jsquires
05-07-2005, 05:11 AM
Installing DJBDNS on a FreeBSD 5.3 server for virtual hosting.
- tinydns answering querries for domains we own on a public ip.
- dnscache resolving on a public ip. this setup allows users on the
same subnet to use it as their DNS server.
Requirements:
- Minimum 4 public IP addresses.
* 1 for your public web/mail/ftp server for virtual hosting.
* 1 for dnscache.
* 2 for your own nameservers using tinydns.
- FreeBSD 5.3 server.
- SSH access with the ability to use the root account.
IP Address Asignments:
- X.Y.Z.NS1 - NS1 tinydns
- X.Y.Z.NS2 - NS2 tinydns
- X.Y.Z.DNS - dnscache
- X.Y.Z.PUB - web/mail/ftp
#--------------------------------------------------------------------#
1. Install UCSPI-TCP.
$ cd /usr/ports/sysutils/ucspi-tcp
$ make install
#--------------------------------------------------------------------#
2. Install daemontools.
$ cd /usr/ports/sysutils/daemontools
$ make install
3. Add the appropriate ulimit variables to an rc.conf file. You can
review some suggested settings in the /usr/local/etc/rc.d/svscan.sh
file.
$ cp /etc/rc.conf /etc/rc.conf.`date "+%Y-%m%d"`
$ vi /etc/rc.conf
ADD:
# Daemontools svscan variables
MINSEGMENT=10240
MAXSEGMENT=20480
MAXFILESIZE=10240
MAXFD=100
MAXCHILD=40
# ulimits
ulimit -d ${MINSEGMENT}
ulimit -f ${MAXFILESIZE}
ulimit -m ${MAXSEGMENT}
ulimit -n ${MAXFD}
ulimit -s ${MINSEGMENT}
ulimit -u ${MAXCHILD}
4. Edit the file /usr/local/etc/rc.d/svscan.sh to enable svscan when
we start the service.
$ cp /usr/local/etc/rc.d/svscan.sh /usr/local/etc/rc.d/svscan.sh.`date "+%Y-%m%d"`
$ vi /usr/local/etc/rc.d/svscan.sh
CHANGE:
svscan_enable=${svscan_enable-"NO"}
TO:
svscan_enable=${svscan_enable-"YES"}
5. We can now start svscan binary to monitor our /var/service directory
for services.
$ /usr/local/etc/rc.d/svscan.sh start
$ Starting svscan.
#--------------------------------------------------------------------#
6. Install djbdns.
$ cd /usr/ports/dns/djbdns
$ make install
7. Next we need to add a new group and some new users before we
continue.
$ pw groupadd nofiles -g 101
$ pw useradd dnslog -g nofiles -u 101 -d /nonexistent -s /sbin/nologin
$ pw useradd dnscache -g nofiles -u 102 -d /nonexistent -s /sbin/nologin
$ pw useradd tinydns -g nofiles -u 103 -d /nonexistent -s /sbin/nologin
#--------------------------------------------------------------------#
8. Configure dnscache to listen on a specific IP address. (Remember to
use YOUR public IP address reserved for dnscache instead of
X.Y.Z.DNS).
$ dnscache-conf dnscache dnslog /etc/dnscache X.Y.Z.DNS
$ touch /etc/dnscache/root/ip/X.Y.Z
$ ln -s /etc/dnscache /var/service
$ svc -t /var/service/dnscache
9. Edit your resolv.conf file to reflect your new nameserver.
# vi /etc/resolv.conf
ADD/CHANGE:
nameserver X.Y.Z.DNS
#--------------------------------------------------------------------#
10. Configure tinydns. This can seem very tricky. Basically because
we are a one server virtual host set up we want to designate two
nameservers. To acheive this we run two instances of tinydns both
serving the same data file. (Remember to use YOUR public IP
address reserved for NS1 and NS2 instead of X.Y.Z.NS1 and
X.Y.Z.NS2).
$ tinydns-conf tinydns dnslog /etc/tinydns1 X.Y.Z.NS1
$ tinydns-conf tinydns dnslog /etc/tinydns2 X.Y.Z.NS2
$ echo "/etc/tinydns1/root" > /etc/tinydns2/env/ROOT
$ ln -s /etc/tinydns[1-2] /var/service
11. Next we must tell tinydns the hosts it should resolve. Open up
/etc/tinydns1/root/data in vi.
