone can help me.

The error:
Code: 
Jan 31 15:33:09 ns2.geeks64.de bash[2083]: /etc/named.conf.local:6: missing ';' before ','
Jan 31 15:33:09 ns2.geeks64.de bash[2083]: /etc/named.conf.local:6: missing ';' before '"'

my named.conf.local:
Code: 
key "plesk-key" {
   algorithm hmac-md5;
   secret "mysecretkey";
};
controls {
    inet * port 953 allow { 12.12.12.12; 127.0.0.1; } keys {"rndc-key", "plesk-key"; };
};
 
And thats something i did not getting solved alone...

So i setup now 2 bind9 servers as from guide above and added them into Slave DNS Manager, but thats reporting:
Code: 
rndc: connect failed: 159.69.14.206#953

Thats something i need your help with guys :)
 
So i just was debugging a bit... maybe someone can help to dig deeper.

  • When i do a telnet from my plesk server to nameserver on port 953 i get a "no route to host".
  • If i check with ss -ltn the open ports on ns1 and ns2 their is 953 listed on 0.0.0.0
  • a ping from the plesk server to nameserver works
  • i checked iptables but everything is open
  • the hardware firewall from hetzner did not block outgoing traffic, income is also not blocked
  • when i do a nmap -sS -p 953 plesk.server.ip.addr its responding "953/tcp filtered rndc"
  • im audit.log des ns1 und ns2 ist nichts was auf die ip des plesk servers oder lport=953 passt
  • if i do "tcpdump -i ens3 tcp port 953" to ns1 and a telnet from plesk server on port 953 this is the sequence
    • "IP p1.domain.tld.39478 > ns1.domain.tld.rndc: Flags , seq 566242001, win 64240, options [mss 1460,sackOK,TS val 2597433348 ecr 0,nop,wscale 7], length 0"

i'm starting to struggle...
 
You must log in or register to reply here.

Similar threads

S
Issue DNS multiple entries for 0.0.127.in-addr.arpa
Replies
5
Views
406
scsa20
scsa20
C
Issue Slave DNS Manager
Replies
1
Views
476
AYamshanov
AYamshanov
webdig
Question Multiple servers in same nameserver
Replies
4
Views
997
Tobias Sorensson
T
N
Question Two Plesk Obsidian Linux Servers Master and Slave DNS
Replies
2
Views
775
Geisti
G
H.W.B
Issue DNSSEC with Ubuntu Problems
Replies
6
Views
3K
Kaspar@Plesk
Kaspar@Plesk
Back
Top