DNS Cluster and DNSSEC Questions

eris · July 26, 2023, 9:33am

You need to make some changes in bind configuration:

a-square · July 26, 2023, 9:39am

Yes, bind and sync is working without dnssec. and thats the problem with this FAQ.

on Master i dont have changed hestia.conf setting DNS_CLUSTER_SYSTEM
on slave i have changed ist to hestia-zone

so the sync is working.

BUT:

i can not activate DNSSEC on master only on slave. so should i change this setting on both? Master ans Slave?

and if i do so, i can not sync to salve anymore.

eris · July 26, 2023, 9:41am

You should activate it on the master.

How ever you need to make the changes:

Mainly:

In /usr/local/hestia/conf/hestia.conf, change DNS_CLUSTER_SYSTEM='hestia' to DNS_CLUSTER_SYSTEM='hestia-zone'.
On the master server, open /etc/bind/named.conf.options, do the following changes, then restart bind9 with systemctl restart bind9.

bash

# Change this line
allow-transfer { "none"; };
# To this
allow-transfer { your.slave.ip.address; };
# Or this, if adding multiple slaves
allow-transfer { first.slave.ip.address; second.slave.ip.address; };
# Add this line, if adding multiple slaves
also-notify { second.slave.ip.address; };

On the slave server, open /etc/bind/named.conf.options, do the following changes, then restart bind9 with systemctl restart bind9:

bash

# Change this line
allow-recursion { 127.0.0.1; ::1; };
# To this
allow-recursion { 127.0.0.1; ::1; your.master.ip.address; };
# Add this line
allow-notify{ your.master.ip.address; };

Also make sure you OS is Ubuntu 22.04 or Debian 11 or higher

a-square · July 26, 2023, 10:11am

Yes,

should i do this on master, slave or both?

In /usr/local/hestia/conf/hestia.conf, change DNS_CLUSTER_SYSTEM='hestia' to DNS_CLUSTER_SYSTEM='hestia-zone'.

eris · July 26, 2023, 10:23am

Only master is enough

a-square · July 26, 2023, 10:39am

okay, so on master i change it to hestia-zone and on slave it is hestia.

if i change it all zones on slave are empty. i have removed cluster and reenabled it and it ist also empty on slave

a-square · July 26, 2023, 10:44am

eris · July 26, 2023, 11:23am

That is correct

If you run:

rndc notify domain.com on the master

It will sync up with the slave

Just create a new DNS record and verify if it is working via

nslookup domain.com ns2.server.com

a-square · July 26, 2023, 12:03pm

okay. ist seems to work, but in webinterface i see no records on slave. is this correct?

on master i have 34 Records

eris · July 26, 2023, 12:07pm

That is correct we don’t store the records in hestia config any more

a-square · July 26, 2023, 12:12pm

oh. than it is all fine