Jump to content
Froxlor Forum
  • 0
tuaris

DNS Modifications

Question

I've recently setup a copy of Froxlor on a FreeBSD 9.0 system.

All is good so far (only a few issues during install, but bugs have been filed).

 

Currently, my DNS needs are a little strange. My servers all use private IP's behind a firewall and in order for me to properly integrate Froxlor into my hosting system I would need to make some modifications to the way DNS is administered.

 

First off, I would like to add in an option to setup what I call "split DNS". Where there would be two DNS views. One internal view private and an external public view. I was thinking about doing this with the built in support in BIND to use "views".

 

Secondly, I want to add the ability to "publish" DNS zones to an external server. For example... I have several Froxlor hosting servers each with their own DNS zones. I also have dedicated public DNS servers that will do the actual work. Froxlor would connect to these DNS servers and setup slave zones on them.

 

Some of the thoughts I have are:

 

A admin setting where you can go in and enable what I would call "Create slave zones on additional name servers." Then a list of server names or IP's with access method and credentials would be provided. The simplest thing I can think of is to use SSH. I'm sure PowerDNS has a way to do this, but I'm not too familiar with PowerDNS at the moment.

 

Then an admin setting to "Enable Split DNS". I'm not to sure how I would present this. I guess once split DNS is enabled I would assume that the additional "view" would always be a public one. I would assume that this is what most people enabling/needing this option would expect. Once the "Split DNS" option is enabled, the current default view should become the private view, and a new public view would need to be generated based on additional setting named "public facing IP" in the same section.

 

I'm very experienced in all the above mentioned technologies (except for PowerDNS) and very experienced in PHP programming. I should have no issue implementing the above and submitting patches. I wanted to gather some feedback to see if the thoughts are in line with Froxlor's style.

 

I also would appreciate some hints on what files and database tables I would need to modify to achieve the above.

Share this post


Link to post
Share on other sites

5 answers to this question

Recommended Posts

  • 0

I was thinking about adding an additional field to the IP's and Ports section in either the edit or add actions named "Public IP" that would only appear if split DNS is enabled.

Share this post


Link to post
Share on other sites
  • 0

We do this using SSH keys.

 

On our main web/dns server we have a user called bind copy and and script as follows

 

#!/bin/bash

# create new slave config
echo "" > /tmp/slave.config


for zonefile in `ls /etc/bind/domains`
   do
       domain=`echo $zonefile | sed 's/.\{5\}$//'`

       echo "" >> /tmp/slave.config
       echo "zone \"$domain\" {" >> /tmp/slave.config
       echo "    type slave;" >> /tmp/slave.config
       echo "    file \"/var/cache/bind/${domain}.db\";" >> /tmp/slave.config
       echo "    masters { xxx.xxx.xx.xxx; };" >> /tmp/slave.config
       echo "};" >> /tmp/slave.config
       echo "" >> /tmp/slave.config
done

# place the config in the /home/bindcopy/ directory for contiunity - ns2.ourhostingcompany.com will pick it up from this location as the user bindcopy.
mv /tmp/slave.config /home/bindcopy/slave.config
chown bindcopy.bindcopy /home/bindcopy/slave.config

 

The above script is setup as a cronjob (every minute) and creates a slave.config file for each one of our zones which are in the /etc/bind/domains directory created by froxlor.

 

Our second name server (ns2) then SSH'es into the main web server and takes a copy of the file, places it in /etc/bind/slave.config and changes it's ownership to the bind user then reloads bind. This script is shown below, runs every 3 minutes or so as root.

 

#!/bin/bash
#
# Script to copy the /etc/bind/slave.config file from ns1
#
/usr/bin/rsync -avzq -e ssh bindcopy@ns1.ourhostingcompany.com:/home/bindcopy/slave.config /etc/bind/slave.config

chown bind.bind /etc/bind/slave.config

# reload bind
#/etc/init.d/bind9 reload > /dev/null
/etc/init.d/bind9 reload

 

Obviously the last bit is that you need to tell bind to include the contents of the /etc/bind/slave.config file which we do from /etc/bind/named.conf.local

 

// now we include our froxlor domains
include "/etc/bind/slave.config";

 

Works really well for us.

