(An abridged guide)
Version 1.1
The following information is offered in good faith as comprising only safe programming and procedures. No responsibility is accepted by the author for any loss or damage caused in any way to any person or equipment, as a direct or indirect consequence of following these instructions.
All activity for tinydns takes place in /service/tinydns/root/
Within this directory are several files and directories, the critical ones being:
Makefile -instructions for converting 'data' to 'data.cdb'
backup_data/ -backup copies of 'data' files, empty
this occasionally
commands_list -related DNS commands (use these instead
of BIND commands)
data -compiled list of all zone data
data.cdb -database of all zone data (live file)
domainlist -list of domains, one per line, used for
importing
get-all-old-zones.pl* -reads domains from 'domainlist'
and fetches them
how-to-transfer-in.txt -instructional hint
search_replace.pl* -tool for performing mass search/replace
on files
update-from-zones* -reads all zone files, verifies
them, saves as 'data'
valtz* -zone verification tool
zones/ -directory whre all individual zone files are
stored, the file names are not important, but it is recommended to name the
files after the domains being managed ('domain.com', 'domain.net')
Inside the zones/ directory, is a separate file for each domain. These files will typically look one of two ways, depending on whether they were brought in from the get-all-old-zones.pl program, or whether they were created from scratch.
This is a zone file as defined by BIND:
# dig @ns1.secure.net axfr example.com
; <<>> DiG 8.3 <<>> @ns1.secure.net axfr example.com
; (2 servers found)
$ORIGIN example.com.
@ 1D IN SOA ns1.secure.net. hostmaster.secure.net. (
2003120400 ; serial
1D ; refresh
2H ; retry
4w2d ; expiry
1D ) ; minimum
1D IN NS ns1.secure.net.
1D IN NS ns2.secure.net.
10S IN A 198.173.254.162
1D IN MX 10 @
smtp 1D IN CNAME @
news 1D IN CNAME @
sal 1D IN CNAME @
nancilee 1D IN CNAME @
www.nancilee 1D IN CNAME @
pop 1D IN CNAME @
localhost 1D IN A 127.0.0.1
www 1D IN CNAME @
imap 1D IN CNAME @
ftp 1D IN CNAME @
@ 1D IN SOA ns1.secure.net. hostmaster.secure.net. (
2003120400 ; serial
1D ; refresh
2H ; retry
4w2d ; expiry
1D ) ; minimum
;; Received 16 answers (16 records).
;; FROM: ns1.domain.com to SERVER: 192.220.124.10
Sample imported zone file, as used by tinydns:
#2003120400 auto axfr-get
Zexample.com:ns1.secure.net.:hostmaster.secure.net.:2003120400:86400:7200:2592000:86400:86400
&example.com::ns1.secure.net.:86400
&example.com::ns2.secure.net.:86400
+example.com:198.173.254.162:10
@example.com::example.com.:10:86400
Csmtp.example.com:example.com.:86400
Cnews.example.com:example.com.:86400
Csal.example.com:example.com.:86400
Cnancilee.example.com:example.com.:86400
Cwww.nancilee.example.com:example.com.:86400
Cpop.example.com:example.com.:86400
+localhost.example.com:127.0.0.1:86400
Cwww.example.com:example.com.:86400
Cimap.example.com:example.com.:86400
Cftp.example.com:example.com.:86400
Same zone file, if created from scratch for use with tinydns:
Zexample.com:ns1.domain.com.:hostmaster.example.com
&example.com::ns1.domain.com
&example.com::ns2.domain.com
@example.com::example.com.:10
+example.com:198.173.254.162
+*.example.com:198.173.254.162
Read about the specific format of these lines at (http://cr.yp.to/djbdns/tinydns-data.html)
Z defines the zone record
& defines a name server
@ defines an MX record
+ defines an A record
^ defines a PTR record
= defines BOTH an A record and the PTR record at once
C defines a CNAME -- DO NOT USE THESE
*.domain can be used to create a wildcard
Here is the sample zone file, from above, deconstructed for explanation:
Zexample.com:ns1.domain.com.:hostmaster.example.com
Z says, "there is a zone being defined, here is the necessary information"
example.com - This is the domain name
ns1.domain.com. - This is the authoritative server (notice
ending dot)
hostmaster.example.com - the email address for the hostmaster
&example.com::ns1.domain.com
& says, "this is an authoritative nameserver for this domain"
Notice the double colons
example.com - This is the domain name
ns1.domain.com - The address of an authoritative server
&example.com::ns2.domain.com
& says, "this is an authoritative nameserver for this domain"
Notice the double colons
example.com - This is the domain name
ns2.domain.com - The address of an authoritative server
@example.com::example.com.:10
@says, "this is an MX record for this domain, define a mail server"
Notice the double colons
example.com - This is the domain name
10 - This is the 'distance' setting or 'priority' for the mail server, lower
has higher priority
+example.com:198.173.254.162
+says, "this is an A record"
example.com - This is the base domain name
198.173.254.162 - The IP address for this A record
+*.example.com:198.173.254.162
+says, "this is an A record"
*.example.com - A wildcard definition, matches (www., ftp., smtp., anything.)
