Difference between revisions of "SKSP DNS"
m (→Configuration =) |
m |
||
(10 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
+ | [[Category:Networking]] | ||
= Skullspace DNS = | = Skullspace DNS = | ||
Line 7: | Line 8: | ||
* Soekris NET4501 | * Soekris NET4501 | ||
* Running OpenBSD (5.5 as of initial deploy, subject to change with maintenance). | * Running OpenBSD (5.5 as of initial deploy, subject to change with maintenance). | ||
+ | * Initially setup and maintained by Sean Cody | ||
* IPv4: 206.220.196.51 | * IPv4: 206.220.196.51 | ||
* IPv6: 2604:4280:1:c0de::53 | * IPv6: 2604:4280:1:c0de::53 | ||
+ | |||
+ | * SSH: ECDSA key fingerprint is 3f:33:d3:9e:7f:ac:7b:a0:d1:c5:1f:eb:98:3d:61:02. | ||
+ | * SSH (known_hosts format): 206.220.196.51 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOpHXeGEVR6AoqXK/1/rgQpE6/aQl5OXQ80NGalSjn+n00XOTjWHaPjmOsKRDiMSHUX/zpo6s+ydMIXpFBfchNw= | ||
+ | |||
+ | System is setup to only allow SSH with key based authentication. | ||
+ | Elevated access is given by means of using [http://www.openbsd.org/cgi-bin/man.cgi?query=sudo&apropos=0&sec=0&arch=default&manpath=OpenBSD-current sudo(8)] with allowance for those in the <tt>wheel</tt> group. | ||
== DNS Service Configuration == | == DNS Service Configuration == | ||
Line 31: | Line 39: | ||
: Reload Configuration | : Reload Configuration | ||
:: sudo nsd-control reconfig | :: sudo nsd-control reconfig | ||
+ | : Reload Changed Zones | ||
+ | :: sudo nsd-control reload | ||
+ | :: sudo nsd-control reload <zonename> | ||
: Force Notify To Configured Slaves | : Force Notify To Configured Slaves | ||
:: sudo nsd-control notify | :: sudo nsd-control notify | ||
Line 37: | Line 48: | ||
== Configuration == | == Configuration == | ||
− | Configuration file is in <tt>/var/nsd/etc/nsd.conf</tt> | + | Configuration file is in <tt>/var/nsd/etc/nsd.conf</tt><br> |
− | Zone locations: <tt>/var/nsd/zones | + | Zone locations: <tt>/var/nsd/zones</tt> |
When editing the configuration it is '''RECOMMENDED''' to check the configuration syntax before restarting (via <tt>sudo nsd-checkconf /var/nsd/etc/nsd.conf</tt>) and '''RECOMMENDED''' to use the <tt>nsd-control reconfig</tt> instead of service restart restart. | When editing the configuration it is '''RECOMMENDED''' to check the configuration syntax before restarting (via <tt>sudo nsd-checkconf /var/nsd/etc/nsd.conf</tt>) and '''RECOMMENDED''' to use the <tt>nsd-control reconfig</tt> instead of service restart restart. | ||
Line 50: | Line 61: | ||
=== Reverse Zones === | === Reverse Zones === | ||
− | * 193.220.206.in-addr-arpa | + | * ipv4 |
− | ** /var/nsd/zones/reverse-sksp-ipv4- | + | ** 196.220.206.in-addr.arpa |
+ | *** /var/nsd/zones/reverse-sksp-ipv4-a.sksp | ||
+ | |||
+ | * ipv4 | ||
+ | ** 193.220.206.in-addr.arpa | ||
+ | *** /var/nsd/zones/reverse-sksp-ipv4-b.sksp | ||
+ | |||
+ | * ipv4 | ||
+ | ** 2.202.199.in-addr.arpa | ||
+ | *** /var/nsd/zones/reverse-sksp-ipv4-c.sksp | ||
− | * e.d.0.c.0.8.2.4.4.0.6.2.ip6.arpa | + | * ipv6 |
− | ** /var/nsd/zones/reverse-sksp-ipv6-a.sksp | + | ** e.d.0.c.1.0.0.0.0.8.2.4.4.0.6.2.ip6.arpa |
+ | *** /var/nsd/zones/reverse-sksp-ipv6-a.sksp | ||
− | + | * ipv6 | |
+ | ** e.d.0.c.0.8.2.4.4.0.6.2.ip6.arpa | ||
+ | *** /var/nsd/zones/reverse-sksp-ipv6-b.sksp | ||
== Slave Delegation == | == Slave Delegation == | ||
Line 75: | Line 98: | ||
Run By: Mark Jenkins | Run By: Mark Jenkins | ||
− | == System Access | + | = Relevant Man Pages = |
+ | |||
+ | * [http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/nsd-control.8?query=nsd nsd](8) | ||
+ | * [http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/nsd.conf.5?query=nsd%2econf nsd.conf](5) | ||
+ | * [http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/nsd-control.8?query=nsd-control nsd-control](8) | ||
+ | * [http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/nsd-checkconf.8?query=nsd-checkconf nsd-checkconf](8) | ||
+ | * [http://www.openbsd.org/cgi-bin/man.cgi?query=sudo&apropos=0&sec=0&arch=default&manpath=OpenBSD-current sudo](8) | ||
+ | |||
+ | = System Access = | ||
Email it AT skullspace.ca with your request, the more detail the better and the higher the probability of getting said access. Note requires also sending an SSH public key. | Email it AT skullspace.ca with your request, the more detail the better and the higher the probability of getting said access. Note requires also sending an SSH public key. |
Latest revision as of 16:30, 4 October 2017
Skullspace DNS
Domain registered with GoDaddy and owned/controlled by Ron Bowes.
