Bind to TinyDNS + Sync to External DNS [Howto]

[SIZE=2]We were always looking for a solution to have at least one secondary DNS server with all zones of all our servers. So that mail wouldn’t get lost or to prevent that domains would end up in a blacklist because they do not resolv while a server is down.[/SIZE]

[SIZE=2]Well, I found a couple of things and it’s working perfectly at the moment, so I figured, “why don’t I share this and maybe somebody can improve it”.[/SIZE]

[SIZE=2]Note that this script needs some improvement here and there, so feel free to modify it and make it better. Also be nice and share your findings with us. Thanks![/SIZE]

[SIZE=2]First (like what gethosted said in his howto):[/SIZE]
[SIZE=2]Warning: This HOWTO and related scripts are provided with absolutely positively no warranty. Any damage they do to your system we are indeed sorry for, however we cannot be held liable. Proceed at your own risk…(it really isn’t that bad).[/SIZE]
[SIZE=2]Make backups of your original zone files![/SIZE]

[SIZE=2]Note that this works and is tested with Bind on Ensim Pro servers. We use it together with a sec. DNS server that also has the zones of all our interworx servers. The steps with scripts that might need some modification are RED.[/SIZE]

[SIZE=2]Everything that has to be done on the External Secondary DNS box are marked with a green (Sec. DNS) in the step, everything else has to be done on the Bind box.[/SIZE]

[SIZE=2]You have to be root to use this howto![/SIZE]

[SIZE=3]Step #1 (Sec. DNS):[/SIZE]
[SIZE=2]First you will have to install TinyDNS on a external server (or use your InterWorx server, not covered in this howto, maybe somebody else can cover this).[/SIZE]
[SIZE=2]You can do this very easily by following this howto:[/SIZE]

[SIZE=2]If you are going to use this script, you will have to make the map “/etc/tinydns/root/zones”[/SIZE]

[SIZE=3]Step #2 (Sec. DNS):[/SIZE]
[SIZE=2]You can skip this step, we won’t be using gethosted’s script since it is too time consuming to export all the zones for the domains which we have our InterWorx boxes.[/SIZE]

[SIZE=2]After that you can use gethosted’s howto to sync your TinyDNS data to the external Secondary DNS server:[/SIZE]

[SIZE=2]You will have to modify gethosted’s script a bit if you want to get it to work with my solution. I won’t cover that here. Maybe somebody else wants to cover that, give me a PM I will add it to this howto![/SIZE]

[SIZE=3]Step #3:[/SIZE]
[SIZE=2]Since we have a couple of InterWorx servers and are stuck with some Ensim servers (and no it’s not easier to migrate all the sites to InterWorx), I had to find a solution to convert the Bind data to TinyDNS data. You will have to download the a tar.gz file (which can be downloaded here: [/SIZE][SIZE=2][/SIZE][SIZE=2] you’ll need “bind-to-tinydns”).[/SIZE]

[SIZE=2]So download the script to your server using bind:[/SIZE]


[SIZE=2]Now untar it:[/SIZE]

[SIZE=2]tar xzvf bind-to-tinydns-0.4.3.tar.gz[/SIZE]

[SIZE=2]Go to the just created map with the bind-to-tinydns files:[/SIZE]

[SIZE=2]cd bind-to-tinydns-0.4.3[/SIZE]

[SIZE=2]Compile it:[/SIZE]


[SIZE=2]So now we have the bind-to-tinydns binary.[/SIZE]
[SIZE=2]You can test if it works by doing this:[/SIZE]

[SIZE=2]./bind-to-tinydns example-bind-zone.db foo foo1.tmp < example-bind-zone.db[/SIZE]

[SIZE=2]This will create the tinyDNS data file “foo” out of the “example-bind-zone.db”[/SIZE]

[SIZE=2]Check the content of the foo file:[/SIZE]

[SIZE=2]cat foo[/SIZE]

[SIZE=2]And it should look like this:[/SIZE]


[SIZE=2]OK, now this is working, proceed to the following step![/SIZE]

[SIZE=3]Step #4:[/SIZE]
[SIZE=2]Now we are going to create some maps (you can choose to use a different location):[/SIZE]

[SIZE=2]mkdir /root/scripts[/SIZE]
[SIZE=2]mkdir /root/scripts/bind-to-tinydns[/SIZE]
[SIZE=2]mkdir /root/scripts/bind-to-tinydns/zones[/SIZE]
[SIZE=2]mkdir /root/scripts/bind-to-tinydns/tmp[/SIZE]
[SIZE=2]mkdir /root/scripts/bind-to-tinydns/zones-named[/SIZE]

