Djbdns
Goal: DNS Server (no recursive queries)
djbdns docs: http://cr.yp.to/djbdns
Install
Use ports to install daemontools, ucspi-tcp, djbdns
Setup
Uncommented the PREFIX logic at the top of /usr/local/etc/rc.d/svscan.sample.sh due to its apparent inability to self-detect. Set PREFIX manually with:
PREFIX=/usr/local
As root, execute the svscan.sample.sh script to start svscan
Add gtinydns and gdnslog accounts:
adduser gtinydns adduser gdnslog
Basic tinydns config goes in /etc/tinydns. This also sets us up to be controlled via svc.
tinydns-conf gtinydns gdnslog /etc/tinydns 1.2.3.4
After a few seconds, this should fire up the service. Check it with svstat: (note that we are using /var/service instead of /service)
meta# svstat /var/service/tinydns /var/service/tinydns: up (pid 5610) 940 seconds
Become authoritative, using the IP address that your new server will use
cd /var/service/tinydns/root ./add-ns domain.com 1.2.3.4 make
Add host records: (only one per IP)
./add-host domain.com 1.2.3.4 ./add-host host1.domain.com 1.2.3.5 make
... or aliases: (additional names)
./add-alias www.domain.com 1.2.3.4 ./add-alias ftp.domain.com 1.2.3.4 make
... or mx records:
./add-mx domain.com 1.2.3.4
Importing zones from other servers
http://cr.yp.to/djbdns/run-server-bind.html
Or use this handy shellscript called suckzone. Put it in /etc/tinydns/root and execute it from there.
#!/bin/sh
# from name server $1, pull zone $2
if ( ! [ $2 ] )
then echo "usage: ./suckzone nameserver domain-to-suck"
else
tcpclient -v $1 53 axfr-get $2 axfr-$2 axfr-$2.tmp \
&& ( sort -u axfr-$2 > $2.tmp ; mv $2.tmp zone-$2 ; rm axfr-$2 ; \
echo "$2 successfully transfered\!" ; echo "" ; cat zone-$2 )
fi
Now edit the files as necessary. Maybe you need to change some A records around if you're moving the domain's services to another box. Once you get all the zone files looking pretty, it's time to move them into the tinydns service. I use the following script.
This script will delete the data file! Don't use it in its current form if you keep all your zone data there. I prefer to keep the zone data in a separate file for each zone, and then merge them all and 'make' when it's time to update.
#!/bin/sh # This script should live in /etc/tinydns/root. Use it to merge zones # into a single data file, and then add those into the live tinydns db echo "concatenating zone files..." rm data for file in `ls zone*` do cat $file >> data done sort -u data > data.tmp mv data.tmp data echo "activating new zone data" make
Testing
Using tinydns-get
cd /service/tinydns/root tinydns-get a www.domain.com
Using dnsq (use the IP you used in the add-ns command above)
dnsq a ftp.domain.com 1.2.3.4
Look at the actual data which lives at:
/service/tinydns/root/data
Ask your DNS cache (this should probably trigger a recursive lookup to your parent DNS server unless its cached). If this fails or returns the wrong data, it probably means this domain has not been delegated to your server yet, or that the delegation has not fully propogated. If this result (or the result of host www.domain.com) is different on different machines, it probably means that delegation is mid-propogation.
dnsqr a www.domain.com
If it succeeds and returns correct data, then it is likely that everything is in place, but try the next step from several machines.
Check from elsewhere. This will verify that your DNS service is reachable from afar. Same disclaimer as above.
dig @1.2.3.4 www.host.com
Backups
#!/bin/sh # Place this script in /etc/tinydns/root and run it from there # to back up your zone files to a date-stampted gzip'd tarball dir3D`date "+%Y-%m-%d"` mkdir -p "/etc/tinydns/root/backups/$dir" cp /etc/tinydns/root/zone* "/etc/tinydns/root/backups/$dir/" cd "/etc/tinydns/root/backups" tar -zcvf "$dir.tgz" "$dir" && rm -Rf "$dir" ; echo "backup complete" || echo "backup failed\!"
back to meta
