Difference between revisions of "SKSP DNS"

From SkullSpace Wiki
Jump to navigation Jump to search
m (Configuration =)
m
 
(10 intermediate revisions by one other user not shown)
Line 1: Line 1:
 +
[[Category:Networking]]
  
 
= Skullspace DNS =
 
= Skullspace DNS =
Line 7: Line 8:
 
* Soekris NET4501
 
* Soekris NET4501
 
* Running OpenBSD (5.5 as of initial deploy, subject to change with maintenance).
 
* Running OpenBSD (5.5 as of initial deploy, subject to change with maintenance).
 +
* Initially setup and maintained by Sean Cody
 
* IPv4: 206.220.196.51
 
* IPv4: 206.220.196.51
 
* IPv6: 2604:4280:1:c0de::53
 
* IPv6: 2604:4280:1:c0de::53
 +
 +
* SSH: ECDSA key fingerprint is 3f:33:d3:9e:7f:ac:7b:a0:d1:c5:1f:eb:98:3d:61:02.
 +
* SSH (known_hosts format): 206.220.196.51 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOpHXeGEVR6AoqXK/1/rgQpE6/aQl5OXQ80NGalSjn+n00XOTjWHaPjmOsKRDiMSHUX/zpo6s+ydMIXpFBfchNw=
 +
 +
System is setup to only allow SSH with key based authentication.
 +
Elevated access is given by means of using [http://www.openbsd.org/cgi-bin/man.cgi?query=sudo&apropos=0&sec=0&arch=default&manpath=OpenBSD-current sudo(8)] with allowance for those in the <tt>wheel</tt> group.
  
 
== DNS Service Configuration ==
 
== DNS Service Configuration ==
Line 31: Line 39:
 
: Reload Configuration
 
: Reload Configuration
 
:: sudo nsd-control reconfig
 
:: sudo nsd-control reconfig
 +
: Reload Changed Zones
 +
:: sudo nsd-control reload
 +
:: sudo nsd-control reload <zonename>
 
: Force Notify To Configured Slaves
 
: Force Notify To Configured Slaves
 
:: sudo nsd-control notify
 
:: sudo nsd-control notify
Line 37: Line 48:
 
== Configuration ==
 
== Configuration ==
  
Configuration file is in <tt>/var/nsd/etc/nsd.conf</tt>
+
Configuration file is in <tt>/var/nsd/etc/nsd.conf</tt><br>
Zone locations: <tt>/var/nsd/zones
+
Zone locations: <tt>/var/nsd/zones</tt>
  
 
When editing the configuration it is '''RECOMMENDED''' to check the configuration syntax before restarting (via <tt>sudo nsd-checkconf /var/nsd/etc/nsd.conf</tt>) and '''RECOMMENDED''' to use the <tt>nsd-control reconfig</tt> instead of service restart restart.
 
When editing the configuration it is '''RECOMMENDED''' to check the configuration syntax before restarting (via <tt>sudo nsd-checkconf /var/nsd/etc/nsd.conf</tt>) and '''RECOMMENDED''' to use the <tt>nsd-control reconfig</tt> instead of service restart restart.
Line 50: Line 61:
 
=== Reverse Zones ===
 
=== Reverse Zones ===
  
* 193.220.206.in-addr-arpa
+
* ipv4
** /var/nsd/zones/reverse-sksp-ipv4-a.sksp
+
** 196.220.206.in-addr.arpa
 +
*** /var/nsd/zones/reverse-sksp-ipv4-a.sksp
 +
 
 +
* ipv4
 +
** 193.220.206.in-addr.arpa
 +
*** /var/nsd/zones/reverse-sksp-ipv4-b.sksp
 +
 
 +
* ipv4
 +
** 2.202.199.in-addr.arpa
 +
*** /var/nsd/zones/reverse-sksp-ipv4-c.sksp
  
* e.d.0.c.0.8.2.4.4.0.6.2.ip6.arpa
+
* ipv6
** /var/nsd/zones/reverse-sksp-ipv6-a.sksp
+
** e.d.0.c.1.0.0.0.0.8.2.4.4.0.6.2.ip6.arpa
 +
*** /var/nsd/zones/reverse-sksp-ipv6-a.sksp
  
'''NOTE THERE ARE TWO MORE REVERSE ZONES THAT NEED TO BE CONFIGURED'''
+
* ipv6
 +
** e.d.0.c.0.8.2.4.4.0.6.2.ip6.arpa
 +
*** /var/nsd/zones/reverse-sksp-ipv6-b.sksp
  
