Slackware-13.1 - djbdns ======================= Public domain ******************************************************************************** ### daemontools installation [daemontools original download link](http://cr.yp.to/daemontools/daemontools-0.76.tar.gz) [daemontools patch original download link](http://www.qmail.org/moni.csi.hu/pub/glibc-2.3.1/daemontools-0.76.errno.patch) mkdir -p /usr/local/daemontools/{package,command,service} ln -sfn /usr/local/daemontools/command /command ln -sfn /usr/local/daemontools/service /service cd /usr/src wget -c "http://pmoghadam.com/homepage/Pages/Deposit/Source-packages/daemontools-0.76.tar.gz" wget -c "http://pmoghadam.com/homepage/Pages/Deposit/Patches/daemontools-0.76.errno.patch" tar -C /usr/local/daemontools/package -zxpf daemontools-0.76.tar.gz cd /usr/local/daemontools/package/admin/daemontools-0.76 patch -p1 < /usr/src/daemontools-0.76.errno.patch package/install if ! grep -q svscanboot /etc/inittab then echo "SV:123456:respawn:/command/svscanboot" >> /etc/inittab fi init q ps auxw | grep svs ******************************************************************************** ### ucspi-tcp installation [ucspi-tcp original download link](http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz) [ucspi-tcp patch original download link](http://www.qmail.org/moni.csi.hu/pub/glibc-2.3.1/ucspi-tcp-0.88.errno.patch) cd /usr/src wget -c "http://pmoghadam.com/homepage/Pages/Deposit/Source-packages/ucspi-tcp-0.88.tar.gz" wget -c "http://pmoghadam.com/homepage/Pages/Deposit/Patches/ucspi-tcp-0.88.errno.patch" tar zxf ucspi-tcp-0.88.tar.gz cd ucspi-tcp-0.88 patch -p1 < ../ucspi-tcp-0.88.errno.patch make make setup check ******************************************************************************** ### djbdns installation [djbdns original download link](http://cr.yp.to/djbdns/djbdns-1.05.tar.gz) [djbdns patch original download link](http://www.qmail.org/moni.csi.hu/pub/glibc-2.3.1/djbdns-1.05.errno.patch) cd /usr/local/daemontools/package wget -c "http://pmoghadam.com/homepage/Pages/Deposit/Source-packages/djbdns-1.05.tar.gz" wget -c "http://pmoghadam.com/homepage/Pages/Deposit/Patches/djbdns-1.05.errno.patch" wget -c "http://pmoghadam.com/homepage/Pages/Deposit/Patches/djbdns-1.05.security.patch" tar zxf djbdns-1.05.tar.gz cd djbdns-1.05 patch -p1 < ../djbdns-1.05.errno.patch patch -p1 < ../djbdns-1.05.security.patch make make setup check ******************************************************************************** ### Checking DNS communication dnsq a www.aol.com 192.203.230.10 dnsq a www.aol.com 192.48.79.30 ******************************************************************************** ### Caching-Recursive name server [named.root local copy 2011060800](http://pmoghadam.com/homepage/Pages/Deposit/DNS-Roots/named.root) [dnsroots.global local copy 2011060800](http://pmoghadam.com/homepage/Pages/Deposit/DNS-Roots/dnsroots.global) mkdir -p /usr/local/djbdns groupadd dns useradd dnscache -g dns -d /usr/local/djbdns -s /bin/false useradd dnslog -g dns -d /usr/local/djbdns -s /bin/false dnscache-conf dnscache dnslog /usr/local/djbdns/dnscache 172.16.20.2 wget ftp://ftp.internic.net/domain/named.root -q -O - | grep ' A ' | awk '{print$4}' > /etc/dnsroots.global /bin/cp /etc/dnsroots.global /usr/local/djbdns/dnscache/root/servers/@ ln -sfn /usr/local/djbdns/dnscache /service/dnscache sleep 5 echo 2000000000 > /service/dnscache/env/CACHESIZE echo 