[Server-devel] adding custom dns entries on XS
Hi,
We'd like to add a custom DNS entry on the XS to override
updates.laptop.org to point it at another address (where we'll serve
antitheft/lease data for paraguay).
I have got it working as follows:
I modified /etc/named-xs.conf and I added this section inside the
internal view:
zone updates.laptop.org {
type master;
file ulo.db;
};
/var/named-xs/ulo.db contains
@ IN SOA 172.18.0.1. admin.paraguayeduca.org. (
200903171 ; serial, todays date + todays serial #
8H ; refresh, seconds
2H ; retry, seconds
4W ; expire, seconds
1D ); minimum, seconds
IN NS 172.18.0.1.
IN A 1.2.3.4
where 1.2.3.4 is the IP that it will redirect too.
This is working, but it's ugly. Changes will be lost next time the XS
configs are updated/regenerated. Can anyone suggest a better way to do
this?
Thanks,
Daniel
___
Server-devel mailing list
server-de...@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] adding custom dns entries on XS
On Tue, 2009-03-17 at 09:40 -0400, Daniel Drake wrote:
Hi,
We'd like to add a custom DNS entry on the XS to override
updates.laptop.org to point it at another address (where we'll serve
antitheft/lease data for paraguay).
I have got it working as follows:
I modified /etc/named-xs.conf and I added this section inside the
internal view:
zone updates.laptop.org {
type master;
file ulo.db;
};
/var/named-xs/ulo.db contains
@ IN SOA 172.18.0.1. admin.paraguayeduca.org. (
200903171 ; serial, todays date + todays serial #
8H ; refresh, seconds
2H ; retry, seconds
4W ; expire, seconds
1D ); minimum, seconds
IN NS 172.18.0.1.
IN A 1.2.3.4
where 1.2.3.4 is the IP that it will redirect too.
This is working, but it's ugly. Changes will be lost next time the XS
configs are updated/regenerated. Can anyone suggest a better way to do
this?
Guess you missed the part in the README about using an .in template to
make your local changes stick between updates. On a different note, you
could also use iptables to redirect traffic headed towards
updates.laptop.org, kind of like the rule used for squid, just a bit
different.
Jerry
Thanks,
Daniel
___
Server-devel mailing list
server-de...@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel
___
Server-devel mailing list
server-de...@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] adding custom dns entries on XS
On Wed, Mar 18, 2009 at 9:04 AM, Daniel Drake d...@laptop.org wrote: dnsmasq can certainly help. With dnsmasq you just have to add an entry in /etc/hosts on the server, and then dnsmasq automatically picks it up. Well, then we'd have to have a conf.d for /etc/hosts... this part of the problem at least gets shifted around but not made easier. Michael says that djbdns also can do what we want, and pointed me to some documentation, but it looked a lot more complicated than dnsmasq. With djbdns it would be truly easy and modular. I had hoped dnsmasq had a mechanism similar to djbdns... Maybet the answer is to combine both -- use dnsmasq + djbdns. Anyway, someone will have to take on porting the dhcpd and bind configuration stuff we have... cheers, m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list server-de...@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] adding custom dns entries on XS
2009/3/17 Martin Langhoff martin.langh...@gmail.com: On Wed, Mar 18, 2009 at 9:04 AM, Daniel Drake d...@laptop.org wrote: dnsmasq can certainly help. With dnsmasq you just have to add an entry in /etc/hosts on the server, and then dnsmasq automatically picks it up. Well, then we'd have to have a conf.d for /etc/hosts... this part of the problem at least gets shifted around but not made easier. Martin 2 - dnsmasq 1 but as usual, dnsmasq has a cunning plan -H, --addn-hosts=file Additional hosts file. Read the specified file as well as /etc/hosts. If -h is given, read only the specified file. This option may be repeated for more than one additional hosts file. Can also be specified with the addn-hosts setting in the config file. bam!! Martin 2 - dnsmasq 2 Daniel ___ Server-devel mailing list server-de...@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] adding custom dns entries on XS
On Wed, Mar 18, 2009 at 10:09 AM, Daniel Drake d...@laptop.org wrote: Martin 2 - dnsmasq 1 dsd 10 - dnsmasq 10 - martin 2 the sample conffile also shows: # Include a another lot of configuration options. #conf-file=/etc/dnsmasq.more.conf #conf-dir=/etc/dnsmasq.d This is all good news. We are asking dhcpd and bind to do some stuff that is slightly off the beaten path. If dnsmasq alone or with djbdns can handle our oddities, and use a conf.d approach it'll be a huge win. At least a 26MB win in terms of core. Not having to wrestle with $...@#$%^ BIND is... [ please fill with your answer ] This msg, and others in dnsmasq-discuss, lead me to think that dnsmasq is a good fit for what we're trying to do http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2007q1/001158.html cheers, m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list server-de...@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] adding custom dns entries on XS
