MRatWork Forum by Mustafa Ramadhan

Sawo Project - Kloxo-MR Discussions => Kloxo-MR Development => Topic started by: MRatWork on 2013-09-19, 22:34:43

Title: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: MRatWork on 2013-09-19, 22:34:43: In latest 6.5.1.a, ready various new DNS server:

1. PDns (aka PowerDNS) - all issues (especially 'TXT record') already fixed
2. MaraDNS - possible not work but server running well and no error for config
3. NSD - running well but possible allow-transfer still unfinish

Note:
1. 'TXT record' issue in DJBDns already fixed too
2. 'CNAME record' automatically convert to 'A record' for faster DNS request

How to test this 6.5.1.a?. Follow:

1. Open '/etc/yum.repos.d/kloxo-mr.repo' and change:
Code: [Select]
[kloxo-mr-testing-neutral-noarch] name=Kloxo-MR - testing-neutral-noarch baseurl=https://github.com/mustafaramadhan/kloxo/raw/rpms/testing/neutral/noarch/ mirrorlist=http://rpms.potissima.com/repo/mirrors/mratwork-testing-neutral-noarch-mirrors.txt enabled=0 gpgcheck=0
to:
Code: [Select]
[kloxo-mr-testing-neutral-noarch] name=Kloxo-MR - testing-neutral-noarch baseurl=https://github.com/mustafaramadhan/kloxo/raw/rpms/testing/neutral/noarch/ mirrorlist=http://rpms.potissima.com/repo/mirrors/mratwork-testing-neutral-noarch-mirrors.txt enabled=1 gpgcheck=0 includepkgs=kloxomr
2. And then run 'yum cleanup; yum update; sh /script/cleanup'

3. After that, switch to 'pdns' for 'dns' in 'switch applications'

----------------

Note:

- Downgrade to 6.5.0 with 'yum downgrade kloxomr'.
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: MRatWork on 2013-09-22, 19:20:23: Information related memory usage:

Code: [Select]
DNS Memory usage Note ----------------------------------------------------------------------- nsd 68 MB - prepare for 3.000 domains bind 163 MB - no info pdns (1) 693 MB - with 'lauch=gmysql' pdns (2) 136 MB - with 'lauch=bind' djbdns 12 MB - running triple applications (tinydns, axfrdns and dnscache) maradns 12 MB - like djbdns also running triple applications
Information related to how zone config created/updated:
Code: [Select]
--------------------------------------------------------------------- Zone Process DNS Server ---------------------------------------------------- Add Update --------------------------------------------------------------------- Bind create zone update zone update xfr list update xfr list update zone list update zone list reload service reload service - send notify to slave --------------------------------------------------------------------- DJBDns create zone update zone update xfr list update xfr list update xfr database update xfr database update zone list update zone list update zone combine update zone combine update zone database update zone database reload service reload service - send notify to slave *) --------------------------------------------------------------------- MaraDNS create zone update zone update xfr list update xfr list update xfr database update xfr database update zone list update zone list reload service reload service - send notify to slave *) --------------------------------------------------------------------- NSD create zone update zone update xfr list update xfr list update zone list update zone list update zone database update zone database reload service reload service - send notify to slave --------------------------------------------------------------------- PDNS create zone update zone create zone record update zone record update metadata update metadata update supermaster update supermaster - (no need reload) - (no need reload) - send notify to slave **) --------------------------------------------------------------------- Note: - Create/update zone handle by 'domains.conf.tpl' - Update xfr list handle by 'list.transfered.conf.tpl' (list of slave IPs) - Update zone list handle by 'list.master.conf.tpl' - Update zone combine include in 'list.master.conf.tpl' - Update zone database handle by built-in function in application itself - All processes handle by 'domains.conf.tpl' for PDNS because data in mysql format *) send notify to slave no exist in djbdns and maradns; use thirdparty perl script **) send notify to slave handle directly by PDNS
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: nusapenida on 2013-09-23, 17:40:44: hi,

what is the best choice for dns?
Thanks
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: zenkul on 2013-09-23, 18:40:12: + Bind
pros : compatibility, stable with kloxo-mr ? (used in almost 90% world wide)
cons : memory and security issue

+ Djbdns
I Like it

go ahead with other dns software for testing / contribute MRatwork development
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: MRatWork on 2013-09-23, 18:47:19: Depend on your server. For huge domains, don't use djbdns and maradns. For small domains, better choose djbdns, maradns and nsd. With small memory (say it less than 512MB), better choose djbdns or maradns (but nsd still acceptable).

