Forgot your password?
Document Actions
x313.html
| DNS -- Domain Name Service | ||
|---|---|---|
| <<< Previous | DNS using djbdns | Next >>> |
Maintaining Multiple Domain Files
I am putting together a system to maintain multiple zone files using the Unix file system as the primary database, with simple shell scripts to maintain the data files by combining the individual zone files. The djbdns files are designed to be simple to edit and maintain, and personally I find it easier to edit a file than to dig through a bunch of browser screens to do a simple task. All the djbdns files are under the /csoft/etc/djbdns directory in these subdirectories and files:
| Directory | Subdirectory | File | Description |
|---|---|---|---|
| primary | zonename | data | standard djbdns data for zone |
| primary | zonename | update.sh | Script to update secondaries |
| secondary | zonename | data | standard djbdns data for zone |
| secondary | zonename | axfrcmd | Script to do zone transfer if necessary |
| private | zonename | data | standard djbdns data for zone |
| pubdir | data | standard djbdns for primary and secondary zones | |
| privdir | data | standard djbdns for private zones |
This allows us to build public and private data files simply with scripts like this:
#!/bin/sh sort -u primary/*/data secondary/*/data > pubdir/data (cd pubdir; tinydns-data; rsync...) sort -u private/*/data > privdir/data (cd privdir; tinydns-data; rsync...) |
Primary Zone Files
The primary zone's data files can be maintained any way that seems appropriate including the simple shell scripts that the tinydns-conf program creates in the /csoft/etc/tinydns/root directory. Creating a new zone could be as simple as:
#!/bin/sh cd /csoft/etc/djbdns mkdir primary/example.com cd primary/example.com touch data tinydns-edit data data.new add ns ns1.example.com 192.168.1.1 tinydns-edit data data.new add ns ns2.example.com 192.168.1.2 tinydns-edit data data.new add host ns1.example.com 192.168.2.1 tinydns-edit data data.new add host ns2.example.com 192.168.1.2 tinydns-edit data data.new add host mail.example.com 192.168.1.3 tinydns-edit data data.new add mx example.com 192.168.1.3 tinydns-edit data data.new add mx example.com 192.168.1.1 tinydns-edit data data.new add mx example.com 192.168.1.2 tinydns-data |
This is a bit rudimentary, but should work. It has the MX records hard coded instead of with host names which will work, but I prefer to keep it a bit cleaner than that.
The update.sh script could be used to update ``secondary'' servers after making changes in the data files. This could also be in a ``Makefile'' that would also handle things like running tinydns-data as necessary.
Secondary Data Files
These are normally updated from the primary systems, either directly using rsync from those systems, or by doing zone transfers from their BIND servers.
Private Data Files
These are exactly like the primary data files except that they're destined for the /csoft/etc/tinydns-private/root/data for split-horizon DNS instead of for external use.
Purely private tinydns
There may well be self-contained machines such as laptops that are often used as disconnected from the net. These might well run a single tinydns program using the zone files from the public, secondary, and private directories:
#!/bin/sh cd /csoft/etc/djbdns mkdir selfdir sort -u primary/*/data secondary/*/data private/*/data > selfdir/data (cd selfdir; tinydns-data) |
Rsync Server Configuration for Secondary Servers
Secondary DNS servers can be configured using /csoft/etc/rsync/*conf so that they can be updated safely using the rsync in server mode instead of using ssh, secure shell. This has the advantage that it doesn't require using ssh identity files with null pass phrases if one wants to run jobs from cron, and it avoids some problems where rsync may hang using ssh connections.
There are a couple of different configurations possible using rsync, syncing the entire /csoft/etc/tinydns and /csoft/etc/tinydns-private data files on multiple machines within a single organization, and sync'ing a set of zone files to another site's secondary directories where that site may have a superset of the zones maintained on your system. In the first case, the updates will go directly to the /csoft/etc/tinydns/root directory, while in the second they will go to /csoft/etc/djbdns/secondary/zonename (which could well contain multiple zones so a single directory could handle all zones for a site).
Building the /csoft/etc/dnscache/root/servers Files
There are some significant advantages to running local copies of the root name server information. This eliminates the need to go out on the Internet to the root servers for every lookup, and also provides additional security against corruption of the root servers. The Open Root Server Confederation provides complete instructions on setting up your own root name server info using djbdns. They also tend to have the latest information on new Top Level Domains (TLDs) before ICANN does.
| <<< Previous | Home | Next >>> |
| Installing and Starting Servers | Up | Documentation and Resource Links |