Step by step Yadifa DNS Configuration

01. Bikin file yatifad.conf. Feel free to use the following one slightly edited to serve as master:
nano /usr/local/etc/(nama file yadifanya)
nano /usr/local/etc/yatifad.conf

#
# Example yadifa configuration file.
#

<main>
# Detach from the console
daemon on

# Jail the application
chroot off

# The path where all the log files will be written
logpath "/usr/local/var/log"

# The path where the pid file will be written
pidpath "/usr/local/var/run"

# The path where all zone files will be written
datapath "/usr/local/var/zones"

# The path where the DNSSEC keys are found
keyspath "/usr/local/var/zones/keys"

# The path where the transfer and journaling files will be written (AXFR &amp; IXFR)
xfrpath "/usr/local/var/zones/xfr"

# The version returned by a query to version.yadifa. CH TXT
version "1.0.0rc2"

# Enable EDNS0 support (?)
edns0 on

# Set the maximum UDP packet size. Cannot be less than 512. Cannot be more than 65535. Typical choice is 4096.
edns0-max-size 4096

# The maximum number of parallel TCP queries.
max-tcp-queries 100

# The user id to use (an integer can be used)
uid root

# The group id to use (an integer can be used)
gid wheel

# The DNS port. Any DNS query will be made using that port unless a specific value is used.
port 53

# The interfaces to listen to.
listen 0.0.0.0

# Enable the collection and logging of statistics
statistics on

# Choose the query log format (0 for none, 1 for YADIFA, 2 for BIND compatible, 3 for YADIFA and BIND)
queries-log-type 1
# Drop queries with erroneous content
# answer-formerr-packets on

# Maximum number of records in an AXFR packet. Set to one for compatibility
# with very old name servers
# axfr-maxrecordbypacket 0

# Global Access Controlrules.
#
# Rules can be defined on network ranges, TSIG signatures, and ACL rules

# simple queries:
allow-query any

# dynamic update of a zone
allow-update none

# transfer of a zone (AXFR or IXFR)
allow-transfer 192.168.6.33

# notify of a change in the master
allow-notify 192.168.6.33
</main>

#
# Logging output channels configurations
#
# name stream-name arguments
#
# name is arbitrary
# stream-name defines the output type (ie: a file name or syslog)
# arguments is specific to the output type (ie: unix file access rights or syslog options and facilities

<channels>
# name stream-name arguments
database database.log 0644
dnssec dnssec.log 0644
server server.log 0644
statistics statistics.log 0644
system system.log 0644
zone zone.log 0644
queries queries.log 0644
all all.log 0644

syslog syslog USER,CRON,PID

# although possible, these two do not do make much sense if daemon is enabled

stderr STDERR
stdout STDOUT
</channels>

# Logging input configurations
#
# name debug-level channels
#
# name is predefined
# debuglevel uses the same names as syslog or * or all to filter the input
# channels is a comma-separated list of channels

<loggers>
# bundle debuglevel channels
database * database,all
dnssec * dnssec,all
server * server,all
statistics * statistics
system * system,all
zone * zone,all
queries * queries
</loggers>

#
# TSIG Key configuration
#

<key>
name abroad-admin-key
algorithm hmac-md5
secret WorthlessKeyForExample==
</key>

<key>
name master-slave
algorithm hmac-md5
secret MasterAndSlavesTSIGKey==
</key>

#
# Access Control List definitions
#

<acl>
transferer key master-slave
admins 192.168.6.0/24, 2001:db8::74
master 192.168.6.32
slave 192.168.6.33
</acl>

#
# Master domain zone config
#

<zone>
type master
domain localhost
file masters/localhost.zone
allow-transfer slave
allow-update none
allow-update-forwarding none
</zone>

<zone>
type master
domain localhost6
file masters/localhost6.zone
allow-transfer slave
allow-update none
allow-update-forwarding none
</zone>

<zone>
type master
domain 0.0.127.in-addr.arpa
file masters/0.0.127.in-addr.arpa.zone
allow-transfer slave
allow-update none
allow-update-forwarding none
</zone>

<zone>
type master
domain 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
file masters/0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.zone
allow-transfer slave
allow-update none
allow-update-forwarding none
</zone>

