unxsBind Getting Started

Introduction

This page will guide through the process of setting up a new zone, configuring your nameserver set and putting your BIND server in production using unxsBind. We assume you have read and implemented the instructions described at the Installing unxsBind with yum for CentOS 5 page. If not, that should be your starting point before reading this document.

Securing your install

  1. Login into your iDNS.cgi backend at https://yourserverip:9333/cgi-bin/iDNS.cgi (Root/wsxedc)

http://unixservice.com/images/unxsBind/login.jpg

  1. Once there, you must change the Root user password. For doing so, click on the Main tab:

http://unixservice.com/images/unxsBind/MainTab.jpg

  1. Click on the tAuthorize link, you should see the screen below:
  2. There you'll find the Root tAuthorize record loaded.
  3. Press [Modify]

http://unixservice.com/images/unxsBind/tAuthorizeMod.jpg

  1. Update the cPasswd field with the password you want to use.
  2. Press [Confirm Modify]
  3. You'll be logged out of the application.
  4. Re-login with your new credentials.

Creating a zone

  1. Login into your iDNS.cgi backend at https://yourserverip:9333/cgi-bin/iDNS.cgi using the Root username and the password you used.

http://unixservice.com/images/unxsBind/tZoneHigh.jpg

  1. Click on the tZone tab. You'll see the screen shown below

http://unixservice.com/images/unxsBind/tZoneLoaded.jpg

  1. Press the [New] button at the top navigation bar. You should only change the cZone field value with the new zone name. The TTLs set for the sample zone should work for this simple test.
  2. Once you changed the cZone field value, to smart.com in our example; press the [Confirm New] button at the left panel.
  3. Then, if you click on the tJob tab you'll see two job entries, one for the master and the other for the slave of the preconfigured nameserver set.

http://unixservice.com/images/unxsBind/tJobTab.jpg

  1. After the job queue gets processed for the master server (this should take one minute or so, until the cron job gets executed) you should be able to query your nameserver for the SOA of the created zone: 
    [root@localhost ~]# dig @localhost soa smart.com

; <<>> DiG 9.3.4-P1 <<>> @localhost soa smart.com
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57687
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;smart.com.                     IN      SOA

;; ANSWER SECTION:
smart.com.              86400   IN      SOA     ns1.yourdomain.com. hostmaster.yourdomain.com. 2009051900 28800 7200 604800 86400

;; AUTHORITY SECTION:
smart.com.              86400   IN      NS      ns2.yourdomain.com.
smart.com.              86400   IN      NS      ns1.yourdomain.com.

;; ADDITIONAL SECTION:
ns1.yourdomain.com.     86400   IN      A       192.0.0.1
ns2.yourdomain.com.     86400   IN      A       192.168.0.2

;; Query time: 42 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue May 19 09:28:02 2009
;; MSG SIZE  rcvd: 153

Adding RRs to a zone

  1. Provided you have gone through the section above, for starting click on the tZone tab.
  2. Enter smart at the cSearch box at the left panel (Highlighted with green below) and press <Enter>
  3. You should see the tZone record for the smart.com zone

http://unixservice.com/images/unxsBind/tZoneSearch.jpg

  1. Then press the [Add Resource Record] button at the left panel (Highlighted with blue above.)
  2. You'll the the tResource tab, with the fields opened for writing. Complete them as the image below shows:

http://unixservice.com/images/unxsBind/tResourceTab.jpg

  1. To add the new RR press the [Confirm New] button at the left panel.
  2. Wait a minute and test the new RR with dig: 
    [root@localhost ~]# dig @localhost www.smart.com

; <<>> DiG 9.3.4-P1 <<>> @localhost www.smart.com
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23724
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.smart.com.                 IN      A

;; ANSWER SECTION:
www.smart.com.          86400   IN      A       192.168.0.45

;; AUTHORITY SECTION:
smart.com.              86400   IN      NS      ns1.yourdomain.com.
smart.com.              86400   IN      NS      ns2.yourdomain.com.

;; ADDITIONAL SECTION:
ns1.yourdomain.com.     86400   IN      A       192.0.0.1
ns2.yourdomain.com.     86400   IN      A       192.168.0.2

;; Query time: 11 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue May 19 10:13:24 2009
;; MSG SIZE  rcvd: 126

Configuring your NS Set

Now that you have learned how to create a zone and RRs, let's move to the final step of this 'Getting Started' guide. This section will show you how to configure a NS Set. But first, a little of theory.

