tNew article ! - monochromatic - monochromatic blog: http://blog.z3bra.org
HTML git clone git://z3bra.org/monochromatic
DIR Log
DIR Files
DIR Refs
---
DIR commit f1875c63f7c97dd29714e2f9a97a779c15e6df38
DIR parent 228054e90a95f8a2a4a18e9c91fb78cc905b7569
HTML Author: z3bra <willy@mailoo.org>
Date: Tue, 19 Aug 2014 09:36:21 +0200
New article !
Diffstat:
A 2014/07/name-that-domain.txt | 194 ++++++++++++++++++++++++++++++
A 2014/07/planning-downtime.txt | 24 ++++++++++++++++++++++++
2 files changed, 218 insertions(+), 0 deletions(-)
---
DIR diff --git a/2014/07/name-that-domain.txt b/2014/07/name-that-domain.txt
t@@ -0,0 +1,194 @@
+# [Name that domain](#)
+## — 10 July, 2014
+
+Hello folks !
+
+I recently reinstalled my home server, and during the process, I decided to
+throw away the heavy `BIND` nameserver from my application stack. I decided to
+go with the light couple **`tinydns` + ` dnscache`**.
+
+This wasn't really "easy" to do so, as there are really few resources on the web
+explaining the step to get this working (If you're aware of one, please send me
+a link, I'll be glad to share it). So here is a full tutorial !
+
+
+### TL;DR
+
+1. create tinydns zone file
+2. make `tinydns` listen on 127.0.0.1
+3. create the `ip` files for dnscache
+4. create the `servers` file for dnscache containing `127.0.0.1`
+5. Fire it up
+6. Enjoy.
+
+
+### The whole installation
+
+First of all, I had to find out what were my needs. It seems stupid to say so,
+but I have the bad habit to dive into configuration, barely knowing what I'm
+trying to do. Here's what I wanted:
+
+> The DNS nameserver will be running on a machine with IP **10.0.0.1**.
+> My local network will be named **domain.lan**.
+> I want all my machines to **contact 10.0.0.1 to resolve URIs**, and the server
+> will provide **authoritative answers for domain.lan**, and **forward
+> everything else** to some other servers.
+
+How should we organise things then ?
+
+Here's how I see it:
+
+* `tinydns` listens on 127.0.0.1
+* `tinydns` answers queries related to *.domain.lan
+* `dnscache` answer queries from any address
+* `dnscache` forwards queries related to *.domain.lan to ip 127.0.0.1
+* `dnscache` forwards everything else to others DNS
+* `dnscache` answers on any address
+
+Let's set this up then!
+
+
+### tinydns
+
+`tinydns` is fairly simple to use, and even more simple to configure. But it's
+nothing you've ever seen before. You can configure tinydns from a single file:
+
+ ─── cat /etc/tinydns/root/data
+ Zdomain.lan:dns.domain.lan::contact.domain.lan
+ &domain.lan::dns.domain.lan
+ +domain.lan:10.0.0.1
+ +pc1.domain.lan:10.0.0.1
+ +pc2.domain.lan:10.0.0.2
+
+That's a basic configuration file to use with `tinydns`. It will resolve
+`domain.lan` and `pc1.domain.lan` to ip `10.0.0.1` and `pc2.domain.lan` to
+`10.0.0.2`.
+
+For more infos on the syntax, check the [alpine wiki page](http://wiki.alpinelinux.org/wiki/TinyDNS_Format).
+
+Once your config file is created, you can generate the data that tinydns will
+use. Remember to correctly set the `ROOT` variable to define the directory where
+tinydns will store it's data:
+
+ # ROOT=/var/cache/tinydns/ tinydns-data
+
+As we said earlier, we want `tinydns` to listen on the loopback interface. To do
+so, we have to export the variable IP before running the binary.
+
+ # ROOT=/var/cache/tinydns/ IP=127.0.0.1 tinydns
+
+And there you go ! Tinydns is listenning on address 127.0.0.1.
+To check if it's correctly running, you can use `nslookup`.
+
+ # cp /etc/resolv.conf.old /etc/resolv.conf.orig
+ # cat <<EOF > /etc/resolv.conf
+ nameserver 127.0.0.1
+ EOF
+ # nslookup pc2.domain.lan
+ Server: (null)
+ Address 1: ::1 localhost
+ Address 2: 127.0.0.1 dns.domain.lan
+
+ Name: pc2.domain.lan
+ Address 1: 10.0.0.g.2
+ # mv /etc/resolv.conf.orig /etc/resolv.conf
+
+It works ! Don't use tinydns as a resolv.conf entry though. Because it's
+authoritative and ONLY serves our domain.lan zone, it would not be efficient...