2147483648 > /service/dnscache/env/DATALIMIT svc -t /service/dnscache sleep 5 svstat /service/dnscache touch /usr/local/djbdns/dnscache/root/ip/172.16.20 ps -A | grep dnscache ps auxw | grep dnscache ******************************************************************************** ### How to adjust the cache size [http://cr.yp.to/djbdns/cachesize.html](http://cr.yp.to/djbdns/cachesize.html) By default, dnscache uses 1 megabyte of memory for its cache. You can restart it with a 100-megabyte cache as follows: echo 100000000 > /service/dnscache/env/CACHESIZE echo 104857600 > /service/dnscache/env/DATALIMIT svc -t /service/dnscache dnscache services created with djbdns 1.00 or earlier do not have the /env directory. Instead edit /service/dnscache/run; change CACHESIZE=1000000 to CACHESIZE=100000000 and -d3000000 to -d104857600. ### Measuring the effects of the cache size dnscache frequently logs a stats line in /service/dnscache/log/main/current. The second number after stats on the line is the __cache motion__ . The cache motion is the number of bytes of cache entries that have been written to the cache since dnscache started. Look at this number now, and again in 24 hours; subtract to see the 1-day cache motion. (Or extrapolate, using ps to see how long the dnscache process has been running.) Now divide the cache size by the 1-day cache motion: * 0.01: The cache cycle time is roughly 15 minutes. Almost all DNS records have larger TTL (``time to live'') settings; they could be cached longer if the cache were larger. * 0.1: The cache cycle time is roughly 2 hours. This is above the AOL address TTL, but it's below the TTL of most records. * 1: The cache cycle time is roughly 1 day. There's still some benefit to a larger cache. * 10: The cache cycle time is over a week. This leaves ample room for growth; the maximum common TTL is 3 days. dnscache won't save records for more than a week in any case. Another way to measure cache effectiveness is to divide the cache motion by the query count, which is the first number after stats. When the cache is very large, this ratio will be at its minimum possible value, measuring unavoidable DNS traffic; when the cache is too small, the ratio is too high. If you're switching from BIND to dnscache, you might be tempted to look at BIND's memory use, and set the dnscache cache size to the same amount. In most cases this is excessive. ******************************************************************************** ### /etc/resolv.conf nameserver 172.16.20.2 ******************************************************************************** ### dnscache check dnsip www.google.com tail -f /service/dnscache/log/main/current ******************************************************************************** ### /usr/local/djbdns/dnscache/log/run #!/bin/sh exec setuidgid dnslog multilog t s10485760 n100 '-* cached *' '-* rr *' '-* tx *' ./main ******************************************************************************** ### /etc/rc.d/rc.dns #!