This shows you the differences between two versions of the page.
— |
kiviak-install [2015-02-07 20:55:28] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Installation ====== | ||
+ | |||
+ | Install Bind, webserver with PHP and MySQL. For example on Debian: | ||
+ | |||
+ | <code>lighttpd php5-cgi mysql-server php5-mysql bind9</code> | ||
+ | |||
+ | ===== DNS ===== | ||
+ | |||
+ | Convince someone to forward a NS subdomain to you. For example: | ||
+ | <code> | ||
+ | dyn IN A your.ip.address | ||
+ | d IN NS dyn | ||
+ | </code> | ||
+ | |||
+ | ===== Configure Bind ===== | ||
+ | |||
+ | You need to configure a zone. If you don't have any, you can use example config files | ||
+ | |||
+ | * named.conf.local - zone inclusion | ||
+ | * zones.foo.master - zone specification | ||
+ | * d.brmlab.cz - example zone (of course change it to your needs) | ||
+ | |||
+ | After configuration, your nameserver should be able to respond to "A ahoj.d.brmlab.cz." query. | ||
+ | |||
+ | We need to generate a user key that we will sign the updates with (with this you can also securely update a remote DNS server). | ||
+ | |||
+ | <code>dnssec-keygen -a HMAC-SHA1 -b 160 -n USER some.email.address.</code> | ||
+ | |||
+ | Two files are generated, K*key and K*private. Take the key from the *key one and put it to zone declaration (zones.foo.master in our case) | ||
+ | |||
+ | ===== Configure dynamic updater ===== | ||
+ | |||
+ | Put scripts from the shell/ directory somewhere. Edit config.sh. | ||
+ | |||
+ | Try update with <code>echo test a 9.10.11.12 | bash -x bind_update.sh</code>. You should be then able to resolve "A test.your.domain." to 9.10.11.12. | ||
+ | |||
+ | On Debian I had a problem that the /etc/bind directory was not owned by the user under which bind is running, so bind was unable to perform the update | ||
+ | |||
+ | ===== Some security ===== | ||
+ | |||
+ | The key should not be world-readable. You can create a separate user, chown & chmod 600 the key and all the scripts and then use the example sudoers file to run the update under that user. | ||
+ | |||
+ | ===== Web frontend ===== | ||
+ | |||
+ | Create a MySQL database. I use [[http://www.adminer.org/|Adminer]] GUI, but if you want to go with the command line, it will be something like this | ||
+ | <code> | ||
+ | CREATE DATABASE `kiviak`; | ||
+ | |||
+ | CREATE USER 'kiviak'@'localhost' IDENTIFIED BY PASSWORD 'XXXYYY'; | ||
+ | GRANT ALL PRIVILEGES ON `kiviak`.* TO 'kiviak'@'localhost'; | ||
+ | </code> | ||
+ | Then execute schema.sql to create the table. | ||
+ | |||
+ | Point your webserver to files in web/ folder. These files don't have to be writable by the webserver. | ||
+ | |||
+ | Edit config.php to reflect your environment. | ||
+ | |||
+ | Enjoy. | ||
+ | |||
+ | ===== Misc. ===== | ||
+ | |||
+ | The delete.php script deletes hostnames that have not been updated for more than a month. You can add it to your crontab. | ||