Howto set up tinydns on the external nic (for all internet) on e-smith 6.0. This small howto should be improved in that it does nothing the e-smith way at all.
Tested on a vmware machine only. Adjustments for iptables not included since I use this file:
http://www.hanscees.net/iptables5Documentation on the web:
main site:
http://www.tinydns.org/man pages at
http://smarden.org/pape/djb/manpages/howto:
http://www.lifewithdjbdns.org/#useful%20Linksfaq
http://www.faqts.com/knowledge_base/index.phtml/fid/699What we want to do:
Add a dns-service (split dns) to a normal e-smith gateway 6.0 to publish dns on internet. I assume you have the server as firewall for an internally firewalled network.
Standard e-smith 6.0 comes with tinydns and dns-cache: secure bind replacements. Dns-cache listens on the internal nic: in my test-case 192.168.0.122. My domain is hanscees.net. The server is called vmwesm6.hanscees.net.
The resolver of the firewall is pointed at 192.168.0.122. dns-cache is a caching dns server that has no authority.
At 127.0.0.1 listens tiny-dns. This is the authorative dns server for my domain hanscees.net. Dns-cache comes configured to ask queries about this domain hanscees.net on 127.0.0.1.
Strangely enough when you add domains to the esmith 6.0 it does not add such configuration so it does this too with other domains. So if you add wvdboom.com as a virtual domain the dnscache will ask this domain via the root-servers on the internet.
If you look at the server here are files that have to do with tinydns:
[root@vmwsm6 root]# find / -name tiny\*
/var/log/tinydns
/var/service/tinydns
/etc/e-smith/events/actions/tinydns-conf
/etc/e-smith/events/actions/tinydns-conf-startup
/etc/e-smith/events/actions/tinydns-restart
/etc/e-smith/templates/var/service/tinydns
/etc/rc.d/init.d/tinydns
/usr/local/bin/tinydns
/usr/local/bin/tinydns-conf
/usr/local/bin/tinydns-data
/usr/local/bin/tinydns-edit
/usr/local/bin/tinydns-get
/service/tinydns
[root@vmwsm6 root]# find / -name dnscache
/var/log/dnscache
/var/service/dnscache
/etc/e-smith/db/configuration/defaults/dnscache
/etc/e-smith/templates/var/service/dnscache
/etc/rc.d/init.d/dnscache
/usr/local/bin/dnscache
/service/dnscache
[root@vmwsm6 root]# cat /etc/resolv.conf
domain hanscees.net
nameserver 192.168.0.112
Here are the configfiles that matter asnd that are setup by the server itsself via the web-admin-interface.
/service/dnscache
/service/dnscache/root
/service/dnscache/root/servers domains with ip adresses of servers
hanscees.net:127.0.0.1
@: rootservers
reverses: 127.0.0.1
/service/dnscache/root/ip ip adresses he answers queries for:
127.0.0.1 and 192.168.0
/service/dnscache/env
ROOT:/var/service/dnscache/root
IP:192.168.0.112 (ip address he listens on)
datalimit,cachesize,forwardonly,ipsend
/service/tinydns
/service/tinydns/env
ip: 127.0.0.1
root: /var/service/tinydns/root
datalimit:3000
/service/tinydns/root
data (records)
data.cdb (dbase with records)
/service/tinydns/data:
# NS Records
.hanscees.net::vmwsm6.hanscees.net
.0.168.192.in-addr.arpa::127.0.0.1
# MX Records
@hanscees.net::vmwsm6.hanscees.net
# A Records for domains
+hanscees.net:192.168.0.112
# A Records for Hosts in hanscees.net
+ftp.hanscees.net:192.168.0.112
+mail.hanscees.net:192.168.0.112
+proxy.hanscees.net:192.168.0.112
+vmwsm6.hanscees.net:192.168.0.112
+wpad.hanscees.net:192.168.0.112
+www.hanscees.net:192.168.0.112
==this all above makes for internal ip adresses and for the firewall itsselve.
We should now add a dns server for the outside world. That would be a tinydns serving our domains at 10.0.0.122 (our outside ip number behind an adsl router that sets all ports through to us):
hanscees.net
ns mail.hanscees.net
mx mail.hanscees.net
a
www.hanscees.net (cname)
a mail.hanscees.net
a hanscees.net
wvdboom.com
ns mail.hanscees.net
mx mail.hanscees.net
a
www.wvdboom.com cname
a wvdboom.com @
=Set it up=================
1. set up the server config files (dns and dnslog exist already):
tidydns-conf dns dnslog /var/service/tidydnsext 10.0.0.122
2. Let the daemontools know we are here:
ln -s /var/service/tidydnsext /service
sleep 5
svstat /service/tidydnsext
3. Add records (notice cnames are not used since they are evil)
cd /var/service/tidydnsext/root
tinydns-edit data data-new add ns hanscees.net 62.131.2.12
tinydns-edit data data-new add mx hanscees.net 62.131.2.12
tinydns-edit data data-new add host mail.hanscees.net 62.131.2.12
tinydns-edit data data-new add alias
www.hanscees.net 62.131.2.12
tinydns-edit data data-new add alias hanscees.net 62.131.2.12
tinydns-edit data data-new add ns wvdboom.com 62.131.2.12
tinydns-edit data data-new add mx wvdboom.com 62.131.2.12
tinydns-edit data data-new add host mail.hanscees.net 62.131.2.12
tinydns-edit data data-new add alias
www.wvdboom.com 62.131.2.12
tinydns-edit data data-new add alias wvdboom.com 62.131.2.12
make
test:
dig @10.0.0.122
www.hanscees.net4. It now works and is setup. It will survive a reboot. Comments:
This should work but does not:
./add-host mail.hanscees.net 62.131.2.12
./add-ns hanscees.net mail.hanscees.net
./add-mx hanscees.net mail.hanscees.net
./add-alias
www.hanscees.net mail.hanscees.net
./add-ns wvdboom.com mail.hanscees.net
./add-mx wvdboom.com mail.hanscees.net
./add-host
www.wvdboom.com 62.131.2.12
the /var/service/tidydnsext/root/data file looks like this:
[root@vmwsm6 root]# cat data
.hanscees.net:62.131.2.12:a:259200
@hanscees.net:62.131.2.12:a::86400
=mail.hanscees.net:62.131.2.12:86400
+www.hanscees.net:62.131.2.12:86400
+hanscees.net:62.131.2.12:86400
.wvdboom.com:62.131.2.12:a:259200
@wvdboom.com:62.131.2.12:a::86400
+www.wvdboom.com:62.131.2.12:86400
+wvdboom.com:62.131.2.12:86400
.wvdboom.com:62.131.2.12:b:259200
@wvdboom.com:62.131.2.12:b::86400
+www.wvdboom.com:62.131.2.12:86400
+wvdboom.com:62.131.2.12:86400
5.
you should add something to let dns-cache ask queries about wvdboom.com also at 127.0.0.1:
echo 127.0.0.1 > /services/dnscache/root/servers/wvdboom.com
cheers
Hans-Cees