/bin/sh case "$1" in start) echo "Starting DJB dnscache" if svok /service/dnscache ; then svc -u /service/dnscache else echo dnscache service not running fi ;; stop) echo "Stopping DJB dnscache" svc -d /service/dnscache ;; status) svstat /service/dnscache svstat /service/dnscache/log ;; reload) echo "Reloading DJB dnscache" svc -h /service/dnscache ;; restart) echo "Restarting DJB dnscache" svc -d /service/dnscache svc -u /service/dnscache ;; *) echo "Usage: $0 {start|stop|restart|reload|status}" ;; esac ******************************************************************************** ### set execute mode chmod +x /etc/rc.d/rc.dns ******************************************************************************** ### Restarting dnscache log process svc -t /service/dnscache/log ******************************************************************************** ### crontab -e # DNS cache motion 00 10 * * * /bin/grep stats /service/dnscache/log/main/current | /bin/tail -n 1 >> /root/dnscache-motion ******************************************************************************** ### controling services using svc [`svc`](http://cr.yp.to/daemontools/svc.html) controls services monitored by [`supervise`](http://cr.yp.to/daemontools/supervise.html). #### Interface svc opts services *`opts`* is a series of getopt-style options. *`services`* consists of any number of arguments, each argument naming a directory used by `supervise`. `svc` applies all the options to each service in turn. Here are the options: * `-u`: Up. If the service is not running, start it. If the service stops, restart it. * `-d`: Down. If the service is running, send it a TERM signal and then a CONT signal. After it stops, do not restart it. * `-o`: Once. If the service is not running, start it. Do not restart it if it stops. * `-p`: Pause. Send the service a STOP signal. * `-c`: Continue. Send the service a CONT signal. * `-h`: Hangup. Send the service a HUP signal. * `-a`: Alarm. Send the service an ALRM signal. * `-i`: Interrupt. Send the service an INT signal. * `-t`: Terminate. Send the service a TERM signal. * `-k`: Kill. Send the service a KILL signal. * `-x`: Exit. `supervise` will exit as soon as the service is down. If you use this option on a stable system, you're doing something wrong; `supervise` is designed to run forever. ******************************************************************************** #### dns checking tools # dnsip www.yahoo.com www.aol.com 69.147.76.15 64.12.244.203 64.12.190.33 64.12.245.203 64.12.190.1 # dnsname 69.147.76.15 64.12.244.203 f1.www.vip.re1.yahoo.com www-cs-bmtc-a.evip.aol.com # dnsipq ns1 ns2 ns1.zanjannetworks.com 80.191.195.34 ns2.zanjannetworks.com 80.191.195.34 # dnsmx yahoo.com 1 e.mx.mail.yahoo.com 1 f.mx.mail.yahoo.com 1 g.mx.mail.yahoo.com 1 a.mx.mail.yahoo.com 1 b.mx.mail.yahoo.com 1 c.mx.mail.yahoo.com # dnstxt pejman.sohanet.zanjannetworks.com Pejman Moghadam (valid types : any, a, ns, mx, ptr, txt, cname, soa, hinfo, rp, sig, key, aaaa, axfr) # dnsqr ns yahoo.com 2 yahoo.com: 153 bytes, 1+7+0+0 records, response, noerror query: 2 yahoo.com answer: yahoo.com 172425 NS ns4.yahoo.com answer: yahoo.com 172425 NS ns3.yahoo.com answer: yahoo.com 172425 NS ns2.yahoo.com answer: yahoo.com 172425 NS ns5.yahoo.com answer: yahoo.com 172425 NS ns6.yahoo.com answer: yahoo.com 172425 NS ns8.yahoo.com answer: yahoo.com 172425 NS ns1.yahoo.com # dnsqr ptr 15.76.147.69.in-addr.arpa 12 15.76.147.69.in-addr.arpa: 81 bytes, 1+1+0+0 records, response, noerror query: 12 15.76.147.69.in-addr.arpa answer: 15.76.147.69.in-addr.arpa 295 PTR f1.www.vip.re1.yahoo.com # dnsq a tender.tavanir.org.ir 217.218.41.197 1 tender.tavanir.org.ir: 141 bytes, 1+2+2+2 records, response, authoritative, noerror query: 1 tender.tavanir.org.ir answer: tender.tavanir.org.ir 604800 CNAME www.tavanir.org.ir answer: www.tavanir.org.ir 604800 A 217.218.41.214 authority: tavanir.org.ir 604800 NS ns2.tavanir.org.ir authority: tavanir.org.ir 604800 NS ns1.tavanir.org.ir additional: ns1.tavanir.org.ir 604800 A 10.32.242.10 additional: ns2.tavanir.org.ir 604800 A 10.32.242.11 ******************************************************************************** ### OpenNicProject.org Migration #### 58.6.115.45 58.6.115.46 [Tier 2 Status Report](http://wiki.opennicproject.org/Tier2Status) dnsq ns . 