$ vi /etc/tinydns1/root/data
ADD:
#-----
# Nameserver delegation.
.example.com:X.Y.Z.NS1:ns1.example.com:1800
.example.com:X.Y.Z.NS2:ns2.example.com:1800
# MX record.
@example.com:X.Y.Z.PUB:mail.example.com:10:1800
# A records.
=example.com:X.Y.Z.PUB:1800
# Aliases
+ftp.example.com:X.Y.Z.PUB
+ssh.example.com:X.Y.Z.PUB
+www.example.com:X.Y.Z.PUB
#-----
12. After saving the file we need to reparse the data.cdb which
tinydns uses for querries.
$ cd /etc/tineydns1/root
$ make
13. Congratulations! DJBDNS should now be configured and running.
Allow an appropriate amount of time for propogation to take effect.
This would also the time to change your nameservers, if necessary,
to point to your new DNS.
#--------------------------------------------------------------------#
14. Clean up. This last section is for controling the dns processes,
as well as testing.
15. Create a nice control script to handle all of the djbdns services.
To do this we will create a new script and save it in
/usr/local/bin.
$ vi /usr/local/bin/dnsctl
ADD:
#!/bin/sh
# file /usr/local/bin/dnsctl
# Daemontools control script for DJBDNS services.
#-----
SERVICES="/var/service/dnscache /var/service/dnscache/log \
/var/service/tinydns1 /var/service/tinydns1/log \
/var/service/tinydns2 /var/service/tinydns2/log"
case "$1" in
start)
echo "Starting djbdns services"
svc -u ${SERVICES}
;;
stop)
echo "Stopping djbdns services"
svc -d ${SERVICES}
;;
restart)
echo "Restarting djbdns services"
svc -t ${SERVICES}
;;
status)
svstat ${SERVICES}
;;
cdb)
echo "Updating tinydns data"
cd /var/service/tinydns1/root; tinydns-data
;;
help)
cat << HELP
start -- start up djbdns services
stop -- stop djbdns services
restart -- restart djbdns services
status -- view current status of djbdns services
help -- this screen
HELP
;;
*)
echo "Usage: $0 [start|stop|restart|status|help]"
exit 1
;;
esac
exit 0
#-----
16. Finally restart DJBDNS services :P.
$ /usr/local/bin/dnsctl restart
#--------------------------------------------------------------------#
- tinydns answering querries for domains we own on a public ip.
- dnscache resolving on a public ip. this setup allows users on the
same subnet to use it as their DNS server.
Requirements:
- Minimum 4 public IP addresses.
* 1 for your public web/mail/ftp server for virtual hosting.
* 1 for dnscache.
* 2 for your own nameservers using tinydns.
- FreeBSD 5.3 server.
- SSH access with the ability to use the root account.
IP Address Asignments:
- X.Y.Z.NS1 - NS1 tinydns
- X.Y.Z.NS2 - NS2 tinydns
- X.Y.Z.DNS - dnscache
- X.Y.Z.PUB - web/mail/ftp
#--------------------------------------------------------------------#
1. Install UCSPI-TCP.
$ cd /usr/ports/sysutils/ucspi-tcp
$ make install
#--------------------------------------------------------------------#
2. Install daemontools.
$ cd /usr/ports/sysutils/daemontools
$ make install
3. Add the appropriate ulimit variables to an rc.conf file. You can
review some suggested settings in the /usr/local/etc/rc.d/svscan.sh
file.
$ cp /etc/rc.conf /etc/rc.conf.`date "+%Y-%m%d"`
$ vi /etc/rc.conf
ADD:
# Daemontools svscan variables
MINSEGMENT=10240
MAXSEGMENT=20480
MAXFILESIZE=10240
MAXFD=100
MAXCHILD=40
# ulimits
ulimit -d ${MINSEGMENT}
ulimit -f ${MAXFILESIZE}
ulimit -m ${MAXSEGMENT}
ulimit -n ${MAXFD}
ulimit -s ${MINSEGMENT}
ulimit -u ${MAXCHILD}
4. Edit the file /usr/local/etc/rc.d/svscan.sh to enable svscan when
we start the service.
$ cp /usr/local/etc/rc.d/svscan.sh /usr/local/etc/rc.d/svscan.sh.`date "+%Y-%m%d"`
$ vi /usr/local/etc/rc.d/svscan.sh
CHANGE:
svscan_enable=${svscan_enable-"NO"}
TO:
svscan_enable=${svscan_enable-"YES"}
5. We can now start svscan binary to monitor our /var/service directory
for services.