<zone>
# This server is master for that zone (mandatory)
type master

# The domain name (mandatory)
domain myzone.demo

# The zone file, relative to 'datapath'. (mandatory for a master)
file masters/myzone.demo.zone
allow-transfer slave
</zone>

Other version: https://github.com/lye/yadifa/blob/master/etc/yadifad.conf.example


02. Jalankan/start Yadifa :
start /usr/local/sbin/(nama yadifanya) ⇒ yadifad
start /usr/local/sbin/yadifad
service yadifad start

03. Verifikasi Daemon :
netstat -anfinet|grep '.53'

04. Query YADIFA for myzone.demo :
dig +norec @localhost -t ANY myzone.demo

05. Edit konfigurasi Server sebagai Slave
nano /usr/local/etc/(nama file yadifanya)
nano /usr/local/etc/yadifad

#
# Example yadifa configuration file.
#

<main>
# Detach from the console
daemon on

# Jail the application
chroot off

# The path where all the log files will be written
logpath "/usr/local/var/log"

# The path where the pid file will be written
pidpath "/usr/local/var/run"

# The path where all zone files will be written
datapath "/usr/local/var/zones"

# The path where the DNSSEC keys are found
keyspath "/usr/local/var/zones/keys"

# The path where the transfer and journaling files will be written (AXFR &amp; IXFR)
xfrpath "/usr/local/var/zones/xfr"

# The version returned by a query to version.yadifa. CH TXT
version "1.0.0rc2"

# Enable EDNS0 support (?)
edns0 on

# Set the maximum UDP packet size. Cannot be less than 512. Cannot be more than 65535. Typical choice is 4096.
edns0-max-size 4096

# The maximum number of parallel TCP queries.
max-tcp-queries 100

# The user id to use (an integer can be used)
uid root

# The group id to use (an integer can be used)
gid wheel

# The DNS port. Any DNS query will be made using that port unless a specific value is used.
port 53

# The interfaces to listen to.
listen 0.0.0.0

# Enable the collection and logging of statistics
statistics on

# Choose the query log format (0 for none, 1 for YADIFA, 2 for BIND compatible, 3 for YADIFA and BIND)
queries-log-type 1
# Drop queries with erroneous content
# answer-formerr-packets on

# Maximum number of records in an AXFR packet. Set to one for compatibility
# with very old name servers
# axfr-maxrecordbypacket 0

# Global Access Controlrules.
#
# Rules can be defined on network ranges, TSIG signatures, and ACL rules

# simple queries:
allow-query any

# dynamic update of a zone
allow-update none

# transfer of a zone (AXFR or IXFR)
allow-transfer none

# notify of a change in the master
allow-notify none
</main>

#
# Logging output channels configurations
#
# name stream-name arguments
#
# name is arbitrary
# stream-name defines the output type (ie: a file name or syslog)
# arguments is specific to the output type (ie: unix file access rights or syslog options and facilities

<channels>
# name stream-name arguments
database database.log 0644
dnssec dnssec.log 0644
server server.log 0644
statistics statistics.log 0644
system system.log 0644
zone zone.log 0644
queries queries.log 0644
all all.log 0644

syslog syslog USER,CRON,PID

# although possible, these two do not do make much sense if daemon is enabled

stderr STDERR
stdout STDOUT
</channels>

# Logging input configurations
#
# name debug-level channels
#
# name is predefined
# debuglevel uses the same names as syslog or * or all to filter the input
# channels is a comma-separated list of channels

<loggers>
# bundle debuglevel channels
database * database,all
dnssec * dnssec,all
server * server,all
statistics * statistics
system * system,all
zone * zone,all
queries * queries
</loggers>

#
# TSIG Key configuration
#

<key>
name abroad-admin-key
algorithm hmac-md5
secret WorthlessKeyForExample==
</key>

<key>
name master-slave
algorithm hmac-md5
secret MasterAndSlavesTSIGKey==
</key>

#
# Access Control List definitions
#

<acl>
transferer key master-slave
admins 192.168.6.0/24, 2001:db8::74
master 192.168.6.32
slave 192.168.6.33
</acl>

