Koozali.org: home of the SME Server

Public DNS on SME 6.01

Offline zaker

  • 18
  • +0/-0
Public DNS on SME 6.01
« on: April 29, 2004, 02:52:43 AM »
Has anyone tried this how-to http://www.sglinuxos.org/modules.php?name=Content&pa=showpage&pid=3

And if so, does anyone know if it will work on SME 6.01? it says for 5.5 & 5.6.

thanks
tom

Offline crazybob

  • ****
  • 894
  • +0/-0
    • Stalzer R&D
Public DNS on SME 6.01
« Reply #1 on: April 29, 2004, 06:41:53 AM »
I have not tried it, but I did drop them an email, and they did reply. They said they were working on a verison for 6.0 > , but it was not ready yet. This was about 6 weeks ago, and I have heard nothing more


Bob
If you think you know whats going on, you obviously have no idea whats going on!

Jeremy

Public DNS on e-smith server 6.x
« Reply #2 on: June 21, 2004, 01:42:42 AM »
I think it is actually a lot easier than everyone is making it.

There's an e-smith entry in /home/e-smith/configuration for tinydns

You can simply run
shell$ /sbin/e-smith/db setprop tinydns ListenIP xxx.xxx.xxx.xxx
where xxx.xxx.xxx.xxx is the IP you want it to listen on.

Then
shell$ /sbin/e-smith/expand-template /var/service/tinydns/env/IP
shell$ /etc/rc.d/init.d/tinydns restart

I have found a reboot is in order next if things are sluggish.  I'm not sure why this is.  You can always unset the property if this doesn't work for you.

I have not tested this on a 'live' server yet.  The difference in the "dig @IP domain" output is as follows...

bash-2.05a$ dig @192.168.1.250 allegrodance.ca

; <<>> DiG 9.2.1 <<>> @192.168.1.250 allegrodance.ca
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30262
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;allegrodance.ca.               IN      A

;; ANSWER SECTION:
allegrodance.ca.        86400   IN      A       192.168.1.250

;; Query time: 4 msec
;; SERVER: 192.168.1.250#53(192.168.1.250)
;; WHEN: Sun Jun 20 17:29:32 2004
;; MSG SIZE  rcvd: 49

****Then after I changed the listen IP

bash-2.05a$ dig @192.168.1.250 allegrodance.ca

; <<>> DiG 9.2.1 <<>> @192.168.1.250 allegrodance.ca
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17947
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;allegrodance.ca.               IN      A

;; ANSWER SECTION:
allegrodance.ca.        86400   IN      A       192.168.1.250

;; AUTHORITY SECTION:
allegrodance.ca.        259200  IN      NS      totoro.e-xyn.com.

;; ADDITIONAL SECTION:
totoro.e-xyn.com.       86400   IN      A       192.168.1.250

;; Query time: 122 msec
;; SERVER: 192.168.1.250#53(192.168.1.250)
;; WHEN: Sun Jun 20 17:41:28 2004
;; MSG SIZE  rcvd: 95




As you can see the AUTHORITY and ADDITIONAL are both set to 1 afterwards.

If anyone tests this and finds it to be working on a 'live' or 'staging' server please let us all know.

Thanks,
Jeremy
jeremy@e-xyn.com

Jeremy

Correction
« Reply #3 on: June 21, 2004, 01:49:46 AM »
The line

/sbin/e-smith/db setprop tinydns ListenIP xxx.xxx.xxx.xxx

should read

/sbin/e-smith/db configuration setprop tinydns ListenIP xxx.xxx.xxx.xxx

Sorry, I left out the configuration parameter.

Jeremy

Public DNS on e-smith server 6.x
« Reply #4 on: June 22, 2004, 07:56:13 AM »
Alright everyone or anyone who is interested.  I successfully made a stock e-smith server 6.x have external DNS using the tinydns that is already installed.

It is a long process but would only take someone about 15 minutes to accomplish with a howto.

I have it so that it publishes domains internally and externally automatically and updates the external IP if that ever changes AND it's template based in the custom templates with the exception of one web action I had to edit but I may template that later.

Anyhow if anyone is EXTREMELY interested in this I can put together a howto as I wrote my process down for once in my life.  Just reply to this post or email me with requests for this.  If no one bothers I won't either.

Jeremy
jeremy@e-xyn.com

Offline raem

  • *
  • 3,972
  • +4/-0
Public DNS on SME 6.01
« Reply #5 on: June 22, 2004, 11:23:51 AM »
Jeremy
That HOWTO would be very interesting, please go ahead and create it.
Thanks
...

mbachmann

Public DNS on SME 6.01
« Reply #6 on: June 22, 2004, 01:31:53 PM »
Yes, over here. Wanna read. Please do.

Jeremy

HOWTO coming shortly
« Reply #7 on: June 22, 2004, 04:53:09 PM »
I will try and the howto together in the next couple of days make sure I check all the paths and all that to be sure it accurate.  Keep checking back.  Hopefully the nice people here will grab it and put it in the howto section as well since the one link to public DNS there seems broken.

