Plesk-WordPress-Host
| 10.0.0.1 Master|
-----------------------
\ \
\ \
-----\----NS1--------- --\------NS2---------
| 10.0.0.201 Slave| | 10.0.0.202 Slave|
------------------------ ------------------------
- Basically when wordpress is provisioned on the master server dns records are created as part of a template with
NS1.ourdns.com
NS2.ourdns.com
Plesk001.ourdns.com
- On the master server plesk automatically generated zone files and records and the named.conf file.
-the dns slave manager sends transfers to slave servers and on the slave server logs we get "transfer failed due to NXDOMAIN.
- We ensured ports 53 and 953 are open using telnet TCP and UDP
- We disabled SElinux feature to block transfers and in the end ended up completely shutting it down and disabling on master and slave servers.
Master Server named.conf
Code: Select all
options {
listen-on port 53 { any; };
allow-recursion { localnets; };
directory "/var";
pid-file "/var/run/named/named.pid";
auth-nxdomain yes;
allow-query { any; };
};
key "rndc-key" {
algorithm hmac-md5;
secret "BeMvB2390oWE20kKv9x50M==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
zone "clientwebsite.com" {
type master;
file "clientwebsite.com";
allow-transfer {
10.0.0.1;
10.0.0.200;
10.0.0.201;
common-allow-transfer;
};
};
acl common-allow-transfer {
10.0.0.201;
10.0.0.202;
};
Code: Select all
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-recursion { localnets; };
allow-new-zones yes;
recursion no;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
controls {
inet * port 953 allow { 10.0.0.1; localnets; localhost; } keys { "rndc-key"; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/rndc.key";
On our Registrar, we registered 2 DNS server hosts
---------NS1--------- ---------NS2---------
| 10.0.0.201 Slave| | 10.0.0.202 Slave|
------------------------ ----------------------
| 55.130.130.201 | | 55.130.130.202 |
-----------------------------------------------
| NS1.ourdns.com | | NS1.ourdns.com|
-----------------------------------------------
On the client's registrar we set his name servers pointing to our slaves
NS1.ourdns.com
NS2.ourdns.com
This way when records are created on the master server, they will be forwarded to the 2x slave servers that are authoritative for the domain and manage dns for the domain because they are set in the registrar of domain example.com.
Troubleshooting and diagnostics:
On the slave server:
Code: Select all
sudo -s
rndc querylog
tail -F /var/log/messages
We create domain name example.com
On the registrar dns settings for example.com:
NS1.ourdns.com
NS2.ourdns.com
On the slave server:
these two files were created automatically
Code: Select all
-rwxrwxrwx. 1 root named 259 Mar 16 22:38 3bf305731dd26307.nzf
-rwxrwxrwx. 1 root named 0 Mar 15 22:00 db-DMbIKztb
Code: Select all
zone "example.com" { type slave; file "example.com"; masters { 55.130.130.1; }; };
Code: Select all
blank, this file was empty with nothing in it.
On the slave server:
Code: Select all
systemctl restart named-chroot
tail -F /var/log/messages
Code: Select all
Mar 18 08:26:10 ns1 named[11809]: zone example.com/IN: Transfer started.
Mar 18 08:26:10 ns1 named[11809]: transfer of 'example.com/IN' from 55.130.130.1#53: connected using 10.0.0.201#48771
Mar 18 08:26:10 ns1 named[11809]: transfer of 'example.com/IN' from 55.130.130.1#53: failed while receiving responses: NXDOMAIN
Mar 18 08:26:10 ns1 named[11809]: transfer of 'example.com/IN' from 55.130.130.1#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.120 secs (0 bytes/sec)
Code: Select all
dig @ns1.ourdns.com any example.com
Code: Select all
; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.2 <<>> @ns1.ourdns.com any example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 49678
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;example.com. IN ANY
;; Query time: 3 msec
;; SERVER: 55.130.130.201#53(55.130.130.201)
;; WHEN: Sat Mar 18 10:35:58 EET 2017
;; MSG SIZE rcvd: 39
Code: Select all
Mar 18 08:35:58 ns100 named[11809]: client 55.130.130.1#57827 (example.com): query: example.com IN ANY +E (10.0.0.201)