The master server includes the Atomia DNS API that is used for communicating with the nameservers and also used by external applications to provision DNS data. Also on the master server is the Atomia DNS database which contains DNS settings for all nameservers. It is possible to install the Atomia DNS API and Atomia DNS database on different machines.
Please locate the desired information in one of the following sections:
The Atomia DNS Master server consists of two different parts, the Atomia DNS database and the Atomia DNS API. It is possible to install the Atomia DNS Master server either with the database and the API on the same machine or on different machines. The default and recommended way is to install both on the same machine. In addition, if you want to use DNSSEC, it consists of an optional step where you add the initial DNSSEC keyset.
The default installation will install both the Atomia DNS database and the Atomia DNS API.
See Atomia DNS Master server default installation for instructions.
Using the manual installation guide you can install separate packages and have the Atomia DNS database and the Atomia DNS API on separate machines.
See Atomia DNS Master server manual installation for instructions.
For using DNSSEC you need to create the initial keys used to sign your zones.
See Creating the initial DNSSEC keyset for instructions.
The package will create a database called zonedata if it doesn't exist, and create the schema there.
If the database already exists, there are two cases:
The schema is already installed correctly and the installer proceeds.
The database contains something which is not a version of the Atomia DNS schema and the installer fails.
To be able to install the product if you already have a database called zonedata you need to remove or rename that database, or manually install the latest version of the schema to the database, then rerun the installer.
On the Atomia DNS Master server the following software is needed (in the recommended installation with Atomia DNS API and Atomia DNS database on the same machine):
Atomia::DNS::Server
Apache2 with mod_perl2
Postgresql 8.3 or later
DBD::Pg 2.11.7 or later
SOAP::Lite 0.810.08 or later
Moose
Config::General
All needed software, including prerequisites, is installed by the provided package, atomiadns-masterserver .
This guide will install the Atomia DNS Master server using a default installation. This means that both the Atomia DNS database and Atomia DNS API will be installed.
Do a standard installation of Ubuntu 10.04 LTS.
Add the Atomia APT Repository to the server using:
wget -q -O - http://public.apt.atomia.com/setup.sh.shtml | sed s/%distcode/`lsb_release -c | awk '{ print $2 }'`/g | sh
Update all packages:
apt-get update
Install the Atomia DNS Master:
apt-get install atomiadns-masterserver
Add the initial DNSSEC keyset (optional):
See Creating the initial DNSSEC keyset for instructions.
Do a standard installation of FreeBSD. The instructions where tested with FreeBSD 10.0-RELEASE, but should work on other versions as well.
Make sure you have an up-to-date ports collection, as described in the FreeBSD handbook.
This step is only neccessary as long as the Atomia DNS ports are not in the main ports collection
cd /usr/ports/dns ; fetch -q -o - http://atomiadns.com/tarballs/bleeding.tar.gz | tar xvfpz - --strip-components 2 "*/freebsd"
Install PostgreSQL:
cd /usr/ports/databases/postgresql91-server
make BATCH=yes install
echo 'postgresql_enable="YES"' >> /etc/rc.conf
/usr/local/etc/rc.d/postgresql initdb
/usr/local/etc/rc.d/postgresql start
Install Atomia DNS:
Make sure that your hostname exists in DNS or in /etc/hosts, otherwise the install might fail due to Apache complaining.
cd /usr/ports/dns/atomiadns-database
make BATCH=yes install
test x"$SHELL" = x"/bin/bash" && hash -r ; echo "$SHELL" | grep csh > /dev/null && rehash
atomiadns-sync-database
cd /usr/ports/dns/atomiadns-api
echo "DEFAULT_VERSIONS+=apache=2.2" >> /etc/make.conf
make BATCH=yes install
cd /usr/ports/dns/atomiadns-client
make BATCH=yes install
echo 'apache22_enable="YES"' >> /etc/rc.conf
Optionally password protect the Atomia DNS installation (very much recommended):
cat > /usr/local/etc/apache22/Includes/atomiadns_password_protect.conf <<EOF
<Location />
AuthUserFile /usr/local/etc/apache22/atomiadns.htpasswd
AuthName "Atomia DNS"
AuthType Basic
require valid-user
</Location>
EOF
# Remember the password that you enter, it is used in the next step, and later when you add nameservers.
htpasswd -c /usr/local/etc/apache22/atomiadns.htpasswd atomiadns
apachectl graceful
Test the installation by creating your first (and often only) nameserver group:
echo 'soap_username=YOUR_OPTIONAL_BUT_OBVIOUSLY_HIGHLY_RECOMMENDED_API_SERVER_USERNAME' >> /etc/atomiadns.conf
echo 'soap_password=YOUR_OPTIONAL_BUT_OBVIOUSLY_HIGHLY_RECOMMENDED_API_SERVER_PASSWORD' >> /etc/atomiadns.conf
atomiadnsclient --method AddNameserverGroup --arg default
Add the initial DNSSEC keyset (optional):
See Creating the initial DNSSEC keyset for instructions.
