DNS setup

The old djbdns setup is being replaced with a BIND based system.

The key points (and differences to the former system) are as follows

1. Server names: dns0.lokun.is and dns1.lokun.is .
2. DNS servers both serve as DNS caches to VPN clients and as resolvers for the lokun.is domain
3. The resolver is dynamically updated with info from record. Currently via the REST api, but there have been experiments with using ZeroMQ.
4. Zones such as netflix.com are being overridden and directed through a US based proxy

Setup

1. Install from apt and pip

   # sudo apt-get install bind9 python-pip python-dev
   # pip install requests
   

2. Create log/ and dns/ in /srv/. Get the updatebind.py script from lokun (private) repo and store in /srv/dns, also include config.py and fill out accordingly.

   # mkdir /srv/dns /srv/log
   # cp lokun/dns/updatebind.py lokun/dns/config.py /srv/dns 
   

3. Create the zone file and named.conf.options

   # python /srv/dns/updatebind.py --update-zone --update-named-conf-options
   # /etc/init.d/bind9 restart
   

4. Copy the files to override zones from the private repo; db.override for the override zone itself and named.conf.local for mapping domains to the override zone. Place them in /etc/bind

   # cp lokun/dns/db.override lokun/dns/named.conf.local /etc/bind
   # /etc/init.d/bind restart
   

   IMPORTANT: Remember to adjust the IP address in for the NS record (should be the IP of the DNS server) and for the A record (proxy server)

   There are on secrets to this, see Tunlr-Clone if you want your own.

5. Put the following lines in cronjob:

   */5 * * * * /usr/bin/python /srv/dns/updatebind.py --update-zone -r > /dev/null
   20 4 * * * /usr/bin/python /srv/dns/updatebind.py --update-named-conf-options > /dev/null
   

6. Update the following files to reflect the IP or FQDN of the current system

   • /etc/resolv.conf
   • /etc/bind/db.override
   • /etc/mailname
   • /etc/hosts

7. Restart bind

   # /etc/init.d/bind9 restart