网络/光纤>> dithematic>> 返回
项目作者: vedetta-com

项目描述 :
OpenBSD DNS name server
高级语言: Shell
项目地址: git://github.com/vedetta-com/dithematic.git
创建时间: 2019-02-12T16:27:07Z
项目社区:https://github.com/vedetta-com/dithematic
开源协议:ISC License
下载


dithematic (alpha)

OpenBSD DNS name server

Dithematic Logo

About

autoritative nameserver for domain names

Dithematic configuration and guide for self-hosting DNS

Features

PowerDNS features on OpenBSD‘s NSD shoulders

Getting started

Minimum requirements

  • 512MB RAM, 10GB SSD
  • reverse DNS (record type PTR) for each nameserver IP configured on hosting provider, with the primary DOMAIN_NAME

Grab a copy of this repository, and put overrides in “Makefile.local” e.g.

  1. # Makefile.local
  3. EGRESS =    vio0
  5. DOMAIN_NAME =    example.com
  7. MASTER =    yes
  8. MASTER_HOST =    dot
  10. IPv4 =        203.0.113.3
  11. IPv6 =        2001:0db8::3
  13. UPGRADE =    yes

n.b. UPGRADE uses sdiff side-by-side diff (with new on the right side)

Test

  1. make beforeinstall

Install

  1. make install

Edit zoneadd to match (or use env)

  1. # Dithematic IP
  2. MASTER_IP="${MASTER_IP:-\
  3.  203.0.113.3 \
  4.  2001:0db8::3 \
  5.  }"
  6. SLAVE_IP="${SLAVE_IP:-\
  7.  203.0.113.4 \
  8.  2001:0db8::4 \
  9.  }" # empty to disable
  11. # Vendor
  12. FREE_SLAVE="${FREE_SLAVE:-\
  13.  1984.is \
  14.  FreeDNS.afraid.org \
  15.  GratisDNS.com \
  16.  HE.net \
  17.  Puck.nether.net \
  18.  }" # empty to disable

n.b. rename and place zone templates in /var/nsd/zones/master (or start with a blank slate.)

Install DNS zone(s), e.g. on master: example.com and ddns.example.com

  1. zoneadd example.com
  2. env DDNS=true zoneadd ddns.example.com

Edit a zone

  1. env EDITOR="${EDITOR:-vi}" pdnsutil edit-zone example.com

n.b. place existing TSIG key as tsig.example.com, CSK (or ZSK) as example.com.CSK in /etc/ssl/dns/private (or let zoneadd generate new keys.)

Setup the TSIG user on all dithematic nameservers, i.e. tsig

  1. su - tsig
  2. ssh-keygen -t ed25519 -C tsig@example.com
  3. exit

Share TSIG user’s public key with all dithematic slave nameservers, and update “known_hosts”

  1. ssh -4 -i /home/tsig/.ssh/id_ed25519 -l tsig dig.example.com "exit"
  2. ssh -6 -i /home/tsig/.ssh/id_ed25519 -l tsig dig.example.com "exit"

Edit tsig-share on master to add slave nameserver names

  1. NS="${NS:-dig.example.com}" # (space-separated) domain name(s), or IP(s)

Share master TSIG secret with slave nameservers, e.g.: dig.example.com

  1. env NS="dig.example.com" tsig-share tsig.example.com

DNS UPDATE allowed IPs are managed with authpf(8) i.e. user “puffy” first needs to SSH login on the master name server host to authenticate the IP from which they will next update ddns.example.com zone using e.g. nsupdate (pkg_add isc-bind) or dnspython (pkg_add py-dnspython) on their device (skip if not using dynamic DNS)

  1. user add -L authpf -G authdns -c "DDNS user" -s /sbin/nologin -m puffy

Edit “smtpd.conf” and “secrets”

Edit pf table “msa” to add Message Submission Agent IP(s)

Enjoy

  1. dig example.com any

Support

Issues

Contribute

Contributions welcome, fork