58.6.115.46 | grep -iv ns0.opennic.glue | awk '{ if (/^additional/) print $5}' | egrep -v '\\' > /tmp/opennic cat /tmp/opennic /bin/cp /tmp/opennic /usr/local/djbdns/dnscache/root/servers/glue /bin/cp /tmp/opennic /usr/local/djbdns/dnscache/root/servers/indy /bin/cp /tmp/opennic /usr/local/djbdns/dnscache/root/servers/geek /bin/cp /tmp/opennic /usr/local/djbdns/dnscache/root/servers/null /bin/cp /tmp/opennic /usr/local/djbdns/dnscache/root/servers/oss /bin/cp /tmp/opennic /usr/local/djbdns/dnscache/root/servers/parody /bin/cp /tmp/opennic /usr/local/djbdns/dnscache/root/servers/bbs /bin/cp /tmp/opennic /usr/local/djbdns/dnscache/root/servers/fur /bin/cp /tmp/opennic /usr/local/djbdns/dnscache/root/servers/free /bin/cp /tmp/opennic /usr/local/djbdns/dnscache/root/servers/ing /bin/cp /tmp/opennic /usr/local/djbdns/dnscache/root/servers/gopher svc -t /service/dnscache dnsip www.opennic.glue ******************************************************************************** ### OpenNic bookmarks [http://en.wikipedia.org/wiki/OpenNIC](http://en.wikipedia.org/wiki/OpenNIC) [http://en.wikipedia.org/wiki/Alternative_DNS_root](http://en.wikipedia.org/wiki/Alternative_DNS_root) [http://www.opennicproject.org/index.php/start-here/51-migrate-to-opennic/75-public-dns](http://www.opennicproject.org/index.php/start-here/51-migrate-to-opennic/75-public-dns) [http://www.opennicproject.org/index.php/howtos/72-running-an-opennic-teir-2](http://www.opennicproject.org/index.php/howtos/72-running-an-opennic-teir-2) [http://opennicproject.org/index.php/howtos/48-tier-2-howto](http://opennicproject.org/index.php/howtos/48-tier-2-howto) [http://wiki.opennic.glue/HomePage](http://wiki.opennic.glue/HomePage) [http://wiki.opennic.glue/TLDPolicy](http://wiki.opennic.glue/TLDPolicy) ******************************************************************************** ### Authoritative-only name server mkdir -p /usr/local/djbdns groupadd tinydns useradd tinydns -g tinydns -d /usr/local/djbdns -s /bin/false useradd tinydnslog -g tinydns -d /usr/local/djbdns -s /bin/false tinydns-conf tinydns tinydnslog /usr/local/djbdns/tinydns 172.16.20.2 cd /usr/local/djbdns/tinydns/root ./add-ns example.org 172.16.20.2 ./add-ns 20.16.172.in-addr.arpa 172.16.20.2 ./add-host challenger.example.org 172.16.20.1 ./add-alias www.example.org 172.16.20.1 ******************************************************************************** ### /usr/local/djbdns/tinydns/root/data ################################################################################ # Documentation: http://cr.yp.to/djbdns/tinydns-data.html ################################################################################ # # SOA Record # Zfqdn:mname:rname:ser:ref:ret:exp:min:ttl:timestamp:lo # mname: primary name server # rname: contact address # ser: serial number (default: the modification time of the data file) # ref: refreshtime (default: 16384 seconds / 04:33:04) # ret: retry time (default: 2048 seconds / 00:34:08) # exp: expire