Remember, maradns and pdns still have issue related to 'txt record' (importance for domainkeys and spf for mail authentication purpose).
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: MRatWork on 2013-09-23, 18:50:59: My favorite is nsd because small, accept for huge domains and have built-in 'dns notify'.

Remember, djbdns and maradns doesn't have built-in 'dns notify' (and Kloxo-MR use 'dns notify' perl script for this purpose but not ideal).
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: marcus5914 on 2013-09-24, 03:24:39: i have only 3 domain in my Vps . and with Nginx Proxy . currently i am using blind . should i switch to djdns ?
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: MRatWork on 2013-09-24, 04:10:24: Quote from: "marcus5914"
i have only 3 domain in my Vps . and with Nginx Proxy . currently i am using blind . should i switch to djdns ?
I wasn't remember, djbns in 6.5.0.f already fix 'text record' issue or not. If alredy fixed, use djbdns. Need confirm from other users about this issue (remember, please always use latest version of Kloxo-MR).
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: marcus5914 on 2013-09-24, 14:43:15: Quote from: "MRatWork"
I wasn't remember, djbns in 6.5.0.f already fix 'text record' issue or not. If alredy fixed, use djbdns. Need confirm from other users about this issue (remember, please always use latest version of Kloxo-MR).

there is any way to know it is already fix or not ?
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: Spacedust on 2013-09-24, 17:08:43: Does TXT records on master works now when using PowerDNS ?
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: Spacedust on 2013-09-24, 19:12:04: This is still not working on my local test system:

192.168.1.8 - master with ns1.nowosci.org
192.168.1.9 - slave with ns2.nowosci.org

Code: [Select]
dig @192.168.1.9 private._domainkey.nowosci.org TXT ; <<>> DiG 9.9.3-rpz2+rl.13208.13-P2-RedHat-9.9.3-4.P2.el6 <<>> @192.168.1.9 private._domainkey.nowosci.org TXT ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30976 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 2800 ;; QUESTION SECTION: ;private._domainkey.nowosci.org. IN TXT ;; AUTHORITY SECTION: nowosci.org. 1800 IN SOA ns1.nowosci.org. admin.adminonline.gr. 2013092404 3600 1800 604800 1800 ;; Query time: 2 msec ;; SERVER: 192.168.1.9#53(192.168.1.9) ;; WHEN: wto wrz 24 15:09:48 CEST 2013 ;; MSG SIZE rcvd: 119
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: Spacedust on 2013-09-24, 19:15:41: Bind works fine both on master and on slave.
Djbdns works fine both on master and on slave.
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: Spacedust on 2013-09-24, 19:20:52: MaraDNS TXT records does not work on master, slave does not work at all.
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: Spacedust on 2013-09-24, 19:22:16: nsd works fine both on master and on slave.
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: Spacedust on 2013-09-24, 19:27:50: PowerDNS TXT records does not work on both
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: zenkul on 2013-09-24, 20:17:34: + Djbdns :)

all perfect without trouble, and email send to inbox
just need reboot

Thanks,
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: marcus5914 on 2013-09-24, 21:10:46: please can any one conform that the TXT record fix in Djdns in Kloxo-MR: 6.5.0.f-2013091202 .
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: zenkul on 2013-09-24, 22:07:03: I am in : 6.5.0.f-2013091901

select 'Djbdns' only

kloxo-mr : must be latest version
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: MRatWork on 2013-09-24, 22:14:50: Quote from: "marcus5914"
please can any one conform that the TXT record fix in Djdns in Kloxo-MR: 6.5.0.f-2013091202 .
You can see my domain via http://network-tools.com/nslook/Default ... 8.32.23.41 (http://network-tools.com/nslook/Default.asp?domain=build.potissima.com&type=255&server=178.32.23.41) where we must enter domain/subdomain (example build.potissima.com) and ns1 ip (ns1 for build.potissima.com is 178.32.23.41). You can try ns2 also with enter ns2 ip to server.

