Advertisement
rmh

Step by step Yadifa DNS Configuration (en)

rmh
Feb 27th, 2013
285
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.82 KB | None | 0 0
  1. 01. Create file yatifad.conf. Feel free to use the following one slightly edited to serve as master:
  2. nano /usr/local/etc/(Yadifa_File_Name)
  3. nano /usr/local/etc/yatifad.conf
  4.  
  5. #
  6. # Example yadifa configuration file.
  7. #
  8.  
  9. <main>
  10. # Detach from the console
  11. daemon on
  12.  
  13. # Jail the application
  14. chroot off
  15.  
  16. # The path where all the log files will be written
  17. logpath "/usr/local/var/log"
  18.  
  19. # The path where the pid file will be written
  20. pidpath "/usr/local/var/run"
  21.  
  22. # The path where all zone files will be written
  23. datapath "/usr/local/var/zones"
  24.  
  25. # The path where the DNSSEC keys are found
  26. keyspath "/usr/local/var/zones/keys"
  27.  
  28. # The path where the transfer and journaling files will be written (AXFR &amp; IXFR)
  29. xfrpath "/usr/local/var/zones/xfr"
  30.  
  31. # The version returned by a query to version.yadifa. CH TXT
  32. version "1.0.0rc2"
  33.  
  34. # Enable EDNS0 support (?)
  35. edns0 on
  36.  
  37. # Set the maximum UDP packet size. Cannot be less than 512. Cannot be more than 65535. Typical choice is 4096.
  38. edns0-max-size 4096
  39.  
  40. # The maximum number of parallel TCP queries.
  41. max-tcp-queries 100
  42.  
  43. # The user id to use (an integer can be used)
  44. uid root
  45.  
  46. # The group id to use (an integer can be used)
  47. gid wheel
  48.  
  49. # The DNS port. Any DNS query will be made using that port unless a specific value is used.
  50. port 53
  51.  
  52. # The interfaces to listen to.
  53. listen 0.0.0.0
  54.  
  55. # Enable the collection and logging of statistics
  56. statistics on
  57.  
  58. # Choose the query log format (0 for none, 1 for YADIFA, 2 for BIND compatible, 3 for YADIFA and BIND)
  59. queries-log-type 1
  60. # Drop queries with erroneous content
  61. # answer-formerr-packets on
  62.  
  63. # Maximum number of records in an AXFR packet. Set to one for compatibility
  64. # with very old name servers
  65. # axfr-maxrecordbypacket 0
  66.  
  67. # Global Access Controlrules.
  68. #
  69. # Rules can be defined on network ranges, TSIG signatures, and ACL rules
  70.  
  71. # simple queries:
  72. allow-query any
  73.  
  74. # dynamic update of a zone
  75. allow-update none
  76.  
  77. # transfer of a zone (AXFR or IXFR)
  78. allow-transfer 192.168.6.33
  79.  
  80. # notify of a change in the master
  81. allow-notify 192.168.6.33
  82. </main>
  83.  
  84. #
  85. # Logging output channels configurations
  86. #
  87. # name stream-name arguments
  88. #
  89. # name is arbitrary
  90. # stream-name defines the output type (ie: a file name or syslog)
  91. # arguments is specific to the output type (ie: unix file access rights or syslog options and facilities
  92.  
  93. <channels>
  94. # name stream-name arguments
  95. database database.log 0644
  96. dnssec dnssec.log 0644
  97. server server.log 0644
  98. statistics statistics.log 0644
  99. system system.log 0644
  100. zone zone.log 0644
  101. queries queries.log 0644
  102. all all.log 0644
  103.  
  104. syslog syslog USER,CRON,PID
  105.  
  106. # although possible, these two do not do make much sense if daemon is enabled
  107.  
  108. stderr STDERR
  109. stdout STDOUT
  110. </channels>
  111.  
  112. # Logging input configurations
  113. #
  114. # name debug-level channels
  115. #
  116. # name is predefined
  117. # debuglevel uses the same names as syslog or * or all to filter the input
  118. # channels is a comma-separated list of channels
  119.  
  120. <loggers>
  121. # bundle debuglevel channels
  122. database * database,all
  123. dnssec * dnssec,all
  124. server * server,all
  125. statistics * statistics
  126. system * system,all
  127. zone * zone,all
  128. queries * queries
  129. </loggers>
  130.  
  131. #
  132. # TSIG Key configuration
  133. #
  134.  
  135. <key>
  136. name abroad-admin-key
  137. algorithm hmac-md5
  138. secret WorthlessKeyForExample==
  139. </key>
  140.  