System Details
- Soekris NET4501
- Running OpenBSD (5.5 as of initial deploy, subject to change with maintenance).
- Initially setup and maintained by Sean Cody
- IPv4: 206.220.196.51
- IPv6: 2604:4280:1:c0de::53
- SSH: ECDSA key fingerprint is 3f:33:d3:9e:7f:ac:7b:a0:d1:c5:1f:eb:98:3d:61:02.
- SSH (known_hosts format): 206.220.196.51 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOpHXeGEVR6AoqXK/1/rgQpE6/aQl5OXQ80NGalSjn+n00XOTjWHaPjmOsKRDiMSHUX/zpo6s+ydMIXpFBfchNw=
System is setup to only allow SSH with key based authentication. Elevated access is given by means of using sudo(8) with allowance for those in the wheel group.
DNS Service Configuration
Using OpenBSD 5.5 base DNS server service named nsd(8).
Stop/Start Procedures
System/Service Level
- Start
- sudo /etc/rc.d/nsd start
- Stop
- sudo /etc/rc.d/nsd stop
- Restart
- sudo /etc/rc.d/nsd restart
Application Level
- Stop
- sudo nsd-control start
- Stop
- sudo nsd-control stop
- Reload Configuration
- sudo nsd-control reconfig
- Reload Changed Zones
- sudo nsd-control reload
- sudo nsd-control reload <zonename>
- Force Notify To Configured Slaves
- sudo nsd-control notify
- sudo nsd-control notify <zonename>
Configuration
Configuration file is in /var/nsd/etc/nsd.conf
Zone locations: /var/nsd/zones
When editing the configuration it is RECOMMENDED to check the configuration syntax before restarting (via sudo nsd-checkconf /var/nsd/etc/nsd.conf) and RECOMMENDED to use the nsd-control reconfig instead of service restart restart.
Configured Zones
Forward Zones
- skullspace.ca
- /var/nsd/zones/skullspace.ca
Reverse Zones
- ipv4
- 196.220.206.in-addr.arpa
- /var/nsd/zones/reverse-sksp-ipv4-a.sksp
- 196.220.206.in-addr.arpa
- ipv4
- 193.220.206.in-addr.arpa
- /var/nsd/zones/reverse-sksp-ipv4-b.sksp
- 193.220.206.in-addr.arpa
- ipv4
- 2.202.199.in-addr.arpa
- /var/nsd/zones/reverse-sksp-ipv4-c.sksp
- 2.202.199.in-addr.arpa
- ipv6
- e.d.0.c.1.0.0.0.0.8.2.4.4.0.6.2.ip6.arpa
- /var/nsd/zones/reverse-sksp-ipv6-a.sksp
- e.d.0.c.1.0.0.0.0.8.2.4.4.0.6.2.ip6.arpa
- ipv6
- e.d.0.c.0.8.2.4.4.0.6.2.ip6.arpa
- /var/nsd/zones/reverse-sksp-ipv6-b.sksp
- e.d.0.c.0.8.2.4.4.0.6.2.ip6.arpa
Slave Delegation
NS2
ns2.skullspace.ca A 104.131.53.85 ns2.skullspace.ca AAAA 2604:a880:800:10::8:7001
Run By: Theo Baschak
NS3
ns3.skullspace.ca A 198.98.120.171 ns3.skullspace.ca AAAA 2605:f700:c0:1::3782:2f74
Run By: Mark Jenkins
Relevant Man Pages
- nsd(8)
- nsd.conf(5)
- nsd-control(8)
- nsd-checkconf(8)
- sudo(8)
System Access
Email it AT skullspace.ca with your request, the more detail the better and the higher the probability of getting said access. Note requires also sending an SSH public key.