If you see something like:
Code: [Select]
build.potissima.com IN TXT v=spf1 a mx ~all 86000s (23h 53m 20s)that mean 'TXT record' detected.

This domain using NSD.
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: marcus5914 on 2013-09-24, 22:28:04: i active Djbdns . and i got this using dig comment . now tell me the TXT bug fixed or not ?

Quote
dig @208.115.203.66 private._domainkey.mediafirerepack.net TXT

; <<>> DiG 9.9.3-rpz2+rl.13208.13-P2-RedHat-9.9.3-5.P2.el5 <<>> @208.115.203.66 private._domainkey.mediafirerepack.net TXT
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 53243
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;private._domainkey.mediafirerepack.net. IN TXT

;; AUTHORITY SECTION:
mediafirerepack.net. 86000 IN SOA ns1.mediafirerepack.net. admin.mediafirerepack.net. 2013092406 16384 2048 1048576 2560

;; Query time: 0 msec
;; SERVER: 208.115.203.66#53(208.115.203.66)
;; WHEN: Tue Sep 24 21:54:18 IST 2013
;; MSG SIZE rcvd: 102
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: marcus5914 on 2013-09-24, 22:31:39: Quote from: "MRatWork"
Quote from: "marcus5914"
please can any one conform that the TXT record fix in Djdns in Kloxo-MR: 6.5.0.f-2013091202 .
You can see my domain via http://network-tools.com/nslook/Default ... 8.32.23.41 (http://network-tools.com/nslook/Default.asp?domain=build.potissima.com&type=255&server=178.32.23.41) where we must enter domain/subdomain (example build.potissima.com) and ns1 ip (ns1 for build.potissima.com is 178.32.23.41). You can try ns2 also with enter ns2 ip to server.

If you see something like:
Code: [Select]
build.potissima.com IN TXT v=spf1 a mx ~all 86000s (23h 53m 20s)that mean 'TXT record' detected.

This domain using NSD.

i didnt find the TXT . record . so i must use bind.
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: marcus5914 on 2013-09-24, 22:35:56: Now it is also werid . i moved back to bind ..still i cant find txt record .
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: MRatWork on 2013-09-24, 22:47:08: I think your version too old. Latest version (kloxomr-6.5.0.f-2013091901) already fix this issue.
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: Spacedust on 2013-09-24, 23:14:03: I was testing using Kloxo-MR 6.5.1.a-2013092302
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: marcus5914 on 2013-09-24, 23:24:19: i got this error while updating