$ /usr/local/etc/rc.d/svscan.sh start
$ Starting svscan.
#--------------------------------------------------------------------#
6. Install djbdns.
$ cd /usr/ports/dns/djbdns
$ make install
7. Next we need to add a new group and some new users before we
continue.
$ pw groupadd nofiles -g 101
$ pw useradd dnslog -g nofiles -u 101 -d /nonexistent -s /sbin/nologin
$ pw useradd dnscache -g nofiles -u 102 -d /nonexistent -s /sbin/nologin
$ pw useradd tinydns -g nofiles -u 103 -d /nonexistent -s /sbin/nologin
#--------------------------------------------------------------------#
8. Configure dnscache to listen on a specific IP address. (Remember to
use YOUR public IP address reserved for dnscache instead of
X.Y.Z.DNS).
$ dnscache-conf dnscache dnslog /etc/dnscache X.Y.Z.DNS
$ touch /etc/dnscache/root/ip/X.Y.Z
$ ln -s /etc/dnscache /var/service
$ svc -t /var/service/dnscache
9. Edit your resolv.conf file to reflect your new nameserver.
# vi /etc/resolv.conf
ADD/CHANGE:
nameserver X.Y.Z.DNS
#--------------------------------------------------------------------#
10. Configure tinydns. This can seem very tricky. Basically because
we are a one server virtual host set up we want to designate two
nameservers. To acheive this we run two instances of tinydns both
serving the same data file. (Remember to use YOUR public IP
address reserved for NS1 and NS2 instead of X.Y.Z.NS1 and
X.Y.Z.NS2).
$ tinydns-conf tinydns dnslog /etc/tinydns1 X.Y.Z.NS1
$ tinydns-conf tinydns dnslog /etc/tinydns2 X.Y.Z.NS2
$ echo "/etc/tinydns1/root" > /etc/tinydns2/env/ROOT
$ ln -s /etc/tinydns[1-2] /var/service
11. Next we must tell tinydns the hosts it should resolve. Open up
/etc/tinydns1/root/data in vi.
$ vi /etc/tinydns1/root/data
ADD:
#-----
# Nameserver delegation.
.example.com:X.Y.Z.NS1:ns1.example.com:1800
.example.com:X.Y.Z.NS2:ns2.example.com:1800
# MX record.
@example.com:X.Y.Z.PUB:mail.example.com:10:1800
# A records.
=example.com:X.Y.Z.PUB:1800
# Aliases
+ftp.example.com:X.Y.Z.PUB
+ssh.example.com:X.Y.Z.PUB
+www.example.com:X.Y.Z.PUB
#-----
12. After saving the file we need to reparse the data.cdb which
tinydns uses for querries.
$ cd /etc/tineydns1/root
$ make
13. Congratulations! DJBDNS should now be configured and running.
Allow an appropriate amount of time for propogation to take effect.
This would also the time to change your nameservers, if necessary,
to point to your new DNS.
#--------------------------------------------------------------------#
14. Clean up. This last section is for controling the dns processes,
as well as testing.
15. Create a nice control script to handle all of the djbdns services.
To do this we will create a new script and save it in
/usr/local/bin.
$ vi /usr/local/bin/dnsctl
ADD:
#!/bin/sh
# file /usr/local/bin/dnsctl
# Daemontools control script for DJBDNS services.
#-----
SERVICES="/var/service/dnscache /var/service/dnscache/log \
/var/service/tinydns1 /var/service/tinydns1/log \
/var/service/tinydns2 /var/service/tinydns2/log"
case "$1" in
start)
echo "Starting djbdns services"
svc -u ${SERVICES}
;;
stop)
echo "Stopping djbdns services"
svc -d ${SERVICES}
;;
restart)
echo "Restarting djbdns services"
svc -t ${SERVICES}
;;
status)
svstat ${SERVICES}
;;
cdb)
echo "Updating tinydns data"
cd /var/service/tinydns1/root; tinydns-data
;;
help)
cat << HELP
start -- start up djbdns services
stop -- stop djbdns services
restart -- restart djbdns services
status -- view current status of djbdns services
help -- this screen
HELP
;;
*)
echo "Usage: $0 [start|stop|restart|status|help]"
exit 1
;;
esac
exit 0
#-----
16. Finally restart DJBDNS services :P.
$ /usr/local/bin/dnsctl restart
#--------------------------------------------------------------------#