Warning Livedoc is no longer being updated and will be deprecated shortly. Please refer to https://documentation.tjhsst.edu.

Difference between revisions of "DNS/Configuration"

From Livedoc - The Documentation Repository
Jump to: navigation, search
m (fix formatting)
 
(5 intermediate revisions by 4 users not shown)
Line 1: Line 1:
==Using code.tjhsst.edu==
+
==Getting DNS configuration==
Go to http://code.tjhsst.edu/ and make an account.
+
The DNS configuration is stored in git and can be found on [[gitlab]]. For access to the repository ask any DNS admin. You will then want to fork the repository and clone it to your home directory.
  
Then go to http://code.tjhsst.edu/tjhsst-dns/tjhsst-dns and press clone this repository on gitorious. Name it whatever you want, but try to make it meaningful.
+
==Configuration Layout==
 +
* db/ - contains standard Nameserver zone files
 +
** db/localhost - the zone file for the localhost zone
 +
** db/0.0.127.in-addr.arpa - the zone file for the 127.0.0.0/8 subnet
 +
* named.ca - bootstraps the nameserver with the addresses of the root nameservers
 +
* named.conf - the main named configuration file
 +
* tjhsst/ - tjhsst forward and reverse zone files
 +
* tjhsst.conf - included by named.conf; configuration for TJ zones
 +
* tjpartnershipfund/ - zone information for the TJ partnership fund domains
 +
* tjpartnershipfund.conf - included by named.conf; configuration for PF zones
  
After the repository is created, clone the push url using git.  For me it was git clone git@code.tjhsst.edu:~tageorgiou/tjhsst-dns/tageorgiou-tjhsst-dns.git
+
==Editing Configuration==
 
 
Then edit the configuration as normal and prepare a commit.  After you commit it, run git push origin master, which will put your changes back on code.  Then, press request merge on your repository's page.  Fill out the form and then submit it.
 
  
==Getting DNS configuration==
+
in tjhsst/ is where most changes will be made. The file named tjhsst.edu contains most of the forward records, A,AAAA,CNAME,TXT,SRV,AFSDB, etc. An example entry looks like this:
  
The current config is always at /afs/csl.tjhsst.edu/service/dns.git
+
galapagos.csl                 IN      A      198.38.17.45
 +
                                IN      AAAA    2001:468:cc0:1600:226:55ff:fe2c:2336
 +
galapagos                      IN      CNAME  galapagos.csl
  
In order to get a copy to work on, just clone it.
 
  
For afs-enabled computers (like workstations and remote): '''git clone /afs/csl.tjhsst.edu/service/dns.git'''
+
You will also then need to update the PTR records for those IPs. They are stored in files in tjhsst/revpub/ by netblock (/24 for an IPv4 PTR and /64 for an IPv6 PTR). So for galapagos, you would want to edit 17.38.198.in-addr.arpa and 1600.cc0.468.2001.ip6.arpa. IMPORTANT - do not forget the . at the end of the server's FQDN. Without this, BIND will automatically append the zone name to the end of the name given.
  
For other computers: '''git clone username@remote.tjhsst.edu:/afs/csl.tjhsst.edu/service/dns.git'''
+
17.38.198.in-addr.arpa
  
This will fetch the configuration and history and store it in a folder called "git". You can safely rename this folder if you so choose.
+
42    IN    PTR    galapagos.csl.tjhsst.edu.
  
==Editing Configuration==
 
  
in tjhsst/ is where most changes will be made. The file named tjhsst.edu contains many forward records in A,AAAA,CNAME,TXT,SRV,AFSDB, etc. An example entry looks like this:
+
1600.cc0.468.2001.ip6.arpa
<pre>shodan.csl                      IN      A      198.38.18.72
 
                                IN      AAAA    2001:468:cc0:0:21d:60ff:feee:2b1c
 
shodan                          IN      CNAME  shodan.csl</pre>
 
  
The other file(s) that likely need to be reside in tjhsst/revpub. There is one per IP block, so for example, shodan's reverse record is in tjhsst/revpub/18.38.198.in-addr.arpa:
+
6.3.3.2.c.2.e.f.f.f.5.5.6.2.2.0 IN   PTR   galapagos.csl.tjhsst.edu.
<pre>72      IN     PTR     shodan.csl.tjhsst.edu.</pre>
 
Don't forget the dot at the end! It's important. Really.
 
