29Ekim Açık Kaynak açılış Akademik Bilişim 2012 Akademik Bilişim 2012 Uşak akgül all Alt+Ctrl+Delete altlinux Anatolya installer apache apache2 arm AtlantiS autoindex backup bağlantı ban banana bash bash script belediye betik bind9 boot bootloader bootparametre böl burg cache canlicdrom cdrom centos CHKUSER chrome clone clonezilla CloneZilla ile Remote Disk Clone işlemi cron crontab çöp dd denizaltı denizaltı kablo Desteği destek Dil Disk disk eklemek disket dizin şifreleme django djb dkim dns DNS sistemi docker Domain download drbl dvd e-posta eğitim eklenti EniXma eposta eQmail esxi ev ev almak fail2ban fake fakemail feed feedbro ffmpeg find Firefox format fortran free FreeBSD freenas ftp full backup Gazze Genel Gentoo Getgnu.org gezegen git github gitweb Gmail gnupg Gökşin Akdeniz görev Görsel gpg grub grub2 günlük Güvenlik Hacker harddisk hizmet hosting id_rsa imap index indimail indir internet ipv4 ipv6 iso israil İşletim Sistemi kablo KAMP kernel kernellogo kesin çözüm key klonlamak komut konsol koruma lampp. httpd lilo link linux liste listeci listmanager live livecd LKD loader login logo LVM mail mail hosting Mail-in-a-Box mailcow mailman mailserver mandriva-tr.org matrax Mint mirror mlmmj modül MTA multisite mustafa akgül Mustafa Akgül Özgür Yazılım Yaz Kampı. Abant İzzet Baysal Üniversitesi Müteahhit mx MySQL netinternet Netqmail network nfs nginx ngrok not.py online radyo opendkim openssl önyükleme özgür yazılım panel pano pardus parola paste patch paylaşım pdf perl pfsense pfsense full backup phpmyadmin pi plan Planet planetplanet plesk pop3 poste.io postfix postfixadmin proje proxy putty python qmail qmailtoaster randmap Ras webserver Raspberry pi Raspberry Pi raspi rawdisk recovery remote repository resim resimler robots.txt 401 rss rsync rsyncd rsyncd etiketi s/qmail Saldırı Samba screen script sendonly smtp server senronizasyon server servis shell sistem Slackarm slackware Slackware slackware-live slackware.org.tr slackware arşiv httrack truva linux hatıralar slacky.eu SMF SMF türkçe karakter problemi smtp sosyal ağ spam spf sql backup sqlite sqlite3 sqlite3 to wordpress ssh ssh_key ssh-key SSL ssl sertifika subversion sudo sunucu svn swap swapfile syslinux system system images şifreleme takasfile Tatil Tavuk Teneke Kebabı Tenekede Tavuk theme thunderbird TightVNC tmux Tokat Kebabı tokat kebabı sobası etiketi Trash Trash-cli Truva Linux truvalinux Turkcell tuxweet Türkçe türkiye ubuntu unban UNIX uzak varnish veri Virtualbox vmware Vodafone vps Vsftp vsftpd Wampp web web robot Web server web Sunucu webp webserver webserver Akıllı Tahta wget whitelist WINN Windows wordpress Wordpress wordpress multisite www xampp Xnest yansı yansılama yansılamak yapıştır yazmak Yedekleme Yemek zulüm

VestaCP Slave DNS Name Server using Bind on Raspberry Pi

Setting up a slave name server on the Raspberry Pi




I use VestaCP to host my main websites, so I needed to set up a second nameserver on a different IP. I am using my Raspberry Pi as a secondary nameserver and this will document how to set this up. Commands done on the Raspberry Pi are in red and those done on the main web server are in blue.

First, install Bind9 on the Raspberry Pi:
sudo apt-get install bind9 bind9utils dnsutils

Take a look at the bind config on the VestaCP server:
sudo nano /etc/bind/named.conf

This is what the default looks like for VestaCP. You can see any zones you have set up at the bottom as a master, using yourdomain.com as an example:
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

zone "yourdomain.com" {type master; file "/home/admin/conf/dns/yourdomain.com.db";};

Now, we need to change the options to allow transfer of zone information to our Raspberry Pi whenever a change is made. Open the options file on the VestaCP webserver:
sudo nano /etc/bind/named.conf.options

An example IP of 1.2.3.4 is shown, but you must youse the external static IP of your Raspberry Pi. Add these two lines:
allow-transfer { 1.2.3.4; };
notify yes;

So it looks like this below:
options {
directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

// forwarders {
// 0.0.0.0;
// };

//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;

auth-nxdomain no; # conform to RFC1035
//listen-v6 { any; };

allow-transfer { 1.2.3.4; };
notify yes;

};

Thats all we have to do on the VestaCP master server. Now on to the Raspberry Pi slave DNS server. We need to add the zones to the local config on the slave, so it knows what and where to go. Open the local config file on the Raspberry Pi:
sudo nano /etc/bind/named.conf.local

Add the zone at the bottom of the file as shown below. Change 4.3.2.1 to your VestaCP master IP address and yourdomain.com to, um, your domain. If you are hosting more than one domain, just add more zones:
//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "yourdomain.com" {
type slave;
masters { 4.3.2.1; };
file "/var/lib/bind/yourdomain.com.db";
};

It's good practice to add an allow-notify for your slaves public IP to prevent "refused notify from non-master" errors as it likes to be able to talk to itself! We can add this in the options file:
sudo nano /etc/bind/named.conf.options

Now add this line before the end of the options section, changing the IP to suit
allow-notify {1.2.3.4;};

Almost done. Make sure port 53 is open on both machines for TCP and UDP. Now restart bind on the Raspberry Pi:
sudo service bind9 restart

And then on the VestaCP machine:
sudo service bind9 restart

Thats all folks! Now, whenever you make a change to any DNS settings in VestaCP, it should pass them over to your slave DNS. Note: If you add a new domain, you will have to manually add the new corresponding zone on your slave. You can check to see if its working by looking at the zone file on the Raspberry Pi:
nano /var/lib/bind/yourdomain.com.db

Don't forget to add the nameservers as hosts at your domain registrar. You can check to see if everything is behaving itself by entering your domain name at dnscheck.pingdom.com

I hope that helps you getting a second DNS working!

John.

Kaynak Site: http://j0hn.uk/vestacp-dns-slave/
Labels: , , ,

Yorum Gönder

[blogger][facebook][disqus][spotim]

Author Name

İletişim Formu

Ad

E-posta *

Mesaj *

Blogger tarafından desteklenmektedir.