Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 01. Bikin file yatifad.conf. Feel free to use the following one slightly edited to serve as master:
- nano /usr/local/etc/(nama file yadifanya)
- nano /usr/local/etc/yatifad.conf
- #
- # Example yadifa configuration file.
- #
- <main>
- # Detach from the console
- daemon on
- # Jail the application
- chroot off
- # The path where all the log files will be written
- logpath "/usr/local/var/log"
- # The path where the pid file will be written
- pidpath "/usr/local/var/run"
- # The path where all zone files will be written
- datapath "/usr/local/var/zones"
- # The path where the DNSSEC keys are found
- keyspath "/usr/local/var/zones/keys"
- # The path where the transfer and journaling files will be written (AXFR & IXFR)
- xfrpath "/usr/local/var/zones/xfr"
- # The version returned by a query to version.yadifa. CH TXT
- version "1.0.0rc2"
- # Enable EDNS0 support (?)
- edns0 on
- # Set the maximum UDP packet size. Cannot be less than 512. Cannot be more than 65535. Typical choice is 4096.
- edns0-max-size 4096
- # The maximum number of parallel TCP queries.
- max-tcp-queries 100
- # The user id to use (an integer can be used)
- uid root
- # The group id to use (an integer can be used)
- gid wheel
- # The DNS port. Any DNS query will be made using that port unless a specific value is used.
- port 53
- # The interfaces to listen to.
- listen 0.0.0.0
- # Enable the collection and logging of statistics
- statistics on
- # Choose the query log format (0 for none, 1 for YADIFA, 2 for BIND compatible, 3 for YADIFA and BIND)
- queries-log-type 1
- # Drop queries with erroneous content
- # answer-formerr-packets on
- # Maximum number of records in an AXFR packet. Set to one for compatibility
- # with very old name servers
- # axfr-maxrecordbypacket 0
- # Global Access Controlrules.
- #
- # Rules can be defined on network ranges, TSIG signatures, and ACL rules
- # simple queries:
- allow-query any
- # dynamic update of a zone
- allow-update none
- # transfer of a zone (AXFR or IXFR)
- allow-transfer 192.168.6.33
- # notify of a change in the master
- allow-notify 192.168.6.33
- </main>
- #
- # Logging output channels configurations
- #
- # name stream-name arguments
- #
- # name is arbitrary
- # stream-name defines the output type (ie: a file name or syslog)
- # arguments is specific to the output type (ie: unix file access rights or syslog options and facilities
- <channels>
- # name stream-name arguments
- database database.log 0644
- dnssec dnssec.log 0644
- server server.log 0644
- statistics statistics.log 0644
- system system.log 0644
- zone zone.log 0644
- queries queries.log 0644
- all all.log 0644
- syslog syslog USER,CRON,PID
- # although possible, these two do not do make much sense if daemon is enabled
- stderr STDERR
- stdout STDOUT
- </channels>
- # Logging input configurations
- #
- # name debug-level channels
- #
- # name is predefined
- # debuglevel uses the same names as syslog or * or all to filter the input
- # channels is a comma-separated list of channels
- <loggers>
- # bundle debuglevel channels
- database * database,all
- dnssec * dnssec,all
- server * server,all
- statistics * statistics
- system * system,all
- zone * zone,all
- queries * queries
- </loggers>
- #
- # TSIG Key configuration
- #
- <key>
- name abroad-admin-key
- algorithm hmac-md5
- secret WorthlessKeyForExample==
- </key>
- <key>
- name master-slave
- algorithm hmac-md5
- secret MasterAndSlavesTSIGKey==
- </key>
- #
- # Access Control List definitions
- #
- <acl>
- transferer key master-slave
- admins 192.168.6.0/24, 2001:db8::74
- master 192.168.6.32
- slave 192.168.6.33
- </acl>
- #
- # Master domain zone config
- #
- <zone>
- type master
- domain localhost
- file masters/localhost.zone
- allow-transfer slave
- allow-update none
- allow-update-forwarding none
- </zone>
- <zone>
- type master
- domain localhost6
- file masters/localhost6.zone
- allow-transfer slave
- allow-update none
- allow-update-forwarding none
- </zone>
- <zone>
- type master
- domain 0.0.127.in-addr.arpa
- file masters/0.0.127.in-addr.arpa.zone
- allow-transfer slave
- allow-update none
- allow-update-forwarding none
- </zone>
- <zone>
- type master
- domain 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
- file masters/0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.zone
- allow-transfer slave
- allow-update none
- allow-update-forwarding none
- </zone>
- <zone>
- # This server is master for that zone (mandatory)
- type master
- # The domain name (mandatory)
- domain myzone.demo
- # The zone file, relative to 'datapath'. (mandatory for a master)
- file masters/myzone.demo.zone
- allow-transfer slave
- </zone>
- Other version: https://github.com/lye/yadifa/blob/master/etc/yadifad.conf.example
- 02. Jalankan/start Yadifa :
- start /usr/local/sbin/(nama yadifanya) ⇒ yadifad
- start /usr/local/sbin/yadifad
- service yadifad start
- 03. Verifikasi Daemon :
- netstat -anfinet|grep '.53'
- 04. Query YADIFA for myzone.demo :
- dig +norec @localhost -t ANY myzone.demo
- 05. Edit konfigurasi Server sebagai Slave
- nano /usr/local/etc/(nama file yadifanya)
- nano /usr/local/etc/yadifad
- #
- # Example yadifa configuration file.