Quote
yum update
Loaded plugins: fastestmirror, priorities, protectbase, replace
Loading mirror speeds from cached hostfile
* base: centos.icyboards.com
* extras: centos-mirror.jchost.net
* kloxo-mr-epel: fedora-epel.mirror.lstn.net
* kloxo-mr-ius: dfw.mirror.rackspace.com
* rpmforge: mirror.us.leaseweb.net
* updates: mirror.cogentco.com
Excluding Packages from Kloxo-MR - centalt - i386
Finished
Excluding Packages from Kloxo-MR - CentOS 5 Packages from CentOS.EC
Finished
Excluding Packages from Kloxo-MR - IUS Community Packages for EL 5 - i386
Finished
Reducing Kloxo-MR - IUS Community Packages for EL 5 (special) - i386 to included packages only
Finished
0 packages excluded due to repository protections
Setting up Update Process
Resolving Dependencies
There are unfinished transactions remaining. You might consider running yum-complete-transaction first to finish them.
--> Running transaction check
---> Package apr.i386 0:1.4.8-1.mr.el5 set to be updated
---> Package ghostscript.i386 0:8.70-15.el5_9.3 set to be updated
---> Package kloxomr.noarch 0:6.5.0.f-2013091901.mr set to be updated
---> Package libedit.i386 0:20090923-3.0_1.el5.rf set to be updated
---> Package m4.i386 0:1.4.16-1.mr.el5 set to be updated
---> Package mhash.i386 0:0.9.9-1.el5.rf set to be updated
---> Package perl-Crypt-OpenSSL-RSA.i386 0:0.28-1.el5.rf set to be updated
---> Package perl-Digest-SHA.i386 0:5.71-1.el5.rf set to be updated
---> Package perl-MIME-Lite.noarch 0:3.029-1.el5.rf set to be updated
--> Processing Dependency: perl(Email::Date::Format) >= 1.000 for package: perl-MIME-Lite
---> Package perl-Mail-DKIM.noarch 0:0.39-1.el5.rf set to be updated
---> Package perl-MailTools.noarch 0:2.12-1.el5.rf set to be updated
--> Processing Dependency: perl(Test::Pod) >= 1 for package: perl-MailTools
---> Package rkhunter.noarch 0:1.4.0-1.el5.rf set to be updated
--> Processing Dependency: prelink for package: rkhunter
---> Package rpmforge-release.i386 0:0.5.3-1.el5.rf set to be updated
---> Package rrdtool.i386 0:1.4.7-1.el5.rf set to be updated
--> Processing Dependency: xorg-x11-fonts-Type1 for package: rrdtool
--> Processing Dependency: perl(RRDp) for package: rrdtool
--> Processing Dependency: ruby for package: rrdtool
--> Processing Dependency: lua for package: rrdtool
--> Processing Dependency: gettext for package: rrdtool
--> Processing Dependency: perl(RRDs) for package: rrdtool
---> Package t1lib.i386 0:5.1.2-1.el5.rf set to be updated
--> Running transaction check
---> Package gettext.i386 0:0.17-1.el5 set to be updated
---> Package lua.i386 0:5.1.4-4.el5 set to be updated
---> Package perl-Email-Date-Format.noarch 0:1.002-4.el5 set to be updated
---> Package perl-Test-Pod.noarch 0:1.45-1.el5.rf set to be updated
--> Processing Dependency: perl(Pod::Simple) >= 3.07 for package: perl-Test-Pod
---> Package perl-rrdtool.i386 0:1.4.7-1.el5.rf set to be updated
---> Package prelink.i386 0:0.4.0-2.el5 set to be updated
---> Package ruby.i386 0:1.8.5-31.el5_9 set to be updated
--> Processing Dependency: ruby-libs = 1.8.5-31.el5_9 for package: ruby
--> Processing Dependency: libruby.so.1.8 for package: ruby
---> Package xorg-x11-fonts-Type1.noarch 0:7.1-2.1.el5 set to be updated
--> Running transaction check
---> Package perl-Pod-Simple.noarch 0:3.16-1.el5.rf set to be updated
--> Processing Dependency: perl(Pod::Escapes) >= 1.04 for package: perl-Pod-Simple
---> Package ruby-libs.i386 0:1.8.5-31.el5_9 set to be updated
--> Running transaction check
---> Package perl-Pod-Escapes.noarch 0:1.04-5.el5 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================================================================================
Package Arch Version Repository Size
=======================================================================================================================================================================
Updating:
apr i386 1.4.8-1.mr.el5 kloxo-mr-release-version-arch 97 k
ghostscript i386 8.70-15.el5_9.3 updates 9.0 M
kloxomr noarch 6.5.0.f-2013091901.mr kloxo-mr-release-neutral-noarch 6.1 M
libedit i386 20090923-3.0_1.el5.rf rpmforge 262 k
m4 i386 1.4.16-1.mr.el5 kloxo-mr-release-version-arch 256 k
mhash i386 0.9.9-1.el5.rf rpmforge 201 k
perl-Crypt-OpenSSL-RSA i386 0.28-1.el5.rf rpmforge 61 k
perl-Digest-SHA i386 5.71-1.el5.rf rpmforge 93 k
perl-MIME-Lite noarch 3.029-1.el5.rf rpmforge 97 k
perl-Mail-DKIM noarch 0.39-1.el5.rf rpmforge 129 k
perl-MailTools noarch 2.12-1.el5.rf rpmforge 101 k
rkhunter noarch 1.4.0-1.el5.rf rpmforge 177 k
rpmforge-release i386 0.5.3-1.el5.rf rpmforge 12 k
rrdtool i386 1.4.7-1.el5.rf rpmforge 906 k
t1lib i386 5.1.2-1.el5.rf rpmforge 362 k
Installing for dependencies:
gettext i386 0.17-1.el5 base 2.4 M
lua i386 5.1.4-4.el5 kloxo-mr-epel 228 k
perl-Email-Date-Format noarch 1.002-4.el5 kloxo-mr-epel 15 k
perl-Pod-Escapes noarch 1.04-5.el5 kloxo-mr-atrpms 15 k
perl-Pod-Simple noarch 3.16-1.el5.rf rpmforge 212 k
perl-Test-Pod noarch 1.45-1.el5.rf rpmforge 13 k
perl-rrdtool i386 1.4.7-1.el5.rf rpmforge 52 k
prelink i386 0.4.0-2.el5 base 1.0 M
ruby i386 1.8.5-31.el5_9 updates 279 k
ruby-libs i386 1.8.5-31.el5_9 updates 1.6 M
xorg-x11-fonts-Type1 noarch 7.1-2.1.el5 base 1.5 M

