opennic:srvzone

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		 Previous revision
opennic:srvzone [2017-04-19T02:01:22Z] – created jonaharagonopennic:srvzone [2023-06-18T11:47:52Z] (current) resingm
Line 3: Line 3:
 The information below is based on a Debian/Ubuntu server with BIND9 installed. You may need to make adjustments for different distributions or if you are using a chroot setup. The directions below do not require that you already have access to OpenNIC domains for configuration. All steps will be performed from the command line. The information below is based on a Debian/Ubuntu server with BIND9 installed. You may need to make adjustments for different distributions or if you are using a chroot setup. The directions below do not require that you already have access to OpenNIC domains for configuration. All steps will be performed from the command line.
  
-Note that this configuration may be used for both Tier-1 and Tier-2 servers, as well as private servers.+Note that this configuration may be used for both [[tier1|Tier 1]] and [[tier2|Tier 2]] servers, as well as private servers.
  
 ===== Getting the script ===== ===== Getting the script =====
Line 9: Line 9:
 This script will automatically generate a file for BIND9 that lists all of the OpenNIC zones and their master servers. The conf file needs to be located in the same directory as the script. For convenience, you may wish to place these files in /etc/bind/ (or wherever your distribution places your BIND9 configuration). Run the following commands to download the files. This script will automatically generate a file for BIND9 that lists all of the OpenNIC zones and their master servers. The conf file needs to be located in the same directory as the script. For convenience, you may wish to place these files in /etc/bind/ (or wherever your distribution places your BIND9 configuration). Run the following commands to download the files.
  
-  wget http://173.160.58.202/opennic.oss/files/scripts/srvzone +  wget http://161.97.219.84/opennic.oss/files/scripts/srvzone 
-  wget http://173.160.58.202/opennic.oss/files/scripts/srvzone.conf +  wget http://161.97.219.84/opennic.oss/files/scripts/srvzone.conf 
-  chown bind.bind srvzone+  chown bind:bind srvzone
   chmod 700 srvzone   chmod 700 srvzone
  
-Now edit srvzone.conf with your preferred editor. You will see a section with paths for several files, which can be changed to match your configuration. The first three entries dictate where BIND will store the zone files. Note that file_master does not apply to Tier-2 servers. In the example paths given, note that $TLD will be expanded to each zone name as it is created -- so for example the string "$TLD.zone" would save the .geek zone as "geek.zone". The destination variable indicated where you want the final zone configuration file to be stored, and tmp_dest is just a temporary location to create new files.+Now edit srvzone.conf with your preferred editor. You will see a section with paths for several files, which can be changed to match your configuration. The first three entries dictate where BIND will store the zone files. Note that file_master does not apply to Tier 2 servers. In the example paths given, note that $TLD will be expanded to each zone name as it is created -- so for example the string "$TLD.zone" would save the .geek zone as "geek.zone". The destination variable indicated where you want the final zone configuration file to be stored, and tmp_dest is just a temporary location to create new files.
  
 Make sure the folder where you wish to store the files has been created. In the example srvzone.conf file, zones would be stored in /etc/bind/opennic/ so you want to create that folder and change the permissions to allow your bind user full access to read and write it. Make sure the folder where you wish to store the files has been created. In the example srvzone.conf file, zones would be stored in /etc/bind/opennic/ so you want to create that folder and change the permissions to allow your bind user full access to read and write it.
 +
 +If you're using an apparmour-enabled distro, such as debian or ubuntu, the /etc/bind directory will not be writeable by default. This is because BIND work directory has been moved to /var/cache/bind. In order to persist zones in such systems you will need to do EITHER of the following:
 +
 +  * Add an apparmour exception to /etc/bind/opennic (Add /etc/bind/opennic/* rw, to /etc/apparmor.d/usr.sbin.named)
 +  * Edit srvzone.conf to point zones to /var/cache/bind instead of /etc/bind
 +
 +Regardless of which one you may choose, remember to create the required directories with proper permissions, because BIND won't create the missing directories for you.
  
 :!: If you are a [[opennic:tier1|Tier 1]] operator, please briefly skip to the **Tier 1 Operators** section at the bottom of this page. :!: If you are a [[opennic:tier1|Tier 1]] operator, please briefly skip to the **Tier 1 Operators** section at the bottom of this page.
Line 27: Line 34:
  
 Once the script runs without errors, check the generated output file at the location you specified in tmp_dest (/tmp/named.conf.opennic). You should have a file beginning with the root zone, and containing all of the OpenNIC TLD zones, configured to slave each of these zones and listing the master servers for each zone. Once the script runs without errors, check the generated output file at the location you specified in tmp_dest (/tmp/named.conf.opennic). You should have a file beginning with the root zone, and containing all of the OpenNIC TLD zones, configured to slave each of these zones and listing the master servers for each zone.
- 
 ===== Configuring BIND ===== ===== Configuring BIND =====
  
Line 63: Line 69:
 This should produce a list of several nameservers that can be used to query the .geek zone. At the bottom you should see an entry for SERVER which shows your IP address -- if not, check troubleshooting below. This should produce a list of several nameservers that can be used to query the .geek zone. At the bottom you should see an entry for SERVER which shows your IP address -- if not, check troubleshooting below.
  
-If you are setting up a public server and wish to confirm it is responding properly to queries from the internet, visit http://opennicproject.org/t2log/test.php and enter your IP address. If you are using a firewall or port-forwarding, make sure that you are allowing port 53 on both UDP and TCP. If the testing passes for everything but dns.opennic.glue, you are almost certainly not allowing traffic over TCP.+If you are setting up a public server and wish to confirm it is responding properly to queries from the internet, visit https://servers.opennicproject.org/srvtest3/ and enter your IP address. If you are using a firewall or port-forwarding, make sure that you are allowing port 53 on both UDP and TCP. If the testing passes for everything but dns.opennic.glue, you are almost certainly not allowing traffic over TCP.
  
 ===== Automating Everything ===== ===== Automating Everything =====
  • /wiki/data/attic/opennic/srvzone.1492567282.txt.gz
  • Last modified: 7 years ago
  • by jonaharagon