  141. <key>
  142. name master-slave
  143. algorithm hmac-md5
  144. secret MasterAndSlavesTSIGKey==
  145. </key>
  146.  
  147. #
  148. # Access Control List definitions
  149. #
  150.  
  151. <acl>
  152. transferer key master-slave
  153. admins 192.168.6.0/24, 2001:db8::74
  154. master 192.168.6.32
  155. slave 192.168.6.33
  156. </acl>
  157.  
  158. #
  159. # Master domain zone config
  160. #
  161.  
  162. <zone>
  163. type master
  164. domain localhost
  165. file masters/localhost.zone
  166. allow-transfer slave
  167. allow-update none
  168. allow-update-forwarding none
  169. </zone>
  170.  
  171. <zone>
  172. type master
  173. domain localhost6
  174. file masters/localhost6.zone
  175. allow-transfer slave
  176. allow-update none
  177. allow-update-forwarding none
  178. </zone>
  179.  
  180. <zone>
  181. type master
  182. domain 0.0.127.in-addr.arpa
  183. file masters/0.0.127.in-addr.arpa.zone
  184. allow-transfer slave
  185. allow-update none
  186. allow-update-forwarding none
  187. </zone>
  188.  
  189. <zone>
  190. type master
  191. domain 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
  192. file masters/0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.zone
  193. allow-transfer slave
  194. allow-update none
  195. allow-update-forwarding none
  196. </zone>
  197.  
  198. <zone>
  199. # This server is master for that zone (mandatory)
  200. type master
  201.  
  202. # The domain name (mandatory)
  203. domain myzone.demo
  204.  
  205. # The zone file, relative to 'datapath'. (mandatory for a master)
  206. file masters/myzone.demo.zone
  207. allow-transfer slave
  208. </zone>
  209.  
  210. Other version: https://github.com/lye/yadifa/blob/master/etc/yadifad.conf.example
  211.  
  212.  
  213. 02. Start Yadifa :
  214. start /usr/local/sbin/(nama yadifanya) ⇒ yadifad
  215. start /usr/local/sbin/yadifad
  216. service yadifad start
  217.  
  218. 03. Verify the Daemon :
  219. netstat -anfinet|grep '.53'
  220.  
  221. 04. Query YADIFA for myzone.demo :
  222. dig +norec @localhost -t ANY myzone.demo
  223.  
  224. 05. Edit Server Configuration as Slave
  225. nano /usr/local/etc/(nama file yadifanya)
  226. nano /usr/local/etc/yadifad
  227.  
  228. #
  229. # Example yadifa configuration file.
  230. #
  231.  
  232. <main>
  233. # Detach from the console
  234. daemon on
  235.  
  236. # Jail the application
  237. chroot off
  238.  
  239. # The path where all the log files will be written
  240. logpath "/usr/local/var/log"
  241.  
  242. # The path where the pid file will be written
  243. pidpath "/usr/local/var/run"
  244.  
  245. # The path where all zone files will be written
  246. datapath "/usr/local/var/zones"
  247.  
  248. # The path where the DNSSEC keys are found
  249. keyspath "/usr/local/var/zones/keys"
  250.  
  251. # The path where the transfer and journaling files will be written (AXFR &amp; IXFR)
  252. xfrpath "/usr/local/var/zones/xfr"
  253.  
  254. # The version returned by a query to version.yadifa. CH TXT
  255. version "1.0.0rc2"
  256.  
  257. # Enable EDNS0 support (?)
  258. edns0 on
  259.  
  260. # Set the maximum UDP packet size. Cannot be less than 512. Cannot be more than 65535. Typical choice is 4096.
  261. edns0-max-size 4096
  262.  
  263. # The maximum number of parallel TCP queries.
  264. max-tcp-queries 100
  265.  
  266. # The user id to use (an integer can be used)
  267. uid root
  268.  
  269. # The group id to use (an integer can be used)
  270. gid wheel
  271.  
  272. # The DNS port. Any DNS query will be made using that port unless a specific value is used.
  273. port 53
  274.  
  275. # The interfaces to listen to.
  276. listen 0.0.0.0
  277.  
  278. # Enable the collection and logging of statistics
  279. statistics on
  280.  
  281. # Choose the query log format (0 for none, 1 for YADIFA, 2 for BIND compatible, 3 for YADIFA and BIND)
  282. queries-log-type 1
  283. # Drop queries with erroneous content
  284. # answer-formerr-packets on
  285.  
  286. # Maximum number of records in an AXFR packet. Set to one for compatibility
  287. # with very old name servers
  288. # axfr-maxrecordbypacket 0
  289.  