We no longer recommend Redhat Enterprise Linux 4, latest version supported is Redhat Enterprise Linux 6
First setup the needed repositories.
rpm -Uhv http://apt.sw.be/redhat/el4/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el4.rf.i386.rpm
rpm -Uhv http://yum.pgsqlrpms.org/reporpms/8.4/pgdg-redhat-8.4-1.noarch.rpm
rpm -Uhv http://rpm.atomia.com/rhel4/atomia-repository-setup-1.0-1.noarch.rpm
Next install the Atomia DNS master server
up2date -i atomiadns-masterserver
Allow md5 authentication instead of ident for connections to 127.0.0.1/32 in /var/lib/pgsql/data/pg_hba.conf, example row:
host all all 127.0.0.1/32 md5
Restart postgresql:
service postgresql restart
We no longer recommend Redhat Enterprise Linux 5, latest version supported is Redhat Enterprise Linux 6
First setup the needed repositories.
rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
rpm -Uhv http://yum.pgsqlrpms.org/reporpms/8.4/pgdg-redhat-8.4-1.noarch.rpm
rpm -Uhv http://rpm.atomia.com/rhel5/atomia-repository-setup-1.0-1.noarch.rpm
Next install the Atomia DNS master server
yum install atomiadns-masterserver
Allow md5 authentication instead of ident for connections to 127.0.0.1/32 in /var/lib/pgsql/data/pg_hba.conf, example row:
host all all 127.0.0.1/32 md5
Restart postgresql:
service postgresql restart
First setup the needed repositories.
rpm -Uhv http://apt.sw.be/redhat/el6/en/i386/rpmforge/RPMS/rpmforge-release-0.5.2-2.el6.rf.i686.rpm
rpm -Uhv http://yum.pgsqlrpms.org/reporpms/8.4/pgdg-redhat-8.4-1.noarch.rpm
rpm -Uhv http://public.rpm.atomia.com/rhel6/atomia-public-repository-setup-1.0-1.el6.noarch.rpm
Next install the Atomia DNS master server
yum install atomiadns-masterserver
Allow md5 authentication instead of ident for connections to 127.0.0.1/32 in /var/lib/pgsql/data/pg_hba.conf, example row:
host all all 127.0.0.1/32 md5
Restart postgresql:
service postgresql restart
This guide will install the Atomia DNS Master server with the Atomia DNS database on a separate server from the Atomia DNS API.
Do a standard installation of Ubuntu 10.04 LTS on two servers.
On both servers:
Add the Atomia APT Repository to the server using:
wget -q -O - http://public.apt.atomia.com/setup.sh.shtml | sed s/%distcode/`lsb_release -c | awk '{ print $2 }'`/g | sh
Update all packages:
apt-get update
Assign one of the servers to be Atomia DNS database server, on that server execute the following steps:
Install the Atomia DNS database:
apt-get install atomiadns-database
Assign one of the servers to be Atomia DNS API server, on that server execute the following steps:
Install the Atomia DNS API:
apt-get install atomiadns-api
If you want all zones to be signed, then after the Atomia DNS API server is installed you need to create the initial DNSSEC key set. In addition you will need to use a nameserver synchronization agent that supports DNSSEC; at the moment this means the PowerDNS agent.
The DNSSEC setup is completed by executing the following steps:
Install the command line client:
apt-get install atomiadns-client
Add the active key signing key:
atomiadnsclient --method AddDNSSECKey --arg RSASHA256 --arg 2048 --arg KSK --arg 1
Add the active zone signing key:
atomiadnsclient --method AddDNSSECKey --arg RSASHA256 --arg 1024 --arg ZSK --arg 1
Add the inactive zone signing key:
atomiadnsclient --method AddDNSSECKey --arg RSASHA256 --arg 1024 --arg ZSK --arg 0
Warning: The suggested workaround for random number generation in virtual machines will produce easily predictable and insecure DNSSEC keys. For production purposes, please solve it in a secure way. You have been warned.
