Difference between revisions of "Service/Nameservers"
Line 6: | Line 6: | ||
* [[User:Bernie|Bernie Innocenti]] | * [[User:Bernie|Bernie Innocenti]] | ||
+ | * [[User:dogi|Stefan Unterhauser]] | ||
== Registered nameservers == | == Registered nameservers == |
Revision as of 09:28, 7 March 2010
Hostmasters
To request changes to DNS records, contact <hostmaster AT sugarlabs DOT org>
Current hostmasters are:
Registered nameservers
The following nameservers are currently registerted in whois records for our domains:
(FIXME: this is what it should look like after the current transitional mess)
hostname | aka | location | IPv4 | IPv6 |
---|---|---|---|---|
ns1.sugarlabs.org | lightwave | FSF, Boston, USA | 140.186.70.102 | 2002:8cba:4666::1 |
ns2.sugarlabs.net | sunjammer | FSF, Boston | 140.186.70.53 | 2002:8cba:4635::1 |
ns1.codewiz.org | trinity | Develer, Firenze, Italy | 83.149.158.210 | 2002:5395:9ed2::1 |
ns2.auth.osuosl.org | - | OSU-OSL, Seattle, USA | 140.211.166.141 | - |
Note that ns2.auth.osuosl.org is not under our control and does not serve all our domains.
Editing zone data
We use distributed version control and admin scripts to arbitrate edits to the zone files and nameserver configurations. DO NOT EDIT THESE FILES LOCALLY, ANY CHANGES WILL BE OVERWRITTEN.
Checkout nameserver config
To simplify merging, each hostmaster pushes to a separate branch:
git clone lightwave.sugarlabs.org:/var/lib/bind/etc/bind ns
Do not checkout the repository as root. Your user needs to be in group bind.
FIXME: use a separate group hostmaster rather than bind.
Edit zone data
Guidelines for editing zones:
- Please keep the zone files tidy, by following indentation style
- Add comments as needed to describe obscure records in the zone files
- Remember to keep reverse zones always up to date
- Bump the serials after each update!
Push changes back to master nameserver
- Commit your changes, possibly with a meaningful comment:
git commit -a -v
- Then, push your changes:
git push
- We have a handy post-receive hook to automate the rest of the procedure:
- send a notification email to systems-logs@;
- checkout your changes to the bind configuration directory;
- make BIND reload its configuration;
- watch BIND's log file to ensure slaves are actually transferring the changed zones.
Push changes to slaves
If you add or remove domains to the named-sugarlabs-masters.conf, you also need to synchronize named-sugarlabs-slaves.conf and propagate it to slave nameservers.
./update-named-slaves
FIXME: ssh keys needed for other admins
Implementation details
- The git config file is as follows:
[core] repositoryformatversion = 0 filemode = true bare = false shared = true logallrefupdates = true worktree = /etc/bind [receive] denycurrentbranch = ignore
[hooks] mailinglist = bernie@codewiz.org emailprefix = "[DNS] " showrev = "git show -C %s; echo"
- We use a post-receive hook to checkout the zones to the local sandbox and make BIND reload them:
#!/bin/bash /bin/bash /usr/share/doc/git-core/contrib/hooks/post-receive-email git checkout -f tail -n0 -f /var/log/daemon.log & /etc/init.d/bind9 reload sleep 3
- For slightly better security, the repository lives outside the sandbox