 

Hope that helps.

 

- Jamie

Share this post


Link to post
Share on other sites
  • 0

Furthermore this method to configure PHP works for the CGI, FastCGI and FPM SAPI.
So once support for PHP 5.2 in Froxlor is dropped this could be the default method to configure custom php.ini files.

Share this post


Link to post
Share on other sites
  • 0

What does this have to do with PHP 5.2 and custom php.inis (which is already possible)

Share this post


Link to post
Share on other sites
  • 0

I've recently setup a copy of Froxlor on a FreeBSD 9.0 system.

All is good so far (only a few issues during install, but bugs have been filed).

 

Currently, my DNS needs are a little strange. My servers all use private IP's behind a firewall and in order for me to properly integrate Froxlor into my hosting system I would need to make some modifications to the way DNS is administered.

 

First off, I would like to add in an option to setup what I call "split DNS". Where there would be two DNS views. One internal view private and an external public view. I was thinking about doing this with the built in support in BIND to use "views".

 

Secondly, I want to add the phenq review uk ability to "publish" DNS zones to an external server. For example... I have several Froxlor hosting servers each with their own DNS zones. I also have dedicated public DNS servers that will do the actual work. Froxlor would connect to these DNS servers and setup slave zones on them.

 

Some of the thoughts I have are:

 

A admin setting where you can go in and enable what I would call "Create slave zones on additional name servers." Then a list of server names or IP's with access method and credentials would be provided. The simplest thing I can think of is to use SSH. I'm sure PowerDNS has a way to do this, but I'm not too familiar with PowerDNS at the moment.

 

Then an admin setting to "Enable Split DNS". I'm not to sure how I would present this. I guess once split DNS is enabled I would assume that the additional "view" would always be a public one. I would assume that this is what most people enabling/needing this option would expect. Once the "Split DNS" option is enabled, the current default view should become the private view, and a new public view would need to be generated based on additional setting named "public facing IP" in the same section.

 

I'm very experienced in all the above mentioned technologies (except for PowerDNS) and very experienced in PHP programming. I should have no issue implementing the above and submitting patches. I wanted to gather some feedback to see if the thoughts are in line with Froxlor's style.

 

I also would appreciate some hints on what files and database tables I would need to modify to achieve the above.

Try integrating without firewall.

Maybe it is a problem of firewall blocking.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By Andrew Stafford
      Good day, 
      First time posting here, I just got Froxlor setup on a hyperV, Debian 9 VM.
      It is up and running, got my customers/ domains added. I can't seem to get the domain to cooperate though. 
      I use Godaddy to buy and host my domains. What do I need to do on Godaddy and through Froxlor to get my website visible to the public?
      I currently tried setting an a record on godaddy with my servers ip.
      I changed the name servers in froxlor to those listed by godaddy for my domain.
      Am i on the right track or missing it entirely?
      Any help would be appreciated!
      Thanks, - Andrew 
    • By CubE135
      Hallo, ich möchte mir gern eigene Nameserver einreichen, worauf ich dann diverse Domains leiten kann.
      Ich habe bei meinem Domain Provider bereits die nötigen Hostnames eingetragen(ns1.meinedomain.tld und ns2.meinedomain.tld).
      Einen Name-/DNS-Server habe ich über die Froxlor Konfiguration bereits installiert(bind9 nameserver).
      Nun weiß ich nicht genau, wie ich im Froxlor Panel weiter machen soll.
       
