Posted 2008-12-30 22:18 by Joe
DNS Slave Auto-Configuration Quickstart
A quick guide to assist administrators who want to use Virtualmin's automatic DNS slave configuration features. This allows for DNS server redundancy.
Virtualmin can automatically manage any number of DNS slave servers for you. Once configured, it will create slave zones on other servers and configure them to automatically update when changes are made on your Virtualmin server. For this to work, you need Virtualmin on your primary server and Webmin (a free download) on your slave server(s). Henceforth, all references will refer to the primary server as the "Virtualmin server" and the DNS slave server as the "slave server".
Getting Webmin for the Slave
If you don't have Virtualmin installed on your slave server(s), you'll need to install Webmin. Webmin is available for nearly every UNIX and Linux variant available, and is free to download and use.
You can download Webmin from webmin.com. It is available in .rpm, .deb, Solaris .pkg, .zip, and .tar.gz formats. Be sure to choose the appropriate package type for your slave server. Some Linux versions provide a package of Webmin via their package management system.
Install Webmin according to the instructions for your OS, found on the Downloading and Installing page at Webmin.com.
Login and confirm that the Webmin installation is working correctly and a firewall is not blocking access.
A supported version of BIND is also required on your slave server. Installation of BIND is beyond the scope of this document, as it is different on every operating system. But, on most systems it is very easy, and requires only one or two commands.
For example, installing BIND on CentOS, RHEL, and Fedora systems can be done with the following command:
yum install bind bind-config
The bind-config package is optional, but saves a few steps of configuration that you'd need to do, otherwise.
On some systems, BIND will not have the necessary minimal configuration to start up immediately after installation. Webmin can usually perform the necessary initial steps for you, and it can usually detect if such steps are needed before starting and using BIND.
Browse to Servers:BIND DNS Server.
If BIND needs configuration, Webmin will offer to perform the configuration for you. It is probably most wise to choose the option that includes downloading the latest root zone file, rather than using the included root zone file (though either will work for our purposes, if you rely on the DNS server for regular DNS services there is a small possibility you'll run into stale data with the included zone file).
After Webmin has performed the initial configuration, you'll likely see a button labeled Start Name Server. Click it.
Don't forget to also enable starting BIND on boot, using the Bootup and Shutdown module. It's beyond the scope of this guide, but the Webmin documentation covers it in some detail in http://doxfer.com/Webmin/BootupAndShutdown|Bootup and Shutdown
Configuring the Virtualmin Server
Once you have the necessary software installed and running on the slave, login to Webmin on your Virtualmin system, and browse open the Webmin menu by clicking on the Webmin link in the upper right corner of the left-hand menu.
Before doing this, make sure that the slave system does not have a firewall blocking ports 10001-10010, as they are used by Webmin's RPC calls. The best way to check this and open them up is with the Linux Firewall module, on the slave system. Or you can use the BSD Firewall or IPFW Firewall modules for non-Linux systems.
Click on the Webmin Servers Index link in the Webmin dropdown menu.
Click Register a new server.
Enter the hostname of your slave server.
Select the type of OS running on the slave.
If you installed the Perl Net SSLeay module and Webmin is using SSL on the slave server, set the SSL server? option to
Yes. Otherwise leave it on
Select a Link type of
Login via Webmin with username ... password ..., and enter the authentication details for an admin level user (usually root).
Change Make fast RPC calls? to Yes.
There should now be an icon representing the server you created in the Webmin Servers page.
Enabling Cluster Slave Servers
Now that you've added the server, you can configure the local name server to automatically manage slave zones on the remote server.
Browse to Servers:BIND DNS Server and click on the Cluster Slave Servers icon.
In the Add server dropdown, select your slave server (if it's the only server you've added, you won't have to select it, as it will already be selected).
Set the Create secondary on slave when creating locally? option to
If you have already created any domains on your Virtualmin server, set the Create all existing master zones on slave? option to
If you want to use some name other than the name of the slave server for the NS record (for example, if you wanted it to be ns1.domain.tld, keeping with the convention of naming name servers nsN.domain.tld), you can enter it in the Name for NS record field. Note that you'll actually have to create an A record matching that name pointing to the slave server, if you haven't already created one.
Click Add server.
Setting the Master IP Address
By default, Virtualmin will use the IP address that the master server's hostname resolves to as the IP that the slaves should contact to transfer records. However, on some systems this IP is 127.0.0.1, which will not work.
To make sure the correct IP is used, do the following on the master system :
- Go to the BIND DNS Server module, and click on Module Config.
- In the Zone file options section, find the Default master server IP for remote slave zones field.
- Enter the externally visible internet IP address of your master system.
- Click Save. Any DNS zones created from now on will use that IP.
Now Virtualmin will automatically include your slave server in the NS records for each new domain.
NOTE: If, for some reason, you don't like the default name of the first NS record (taken from the hostname of your server), you can change it in the Server Template(s) that you use, in the BIND DNS domain section. The field is labeled Master DNS server hostname. Just like with the slave servers, this name must be valid and point to the correct IP address, otherwise name service will not work, or will be unreliable.