Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
opennic:srvzone [2017-07-06T01:42:00Z]
fusl
opennic:srvzone [2019-03-14T16:21:39Z] (current)
yangm97 [Getting the script]
Line 9: Line 9:
 This script will automatically generate a file for BIND9 that lists all of the OpenNIC zones and their master servers. The conf file needs to be located in the same directory as the script. For convenience, you may wish to place these files in /etc/bind/ (or wherever your distribution places your BIND9 configuration). Run the following commands to download the files. This script will automatically generate a file for BIND9 that lists all of the OpenNIC zones and their master servers. The conf file needs to be located in the same directory as the script. For convenience, you may wish to place these files in /etc/bind/ (or wherever your distribution places your BIND9 configuration). Run the following commands to download the files.
  
-  wget http://173.160.58.202/opennic.oss/files/scripts/srvzone¬†+  wget http://161.97.219.84/opennic.oss/files/scripts/srvzone¬†
-  wget http://173.160.58.202/opennic.oss/files/scripts/srvzone.conf+  wget http://161.97.219.84/opennic.oss/files/scripts/srvzone.conf
   chown bind.bind srvzone   chown bind.bind srvzone
   chmod 700 srvzone   chmod 700 srvzone
Line 17: Line 17:
  
 Make sure the folder where you wish to store the files has been created. In the example srvzone.conf file, zones would be stored in /etc/bind/opennic/ so you want to create that folder and change the permissions to allow your bind user full access to read and write it. Make sure the folder where you wish to store the files has been created. In the example srvzone.conf file, zones would be stored in /etc/bind/opennic/ so you want to create that folder and change the permissions to allow your bind user full access to read and write it.
 +
 +If you're using an apparmour-enabled distro, such as debian or ubuntu, the /etc/bind directory will not be writeable by default. This is because BIND work directory has been moved to /var/cache/bind. In order to persist zones in such systems you will need to do EITHER of the following:
 +
 +  * Add an apparmour exception to /etc/bind/opennic (Add /etc/bind/opennic/* rw, to /etc/apparmor.d/usr.sbin.named)
 +  * Edit srvzone.conf to point zones to /var/cache/bind instead of /etc/bind
 +
 +Regardless of which one you may choose, remember to create the required directories with proper permissions, because BIND won't create the missing directories for you.
  
 :!: If you are a [[opennic:tier1|Tier 1]] operator, please briefly skip to the **Tier 1 Operators** section at the bottom of this page. :!: If you are a [[opennic:tier1|Tier 1]] operator, please briefly skip to the **Tier 1 Operators** section at the bottom of this page.
Line 27: Line 34:
  
 Once the script runs without errors, check the generated output file at the location you specified in tmp_dest (/tmp/named.conf.opennic). You should have a file beginning with the root zone, and containing all of the OpenNIC TLD zones, configured to slave each of these zones and listing the master servers for each zone. Once the script runs without errors, check the generated output file at the location you specified in tmp_dest (/tmp/named.conf.opennic). You should have a file beginning with the root zone, and containing all of the OpenNIC TLD zones, configured to slave each of these zones and listing the master servers for each zone.
- 
 ===== Configuring BIND ===== ===== Configuring BIND =====
  
Line 63: Line 69:
 This should produce a list of several nameservers that can be used to query the .geek zone. At the bottom you should see an entry for SERVER which shows your IP address -- if not, check troubleshooting below. This should produce a list of several nameservers that can be used to query the .geek zone. At the bottom you should see an entry for SERVER which shows your IP address -- if not, check troubleshooting below.
  
-If you are setting up a public server and wish to confirm it is responding properly to queries from the internet, visit http://opennicproject.org/t2log/test.php and enter your IP address. If you are using a firewall or port-forwarding, make sure that you are allowing port 53 on both UDP and TCP. If the testing passes for everything but dns.opennic.glue, you are almost certainly not allowing traffic over TCP.+If you are setting up a public server and wish to confirm it is responding properly to queries from the internet, visit http://report.opennicproject.org/t2log/t2.php and enter your IP address. If you are using a firewall or port-forwarding, make sure that you are allowing port 53 on both UDP and TCP. If the testing passes for everything but dns.opennic.glue, you are almost certainly not allowing traffic over TCP.
  
 ===== Automating Everything ===== ===== Automating Everything =====
  • /wiki/data/attic/opennic/srvzone.1499305320.txt.gz
  • Last modified: 3 years ago
  • by fusl