Adding DNSSEC keys on a virtual machine where you can't use keyboard input to generate entropy requires an additional step.
Install rng-tools using apt-get install rng-tools, then open /etc/default/rng-tools and add the following line, or better something equivalent but secure:
# WARNING: This setup is insecure, you should make sure that you have an adequate setup # for generating cryptographically strong random numbers instead. HRNGDEVICE = /dev/urandom
Now, they key creation should be instant. Notice though that this setup is really insecure. You should instead configure rng-tools to provide sufficient amounts of random numbers in a secure way, e.g. by having better hardware for generating entropy.
If you use the recommended setup for the Atomia DNS Master server you don't need to edit the config file. A password is generated when creating the non-existing schema when the package is installed.
The config file used by Atomia DNS API is placed at
/etc/atomiadns.conf
and contains the following settings:
|
Parameter |
Example |
Description |
|
db_name |
zonedata |
The name of the database. |
|
db_hostname |
localhost |
The hostname where the database is running. |
|
db_username |
atomiadns |
Username of the database. |
|
db_password |
password_for_the_username |
Password for the database. |
Default config file:
db_name = zonedata
db_hostname = localhost
db_username = atomiadns
db_password = autogeneratedpassword
Updates are done by installing the latest version of the installed packages.
Any change in the dependencies will be handled appropriately by the installation package, upgrading or installing them as needed.
If the database schema has changed, the schema on the Atomia DNS Master server will be automatically updated. If you have chosen to have the database on a separate server, you will have to update the atomiadns-database package on that server as well. All schema changes are noted in the release notes for the new version.
To install an update, complete the following steps:
Update all packages:
apt-get update
Note the version number of the package currently installed.
Install updates using:
apt-get install atomiadns-masterserver
If you for some reason want to rollback to the previous version, then run:
apt-get install atomiadns-masterserver=version-number-noted
To install an update, complete the following steps:
Clean the cache so that you are sure that you get the latest:
yum clean expire-cache --disablerepo "*" --enablerepo atomia
Upgrade the package:
yum install atomiadns-masterserver
The Atomia DNS Master server is administrated using an API which you can use to create a web interface or other applications. For information on how the API works and how to use it see Atomia DNS API .
The Atomia DNS DynDNS client is used to handle DynDNS updates according to the DNS protocol. The client acts as a regular nameserver but only has support for DynDNS updates. For information on how DynDNS works and how to use it see Atomia DNS DynDNS .
The schema for the Atomia DNS database can be found on the
Atomia DNS Master server
in
/usr/share/atomiadns/schema
.
It contains the following tables:
|
Table |
Description |
|
allowed_type |
Ccontains a list of allowed DNS types together with regular expressions for validating data. |
|
updates_disabled |
Always contains a single row stating if updates to the nameservers are disabled or enabled. |
|
nameserver |
Contains one row of all nameservers subscribing to this data set. |
|
change |
Contains one row for every changed zone per nameserver that hasn't propagated the change yet. |
|
zone |
Contains the zone name and a primary key. |
|
label |
Contains the label name, a foreign key mapping the label to a zone and a primary key. |
|
record |
Contains the record data, a foreign key mapping the record to a label and a primary key. |
It also contains a number of triggers for validating data and one stored procedure for every method in the Atomia DNS API .
We no longer recommend the Bind-DLZ sync agent, the PowerDNS integration is more actively developed and is a requirement for DNSSEC support
The nameserver includes the popular BIND nameserver configured to use a local database instead of zone files. All nameservers will also have the Atomia DNS Sync application installed which provisions changes to the local database and also settings for BIND from the data in the Atomia DNS database.
Please locate the desired information in one of the following sections:
Install the latest Ubuntu LTS relase.
