I have wrote the follow How-To for turning an E-smith server/gateway into a
public DNS server with dual named instances in the same chroot shell.
Before I fully release it, am interested if this list has any suggestions on
improving it. I do understand that running a public DNS server isn't
recommended by e-smith, but I wrote this for those that may be interested.
=================================================================
== Security
=================================================================
I am limiting packets to be of type UDP on port 53. Since TCP packages are
used for ZONE update requests. Is this enough, or is there more rules I can
put in IPchains?
=================================================================
== Need Help:
=================================================================
1) How do I get /sbin/e-smith/signal-event console-save
to automatically re-build my custom Named Conf templates?
(/etc/named-ext.conf)
2) How do I get console-save to move my named*.conf files to /home/dns/etc ?
3) I don't think we need to remove the 60domains file on the internal side
or should I? (See step 3.C)
4) How to reset IPchains and inittab without rebooting?
If I need to reboot, is "init 6" a good/safe way of rebooting the system?
or should I use the console?
=================================================================
== Public DNS HOTO for E-SMITH 4.1.X
=================================================================
====================================
==Instructions on how to set up DNS to Host a Public Website.
====================================
Before you start:
To transfer your website to your machine you need to have 2 DNS servers.
Your e-smith machine can be one of them, but you will need a second. This
can be done by a second e-smith machine on a different static IP number.
You can also do this by paying a fee and using a public DNS or having a
friend machine be your secondary DNS server.
Assumptions:
These instructions assume you have a 2 static IP number (111.222.0.3,
111.222.0.4)
The E-smith machine is a gateway with two Net cards. The Internal IP is
192.168.0.1.
The new domain you are hosting is: mycompany.com
======================================================================
==Turning your E-smith 4.1.X machine into a public dual DNS server:
======================================================================
==I tested this on E-smith version 4.1.2
1)Create 2 custom templates for the named.conf files for the Dual DNS servers
(one Internal & one External)
mkdir /etc/e-smith/templates/etc/named-ext.conf
mkdir /etc/e-smith/templates-custom/etc/named.conf
mkdir /etc/e-smith/templates-custom/etc/named-ext.conf
cp /etc/e-smith/templates/etc/named.conf/*
/etc/e-smith/templates-custom/etc/named.conf
cp /etc/e-smith/templates/etc/named.conf/*
/etc/e-smith/templates-custom/etc/named-ext.conf
2)Customize the External DNS config file (name-ext.conf)
2.A) Update the "listen on" line in file "15listenon"
From: listen-on \{ 127.0.0.1; { $LocalIP }; \};
To: listen-on \{ { $ExternalIP }; \};
2.B) Add local Host files as "31MyCompany" (use command "pico 31MyCompany")
#-----------------------------------------
# MyCompany.com domain
#-----------------------------------------
zone "mycompany.com" \{
type master;
file "mycompany.host.ext";
\};
2.B.1) If you have more than one domain follow set 2.B for each creating
files 31MyDomain or 31company2
2.C) Remove default Local Host file (since the use the 192.168.x.x numbers)
rm 30localhost
2.D) Remove reverse lookup files (since these also have 192.168.x.x numbers)
rm 40localptrs
2.E) Remove the default Domain files (since we will had these by hand)
rm 60domains
3)Customize the Internal DNS config file (name.conf)
3.A) Copy domain files from external config directory to Internal directory
cp /etc/e-smith/templates-custom/etc/named-ext.conf/31*
/etc/e-smith/templates-custom/etc/named.conf
3.B) Edit all 31 domain files to list the internal files: (example: pico
31MyCompany)
from file "mycompany.host.ext";
to file "mycompany.host.int";
3.C) I don't think we need to remove the 60domains file on the internal side?
Any Comments?
