Djbdns

From Wikifications
Jump to: navigation, search

Goal: DNS Server (no recursive queries)

djbdns docs: http://cr.yp.to/djbdns


Install

Use ports to install daemontools, ucspi-tcp, djbdns

Setup

Uncommented the PREFIX logic at the top of /usr/local/etc/rc.d/svscan.sample.sh due to its apparent inability to self-detect. Set PREFIX manually with:

PREFIX=/usr/local

As root, execute the svscan.sample.sh script to start svscan

Add gtinydns and gdnslog accounts:

adduser gtinydns
adduser gdnslog

Basic tinydns config goes in /etc/tinydns. This also sets us up to be controlled via svc.

tinydns-conf gtinydns gdnslog /etc/tinydns 1.2.3.4

After a few seconds, this should fire up the service. Check it with svstat: (note that we are using /var/service instead of /service)

meta# svstat /var/service/tinydns
/var/service/tinydns: up (pid 5610) 940 seconds

Become authoritative, using the IP address that your new server will use

cd /var/service/tinydns/root
./add-ns domain.com 1.2.3.4
make

Add host records: (only one per IP)

./add-host domain.com 1.2.3.4
./add-host host1.domain.com 1.2.3.5
make

... or aliases: (additional names)

./add-alias www.domain.com 1.2.3.4
./add-alias ftp.domain.com 1.2.3.4
make

... or mx records:

./add-mx domain.com 1.2.3.4

Importing zones from other servers

http://cr.yp.to/djbdns/run-server-bind.html

Or use this handy shellscript called suckzone. Put it in /etc/tinydns/root and execute it from there.

#!/bin/sh
# from name server $1, pull zone $2
if ( ! [ $2 ] )
        then echo "usage: ./suckzone nameserver domain-to-suck"
else
        tcpclient -v $1 53 axfr-get $2 axfr-$2 axfr-$2.tmp \
        && ( sort -u axfr-$2 > $2.tmp ; mv $2.tmp zone-$2 ; rm axfr-$2 ; \
        echo "$2 successfully transfered\!" ; echo "" ; cat zone-$2 )
fi

Now edit the files as necessary. Maybe you need to change some A records around if you're moving the domain's services to another box. Once you get all the zone files looking pretty, it's time to move them into the tinydns service. I use the following script.

This script will delete the data file! Don't use it in its current form if you keep all your zone data there. I prefer to keep the zone data in a separate file for each zone, and then merge them all and 'make' when it's time to update.

#!/bin/sh
# This script should live in /etc/tinydns/root. Use it to merge zones
# into a single data file, and then add those into the live tinydns db
echo "concatenating zone files..."
rm data
for file in `ls zone*`
do
cat $file >> data
done
sort -u data > data.tmp
mv data.tmp data
echo "activating new zone data"
make

Testing

Using tinydns-get

cd /service/tinydns/root
tinydns-get a www.domain.com

Using dnsq (use the IP you used in the add-ns command above)

dnsq a ftp.domain.com 1.2.3.4

Look at the actual data which lives at:

/service/tinydns/root/data

Ask your DNS cache (this should probably trigger a recursive lookup to your parent DNS server unless its cached). If this fails or returns the wrong data, it probably means this domain has not been delegated to your server yet, or that the delegation has not fully propogated. If this result (or the result of host www.domain.com) is different on different machines, it probably means that delegation is mid-propogation.

dnsqr a www.domain.com

If it succeeds and returns correct data, then it is likely that everything is in place, but try the next step from several machines.

Check from elsewhere. This will verify that your DNS service is reachable from afar. Same disclaimer as above.

dig @1.2.3.4 www.host.com

Backups

#!/bin/sh
# Place this script in /etc/tinydns/root and run it from there
# to back up your zone files to a date-stampted gzip'd tarball
dir3D`date "+%Y-%m-%d"`
mkdir -p "/etc/tinydns/root/backups/$dir"
cp /etc/tinydns/root/zone* "/etc/tinydns/root/backups/$dir/"
cd "/etc/tinydns/root/backups"
tar -zcvf "$dir.tgz" "$dir" && rm -Rf "$dir" ; echo "backup complete" || echo "backup failed\!"

back to meta