Kali ini ane mau share cara sinkronisasi primary DNS ispCP ke secondary DNS server.

Apa itu ispCP?

isp Control Panel (ispCP) is an open source project founded to build a Multi Server Control and Administration Panel. This Control Panel is usable by any Internet Service Provider (ISP).

Nah ispCP sendiri mengemas aplikasi2 hosting seperti Apache, Bind9, Courier, Postfix, ProFTP, dan Awstats. dan sampai saat ini support untuk beberapa linux distro seperti debian (Etch, Lenny, squeeze), Ubuntu, dan FreeBSD.

Kalau dibandingkan dengan cPanel secara pribadi jelas lebih nyaman cPanel. Tp krn ini open source dan gratis, worth bgt buat dicoba dan digunakan.

Yuk, langsung aja... Ane asumsikan temen2 udah pada berhasil install ispCP ini.

Requirement :

2 buah server ( 1 untuk primary DNS di ispCP itu sendiri dan 1 lagi buat secondary DNS nya )

Tested with ispCP Version : 1.7 on Debian Lenny

ispCP server ( Primary )

1. Edit /etc/ispcp/ispcp.conf dan tambahkan IP server secondary DNS pada bagian # BIND data section
2. masuk ke folder /var/www/ispcp/gui/domain ( buat folder tersebut jika belum ada )
3. Buat file index.php dan masukan script berikut :

<?php
require '../include/ispcp-lib.php';
 
$cfg = ispCP_Registry::get('Config');
$sql = ispCP_Registry::get('Db');
 
$count_query = "SELECT COUNT(`domain_id`) AS cnt FROM `domain`";
$start_index = 0;
$rows_per_page = 100;
 
$query = "SELECT `domain_name` FROM `domain`
    ORDER BY `domain_id` ASC
    LIMIT $start_index, $rows_per_page";
 
$rs = exec_query($sql, $count_query);
$records_count = $rs->fields['cnt'];
$rs = exec_query($sql, $query);
$count_query1 = "SELECT COUNT(`alias_id`) AS cnt1 FROM `domain_aliasses`";
$start_index1 = 0;
$rows_per_page1 = 100;
 
$query1 = "SELECT `alias_name` FROM `domain_aliasses`
    ORDER BY `alias_id` ASC
    LIMIT $start_index1, $rows_per_page1";
 
$rs1 = exec_query($sql, $count_query1);
 
$records_count1 = $rs1->fields['cnt1'];
$rs1 = exec_query($sql, $query1);
$all_records_count=$records_count+$records_count1;
if ($rs->rowCount() == 0) {
    echo "//NO DOMAINS LISTED";
} else {
    echo "//$all_records_count DOMAINS LISTED ON $cfg->SERVER_HOSTNAME [$cfg->BASE_SERVER_IP]\n";
    while (!$rs->EOF){
        echo "zone \"".$rs->fields['domain_name']."\"{\n";
        echo "\ttype slave;\n";
        echo "\tfile \"/var/cache/bind/".$rs->fields['domain_name'].".db\";\n";
        echo "\tmasters { $cfg->BASE_SERVER_IP; };\n";
        echo "\tallow-notify { $cfg->BASE_SERVER_IP; };\n";
        echo "};\n";
        $rs->moveNext();
    }
}
 
if ($rs1->rowCount() == 0) {
    echo "//END DOMAINS LIST\n";
}
else {
    while (!$rs1->EOF){
        echo "zone \"".$rs1->fields['alias_name']."\"{\n";
        echo "\ttype slave;\n";
        echo "\tfile \"/var/cache/bind/".$rs1->fields['alias_name'].".db\";\n";
        echo "\tmasters { $cfg->BASE_SERVER_IP; };\n";
        echo "\tallow-notify { $cfg->BASE_SERVER_IP; };\n";
        echo "};\n";
        $rs1->moveNext();
    }
echo "//END DOMAINS LIST\n";
}
?>

4. Buat file .htaccess supaya index.php tersebut hanya bisa diakses melalui IP secondary DNS server.

Order Deny,Allow
Deny from all
Allow from [IP.SECONDARY.DNS.SERVERMU]

5. Ubah konfigurasi apache AllowOverride None menjadi AllowOverride Limit supaya .htaccess dapat berfungsi.

vi /etc/apache2/sites-enabled/00_master.conf

6.Ubah kepemilikan file pada /var/www/ispcp/gui/domain

chown vu2000:www-data -R /var/www/ispcp/gui/domain

7. Generate key untuk secure zone transfer (TSIG)

cd /etc/bind; dnssec-keygen -a hmac-md5 -b 128 -n HOST TRANSFER

Hasil key ada pada file Ktransfer.+[bla-bla-bla].private. Didalamnya ada kode (base64) yang nantinya digunakan untuk sinkron auth. Misal : Key: 6alK9JEHMqH/ZDpFHtlstg==

Masukan kode tersebut pada konfigurasi BIND

vi /etc/bind/named.conf.options
//
//SECONDARY NS
//
key "TRANSFER" {
    algorithm hmac-md5;
    secret "6alK9JEHMqH/ZDpFHtlstg==";
};
server [IP.SECONDARY.DNS.SERVERMU] {
    keys {
        TRANSFER;
    };
};

Konfigurasi pada primary DNS server sudah selesai. Lalu kita masuk ke tahap berikutnya, yaitu :

konfigurasi pada secondary DNS server

( Saya asumsikan BIND sudah terinstall di server Secondary DNS ini )

1. Edit konfiurasi BIND ( /etc/bind/named.conf ) dan tambahkan include "/etc/bind/named.conf.backup"

2. Buat keys zone transfer

vi /etc/bind/named.conf.options

dan tambahkan konfigurasi berikut :

//
//SECONDARY NS
//
key "TRANSFER" {
    algorithm hmac-md5;
    secret "6alK9JEHMqH/ZDpFHtlstg==";
};
server [IP.ISPCP.SERVER] {
    keys {
        TRANSFER;
    };
};

3. Buat script untuk cronjob

vi /etc/cron.d/dnsupdate

dan tambahkan :

* */12 * * * root      /usr/bin/wget http://[IP.ISPCP.SERVER]/domain/ -O /etc/bind/named.conf.backup && /etc/init.d/bind9 reload

4. Terakhir, coba reload cronjob untuk memastikan trik kita sukses.

/etc/init.d/cron reload