- #
- <main>
- # Detach from the console
- daemon on
- # Jail the application
- chroot off
- # The path where all the log files will be written
- logpath "/usr/local/var/log"
- # The path where the pid file will be written
- pidpath "/usr/local/var/run"
- # The path where all zone files will be written
- datapath "/usr/local/var/zones"
- # The path where the DNSSEC keys are found
- keyspath "/usr/local/var/zones/keys"
- # The path where the transfer and journaling files will be written (AXFR & IXFR)
- xfrpath "/usr/local/var/zones/xfr"
- # The version returned by a query to version.yadifa. CH TXT
- version "1.0.0rc2"
- # Enable EDNS0 support (?)
- edns0 on
- # Set the maximum UDP packet size. Cannot be less than 512. Cannot be more than 65535. Typical choice is 4096.
- edns0-max-size 4096
- # The maximum number of parallel TCP queries.
- max-tcp-queries 100
- # The user id to use (an integer can be used)
- uid root
- # The group id to use (an integer can be used)
- gid wheel
- # The DNS port. Any DNS query will be made using that port unless a specific value is used.
- port 53
- # The interfaces to listen to.
- listen 0.0.0.0
- # Enable the collection and logging of statistics
- statistics on
- # Choose the query log format (0 for none, 1 for YADIFA, 2 for BIND compatible, 3 for YADIFA and BIND)
- queries-log-type 1
- # Drop queries with erroneous content
- # answer-formerr-packets on
- # Maximum number of records in an AXFR packet. Set to one for compatibility
- # with very old name servers
- # axfr-maxrecordbypacket 0
- # Global Access Controlrules.
- #
- # Rules can be defined on network ranges, TSIG signatures, and ACL rules
- # simple queries:
- allow-query any
- # dynamic update of a zone
- allow-update none
- # transfer of a zone (AXFR or IXFR)
- allow-transfer none
- # notify of a change in the master
- allow-notify none
- </main>
- #
- # Logging output channels configurations
- #
- # name stream-name arguments
- #
- # name is arbitrary
- # stream-name defines the output type (ie: a file name or syslog)
- # arguments is specific to the output type (ie: unix file access rights or syslog options and facilities
- <channels>
- # name stream-name arguments
- database database.log 0644
- dnssec dnssec.log 0644
- server server.log 0644
- statistics statistics.log 0644
- system system.log 0644
- zone zone.log 0644
- queries queries.log 0644
- all all.log 0644
- syslog syslog USER,CRON,PID
- # although possible, these two do not do make much sense if daemon is enabled
- stderr STDERR
- stdout STDOUT
- </channels>
- # Logging input configurations
- #
- # name debug-level channels
- #
- # name is predefined
- # debuglevel uses the same names as syslog or * or all to filter the input
- # channels is a comma-separated list of channels
- <loggers>
- # bundle debuglevel channels
- database * database,all
- dnssec * dnssec,all
- server * server,all
- statistics * statistics
- system * system,all
- zone * zone,all
- queries * queries
- </loggers>
- #
- # TSIG Key configuration
- #
- <key>
- name abroad-admin-key
- algorithm hmac-md5
- secret WorthlessKeyForExample==
- </key>
- <key>
- name master-slave
- algorithm hmac-md5
- secret MasterAndSlavesTSIGKey==
- </key>
- #
- # Access Control List definitions
- #
- <acl>