Add the Atomia APT Repository to the server using:
wget -q -O - http://public.apt.atomia.com/setup.sh.shtml | sed s/%distcode/`lsb_release -c | awk '{ print $2 }'`/g | sh
Install the Bind-DLZ package we provide:
apt-get install bind9-dlz-bdbhpt
Install the Atomia DNS Bind-DLZ Nameserver:
apt-get install atomiadns-nameserver
Install the Atomia DNS Client utility:
apt-get install atomiadns-client
Edit the configuration file:
edit /etc/atomiadns.conf
Change the soap_uri row to contain the hostname of your Atomia DNS Master server
Add a row looking like 'server_name = hostname of this node'
Example configuration:
servername = your.name.server
soap_uri = https://your.atomia.dns.master.server.com/atomiadns
soap_cacert = /etc/atomiadns_soap_cert.crt
soap_username = atomia
soap_password = XXXXXX
bdb_environment_path = /var/lib/bind/atomiadns_bdb
bdb_filename = dns_data.db
rndc_path = /usr/sbin/rndc
slavezones_config = /etc/bind/slave/named-slavezones.conf.local
slavezones_dir = /etc/bind/slave/zones
If this is the first server in it's nameserver group, then add the group (substitute groupname):
atomiadnsclient --method AddNameserverGroup --arg groupname
Add the nameserver as a subscriber of the zones in the configured Atomia DNS Master server (substitute groupname):
atomiadnssync add_server groupname
Start the daemon that fetches updates and replicates those to the local zone database:
/etc/init.d/atomiadns-nameserver start
Initiate a full reload of all zones in the Atomia DNS Master sever (all nameservers are reloaded):
atomiadnssync full_reload_online
Start BIND:
/etc/init.d/bind9-dlz-bdbhpt start
First setup GPG-keys for the needed repositories.
rpm -Uhv http://apt.sw.be/redhat/el4/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el4.rf.i386.rpm
rpm -Uhv http://rpm.atomia.com/rhel4/atomia-repository-setup-1.0-1.noarch.rpm
Then configure up2date to use them, by adding to /etc/sysconfig/rhn/sources:
yum atomia http://rpm.atomia.com/rhel4
yum dag http://apt.sw.be/redhat/el4/en/$ARCH/dag
Install the Atomia DNS master server:
up2date -i atomiadns-nameserver
Install the Atomia DNS Client utility:
up2date -i atomiadns-client
Edit the configuration file:
edit /etc/atomiadns.conf
Change the soap_uri row to contain the hostname of your Atomia DNS Master server
Add a row looking like 'server_name = hostname of this node'
Example configuration:
servername = your.name.server
soap_uri = https://your.atomia.dns.master.server.com/atomiadns
soap_cacert = /etc/atomiadns_soap_cert.crt
soap_username = atomia
soap_password = XXXXXX
bdb_environment_path = /var/lib/bind/atomiadns_bdb
bdb_filename = dns_data.db
rndc_path = /usr/sbin/rndc
slavezones_config = /etc/bind/slave/named-slavezones.conf.local
slavezones_dir = /etc/bind/slave/zones
If this is the first server in it's nameserver group, then add the group (substitute groupname):
atomiadnsclient --method AddNameserverGroup --arg groupname
Add the nameserver as a subscriber of the zones in the configured Atomia DNS Master server (substitute groupname):
atomiadnssync add_server groupname
Start the daemon that fetches updates and replicates those to the local zone database:
service atomiadnssync start
Initiate a full reload of all zones in the Atomia DNS Master sever (all nameservers are reloaded):
atomiadnssync full_reload_online
Start BIND:
service bind start
On the nameservers the following software is needed:
Config::General
SOAP::Lite
Moose
BerkeleyDB
Bind9 compiled with DLZ and the bdbhpt driver linked to the same bdb-version as the BerkeleyDB module
All needed software, including prerequisites are installed by the provided package, atomiadns-nameserver .
You have to configure the Atomia DNS Bind-DLZ Nameserver to fit your environment.
The config file used by Atomia DNS Bind-DLZ Nameserver is placed in
/etc/atomiadns.conf
and contains the following settings:
|
Parameter |
Example |
Description |
|
bdb_environment_path |
/var/lib/bind/atomiadns_bdb |
Path where the database should be stored. |
|
soap_uri |
URI of the Atomia DNS API. |
|
|
bdb_filename |
dns_data.db |
Filename of the database. |
|
servername |
ns1.yourhost.com |
Hostname of the nameserver. |
soap_uri and servername always needs to be changed. For the other two parameters, the default settings will work.
Default config file:
bdb_environment_path = /var/lib/bind/atomiadns_bdb
soap_uri = http://your.atomia.dns.master.server.com/atomiadns
bdb_filename = dns_data.db
servername = your.name.server
slavezones_config = /etc/bind/slave/named-slavezones.conf.local
slavezones_dir = /etc/bind/slave/zones
For more information on how to use the Atomia DNS Sync application see Atomia DNS Bind-DLZ Nameserver usage .
To install an update, complete the following steps:
Update all packages:
apt-get update
Note the version number of the package currently installed.
Install updates using:
apt-get install atomiadns-nameserver
/etc/init.d/atomiadns-nameserver restart
If you for some reason want to rollback to the previous version, then run:
apt-get install atomiadns-nameserver=version-number-noted
Any changes in the dependencies will be handled appropriately by the installation package, upgrading or installing them as needed.
Updates are distributed using the Atomia APT repository. If not done, then add the Atomia APT Repository to the server using:
wget -q -O - http://public.apt.atomia.com/setup.sh.shtml | sed s/%distcode/`lsb_release -c | awk '{ print $2 }'`/g | sh
To build new RPMS for Bind-DLZ whenever an important new release is made we use the following steps:
Login to build machine for the OS release in question (e.g. RHEL5, RHEL4 etc).
Download bind9_rhel5_rpm.patch and place it in /usr/src/redhat
Checkout redhat package sources:
cvs -d ":pserver:anonymous@cvs.fedoraproject.org:/cvs/pkgs" co rpms/bind
Use the latest non-devel version of the spec:
cd rpms/bind/F-12
Patch the package sources to include the things we need:
patch -p1 < /usr/src/redhat/bind9_rhel_rpm.atomia.patch
Build the SRPM:
rm *rpm ; make srpm
Install the sources and SPEC-file:
rpm -i *rpm
Build it:
cd /usr/src/redhat/SPECS && rpmbuild -bb --sign bind.spec
The sync application is called atomiadnssync. You can view its manual page here or by running:
man atomiadnssync
atomiadnssync - An application for synchronizing a local BDB database with the master zone database using SOAP.
atomiadnssync is an application for synchronizing a local BDB database with the master zone database using SOAP.
It contains options for both doing a full reload of all zones in the master database, and for just fetching the zones changed since the last update and reloading those.
In addition you can use this tool for adding or removing the subscription of updates for a nameserver, and for enabling and disabling propagation of updates globally across all nameservers.
full_reload_offline SERIAL DESTINATION
Propagates all zones to a fresh BDB environment stored in the destination folder (should be empty before running). All zones get the serial specified in their SOA-record. This command should always be run with the same user BIND is running as.
full_reload_online
Marks all zones as changed so that the update-process propagates them on all nameservers.
full_reload_slavezones
Marks all slave zones as changed so that the update-process propagates them on all nameservers.
updated
Fetches a list of changed zones and adds/removes them from the local BDB database. This option is used by the daemon started at boot-time by /etc/init.d/atomiadns-nameserver. You should never run this manually.
add_server
Adds this server (configured using servername in /etc/atomiadns.conf) as a subscriber of the data set on the configured SOAP server.
remove_server
Remove the subscription of the data set on the configured SOAP server for this server (configured using servername in /etc/atomiadns.conf).
disable_updates
Disable propagation of changes to the nameservers.
enable_updates
Enable propagation of changes to the nameservers
The application is configured using a config file stored at /etc/atomiadns.conf. All options are required.
The following options exist:
bdb_environment_path
Specifies the path of the local BDB environment. The default is /var/lib/bind/atomiadns_bdb, and does probably not need to change.
bdb_filename
Specifies the filename (relative to bdb_environment_path) of the local BDB database. The default is dns_data.db, and does probably not need to change.
soap_uri
Specifies the URI of the SOAP Server to fetch changes from.
servername
Specifies the filename which contain a list of the configured slave zones.
slavezones_config
Specifies the hostname used when subscribing and checking for changes.
slavezones_dir
Specifies the directory where zone files for the slave zones are stored.
To do a full reload to a new folder without missing any updates (assuming the default bdb_environment_path), do:
1. atomiadnssync disable_updates
2. Verify manually that no pending changes exist.
3. Write down the output (unix timestamp) of `date +%s`
4. Run `atomiadnssync full_reload_offline the_timestamp /var/lib/bind/atomiadns_bdb_new
5. rm -rf /var/lib/bind/atomiadns_bdb_old ; mv /var/lib/bind/atomiadns_bdb /var/lib/bind/atomiadns_bdb_old ; mv /var/lib/bind/atomiadns_bdb_new /var/lib/bind/atomiadns_bdb
6. rndc reload
7. atomiadnssync enable_updates
Or to accomplish the same thing using the online reload feature (much better and the preferred way):
atomiadnssync full_reload_online
To add the server as a subscriber:
atomiadnssync add_server
Atomia DNS was developed by Atomia AB. For support, please see http://www.atomiadns.com/.
