Changes

Service/Nameservers (view source)

Revision as of 17:16, 5 December 2017

399 bytes removed , 17:16, 5 December 2017

no edit summary

Line 1: Line 1: −

== ~~Hostmasters~~ ==

+

== Administrative contact ==

To request changes to DNS records, contact <hostmaster AT sugarlabs DOT org>

+

== Hostmasters ==

Current hostmasters are:

* [[User:Bernie|Bernie Innocenti]]

−

* [[User:~~dogi~~|~~Stefan Unterhauser~~]]

+

* [[User:Scg|Samuel Cantero]]

−

* [[User:sascha_silbe|Sascha Silbe]]

+

(please use preferably the administrative address)

== Registered nameservers ==

Line 23: Line 26:

! '''ns1.sugarlabs.org'''

| lightwave

−

| ~~FSF~~, ~~Boston~~, USA

+

| MIT Media Lab, Cambridge, USA

−

| ~~140~~.~~186~~.70.~~102~~

+

| 18.85.44.64

−

| 2002:~~8cba~~:~~4666~~::1

+

| 2002:1255:2c40::1

|-

| ns2.sugarlabs.net

| sunjammer

| FSF, Boston, USA

−

| ~~140~~.~~186~~.70.53

+

| 208.118.235.53

−

| ~~2002~~:~~8cba~~:~~4635~~::1

+

| 2001:4830:134:7::11

|-

| ns1.codewiz.org

Line 51: Line 54:

git clone lightwave.sugarlabs.org:/var/lib/bind/etc/bind ns

−

Do not checkout the repository as root. Your user on [[Machine:lightwave]] needs to be in group hostmaster.

+

Do not checkout the repository as root. Your user on [[Machine/lightwave]] needs to be in group hostmaster.

In order to make changes, you will also need the private keys for your domain. For security reasons, these

Line 85: Line 88:

* watch BIND's log file to ensure there are no errors and slaves are actually transferring the changed zones

−

~~== Implementation details ==~~

+

For other domains hosted on Sugar Labs infrastructure (such as eg. somosazucar.org) use:

−

* We use a detached working directory to allow the automatic checkout to work (see post-receive hook below). ~~The git repository is in <code>~~/var/lib/bind/etc/bind.git</code> and the working directory lives in <code>/var/lib/bind/etc/bind</code>. <code>/etc/bind</code> is a symlink to the working directory (<code>/var/lib/bind/etc/bind</code>).

+

./update-zone somosazucar.org

−

* The git config file is as follows:

+

This will check the zone before pushing.

−

~~[core]~~

+

== GIT repository implementation details ==

−

~~repositoryformatversion~~ = 0

−

~~filemode~~ = ~~true~~

−

~~bare~~ = ~~false~~

−

~~sharedRepository~~ = ~~true~~

−

~~logallrefupdates = true~~

−

~~worktree = /etc/bind~~

−

~~[receive]~~

−

~~denycurrentbranch = ignore~~

−

~~[hooks]~~

−

~~mailinglist = systems-logs@...~~

−

~~emailprefix = "[DNS] "~~

−

~~showrev = "git show -C %s; echo"~~

−

* /var/lib/bind/etc/bind.git/~~description contains~~ the ~~repository description "Sugar Labs DNS zone data"~~

+

We use a detached working directory to allow the automatic checkout to work (see post-receive hook below). The git repository is in <code>/var/lib/bind/etc/bind.git</code> and the working directory lives in <code>/var/lib/bind/etc/bind</code>. <code>/etc/bind</code> is a symlink to the working directory (<code>/var/lib/bind/etc/bind</code>).

−

* We use a post-receive hook to checkout the zones to the local sandbox and make BIND reload them:

−

#!/~~bin~~/~~bash~~

−

/~~bin~~/~~bash~~ /~~usr~~/~~share~~/~~doc~~/~~git-core~~/~~contrib/hooks/post-receive-email~~

−

~~git checkout -f~~

−

~~tail -n0 -f~~ /var/~~log~~/~~daemon.log &~~

−

/etc/~~init~~.~~d/bind9 reload~~

−

~~sleep 3~~

+

See [[Sysadmin/Autocheckout repositories]] for all the implementation details.

== DNSSEC details ==

=== How to create keys for a new domain ===

+

cd keys

dnssec-keygen -r/dev/random -a RSASHA1 -b 1024 -n ZONE codewiz.org

dnssec-keygen -r/dev/random -f KSK -a RSASHA1 -b 1280 -n ZONE codewiz.org

+

(the above commands take a very long time!)

=== How to manually sign a zone ===

Bernie

Bureaucrats, Check users, Administrators

1,764

edits

Changes

Service/Nameservers (view source)

Revision as of 17:16, 5 December 2017

Navigation menu

Search