User Tools

Site Tools


kiviak-install

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

kiviak-install [2015-02-07 20:55:28] (current)
Line 1: Line 1:
 +====== Installation ======
 +
 +Install Bind, webserver with PHP and MySQL. For example on Debian:
 +
 +<​code>​lighttpd php5-cgi mysql-server php5-mysql bind9</​code>​
 +
 +===== DNS =====
 +
 +Convince someone to forward a NS subdomain to you. For example:
 +<​code>​
 +dyn     ​IN ​  ​A ​    ​your.ip.address
 +d       ​IN ​  ​NS ​   dyn
 +</​code>​
 +
 +===== Configure Bind =====
 +
 +You need to configure a zone. If you don't have any, you can use example config files
 +
 +  * named.conf.local - zone inclusion
 +  * zones.foo.master - zone specification
 +  * d.brmlab.cz - example zone (of course change it to your needs)
 +
 +After configuration,​ your nameserver should be able to respond to "A ahoj.d.brmlab.cz."​ query.
 +
 +We need to generate a user key that we will sign the updates with (with this you can also securely update a remote DNS server).
 +
 +<​code>​dnssec-keygen -a HMAC-SHA1 -b 160 -n USER some.email.address.</​code>​
 +
 +Two files are generated, K*key and K*private. Take the key from the *key one and put it to zone declaration (zones.foo.master in our case)
 +
 +===== Configure dynamic updater =====
 +
 +Put scripts from the shell/ directory somewhere. Edit config.sh.
 +
 +Try update with <​code>​echo test a 9.10.11.12 | bash -x bind_update.sh</​code>​. You should be then able to resolve "A test.your.domain."​ to 9.10.11.12.
 +
 +On Debian I had a problem that the /etc/bind directory was not owned by the user under which bind is running, so bind was unable to perform the update
 +
 +===== Some security =====
 +
 +The key should not be world-readable. You can create a separate user, chown & chmod 600 the key and all the scripts and then use the example sudoers file to run the update under that user.
 +
 +===== Web frontend =====
 +
 +Create a MySQL database. I use [[http://​www.adminer.org/​|Adminer]] GUI, but if you want to go with the command line, it will be something like this
 +<​code>​
 +CREATE DATABASE `kiviak`;
 +
 +CREATE USER '​kiviak'​@'​localhost'​ IDENTIFIED BY PASSWORD '​XXXYYY';​
 +GRANT ALL PRIVILEGES ON `kiviak`.* TO '​kiviak'​@'​localhost';​
 +</​code>​
 +Then execute schema.sql to create the table.
 +
 +Point your webserver to files in web/ folder. These files don't have to be writable by the webserver.
 +
 +Edit config.php to reflect your environment.
 +
 +Enjoy.
 +
 +===== Misc. =====
 +
 +The delete.php script deletes hostnames that have not been updated for more than a month. You can add it to your crontab.
  
kiviak-install.txt ยท Last modified: 2015-02-07 20:55:28 (external edit)