On the nameservers the location of the BDB databases is configured in
/etc/atomiadns
using
bdb_environment_path
and
bdb_filename
.
You can use the regular BDB utilities to do things like hot backup and crash recovery.
More information can be found in the BDB documentation, for example: http://www.oracle.com/technology/documentation/berkeley-db/db/ref/transapp/archival.html http://www.oracle.com/technology/documentation/berkeley-db/db/ref/transapp/recovery.html
If the BDB databases were to become corrupt, the recommended solution would be to do a full resync of the BDB databases from the master. This is done using the atomiadnssync tool .
The nameserver includes the popular PowerDNS nameserver configured to use a local MySQL database instead of zone files. All PowerDNS nameservers will also have the Atomia DNS PowerDNS Sync application installed which provisions changes to the local database from the data in the Atomia DNS database.
Please locate the desired information in one of the following sections:
Install the latest Ubuntu LTS relase.
Add the Atomia APT Repository to the server using:
wget -q -O - http://public.apt.atomia.com/setup.sh.shtml | sed s/%distcode/`lsb_release -c | awk '{ print $2 }'`/g | sh
Install the database schema (will also install MySQL):
apt-get install atomiadns-powerdns-database
To configure the nameserver to get zones from your Atomia DNS installation, add soap_uri, soap_cacert, soap_username and soap_password to /etc/atomiadns.conf
soap_uri = https://some.server.example.com/atomiadns
soap_cacert = /path/to/CA_cert_that_signed_SSL_cert
soap_username = someuser
soap_password = somepass
Also to /etc/atomiadns.conf add the subscriber name for this nameserver:
servername = powerdns1
Install the PowerDNS sync agent:
apt-get install atomiadns-powerdnssync
Add the nameserver as subscriber of the zones (replace default with whatever server group it is to be member of):
atomiapowerdnssync add_server default
Start the daemon:
start atomiadns-powerdnssync
Sync all zones:
atomiapowerdnssync full_reload_online
Go to http://powerdnssec.org/downloads/packages/ and download the latest .deb package
Install it using (replace filename):
dpkg -i pdns-static_3.0-rc1-1_amd64.deb
When it asks if you want to replace /etc/powerdns/pdns.conf, just press enter to keep the version that atomiadns-powerdns-database preconfigured for you.
Do a standard installation of FreeBSD. The instructions where tested with FreeBSD 10.0-RELEASE, but should work on other versions as well.
Make sure you have an up-to-date ports collection, as described in the FreeBSD handbook.
This step is only neccessary as long as the Atomia DNS ports are not in the main ports collection
cd /usr/ports/dns ; fetch -q -o - http://atomiadns.com/tarballs/bleeding.tar.gz | tar xvfpz - --strip-components 2 "*/freebsd"
Install MySQL and create the database:
cd /usr/ports/databases/mysql55-server
make BATCH=yes install
echo 'mysql_enable="YES"' >> /etc/rc.conf
/usr/local/etc/rc.d/mysql-server start
mysql -u root mysql -e "drop database test; delete from db; delete from user where user = ''; delete from user where host << 'localhost'; flush privileges"
mysqladmin create powerdns
set powerdns_pw=`sh -c 'dd if=/dev/urandom bs=1024 count=1 2> /dev/null | sha1'`
mysql -u root -e "grant all on powerdns.* to 'powerdns'@'localhost' identified by '$powerdns_pw'"
cat > /root/pdns.conf.tmp <<EOF
launch=gmysql
gmysql-host=localhost
gmysql-user=powerdns
gmysql-dbname=powerdns
gmysql-password=$powerdns_pw
gmysql-dnssec=yes
EOF
Install PowerDNS:
cd /usr/ports/dns/powerdns
make BATCH=yes WITH_MYSQL=YES WITHOUT_PGSQL=YES install
echo 'pdns_enable="YES"' >> /etc/rc.conf
echo 'pdns_flags="--daemon --guardian=yes"' >> /etc/rc.conf
mv /root/pdns.conf.tmp /usr/local/etc/pdns/pdns.conf
Install atomiadns-powerdnssync:
cd /usr/ports/dns/atomiadns-powerdnssync
make BATCH=yes install
atomiadns-sync-powerdns-database /usr/local/etc/pdns/pdns.conf
echo "servername = `hostname`" >> /etc/atomiadns.conf
echo 'soap_uri=http://INSERT_IP_OF_API_SERVER/atomiadns' >> /etc/atomiadns.conf
echo 'soap_username=YOUR_OPTIONAL_BUT_OBVIOUSLY_HIGHLY_RECOMMENDED_API_SERVER_USERNAME' >> /etc/atomiadns.conf
echo 'soap_password=YOUR_OPTIONAL_BUT_OBVIOUSLY_HIGHLY_RECOMMENDED_API_SERVER_PASSWORD' >> /etc/atomiadns.conf
echo 'atomiapowerdnssync_enable="YES"' >> /etc/rc.conf
atomiapowerdnssync add_server default
/usr/local/etc/rc.d/atomiapowerdnssync start
atomiapowerdnssync full_reload_online
Start PowerDNS:
/usr/local/etc/rc.d/pdns start
Atomia DNS DynDNS provides a DynDNS server supporting standard DNS update requests, performing the updates using an Atomia DNS Master server installation.