Transaction Summary
=======================================================================================================================================================================
Install 11 Package(s)
Upgrade 15 Package(s)

Total size: 25 M
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test

Transaction Check Error:
file /usr/lib/libedit.so.0 from install of libedit-20090923-3.0_1.el5.rf.i386 conflicts with file from package libedit0-3.0-1.20090722cvs.el5.i386

Error Summary
-------------
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: MRatWork on 2013-09-24, 23:51:02: Disable rpmforge repo first. Using other repo may conflict with repos from Kloxo-MR.
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: Spacedust on 2013-09-25, 00:32:06: nsd does not resolve on all IP's !!!

I'm using second and third IP for my DNS servers on slave.
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: MRatWork on 2013-09-25, 00:36:03: Quote from: "Spacedust"
nsd does not resolve on all IP's !!!

I'm using second and third IP for my DNS servers on slave.
Try running 'nsdc rebuild; nsdc reload; nsdc notify'
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: Spacedust on 2013-09-25, 00:45:23: Quote from: "MRatWork"
Quote from: "Spacedust"
nsd does not resolve on all IP's !!!

I'm using second and third IP for my DNS servers on slave.
Try running 'nsdc rebuild; nsdc reload; nsdc notify'

Solution is to just add lines like this:

Quote
ip-address: 198.50.1.1
ip-address: 198.50.2.1

inside /etc/nsd/nsd.conf

then it works perfectly :)
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: Spacedust on 2013-09-25, 01:20:11: I would like to report that despite having SPF enabled and DomainKeys working with TXT records - gmail.com is still marking all mails from my servers as SPAM !

And I'm not blacklisted anywhere !
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: marcus5914 on 2013-09-25, 03:02:46: i update the kloxo-mr . still i cant see and TXT record .

check this

http://network-tools.com/nslook/Default ... 115.203.66 (http://network-tools.com/nslook/Default.asp?domain=mediafirerepack.net&type=255&server=208.115.203.66)
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: Spacedust on 2013-09-25, 03:09:17: Quote from: "marcus5914"
i update the kloxo-mr . still i cant see and TXT record .

check this

http://network-tools.com/nslook/Default ... 115.203.66 (http://network-tools.com/nslook/Default.asp?domain=mediafirerepack.net&type=255&server=208.115.203.66)

Yeah, TXT doesn't work with PowerDNS. Please fix this Mustafa !
Title: Re: [6.5.1.a] New DNS Server (PDns, MaraDNS and NSD)
Post by: Spacedust on 2013-09-25, 03:45:08: I've switched back to djbdns because nsd is still restarting and not working properly (no-glue and very high CPU usage !).