DNS (bind)
Install DNS
Retrieve bind from
http://www.isc.org/software/bind/ Use the latest 9.7 release.
We split bind into the following directory structure to keep the configuration and log files seperate from the software package:
-
/opt/services/named/bind-<version>
this is where the bins, libs, ... go
-
/opt/services/named/[etc, var, ...]
this is where our configurations go
and make the symlink
-
/opt/services/named/named -> bind-<version>
I cannot make /opt/service/bind and /opt/service/bind-local like we do with other packages because we run bind with the -t flag which puts it in chroot mode. So I need everything in one directory.
I don't yet know how to setup the name server on the infrastructure nodes. The compute nodes will probably only use the infrastructure nodes as a name server and that nameserver doesn't need to know anything outside the cluster. The infrastructure nodes will need access to a nameserver with root zones. I doubt it will have any slave zones as that would require the USNO folk to change their name servers.
In order to resolve the cluster nodes like "node1", the local DNS server will have to be first in /etc/resolv.conf otherwise some other server will return an NXDOMAIN and the host will stop looking at that point. However, if the local DNS server is first in /etc/resolv.conf then it had better be able to resolve other hosts via forwarding or caching otherwise there will be a few second timeout for each name resolution which will make everything very slow. Since I don't know if the server will be able to get out to root nameservers I had better configure it to forward requests to some usno nameserver. This will be a difference between our cluster and the usno cluster as each nameserver will forward to a different local nameserver.
- Root zone
- Caching if the inf nodes are allowed to reach the root nameservers (e.g. a.root-servers.net)
- Forwarding if the inf nodes are not allowed to reach to root nameservers. I will need to know what nameserver, probably an existing usno server, to use as the desitation of the forward.
- Cluster zone
- Master if there will be a namespace for just the cluster then the inf servers can be masters for that zone.
- Slave if the namespace for the cluster will be shared with other non-cluster names then the inf servers can be a slave for that zone. *
Retrieve BIND-9.7.x from
http://www.isc.org/software/bind/ and save it in /tmp/root
- Set a variable for the version of bind to use
-
VERSION="9.7.6-P1"
- Compile
-
mkdir -p /opt/services/named/bind-${VERSION}
mkdir /tmp/root
cd /tmp/root
tar xfvz bind-${VERSION}.tar.gz
cd bind-${VERSION}
./configure --disable-openssl-version-check --prefix=/opt/services/named/bind-${VERSION} --sysconfdir=/etc --localstatedir=/var --disable-ipv6 --with-openssl=yes
make
- Install
- This shouldn't overwrite anything important in etc or var. In fact it usually just makes a new etc/bind.keys file which is rarley different then the previous version.
make install -e sysconfdir=/opt/services/named/etc -e localstatedir=/opt/services/named/var
- Final touches
-
(cd /opt/services/named ; ln -s bind-${VERSION} named)
mkdir /opt/services/named/dev
mknod /opt/services/named/dev/null c 1 3
mknod /opt/services/named/dev/random c 1 8
mknod /opt/services/named/dev/zero c 1 5
mkdir -p /opt/services/named/var/run /opt/services/named/var/log
mkdir /opt/services/named/master
mkdir /opt/services/named/slave
chown -R named.named /opt/services/named/var /opt/services/named/master /opt/services/named/slave
- Create rndc.conf
-
ln -s /opt/services/named/etc/rndc.key /etc
/opt/services/named/named/sbin/rndc-confgen -a -c /opt/services/named/etc/rndc.key -r keyboard
Now randomly type on the keyboard until it tells you to stop.
chown -R named.named /opt/services/named/etc/rndc.key
- Create loopback zone
- Save attached loopback file for DNS as /opt/services/named/master/127.0.0
- Create reverse zone
- Save the attached reverse file for DNS as /opt/services/named/master/10.1.34
- Create reverse zone
- Save the attached reverse file for DNS as /opt/services/named/master/10.1.35
- Create forward zone
- Save the attached forward file for DNS as /opt/services/named/master/usno.nrao.edu
- Create root zone file
- download named.cache and save it as /opt/services/named/etc/named.cache
This is really only necessary if the inf servers will be able to reach root name servers. I am assuming they won't.
- Create startup script
- Save the attached named startup script as /opt/services/named/etc/nrao-named
chmod 755 /opt/services/named/etc/nrao-named
(cd /etc/init.d ; ln -s /opt/services/named/etc/nrao-named)
chkconfig --add nrao-named
- Create config file
- Save the attached named configuration file as /opt/services/named/etc/named.conf
edit /opt/services/named/etc/named.conf
set the forwarders to a nameserver that can reach root zones. e.g.
forwarders { 146.88.1.4; 8.8.8.8; };
- Configure resolv.conf
-
- Production cluster usno-serv-1
-
cat > /etc/resolv.conf << EOM
domain usno.nrao.edu
search usno.nrao.edu aoc.nrao.edu
nameserver 127.0.0.1
nameserver 146.88.1.4
nameserver 8.8.8.8
EOM
- Production cluster usno-serv-2
-
cat > /etc/resolv.conf << EOM
domain usno.nrao.edu
search usno.nrao.edu aoc.nrao.edu
nameserver 10.1.34.2
nameserver 146.88.1.4
nameserver 8.8.8.8
EOM
- Test cluster usno-serv-1
-
cat > /etc/resolv.conf << EOM
domain usno.nrao.edu
search usno.nrao.edu aoc.nrao.edu
nameserver 127.0.0.1
nameserver 146.88.1.14
EOM
- Test cluster usno-serv-2
-
cat > /etc/resolv.conf << EOM
domain usno.nrao.edu
search usno.nrao.edu aoc.nrao.edu
nameserver 10.64.1.31
nameserver 146.88.1.14
EOM
Start
- Start
-
/etc/init.d/nrao-named start