Archive for the dns Category

Consolidating / merge several DNS zone files into one server

Saturday, March 5th, 2016 | Permalink

I recently worked on a datacenter move including migration of internal and external DNS servers.

the old datacenter had a history of around 20 years.
Unfortunately back in the days it was decided to use the same domain for internal and external records, but split it so that there is two zone files. One holding internal, the other one public records. Each zone file had around 1800 single records. A total mess!

We decided to move for DNS to AWS Route53, so a merge was necessary.

During that journey I found two really helpful tools.

One is dns_compare which helps you checking a zone file against a DNS server. E.g. internal file against external server.

The second tool is cli53, which is literally a command line tool that lets you manipulate and import/export DNS records into Route53.

Unfortunately the import within the AWS interface is only available for the initial import and only supports a maximum of 1000 records. cli53 helps with this as well.

Posted in dns | No Comments »

Howto install djbdns with autoaxfr

Saturday, January 5th, 2008 | Permalink

If you like to setup autoaxfr with djbdns, maybe this howto will help you.

First of all, I assume that you have already installed ucspi-tcp and daemontools. If not, look at D.J. Bernsteins Webseite
http://cr.yp.to and install it.

After that, you will have to download autoaxfr and the djbdns Package.
What I’m doing is a basic installation. If you need IPv6 support, watch out, there will be a patch somewhere for djbdns.

Now, add the necessary users:

groupadd dns
useradd -g dns -s /bin/false dnscache
useradd -g dns -s /bin/false tinydns
useradd -g dns -s /bin/false dnslog
useradd -g dns -s /bin/false axfrdns
useradd -g dns -s /bin/false autoaxfr


dnscache

First of all, we install dnscache to 127.0.0.1

dnscache-conf dnscache dnslog /etc/dnscache 127.0.0.1
If you like to distribute dns service to other machines in your network, add a real ip address.
WARNING: You can only use dnscache or tinydns on ONE ip address.

If you need dnscache to resolv domain names for other machines in your network, add the network or every machine by doing this.
touch /etc/dnscache/root/ip/192.168.0

Now it’s time to activate your dnscache.
ln -s /etc/dnscache /service

tinydns

You will need tinydns if you like to play dns server for domains.
First of all, configure it:
tinydns-conf tinydns dnslog /etc/tinydns 212.89.98.32
Use the external ip address, the server should be reachable at.

Now it’s time to setup autoaxfr.
autoaxfr-conf autoaxfr dnslog /etc/autoaxfr

You will now have to edit the file /etc/tinydns/root/Makefile
Replace everything with this:
data.cdb: data
/usr/local/bin/tinydns-data

data: mydata axfrdata
cat $^ > $@

axfrdata: /service/autoaxfr/root/zones/*
sort -u $^ > $@

Don’t forget to add the file mydata & axfrdata:

touch /etc/tinydns/root/axfrdata
touch /etc/tinydns/root/mydata

After every change of data, a secondary dns or whatever, you’ll have to type make in /etc/tinydns/root/
Just automate this with a cronjob.

*/10 * * * * cd /etc/tinydns/root && make > /dev/null 2>&1

Let’s start tinydns and autoaxfr.

ln -s /etc/tinydns /service
ln -s /etc/autoaxfr /service

Goto /etc/autoaxfr/root/slaves.
Add every domain you would like to distribute as secondary dns by adding the domain name as filename and the ip address of the primary dns controller as content in the file.

Example:
vi test.com
123.123.123.133

DONE! That’s the basic.

If you like to play primary dns server you’ll have to install axfrdns.
axfrdns-conf axfrdns dnslog /etc/axfrdns /etc/tinydns 212.89.98.32
Use the same ip address as for tinydns.

Set the servers that are allowed to be secondary dns servers.
cd /etc/axfrdns
vi /etc/axfrdns/tcp


insert to following.

122.22.22.22:allow
:deny


You can restrict that to networks, domains and so on. For that, see the axfrdns manuel from djb.

After you have changed the file, type make.

Start axfrdns.

ln -s /etc/axfrdns /service

Comments, questions, whatever are welcome.

Posted in dns, hosting, linux | 1 Comment »