====== Debian Lenny: Bind9 slave of MyDns ==
I've started this installation using a precreated template of Debian 5 (Lenny) minimal, downloaded from:\\
[[http://download.openvz.org/template/precreated/contrib/debian-5.0-i386-minimal.tar.gz|download.openvz.org]]
===== 1 - Setup the Virtual Environment =====
Create a container based on the just downloaded template, specify an IP address, an hostname, a nameserver.
I also give to the root user, a password
vzctl create 1100 --ostemplate debian-5.0-i386-minimal --config vps.custom
vzctl set 1100 --hostname bind.dw.lan --save
vzctl set 1100 --ipadd 192.168.0.100 --save
vzctl set 1100 --nameserver 192.168.0.22 --save
vzctl set 1100 --userpasswd root:#your-root-password#
This is the configuration file i've used
nano /etc/vz/conf/1100.conf
# Configuration file generated by vzsplit for 32 VEs on HN with total amount of
# physical mem 2024 Mb, # low memory 872 Mb, swap size 5938 Mb, Max treads 8000
# Resourse commit level 0:
# adjusted by kokk: VMGUARPAGES, OOMGUARPAGES, PRIVVMPAGES, DISKSPACE, DISKINODES
# Primary parameters
NUMPROC="250:250"
AVNUMPROC="69:69"
NUMTCPSOCK="250:250"
NUMOTHERSOCK="250:250"
VMGUARPAGES="64M:unlimited"
# Secondary parameters
OOMGUARPAGES="64M:unlimited"
PRIVVMPAGES="128M:256M"
KMEMSIZE="5720473:6292520"
TCPSNDBUF="882824:1906824"
TCPRCVBUF="882824:1906824"
OTHERSOCKBUF="441412:1465412"
DGRAMRCVBUF="441412:441412"
# Auxiliary parameters
LOCKEDPAGES="279:279"
SHMPAGES="31093:31093"
PHYSPAGES="0:unlimited"
NUMFILE="2208:2208"
NUMFLOCK="220:242"
NUMPTY="25:25"
NUMSIGINFO="1024:1024"
DCACHESIZE="1234765:1271808"
NUMIPTENT="62:62"
# Disk quota parameters
DISKSPACE="10000M:11000M"
DISKINODES="200000:220000"
# CPU fair sheduler parameter (OpenVZ consider one 1 GHz PIII Intel processor
# to be approximately equivalent to 50000 CPU units)
CPUUNITS="25000"
CPUS="1"
# Host parameters
ONBOOT="yes"
VE_ROOT="/var/lib/vz/root/$VEID"
VE_PRIVATE="/var/lib/vz/private/$VEID"
OSTEMPLATE="debian-5.0-i386-minimal"
ORIGIN_SAMPLE="vps.32"
HOSTNAME="dnslave.dw.lan"
IP_ADDRESS="192.168.0.100"
NAMESERVER="192.168.0.22"
===== 2 - Updating the Virtual Environment =====
Start the container and enter as root
vzctl start 1100
vzctl enter 1100
Set the correct timezone, choosing the right value (mine is Europe/Rome):
dpkg-reconfigure tzdata
Make sure that your **/etc/apt/sources.list** contains the right links to the debian repositories, like this
nano /etc/apt/sources.list
## Debian Stable (Lenny)
deb http://ftp.it.debian.org/debian/ lenny main contrib non-free
deb-src http://ftp.it.debian.org/debian/ lenny main contrib non-free
## security updates
deb http://security.debian.org/ lenny/updates main contrib non-free
deb-src http://security.debian.org/ lenny/updates main contrib non-free
Update the apt package database and and install updates
apt-get update
One time i have got an error, related to gpg keys, after adjusting the **/etc/apt/sources.list**, so before proceed, i've done this
apt-get install debian-archive-keyring
Then again, and the problem vanished
apt-get update
Finally, install updates
apt-get -y upgrade
===== 3 - Installing Bind DNS Server =====
Install Bind, the PERL library for MySQL and syslogd
apt-get -y install bind9 libdbd-mysql-perl syslogd
Newer Debian versions, like 6.0, renamed **syslogd** in **sysklogd**, so we need to install as this
apt-get -y install bind9 libdbd-mysql-perl sysklogd
For security reasons we want to run BIND chrooted so we have to do the following steps:
/etc/init.d/bind9 stop
Edit the file **/etc/default/bind9** so that the daemon will use only IPv4 addresses, run as the unprivileged user **bind**, chrooted to **/var/lib/bind**. Modify the last line like this:
nano /etc/default/bind9
# run resolvconf?
RESOLVCONF=yes
# startup options for the server
#OPTIONS="-u bind"
OPTIONS="-4 -u bind -t /var/lib/bind"
Create the necessary directories under /var/lib:
mkdir -p /var/lib/bind/etc
mkdir /var/lib/bind/dev
mkdir -p /var/lib/bind/var/cache/bind
mkdir -p /var/lib/bind/var/run/bind/run
Then move the config directory from **/etc** to **/var/lib/bind/etc**:
mv /etc/bind /var/lib/bind/etc
Create a symlink to the new config directory from the old location (to avoid problems when bind gets updated in the future):
ln -s /var/lib/bind/etc/bind /etc/bind
Make null and random devices, and fix permissions of the directories:
mknod /var/lib/bind/dev/null c 1 3
mknod /var/lib/bind/dev/random c 1 8
chmod 666 /var/lib/bind/dev/null /var/lib/bind/dev/random
chown -R bind:bind /var/lib/bind/var/*
chown -R bind:bind /var/lib/bind/etc/bind
We need to modify **/etc/default/syslogd** so that we can still get important messages logged to the system logs. Modify the line: SYSLOGD="" so that it reads: SYSLOGD="-a /var/lib/named/dev/log":
nano /etc/default/syslogd
#
# Top configuration file for syslogd
#
#
# Full documentation of possible arguments are found in the manpage
# syslogd(8).
#
#
# For remote UDP logging use SYSLOGD="-r"
#
SYSLOGD="-a /var/lib/bind/dev/log"
Restart the logging daemon:
/etc/init.d/sysklogd restart
Start up BIND, and check /var/log/syslog for errors:
/etc/init.d/bind9 start
===== 4 - Configuring Bind DNS Server =====
Open **/var/lib/bind/etc/bind/named.conf**, then add a line at the bottom like this
nano /var/lib/bind/etc/bind/named.conf
[...]
include "/etc/bind/named.conf.slaves";
Open **/var/lib/bind/etc/bind/named.conf.options**
nano /var/lib/bind/etc/bind/named.conf.options
Change like this
options {
directory "/var/cache/bind";
# with the help of http://www.zytrax.com/books/dns/
# version statement - inhibited for security
# (avoids hacking any known weaknesses)
version "not currently available";
# all the world can query
allow-query { any; };
# allows notifies only from masters
allow-notify { 192.168.0.0/24; };
# disables all zone transfer requests
allow-transfer { none; };
# Closed DNS - permits only local IPs to issue recursive queries
# remove if required to support all users or add additional ranges
# allow-recursion { 127.0.0.1; 192.168.0.0/24; };
allow-recursion { none; };
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { none; };
# by default we listen on all interfaces
# listen-on { any; };
listen-on port 53 { 127.0.0.1; 192.168.0.0/24; };
};
# http://www.wantlinux.net/2008/05/mysql-based-dns-for-the-ability-for-web-based-control
# http://howtoforge.net/forums/showthread.php?t=37727
server 192.168.0.0/24 {
request-ixfr no;
};
===== 5 - Cronjobbing Bind DNS Server =====
I want to update the slave zones once every 15 minutes, for my needs.
Put in **/root/mydns_to_slave.pl** this perl script
#!/usr/bin/perl
use DBI;
use DBD::mysql;
my $m = '192.168.0.31'; # my IP address
my $s = '192.168.0.13'; # server IP address
my $u = 'username';
my $p = 'pass!word';
#$dsn = "dbi:SQL Platform:database_name:host_name:port";
my $dsn = "dbi:mysql:database_name:$s:3306";
# try to connect to mysql server
my $dbh = DBI->connect($dsn,$u,$p)
|| die "Cannot connect to the DB: $DBI::errstr\n";
# retrieve the returned rows of data
#my $sql = "SELECT `origin`, `id`, `serial`, `active` FROM `dns_soa`"
my $sql = "SELECT `origin` FROM `dns_soa`"
." WHERE `active` = 'Y' AND FIND_IN_SET('$m',`also_notify`)"
." ORDER BY 1";
my $sth = $dbh->prepare($sql);
$sth->execute()
|| die "Cannot execute the query: " . $sth->errstr;
# empties the slaves file
open (slave,"> /var/lib/bind/etc/bind/named.conf.slaves")
|| die "Cannot open named.conf.slaves for writing";
# iterating the returned rows of data
while ($r = $sth->fetchrow_hashref)
{
$zone = substr($r->{origin},0,-1);
$file = $zone;
$file =~ s/\//-/g; # slashes are illegal in filenames
printf slave "zone \"$zone\" {\n";
printf slave " type slave;\n";
printf slave " masters { $s; };\n";
printf slave " file \"$file.zone\";\n";
printf slave "};\n";
}
close (slave);
# force reload bind
`/etc/init.d/bind9 force-reload`
Now edit **/etc/crontab** adding these lines at the end of the file
nano /etc/crontab
[...]
# updating the bind slaves every 15 minutes
# m h dom mon dow user command
14 * * * * root perl /root/mydns_to_slave.pl
29 * * * * root perl /root/mydns_to_slave.pl
44 * * * * root perl /root/mydns_to_slave.pl
59 * * * * root perl /root/mydns_to_slave.pl