Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
opennic:t2slaved [2017-05-05T22:23:45Z] – updated list of masters shdwdrgnopennic:t2slaved [2020-11-26T23:48:19Z] – [Slaved Zones with BIND9] darkrebel
Line 3: Line 3:
 FIXME This guide was copied directly from the old wiki. It likely needs some updates for the latest BIND software and OpenNIC configuration. If this guide doesn't work, try using the [[opennic:srvzone|srvzone script]]. FIXME This guide was copied directly from the old wiki. It likely needs some updates for the latest BIND software and OpenNIC configuration. If this guide doesn't work, try using the [[opennic:srvzone|srvzone script]].
  
-For those wishing to set up a more robust local nameserver, or if you plan on running a public tier-1 or tier-2 server for OpenNIC, configuring BIND with slave zones is the preferred method. Please read the policies before running a public T2 server. You should also join the appropriate MailingLists so you'll be notified of changing situations which may affect your operation.+For those wishing to set up a more robust local nameserver, or if you plan on running a public [[tier1|Tier 1]] or [[tier2|Tier 2]] server for OpenNIC, configuring BIND with slave zones is the preferred method. Please read [[opennic:operatorpolicies|the policies]] before running a public T2 server. You should also join the appropriate [[mailinglist|MailingLists]] so you'll be notified of changing situations which may affect your operation.
  
-Slave zones contain the full record of domain names for each OpenNIC TLD. When a query is made for an OpenNIC domain, you have the exact information needed to proceed directly to that domain, thus eliminating several hops in processing a query. Note that the only difference between a tier-1 and tier-2 server is that tier-1 servers do not process public queries for ICANN domains - they ONLY process OpenNIC TLD requests.+Slave zones contain the full record of domain names for each OpenNIC TLD. When a query is made for an OpenNIC domain, you have the exact information needed to proceed directly to that domain, thus eliminating several hops in processing a query. Note that the only difference between a Tier 1 and Tier 2 server is that Tier 1 servers do not process public queries for ICANN domains - they ONLY process OpenNIC TLD requests.
  
 Linux - BIND8/9 Linux - BIND8/9
Line 19: Line 19:
 </code> </code>
  
-You need to comment or remove these lines. Instead of using a hints file, you will now be slaving the root zone plus another zone which contains a list of all OpenNIC public tier-2 servers. Typically you will have an options file in your default BIND configuration. Within the options file will be a 'directory' parameter. This parameter tells BIND where you plan on storing your slave files. For example, under debian/ubuntu systems, you may find something like this:+You need to comment or remove these lines. Instead of using a hints file, you will now be slaving the root zone plus another zone which contains a list of all OpenNIC public Tier 2 servers. Typically you will have an options file in your default BIND configuration. Within the options file will be a 'directory' parameter. This parameter tells BIND where you plan on storing your slave files. For example, under debian/ubuntu systems, you may find something like this:
 directory "/var/named"; directory "/var/named";
 Grab Grab
Line 27: Line 27:
  
 <file> <file>
 +# check to make sure these are still correct!
 masters opennicNS { masters opennicNS {
- 45.56.115.189; # ns0.opennic.glue +        161.97.219.84                 # ns2.opennic.glue 
- 45.56.116.224; # ns0.opennic.glue +        2001:470:4212:10:0:100:53:10;   # ns2.opennic.glue 
- 173.160.58.202; # ns2.opennic.glue +        104.168.144.17;                 # ns3.opennic.glue 
- 2001:470:f032:10:0:100:53:10; # ns2.opennic.glue +        2001:470:8269::53;              # ns3.opennic.glue 
- 104.168.144.17; # ns3.opennic.glue +        163.172.168.171               # ns4.opennic.glue 
- 2001:470:8269::53; # ns3.opennic.glue +        2001:bc8:4400:2100::17:213    # ns4.opennic.glue 
- 178.63.145.230; # ns4.opennic.glue +        94.103.153.176;                 # ns5.opennic.glue 
- 2a01:4f8:101:3062::5:2; # ns4.opennic.glue +        2001:bc8:4400:2100::17:213    # ns5.opennic.glue 
- 94.103.153.176; # ns5.opennic.glue +        207.192.71.13;                  # ns6.opennic.glue 
- 2a02:990:219:1:ba:1337:cafe:3; # ns5.opennic.glue +        178.63.116.152;                 # ns8.opennic.glue 
- 207.192.71.13; # ns6.opennic.glue +        2a01:4f8:141:4281::999;         # ns8.opennic.glud 
- 2002:cfc0:470d::1; # ns6.opennic.glue +        138.68.128.160;                 # ns9.opennic.glue 
- 178.63.116.152; # ns8.opennic.glue +        2a03:b0c0:1:a1::46b:a001;       # ns9.opennic.glue 
- 2a01:4f8:141:4281::999; # ns8.opennic.glue +        188.226.146.136;                # ns10.opennic.glue 
- 138.68.128.160; # ns9.opennic.glue +        2001:470:1f04:ebf::2;           # ns10.opennic.glue 
- 2a03:b0c0:1:a1::46b:a001; # ns9.opennic.glue +        45.55.97.204                  # ns11.opennic.glue 
- 188.226.146.136; # ns10.opennic.glue +        2604:a880:800:a1::14c1:1;       # ns11.opennic.glue 
- 2001:470:1f04:ebf::2; # ns10.opennic.glue +        79.124.7.81;                    # ns12.opennic.glue 
- 138.197.44.179; # ns11.opennic.glue+        2a01:8740:1:ff13::ae67;         # ns12.opennic.glue
 }; };
 masters opennicPeers { masters opennicPeers {
Line 52: Line 53:
  
 zone "." in { zone "." in {
- type slave; + type slave; 
- file "tld-root"; + file "tld-root"; 
- allow-transfer { any; }; + allow-transfer { any; }; 
- notify yes; + notify yes; 
- masters { opennicNS; };+ masters { opennicNS; };
 }; };
 zone "dns.opennic.glue" in { zone "dns.opennic.glue" in {
- type slave; + type slave; 
- file "dns.opennic.glue.zone"; + file "dns.opennic.glue.zone"; 
- allow-transfer { any; }; + allow-transfer { any; }; 
- notify yes; + notify yes; 
- masters { opennicNS; opennicPeers; };+ masters { opennicNS; opennicPeers; };
 }; };
 </file> </file>
  
-Note the 'masters' sections which allows you to specify all of the available tier-1 servers in a single block. This simplifies making updates when needed. OpenNIC peers will typically carry their own root zone, but otherwise provides all other OpenNIC zones.+Note the 'masters' sections which allows you to specify all of the available Tier 1 servers in a single block. This simplifies making updates when needed. OpenNIC peers will typically carry their own root zone, but otherwise provides all other OpenNIC zones.
  
-If you have a firewall or port-forwarding configured to direct DNS traffic to your server, please ensure that port 53 for both UDP and TCP are enabled. The most common failure for a public tier-2 server is that port 53 TCP is blocked, which will cause you to fail testing of the 'dns.opennic.glue' zone.+If you have a firewall or port-forwarding configured to direct DNS traffic to your server, please ensure that port 53 for both UDP and TCP are enabled. The most common failure for a public Tier 2 server is that port 53 TCP is blocked, which will cause you to fail testing of the 'dns.opennic.glue' zone.
  
