Service/Nameservers: Difference between revisions

Line 47:

== Checkout nameserver config ==

Checkout the repository ~~as usual~~:

Checkout the git repository containing the DNS zone data:

git clone lightwave.sugarlabs.org:/var/lib/bind/etc/bind ns

Do not checkout the repository as root. Your user needs to be in group hostmaster.

Do not checkout the repository as root. Your user on [[Machine:lightwave]] needs to be in group hostmaster.

In order to make changes, you will also need the private keys for your domain. For security reasons, these

are not kept on the master DNS itself. Ask one of the other hostmasters for a copy and put it in the keys/

directory alongside the public keys.

== Edit zone data ==

Line 67:

Line 71:

== Push changes back to master nameserver ==

* Commit your changes~~, preferably with a meaningful comment~~:

After you edited the sugarlabs.org zone, execute this script to re-sign the zone

and push your changes to the master DNS:

~~git commit -a -v~~

* Then, push your changes:

./update-sugarlabs

~~git~~ push

The script does:

* re-sign the zone with the DNSSEC keys

* commit your changes

* push the commit to the remote repository

* We have a handy post-receive hook to automate the rest of the procedure:

The post-receive hook to automate the rest of the procedure:

** send a notification email to systems-logs@;

* send a notification email to systems-logs@;

** checkout your changes to the bind configuration directory;

* checkout your changes to the bind configuration directory;

** make BIND reload its configuration;

* make BIND reload its configuration;

** watch BIND's log file to ensure slaves are actually transferring the changed zones.

* watch BIND's log file to ensure slaves are actually transferring the changed zones.

== Implementation details ==

@@ Line 47: / Line 47: @@
 == Checkout nameserver config ==
-Checkout the repository as usual:
+Checkout the git repository containing the DNS zone data:
   git clone lightwave.sugarlabs.org:/var/lib/bind/etc/bind ns
-Do not checkout the repository as root. Your user needs to be in group hostmaster.
+Do not checkout the repository as root. Your user on [[Machine:lightwave]] needs to be in group hostmaster.
+In order to make changes, you will also need the private keys for your domain. For security reasons, these
+are not kept on the master DNS itself. Ask one of the other hostmasters for a copy and put it in the keys/
+directory alongside the public keys.
 == Edit zone data ==
@@ Line 67: / Line 71: @@
 == Push changes back to master nameserver ==
-* Commit your changes, preferably with a meaningful comment:
+After you edited the sugarlabs.org zone, execute this script to re-sign the zone
+and push your changes to the master DNS:
-  git commit -a -v
-* Then, push your changes:
+ ./update-sugarlabs
-  git push
+The script does:
+ * re-sign the zone with the DNSSEC keys
+ * commit your changes
+ * push the commit to the remote repository
-* We have a handy post-receive hook to automate the rest of the procedure:
+The post-receive hook to automate the rest of the procedure:
-** send a notification email to systems-logs@;
+ * send a notification email to systems-logs@;
-** checkout your changes to the bind configuration directory;
+ * checkout your changes to the bind configuration directory;
-** make BIND reload its configuration;
+ * make BIND reload its configuration;
-** watch BIND's log file to ensure slaves are actually transferring the changed zones.
+ * watch BIND's log file to ensure slaves are actually transferring the changed zones.
 == Implementation details ==