kiviak-install
Differences
This shows you the differences between two versions of the page.
| — |
kiviak-install [2015-02-07 20:55:28] (current) |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== Installation ====== | ||
| + | |||
| + | Install Bind, webserver with PHP and MySQL. For example on Debian: | ||
| + | |||
| + | <code>lighttpd php5-cgi mysql-server php5-mysql bind9</code> | ||
| + | |||
| + | ===== DNS ===== | ||
| + | |||
| + | Convince someone to forward a NS subdomain to you. For example: | ||
| + | <code> | ||
| + | dyn IN A your.ip.address | ||
| + | d IN NS dyn | ||
| + | </code> | ||
| + | |||
| + | ===== Configure Bind ===== | ||
| + | |||
| + | You need to configure a zone. If you don't have any, you can use example config files | ||
| + | |||
| + | * named.conf.local - zone inclusion | ||
| + | * zones.foo.master - zone specification | ||
| + | * d.brmlab.cz - example zone (of course change it to your needs) | ||
| + | |||
| + | After configuration, your nameserver should be able to respond to "A ahoj.d.brmlab.cz." query. | ||
| + | |||
| + | We need to generate a user key that we will sign the updates with (with this you can also securely update a remote DNS server). | ||
| + | |||
| + | <code>dnssec-keygen -a HMAC-SHA1 -b 160 -n USER some.email.address.</code> | ||
| + | |||
| + | Two files are generated, K*key and K*private. Take the key from the *key one and put it to zone declaration (zones.foo.master in our case) | ||
| + | |||
| + | ===== Configure dynamic updater ===== | ||
| + | |||
| + | Put scripts from the shell/ directory somewhere. Edit config.sh. | ||
| + | |||
| + | Try update with <code>echo test a 9.10.11.12 | bash -x bind_update.sh</code>. You should be then able to resolve "A test.your.domain." to 9.10.11.12. | ||
| + | |||
| + | On Debian I had a problem that the /etc/bind directory was not owned by the user under which bind is running, so bind was unable to perform the update | ||
| + | |||
| + | ===== Some security ===== | ||
| + | |||
| + | The key should not be world-readable. You can create a separate user, chown & chmod 600 the key and all the scripts and then use the example sudoers file to run the update under that user. | ||
| + | |||
| + | ===== Web frontend ===== | ||
| + | |||
| + | Create a MySQL database. I use [[http://www.adminer.org/|Adminer]] GUI, but if you want to go with the command line, it will be something like this | ||
| + | <code> | ||
| + | CREATE DATABASE `kiviak`; | ||
| + | |||
| + | CREATE USER 'kiviak'@'localhost' IDENTIFIED BY PASSWORD 'XXXYYY'; | ||
| + | GRANT ALL PRIVILEGES ON `kiviak`.* TO 'kiviak'@'localhost'; | ||
| + | </code> | ||
| + | Then execute schema.sql to create the table. | ||
| + | |||
| + | Point your webserver to files in web/ folder. These files don't have to be writable by the webserver. | ||
| + | |||
| + | Edit config.php to reflect your environment. | ||
| + | |||
| + | Enjoy. | ||
| + | |||
| + | ===== Misc. ===== | ||
| + | |||
| + | The delete.php script deletes hostnames that have not been updated for more than a month. You can add it to your crontab. | ||
kiviak-install.txt ยท Last modified: 2015-02-07 20:55:28 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