  290. # Global Access Controlrules.
  291. #
  292. # Rules can be defined on network ranges, TSIG signatures, and ACL rules
  293.  
  294. # simple queries:
  295. allow-query any
  296.  
  297. # dynamic update of a zone
  298. allow-update none
  299.  
  300. # transfer of a zone (AXFR or IXFR)
  301. allow-transfer none
  302.  
  303. # notify of a change in the master
  304. allow-notify none
  305. </main>
  306.  
  307. #
  308. # Logging output channels configurations
  309. #
  310. # name stream-name arguments
  311. #
  312. # name is arbitrary
  313. # stream-name defines the output type (ie: a file name or syslog)
  314. # arguments is specific to the output type (ie: unix file access rights or syslog options and facilities
  315.  
  316. <channels>
  317. # name stream-name arguments
  318. database database.log 0644
  319. dnssec dnssec.log 0644
  320. server server.log 0644
  321. statistics statistics.log 0644
  322. system system.log 0644
  323. zone zone.log 0644
  324. queries queries.log 0644
  325. all all.log 0644
  326.  
  327. syslog syslog USER,CRON,PID
  328.  
  329. # although possible, these two do not do make much sense if daemon is enabled
  330.  
  331. stderr STDERR
  332. stdout STDOUT
  333. </channels>
  334.  
  335. # Logging input configurations
  336. #
  337. # name debug-level channels
  338. #
  339. # name is predefined
  340. # debuglevel uses the same names as syslog or * or all to filter the input
  341. # channels is a comma-separated list of channels
  342.  
  343. <loggers>
  344. # bundle debuglevel channels
  345. database * database,all
  346. dnssec * dnssec,all
  347. server * server,all
  348. statistics * statistics
  349. system * system,all
  350. zone * zone,all
  351. queries * queries
  352. </loggers>
  353.  
  354. #
  355. # TSIG Key configuration
  356. #
  357.  
  358. <key>
  359. name abroad-admin-key
  360. algorithm hmac-md5
  361. secret WorthlessKeyForExample==
  362. </key>
  363.  
  364. <key>
  365. name master-slave
  366. algorithm hmac-md5
  367. secret MasterAndSlavesTSIGKey==
  368. </key>
  369.  
  370. #
  371. # Access Control List definitions
  372. #
  373.  
  374. <acl>
  375. transferer key master-slave
  376. admins 192.168.6.0/24, 2001:db8::74
  377. master 192.168.6.32
  378. slave 192.168.6.33
  379. </acl>
  380.  
  381. #
  382. # Master domain zone config
  383. #
  384.  
  385. <zone>
  386. type slave
  387. domain localhost
  388. file slaves/localhost.zone
  389. master 192.168.6.32
  390. </zone>
  391.  
  392. <zone>
  393. type slave
  394. domain localhost6
  395. file slaves/localhost6.zone
  396. master 192.168.6.32
  397. </zone>
  398.  
  399. <zone>
  400. type slave
  401. domain 0.0.127.in-addr.arpa
  402. file slaves/0.0.127.in-addr.arpa.zone
  403. master 192.168.6.32
  404. </zone>
  405.  
  406. <zone>
  407. type slave
  408. domain 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
  409. file slaves/0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.zone
  410. master 192.168.6.32
  411. </zone>
  412.  
  413. <zone>
  414. # This server is master for that zone (mandatory)
  415. type slave
  416.  
  417. # The domain name (mandatory)
  418. domain myzone.demo
  419.  
  420. # The zone file, relative to 'datapath'. (mandatory for a master)
  421. file slaves/myzone.demo.zone
  422. master 192.168.6.32
  423. </zone>
  424.  
  425.  
  426. 06. Start The Daemon:
  427. start /usr/local/sbin/(nama file yadifanya)
  428. start /usr/local/sbin/yadifad
  429.  
  430. 07. Reverify The Yadifa:
  431. netstat -anfinet|grep '.53'
  432.  
  433. 08. Query slave server for myzone.demo
  434. dig +norec @localhost -t ANY myzone.demo
  435.  
  436. 09. Create file yadifad-master.conf
  437. nano /etc/yadifad-master.conf
  438.  
  439. <zone>
  440. domain myzone.demo
  441. file masters/myzone.demo.zone
  442. type master
  443. </zone>
  444.  
  445. 10. Create file yadifad-slave.conf
  446. nano /etc/yadifad-slave.conf
  447.  
  448. <zone>
  449. domain myzone.demo
  450. file slaves/myzone.demo.zone
  451. type slave
  452. master 192.168.6.32
  453. </zone>
  454.  