4)expand the named config files templates and copy to /home/dns/etc
/sbin/e-smith/expand-template /etc/named.conf
/sbin/e-smith/expand-template /etc/named-ext.conf
cp /etc/named-ext.conf /home/dns/etc
/**** Step 9 will do a /sbin/e-smith/signal-event console-save which will
copy only the named.conf file. **/
/** any hints on how to get e-smith to automatically copy the named-ext.conf
when Templates are changed would be appreciated **/
5)Create mycompany.host.ext zone file in directory /home/dns/var/named
(example: pico /home/dns/var/named/mycompany.host.ext)
copy the following to the file:
@ IN SOA mycompany.com. admin.mycompany.com. (
2001042501 ; Serial
8H ; Refresh
2H ; Retry
7D ; Expire
1D ) ; Minimum
IN NS ns1
IN NS ns2
IN MX 10 mail
mycompany.com. IN A 111.222.0.3
ns1 IN A 111.222.0.3
ns2 IN A 111.222.0.4
mail IN A 111.222.0.3
www IN A 111.222.0.3
ftp IN A 111.222.0.3
6)Create mycompany.host.int zone file in directory /home/dns/var/named
(example: pico /home/dns/var/named/mycompany.host.int)
@ IN SOA mycompany.com. admin.mycompany.com. (
2001042501 ; Serial
8H ; Refresh
2H ; Retry
7D ; Expire
1D ) ; Minimum
IN NS ns1
IN NS ns2
IN MX 10 mail
mycompany.com. IN A 192.168.0.1
ns1 IN A 192.168.0.1
ns2 IN A 192.168.0.2
mail IN A 192.168.0.1
www IN A 192.168.0.1
ftp IN A 192.168.0.1
7) Edit the inittab file to start two instances of Named
7.A) create a custom template for /etc/inittab
mkdir /etc/e-smith/templates-custom/etc/inittab
cp /etc/e-smith/templates/etc/inittab/*
/etc/e-smith/templates-custom/etc/inittab
7.B) edit file 15named to launch 2 copies of named with different config
files (example: pico 15named)
$OUT .= "ni:3457:respawn:/usr/sbin/named -f -u dns -g dns";
$OUT .= " -t /home/dns /etc/named.conf\n";
$OUT .= "ne:3457:respawn:/usr/sbin/named -f -u dns -g dns";
$OUT .= " -t /home/dns /etc/named-ext.conf";
7.C) expand this new template
/sbin/e-smith/expand-template /etc/inittab
7.D) Changes will not take effect until a reboot (but we will do that at the
end)
8) Update ipchains starting script to allow incoming packets to port 53.
We are limiting the packets to be of type UDP since TCP packages are used
for ZONE update requests.
8.A) create a custom template for /etc/rc.d/init.d/masq
mkdir /etc/e-smith/templates-custom/etc/rc.d/init.d/masq
cp /etc/e-smith/templates/etc/rc.d/init.d/masq
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq
8.B) create file 45AllowDNS with the follow contents:
{
$OUT .= <<'HERE'
/sbin/ipchains --append input -p udp -d $OUTERNET 53 -j ACCEPT
HERE
}
9) Do a console-save command to global update
/sbin/e-smith/signal-event console-save
10) Reboot the system. (Is "init 6" a good/safe way of rebooting the system?)
======================================================================
==Adding a new Domain to the public dual DNS servers:
==Example: How to do DNS for a Friend or host another Domain as a Virtual
Domain
======================================================================
Assume: I am adding Domain PERSONAL.ORG as an IBAY on the same machine
========================================================================
1) Customize the External DNS config file (name-ext.conf)
1.A) add a 31personal file (example: pico
/etc/e-smith/templates-custom/etc/named-ext.conf/31personal)
#-----------------------------------------
# personal.org domain
#-----------------------------------------
zone "personal.org" \{
type master;
file "personal.host.ext";
\};
2) Customize the Internal DNS config file (name-int.conf)
1.A) add a 31personal file (example: pico
/etc/e-smith/templates-custom/etc/named-int.conf/31personal)
#-----------------------------------------
# personal.org domain
#-----------------------------------------
zone "personal.org" \{
type master;
file "personal.host.int";
\};
3) Expand the Named Config Files and copy them to the chroot location
(/home/dns/etc)
/sbin/e-smith/expand-template /etc/named.conf
/sbin/e-smith/expand-template /etc/named-ext.conf
cp /etc/named*.conf /home/dns/etc
4) Create personal.host.ext zone file in directory /home/dns/var/named
(example: pico /home/dns/var/named/personal.host.ext)
see step 5 above to example of file contents.
5) Create personal.host.int zone file in directory /home/dns/var/named
(example: pico /home/dns/var/named/personal.host.int)
see step 6 above to example of file contents.
6) Restart the Named processes by killing them and init will automatically
respawn new instances of them.
killall named
7) You can verify killall did it job by running "pidof named" before and after
and you will see that
each time it list 2 different pid showing that 2 instances of named are
running.
