DNS Cluster schema

I have this setup:

NS1 - server A (dedicated DNS master)
NS2 - server B (dedicated DNS slave)
Web server - server C (shared web hosting server with HestiaCP)

Now, magic is with DNS setup… NS1 and NS2 is in cluster mode master → slave. These are completely separate servers serving only DNS (with hestiaCP).

How to add server C to that damn cluster? I want that domain and DNS added in server C would sync to NS1 and NS2.

Master ↔ Master → Slave ? But in this case DNSSEC would be broken.

For Web server:

NS1 and NS2 Both as slaves…

And what about when I want to add more web servers? web2, web3 etc. How DNSSEC support would be?

Then it would be the same…

For Web2: Master

NS1 and NS2 Both as slaves…

As long you set it up like thes it will DNSSEC will work fine

@eris Till today i honestly do not know the right way to setup dns clusters. My setup works but occasionally i have to rebuild the dns zones and resync because it gets corrupted. For some reason the DNS cluster will mislabel the path for example

After a few days it will randomly update to

And every few days i will have to fix this by rebuilding the effected domain dns zone and resync.

Can you provide more examples in the documentation on how DNS cluster is meant to work when you have more than 2 servers in the chain? From the example OP saying you are implying that he can run DNSSEC but when i asked you previously you said its not possible to run DNSSEC with my setup.

We have multiple methods how you can setup DNS SEC

Make sure to use the new: Master → Slave set up and DNS SEC should be supported if you use Debian 12 or 11 or Ubuntu 22.04

Also make sure the create unique users and give them “DNS SYNC USER” level in Hestia

DNSSEC unsupported for Deb 10?

NS1 ( Master/Slave ) + Web server
NS2 ( Master/Slave ) + Web server
Server 3 ( NS1/NS2 ) + Web server
Server 4 ( NS1/NS2 ) + Web server

In this setup will DNSSEC be supported? 4 Servers in total and only two name servers being NS1 and NS2. However NS1 and NS2 also host domains.

Debian 10 Doesn’t support DNSSEC:

Implementing would require an update to Bind

NS1 Master for “Websites” hosted on NS1 + Slave for the rest (Create Unique users for each)
NS2 Master for " Websites Hosted on NS2 + Slave for the rest

Server3: Master for Server3 websites
Server4: Master for Server4 websites

NS1 Syncs to NS2
NS2 Syncs to NS1
Server3 Syncs to NS1 and NS2
Server4 Syncs to NS1 and NS2

This is exactly my setup. So with what you said above, will that setup support dnssec?

And each cluster the name is servername-dns so there is no duplicates like previously “dns-user”.

But i still occasionally get this problem ;

After a few days it will randomly update to

In bind it would change the path for some reason ( after a few days )

Set the user to the “DNS Sync user” role it will prevent unwanted syncing

I select “update-dns-records” role also.

Every DNS-User is already set to DNS Sync User, So i still don’t know what causes it :\

Strange then it should not sync …

Is it normal to have line break/space in “named.conf” ?

zone xx
zone xx

zone xx

@eris Wrong DNS-USER being assigned on (both) slave

Im guessing this issue happens during the v-update-sys-que cronjob

Same domain original dns-user is ox-dns but somehow it suddenly switch to fox-dns when this happens it causes the domain to not work until i run v-sync-dns-cluster

It happens very often hopefully can find a fix…