Jeremy

HOWTO coming shortly
« Reply #8 on: June 22, 2004, 04:53:33 PM »
I will try and put the howto together in the next couple of days make sure I check all the paths and all that to be sure it accurate.  Keep checking back.  Hopefully the nice people here will grab it and put it in the howto section as well since the one link to public DNS there seems broken.

chrisbuechler

DNS
« Reply #9 on: June 22, 2004, 05:44:45 PM »
Jeremy -- Thank You -- Very much interested and waiting patiently

Jeremy

HERE IT IS!!! External DNS howto for e-smith 6.0
« Reply #10 on: June 23, 2004, 06:18:08 AM »
As always there is no warranty and I take no responsiblity for damages or lost files that the information
contained in this document might cause you.  Everything here worked for me but you are still to use
this at your own risk and test it on a staging server before trying it on your live server.

A few notes:

1. DNS seems to always be a confusing issue: or at least it always is for me.  It took me weeks to figure out
BIND in e-smith 4.1.2 and it took me a few days to iron this one out with the knowledge gained from that.

2. This tutorial will allow you to add/delete domains using the server-manager and make them accessible to the
public without interfering with the internal DNS.  That being said, ALL domains you have listed will be
accessible to the outside world.  If you want an intranet make those domains accessible to the local network
only in the ibay settings.  This tutorial will also allow the server to update all external DNS entries as well
as the listening IP that queries are accepted on automatically.

3. For security reasons (and I would imagine to save CPU/bandwidth) tinydns will not answer ANY external queries
it does not have a DNS entry for.  This cannot be changed so you will not be able to make this a completely
public DNS in that respect.  The server WILL still resolve ALL domains from within the internal network as
usual.

4. To have a truly public DNS server (to be able to register domains to use your server as a Name Server) you
will need to register it as such and you MUST have a static IP to do this.  I cannot help you with this.
If you want to do this you will have to look up more information on the internet.  I do know that this is
free to do it just takes some time and effort.

5. ONTO THE HOWTO!!!
 

Here are the steps involved

1. Open UDP port 53 for incoming requests using iptables
2. Create two user account for the external dns to use and keep them locked
3. Create a new tinydns service called something like tinydsext (so you know it's external DNS)
4. Add an e-smith event file to update the external DNS whenever the external IP changes

Seems simple doesn't it.

1.  Open UDP Port 53 for incoming requests using iptables
Update iptables starting script to allow incoming packets to port 53.

mkdir /etc/e-smith/templates-custom/etc/rc.d/init.d/masq
create a file there called 45AllowPUBDNS

# begin file
{
   my $status=$tinydsext{status} || 'disabled'
   $OUT = allow_udp_in(53,
      ($status eq 'enabled'));
}
#end file

Then you need to expand the template
/sbin/e-smith/expand-template /etc/rc.d/init.d/masq
and restart masq to apply the new rule
/etc/rc.d/init.d/masq restart

You should see:

Shutting down IP masquerade and firewall rules:         Done!

Enabling IP masquerading: done

If you see a bunch of errors check to make sure everything in 45AllowPUBDNS is exactly as it is shown here.

That part is done!


2. Create two user accounts for the public dns to use.

This is directly from the the tinydns configuration pages.

Create two users. I named mine 'tinydnsext' and 'dsnlogext'.  You need one to run the service and one to run
the logs as I understand it.  Create these users using the e-smith server-manager user panel.  
Leave the accounts locked (don't reset the password - we don't need them).

Part 2 is done!


3.  Create a new tinydns service called something like tinydsext (so you know it's external DNS)

This will create a whole new tinydns service called tinydnsext in the /var/service dir.  I put it there because
that is where the e-smith internal tinydns is.  The IP at the end here can be anything but 127.0.0.1 and it is just
a place holder until we get the templates set up to change it.  It is the listening IP for the new DNS service.
If you know your external IP you can put it in there.

tinydns-conf tinydnsext dnslogext /var/service/tinydnsext 192.168.10.10

Now you need to edit /home/e-smith/configuration and add this line:
tinydnsext=service|status|enabled

If you ever want to shut off the external dns you simply run
/sbin/e-smith/db configuration tinydsnext setprop status disabled
/sbin/e-smith/expand-template /var/service/tinydsext/env/IP
/etc/rc.d/init.d/tinydsnext restart

or you can just stop tinydnsext service but it will start again upon reboot

Now you need to make all the tmeplate files for the tinydnsext
Create the directory /etc/e-smith/templates-custom/var/service/tinydsnext
copy all the files from /etc/e-smith/templates/var/service/tinydns to the custom directory above

cd /etc/e-smith/templates-custom/var/service/tinydnsext/env
pico IP

You should see this
{
    my $ip = $tinydns{'ListenIP'} || "127.0.0.1";
    "$ip";
}
change it to look like this
{
    my $ip = $ExternalIP;
    "$ip";
}
and save your changes

cd ../root/data
delete the file 70genericHostARecords - we don't need it.