time (default: 1048576 seconds / 12 day 03:16:16) # min: minimum time (default: 2560 seconds / 00:42:40) # # NS Record # .fqdn:ip:x:ttl:timestamp:lo # x: NS record # # A Record # +fqdn:ip:ttl:timestamp:lo # # MX Record # @fqdn:ip:x:dist:ttl:timestamp:lo # x: mx record # dist: distance (default: 0) # # General example .example.org:172.16.20.2:ns1.example.org:259200 .20.16.172.in-addr.arpa:172.16.20.2:ns1.example.org:259200 =challenger.example.org:172.16.20.1:86400 +www.example.org:172.16.20.1:86400 ^*.20.16.172.in-addr.arpa:ip.example.org # SOA Records Zexample.org:ns1.example.org:hostmaster.example.org:2010041800:16384:2048:1814400:3600 Z20.16.172.in-addr.arpa:ns1.example.org:hostmaster.example.org:2010041800:16384:2048:1814400:3600 # NS Records .example.org::ns1.example.org:259200 .example.org::ns2.example.org:259200 .20.16.172.in-addr.arpa::ns1.example.org:259200 .20.16.172.in-addr.arpa::ns2.example.org:259200 .230.168.192.in-addr.arpa::ns1.example.org:259200 .230.168.192.in-addr.arpa::ns2.example.org:259200 # PTR Records ^*.230.168.192.in-addr.arpa:ip.example.org:86400 ^*.20.16.172.in-addr.arpa:ip.example.org:600 ^79.20.16.172.in-addr.arpa:mail.example.org:60 # MX Records @example.org::mail.example.org::259200 # Host Records =ns1.example.org:172.16.20.50:600 =ns2.example.org:172.16.160.27:600 =tailor.example.org:10.20.30.40:600 +example.org:10.20.30.40:60 +www.example.org:10.20.30.40:60 # domain: example.net Zexample.net:ns1.zanjannetworking.com:hostmaster.zanjannetworking.com:2012061500:16384:2048:1814400:600 .example.net::ns1.zanjannetworking.com:600 .example.net::ns2.zanjannetworking.com:600 @example.net::mail.example.net::600 =example.net:192.168.166.123:600 +www.example.net:192.168.166.123:600 +ftp.example.net:192.168.166.123:600 +mail.example.net:192.168.166.123:600 +cpanel.example.net:192.168.166.123:600 +whm.example.net:192.168.166.123:600 +webmail.example.net:192.168.166.123:600 +webdisk.example.net:192.168.166.123:600 # Other records (MX test) #'example.net:v=spf1\040ip4\072192.168.166.111\040-all:60 #:example.net:99:\035v=spf1\040ip4\072192.168.166.111\040-all:60 #"v=spf1 ip4:192.168.71.111 -all" #'example.net:v=spf1\040ip4\072192.168.166.111\040-all:60 #'example.net:v=spf1\040mx\040ip4\072192.168.166.111\040mx\072mail.example.net\040-all:60 #:example.net:99:\072v=spf1\040mx\040ip4\072192.168.166.111\040mx\072mail.example.net\040-all:60 ******************************************************************************** ### Start tinydns cd /usr/local/djbdns/tinydns/root make ln -sfn /usr/local/djbdns/tinydns /service/tinydns sleep 5 svstat /service/tinydns ps -A | grep tinydns ps auxw | grep tinydns ******************************************************************************** ### Restart tinydns svc -t /service/tinydns sleep 5 svstat /service/tinydns ******************************************************************************** ### Check tinydns tinydns-get a www.example.org tinydns-get ptr 1.20.16.172.in-addr.arpa. dnsq a www.example.org 172.16.20.2 dnsqr a www.example.org tail -f /service/dnscache/log/main/current ******************************************************************************** ### /etc/rc.d/rc.tinydns #!