ISPConfig Additional Name Servers

Why Hidden DNS

Hidden DNS servers are not needed by everyone. Just skip to Adding Name Servers if you just need more than two name servers.

We found it useful for security and performance reasons to obfuscate our primary ISPConfig DNS server from the public while serving DNS to the public via slave DNS servers. To rephrase, we manage our DNS on one server, but the public uses two other dedicated slave servers.

To make this work, the slave servers require our hidden DNS server to be the first name server listed in the zone file.

Adding Name Servers

ISPConfig only supports two name servers by default using the web interface.

You can add more name servers by simply adding a static entry to the template used to construct the forward DNS zone files. We keep the customized template in the 'customized_templates' folder so that our customizations will survive the next ISPConfig upgrade cycle.

First, copy the 'pri.domain.master' file to the 'customized_templates' folder. Then edit 'pri.domain.master' to add the static name server entries:

cp /root/ispconfig/isp/conf/pri.domain.master /root/ispconfig/isp/conf/customized_templates
vi /root/ispconfig/isp/conf/customized_templates/pri.domain.master

Adjust the SOA record and add a name server record. Make it look something like this:

$TTL        {DNS_TTL}
@       IN      SOA     ns.yourdomain.com. {DNS_ADMINMAIL}. (
                        {SERIAL}       ; serial, todays date + todays serial #
                        {DNS_REFRESH}              ; refresh, seconds
                        {DNS_RETRY}              ; retry, seconds
                        {DNS_EXPIRE}              ; expire, seconds
                        {DNS_TTL} )            ; minimum, seconds
;
                NS      ns.yourdomain.com.           ; Inet Address of hidden name server
                NS      {DNS_NS1}.              ; Inet Address of name server 1
                NS      {DNS_NS2}.              ; Inet Address of name server 2
;

<!-- BEGIN DYNAMIC BLOCK: mxrecords -->
{MX_HOST}  MX      {MX_PRIORITAET} {MX_MAILSERVER}.
<!-- END DYNAMIC BLOCK: mxrecords -->
{DNS_SOA}.      A        {DNS_SOA_IP}
<!-- BEGIN DYNAMIC BLOCK: arecords -->
{A_HOST}       A       {A_IP}
<!-- END DYNAMIC BLOCK: arecords -->
<!-- BEGIN DYNAMIC BLOCK: cnamerecords -->
{CNAME_HOST}       CNAME  {CNAME_ZIEL}.
<!-- END DYNAMIC BLOCK: cnamerecords -->
<!-- BEGIN DYNAMIC BLOCK: spfrecords -->
{SPF_HOST}.       TXT  "v=spf1 {SPF}"
<!-- END DYNAMIC BLOCK: spfrecords -->
;;;; MAKE MANUAL ENTRIES BELOW THIS LINE! ;;;;

You may also want to add the new name server to the reverse DNS zone as well. It's actually quite rare that the ISP (provider of IP addresses) delegates the reverse DNS, but some providers such as AT&T do.

ISPconfig provides reverse DNS automatically, but you need to do something like this if you add a third name server.

cp /root/ispconfig/isp/conf/reverse_zone.in-addr.arpa.master /root/ispconfig/isp/conf/customized_templates/
vi /root/ispconfig/isp/conf/customized_templates/reverse_zone.in-addr.arpa.master

Adjust the SOA record and add the third name server:

$TTL        86400
@               IN      SOA     ns.yourdomain.com. hostmaster.{SERVER_DOMAIN}. (
                                {SERIAL}       ; serial, todays date + todays serial #
                                28800   ; Refresh
                                7200    ; Retry
                                604800  ; Expire
                                86400)  ; Minimum TTL
                        NS      ns.yourdomain.com.
                        NS      {SERVER_BIND_NS1_DEFAULT}.
                        NS      {SERVER_BIND_NS2_DEFAULT}.
<!-- BEGIN DYNAMIC BLOCK: reverse_records -->
{IP_ENDE}       PTR     {DNS_SOA}.
<!-- END DYNAMIC BLOCK: reverse_records -->
;;;; MAKE MANUAL ENTRIES BELOW THIS LINE! ;;;;

< Prev		Next >

Sonora Communications, Inc.