Hestia and DNS management?


I’ve been trying to find out how it works with DNS. I understand that by default named is installed and all DNS records are saved local on the server.
This means i could set 2 NS records towards the server to act as “nameserver”…

Although, that way if the server is down the DNS resolving is down too…
I’d like to know if and how it is possible to setup the following.

Use HestiaCP as complete control panel including DNS management.
Save the DNS records on the server and forward the changes to 2 servers that act as nameservers?
or just edit DNS meaning all changes are send to the nameservers where the DNS is setup.

Is this any how possible? that way I could seperate wich server handles what.

For now I could work with the server as temporary DNS server, I would setup 2 A records as NS…
example: Ns1.example.nl ns2.example.nl both with A record of the server where hestia runs on.

Other solution for now would be customers to use external DNS services and only my server for E-mail, Websites & databases.

But of course they would like the “complete” basic package with me instead half/half…

I’m looking forward to all thoughts and maybe idea’s how I could do it better.
(I’m myself an IT linux engineer, just this part ain’t my home and hestia is new for me!)

1 Like

Best way is to provide at least 2, better 3 dns server. You can sync multiple webserver to the dns cluster using the master master sync: http://vestacp.com/docs/#how-to-setup-dns-cluser

Sorry for pointing to the vesta docs, as already written in our own forum, we’re currently working on our own.

1 Like

Nice to have that option.

Oke, to make it clear. Can i use a 2nd server that doesn’t use Hestia to serve as DNS server?
Cause my idea is to not have the webserver/Hestia save the DNS. But just push it to a external server that is 100% serving DNS only like a normal name server should do.

I see it’s possible to have 2-3 hestiacp servers that use bind and set them as master-master.
although is that smart? sin’t it smarter to have a external server at an other host serve as DNS server?

I’d like to know!
Thanks alot.

1 Like

Master NS managed by Hestia:

You would configure HestiaCP on the two external DNS servers with minimal software stack like nginx+bind9 only, without apache, exim, mysql, so nothing besides DNS would get serverd by them.

Then configure firewall to limit access to port 8083 and allow only the servers that are serving customer websites.

hst-install.sh --nginx yes --named yes --apache no --vsftpd no --mysql no --dovecot no --clamav no --spamassassin no --fail2ban no ...


Standalone master NS

If you don’t want to install Hestia on your dns servers, you can use the zone-transfer ( AXFR) mechanisms, the only downside would be initial zone creation (and security key setup), after that every change would be announced automatically to all NS records in the DNS zone.

For this to work you would have to configure notify yes; allow-transfer {...}; and in named.conf running on the Hestia server.

On the standalone DNS servers you will create slave zones with HestiaDns ip as masterip using rndc or editing the zone statements

rndc addzone example.com '{ type slave; masters { web05_hestia_ip; }; };'

This isn’t a complete guide but is enough to get you started if you like this setup more.


the only downside would be initial zone creation (and security key setup)

That would need to be done manually then?
Then the whole “automatic” isn’t even working.
So it’s better to just install hestia only for DNS on the DNS servers? Cause hestia runs its own “nginx” that is able to run on an already in use DNS server? else i’ll go for a fresh new server :slight_smile:

PS i love the quick support :wink: and im eager to follow / grow with hestia it’s growth!

This should be the best solution then.
To reduce costs i could use the current webserver/NS server but use a 2nd “primary” NS to serve DNS right? And later add a 3rd seperate server to do DNS so i could remove the 1st webserver/dns server from the main nameserver group :-)?

Amazing stuff if im right haha

As i’ve previously said, this isn’t a complete guide, automatic zone creation on standalone slave DNS servers is definitely possible and can be done in multiple ways but some additional planning is required (authorization, validation, trusted data sources and so on).
-one option would be DNS Catalog Zones: https://bind9.readthedocs.io/en/latest/advanced.html#catalog-zones
-another one: create a simple restfull api script that gets notified on every zone creation in Hestia and propagates to evey slave dns after validating

“Master NS managed by Hestia” is definitely the best solution if you are not familiar with DNS configs and need to have something up and running as fast as possible.

“Master NS managed by Hestia” is definitely the best solution if you are not familiar with DNS configs and need to have something up and running as fast as possible.

