This forum post serves as a companion (pre-cursor) to the article “Syncing Interworx With External DNS Servers [HOWTO]”:
What a wise man Gethosted was with the line:
“Visit: http://cr.yp.to/djbdns/run-server.html for the exact step by step instructions on installing tinydns.”
For the rest of us, I’m posting a Linux-neophyte’s plight of how to do exactly that – hopefully saving you a few moments, erm … hours <cough … sputter … > days work.
(<— brain mass desparately clinging to 524.5 grams).
*djbdns breaks the mold by not following the model (BIND) placed before it and creates (to this date) a security-flawless DNS server ($500 courtesy of Mr. Bernstein to prove otherwise). In doing so, there are a few standards he’s not following, which is fine … but does present a few errors during compile. Thankfully, some in the community have been nice enough to provide various patches to ease the pain. With these patches it is not necessary to apply the fixes that Dr. Bernstein recommends as these fixes are in the patch(es).
*The following tutorial has only been tested on CentOS 4.2 – fresh build(s) – minimal install. I imagine any of you RedHat and/or Fedora folks will find this familiar ground.
<standard disclaimer>You may hose your entire box by simply reading this material.</standard disclaimer>
*This article assumes you are building a DNS server independent of an Interworx installation from scratch to which you’d like to (eventually) copy your zone files from the/several Interworx boxes to serve as a redundant DNS server.
*As you’ve probably found out by now, there are 3 packages you need to complete the install of djbdns. What you may have not known is that they all need patched prior to successfully compiling/installing/running (at least, on CentOS 4.2). There are more patches than you need in the .tgz below – we’ll only be using what are required.
FWIW – I’m plagarizing … stealing, borrowing and reprinting other people’s work here. Other than the time spent, none of it is mine – except putting it all in one place.
// = When a line starts with these symbols: “//” it is a comment…Don’t type this on the command line…It is just me trying to help you understand a specifc command. (<— more of me stealing)
(Obviously, you can put these .tars/packages wherever you’d like them. Modify your pathing accordingly.)
//Create the following directories: mkdir /usr/local/djb/build mkdir /usr/local/djb/patches
Download and extract the three patches:
//get the patches: cd /usr/local/djb/patches //Download the following (small download, still ... be kind to his bandwidth .. :) ): wget http://www.thedjbway.org/patches/djb_errno_patches.tgz //Extract: tar -xzvf djb*.tgz //Several .patch files should output
Download and extract the three packages:
//Change directories and download the main packages: cd /usr/local/djb/build wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz wget http://cr.yp.to/djbdns/djbdns-1.05.tar.gz
Extract and patch each of the three packages:
(you should still be in the /usr/local/djb/build directory for all three of the following)
Extract and Patch ucspi:
//ucspi gunzip ucspi-tcp-0.88.tar tar -xf ucspi-tcp-0.88.tar cd ucspi-tcp-0.88 patch -p1 < ../../patches/ucspi-tcp-0.88.errno.patch //[output from patch...] patch -p1 < ../../patches/ucspi-tcp-0.88.a_record.patch //[output from patch...] patch -p1 < ../../patches/ucspi-tcp-0.88.nobase.patch //[output from patch...] make setup check ./install ./instcheck
Extract and Patch daemontools:
//daemontools gunzip daemontools-0.76.tar tar -xpf daemontools-0.76.tar rm daemontools-0.76.tar cd admin/daemontools-0.76 patch -p1 < ../../patches/daemontools-0.76.errno.patch //[output from patch...] package/install
Extract and Patch djbdns:
//djbdns gunzip djbdns-1.05.tar tar -xf djbdns-1.05.tar cd djbdns-1.05 patch -p1 < ../../patches/djbdns-1.05.errno.patch //[output from patch...] make make setup check ./install ./instcheck
Next, you’ll add the necessary user accounts and use the tinydns-conf script to create an installation based on the IP of your box:
xx.xx.xx.xx represents the IP address represented with the output of “ifconfig” on your box.
//create the group and users -- modify if needed groupadd -g 91 dns useradd -g 91 -u 91 -d /nonexistent -c "tinydns" -s /sbin/nologin Gtinydns useradd -g 91 -u 92 -d /nonexistent -c "tinydns" -s /sbin/nolodin Gdnslog //here the tinydns-conf script copies files and creates the useable IP-based installation cd /usr/local/bin tinydns-conf Gtinydns Gdnslog /etc/tinydns xx.xx.xx.xx
Once that’s done, you’ll set a symbolic link to the svcscan application to keep tinydns running if crashed:
//create the symbolic link of djbdns under the symbolic link of the svcscan application cd / ln -s /etc/tinydns /service //force us to be patient and wait for the service to start sleep 5 //check to make sure the service is running svstat /service/tinydns //should return something like "/service/tinydns: up (pid 24957) 4870 seconds"
You’re done (at least with this part). DJBDNS is installed, patched and running. You can now continue with the above mentioned article to get your zone files replicating from your Iworx servers to your redundant DNS server.