#
# Master domain zone config
#

<zone>
type slave
domain localhost
file slaves/localhost.zone
master 192.168.6.32
</zone>

<zone>
type slave
domain localhost6
file slaves/localhost6.zone
master 192.168.6.32
</zone>

<zone>
type slave
domain 0.0.127.in-addr.arpa
file slaves/0.0.127.in-addr.arpa.zone
master 192.168.6.32
</zone>

<zone>
type slave
domain 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
file slaves/0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.zone
master 192.168.6.32
</zone>

<zone>
# This server is master for that zone (mandatory)
type slave

# The domain name (mandatory)
domain myzone.demo

# The zone file, relative to 'datapath'. (mandatory for a master)
file slaves/myzone.demo.zone
master 192.168.6.32
</zone>

06. Start Daemonnya :
start /usr/local/sbin/(nama file yadifanya)
start /usr/local/sbin/yadifad

07. Verifikasi Yadifa :
netstat -anfinet|grep '.53'

08. Query slave server untuk myzone.demo
dig +norec @localhost -t ANY myzone.demo

09. Bikin file yadifad-master.conf
nano /etc/yadifad-master.conf

<zone>
    domain      myzone.demo
    file        masters/myzone.demo.zone
    type        master
</zone>

10. Bikin file yadifad-slave.conf
nano /etc/yadifad-slave.conf

<zone>
    domain      myzone.demo
    file        slaves/myzone.demo.zone
    type        slave
    master      192.168.6.32
</zone>

11. Bikin file etc/yadifad.init
nano etc/yadifad.init

#! /bin/sh
#------------------------------------------------------------------------------
##
##
#------------------------------------------------------------------------------
### BEGIN INIT INFO
# Provides:          yadifad
# Required-Start:    $local_fs $network
# Required-Stop:
# Should-Start:      udev module-init-tools
# Should-Stop:       $named
# Default-Start:     2 3 4 5
# Default-Stop:
# Short-Description: Starts the YADIFAD name server
# Description:      Starts the YADIFAD name server
### END INIT INFO


PATH=/sbin:/usr/sbin:/bin:/usr/bin
PREFIX="/usr/local-dev"
NAME="yadifad"
NAMED_USERNAME="root"
DAEMON="/sbin/${NAME}"

SCRIPTNAME="/etc/init.d/${NAME}"
PIDFILE="$PREFIX/var/run/yadifa.pid"

CHROOTS=0
CHROOTDIR=$PREFIX
YADIFA_CHROOT=/var

if [ "$DEBUG" = "" ]
then
    DEBUG=0
fi

log()
{
    echo $*
    logger -t $NAME-init-script -- $*
}

debug()
{
    if [ $DEBUG -ne 0 ]
    then
        echo $*
        logger -t $NAME-init-script -- $*
    fi
}

if [ $CHROOTS -ne 0 ]
then
    PREFIX=
fi

VAR="$PREFIX/var"
CONF="$PREFIX/etc/yadifad.conf"

if [ "$MAX_STOP_WAIT" = "" ]
then
    MAX_STOP_WAIT=5
fi

# Inside the internal chroot

if [ "$CORE_PREFIX" = "" ]
then
    CORE_PREFIX=/log
fi

if [ "$DUMPS_CORE" = "" ]
then
    DUMPS_CORE=1
fi

if [ $DUMPS_CORE -ne 0 ]
then
    if [ ! -d $CHROOTDIR/$YADIFA_CHROOT/$CORE_PREFIX ]
    then
        log "Core dump enabled but '$CHROOTDIR/$YADIFA_CHROOT/$CORE_PREFIX' directory does not exists"
        exit 1
    fi
fi

# not yet:
#
# CHECK="/sbin/yadifa-checkconf"


# $? : supposed to be set
# 1  : message
# 2  : optional override code
# 3  : what to do in case of error (command)

die_on_error()
{
        ERR="$?"