 This completes the most basic slave zone configuration, and will be suitable for any private or public nameserver. However you can take this a step further and slave ALL of the OpenNIC zones, which further improves the efficiency of the queries your server performs. The caveat of this setup is that you must be aware of TLDs being added or removed, as noted on the mailing lists. This completes the most basic slave zone configuration, and will be suitable for any private or public nameserver. However you can take this a step further and slave ALL of the OpenNIC zones, which further improves the efficiency of the queries your server performs. The caveat of this setup is that you must be aware of TLDs being added or removed, as noted on the mailing lists.
Line 77: Line 78:
 <file> <file>
 zone "bbs" in { zone "bbs" in {
- type slave; + type slave; 
- file "bbs.zone"; + file "bbs.zone"; 
- allow-transfer { any; }; + allow-transfer { any; }; 
- notify yes; + notify yes; 
- masters { opennicNS; opennicPeers; };+ masters { opennicNS; opennicPeers; };
 }; };
 zone "bit" in { zone "bit" in {
- type slave; + type slave; 
- file "bit.zone"; + file "bit.zone"; 
- allow-transfer { any; }; + allow-transfer { any; }; 
- notify yes; + notify yes; 
- masters { opennicNS; opennicPeers; };+ masters { opennicNS; opennicPeers; };
 }; };
 zone "chan" in { zone "chan" in {
- type slave; + type slave; 
- file "chan.zone"; + file "chan.zone"; 
- allow-transfer { any; }; + allow-transfer { any; }; 
- notify yes; + notify yes; 
- masters { opennicNS; opennicPeers; };+ masters { opennicNS; opennicPeers; };
 }; };
 zone "dyn" in { zone "dyn" in {
- type slave; + type slave; 
- file "dyn.zone"; + file "dyn.zone"; 
- allow-transfer { any; }; + allow-transfer { any; }; 
- notify yes; + notify yes; 
- masters { opennicNS; opennicPeers; };+ masters { opennicNS; opennicPeers; };
 }; };
 zone "free" in { zone "free" in {
- type slave; + type slave; 
- file "free.zone"; + file "free.zone"; 
- allow-transfer { any; }; + allow-transfer { any; }; 
- notify yes; + notify yes; 
- masters { opennicNS; opennicPeers; };+ masters { opennicNS; opennicPeers; };
 }; };
 zone "fur" in { zone "fur" in {
- type slave; + type slave; 
- file "fur.zone"; + file "fur.zone"; 
- allow-transfer { any; }; + allow-transfer { any; }; 
- notify yes; + notify yes; 
- masters { opennicNS; opennicPeers; };+ masters { opennicNS; opennicPeers; };
 }; };
 zone "geek" in { zone "geek" in {
- type slave; + type slave; 
- file "geek.zone"; + file "geek.zone"; 
- allow-transfer { any; }; + allow-transfer { any; }; 
- notify yes; + notify yes; 
- masters { opennicNS; opennicPeers; };+ masters { opennicNS; opennicPeers; };
 }; };
 zone "gopher" in { zone "gopher" in {
- type slave; + type slave; 
- file "gopher.zone"; + file "gopher.zone"; 
- allow-transfer { any; }; + allow-transfer { any; }; 
- notify yes; + notify yes; 
- masters { opennicNS; opennicPeers; };+ masters { opennicNS; opennicPeers; };
 }; };
 zone "indy" in { zone "indy" in {
- type slave; + type slave; 
- file "indy.zone"; + file "indy.zone"; 
- allow-transfer { any; }; + allow-transfer { any; }; 
- notify yes; + notify yes; 
- masters { opennicNS; opennicPeers; };+ masters { opennicNS; opennicPeers; }; 
 +}; 
 +zone "libre" in { 
 + type slave; 
 + file "libre.zone"; 
 + allow-transfer { any; }; 
 + notify yes; 
 + masters { opennicNS; opennicPeers; };
 }; };
 zone "neo" in { zone "neo" in {
- type slave; + type slave; 
- file "neo.zone"; + file "neo.zone"; 
- allow-transfer { any; }; + allow-transfer { any; }; 
- notify yes; + notify yes; 
- masters { opennicNS; opennicPeers; };+ masters { opennicNS; opennicPeers; };
 }; };