      Kann mir da jemand helfen?
      MfG CubE135
    • By tt33tt
      Hallo alle zusammen,
      ich habe einen seltsamen Fehler: Manchmal ist eine Nextcloud-Instanz von mir so nicht erreichbar als ob sie keinen DNS-Eintrag hätte.
      Ich habe drei Nextcloud-Instanzen
      Funktioniert immer: http://cloud.medien-bildung.info/ Schon vorher in den Einstellungen eingetragen: Domain ist eine Subdomain von medien-bildung.info Manchmal Fehler: http://cloud.mzlw.de/ Lange down, erstes Mal wieder online nachdem eingetragen: Domain ist eine Subdomain von mzlw.de Selber Fehler: http://cloud.medienbrief.schule/ Lange down, erstes Mal wieder online nachdem eingetragen: Domain ist eine Subdomain von medienbrief.schule Alle bestehen als Subdomäne, die ich wegen spezifischen PHP-Einstellungen alle als Administrator statt als Kunde angelegt habe.
      Das erste Mal haben die beiden anderen wieder geklappt als ich eingetragen habe: Domain ist eine Subdomain von xxx Das habe ich gemacht als ich im bind die Dateien für die drei Domains verglichen habe. medien-bildung.info hatte keine. Daher bin ich darauf gestoßen dass besagte Einstellung dort aktiv ist. Frage: Warum werden im Bind bei der Option "Domain ist eine Subdomain von" keine Dateien angelegt. Macht das dann der Webserver vollständig selbst mit dem Behandeln der DNS-Abfragen?
      Seltsamerweise bin ich auf die Domains nach einem Browser-Absturz plötzlich wieder nicht mehr gekommen. Noch seltsamer: Ich bin anschließend in die Einstellungen der beiden Domains gegangen, habe einfach gespeichert und die Config-Dateien neu erstellt. Dann hat wieder alles geklappt.
      Möglicherweise tritt der Fehler zukünftig erneut auf.
      Ein Fehler irritiert mich nämlich noch:
      Für die beiden fehlerhaften domains cloud.mzlw.de und cloud.medienbrief.schule erhalte ich beim DNS keine Antwort, nur eine vom Typ SOA, wenn ich das Tool Dig benutze. Warum kann ich dann darauf zugreifen aktuell über den Browser, wenn ich keine DNS-Antwort erhalte. Das Problem besteht schon lange und hängt mit den teilweise auftretenden Störungen vielleicht zusammen. Der Webserver selbst kann das lokal
      Bei der funktionierenden cloud.medien-bildung.info erhalte ich immer eine normale Antwort.
       
      Meine Fragen:
      Welche Auswirkungen hat "Domain ist eine Subdomain von"? Warum gibt es im Bind keine Files für die Domains?
      Warum kann ich auf die Homepage zugreifen, wenn ich keine DNS-Antwort bekomme.
    • By tt33tt
      Hallo alle zusammen,
      ich möchte in Frolxor eine Schulungssubdomain anlegen in einem Schulungskunden. Diese ist die Subdomain einer anderen Domain. Die übergeordnete Domain habe ich allerdings einem anderen Kunden zugeordnet.
      Wie gehe ich vor? Wenn ich die Subdomain erstelle, werde ich immer auf die übergeordnete Domain weitergeleitet, obwohl ich von Wildcard auf www.domain umgestellt habe.
      Welche Bedeutung haben Alias und die Einstellung ist Subdomain von in den Domain-Einstellungen?
    • By d00p
      Dear Froxlor Community,

      we are proud to announce the first release candidate for our upcoming version 0.9.37 which includes a complete DNS editor for Domain and also supports PowerDNS in standalone mode as nameserver.
       
      You can now also customize the customer-docroot options when using apache webserver and mod_php and activate the warn-emails about traffic and web-usage separately
       
      Please test the DNS feature thoroughly and give feedback. Thanks in advance.

      Changes in 0.9.37-rc1:
       
      You can see all (minor) changes in our bugtracker at https://redmine.froxlor.org/versions/72

      Download: 0.9.37-rc1

      Note: Gentoo users might use the 9999 ebuild for a live-version. There will be no Debian packages for release-candidates.

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.freenode.net.

      Thank you,
      d00p


×