/bin/bash case "$1" in start) echo "Starting DJB tinydns" if svok /service/tinydns ; then svc -u /service/tinydns else echo tinydns service not running fi ;; stop) echo "Stopping DJB tinydns" svc -d /service/tinydns ;; status) svstat /service/tinydns svstat /service/tinydns/log ;; reload) echo "Reloading DJB tinydns" svc -h /service/tinydns ;; restart) echo "Restarting DJB tinydns" svc -d /service/tinydns svc -u /service/tinydns ;; *) echo "Usage: $0 {start|stop|restart|reload|status}" ;; esac ******************************************************************************** ### set execute mode chmod +x /etc/rc.d/rc.tinydns ******************************************************************************** ### Replicating Authoritative-only name server / Primary server: /usr/local/djbdns/tinydns/root/Makefile __Do not forget to create appropriate ssh keys with ssh-keygen__ __Execute make command in /usr/local/djbdns/tinydns/root/ whenever /usr/local/djbdns/tinydns/root/data changed__ remote: data.cdb scp -P22 -i /root/.ssh/id_rsa data.cdb root@192.168.1.2:/usr/local/djbdns/tinydns/root/data.cdb.tmp ssh -p22 -i /root/.ssh/id_rsa root@192.168.1.2 mv /usr/local/djbdns/tinydns/root/data.cdb.tmp /usr/local/djbdns/tinydns/root/data.cdb data.cdb: data /usr/local/bin/tinydns-data ******************************************************************************** ### Replicating Authoritative-only name server / Secondary server: /usr/local/djbdns/tinydns/root/data # Do not edit data on this computer! data.cdb is copied from primary server # The following line protects data.cdb by stopping make. 9 ******************************************************************************** ### axfrdns: tcp reply for tinydns and zone transfers mkdir -p /usr/local/djbdns useradd gaxfrdns -g tinydns -d /usr/local/djbdns -s /bin/false useradd gdnslog -g tinydns -d /usr/local/djbdns -s /bin/false axfrdns-conf gaxfrdns gdnslog /usr/local/djbdns/axfrdns /usr/local/djbdns/tinydns 172.16.20.2 echo ':allow,AXFR=""' > /usr/local/djbdns/axfrdns/tcp # sample line: 1.2.3.4:allow,AXFR="heaven.af.mil/3.2.1.in-addr.arpa" # :deny # domain transfer: echo '1.2.3.4:allow,AXFR="mahestan.info/pmoghadam.com"' >> /usr/local/djbdns/axfrdns/tcp # all domains transfer: echo '1.2.3.4:allow' >> /usr/local/djbdns/axfrdns/tcp cd /usr/local/djbdns/axfrdns/ make ln -sfn /usr/local/djbdns/axfrdns /service/axfrdns sleep 5 svstat /service/axfrdns ******************************************************************************** ### djbdns bookmarks [http://cr.yp.to/daemontools/faq/create.html](http://cr.yp.to/daemontools/faq/create.html) [http://cr.yp.to/daemontools/svc.html](http://cr.yp.to/daemontools/svc.html) [http://cr.yp.to/distributors.html](http://cr.yp.to/distributors.html) [http://cr.yp.to/djbdns.html](http://cr.yp.to/djbdns.html) [http://cr.yp.to/djbdns/dnscache.html](http://cr.yp.to/djbdns/dnscache.html) [http://cr.yp.to/djbdns/notes.html#gluelessness](http://cr.yp.to/djbdns/notes.html#gluelessness) [http://cr.yp.to/djbdns/run-server.html](http://cr.yp.to/djbdns/run-server.html) [http://cr.yp.to/djbdns/tinydns-data.html](http://cr.yp.to/djbdns/tinydns-data.html) [http://cr.yp.to/software.html](http://cr.yp.to/software.html) [http://www.tinydns.org/](http://www.tinydns.org/) [http://www.lifewithdjbdns.org/](http://www.lifewithdjbdns.org/) [http://en.wikipedia.org/wiki/Comparison_of_DNS_server_software](http://en.wikipedia.org/wiki/Comparison_of_DNS_server_software) [http://en.wikipedia.org/wiki/Djbdns](http://en.wikipedia.org/wiki/Djbdns) [http://www.qmail.org/moni.csi.hu/pub/glibc-2.3.1/](http://www.qmail.org/moni.csi.hu/pub/glibc-2.3.1/) [http://dns.squish.net/](http://dns.squish.net/) ******************************************************************************** ### Bug