Export to tinydns
Clone this wiki locally
Djbdns or n-djbnds needs to be installed on the NicTool server and on each DNS server. No patches are necessary when building djbdns. NicTool's export routines use tinydns' generic record format to publish DNS records that tinydns doesn't natively support (SPF, SRV, AAAA, LOC, NAPTR, SSHFP). The djbdns IPv6 patch is not necessary to publish AAAA records, but it is necessary to bind tinydns to an IPv6 address.
Create the tinydns service
On the DNS server(s), create a user account for the tinydns DNS server, and then create the services, substituting the user and group names you just created:
sh export TINYUSER=tinydns export TINYGROUP=bind export TINYIP=10.0.0.1 export NSNAME=ns1.example.com pw user add $TINYUSER -m mkdir /usr/local/tinydns /usr/local/axfrdns tinydns-conf $TINYUSER $TINYGROUP /usr/local/tinydns/$NSNAME $TINYIP axfrdns-conf $TINYUSER $TINYGROUP /usr/local/axfrdns/$NSNAME /usr/local/tinydns/$NSNAME $TINYIP
enable TCP support in axfrdns
cd /usr/local/axfrdns/$NSNAME cat > tcp <<EOTCP :allow,AXFR="" :deny EOTCP make
start up tinydns & axfrdns
ln -s /usr/local/tinydns/$NSNAME /service/tinydns-$NSNAME ln -s /usr/local/axfrdns/$NSNAME /service/axfrdns-$NSNAME
Set up NicTool export
On the NicTool server, create a system user for the NicTool export process to run as. Then, log into the nt_user account, generate SSH keys, and install the public key in tinydns@ns1:.ssh/authorized_keys.
export NTE_USER=nictool pw user add $NTE_USER -m su - $NTE_USER ssh-keygen cat .ssh/id_rsa.pub
Copy the contents of the SSH public key and paste it into the tinydns users authorized_keys file on the tinydns server:
su - $TINYUSER ssh-keygen vi .ssh/authorized_keys
Test by making an SSH connection from $NTE_USER user account on the NicTool server to the tinydns account on the DNS server.
su - $NTE_USER ssh $TINYUSER@$NSNAME
You'll be prompted to accept the remote servers host key. You should then be logged in successfully. This must work in order for updates to happen automatically.
Create the NicTool export
mkdir -p /usr/local/nictool/$NSNAME cd /usr/local/nictool/$NSNAME chown $NTE_USER ../$NSNAME ln -s ../server/bin/nt_export.pl . setuidgid $NTE_USER ./nt_export.pl setuidgid $NTE_USER ./nt_export.pl -nsid N
The export script will connect to the database, export all the data for the selected NS, compile the 'data' file into data.cdb, and then rsync a copy of data.cdb to the remote NS. If the nictool export user has permission to SSH to the NS as the 'tinydns' user, then the export will likely succeed.
The nt_export.pl script will also leave behind a 'run' file in the export directory. The run file will perform the actual export (calling nt_export.pl with the right settings) and has instructions for use with cron, init, or daemontools. The default action is to run a manual export.
./run (wait 10 seconds, ignore any errors) Ctrl-C (cancel) vim run (uncomment the 'run' entry for the desired deployment model)
Start the NicTool export service
ln -s /usr/local/nictool/$NSNAME /service