Then this is the perfect solution, i’m myself an IT engineer but not into DNS servers :slight_smile: more into nginx stuff… haproxy etc…
Thanks for the information i would then just setup a temporary hestia 2nd server for to handle all DNS stuff, and figure it out more and more.
Eventually it could be a nice guide after all?

Thanks Lupu!

About the guide: Checkout our github doc project, you can expand it with your dns guide with a pull request: https://github.com/hestiacp/hestiacp-docs


One way I’ve set this up is with 2 slave PowerDNS servers and the handy feature/mode of Supermaster. Only downside for now is that I need to manually remove zones from the PowerDNS servers, when the original zone in Hestia is removed.

Hi All,

Sorry to revive this topic again…
I’ve been thinking.

If i use the HestiaCP server where all domains are running on as the MASTER DNS server, can I make 2 small servers the nameservers providing DNS and set them up as slave DNS servers?
That way if in the future I add a new MASTER server it could give the records to the 2 slave servers?

Is this possible and if yes.
Can i do that through installing HestiaCP only with Bind or is Nginx needed on it?
The current server i’m planning to use as slave DNS already has nginx running on it including nextcloud for local stuff…

Thanks in advance.

Hi @Machiel92

I think you will find the answers for your questions in the post above.

Hi @ScIT,

Anyway I will go and test…
But it came in my mind IPv6 isn’t yet in Hestia right? So if I use HestiaCP DNS management I don’t got IPv6 or I should add them myself?
If I could setup Hestia that it includes the same records default for IPv6 too then it’s worth the trouble. Else I need to wait and not provide DNS for my customers yet.

That’s a good plan, you’ve got all informations, we can’t setup the system or make a concept for you :smiley:.

The DNS Stack already supports AAAA (IPv6) entries, that will not be a problem. Only the mail and webstack doesn’t support IPv6 yet.

1 Like


Well that’s not a big problem, I can for now untill its included in the webstack just add the IPv6 to the template to let domains work on IPv6.

Thanks for the information.
I’m gonna test and see if its worth it to setup a master(hestiaCP) and a 2nd server as slave(HestiaCP too!)
it was just that I’m uncertain about setting it up :stuck_out_tongue: as the server thats gonna be slave already has nginx running :confused:
Anyway thanks!

Good grief, fellas, this is convoluted to setup!
Debian 10, of course…
Have got my Master setup (I think). The Vesta docs mention

  1. Add domain yourdomain.com (leave DNS Support mark checked)

Can’t see that DNS Support option. :-s
I’ve added the allow-transfer and also-notify directives to /etc/bind/named.conf.options
I’ve made sure that CSF has TCP port 8083 open in both directions.

sudo /scripts/v-add-remote-dns-host mcw.my_ns2_host.com 8083 admin admin-password
Error: dns-cluster doesn’t exist

In VestaCP admin, Configure, DNS Server, there’s a greyed out DNS Cluster = No. Greyed out suggests readonly and the dropdown is disabled. :-s What the heck is that for?
As I would expect to do, there are no DNS records on the Slave - they should appear once transferred.
There’s gotta be a step (or two) missing?

Thanks in advance.

how did you configured both servers, step by step?

1 Like

Pre-existing VPS, now with new hostnames. Nothing fancy and with bind installed during the installation. CSF installed, as that is normal on my servers. :wink:
Ssh secured with changed port and key authentication.
HestiaCP at the latest release, with automated updates.
As per previous recommendation, I’ve been following:
http://vestacp.com/docs/#how-to-setup-dns-cluser from

How to set up own Name Servers (vanity/private/child nameservers)

I note that the instructions are unclear and it seems weird to assign ns-child to the Master (ns1). That seem more appropriate for a Slave, in my eyes.
I have setup a primary domain (TLD) on the Master, that is tied to the server IP and is the same as that of NS1.
I continued on to the section below, where I got the error posted previously…

How to set up master-slave DNS cluster

Note: DNS clustering is not new to me and I run three private nameservers with WHM/cPanel. Additionally, I have independent Slave DNS from a couple of 3rd party providers.
Note2: leafDNS reports my TLD as working correctly for the authoritative NS1, though of course, NS2 is not replicating and leafDNS throws errors for that.

Have you created the user ‘dns-cluster’ on the slave?