[SIZE=2]Then copy the bind-to-tinydns binary:[/SIZE]

[SIZE=2]cp bind-to-tinydns /root/scripts/bind-to-tinydns/[/SIZE]

[SIZE=3]Step #5:[/SIZE]
[SIZE=2]Now we are going to create the script that we are using:[/SIZE]

[SIZE=2]nano /root/scripts/bind-to-tinydns/[/SIZE]

[SIZE=2]And then we fill it with the script ;):[/SIZE]

[SIZE=2]BINDTOTINYDNSPATH=/root/scripts/bind-to-tinydns  #bind-to-tinydns path, note lack of /[/SIZE]
[SIZE=2]NAMEDPATH=/var/named      #path to your bind/named db files, note lack of /[/SIZE]
[SIZE=2]EXCLUDE=".jnl|webxtra"      #db files we want to exclude, for shure the .jnl files and maybe some zones, for us the “webxtra” zones, since they are simply created on these servers because we had to ;-)[/SIZE]
[SIZE=2]cd $BINDTOTINYDNSPATH      #change to bind-to-tinydns path[/SIZE]
[SIZE=2]rm -f data-local      #delete the tinyDNS data-local file in $BINDTOTINYDNSPATH[/SIZE]
[SIZE=2]rm -f tmp/*       #delete tmp files in $BINDTOTINYDNSPATH/tmp[/SIZE]
[SIZE=2]rm -f zones-named/*      #delete named/bind db files in $BINDTOTINYDNSPATH/zones-named[/SIZE]
[SIZE=2]rm -f zones/*        #delete tinyDNS zone data in $BINDTOTINYDNSPATH/zones[/SIZE]
[SIZE=2]#Now we are going to create a script to copy the original bind zones-named/db files to $BINDTOTINYDNSPATH/zones-named[/SIZE]
[SIZE=2]ls -1 $NAMEDPATH/db.* | grep -Ev "$EXCLUDE" | awk '{print "cp "$1" zones-named/"}' > tmp/[/SIZE]
[SIZE=2]sh tmp/     #copy all bind zones/db files to $BINDTOTINYDNSPATH/zones-named[/SIZE]
[SIZE=2]cd $BINDTOTINYDNSPATH/zones-named    #change to $BINDTOTINYDNSPATH/zones-named[/SIZE]
[SIZE=2]#create the script. This script will convert the bind zones/db files to tinyDNS data[/SIZE]
[SIZE=2]ls -1 db.* | grep -Ev "$EXCLUDE" | sed -e 's/db.//' | awk '{print "./bind-to-tinydns "$1" zones/data-"$1" tmp/data-"$1".tmp < zones-named/db."$1}' > ../tmp/[/SIZE]
[SIZE=2]cd $BINDTOTINYDNSPATH      #change to bind-to-tinydns path[/SIZE]
[SIZE=2]sh tmp/  [/SIZE][SIZE=2]# convert the bind zones/db files to tinyDNS data[/SIZE]
[SIZE=2]cat zones/data* >> data-local #merge all tinyDNS zone data in one file[/SIZE]
[SIZE=2]#scp/rsync code can be below here[/SIZE]

[SIZE=2]Test your script![/SIZE]


[SIZE=2]The scripts will end after a few seconds, your bind zones/db files should be copied in the zones-named map and your tinyDNS zone files should be created in the zones map.[/SIZE]
[SIZE=2]Check it![/SIZE]

[SIZE=2]ls zones-named/[/SIZE]
[SIZE=2]ls zones/[/SIZE]

[SIZE=2]Now check if the bind and tinyDNS zones have the same data (not the same, but you know what I mean):[/SIZE]

[SIZE=2]cat zones-named/db.domain.tld[/SIZE]
[SIZE=2]cat zones/domain.tld[/SIZE]

EDIT: Step 3: bind2tinydns --> bind-to-tinydns

[SIZE=2]post was to big :smiley: [/SIZE]

[SIZE=3]Step #6:[/SIZE]
[SIZE=2]Now we have to copy our tinyDNS data from our bind boxes(s) and your Iworx boxe(s), we are going to use rsync for this.[/SIZE]
[SIZE=2]First create and test keys with this howto: [/SIZE][SIZE=2][/SIZE]

[SIZE=3]Step #7:[/SIZE]
[SIZE=2]Now you have created the RSA keys etc, we are going to test if it works for you bind boxe(s):[/SIZE]