report From: D. J. Bernstein cr.yp.to> Subject: djbdns<=1.05 lets AXFRed subdomains overwrite domains Newsgroups: gmane.network.djbdns Date: 2009-03-04 01:34:21 GMT If the administrator of example.com publishes the example.com DNS data through tinydns and axfrdns, and includes data for sub.example.com transferred from an untrusted third party, then that third party can control cache entries for example.com, not just sub.example.com. This is the result of a bug in djbdns pointed out by Matthew Dempsky. (In short, axfrdns compresses some outgoing DNS packets incorrectly.) Even though this bug affects very few users, it is a violation of the expected security policy in a reasonable situation, so it is a security hole in djbdns. Third-party DNS service is discouraged in the djbdns documentation but is nevertheless supported. Dempsky is hereby awarded $1000. The next release of djbdns will be backed by a new security guarantee. In the meantime, if any users are in the situation described above, those users are advised to apply Dempsky's patch and requested to accept my apologies. The patch is also recommended for other users; it corrects the bug without any side effects. A copy of the patch appears below. ---D. J. Bernstein Research Professor, Computer Science, University of Illinois at Chicago --- response.c.orig 2009-02-24 21:04:06.000000000 -0800 +++ response.c 2009-02-24 21:04:25.000000000 -0800 @@ -34,7 +34,7 @@ uint16_pack_big(buf,49152 + name_ptr[i]); return response_addbytes(buf,2); } - if (dlen <= 128) + if ((dlen <= 128) && (response_len < 16384)) if (name_num < NAMES) { byte_copy(name[name_num],dlen,d); name_ptr[name_num] = response_len; ******************************************************************************** ### Atricle about changing /service to /var/service (incomplete) Title : Install and configure djbdns Os : Linux Distro : Slackware URL : - i. Install Daemontools # mkdir -p /var/package # chmod 1755 /var/package # cd /var/package # wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz # gunzip daemontools-0.76.tar # tar -xpf daemontools-0.76.tar # rm daemontools-0.76.tar # cd admin # wget http://moni.csi.hu/pub/glibc-2.3.1/daemontools-0.76.errno.patch # cd daemontools-0.76 # patch -p1 < ../daemontools-0.76.errno.patch # package/install ii. Install ucspi-tcp # cd /tmp # wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz # gunzip ucspi-tcp-0.88.tar # tar -xf ucspi-tcp-0.88.tar # http://www.qmail.org/moni.csi.hu/pub/glibc-2.3.1/ucspi-tcp-0.88.errno.patch # cd ucspi-tcp-0.88 # patch -p1 < ../ucspi-tcp-0.88.errno.patch # make # make setup check iii. Editing daemontools # mkdir /var/services # cd /command # vi svscanboot -- Notes : Add /var infront of all the /service directory /command/svc -dx /var/services/* /var/services/*/log env - PATH=$PATH svscan /var/services 2>&1 | \ # vi /etc/inittab -- Notes : Comment out SVSCAN part # init q # vi /etc/inittab -- Notes : Uncomment out SVSCAN part # ps -aux -- Check and see SVS is running on /var/services iv. Edit /etc/resolv.conf -- Add in -- domain xwings.net nameserver 10.0.0.1 ---- v. Preparing for djbdns # mkdir /var/dns # groupadd dns # useradd dnscache -g dns -d /var/dns -s /bin/false # useradd dnslog -g dns -d /var/dns -s /bin/false # useradd dns -g dns -d /var/dns -s /bin/false vi. Install djbdns # cd /tmp # wget