Hetzner - DokuWiki

Anycast/secondary setup

Inhaltsverzeichnis

Anycast/secondary setup

Please note, that this portion of the new DNS system is not active yet. For secondary DNS, please continue to use the Robot IPs and DNS addresses.

When testing compatibility of the proposed setup with DNS software, some configuration snippets were gathered.

Support by DNS software

This section contains configuration examples for different DNS software, how it might be configured on a customer's server. All configurations have been tested.

NSD

 zone:
 name: example.com
 notify: 78.46.255.56 NOKEY
 provide-xfr: 78.46.255.56 NOKEY

Man page

BIND

 zone "example.com" {
 type master;
 file "/etc/bind/example.com";
 also-notify  { 78.46.255.56; };
 allow-transfer  { 78.46.255.56; };
};

PowerDNS

 pdnsutil set-meta example.com ALSO-NOTIFY 78.46.255.56
pdnsutil set-meta example.com ALLOW-AXFR-FROM 78.46.255.56

Knot

 remote:
 - id: slave
   address: 78.46.255.56@53
 acl:
 - id: acl_slave
   address: 78.46.255.56
   action: transfer
 zone:
 - domain: example.com
   storage: /etc/knot/
   file: "example.com.zone"
   notify: slave
   acl: acl_slave

Knot documentation

CoreDNS

 # Coredns file
example.com {
   file /etc/coredns/example.com {
       transfer to 78.46.255.56
   }
}

Support by web panels

cPanel/WHM

No direct support, requires editing of respective nameserver configuration files. Example for cpanel with bind (default DNS server):

 # /etc/named.conf
options {
 #[...]
 also-notify  { 116.203.76.4; };
 allow-transfer  { 116.203.76.4; };
 #[...]
}

Global definitions for the notify and allow-transfer seem pretty stable. Definitions inside a zone may be overwritten.

Plesk

Basically the same as cPanel/WHM. Bind is the one and only DNS software, that is supported by plesk. There is an extension called Slave DNS Manager but this does not rely on sending NOTIFYs to the slave servers to trigger an AXFR. It rather expects to be the slave fully under your control and allowing access via rndc (bind control utility).
Global definitions for the notify and allow-transfer seem pretty stable. Definitions inside a zone are overwritten when one applies e.g. DNS templates to all zones.

Webmin

Webmin provides the module BIND DNS Server which adds bind to the server. After adding a master zone, one can edit zone options for this zone.

Webmin edit master zone.png

In the zone options, add the dedicated AXFR server's IP address to the fields Allow transfers from.. and Also notify slaves..

Webmin zone options.png

This will create a bind configuration similar to those proposed for plain bind. You may need to restart the bind DNS server after this.



© 2020. Hetzner Online GmbH. Alle Rechte vorbehalten.