- transferer key master-slave
- admins 192.168.6.0/24, 2001:db8::74
- master 192.168.6.32
- slave 192.168.6.33
- </acl>
- #
- # Master domain zone config
- #
- <zone>
- type slave
- domain localhost
- file slaves/localhost.zone
- master 192.168.6.32
- </zone>
- <zone>
- type slave
- domain localhost6
- file slaves/localhost6.zone
- master 192.168.6.32
- </zone>
- <zone>
- type slave
- domain 0.0.127.in-addr.arpa
- file slaves/0.0.127.in-addr.arpa.zone
- master 192.168.6.32
- </zone>
- <zone>
- type slave
- domain 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
- file slaves/0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.zone
- master 192.168.6.32
- </zone>
- <zone>
- # This server is master for that zone (mandatory)
- type slave
- # The domain name (mandatory)
- domain myzone.demo
- # The zone file, relative to 'datapath'. (mandatory for a master)
- file slaves/myzone.demo.zone
- master 192.168.6.32
- </zone>
- 06. Start Daemonnya :
- start /usr/local/sbin/(nama file yadifanya)
- start /usr/local/sbin/yadifad
- 07. Verifikasi Yadifa :
- netstat -anfinet|grep '.53'
- 08. Query slave server untuk myzone.demo
- dig +norec @localhost -t ANY myzone.demo
- 09. Bikin file yadifad-master.conf
- nano /etc/yadifad-master.conf
- <zone>
- domain myzone.demo
- file masters/myzone.demo.zone
- type master
- </zone>
- 10. Bikin file yadifad-slave.conf
- nano /etc/yadifad-slave.conf
- <zone>
- domain myzone.demo
- file slaves/myzone.demo.zone
- type slave
- master 192.168.6.32
- </zone>
- 11. Bikin file etc/yadifad.init
- nano etc/yadifad.init
- #! /bin/sh
- #------------------------------------------------------------------------------
- ##
- ##
- #------------------------------------------------------------------------------
- ### BEGIN INIT INFO
- # Provides: yadifad
- # Required-Start: $local_fs $network
- # Required-Stop:
- # Should-Start: udev module-init-tools
- # Should-Stop: $named
- # Default-Start: 2 3 4 5
- # Default-Stop:
- # Short-Description: Starts the YADIFAD name server
- # Description: Starts the YADIFAD name server
- ### END INIT INFO
- PATH=/sbin:/usr/sbin:/bin:/usr/bin
- PREFIX="/usr/local-dev"
- NAME="yadifad"
- NAMED_USERNAME="root"
- DAEMON="/sbin/${NAME}"
- SCRIPTNAME="/etc/init.d/${NAME}"
- PIDFILE="$PREFIX/var/run/yadifa.pid"
- CHROOTS=0
- CHROOTDIR=$PREFIX
- YADIFA_CHROOT=/var
- if [ "$DEBUG" = "" ]
- then
- DEBUG=0
- fi
- log()
- {
- echo $*
- logger -t $NAME-init-script -- $*
- }
- debug()
- {
- if [ $DEBUG -ne 0 ]
- then
- echo $*
- logger -t $NAME-init-script -- $*
- fi
- }
- if [ $CHROOTS -ne 0 ]
- then
- PREFIX=
- fi
- VAR="$PREFIX/var"
- CONF="$PREFIX/etc/yadifad.conf"
- if [ "$MAX_STOP_WAIT" = "" ]
- then
- MAX_STOP_WAIT=5
- fi
- # Inside the internal chroot
- if [ "$CORE_PREFIX" = "" ]
- then
- CORE_PREFIX=/log
- fi
- if [ "$DUMPS_CORE" = "" ]
- then
- DUMPS_CORE=1
- fi
- if [ $DUMPS_CORE -ne 0 ]
- then
- if [ ! -d $CHROOTDIR/$YADIFA_CHROOT/$CORE_PREFIX ]
- then
- log "Core dump enabled but '$CHROOTDIR/$YADIFA_CHROOT/$CORE_PREFIX' directory does not exists"
- exit 1
- fi
- fi
- # not yet:
- #
- # CHECK="/sbin/yadifa-checkconf"
- # $? : supposed to be set
- # 1 : message
- # 2 : optional override code
- # 3 : what to do in case of error (command)
- die_on_error()
- {
- ERR="$?"
