till now we’re using miab with only one ip, but from 1 dec we have a /24 ip class and want to have 2 ip’s (2 ns on diff ip’s) and also to have a reverse zone for our clients reverse dns needs.
searched and found how to have a second/slave dns server, but nothing about reverse and a master/slave scenario. read it about nsd, tried to make some changes on zones files, but in case of update or something else, all modif goes away…
I am not stating that you cannot potentially make an unsupported modification. I am stating that MiaB does not handle this natively and will not likely handle it well even with an unsupported modification. As you have already noticed most of your modifications will get blown away with updates.
yes, i know that will be a custom miab. but i need a little help to understand which files and scripts are involved to be modified, can you or somebody else to help me with a short explanation about the structure, please?
One of the problems is that having 2 IP’s for DNS on the same /25 absolutely does not help anything. You still have a single point of failure.
Why do you need to resolve rDNS anyways? Are you planning to lease VPS’s out for mail server installs? There is no other reason that it is mandatory…
A thought – if you want to ignore my first comment, you can just have NSD listen on multiple IP addresses and leave Postfix out of it. But then you need to change the NS records in the zone files which is likely going to be in mailinabox/management/dns_update.py It might be easier to use ns3 rather than ns2 for the secondary the way things are written. This way you can just add ns3.box.domain.tld to the Secondary name server hostname field on the custom DNS page.
The NSD conf file is explicitly overwritten so you’ll need to change that behavior in the setup files.
This is about all I can offer as it is not my area of expertise.
Hi, I believe you should have reverse DNS entries for your machine, as part of the various anti-spam protocols is to check that the machine sending is who it says it is. Any sent email will always score a worse spam score if the rDNS is not set-up.
I haven’t setup an IPv4 rDNS, but most of it is similar to an IPv6 rDNS, and there is now somewhere to put that info which won’t get overwritten by MIAB upgrades.
In /etc/nsd/local.conf you specify one (or more) zones for which your server will give out info. The details for each zone is in a separate file. (The zone file is traditionally named after the zone, so if your IPv4/24 is 1.2.3.x, your reverse domain would be “3.2.1.in-addr.arpa” and your domain zone file would be named “3.2.1.in-addr.arpa.txt”. So in /etc/nsd/local.conf put :
The actual DNS entries appear in /etc/nsd/zones/, so if your server “box.example.com” is at 1.2.3.4, you’ll have something like this in /etc/nsd/zones/3.2.1.in-addr.arpa.txt (note the final ‘.’ on the domain names) :
;
; 1.2.3/24
;
$TTL 1h ; Default TTL
@ IN SOA ns1.box.example.com. admin.box.example.com. (
2021101602 ; serial
1h ; slave refresh interval
15m ; slave retry interval
1w ; slave copy expire time
1h ; NXDOMAIN cache time
)
;
; domain name servers
;
@ IN NS ns1.box.example.com.
; IPv4 rDNS PTR entries
4.3.2.1.ip.arpa. IN PTR box.example.com.
(Send the nsd daemon a SIGHUP when you want it to refresh with new config.)
Now the bit I can’t help you with For IPv6 rDNS, there is a “common” mechanism where you tell your ISP that ns1.box.example.com accepts “delegated” rDNS requests. Your ISP owns the higher level rDNS domain and just forwards requests to your name server. But I don’t know how this works for IPv4 - talk to your ISP and please let me know the result.
hi again. tried to append second nameserver in web under system->custom dns and noticed that if you put second nameserver on " Using a secondary nameserver" and add name, type (A) and IP in " Set custom DNS records", these info will be appended in box.domain.com.txt file in /etc/nsd/nsd.conf.d/zones.conf as notify: IP NOKEY and provide-xfr: IP NOKEY for each domain that you have in server. great job till now!
now i want to see where to change the scripts to make the reverse zone.
For IPv6 rDNS, there is a “common” mechanism where you tell your ISP that