+
+### dnscache
+
+No DNS server can answer all the queries, so in most case, if the DNS can't
+provide an answer, it will just forward the query to another depending on some
+internal rules.
+
+That's how we're gonna set up `dnscache`. Intercept queries from the local
+network, forward every query for `domain.lan` to `tinydns`, and everything to a
+standard list of known root servers.
+
+But first, we need to tell `dnscache` to answer every query from local domain.
+Let's say my current configuration is the following:
+
+ Network : 10.0.0.0
+ Netmask : 255.255.0.0
+ Gateway : 10.0.0.254
+ DNS : 10.0.0.1
+
+We need to listen on `10.0.0.0/16` for DNS queries. To set this up, take a look
+at the `/etc/dnscache/ip/` directory:
+
+ ─── ls /etc/dnscache/ip
+ 127
+ ─── wc 127
+ 0 0 0 /etc/dnscache/ip/127
+
+A single file named `127`, which is totally empty... What does that mean ?
+Upon startup, `dnscache` will read this directory and check the filenames to
+know which IP address it should accept queries from.
+
+The filename also act as a netmask, so in this case, `127` really means
+`127.0.0.0/8`.
+
+Back to our configuration. We want `dnscache` to accept queries from our local
+network: `10.0.0.0/16`. Just create the corresponding file:
+
+ # :> /etc/dnscache/ip/10.0
+
+And we're done !
+
+Now, we need to tell `dnscache` who will answer the queries it receives. This is
+done in the `/etc/dnscache/servers/` directory. We can see that there is already
+a file here:
+
+ ─── ls /etc/dnscache/servers/
+ @
+ ─── cat /etc/dnscache/servers/@
+ 198.41.0.4
+ 192.228.79.201
+ 192.33.4.12
+ 128.8.10.90
+ ...
+
+This is a list of the root servers extracted from [this
+list](http://www.internic.net/zones/named.root).
+
+In this directory, each file represent a domain, and the content of this file is
+the list of the servers to contact in order to resolve those names.
+"`@`" is a special name for the "fallback" entry.
+
+In our case, we want `tinydns` to resolve names from "domain.lan", and forward
+everything else to the root servers in the "`@`" file. To query `tinydns`, we
+need to forward queries to `127.0.0.1`. Here's how to do this:
+
+ # cat <<EOF > /etc/dnscache/servers/domain.lan
+ 127.0.0.1
+ EOF
+
+That's all. Pretty simple isn't it ?
+
+It's now time to start dnscache. It needs (like `tinydns`) two environment
+variables: `ROOT` for the configuration directory path, and `IP` for the address
+of the interface to listen on (note that you can use `0.0.0.0` to listen on all
+interfaces).
+
+ # ROOT=/etc/dnscache IP=10.0.0.1 dnscache
+
+You can now check if everything is working fine with `nslookup`:
+
+ # cp /etc/resolv.conf.old /etc/resolv.conf.orig
+ # cat <<EOF > /etc/resolv.conf
+ nameserver 10.0.0.1
+ EOF
+ # nslookup pc2.domain.lan
+ Server: (null)
+ Address 1: ::1 localhost
+ Address 2: 127.0.0.1 dns.domain.lan
+
+ Name: pc2.domain.lan
+ Address 1: 10.0.0.g.2
+ # mv /etc/resolv.conf.orig /etc/resolv.conf
+
+And there you are ! You can now specify the IP address of your server in the
+`resolv.conf` on your local computers.
+
+<!-- vim: set ft=markdown ts=4 et tw=80: -->
DIR diff --git a/2014/07/planning-downtime.txt b/2014/07/planning-downtime.txt
t@@ -0,0 +1,24 @@
+# [Planning downtime](#)
+## — 02 July, 2014
+
+Hi everybody !
+
+First of all, sorry for not posting anything in june. I've been a bit busy with
+my studies lately !
+
+Now I'm back, but I'll not be able to write something in the next few weeks.
+I just received a new computer, which is more powerful than the current one. So
+I'll upgrade my hardware, but just reinstalling the same setup would be too
+easy.. so I'll just install a new distro, and configure it whilst learning how
+to use it, so you should expect some down time it the following days.
+
+I will poweroff the current server on **sunday (06/07/14)**. I hope I'll be able
+to put it back online before **tuesday (08/07/14)**, but that's in case everything go fine.
+
+Wish me luck !
+
+**EDIT**: I'm done. It feels good to be back up ! (07 July, 2014)
+
+<q>Keep tweaking!</q>
+
+<!-- vim: set ft=markdown ts=4 et tw=80: -->