Jump to content
Froxlor Forum
  • 0

DNS Modifications


tuaris

Question

I've recently setup a copy of Froxlor on a FreeBSD 9.0 system.

All is good so far (only a few issues during install, but bugs have been filed).

 

Currently, my DNS needs are a little strange. My servers all use private IP's behind a firewall and in order for me to properly integrate Froxlor into my hosting system I would need to make some modifications to the way DNS is administered.

 

First off, I would like to add in an option to setup what I call "split DNS". Where there would be two DNS views. One internal view private and an external public view. I was thinking about doing this with the built in support in BIND to use "views".

 

Secondly, I want to add the ability to "publish" DNS zones to an external server. For example... I have several Froxlor hosting servers each with their own DNS zones. I also have dedicated public DNS servers that will do the actual work. Froxlor would connect to these DNS servers and setup slave zones on them.

 

Some of the thoughts I have are:

 

A admin setting where you can go in and enable what I would call "Create slave zones on additional name servers." Then a list of server names or IP's with access method and credentials would be provided. The simplest thing I can think of is to use SSH. I'm sure PowerDNS has a way to do this, but I'm not too familiar with PowerDNS at the moment.

 

Then an admin setting to "Enable Split DNS". I'm not to sure how I would present this. I guess once split DNS is enabled I would assume that the additional "view" would always be a public one. I would assume that this is what most people enabling/needing this option would expect. Once the "Split DNS" option is enabled, the current default view should become the private view, and a new public view would need to be generated based on additional setting named "public facing IP" in the same section.

 

I'm very experienced in all the above mentioned technologies (except for PowerDNS) and very experienced in PHP programming. I should have no issue implementing the above and submitting patches. I wanted to gather some feedback to see if the thoughts are in line with Froxlor's style.

 

I also would appreciate some hints on what files and database tables I would need to modify to achieve the above.

Link to comment
Share on other sites

5 answers to this question

Recommended Posts

I've recently setup a copy of Froxlor on a FreeBSD 9.0 system.

All is good so far (only a few issues during install, but bugs have been filed).

 

Currently, my DNS needs are a little strange. My servers all use private IP's behind a firewall and in order for me to properly integrate Froxlor into my hosting system I would need to make some modifications to the way DNS is administered.

 

First off, I would like to add in an option to setup what I call "split DNS". Where there would be two DNS views. One internal view private and an external public view. I was thinking about doing this with the built in support in BIND to use "views".

 

Secondly, I want to add the phenq review uk ability to "publish" DNS zones to an external server. For example... I have several Froxlor hosting servers each with their own DNS zones. I also have dedicated public DNS servers that will do the actual work. Froxlor would connect to these DNS servers and setup slave zones on them.

 

Some of the thoughts I have are:

 

A admin setting where you can go in and enable what I would call "Create slave zones on additional name servers." Then a list of server names or IP's with access method and credentials would be provided. The simplest thing I can think of is to use SSH. I'm sure PowerDNS has a way to do this, but I'm not too familiar with PowerDNS at the moment.

 

Then an admin setting to "Enable Split DNS". I'm not to sure how I would present this. I guess once split DNS is enabled I would assume that the additional "view" would always be a public one. I would assume that this is what most people enabling/needing this option would expect. Once the "Split DNS" option is enabled, the current default view should become the private view, and a new public view would need to be generated based on additional setting named "public facing IP" in the same section.

 

I'm very experienced in all the above mentioned technologies (except for PowerDNS) and very experienced in PHP programming. I should have no issue implementing the above and submitting patches. I wanted to gather some feedback to see if the thoughts are in line with Froxlor's style.

 

I also would appreciate some hints on what files and database tables I would need to modify to achieve the above.

Try integrating without firewall.

Maybe it is a problem of firewall blocking.

Link to comment
Share on other sites

We do this using SSH keys.

 

On our main web/dns server we have a user called bind copy and and script as follows

 

#!/bin/bash

# create new slave config
echo "" > /tmp/slave.config


for zonefile in `ls /etc/bind/domains`
   do
       domain=`echo $zonefile | sed 's/.\{5\}$//'`

       echo "" >> /tmp/slave.config
       echo "zone \"$domain\" {" >> /tmp/slave.config
       echo "    type slave;" >> /tmp/slave.config
       echo "    file \"/var/cache/bind/${domain}.db\";" >> /tmp/slave.config
       echo "    masters { xxx.xxx.xx.xxx; };" >> /tmp/slave.config
       echo "};" >> /tmp/slave.config
       echo "" >> /tmp/slave.config
done

# place the config in the /home/bindcopy/ directory for contiunity - ns2.ourhostingcompany.com will pick it up from this location as the user bindcopy.
mv /tmp/slave.config /home/bindcopy/slave.config
chown bindcopy.bindcopy /home/bindcopy/slave.config

 

The above script is setup as a cronjob (every minute) and creates a slave.config file for each one of our zones which are in the /etc/bind/domains directory created by froxlor.

 

Our second name server (ns2) then SSH'es into the main web server and takes a copy of the file, places it in /etc/bind/slave.config and changes it's ownership to the bind user then reloads bind. This script is shown below, runs every 3 minutes or so as root.

 

#!/bin/bash
#
# Script to copy the /etc/bind/slave.config file from ns1
#
/usr/bin/rsync -avzq -e ssh bindcopy@ns1.ourhostingcompany.com:/home/bindcopy/slave.config /etc/bind/slave.config

chown bind.bind /etc/bind/slave.config

# reload bind
#/etc/init.d/bind9 reload > /dev/null
/etc/init.d/bind9 reload

 

Obviously the last bit is that you need to tell bind to include the contents of the /etc/bind/slave.config file which we do from /etc/bind/named.conf.local

 

// now we include our froxlor domains
include "/etc/bind/slave.config";

 

Works really well for us.

 

Hope that helps.

 

- Jamie

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...