This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
computing:ispconfig [2023/05/21 22:05] – created oemb1905 | computing:ispconfig [2023/05/21 22:57] (current) – oemb1905 | ||
---|---|---|---|
Line 3: | Line 3: | ||
* **Jonathan Haack** | * **Jonathan Haack** | ||
* **Haack' | * **Haack' | ||
- | * **netcmnd@jonathanhaack.com** | + | * **webmaster@haacksnetworking.org** |
------------------------------------------- | ------------------------------------------- | ||
Line 11: | Line 11: | ||
------------------------------------------- | ------------------------------------------- | ||
- | This tutorial is | + | This tutorial is for self-hosting your own authoritative DNS server using ISP Config and bind9. The requirements are that you own three IPs, have a domain dedicated just for this with three A records pointing towards three clean Debian installs on each of the VMs. The names would be ns1.server.com, |
+ | nano / | ||
+ | net.ipv6.conf.all.disable_ipv6 = 1 | ||
- | --- // | + | One of the servers will be primary and the others mirrors of that. For this reason, they will need to use a common mysql database on the primary. Since I did not want to expose mysql publicly, I created a separate NIC on each VM on virsh' |
+ | |||
+ | On virtmanager > Connection Details > Start virbr0 > Auto Start | ||
+ | On each VM > open > Add Hardware > NIC > Bridge > virbr0 | ||
+ | |||
+ | Of course, you can also do this with pure virsh and xml, but with -X passthrough, | ||
+ | |||
+ | nano / | ||
+ | auto enp1s0 | ||
+ | iface enp1s0 inet static | ||
+ | address 8.67.82.100 | ||
+ | netmask 255.255.255.0 | ||
+ | gateway 8.67.82.1 | ||
+ | nameservers 8.8.8.8 | ||
+ | auto enp7s0 | ||
+ | iface enp7s0 inet static | ||
+ | address 192.168.122.2 | ||
+ | netmask 255.255.255.0 | ||
+ | gateway 192.168.122.1 | ||
+ | nameservers 8.8.8.8 | ||
+ | |||
+ | The next machine would .3, the next one .4. Once you set up all the VMs with the primary and secondary interfaces, make sure each of them can reach the other. You can '' | ||
+ | |||
+ | nano / | ||
+ | |||
+ | The contents being as follows: | ||
+ | |||
+ | 127.0.0.1 | ||
+ | 127.0.1.1 | ||
+ | 8.67.82.100 ns1.haacksnetworking.com ns1 | ||
+ | 8.67.82.101 ns2.haacksnetworking.com ns2 | ||
+ | 8.67.82.102 ns3.haacksnetworking.com ns3 | ||
+ | |||
+ | Each VM needs a similar configuration, | ||
+ | |||
+ | wget -O - https:// | ||
+ | |||
+ | After it completes, make sure to record your admin password and mysql root password securely. It's now time to set up the database on the primary server. It installs roundcube, openVZ, and some other services by default. I later removed all of these after testing and just installed a simple send-only MTA with postfix and nothing else. You should customize to your preference and/or adjust the install script with flags to limit what it brings in. You now want to create users for each of the slave servers: | ||
+ | |||
+ | sudo mysql -u root -p | ||
+ | |||
+ | Then run the following mysql commands for each slave server (.3 and .4) so they can communicate with the primary: | ||
+ | |||
+ | CREATE USER ' | ||
+ | GRANT ALL PRIVILEGES ON * . * TO ' | ||
+ | |||
+ | CREATE USER ' | ||
+ | GRANT ALL PRIVILEGES ON * . * TO ' | ||
+ | |||
+ | After that is done, log in to the web panel and add a firewall record with '' | ||
+ | |||
+ | ufw allow from 192.168.122.0/ | ||
+ | |||
+ | Next, set up each of the slave servers ns2 and ns3 by shelling in to them and running this script: | ||
+ | |||
+ | wget -O - https:// | ||
+ | |||
+ | Make sure to record the mysql and ispconfig database passwords for each securely. Be sure to select expert mode and be sure to use the local address of the primary, 192.168.122.1, | ||
+ | |||
+ | [[https:// | ||
+ | |||
+ | Note everything worked properly at first, and I had to spend some time debugging. Using host and dig can be helpful while debugging: | ||
+ | |||
+ | host ns1.haacksnetworking.com 8.67.82.100 | ||
+ | host ns1.haacksnetworking.com | ||
+ | dig haacksnetworking.com ns | ||
+ | dig haacksnetworking.com ns @8.67.82.100 | ||
+ | |||
+ | The commands above check your default dns for the records and/or check the Name Server itself (the one you are setting up now). These commands are particularly helpful in determining whether your name server can return the proper records and/or whether they have already cached to other servers or not. Also, while debugging and re-adding a zone, I did once have to manually remove the " | ||
+ | |||
+ | Note: This tutorial is fairly advanced and there are lots of omitted smaller steps, days of debugging that are left unreported and so on. Feel free to email or hit me up on Mastodon (see home page of Wiki) if you need help. | ||
+ | |||
+ | --- // |