        if [ ! "" = "$2" ]
        then
            ERR="$2"
        fi


        if [ 0 -ne ${ERR} ]
        then
            if [ ! "" = "$3" ]
            then
                $3
            fi

                log "error: '$1' ($ERR)"
                exit $err
        fi
}

#
# Function that checks if yadifa is running
#

do_status_internal()
{
    debug "checking for valid PIDFILE ${PIDFILE}"

    running=0

    if [ -f ${PIDFILE} ]
    then
        PID=$(cat ${PIDFILE})

        if [ "${PID}" != "" ]
        then
            PROC=$(ps -p ${PID} | tail -1| awk '{print $4}')

            if [ "$PROC" = "$NAME" ]
            then
                running=1
            else
                log "error : process with pid ${PID} is '$PROC' and not '$NAME' : deleting pid file"
                rm -f ${PIDFILE}
            fi
        else
            log "error: empty '${PIDFILE}' : deleting pid file"
            rm -f ${PIDFILE}
        fi
    fi

    return $running
}

do_status()
{
    do_status_internal

    running=$?

    if [ $running -eq 1 ]
    then
        log "${NAME} seems to be already running."
        exit 0
    else
        log "${NAME} does not seem to be running."
        exit 1
    fi
}

#
# Function that starts the daemon/service
#
do_start()
{
    log "Starting $NAME"

    debug "starting if no valid PIDFILE ${PIDFILE}"

    do_status_internal

    running=$?

    if [ $running -eq 1 ]
    then
        log "${NAME} seems to be already running."
        exit 1
    fi

    debug cd $CHROOTDIR/${PREFIX}
    cd $CHROOTDIR/${PREFIX}

    debug prefix = ${PREFIX}
    debug daemon = ${DAEMON}

    if [ $DUMPS_CORE -ne 0 ]
    then
        COREPATH="$CHROOTDIR/$YADIFA_CHROOT/$CORE_PREFIX/cores"

        log "enabling core dump in $COREPATH"

        ulimit -c unlimited


        mkdir -p $COREPATH
        chmod 0777 $COREPATH
        chmod +t $COREPATH

        log "core dump will be stored in '$COREPATH' ($CORE_PREFIX/cores)"

        echo "$CORE_PREFIX/cores/core.%e.%p.%h.%t" > /proc/sys/kernel/core_pattern
        echo 0x7 > /proc/self/coredump_filter
        echo -n 1 > /proc/sys/kernel/core_uses_pid
        echo -n 1 > /proc/sys/fs/suid_dumpable
    fi

    CMD="${PREFIX}${DAEMON} -c ${CONF}"

    if [ $CHROOTS -ne 0 ]
    then
        CMD="chroot $CHROOTDIR $CMD"
    fi

    debug $CMD

    $CMD

    die_on_error "${DAEMON} returned $?"

    exit 0
}


#
# Function that stops the daemon/service
#
do_stop()
{
    log "Stopping $NAME"

    debug "stopping if valid PIDFILE ${PIDFILE}"

    if [ -f ${PIDFILE} ]
    then
        while [ -f ${PIDFILE} ]
        do
            PID=$(cat ${PIDFILE})

            if [ "${PID}" = "" ]
            then
                log "error: empty '${PIDFILE}' : deleting pid file"
                rm -f ${PIDFILE}
                break
            fi

            PROC=$(ps -p ${PID} | tail -1| awk '{print $4}')

            if [ "$PROC" != "$NAME" ]
            then
                log "error : process with pid ${PID} is '$PROC' and not '$NAME' : deleting pid file"
                rm -f ${PIDFILE}
                break
            fi

            kill ${PID} > /dev/null 2>&1

            for count in $(seq 0 $MAX_STOP_WAIT)
            do
                if [ ! -f ${PIDFILE} ]
                then
                    break
                fi

                kill -0 ${PID} > /dev/null 2>&1

                if [ $? -ne 0 ]
                then
                    rm -f ${PIDFILE}
                    break
                fi

                log "waiting for the process to stop (waited $count seconds)"

                sleep 1
            done
        done
    else
        log "${NAME} does not seem to be running ..."
        debug "reason: ${PIDFILE} not found"
    fi
}

debug called with $1

case "$1" in
  start)
    do_start
    ;;
  stop)
    do_stop
    ;;
  restart)
    do_stop
    do_start
    ;;
  status)
    do_status
    ;;
  *)
    log "Usage: $SCRIPTNAME {start|stop|restart|status}" >&2
    exit 3
    ;;
esac

: