Difference between revisions of "Service/Nameservers"
Line 47: | Line 47: | ||
== Checkout nameserver config == | == Checkout nameserver config == | ||
− | Checkout the repository | + | Checkout the git repository containing the DNS zone data: |
git clone lightwave.sugarlabs.org:/var/lib/bind/etc/bind ns | git clone lightwave.sugarlabs.org:/var/lib/bind/etc/bind ns | ||
− | Do not checkout the repository as root. Your user needs to be in group hostmaster. | + | Do not checkout the repository as root. Your user on [[Machine:lightwave]] needs to be in group hostmaster. |
+ | |||
+ | In order to make changes, you will also need the private keys for your domain. For security reasons, these | ||
+ | are not kept on the master DNS itself. Ask one of the other hostmasters for a copy and put it in the keys/ | ||
+ | directory alongside the public keys. | ||
== Edit zone data == | == Edit zone data == | ||
Line 67: | Line 71: | ||
== Push changes back to master nameserver == | == Push changes back to master nameserver == | ||
− | + | After you edited the sugarlabs.org zone, execute this script to re-sign the zone | |
− | + | and push your changes to the master DNS: | |
− | |||
− | + | ./update-sugarlabs | |
− | + | The script does: | |
+ | * re-sign the zone with the DNSSEC keys | ||
+ | * commit your changes | ||
+ | * push the commit to the remote repository | ||
− | + | The post-receive hook to automate the rest of the procedure: | |
− | + | * send a notification email to systems-logs@; | |
− | + | * checkout your changes to the bind configuration directory; | |
− | + | * make BIND reload its configuration; | |
− | + | * watch BIND's log file to ensure slaves are actually transferring the changed zones. | |
== Implementation details == | == Implementation details == |
Revision as of 05:08, 9 October 2010
Hostmasters
To request changes to DNS records, contact <hostmaster AT sugarlabs DOT org>
Current hostmasters are:
Registered nameservers
The following nameservers are currently registered in whois records for our domains:
hostname | aka | location | IPv4 | IPv6 |
---|---|---|---|---|
ns1.sugarlabs.org | lightwave | FSF, Boston, USA | 140.186.70.102 | 2002:8cba:4666::1 |
ns2.sugarlabs.net | sunjammer | FSF, Boston, USA | 140.186.70.53 | 2002:8cba:4635::1 |
ns1.codewiz.org | trinity | Develer, Firenze, Italy | 83.149.158.210 | 2002:5395:9ed2::1 |
Editing zone data
We use distributed version control and admin scripts to arbitrate edits to the zone files and nameserver configurations. DO NOT EDIT THESE FILES DIRECTLY ON THE MASTER NAMESERVER, ANY CHANGES WILL BE OVERWRITTEN.
Checkout nameserver config
Checkout the git repository containing the DNS zone data:
git clone lightwave.sugarlabs.org:/var/lib/bind/etc/bind ns
Do not checkout the repository as root. Your user on Machine:lightwave needs to be in group hostmaster.
In order to make changes, you will also need the private keys for your domain. For security reasons, these are not kept on the master DNS itself. Ask one of the other hostmasters for a copy and put it in the keys/ directory alongside the public keys.
Edit zone data
Guidelines for editing zones:
- Please keep the zone files tidy, by following indentation style
- Add comments as needed to describe obscure records in the zone files
- Remember to keep reverse zones always up to date
- Bump the serials after each update!
Push changes back to master nameserver
After you edited the sugarlabs.org zone, execute this script to re-sign the zone and push your changes to the master DNS:
./update-sugarlabs
The script does:
* re-sign the zone with the DNSSEC keys * commit your changes * push the commit to the remote repository
The post-receive hook to automate the rest of the procedure:
* send a notification email to systems-logs@; * checkout your changes to the bind configuration directory; * make BIND reload its configuration; * watch BIND's log file to ensure slaves are actually transferring the changed zones.
Implementation details
- We use a detached working directory to allow the automatic checkout to work (see post-receive hook below). The git repository is in
/var/lib/bind/etc/bind.git
and the working directory lives in/var/lib/bind/etc/bind
./etc/bind
is a symlink to the working directory (/var/lib/bind/etc/bind
).
- The git config file is as follows:
[core] repositoryformatversion = 0 filemode = true bare = false sharedRepository = true logallrefupdates = true worktree = /etc/bind [receive] denycurrentbranch = ignore [hooks] mailinglist = systems-logs@... emailprefix = "[DNS] " showrev = "git show -C %s; echo"
- /var/lib/bind/etc/bind.git/description contains the repository description "Sugar Labs DNS zone data"
- We use a post-receive hook to checkout the zones to the local sandbox and make BIND reload them:
#!/bin/bash /bin/bash /usr/share/doc/git-core/contrib/hooks/post-receive-email git checkout -f tail -n0 -f /var/log/daemon.log & /etc/init.d/bind9 reload sleep 3