198.173.254.162 - The IP address for this A record
After making changes to the zone files, run the command ./update-from-zones
One of two responses will be displayed on the screen.
Successful update:
# ./update-from-zones
Passed verify
------------------------------------------------------------
data now contains up-to-date zone info in tinydns format.
run 'make' to start using this data and update the secondary.
------------------------------------------------------------
Unsuccessful update:
# ./update-from-zones
*************** ERRORS FOUND ******************
File zones/colorvisiontv.com
line 14; err 8 C\052.colorvisiontv.com:colorvisiontv.com.:86400
expected: fqdn:p:ttl:timestamp:lo
pos 0; fqdn; parts must only contain ASCII letters, digits and - characters
File zones/colorvisiontv.net
line 14; err 8 C\052.colorvisiontv.net:colorvisiontv.net.:86400
expected: fqdn:p:ttl:timestamp:lo
pos 0; fqdn; parts must only contain ASCII letters, digits and - characters
If you encounter any errors, these should be corrected before proceeding. A backup of the previous 'data' file is copied into the 'backup_data' directory and renamed with a date and time stamp. These files should be periodically cleaned out.
As the message indicates after a successful update, simply run 'make' to create a database file (data.cdb) from the data file (data).
# make
/usr/local/bin/tinydns-data
scp data.cdb ns2.domain.com:/etc/tinydns/root/data.cdb.tmp
data.cdb 100% 43KB 42.6KB/s 00:00
ssh ns2.domain.com mv /etc/tinydns/root/data.cdb.tmp /etc/tinydns/root/data.cdb
Running 'make' performs the actions in the Makefile. Essentially, the contents of the 'data' file are converted to a database format 'data.cdb' and tinydns starts using this new data immediately without needing to stop or reload the process. The Makefile also includes instructions for copying the data.cdb file to the secondary server using 'scp' and public key authentication. The copying is done in a 'safe' manner, where the current 'data.cdb' file is copied to a temporary location first, then renamed once it arrives on the server. This ensures that the secondary DNS continues to serve the old data until the new data has been completely copied over. NOTE: There are no zone files or human-readable 'data' files on the secondary server. There is only the database file.
Nothing else needs to be done in order to propagate DNS changes. Tinydns uses 'reasonable' defaults for TTL (time to live) settings, as well as all other variables for DNS if they are not explicitly defined.
In /root/.ssh/ are two files. 'id_dsa' is a private key without a password created with the ssh-keygen program using the 'dsa' encryption method. There is also a file 'id_dsa.pub' which is the public key that corresponds to the private key.
The contents of 'id_dsa.pub' were copied to the secondary NS server into /root/.ssh/authorized_keys. This allows the root user on the primary server to both copy files, and execute commands as root on the secondary server without requiring any password to be typed interactively or stored on the server.
Here are some sample zone files, for reference purposes only
Zpetphotos.com:ns.ipcinc.net.:hostmaster.ipcinc.net.:
+petphotos.com:199.239.100.100:
@petphotos.com::mail.petphotos.com.:10:
&petphotos.com::ns1.ipcinc.net.:
&petphotos.com::ns2.ipcinc.net.:
+www.petphotos.com:199.239.100.100:
+mail.petphotos.com:199.239.100.200:
Zteamipc.com:ns1.ipcinc.net.:hostmaster.ipcinc.net.:
@teamipc.com::mail.ipcinc.net.:10:
&teamipc.com::ns1.ipcinc.net.:
&teamipc.com::ns2.ipcinc.net.:
+teamipc.com:199.239.100.100:
+freedom.teamipc.com:198.173.254.92:
+vps1.teamipc.com:198.173.254.92:
+www.teamipc.com:199.239.100.100:
Zchimayhem.com:ns1.ipcinc.net.:hostmaster.ipcinc.net.:
@chimayhem.com::mail.ipcinc.net.:10:
+chimayhem.com:199.239.100.100:
&chimayhem.com::ns1.ipcinc.net.:
&chimayhem.com::ns2.ipcinc.net.:
+quake2.chimayhem.com:64.36.37.42:
+counterstrike.chimayhem.com:69.56.133.141:
+www.chimayhem.com:199.239.100.100:
Version 1.0 of this document was created by Darien Kruss <darien [at] teamipc.com> on June 24, 2004.
1.1 was an update to generalize it for the VPSTalk mailing list was created on June 30, 2004.