[SIZE=2]rsync -avz -e "ssh -i /home/thisuser/cron/thishost-rsync-key" /root/scripts/bind-to-tinydns/data-local remoteuser@remotehost:/etc/tinydns/root/zones/data-111.222.333.444[/SIZE]

[SIZE=2]111.222.333.444 should be the IP of your bind server[/SIZE]

[SIZE=2]OK, now this works, add the code to the bottom of your /root/scripts/bind-to-tinydns/ script.[/SIZE]

[SIZE=2]For your Iworx boxe(s) you only have to create your RSA keys and t[/SIZE][SIZE=2]est if it works by doing this:[/SIZE]

[SIZE=2]rsync -avz -e "ssh -i /home/thisuser/cron/thishost-rsync-key" [/SIZE][SIZE=2]/usr/local/interworx/var/lib/dns/data [EMAIL="remoteuser@remotehost:/etc/tinydns/root/zones/data-"]remoteuser@remotehost:/etc/tinydns/root/zones/data-[/EMAIL] >> /dev/null[/SIZE]

[SIZE=2] should be the IP of your Iworx server[/SIZE]
[SIZE=2]Then add the above code to your crontab:[/SIZE]

[SIZE=2]crontab -e[/SIZE]

[SIZE=2]Add the following code:[/SIZE]

[SIZE=2][FONT=Verdana]*/1 * * * * rsync -avz -e "ssh -i /home/thisuser/cron/thishost-rsync-key" /usr/local/interworx/var/lib/dns/data remoteuser@remotehost:/etc/tinydns/root/zones/data-[/SIZE]

[SIZE=2] should be the IP of your Iworx server[/SIZE]

[SIZE=2]Test it!:[/SIZE]

[SIZE=2]sh /root/scripts/bind-to-tinydns/[/SIZE]

[SIZE=2]No errors? So far so good.[/SIZE]

[SIZE=2]Now we add it to the crontab on our bind server:[/SIZE]

[SIZE=2]crontab –e[/SIZE]

[SIZE=2]And then insert the following to do a 1 min. sync of the tinyDNS data to the external Secondary DNS server:[/SIZE]

[SIZE=2]*/1 * * * * sh /root/scripts/bind-to-tinydns/[/SIZE]

[SIZE=3]Step #8 (Sec. DNS):[/SIZE]
[SIZE=2]SSH to your external secondary DNS server and create the script:[/SIZE]

[SIZE=2]nano /root/[/SIZE]

[SIZE=2]The content is the following:[/SIZE]

[SIZE=2]# concatenates individual tinydns zone files into single "data" file.[/SIZE]
[SIZE=2]export PATH[/SIZE]
[SIZE=2]cd /etc/tinydns/root[/SIZE]
[SIZE=2]cat << EOF > data[/SIZE]
[SIZE=2]# This is an automatically generated file.[/SIZE]
[SIZE=2]# If you wish to change the contents please edit the files in[/SIZE]
[SIZE=2]# /etc/tinydns/root/zones[/SIZE]
[SIZE=2]cat zones/* >> data[/SIZE]
[SIZE=2]# could do an rsync here[/SIZE]

[SIZE=2]Test it![/SIZE]

[SIZE=2]sh /root/[/SIZE]

[SIZE=2]Everything OK?[/SIZE]

[SIZE=2]Then add it to the crontab:[/SIZE]

[SIZE=2]crontab -e[/SIZE]

[SIZE=2]And insert this to update the DNS every 1 min.:[/SIZE]

[SIZE=2]*/1 * * * * sh /root/[/SIZE]

[SIZE=3]Step #9:[/SIZE]
[SIZE=2]OK, now we are going to test it. Create a zone on your bind box for a domain and make your bind box the primary dns server and your external secondary dns server your secondary dns.[/SIZE]
[SIZE=2]The domain can be a fake domain like or something.[/SIZE]

[SIZE=2]Then go to: [/SIZE][SIZE=2][/SIZE]

[SIZE=2]Fill in your test domain your nameservers and the IPs.[/SIZE]
[SIZE=2]Wait a few seconds and see if it’s OK.[/SIZE]

[SIZE=2]Note that everything is OK when you only get this error (this is something which is required for the .de TLD but is usually OK for other TLDs) :[/SIZE]
[SIZE=2]Server doesn’t listen/answer on port 53 for TCP protocol[/SIZE]

[SIZE=2](By the way, does anybody know how to solve this?)[/SIZE]

[SIZE=2]Repeat Step#9 for your iworx box.[/SIZE]

[SIZE=2]Well, that’s it. If anybody has improvements etc. feel free to post them here and I will modify this HowTo.[/SIZE]