Skip to content
Find file
Fetching contributors…
Cannot retrieve contributors at this time
195 lines (139 sloc) 6.08 KB
*******************
Note: Yaku-NS is a 10 years old project. It is here for personal "historical" reasons, as this is one of the first non trivial C projects I wrote.
*******************
+==================================================+
| WARNING |
| Yaku-NS is in the beta stage of development |
| possibly unstable, insecure, sperimental code. |
| USE IT AT YOUR RISK. |
+==================================================+
-----------
ADVERTISING
-----------
Yaku-ns is GPLed, but you can get a BSD-like license for your
own company usage (for example to develop a closed-source fork
and put yaku-ns in some router, appliance, ...) for 1000 EUR.
The licence can't be sold to others, and applies to the current
CVS source code, that is, you can't use code that I put
in the CVS _after_ you already got the license.
There aren't time limits. After you got the license you can
modify the code and sell it in binary form, inside a ROM,
where you want, forever.
For more information please write to antirez@invece.org
--------
OVERVIEW
--------
Yaku-NS is a DNS server that implements a subset of the
DNS protocol.
For a full featured DNS server check the BIND
For a very secure DNS server (not complete, with a silly license) check DJBDNS
For an alternative (almost complete) DNS server implementation check DENTS
For a new upcoming GPL DNS implementation check MARADNS
The goal is to provide an easy to configure GPLed alternative for:
* A DNS server for myself. I'm unable to configure bind
* A primary/secondary DNS server
* Forward only DNS server
* Dial-up systems
* Embedded systems
----------------------------------
HOW TO SETUP YAKU IN YOUR UNIX BOX
----------------------------------
Yaku-NS runs without root privileges in a chroot jail.
We provided this features for your security, please enable
this features!
COMMAND LINE OPTIONS
~~~~~~~~~~~~~~~~~~~~
usage: yaku-ns [-p <port>] [-f <port>] [-C <max>] [-F <max>]
[-T <forward_timeout>] [-c <config_file>]
[-l <logfile>] [-r <chroot jail>] [-u owner]
[-b <addr>] [-xdDhV]
-p <port> Use the UDP port <port> for the DNS service.
-P <port> Use the TCP port <port> for the DNS under TCP service.
The only two requests accepted under TCP are IN/AXFR and IN/SOA.
-f <port> Query the external DNS servers to the port <port>.
-C <size> Use a cache of size <size>, 0 is no-cache.
-F <max> Use a forwarded request queue of size <size>, 0 turn off
the forwarding.
-T <timeout> Forwarded requets expire in <timeout> seconds.
-c <file> Use the config file <file>: WARNING you must specify
the absolute path here, since the server chdir() to "/".
Also note that this path is relative to the chroot jail.
Use "-" as filename to provide the configuration from the
standard input.
-l <file> Use the <file> for yaku-ns logs. Remember to use an
absolute path, relative to the chroot (if used).
-r <directory> Chroot to <directory>.
-u <username> Run as <username> (default is nobody, not so secure).
-b <address> Bind only the interface with IP address <address>.
-x Enable the TCP services.
-d Demonize.
-h Show a little help.
-V Verbosity level: -V: low level, -VV medium level, -VVV
high level of verbosity. -VVV is raccomanded for new users.
See how to create a configuration file using the self-commented
config file at Documentation/yaku-ns.conf.example
Follow this steps to install Yaku-NS in a unix-like system:
COMPILING YAKU-NS
~~~~~~~~~~~~~~~~~
$ vi tunable.h (optional)
$ make
INSTALLING ENS
~~~~~~~~~~~~~~
Create a system user "yaku" in the "yaku" group.
# mkdir /usr/local/yaku-ns
# chown yaku:yaku /usr/local/yaku-ns
# chmod 700 /usr/local/yaku-ns
# cp yaku-ns /usr/local/yaku-ns
# cp Documentation/yaku-ns.conf.example /usr/local/yaku-ns/yaku-ns.conf
# chown root:root /usr/local/yaku-ns/*
# chmod 755 /usr/local/yaku-ns/yaku-ns
# chmod 644 /usr/local/yaku-ns/yaku-ns.conf
# touch /usr/local/yaku-ns/yaku-ns.log
# chown yaku:yaku /usr/local/yaku-ns/yaku-ns.log
# chmod 644 /usr/local/yaku-ns/yaku-ns.log
# cd /usr/local/yaku-ns
# ls -l
The output of the ls -l command should be like the following:
total 168
-rwxr-xr-x 1 root root 153306 Dec 26 14:48 yaku-ns
-rw-r--r-- 1 root root 10107 Dec 26 14:49 yaku-ns.conf
-rw-r--r-- 1 yaku yaku 0 Dec 26 14:53 yaku-ns.log
CONFIGURING YAKU-NS
~~~~~~~~~~~~~~~~~~~
Edit the example self-commented configuration file
/usr/local/yaku-ns/yaku-ns.conf and create your configuration.
RUNNING YAKU-NS
~~~~~~~~~~~~~~~
To run Yaku-NS inside a chroot jail (raccomanded!)
with TCP services enabled just use:
# /usr/local/yaku-ns/yaku-ns -xd -u yaku -r /usr/local/yaku-ns/ -c /yaku-ns.conf
Note that the configuration file is specified using the absolute
path, relative to the chroot.
SIGNALS
~~~~~~~
Yaku-NS performs different action if some signal is received:
SIGHUP: Reload the configuration (use it when your records was updated)
SIGUSR1: Force yaku-ns to log some debugging information
SIGUSR2: Switch the forwarding ON/OFF
-------
GETZONE
-------
Getzone is a trivial utility that performs an AXFR request
over TCP to some primary DNS server and produces as output
the zone in a format compatible with the Yaku-NS configuration file.
You can use it to create a rudimental secondary DNS (slave)
but a better solution will be on the road ASAP (It wasn't ASAP
since I use only external secondary nameservers, so yaku-ns
is my primary DNS server).
Usage: getzone -z <zone> -s <server IP address> [ -p <port> ]
-z The zone to download
-s The IP address of the master server
-p Specify a different destination port, the default is port 53
Example:
$ getzone -z test.org -s 1.2.3.4 > salve-db.test.org
Than you need to send a SIGHUP to Yaku-NS to force a local RRs reload.
Obviously you need to add an include keyword in the yaku-ns.conf
to include the zone. See the example configuration file for more
information.
Have fun,
antirez
Something went wrong with that request. Please try again.