Question Multiple servers in same nameserver

[webdig]

Server operating system version

AlmaLinux 8.9 (Midnight Oncilla)

Plesk version and microupdate number

Version 18.0.58 Update #2

I have a question about the configuration of the Slave DNS Manager, I've searched a lot of information and I'm "lost" so to speak.

I have 3 plesk servers and 4 slaves, to which I want to connect these servers:

Server 001 - ns1, ns2, ns3, ns4
Server 002 - ns1, ns2, ns3, ns4
Server 003 - ns1, ns2, ns3, ns4

On the slaves I installed Bind as indicated in the various tutorials and they work fine with just one server, and the indicators in the Slave DNS Manager are always green.

If I try to add another server to the same bind, in /etc/bind/named.conf.options , I get errors in the Slave DNS Manager and if I try to synchronise the server with the slaves, it takes forever.

This is an example of the named.conf.options of ns1 with two servers, taking into account the IPs of the two servers - server 001: 11.22.3.44 and server 002: 11.22.3.45:

version "anonymous";

dnssec-validation auto;

listen-on-v6 { any; };

allow-new-zones yes;
};

// server 001

key "rndc-key-11.22.3.44" {
  algorithm hmac-md5;
  secret "ZmViMzdjMmE2MTkyMzM3Njc4Y2EyYQ==";
};

controls {
    inet * port 953 allow { 11.22.3.44; 127.0.0.1; } keys { "rndc-key-11.22.3.44"; };
};

// server 002

key "rndc-key-11.22.3.45" {
  algorithm hmac-md5;
  secret "ZmViMzdjMmE2MTkyMzM3Njc4Y2EyYQ==";
};

controls {
    inet * port 953 allow { 11.22.3.45; 127.0.0.1; } keys { "rndc-key-11.22.3.45"; };
};

What could be wrong here?
Or is this not how the system works?

 

[Kaspar]

I have no experience with a multi server setup as yours, so I am not sure if what you are planning actually works well. I can imagine that issues can arise, for example when (accidentally) adding the same domain on two servers. Any way, the configuration your are using is indeed wrong. The controls directives should be merged, containing all servers and keys. Like so:

controls {
    inet * port 953 allow { 11.22.3.44; 11.22.3.45; 127.0.0.1; } keys { "rndc-key-11.22.3.44";  "rndc-key-11.22.3.45"; };
};

 

[Peter Debik]

I understand the setup that one primary shall be mirror to two or more secondaries. That would not be possible with the extension.

 

[webdig]

I have no experience with a multi server setup as yours, so I am not sure if what you are planning actually works well. I can imagine that issues can arise, for example when (accidentally) adding the same domain on two servers. Any way, the configuration your are using is indeed wrong. The controls directives should be merged, containing all servers and keys. Like so:

controls {
    inet * port 953 allow { 11.22.3.44; 11.22.3.45; 127.0.0.1; } keys { "rndc-key-11.22.3.44";  "rndc-key-11.22.3.45"; };
};

Thanks for the tip, I've tried it and it no longer gives an error in the Slave DNS Manager markers, as they remain green, but in reality it's still slow and the sites are synchronised.

I understand the setup that one primary shall be mirror to two or more secondaries. That would not be possible with the extension.

It's a shame the extension doesn't do this, it would be a very important feature for Plesk and an added value.
I have to go to Plesk UserVoice to research this subject and give my suggestion

Best Regards

 

[Tobias Sorensson]

Hello

we have a setup kind of like this.

server1 - ns1 ns2 ns3
server2 - ns1 ns2 ns3

lets say we have domA.com if domA.com is provisioned on server1 but we want to move it to server2 we need to log into ns1 ns2 ns3 and do rndc delzone domA.com and then rndc reconfig to reload the dns settings.

the issue is that the ns1 ns2 and ns3 expects the master of the domain to be server1 and if it gets zone updates for domA.com from server2 it will be ignored.

so how do we solve this issue?
well first we need someway to keep server1 and server2 dns settings in sync and then we need to have slave dns manager put both server1 and server2's ip as master so that when one of the servers adds a dns record then the slave dns manager sends it to ns1 ns2 ns3 and they accepts the changes.

if we dont keep server1 and server2 dns in sync then they will publish incorrect dns settings.

so here is my workflow

domA.com needs to move to server2 from server1. i sync domA.com with plesk migrator after that i log into ns1 ns2 ns3 and run the above command to flush the dns records during this time the dns will not work. after that is done i finish the migration and do a reload on all dns zone from slave dns manager so that the new records gets published to ns1 ns2 ns3. it works but would be made alot easyer but it will be more complex.