Slave DNS and Plesk

Updated: April 2021

Preface

There are several reasons why you might need at least two DNS servers for serving your sites:

• You purchased a domain name from a domain registrar. To delegate the domain, many registrars require the domain zone to be served by at least two name servers residing in different IP subnets.
• You have several hosting servers, and you have not grown enough to use the products like PPA or PA, but you want to use a single set of name servers for all the domains you host.
• You want to have your own name servers and not depend on third parties.
• You want the WHOIS records for your domains to list your name servers.

Usually you would set up a couple of name servers in the Master/Slave mode. Then you create domain zones on both servers, but administer resource records of the domain zones only on the master server. The secondary (slave) server automatically downloads the changes from the master. Thus, you always have two active name servers with the same set of domain zones and resource records.

The only trifle annoyance is that you have to create and delete each zone on both servers. This does not happen automatically. That’s why you create a domain zone on the master, and then you create this domain zone on the slave and specify the master server’s address. After that, when you add the domain resource records on the master, you can be sure that your slave server will automatically get them from the master.

For many years, integration of Plesk with a slave DNS server has not been obvious. A Plesk server is supposed to be the master. In Plesk, we have the slave and master modes for a domain zone and the list of IP addresses that can retrieve domain zones. But there is no mechanism for creation of new domain zones on the slave server. And it will never appear, because Plesk’s concept presumes automation of hosting operations on a single server. For integration of several servers that are dedicated to running individual services, Parallels offers PPA and PA.

Still there are a lot of Plesk users for whom PPA or PA are more than they actually need. They just want integration with a slave name server. Previously, to solve this problem, each Plesk administrator had to write their own scripts, purchase commercial ones, or manually created and deleted domain zones on the slave server.

Seemingly, there are no complications. Plesk has got its local name server – let it be the master, and there is a system of event triggers – let us associate our script execution with the events “DNS zone creation” and “DNS zone deletion”. The problem will be solved. Unfortunately, Plesk does not support such events.

Not only Plesk software engineers develop Plesk, but they also use the product they develop. That’s why we created an extension that allows Plesk users to integrate Plesk with an external slave name server running BIND9. You can download this extension here.

How it works

Plesk uses BIND as a local name server. It can be managed remotely with the native rndc utility. There’s no reason why we could not install BIND on a remote server and manage it with rndc. Plesk 11.5 introduced the “Custom DNS backend” mechanism. It can be used to connect an external DNS service, for example AWS Route53. You can learn more in our doc.

Briefly, this feature allows us to register a script with Plesk. The script will receive a DNS zone description in JSON format with instructions what to do to a zone upon creation, modification, and deletion of any DNS zone in Plesk. That’s all we need. While implementing this feature, we assumed that you would use an external DNS service instead of installing the BIND server with Plesk. However, you do not necessarily have to delete the local BIND. The script can operate concurrently with a local DNS service. This is the idea that our extension uses.

Important note: The extension does not support an environment where Plesk servers use the same set of secondary DNS servers. We strongly recommend using separate secondary DNS servers for each Plesk server for security reasons.

The extension works according to the following algorithm:

1. It registers a slave server in the extension settings.
2. The slave server’s IP address is automatically added to the list of addresses allowed to transfer domain zones from the Plesk server.
3. When you create, modify, or delete an active domain zone in Plesk, Plesk creates, modifies, or deletes the domain zone in the local DNS service.
4. Then the script starts and receives the domain name and the command to create, modify, or delete.
5. The script initiates the rndc command for each connected slave server.
6. Slave servers synchronize domain zones with the ones on the Plesk server.

Thus, we get a simple and very reliable scheme of working with slave name servers. All issues with zone files format, connection, and service restart are handled by the DNS service. The administrator should set up a slave server to work with an external Plesk only once. After that you can go to the registrar and say that the Plesk server and the slave server are name servers for your domains. Thus, we resolved all the issues stated at the beginning of the article.

Now we will describe more technical details of the process

To set up a slave name server, using the example of a server with Debian 7:

• Install BIND.

apt-get install bind9

•  Allow creating new zones with rndc. In the /etc/bind/named.conf.options file, in the options {} directive, type:

allow-new-zones yes;

•  Specify the IP address from which control instructions should be accepted and set BIND to listen on all accessible network interfaces. Specify rndc key which will used by Plesk. In the /etc/bind/named.conf.local file, type:

key "plesk-key" {
   algorithm hmac-md5;
   secret "vwOxonI4n4CVRUhKAOAAIA==";
};
controls {
    inet * port 953 allow { <plesk_ip>; <another_plesk_ip>; 127.0.0.1; } keys {"rndc-key", "plesk-key"; };
};

•  That’s it, the slave name server is set up.

After that, install the extension on the Plesk server. In the extension settings, add the slave server and specify its IP address and the pass key. The extension will create a configuration file with the slave server settings for the rndc utility. From now on, Plesk will automatically transfer all created, modified, and deleted zones to the slave server by executing the following command for each slave server:

# Creation
/usr/sbin/rndc -c slave.config addzone example.com '{ type slave; file "example.com"; masters { <plesk_ip>; }; };'

# Modification
/usr/sbin/rndc -c slave.config refresh example.com

# Deletion
/usr/sbin/rndc -c slave.config delzone example.com

Now, when you add a domain in Plesk, a DNS zone is automatically created on the slave server as well as on the master server.

Extension is available for download direct by link Slave DNS manager.

Parallels does not provide technical support services for this Plesk extension. The extension is intended to serve as example of how certain technical tasks can be accomplished.