 
== Slave Delegation ==
 
== Slave Delegation ==
Line 75: Line 98:
 
Run By: Mark Jenkins
 
Run By: Mark Jenkins
  
== System Access ==
+
= Relevant Man Pages =
 +
 
 +
* [http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/nsd-control.8?query=nsd nsd](8)
 +
* [http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/nsd.conf.5?query=nsd%2econf nsd.conf](5)
 +
* [http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/nsd-control.8?query=nsd-control nsd-control](8)
 +
* [http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/nsd-checkconf.8?query=nsd-checkconf nsd-checkconf](8)
 +
* [http://www.openbsd.org/cgi-bin/man.cgi?query=sudo&apropos=0&sec=0&arch=default&manpath=OpenBSD-current sudo](8)
 +
 
 +
= System Access =
 
Email it AT skullspace.ca with your request, the more detail the better and the higher the probability of getting said access.  Note requires also sending an SSH public key.
 
Email it AT skullspace.ca with your request, the more detail the better and the higher the probability of getting said access.  Note requires also sending an SSH public key.

Latest revision as of 16:30, 4 October 2017


Skullspace DNS

Domain registered with GoDaddy and owned/controlled by Ron Bowes.

System Details

  • Soekris NET4501
  • Running OpenBSD (5.5 as of initial deploy, subject to change with maintenance).
  • Initially setup and maintained by Sean Cody
  • IPv4: 206.220.196.51
  • IPv6: 2604:4280:1:c0de::53
  • SSH: ECDSA key fingerprint is 3f:33:d3:9e:7f:ac:7b:a0:d1:c5:1f:eb:98:3d:61:02.
  • SSH (known_hosts format): 206.220.196.51 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOpHXeGEVR6AoqXK/1/rgQpE6/aQl5OXQ80NGalSjn+n00XOTjWHaPjmOsKRDiMSHUX/zpo6s+ydMIXpFBfchNw=

System is setup to only allow SSH with key based authentication. Elevated access is given by means of using sudo(8) with allowance for those in the wheel group.

DNS Service Configuration

Using OpenBSD 5.5 base DNS server service named nsd(8).

Stop/Start Procedures

System/Service Level

Start
sudo /etc/rc.d/nsd start
Stop
sudo /etc/rc.d/nsd stop
Restart
sudo /etc/rc.d/nsd restart

Application Level

Stop
sudo nsd-control start
Stop
sudo nsd-control stop
Reload Configuration
sudo nsd-control reconfig
Reload Changed Zones
sudo nsd-control reload
sudo nsd-control reload <zonename>
Force Notify To Configured Slaves
sudo nsd-control notify
sudo nsd-control notify <zonename>

Configuration

Configuration file is in /var/nsd/etc/nsd.conf
Zone locations: /var/nsd/zones

When editing the configuration it is RECOMMENDED to check the configuration syntax before restarting (via sudo nsd-checkconf /var/nsd/etc/nsd.conf) and RECOMMENDED to use the nsd-control reconfig instead of service restart restart.

Configured Zones

Forward Zones

  • skullspace.ca
    • /var/nsd/zones/skullspace.ca

Reverse Zones

  • ipv4
    • 196.220.206.in-addr.arpa
      • /var/nsd/zones/reverse-sksp-ipv4-a.sksp
  • ipv4
    • 193.220.206.in-addr.arpa
      • /var/nsd/zones/reverse-sksp-ipv4-b.sksp
  • ipv4
    • 2.202.199.in-addr.arpa
      • /var/nsd/zones/reverse-sksp-ipv4-c.sksp
  • ipv6
    • e.d.0.c.1.0.0.0.0.8.2.4.4.0.6.2.ip6.arpa
      • /var/nsd/zones/reverse-sksp-ipv6-a.sksp
  • ipv6
    • e.d.0.c.0.8.2.4.4.0.6.2.ip6.arpa
      • /var/nsd/zones/reverse-sksp-ipv6-b.sksp

Slave Delegation

NS2

ns2.skullspace.ca A     104.131.53.85
ns2.skullspace.ca AAAA  2604:a880:800:10::8:7001

Run By: Theo Baschak

NS3

ns3.skullspace.ca A    198.98.120.171
ns3.skullspace.ca AAAA 2605:f700:c0:1::3782:2f74

Run By: Mark Jenkins

Relevant Man Pages

System Access

Email it AT skullspace.ca with your request, the more detail the better and the higher the probability of getting said access. Note requires also sending an SSH public key.