  
The ipv6 reverse records are stored in tjhsst/revpub/csl-ip6. The ipv6 addresses in the reverse record are separated by a dot per letter. Here's the record for shodan:
 
<pre>c.1.b.2.e.e.e.f.f.f.0.6.d.1.2.0        IN      PTR    shodan.csl.tjhsst.edu.</pre>
 
  
==Using git to prepare changes for the server==
+
==Committing Changes==
 
Commit the file locally with git commit -a (commits all changes to files already in the index). Enter a useful commit message. If you are making many changes, consider making a series of commits. The best type of commit message starts with a short string representing what it is you changed followed by a colon, then a short description of what you've done to it. Example:
 
Commit the file locally with git commit -a (commits all changes to files already in the index). Enter a useful commit message. If you are making many changes, consider making a series of commits. The best type of commit message starts with a short string representing what it is you changed followed by a colon, then a short description of what you've done to it. Example:
 
<pre>shodan: make CNAME shodan -> shodan.csl</pre>
 
<pre>shodan: make CNAME shodan -> shodan.csl</pre>
  
Any non emergency change to DNS should go through the staging area you originally cloned from. In order to get the changes merged there, push your changes to some readable location (github.com, gitorious.org, your own server, whatever) or alternatively have the changes in a git repository in your homedir that's readable (rl) by system:authuser.
+
Finally, you need to push your changes back to gitlab and make a merge request. One of the DNS admins will then review your changes and push them to the nameserver.
 
 
Then request a merge from one of the DNS admins. These currently are: David Ensey, Thomas Georgiou, and Daniel Johnson. Having a few people designated as such will hopefully encourage good code and keep people from running over each other, but there will hopefully be someone available to merge your changes within an hour or so.
 
  
 
==Merging people's changes to the server==
 
==Merging people's changes to the server==
These directions are primarily here for the admins, but are also available for those interested.
+
TO REWRITE
 
+
[[Category:Current]]
If a remote doesn't exist yet, add a one for the contributor's repository with '''git remote add reponame url://to/repo''' Then pull the changes from that repository with '''git pull reponame master'''. Don't push to the staging area, as this breaks the working directory of the staging area.
 
 
 
The next step is to update the serial number. Since multiple people can be working on changes at the same time, it is recommended that the serial number not be changed outside of the staging area (since the number has to be linear). After the serial number bump has been committed, you need simply run '''./update-ns3.sh'''. This script isn't very complicated (and the process isn't that hard to do manually), but it does check the validity of the zone before updating it, and informs you of what you're going to push to the server. If the script succeeds without errors, the server should now be running with the new changes.
 

Latest revision as of 10:32, 1 July 2017

Getting DNS configuration

The DNS configuration is stored in git and can be found on gitlab. For access to the repository ask any DNS admin. You will then want to fork the repository and clone it to your home directory.

Configuration Layout

  • db/ - contains standard Nameserver zone files
    • db/localhost - the zone file for the localhost zone
    • db/0.0.127.in-addr.arpa - the zone file for the 127.0.0.0/8 subnet
  • named.ca - bootstraps the nameserver with the addresses of the root nameservers
  • named.conf - the main named configuration file
  • tjhsst/ - tjhsst forward and reverse zone files
  • tjhsst.conf - included by named.conf; configuration for TJ zones
  • tjpartnershipfund/ - zone information for the TJ partnership fund domains
  • tjpartnershipfund.conf - included by named.conf; configuration for PF zones

Editing Configuration

in tjhsst/ is where most changes will be made. The file named tjhsst.edu contains most of the forward records, A,AAAA,CNAME,TXT,SRV,AFSDB, etc. An example entry looks like this:

galapagos.csl                  IN      A       198.38.17.45
                               IN      AAAA    2001:468:cc0:1600:226:55ff:fe2c:2336
galapagos                      IN      CNAME   galapagos.csl


You will also then need to update the PTR records for those IPs. They are stored in files in tjhsst/revpub/ by netblock (/24 for an IPv4 PTR and /64 for an IPv6 PTR). So for galapagos, you would want to edit 17.38.198.in-addr.arpa and 1600.cc0.468.2001.ip6.arpa. IMPORTANT - do not forget the . at the end of the server's FQDN. Without this, BIND will automatically append the zone name to the end of the name given.

17.38.198.in-addr.arpa

42    IN    PTR    galapagos.csl.tjhsst.edu.


1600.cc0.468.2001.ip6.arpa

6.3.3.2.c.2.e.f.f.f.5.5.6.2.2.0 IN    PTR    galapagos.csl.tjhsst.edu.


Committing Changes

Commit the file locally with git commit -a (commits all changes to files already in the index). Enter a useful commit message. If you are making many changes, consider making a series of commits. The best type of commit message starts with a short string representing what it is you changed followed by a colon, then a short description of what you've done to it. Example:

shodan: make CNAME shodan -> shodan.csl

Finally, you need to push your changes back to gitlab and make a merge request. One of the DNS admins will then review your changes and push them to the nameserver.

Merging people's changes to the server

TO REWRITE