- if [ ! "" = "$2" ]
- then
- ERR="$2"
- fi
- if [ 0 -ne ${ERR} ]
- then
- if [ ! "" = "$3" ]
- then
- $3
- fi
- log "error: '$1' ($ERR)"
- exit $err
- fi
- }
- #
- # Function that checks if yadifa is running
- #
- do_status_internal()
- {
- debug "checking for valid PIDFILE ${PIDFILE}"
- running=0
- if [ -f ${PIDFILE} ]
- then
- PID=$(cat ${PIDFILE})
- if [ "${PID}" != "" ]
- then
- PROC=$(ps -p ${PID} | tail -1| awk '{print $4}')
- if [ "$PROC" = "$NAME" ]
- then
- running=1
- else
- log "error : process with pid ${PID} is '$PROC' and not '$NAME' : deleting pid file"
- rm -f ${PIDFILE}
- fi
- else
- log "error: empty '${PIDFILE}' : deleting pid file"
- rm -f ${PIDFILE}
- fi
- fi
- return $running
- }
- do_status()
- {
- do_status_internal
- running=$?
- if [ $running -eq 1 ]
- then
- log "${NAME} seems to be already running."
- exit 0
- else
- log "${NAME} does not seem to be running."
- exit 1
- fi
- }
- #
- # Function that starts the daemon/service
- #
- do_start()
- {
- log "Starting $NAME"
- debug "starting if no valid PIDFILE ${PIDFILE}"
- do_status_internal
- running=$?
- if [ $running -eq 1 ]
- then
- log "${NAME} seems to be already running."
- exit 1
- fi
- debug cd $CHROOTDIR/${PREFIX}
- cd $CHROOTDIR/${PREFIX}
- debug prefix = ${PREFIX}
- debug daemon = ${DAEMON}
- if [ $DUMPS_CORE -ne 0 ]
- then
- COREPATH="$CHROOTDIR/$YADIFA_CHROOT/$CORE_PREFIX/cores"
- log "enabling core dump in $COREPATH"
- ulimit -c unlimited
- mkdir -p $COREPATH
- chmod 0777 $COREPATH
- chmod +t $COREPATH
- log "core dump will be stored in '$COREPATH' ($CORE_PREFIX/cores)"
- echo "$CORE_PREFIX/cores/core.%e.%p.%h.%t" > /proc/sys/kernel/core_pattern
- echo 0x7 > /proc/self/coredump_filter
- echo -n 1 > /proc/sys/kernel/core_uses_pid
- echo -n 1 > /proc/sys/fs/suid_dumpable
- fi
- CMD="${PREFIX}${DAEMON} -c ${CONF}"
- if [ $CHROOTS -ne 0 ]
- then
- CMD="chroot $CHROOTDIR $CMD"
- fi
- debug $CMD
- $CMD
- die_on_error "${DAEMON} returned $?"
- exit 0
- }
- #
- # Function that stops the daemon/service
- #
- do_stop()
- {
- log "Stopping $NAME"
- debug "stopping if valid PIDFILE ${PIDFILE}"
- if [ -f ${PIDFILE} ]
- then
- while [ -f ${PIDFILE} ]
- do
- PID=$(cat ${PIDFILE})
- if [ "${PID}" = "" ]
- then
- log "error: empty '${PIDFILE}' : deleting pid file"
- rm -f ${PIDFILE}
- break
- fi
- PROC=$(ps -p ${PID} | tail -1| awk '{print $4}')
- if [ "$PROC" != "$NAME" ]
- then
- log "error : process with pid ${PID} is '$PROC' and not '$NAME' : deleting pid file"
- rm -f ${PIDFILE}
- break
- fi
- kill ${PID} > /dev/null 2>&1
- for count in $(seq 0 $MAX_STOP_WAIT)
- do
- if [ ! -f ${PIDFILE} ]
- then
- break
- fi
- kill -0 ${PID} > /dev/null 2>&1
- if [ $? -ne 0 ]
- then
- rm -f ${PIDFILE}
- break
- fi
- log "waiting for the process to stop (waited $count seconds)"
- sleep 1
- done
- done
- else
- log "${NAME} does not seem to be running ..."
- debug "reason: ${PIDFILE} not found"
- fi
- }
- debug called with $1
- case "$1" in
- start)
- do_start
- ;;
- stop)
- do_stop
- ;;
- restart)
- do_stop
- do_start
- ;;
- status)
- do_status
- ;;
- *)
- log "Usage: $SCRIPTNAME {start|stop|restart|status}" >&2
- exit 3
- ;;
- esac
- :
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement