I've started this installation using a precreated template of Debian 5 (Lenny) minimal, downloaded from:
download.openvz.org
Create a container based on the just downloaded template, specify an IP address, an hostname, a nameserver. I also give to the root user, a password
vzctl create 1100 --ostemplate debian-5.0-i386-minimal --config vps.custom vzctl set 1100 --hostname bind.dw.lan --save vzctl set 1100 --ipadd 192.168.0.100 --save vzctl set 1100 --nameserver 192.168.0.22 --save vzctl set 1100 --userpasswd root:#your-root-password#
This is the configuration file i've used
nano /etc/vz/conf/1100.conf
# Configuration file generated by vzsplit for 32 VEs on HN with total amount of # physical mem 2024 Mb, # low memory 872 Mb, swap size 5938 Mb, Max treads 8000 # Resourse commit level 0: # adjusted by kokk: VMGUARPAGES, OOMGUARPAGES, PRIVVMPAGES, DISKSPACE, DISKINODES # Primary parameters NUMPROC="250:250" AVNUMPROC="69:69" NUMTCPSOCK="250:250" NUMOTHERSOCK="250:250" VMGUARPAGES="64M:unlimited" # Secondary parameters OOMGUARPAGES="64M:unlimited" PRIVVMPAGES="128M:256M" KMEMSIZE="5720473:6292520" TCPSNDBUF="882824:1906824" TCPRCVBUF="882824:1906824" OTHERSOCKBUF="441412:1465412" DGRAMRCVBUF="441412:441412" # Auxiliary parameters LOCKEDPAGES="279:279" SHMPAGES="31093:31093" PHYSPAGES="0:unlimited" NUMFILE="2208:2208" NUMFLOCK="220:242" NUMPTY="25:25" NUMSIGINFO="1024:1024" DCACHESIZE="1234765:1271808" NUMIPTENT="62:62" # Disk quota parameters DISKSPACE="10000M:11000M" DISKINODES="200000:220000" # CPU fair sheduler parameter (OpenVZ consider one 1 GHz PIII Intel processor # to be approximately equivalent to 50000 CPU units) CPUUNITS="25000" CPUS="1" # Host parameters ONBOOT="yes" VE_ROOT="/var/lib/vz/root/$VEID" VE_PRIVATE="/var/lib/vz/private/$VEID" OSTEMPLATE="debian-5.0-i386-minimal" ORIGIN_SAMPLE="vps.32" HOSTNAME="dnslave.dw.lan" IP_ADDRESS="192.168.0.100" NAMESERVER="192.168.0.22"
Start the container and enter as root
vzctl start 1100 vzctl enter 1100
Set the correct timezone, choosing the right value (mine is Europe/Rome):
dpkg-reconfigure tzdata
Make sure that your /etc/apt/sources.list contains the right links to the debian repositories, like this
nano /etc/apt/sources.list
## Debian Stable (Lenny) deb http://ftp.it.debian.org/debian/ lenny main contrib non-free deb-src http://ftp.it.debian.org/debian/ lenny main contrib non-free ## security updates deb http://security.debian.org/ lenny/updates main contrib non-free deb-src http://security.debian.org/ lenny/updates main contrib non-free
Update the apt package database and and install updates
apt-get update
One time i have got an error, related to gpg keys, after adjusting the /etc/apt/sources.list, so before proceed, i've done this
apt-get install debian-archive-keyring
Then again, and the problem vanished
apt-get update
Finally, install updates
apt-get -y upgrade
Install Bind, the PERL library for MySQL and syslogd
apt-get -y install bind9 libdbd-mysql-perl syslogd
Newer Debian versions, like 6.0, renamed syslogd in sysklogd, so we need to install as this
apt-get -y install bind9 libdbd-mysql-perl sysklogd
For security reasons we want to run BIND chrooted so we have to do the following steps:
/etc/init.d/bind9 stop
Edit the file /etc/default/bind9 so that the daemon will use only IPv4 addresses, run as the unprivileged user bind, chrooted to /var/lib/bind. Modify the last line like this:
nano /etc/default/bind9
# run resolvconf? RESOLVCONF=yes # startup options for the server #OPTIONS="-u bind" OPTIONS="-4 -u bind -t /var/lib/bind"
Create the necessary directories under /var/lib:
mkdir -p /var/lib/bind/etc mkdir /var/lib/bind/dev mkdir -p /var/lib/bind/var/cache/bind mkdir -p /var/lib/bind/var/run/bind/run
Then move the config directory from /etc to /var/lib/bind/etc:
mv /etc/bind /var/lib/bind/etc
Create a symlink to the new config directory from the old location (to avoid problems when bind gets updated in the future):
ln -s /var/lib/bind/etc/bind /etc/bind
Make null and random devices, and fix permissions of the directories:
mknod /var/lib/bind/dev/null c 1 3 mknod /var/lib/bind/dev/random c 1 8 chmod 666 /var/lib/bind/dev/null /var/lib/bind/dev/random chown -R bind:bind /var/lib/bind/var/* chown -R bind:bind /var/lib/bind/etc/bind
We need to modify /etc/default/syslogd so that we can still get important messages logged to the system logs. Modify the line: SYSLOGD=”” so that it reads: SYSLOGD=”-a /var/lib/named/dev/log”:
nano /etc/default/syslogd
# # Top configuration file for syslogd # # # Full documentation of possible arguments are found in the manpage # syslogd(8). # # # For remote UDP logging use SYSLOGD="-r" # SYSLOGD="-a /var/lib/bind/dev/log"
Restart the logging daemon:
/etc/init.d/sysklogd restart
Start up BIND, and check /var/log/syslog for errors:
/etc/init.d/bind9 start
Open /var/lib/bind/etc/bind/named.conf, then add a line at the bottom like this
nano /var/lib/bind/etc/bind/named.conf
[...] include "/etc/bind/named.conf.slaves";
Open /var/lib/bind/etc/bind/named.conf.options
nano /var/lib/bind/etc/bind/named.conf.options
Change like this
options { directory "/var/cache/bind"; # with the help of http://www.zytrax.com/books/dns/ # version statement - inhibited for security # (avoids hacking any known weaknesses) version "not currently available"; # all the world can query allow-query { any; }; # allows notifies only from masters allow-notify { 192.168.0.0/24; }; # disables all zone transfer requests allow-transfer { none; }; # Closed DNS - permits only local IPs to issue recursive queries # remove if required to support all users or add additional ranges # allow-recursion { 127.0.0.1; 192.168.0.0/24; }; allow-recursion { none; }; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { none; }; # by default we listen on all interfaces # listen-on { any; }; listen-on port 53 { 127.0.0.1; 192.168.0.0/24; }; }; # http://www.wantlinux.net/2008/05/mysql-based-dns-for-the-ability-for-web-based-control # http://howtoforge.net/forums/showthread.php?t=37727 server 192.168.0.0/24 { request-ixfr no; };
I want to update the slave zones once every 15 minutes, for my needs.
Put in /root/mydns_to_slave.pl this perl script
#!/usr/bin/perl use DBI; use DBD::mysql; my $m = '192.168.0.31'; # my IP address my $s = '192.168.0.13'; # server IP address my $u = 'username'; my $p = 'pass!word'; #$dsn = "dbi:SQL Platform:database_name:host_name:port"; my $dsn = "dbi:mysql:database_name:$s:3306"; # try to connect to mysql server my $dbh = DBI->connect($dsn,$u,$p) || die "Cannot connect to the DB: $DBI::errstr\n"; # retrieve the returned rows of data #my $sql = "SELECT `origin`, `id`, `serial`, `active` FROM `dns_soa`" my $sql = "SELECT `origin` FROM `dns_soa`" ." WHERE `active` = 'Y' AND FIND_IN_SET('$m',`also_notify`)" ." ORDER BY 1"; my $sth = $dbh->prepare($sql); $sth->execute() || die "Cannot execute the query: " . $sth->errstr; # empties the slaves file open (slave,"> /var/lib/bind/etc/bind/named.conf.slaves") || die "Cannot open named.conf.slaves for writing"; # iterating the returned rows of data while ($r = $sth->fetchrow_hashref) { $zone = substr($r->{origin},0,-1); $file = $zone; $file =~ s/\//-/g; # slashes are illegal in filenames printf slave "zone \"$zone\" {\n"; printf slave " type slave;\n"; printf slave " masters { $s; };\n"; printf slave " file \"$file.zone\";\n"; printf slave "};\n"; } close (slave); # force reload bind `/etc/init.d/bind9 force-reload`
Now edit /etc/crontab adding these lines at the end of the file
nano /etc/crontab
[...] # updating the bind slaves every 15 minutes # m h dom mon dow user command 14 * * * * root perl /root/mydns_to_slave.pl 29 * * * * root perl /root/mydns_to_slave.pl 44 * * * * root perl /root/mydns_to_slave.pl 59 * * * * root perl /root/mydns_to_slave.pl