As always there is no warranty and I take no responsiblity for damages or lost files that the information
contained in this document might cause you. Everything here worked for me but you are still to use
this at your own risk and test it on a staging server before trying it on your live server.
A few notes:
1. DNS seems to always be a confusing issue: or at least it always is for me. It took me weeks to figure out
BIND in e-smith 4.1.2 and it took me a few days to iron this one out with the knowledge gained from that.
2. This tutorial will allow you to add/delete domains using the server-manager and make them accessible to the
public without interfering with the internal DNS. That being said, ALL domains you have listed will be
accessible to the outside world. If you want an intranet make those domains accessible to the local network
only in the ibay settings. This tutorial will also allow the server to update all external DNS entries as well
as the listening IP that queries are accepted on automatically.
3. For security reasons (and I would imagine to save CPU/bandwidth) tinydns will not answer ANY external queries
it does not have a DNS entry for. This cannot be changed so you will not be able to make this a completely
public DNS in that respect. The server WILL still resolve ALL domains from within the internal network as
usual.
4. To have a truly public DNS server (to be able to register domains to use your server as a Name Server) you
will need to register it as such and you MUST have a static IP to do this. I cannot help you with this.
If you want to do this you will have to look up more information on the internet. I do know that this is
free to do it just takes some time and effort.
5. ONTO THE HOWTO!!!
Here are the steps involved
1. Open UDP port 53 for incoming requests using iptables
2. Create two user account for the external dns to use and keep them locked
3. Create a new tinydns service called something like tinydsext (so you know it's external DNS)
4. Add an e-smith event file to update the external DNS whenever the external IP changes
Seems simple doesn't it.
1. Open UDP Port 53 for incoming requests using iptables
Update iptables starting script to allow incoming packets to port 53.
mkdir /etc/e-smith/templates-custom/etc/rc.d/init.d/masq
create a file there called 45AllowPUBDNS
# begin file
{
my $status=$tinydsext{status} || 'disabled'
$OUT = allow_udp_in(53,
($status eq 'enabled'));
}
#end file
Then you need to expand the template
/sbin/e-smith/expand-template /etc/rc.d/init.d/masq
and restart masq to apply the new rule
/etc/rc.d/init.d/masq restart
You should see:
Shutting down IP masquerade and firewall rules: Done!
Enabling IP masquerading: done
If you see a bunch of errors check to make sure everything in 45AllowPUBDNS is exactly as it is shown here.
That part is done!
2. Create two user accounts for the public dns to use.
This is directly from the the tinydns configuration pages.
Create two users. I named mine 'tinydnsext' and 'dsnlogext'. You need one to run the service and one to run
the logs as I understand it. Create these users using the e-smith server-manager user panel.
Leave the accounts locked (don't reset the password - we don't need them).
Part 2 is done!
3. Create a new tinydns service called something like tinydsext (so you know it's external DNS)
This will create a whole new tinydns service called tinydnsext in the /var/service dir. I put it there because
that is where the e-smith internal tinydns is. The IP at the end here can be anything but 127.0.0.1 and it is just
a place holder until we get the templates set up to change it. It is the listening IP for the new DNS service.
If you know your external IP you can put it in there.
tinydns-conf tinydnsext dnslogext /var/service/tinydnsext 192.168.10.10
Now you need to edit /home/e-smith/configuration and add this line:
tinydnsext=service|status|enabled
If you ever want to shut off the external dns you simply run
/sbin/e-smith/db configuration tinydsnext setprop status disabled
/sbin/e-smith/expand-template /var/service/tinydsext/env/IP
/etc/rc.d/init.d/tinydsnext restart
or you can just stop tinydnsext service but it will start again upon reboot
Now you need to make all the tmeplate files for the tinydnsext
Create the directory /etc/e-smith/templates-custom/var/service/tinydsnext
copy all the files from /etc/e-smith/templates/var/service/tinydns to the custom directory above
cd /etc/e-smith/templates-custom/var/service/tinydnsext/env
pico IP
You should see this
{
my $ip = $tinydns{'ListenIP'} || "127.0.0.1";
"$ip";
}
change it to look like this
{
my $ip = $ExternalIP;
"$ip";
}
and save your changes
cd ../root/data
delete the file 70genericHostARecords - we don't need it.
delete the entire 'sub get_generic_hostentries' function from 00functions
replace the occurance of '$LocalIP' with '$ExternalIP'
and '$LocalNetmask' with '$ExternalNetmask'
and '127.0.0.1' with '$ExternalIP'
in 30NameServers, 50DomainARecords
expand the templates
/sbin/e-smith/expand-template /var/service/tinydnsext/env/IP
/sbin/e-smith/expand-template /var/service/tinydnsext/root/data
compile the data into tinydns format
make sure you cd to the proper directory
cd /var/service/tinydnsext/root
/usr/local/bin/tinydns-data
restart the service - you need one more symbolic for this
ln -s daemontools /etc/rc.d/init.d/tinydnsext
/etc/rc.d/init.d/tinydnsext restart
Create a file /etc/e-smith/events/actions/update-dnsext
# begin file
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 2002 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Technical support for this program is available from Mitel Networks
# Please visit our web site
www.mitel.com/sme/ for details.
#----------------------------------------------------------------------
package esmith;
use strict;
use Errno;
use esmith::templates;
#------------------------------------------------------------
# Configure djbdns's tinydns DNS server
#------------------------------------------------------------
#set the ListenIP to external IP
esmith::templates::processTemplate ({
TEMPLATE_PATH => "/var/service/tinydnsext/env/IP",
PERMS => 0644,
});
#apply the new external IP to the data file for external zones
esmith::templates::processTemplate
( {
TEMPLATE_PATH => "/var/service/tinydnsext/root/data",
} );
chdir "/var/service/tinydnsext/root"
or warn "Failed to change working directory";
system("/usr/local/bin/tinydns-data") == 0
or warn("Failed to update tinydns external zone data.\n");
exit (0);
#end file
This will automatically update the external DNS ListeningIP and all the records to point to the right IP
whenever a new domain is added or the external IP changes
Create three symbolic links to this file
ln -s ../actions/update-dnsext /etc/e-smith/events/ip-change/S86update-dnsext
ln -s ../actions/update-dnsext /etc/e-smith/events/domain-create/S51update-dnsext
ln -s ../actions/update-dnsext /etc/e-smith/events/domain-delete/S51update-dnsext
The last will refresh the domain listings omitting the domain you just removed.
These all apply to the server-manager processes.
That's IT!!! I apologize if anything has been left out. Please email me at jeremy@e-xyn.com if you have
any concerns, questions or additions I should know about this tutorial.