Remove domains from dns-cluster

jlguerrero · February 14, 2021, 4:06pm

I have two servers.

s1: DNS and emails
s2: dedicated server for client’s website client.com + DNS slave

When I tried to create the website client.com in s2, I couldn’t because the domain belonged to the user dns-cluster (as expected)

So what I did is impersonate user dns-cluster in s2 and deleted the domain client.com and then create the web domain for the client.

Will there be unforeseen consequences?

Will dns in s1 work properly?
Will dns cluster in s2 work properly?

Felix · February 15, 2021, 9:29pm

Most probably s1 will produce errors when DNS is trying to sync to s2. The good scenario would be the DNS in s1 to sync all domains, except that client.com one. The bad scenario would be the DNS in s1 to fail to update any domain.

Isn’t it possible to remove the master zone of client.com on s1? But then you won’t have any slave DNS for client.com domain, unless you make s1 DNS slave to s2.

jlguerrero · February 15, 2021, 9:53pm

Thank you @Felix for taking your time to answer.

What I did was to suspend client.com on s1 and have the DNS point to s2 with two different ns names.

The solution would be to make s2 slave of s1 and move all services to s2. That’s how hestia has been designed to operate.

I am going to make the system fail in a different server and I will let you know what happens. Maybe it is safe to just delete the domain. It could be helpful in cases where you want to have DNS + Email in one machine and Web in a different one

Felix · February 16, 2021, 7:18am

For slave DNS I’m using this approach: I have two separate small VPS, that are only acting as Slave DNS and nothing else. All other Hestia Servers (actual web/mail servers) point to those two Slave DNS servers. The SOA record is on the server that is hosting the site or email. When I need to set authoritative Name Servers on the registrar I set:

Web/Email Server name/IP
Slave DNS1 name/IP
Slave NDS2 name/IP

I tried setting only SlaveDNS1 and SlaveDNS2 to the registrar (so I wouldn’t need to make changes to the registrars when moving domains between different hosting servers), but that wasn’t the perfect solution, because the SOA record was on the Web/Email server and that lead to complains from DNS checkers like https://intodns.com/

The approach of having SlaveDNS act as primary (and only NS servers) and the web/mail server be in Slave DNS mode, would not work out at all in the case of wildcard LE Certificate and automatic creation of records like DKIM, etc. So I guess the primary NS needs to be on the hosting server, to avoid future trouble.

jlguerrero · February 16, 2021, 1:14pm

@eris is there a way to propagate the soa record through dns cluster?

jlguerrero · February 17, 2021, 12:37am

I agree this would be the perfect solution but to be able to do that we would need to propagate:

SOA records
DKIM records

Nowadays the wildcard LE certificate is useless to me.

Would it be worth a try to come up with a pull request?

Felix · February 17, 2021, 8:57am

Working towards the idea of having two Authoritative Name Servers, none of which would be the actual hosting server, I noticed this (mind the highlighted line):

github.com

hestiacp/hestiacp/blob/e1a66e207f5a43b8f8b85916f808d899d1c206be/bin/v-add-dns-domain#L10


#!/bin/bash
# info: add dns domain
# options: USER DOMAIN IP [NS1] [NS2] [NS3] [NS4] [NS5] [NS6] [NS7] [NS8] [RESTART]
# labels: dns
#
# example: v-add-dns-domain admin example.com ns1.example.com ns2.example.com '' '' '' '' '' '' yes
#
# The function adds DNS zone with records defined in the template. If the exp
# argument isn't stated, the expiration date value will be set to next year.
# The soa argument is responsible for the relevant record. By default the first
# user's NS server is used. TTL is set as common for the zone and for all of
# its records with a default value of 14400 seconds.
#----------------------------------------------------------#
#                    Variable&Function                     #
#----------------------------------------------------------#
# Argument definition
user=$1

So I guess that we could accomplish that like this:

setup a Hestia server (lets call it WEB Server)
create DNS Cluster with two Slaves (lets call them DNS Servers)
go back to the Web Server and assign as Default Name Servers the hostnames of the DNS Servers

In theory, every new SOA record created that way, would contain the hostname of the first DNS Server. I haven’t tried it though, but I may do it sometime.

system · March 19, 2021, 8:57am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.