On Tue, Mar 17, 2009 at 04:04:06PM -0400, Daniel Drake wrote: 2009/3/17 Martin Langhoff martin.langh...@gmail.com: It's in my plans to have a means to do what you're doing. I was wondering about - a conf.d approach - a pre-processor for the .in files that handles ifdef-style blocks - whether dnsmasq or djbdns can help us here I sure hope BIND won't be with us for ever. dnsmasq can certainly help. With dnsmasq you just have to add an entry in /etc/hosts on the server, and then dnsmasq automatically picks it up. Michael says that djbdns also can do what we want, and pointed me to some documentation, but it looked a lot more complicated than dnsmasq. Here's a rough outline of how you might redirect antitheft.laptop.org with djbdns on Debian Lenny. I can't promise that it's bulletproof, but it seems to do approximately the right thing in simple testing. sudo su - apt-get install djbdns useradd -s /bin/false dnslog useradd -s /bin/false tinydns useradd -s /bin/false dnscache export YOUR_IP=... # create empty dnscache and tinydns configurations dnscache-conf dnscache dnslog /etc/dnscache tinydns-conf tinydns dnslog /etc/tinydns 127.0.0.1 # tell dnscache where to bind, when to reply, and to proxy queries for at.l.o echo $YOUR_IP /etc/dnscache/env/IP touch /etc/dnscache/root/ip/10 # answer 10.0.0.0/24 echo 127.0.0.1 /etc/dnscache/root/servers/antitheft.laptop.org # give tinydns a zone containing at.l.o cd /etc/tinydns/root ./add-ns antitheft.laptop.org $YOUR_IP ./add-host antitheft.laptop.org $YOUR_IP make # tell supervise to run our services; see also update-service on debian ln -s /etc/dnscache /etc/service ln -s /etc/tinydns /etc/service # check that we're running and bound to proper ports svstat /etc/dnscache /etc/tinydns netstat -nulp | grep ':53 ' # read logs tail -f /etc/dnscache/log/main/current cat /etc/tinydns/log/main/current | tai64nlocal | less # optional -- resolve against your local dnscache echo domain schoolserver /etc/resolv.conf echo nameserver $YOUR_IP /etc/resolv.conf Questions? Michael P.S. - Is there a wiki page where this sort of thing is supposed to go? ___ Server-devel mailing list server-de...@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] adding custom dns entries on XS
2009/3/17 Daniel Drake d...@laptop.org: But the iptables idea is a good one, thanks! ...but unfortunately the redirect is done by IP, which results in all services/sites that might be running on the same system as activation.laptop.org being unaccessible, and also breaks as soon as the upstream IP for activation.laptop.org changes :( Daniel ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] adding custom dns entries on XS
On Wed, Mar 18, 2009 at 4:21 AM, Daniel Drake d...@laptop.org wrote: The changes to .in will be overwritten when xs-configs gets updated. But the iptables idea is a good one, thanks! It's in my plans to have a means to do what you're doing. I was wondering about - a conf.d approach - a pre-processor for the .in files that handles ifdef-style blocks - whether dnsmasq or djbdns can help us here I sure hope BIND won't be with us for ever. (mutter, grumble grumble spit... network principles and the inelegance of breaking the internet) cheers, m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] adding custom dns entries on XS
2009/3/17 Martin Langhoff martin.langh...@gmail.com: It's in my plans to have a means to do what you're doing. I was wondering about - a conf.d approach - a pre-processor for the .in files that handles ifdef-style blocks - whether dnsmasq or djbdns can help us here I sure hope BIND won't be with us for ever. dnsmasq can certainly help. With dnsmasq you just have to add an entry in /etc/hosts on the server, and then dnsmasq automatically picks it up. Michael says that djbdns also can do what we want, and pointed me to some documentation, but it looked a lot more complicated than dnsmasq. Daniel ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] adding custom dns entries on XS
On Tue, 2009-03-17 at 12:00 -0400, Daniel Drake wrote: 2009/3/17 Daniel Drake d...@laptop.org: But the iptables idea is a good one, thanks! ...but unfortunately the redirect is done by IP, which results in all services/sites that might be running on the same system as activation.laptop.org being unaccessible, and also breaks as soon as the upstream IP for activation.laptop.org changes :( The dns hijack would suffer from an ip change also, would it not? With iptables you would be redirecting just the destination ports for the activation service, not all the traffic bound for activation.laptop.org, as with the dns trick. What iptables command did you try? I was thinking of something like(untested): -A PREROUTING -i ! eth0 -p tcp --dport port -d 18.85.46.58 -j DNAT --to-destination ip of your box Jerry ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] adding custom dns entries on XS
On Tue, 2009-03-17 at 16:04 -0400, Daniel Drake wrote: 2009/3/17 Martin Langhoff martin.langh...@gmail.com: It's in my plans to have a means to do what you're doing. I was wondering about - a conf.d approach - a pre-processor for the .in files that handles ifdef-style blocks - whether dnsmasq or djbdns can help us here I sure hope BIND won't be with us for ever. dnsmasq can certainly help. With dnsmasq you just have to add an entry in /etc/hosts on the server, and then dnsmasq automatically picks it up. You beat me to that one. Jerry ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] adding custom dns entries on XS
2009/3/17 Jerry Vonau jvo...@shaw.ca: The dns hijack would suffer from an ip change also, would it not? No. If the real antitheft.laptop.org changes IP, our hijack still works. Daniel ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