What are NS Sets?

Basically, a NS set is a group of nameservers, being those masters or slaves. The server function doesn't matter as regards this grouping. unxsBind has various tables that organize this system. 

tServer ----  tNS ---- tNSType
                   |
               tNSSet

Let's explain this. The tServer table keeps track of the server records. A server in this context, is the physical hardware (e.g. OpenVZ hardware node) which runs the nameserver identified by the tNS record. At the same time, this nameserver record belongs to a group, which is indicated by a tNSSet record. Moreover, the type of nameserver (master, hidden master or slave) is set by a tNSType record associated with the tNS record.

All these tables are hidden in the tab menu, but you can access them from the 'Main' tab, by clicking on the respective link, as the image below shows:

http://unixservice.com/images/unxsBind/MainTabFullScreen.jpg

Editing tServer data

If you look at the tServer records which come with the unxsBind sample data, you'll see two servers:

http://unixservice.com/images/unxsBind/tServerTab.jpg

Assuming you'll have a master and a slave server, you need to modify these records according with your setup. Modify the greenday.yourdomain.com to match your master server hardware hostname. For doing so:

  1. Click on the greenday.yourdomain.com link at the left panel navigation list.
  2. Press the [Modify] button at the top navigation bar.
  3. Edit the value of the cLabel field.
  4. Press the [Confirm Modify] button at the left panel.

Now, repeat the above process for the blink182.yourdomain.com server. Remember that this one should match your slave server hardware hostname.

Editing tNSSet data

unxsBind comes with three NS Sets preconfigured. Probably you will use only one for your initial setup, so we will leave the other NS set untouched in this tutorial. The NS set we are going to modify is the 'ns1-2.yourdomain.com' set.

http://unixservice.com/images/unxsBind/tNSSetTab.jpg

For modifying it:

  1. Press on the 'ns1-2.yourdomain.com' link at the left panel
  2. Press the [Modify] button at the top navigation bar.
  3. Edit the value of the cLabel field. Enter a sensible name, like ns1-2.yourcompany.com.
  4. Specify the IP address of your master server in the cMasterIPs field. If using multiple master servers, put a semicolon (;) between the IP addresses. If using only a single master, append the semi-colon to the IP address.
  5. Press the [Confirm Modify] button at the left panel.

Editing tNS data

These three NS sets that come preconfigured, have their members setup at the tNS table, in this tutorial we will deal with ns1 and ns2 .yourdomain.com, master and slave respectively

http://unixservice.com/images/unxsBind/tNSTab.jpg

We have to modify the ns1.yourdomain.com record to match your master server hostname. For doing so:

  1. Click on the ns1.yourdomain.com link at the left panel
  2. Press the [Modify] button at the top navigation bar.
  3. Edit the value of the cLabel field to match your master server hostname.
  4. Press the [Confirm Modify] button at the left panel.

Then repeat for ns2.yourdomain.com

Putting the server into production

Now that you've reached this point, you should change the BIND listening IP address to other than 127.0.0.1. For doing so, edit the /usr/local/idns/named.conf file. The section we are interested in is the 'options' section. The unxsBind rpm will install a named.conf with the following 'options' section: 

options {
        directory "/usr/local/idns/named.d";
        listen-on { 127.0.0.1; 127.0.0.1; };
        version "No version information available";
        query-source address 127.0.0.1 port 53;
        pid-file "/usr/local/idns/named.pid";

        //tHit susbsystem required
        zone-statistics yes;

        //multi master configuration
        //if all your servers are masters (recommended)
        //this still allows secondary only zones i.e. external masters
        notify no;

        //master.zones will turn off recursion based on view
        //if any view needs recursion it must be "yes" here.
        recursion yes;
};

You have to change the 

        listen-on { 127.0.0.1; 127.0.0.1; };

line to: 

        listen-on { 192.168.238.133; 127.0.0.1; };

Provided that 192.168.238.133 is the IP address of the interface your master server will bind connections to. Once that's done run: 

# rndc reconfig

You should see that now your BIND server also listens at the IP address specified above: 

[root@localhost ~]# netstat -tnl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN
tcp        0      0 192.168.238.133:53          0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN
tcp        0      0 :::80                       :::*                        LISTEN
tcp        0      0 :::9333                     :::*                        LISTEN
tcp        0      0 :::22                       :::*                        LISTEN
tcp        0      0 :::443                      :::*                        LISTEN

Building the slave server

(soon)

Back