When using Atomia DNS DynDNS any standard DynDNS client can be used. Examples include:
nsupdate
dhcpd
Windows DHCP client service
Please locate the desired information in one of the following sections:
You have to configure the Atomia DNS DynDNS server to fit your environment.
The config file used by Atomia DNS DynDNS is placed in
/etc/atomiadns.conf
and contains the following settings:
|
Parameter |
Example |
Description |
|
soap_uri |
URI of the Atomia DNS API. |
|
|
tsig_keyname |
atomia-dns-key |
The name of the shared key that all authorized DDNS clients needs to use. |
|
tsig_key |
ZXhhbXBsZQ== |
The base64-encoded shared key used to authorize DDNS updates. |
soap_uri and tsig_key always needs to be changed. For the other parameter, the default settings will work if used at the clients as well.
Default config file:
soap_uri = http://your.atomia.dns.master.server.com/atomiadns
tsig_keyname = atomia-dns-key
#tsig_key = ZXhhbXBsZQ==
For more information on how to use the Atomia DNS DynDNS server see Atomia DNS DynDNS usage .
Do a standard installation of Ubuntu 10.04 LTS.
Add the Atomia APT Repository to the server using:
wget -q -O - http://public.apt.atomia.com/setup.sh.shtml | sed s/%distcode/`lsb_release -c | awk '{ print $2 }'`/g | sh
Update all packages:
apt-get update
Install the Atomia DNS DynDNS server:
apt-get install atomia-dyndns
Edit the configuration file:
edit /etc/atomiadns.conf
Change the soap_uri row to contain the hostname of your Atomia DNS Master server
Add a row looking like 'tsig_key = SomeBase64_encoded_value '
Example configuration:
soap_uri = http://your.atomia.dns.master.server.com/atomiadns
tsig_keyname = atomia-dns-key
tsig_key = kT6ulFA6Dg0qyRZv9vRrkA==
ver
Start the DynDNS server:
/etc/init.d/atomia-dyndns start
Atomia DNS DynDNS accepts DNS update requests on port 5353, authenticates them using a key shared with authorized clients and then connects to the Atomia DNS Master server to perform the needed prerequisite checks and/or updates.
To install an update, complete the following steps:
Update all packages:
apt-get update
Note the version number of the package currently installed.
Install updates using:
apt-get install atomia-dyndns
/etc/init.d/atomia-dyndns restart
If you for some reason want to rollback to the previous version, then run:
apt-get install atomia-dyndns=version-number-noted
Any changes in the dependencies will be handled appropriately by the installation package, upgrading or installing them as needed.
The Atomia DNS DynDNS application only comes with the DDNS server. To update zones using the server all standard DDNS clients, like nsupdate, can be used.
The server listens on port 5353 to distinguish it from authorative nameservers (it only handles the UPDATE opcode, not other queries against the handled zones).
Example using nsupdate (which is included with Bind):
cat <<EOF | nsupdate
server your.dyndns.server 5353
zone some.zone.com
key atomia-dns-key ZXhhbXBsZQ==
prereq yxrrset somehost.some.zone.com A
update delete somehost.some.zone.com A
update add somehost.some.zone.com 300 A 127.0.0.1
send
EOF