How to setup DNS cluster on CWP 3 – Add additional Nameservers
Where there is the need to additional nameservers to an existing cluster, the following needs to be met:
If the above are met, then proceed to the following steps to configure an additional nameserver
step 1: create the file /root/dns_sync_slave2.conf and add the following content
USERNAME="slave" SERVER="192.168.78.129" SSHPORT="22" SOURCESYNCLOCATION="/var/named/slave" CHECKMAINDNS="centos-webpanel.com" LOCALSYNCLOCATION="/var/named/slave" LOCALCONFFILE="/etc/named/slave_additional.conf"
The keyword are explained below:
USERNAME = the user created on the DNS manager
SERVER = IP of DNS Manager.
SSHPORT = SSH-Port of Slave DNS Server & Manager.
SOURCESYNCLOCATION = Location of DNS zone files on Slave DNS Server & Manager.
CHECKMAINDNS = This is a domain used for testing Slave DNS Server & Manager, it can be any domain and doesn’t need to be on the server.
LOCALSYNCLOCATION = Location for DNS zone files on this local server.
LOCALCONFFILE = Configuration files which contains the list of all zone files on this local server.
step 2: Setup cron how often you want to check for changes
crontab -e
add the following:
* * * * * sh /scripts/dns_sync_slave2
Note: On servers with many clients and domains 100+ we recommend 5min cron. For servers with 1000+ you can go even with every 1-2 minutes.
step 3: In file /etc/named.conf after options{} where other include lines are specifed add:
include "/etc/named/slave_additional.conf";
step 4: Prepare config files
touch /etc/named/slave_additional.conf chown named.named /etc/named/slave_additional.conf
step 5: Generate a public key and copy to the DNS manager
CWP.Admin –> Server settings –> SSH Key Generator
Copy the key specified under the heading You Public Key from: /root/.ssh/id_rsa.pub
step 6: Now go to DNS manager and do the following:
mkdir /home/slave/.ssh chown -R slave.slave /home/slave/.ssh chmod 600 /home/slave/.ssh/authorized_keys chmod 700 /home/slave/.ssh/
paste the public key you have copied on the additional nameserver into the file below
nano /home/slave/.ssh/authorized_keys
Note: Other nameservers you add to the DNS manager, you copy the public key to this file only
step 7: On DNS manager, enable shell for the slave user
By default, acount created on CWP has bash shell disabled. for the addditional nameserver to be able to sync the zone files from the DNS manager, the bash shell for the slave user needs to be enabled.
chsh -s /bin/bash slave
step 8: Testing passwordless login
You can now test ssh connection from the additional nameserver to DNS Server
ssh slave@SERVER-IP -p SSH-PORT
If your connection goes ok without asking for the password then the additional server is ok and ready to receive zone files.
References
CWP wiki