 zone "null" in { zone "null" in {
- type slave; + type slave; 
- file "null.zone"; + file "null.zone"; 
- allow-transfer { any; }; + allow-transfer { any; }; 
- notify yes; + notify yes; 
- masters { opennicNS; opennicPeers; };+ masters { opennicNS; opennicPeers; };
 }; };
 zone "opennic.glue" in { zone "opennic.glue" in {
- type slave; + type slave; 
- file "opennic.glue.zone"; + file "opennic.glue.zone"; 
- allow-transfer { any; }; + allow-transfer { any; }; 
- notify yes; + notify yes; 
- masters { opennicNS; opennicPeers; };+ masters { opennicNS; opennicPeers; };
 }; };
 zone "oss" in { zone "oss" in {
- type slave; + type slave; 
- file "oss.zone"; + file "oss.zone"; 
- allow-transfer { any; }; + allow-transfer { any; }; 
- notify yes; + notify yes; 
- masters { opennicNS; opennicPeers; };+ masters { opennicNS; opennicPeers; };
 }; };
 zone "oz" in { zone "oz" in {
- type slave; + type slave; 
- file "oz.zone"; + file "oz.zone"; 
- allow-transfer { any; }; + allow-transfer { any; }; 
- notify yes; + notify yes; 
- masters { opennicNS; opennicPeers; };+ masters { opennicNS; opennicPeers; };
 }; };
 zone "parody" in { zone "parody" in {
- type slave; + type slave; 
- file "parody.zone"; + file "parody.zone"; 
- allow-transfer { any; }; + allow-transfer { any; }; 
- notify yes; + notify yes; 
- masters { opennicNS; opennicPeers; };+ masters { opennicNS; opennicPeers; };
 }; };
 zone "pirate" in { zone "pirate" in {
- type slave; + type slave; 
- file "pirate.zone"; + file "pirate.zone"; 
- allow-transfer { any; }; + allow-transfer { any; }; 
- notify yes; + notify yes; 
- masters { opennicNS; opennicPeers; };+ masters { opennicNS; opennicPeers; }; 
 +}; 
 +zone "o" in { 
 + type slave; 
 + file "o.zone"; 
 + allow-transfer { any; }; 
 + notify yes; 
 + masters { opennicNS; opennicPeers; }; 
 +}; 
 +zone "epic" in { 
 + type slave; 
 + file "epic.zone"; 
 + allow-transfer { any; }; 
 + notify yes; 
 + masters { opennicNS; opennicPeers; };
 }; };
 </file> </file>
Line 204: Line 226:
 To finish your new configuration, restart BIND. If you have logging enabled, you should see BIND attempting to transfer the various zones to your server. If you look in the directory specified in the options file (or in the directory you specified if full path names were used), you should see the zone files being added. To finish your new configuration, restart BIND. If you have logging enabled, you should see BIND attempting to transfer the various zones to your server. If you look in the directory specified in the options file (or in the directory you specified if full path names were used), you should see the zone files being added.
  
-If you are creating a public tier-2, and have your firewall or port-forwarding configuration completed, you can test the public access of your service by visiting http://opennicproject.org/t2log/test.php and entering your IP address. If there are any failures you cannot resolve, please visit the mailing list or IRC to get help.+**TESTING T2 Public Server** 
 +If you are creating a public Tier 2, and have your firewall or port-forwarding configuration completed, you can test the public access of your service by visiting the **new test link** here [[https://servers.opennicproject.org/srvtest3/]]  //(the old test link is as follows --> http://report.opennicproject.org/t2log/t2.php and does not always produce favorable results)// and entering your IP address. If there are any failures you cannot resolve, please visit the mailing list or IRC to get help.
  
 ===== Alternate Configurations ===== ===== Alternate Configurations =====
  • /wiki/data/pages/opennic/t2slaved.txt
  • Last modified: 16 months ago
  • by Olde16