http://cr.yp.to/djbdns/djbdns-1.05.tar.gz # tar xvzf djbdns-1.05.tar.gz # http://www.qmail.org/moni.csi.hu/pub/glibc-2.3.1/djbdns-1.05.errno.patch # cd djbdns-1.05 # patch -p1 < ../djbdns-1.05.errno.patch # make # make setup check vii. Bringing up djbdns - dns server # tinydns-conf dns dnslog /var/dns/namedb 127.0.0.1 # ln -s /var/dns/namedb /var/service # cd /var/dns/namedb/root # ./add-ns xwings.net 127.0.0.1 # ./add-ns 0.0.10.in-addr.arpa 127.0.0.1 # vi data Before: .xwings.net:127.0.0.1:a:259200 After: .xwings.net.127.0.0.1:ns1:259200 # ./add-host ultraman.xwings.net 10.0.0.21 # ./add-host cpteo.xwings.net 10.0.0.132 # ./add-host kjlau.xwings.net 10.0.0.144 # ./add-alias www.xwings.net 10.0.0.21 # make viii. Bringing up djbdns - dns cache server # dnscache-conf dnscache dnslog /var/dns/dnscache 10.0.0.21 # ln -s /var/dns/dnscache /var/service # touch /var/dns/dnscache/root/ip/10.0.0 # echo 127.0.0.1 > /var/dns/dnscache/root/servers/xwings.net # echo 127.0.0.1 > /var/dns/dnscache/root/servers/1.0.0.127.in-addr.arpa # echo 127.0.0.1 > /var/dns/dnscache/root/servers/0.0.10.in-addr.arpa # wget ftp://ftp.internic.net/domain/named.cache # awk '$1 ~ /.ROOT-SERVERS.NET/ {print $4}' named.cache > /var/dns/dnscache/root/servers/@ Testing : # dnsqr a kjlau.xwings.net 1 kjlau.xwings.net: 50 bytes, 1+1+0+0 records, response, noerror query: 1 kjlau.xwings.net answer: kjlau.xwings.net 85740 A 10.0.0.144 Maintain SVC Restart Service # svc -t /var/dns/dnscache Stop # svc -d /var/dns/dnscache The rc.dns file #!/bin/sh # M.J. Prinsen # # description: the djbdns DNS PATH=/bin:/usr/bin:/usr/local/bin:/usr/local/sbin export PATH case "$1" in start) echo "Starting dns" if svok /service/dnscache ; then svc -u /service/dnscache else echo dnscache service not running fi if svok /service/tinydns ; then svc -u /service/tinydns else echo tinydns service not running fi if svok /service/axfrdns ; then svc -u /service/axfrdns else echo axfrdns service not running fi if [ -d /var/lock/subsys ]; then touch /var/lock/subsys/dns fi ;; stop) echo "Stopping dns ..." echo " dnscache" svc -d /service/dnscache echo " tinydns" svc -d /service/tinydns echo " axfrdns" svc -d /service/axfrdns if [ -f /var/lock/subsys/dns ]; then rm /var/lock/subsys/dns fi ;; stat) svstat /service/dnscache svstat /service/dnscache/log echo "--" svstat /service/tinydns svstat /service/tinydns/log echo "--" svstat /service/axfrdns svstat /service/axfrdns/log ;; reload|hup) echo "Sending HUP signal to dns." svc -h /service/dnscache svc -h /service/tinydns svc -h /service/axfrdns ;; pause) echo "Pausing dnscache" svc -p /service/dnscache echo "Pausing tinydns" svc -p /service/tinydns echo "Pausing axfrdns" svc -p /service/axfrdns ;; cont) echo "Continuing dnscache" svc -c /service/dnscache echo "Continuing tinydns" svc -c /service/tinydns echo "Continuing axfrdns" svc -c /service/axfrdns ;; restart) echo "Restarting dns:" echo "* Stopping dnscache." svc -d /service/dnscache echo "* Stopping tinydns." svc -d /service/tinydns echo "* Stopping axfrdns." svc -d /service/axfrdns echo "* Restarting dnscache." svc -u /service/dnscache echo "* Restarting tinydns." svc -u /service/tinydns echo "* Restarting axfrdns." svc -u /service/axfrdns ;; help) cat < ******************************************************************************** _BY: Pejman Moghadam_ _TAG: daemoontools, ucspi-tcp, djbdns, dnscache, tinydns, opennic, dns, svc, djb_ _DATE: 2012-06-15 13:19:58_