delete the entire 'sub get_generic_hostentries' function from 00functions
replace the occurance of '$LocalIP' with '$ExternalIP'
                     and '$LocalNetmask' with '$ExternalNetmask'
                     and '127.0.0.1' with '$ExternalIP'
                     in 30NameServers, 50DomainARecords

expand the templates
/sbin/e-smith/expand-template /var/service/tinydnsext/env/IP
/sbin/e-smith/expand-template /var/service/tinydnsext/root/data

compile the data into tinydns format
make sure you cd to the proper directory
cd /var/service/tinydnsext/root
/usr/local/bin/tinydns-data

restart the service - you need one more symbolic for this
ln -s daemontools /etc/rc.d/init.d/tinydnsext
/etc/rc.d/init.d/tinydnsext restart

Create a file /etc/e-smith/events/actions/update-dnsext
# begin file
#!/usr/bin/perl -w

#----------------------------------------------------------------------
# copyright (C) 2002 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
#
# Technical support for this program is available from Mitel Networks
# Please visit our web site www.mitel.com/sme/ for details.
#----------------------------------------------------------------------

package esmith;

use strict;
use Errno;
use esmith::templates;

#------------------------------------------------------------
# Configure djbdns's tinydns DNS server
#------------------------------------------------------------

#set the ListenIP to external IP

esmith::templates::processTemplate ({
                        TEMPLATE_PATH => "/var/service/tinydnsext/env/IP",
                        PERMS => 0644,
                        });

#apply the new external IP to the data file for external zones

esmith::templates::processTemplate
    ( {
        TEMPLATE_PATH => "/var/service/tinydnsext/root/data",
    } );

chdir "/var/service/tinydnsext/root"
    or warn "Failed to change working directory";
system("/usr/local/bin/tinydns-data") == 0
    or warn("Failed to update tinydns external zone data.\n");


exit (0);
#end file

This will automatically update the external DNS ListeningIP and all the records to point to the right IP
whenever a new domain is added or the external IP changes

Create three symbolic links to this file
ln -s ../actions/update-dnsext /etc/e-smith/events/ip-change/S86update-dnsext
ln -s ../actions/update-dnsext /etc/e-smith/events/domain-create/S51update-dnsext
ln -s ../actions/update-dnsext /etc/e-smith/events/domain-delete/S51update-dnsext

The last will refresh the domain listings omitting the domain you just removed.
These all apply to the server-manager processes.

That's IT!!!  I apologize if anything has been left out.  Please email me at jeremy@e-xyn.com if you have
any concerns, questions or additions I should know about this tutorial.

Jeremy

ACCK! I forgot an important step
« Reply #11 on: June 23, 2004, 06:21:47 AM »
you must set tinydnsext up as a service by issuing the command

ln -s /var/service/tinydnsext /service/tinydnsext

This will keep it running no matter what

Louis

Public DNS on SME 6.01
« Reply #12 on: June 23, 2004, 11:25:27 AM »
Superb Jeremy - Thanks!  :lol:

I wonder iof any nice people have thought about a panel for this?

Jeremy

Public DNS on SME 6.01
« Reply #13 on: June 23, 2004, 06:11:08 PM »
I don't really see a need to make a panel for this.  As described in the HOWTO everything I did integrates seamlessly in to the Domain panel as well as an ip-change in the system configuration.

I was thinking of making a panel that would handle hosting DNS entries that weren't on the server.  That would require it's own panel.

Jeremy

ChrisBuechler

Problem setting up DNS
« Reply #14 on: June 29, 2004, 04:07:43 PM »
Can you look this over and tell my why this is failing?  Thanks

-rw-r--r--    1 root     root           98 Jun 29 10:03 45AllowPUBDNS
[root@linux1 masq]# cat 45AllowPUBDNS
{
my $status=$tinydsext{status} || 'disabled'
$OUT = allow_udp_in(53,
($status eq 'enabled'));
}

[root@linux1 masq]# /sbin/e-smith/expand-template /etc/rc.d/init.d/masq
WARNING in /etc/e-smith/templates-custom//etc/rc.d/init.d/masq/45AllowPUBDNS: Sc
alar found where operator expected at /etc/e-smith/templates-custom//etc/rc.d/in
it.d/masq/45AllowPUBDNS line 3, near "'disabled'
$OUT"
WARNING in /etc/e-smith/templates-custom//etc/rc.d/init.d/masq/45AllowPUBDNS:
(Missing operator before
$OUT?)
ERROR in /etc/e-smith/templates-custom//etc/rc.d/init.d/masq/45AllowPUBDNS: Prog
ram fragment delivered error <<syntax error at /etc/e-smith/templates-custom//et
c/rc.d/init.d/masq/45AllowPUBDNS line 3, near "'disabled'
$OUT ">> at template line 1
ERROR: Template processing failed for //etc/rc.d/init.d/masq: 2 fragments genera
ted warnings, 1 fragment generated errors
 at /sbin/e-smith/expand-template line 49
[root@linux1 masq]#