Remove domains from dns-cluster

I have two servers.

  • s1: DNS and emails
  • s2: dedicated server for client’s website + DNS slave

When I tried to create the website in s2, I couldn’t because the domain belonged to the user dns-cluster (as expected)

So what I did is impersonate user dns-cluster in s2 and deleted the domain and then create the web domain for the client.

Will there be unforeseen consequences?

Will dns in s1 work properly?
Will dns cluster in s2 work properly?

Most probably s1 will produce errors when DNS is trying to sync to s2. The good scenario would be the DNS in s1 to sync all domains, except that one. The bad scenario would be the DNS in s1 to fail to update any domain.

Isn’t it possible to remove the master zone of on s1? But then you won’t have any slave DNS for domain, unless you make s1 DNS slave to s2.

Thank you @Felix for taking your time to answer.

What I did was to suspend on s1 and have the DNS point to s2 with two different ns names.

The solution would be to make s2 slave of s1 and move all services to s2. That’s how hestia has been designed to operate.

I am going to make the system fail in a different server and I will let you know what happens. Maybe it is safe to just delete the domain. It could be helpful in cases where you want to have DNS + Email in one machine and Web in a different one

For slave DNS I’m using this approach: I have two separate small VPS, that are only acting as Slave DNS and nothing else. All other Hestia Servers (actual web/mail servers) point to those two Slave DNS servers. The SOA record is on the server that is hosting the site or email. When I need to set authoritative Name Servers on the registrar I set:

  1. Web/Email Server name/IP
  2. Slave DNS1 name/IP
  3. Slave NDS2 name/IP

I tried setting only SlaveDNS1 and SlaveDNS2 to the registrar (so I wouldn’t need to make changes to the registrars when moving domains between different hosting servers), but that wasn’t the perfect solution, because the SOA record was on the Web/Email server and that lead to complains from DNS checkers like

The approach of having SlaveDNS act as primary (and only NS servers) and the web/mail server be in Slave DNS mode, would not work out at all in the case of wildcard LE Certificate and automatic creation of records like DKIM, etc. So I guess the primary NS needs to be on the hosting server, to avoid future trouble.

@eris is there a way to propagate the soa record through dns cluster?

I agree this would be the perfect solution but to be able to do that we would need to propagate:

  • SOA records
  • DKIM records

Nowadays the wildcard LE certificate is useless to me.

Would it be worth a try to come up with a pull request?

Working towards the idea of having two Authoritative Name Servers, none of which would be the actual hosting server, I noticed this (mind the highlighted line):

So I guess that we could accomplish that like this:

  • setup a Hestia server (lets call it WEB Server)
  • create DNS Cluster with two Slaves (lets call them DNS Servers)
  • go back to the Web Server and assign as Default Name Servers the hostnames of the DNS Servers

In theory, every new SOA record created that way, would contain the hostname of the first DNS Server. I haven’t tried it though, but I may do it sometime.