Difference between revisions of "Service/Nameservers"
| Line 23: | Line 23: | ||
! IPv6 | ! IPv6 | ||
|- | |- | ||
| − | ! ns1.sugarlabs.org | + | ! '''ns1.sugarlabs.org''' |
| lightwave | | lightwave | ||
| FSF, Boston, USA | | FSF, Boston, USA | ||
| Line 59: | Line 59: | ||
To simplify merging, each hostmaster pushes to a separate branch: | To simplify merging, each hostmaster pushes to a separate branch: | ||
| − | git clone | + | git clone lightwave.sugarlabs.org:/var/lib/bind/etc/bind ns |
| − | |||
| − | '''FIXME''': use | + | Do not checkout the repository as root. Your user needs to be in group bind. |
| + | |||
| + | '''FIXME''': use a separate group ''hostmaster'' rather than bind. | ||
== Edit zone data == | == Edit zone data == | ||
| Line 78: | Line 79: | ||
== Push changes back to master nameserver == | == Push changes back to master nameserver == | ||
| − | We have a handy | + | * We have a handy post-receive hook to automate this procedure. All you have to do is pushing your changes: |
| − | + | git push | |
* You should see the slaves transfering the new zones you have modified | * You should see the slaves transfering the new zones you have modified | ||
| Line 92: | Line 93: | ||
FIXME: ssh keys needed for other admins | FIXME: ssh keys needed for other admins | ||
| + | |||
| + | == Implementation details == | ||
| + | |||
| + | * The git config file is as follows: | ||
| + | |||
| + | [core] | ||
| + | repositoryformatversion = 0 | ||
| + | filemode = true | ||
| + | bare = false | ||
| + | shared = true | ||
| + | logallrefupdates = true | ||
| + | worktree = /etc/bind | ||
| + | [receive] | ||
| + | denycurrentbranch = ignore | ||
| + | |||
| + | [hooks] | ||
| + | mailinglist = bernie@codewiz.org | ||
| + | emailprefix = "[DNS] " | ||
| + | showrev = "git show -C %s; echo" | ||
| + | |||
| + | * We use a post-receive hook to checkout the zones to the local sandbox and make | ||
| + | BIND reload them: | ||
| + | |||
| + | #!/bin/bash | ||
| + | /bin/bash /usr/share/doc/git-core/contrib/hooks/post-receive-email | ||
| + | git checkout -f | ||
| + | tail -n0 -f /var/log/daemon.log & | ||
| + | /etc/init.d/bind9 reload | ||
| + | sleep 3 | ||
| + | |||
| + | * For slightly better security, the repository lives outside the sandbox | ||
Revision as of 09:27, 7 March 2010
Hostmasters
To request changes to DNS records, contact <hostmaster AT sugarlabs DOT org>
Current hostmasters are:
- Bernie Innocenti <bernie@codewiz.org>
- (others to be added when this documentation is finished)
Registered nameservers
The following nameservers are currently registerted in whois records for our domains:
(FIXME: this is what it should look like after the current transitional mess)
| hostname | aka | location | IPv4 | IPv6 |
|---|---|---|---|---|
| ns1.sugarlabs.org | lightwave | FSF, Boston, USA | 140.186.70.102 | 2002:8cba:4666::1 |
| ns2.sugarlabs.net | sunjammer | FSF, Boston | 140.186.70.53 | 2002:8cba:4635::1 |
| ns1.codewiz.org | trinity | Develer, Firenze, Italy | 83.149.158.210 | 2002:5395:9ed2::1 |
| ns2.auth.osuosl.org | - | OSU-OSL, Seattle, USA | 140.211.166.141 | - |
Note that ns2.auth.osuosl.org is not under our control and does not serve all our domains.
Editing zone data
We use distributed version control and admin scripts to arbitrate edits to the zone files and nameserver configurations. DO NOT EDIT THESE FILES LOCALLY, ANY CHANGES WILL BE OVERWRITTEN.
Checkout nameserver config
To simplify merging, each hostmaster pushes to a separate branch:
git clone lightwave.sugarlabs.org:/var/lib/bind/etc/bind ns
Do not checkout the repository as root. Your user needs to be in group bind.
FIXME: use a separate group hostmaster rather than bind.
Edit zone data
Guidelines for editing zones:
- Please keep the zone files tidy, by following indentation style
- Add comments as needed to describe obscure records in the zone files
- Remember to keep reverse zones always up to date
- Bump the serials after each update!
Push changes back to master nameserver
- We have a handy post-receive hook to automate this procedure. All you have to do is pushing your changes:
git push
- You should see the slaves transfering the new zones you have modified
Push changes to slaves
If you add or remove domains to the named-sugarlabs-masters.conf, you also need to synchronize named-sugarlabs-slaves.conf and propagate it to slave nameservers.
./update-named-slaves
FIXME: ssh keys needed for other admins
Implementation details
- The git config file is as follows:
[core]
repositoryformatversion = 0
filemode = true
bare = false
shared = true
logallrefupdates = true
worktree = /etc/bind
[receive]
denycurrentbranch = ignore
[hooks]
mailinglist = bernie@codewiz.org
emailprefix = "[DNS] "
showrev = "git show -C %s; echo"
- We use a post-receive hook to checkout the zones to the local sandbox and make
BIND reload them:
#!/bin/bash /bin/bash /usr/share/doc/git-core/contrib/hooks/post-receive-email git checkout -f tail -n0 -f /var/log/daemon.log & /etc/init.d/bind9 reload sleep 3
- For slightly better security, the repository lives outside the sandbox