  455. 11. Create file etc/yadifad.init
  456. nano etc/yadifad.init
  457.  
  458. #! /bin/sh
  459. #------------------------------------------------------------------------------
  460. ##
  461. ##
  462. #------------------------------------------------------------------------------
  463. ### BEGIN INIT INFO
  464. # Provides: yadifad
  465. # Required-Start: $local_fs $network
  466. # Required-Stop:
  467. # Should-Start: udev module-init-tools
  468. # Should-Stop: $named
  469. # Default-Start: 2 3 4 5
  470. # Default-Stop:
  471. # Short-Description: Starts the YADIFAD name server
  472. # Description: Starts the YADIFAD name server
  473. ### END INIT INFO
  474.  
  475.  
  476. PATH=/sbin:/usr/sbin:/bin:/usr/bin
  477. PREFIX="/usr/local-dev"
  478. NAME="yadifad"
  479. NAMED_USERNAME="root"
  480. DAEMON="/sbin/${NAME}"
  481.  
  482. SCRIPTNAME="/etc/init.d/${NAME}"
  483. PIDFILE="$PREFIX/var/run/yadifa.pid"
  484.  
  485. CHROOTS=0
  486. CHROOTDIR=$PREFIX
  487. YADIFA_CHROOT=/var
  488.  
  489. if [ "$DEBUG" = "" ]
  490. then
  491. DEBUG=0
  492. fi
  493.  
  494. log()
  495. {
  496. echo $*
  497. logger -t $NAME-init-script -- $*
  498. }
  499.  
  500. debug()
  501. {
  502. if [ $DEBUG -ne 0 ]
  503. then
  504. echo $*
  505. logger -t $NAME-init-script -- $*
  506. fi
  507. }
  508.  
  509. if [ $CHROOTS -ne 0 ]
  510. then
  511. PREFIX=
  512. fi
  513.  
  514. VAR="$PREFIX/var"
  515. CONF="$PREFIX/etc/yadifad.conf"
  516.  
  517. if [ "$MAX_STOP_WAIT" = "" ]
  518. then
  519. MAX_STOP_WAIT=5
  520. fi
  521.  
  522. # Inside the internal chroot
  523.  
  524. if [ "$CORE_PREFIX" = "" ]
  525. then
  526. CORE_PREFIX=/log
  527. fi
  528.  
  529. if [ "$DUMPS_CORE" = "" ]
  530. then
  531. DUMPS_CORE=1
  532. fi
  533.  
  534. if [ $DUMPS_CORE -ne 0 ]
  535. then
  536. if [ ! -d $CHROOTDIR/$YADIFA_CHROOT/$CORE_PREFIX ]
  537. then
  538. log "Core dump enabled but '$CHROOTDIR/$YADIFA_CHROOT/$CORE_PREFIX' directory does not exists"
  539. exit 1
  540. fi
  541. fi
  542.  
  543. # not yet:
  544. #
  545. # CHECK="/sbin/yadifa-checkconf"
  546.  
  547.  
  548. # $? : supposed to be set
  549. # 1 : message
  550. # 2 : optional override code
  551. # 3 : what to do in case of error (command)
  552.  
  553. die_on_error()
  554. {
  555. ERR="$?"
  556.  
  557. if [ ! "" = "$2" ]
  558. then
  559. ERR="$2"
  560. fi
  561.  
  562.  
  563. if [ 0 -ne ${ERR} ]
  564. then
  565. if [ ! "" = "$3" ]
  566. then
  567. $3
  568. fi
  569.  
  570. log "error: '$1' ($ERR)"
  571. exit $err
  572. fi
  573. }
  574.  
  575. #
  576. # Function that checks if yadifa is running
  577. #
  578.  
  579. do_status_internal()
  580. {
  581. debug "checking for valid PIDFILE ${PIDFILE}"
  582.  
  583. running=0
  584.  
  585. if [ -f ${PIDFILE} ]
  586. then
  587. PID=$(cat ${PIDFILE})
  588.  
  589. if [ "${PID}" != "" ]
  590. then
  591. PROC=$(ps -p ${PID} | tail -1| awk '{print $4}')
  592.  
  593. if [ "$PROC" = "$NAME" ]
  594. then
  595. running=1
  596. else
  597. log "error : process with pid ${PID} is '$PROC' and not '$NAME' : deleting pid file"
  598. rm -f ${PIDFILE}
  599. fi
  600. else
  601. log "error: empty '${PIDFILE}' : deleting pid file"
  602. rm -f ${PIDFILE}
  603. fi
  604. fi
  605.  
  606. return $running
  607. }
  608.  
  609. do_status()
  610. {
  611. do_status_internal
  612.  
  613. running=$?
  614.  
  615. if [ $running -eq 1 ]
  616. then
  617. log "${NAME} seems to be already running."
  618. exit 0
  619. else
  620. log "${NAME} does not seem to be running."
  621. exit 1
  622. fi
  623. }
  624.  
  625. #
  626. # Function that starts the daemon/service
  627. #
  628. do_start()
  629. {
  630. log "Starting $NAME"
  631.  
  632. debug "starting if no valid PIDFILE ${PIDFILE}"
  633.  
  634. do_status_internal
  635.  
  636. running=$?
  637.  
  638. if [ $running -eq 1 ]
  639. then
  640. log "${NAME} seems to be already running."
  641. exit 1
  642. fi
  643.  
  644. debug cd $CHROOTDIR/${PREFIX}
  645. cd $CHROOTDIR/${PREFIX}
  646.  
  647. debug prefix = ${PREFIX}
  648. debug daemon = ${DAEMON}
  649.  
  650. if [ $DUMPS_CORE -ne 0 ]
  651. then
  652. COREPATH="$CHROOTDIR/$YADIFA_CHROOT/$CORE_PREFIX/cores"
  653.  
  654. log "enabling core dump in $COREPATH"
  655.  
  656. ulimit -c unlimited
  657.  
  658.  
  659. mkdir -p $COREPATH
  660. chmod 0777 $COREPATH
  661. chmod +t $COREPATH
  662.  
  663. log "core dump will be stored in '$COREPATH' ($CORE_PREFIX/cores)"
  664.  
  665. echo "$CORE_PREFIX/cores/core.%e.%p.%h.%t" > /proc/sys/kernel/core_pattern
  666. echo 0x7 > /proc/self/coredump_filter
  667. echo -n 1 > /proc/sys/kernel/core_uses_pid
  668. echo -n 1 > /proc/sys/fs/suid_dumpable
  669. fi
  670.  
  671. CMD="${PREFIX}${DAEMON} -c ${CONF}"
  672.  
  673. if [ $CHROOTS -ne 0 ]
  674. then
  675. CMD="chroot $CHROOTDIR $CMD"
  676. fi
  677.  
  678. debug $CMD
  679.  
  680. $CMD
  681.  
  682. die_on_error "${DAEMON} returned $?"
  683.  
  684. exit 0
  685. }
  686.  
  687.  
  688. #
  689. # Function that stops the daemon/service
  690. #
  691. do_stop()
  692. {
  693. log "Stopping $NAME"
  694.  
  695. debug "stopping if valid PIDFILE ${PIDFILE}"
  696.  
  697. if [ -f ${PIDFILE} ]
  698. then
  699. while [ -f ${PIDFILE} ]
  700. do
  701. PID=$(cat ${PIDFILE})
  702.  
  703. if [ "${PID}" = "" ]
  704. then
  705. log "error: empty '${PIDFILE}' : deleting pid file"
  706. rm -f ${PIDFILE}
  707. break
  708. fi
  709.  
  710. PROC=$(ps -p ${PID} | tail -1| awk '{print $4}')
  711.  
  712. if [ "$PROC" != "$NAME" ]
  713. then
  714. log "error : process with pid ${PID} is '$PROC' and not '$NAME' : deleting pid file"
  715. rm -f ${PIDFILE}
  716. break
  717. fi
  718.  
  719. kill ${PID} > /dev/null 2>&1
  720.  
  721. for count in $(seq 0 $MAX_STOP_WAIT)
  722. do
  723. if [ ! -f ${PIDFILE} ]
  724. then
  725. break
  726. fi
  727.  
  728. kill -0 ${PID} > /dev/null 2>&1
  729.  
  730. if [ $? -ne 0 ]
  731. then
  732. rm -f ${PIDFILE}
  733. break
  734. fi
  735.  
  736. log "waiting for the process to stop (waited $count seconds)"
  737.  
  738. sleep 1
  739. done
  740. done
  741. else
  742. log "${NAME} does not seem to be running ..."
  743. debug "reason: ${PIDFILE} not found"
  744. fi
  745. }
  746.  
  747. debug called with $1
  748.  
  749. case "$1" in
  750. start)
  751. do_start
  752. ;;
  753. stop)
  754. do_stop
  755. ;;
  756. restart)
  757. do_stop
  758. do_start
  759. ;;
  760. status)
  761. do_status
  762. ;;
  763. *)
  764. log "Usage: $SCRIPTNAME {start|stop|restart|status}" >&2
  765. exit 3
  766. ;;
  767. esac
  768.  
  769. :
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement