RU DNS » History » Version 1
Joseph Foley, 2015-09-05 02:47
| 1 | 1 | Joseph Foley | h1. RU DNS |
|---|---|---|---|
| 2 | |||
| 3 | Info on dnsmasq for Ubuntu 12.04 http://www.stgraber.org/2012/02/24/dns-in-ubuntu-12-04/ |
||
| 4 | |||
| 5 | # If you are on Ubuntu 12.04, you will need to disable the local DNS caching in dnsmasq. I'm not sure how to get it properly to redirect queries, unfortunately. |
||
| 6 | <pre>sudo gedit /etc/NetworkManager/NetworkManager.conf</pre> |
||
| 7 | # Put a "#" in front of the line that says dns=dnsmasq |
||
| 8 | # Restart network manager |
||
| 9 | <pre>sudo invoke-rc.d networkmanager restart</pre> |
||
| 10 | |||
| 11 | h1. DJBDNS |
||
| 12 | |||
| 13 | There is a new standard in secure DNS servers under the package djbdns |
||
| 14 | |||
| 15 | http://cr.yp.to/djbdns.html |
||
| 16 | |||
| 17 | We have ActiveDirectory DNS servers at RU, which means that all 10.*.*.* addresses must be reverse resolved through them. Also, the internal DNS names (mostly hir.is, but some ru.is including mail.ru.is) must be queried there. To complicate things, there is an external presence for hir.is, which gives different responses. Remember that MS DNS assumes that all computers are only stub resolvers that always ask the AD DNS for all queries. |
||
| 18 | |||
| 19 | h2. Install on Ubuntu 12.04 |
||
| 20 | |||
| 21 | Based upon directions: |
||
| 22 | |||
| 23 | * DJBDNS External Cache Config: http://cr.yp.to/djbdns/run-cache-x-home.html |
||
| 24 | * DJBDNS FAQ "How does _split horizon_ DNS work with tinydns?" http://www.fefe.de/djbdns/#cidr |
||
| 25 | |||
| 26 | Of note, Ubuntu installs everything in @/etc/dnscache@. Also, this configuration will break when you are not on the RU network. |
||
| 27 | |||
| 28 | # Disable the dnsmasq as mentioned at the beginning of the page |
||
| 29 | # Install the packages |
||
| 30 | <pre>apt-get install djbdns daemontools dnscache-run</pre> |
||
| 31 | # Now add the special cases for the RU/HIR hosts and the reverse resolve. These files will tell djbdns to ask only the RU servers for 10.*.*.*, *.ru.is, and *.hir.is If the RU DNS servers change, substitute the IP addresses. _These must be the internal DNS servers_ |
||
| 32 | <pre>sudo su |
||
| 33 | cd /etc/dnscache/root/servers |
||
| 34 | echo "10.11.1.2" > hir.is |
||
| 35 | echo "10.12.1.3" >> hir.is |
||
| 36 | ln -s hir.is ru.is |
||
| 37 | ln -s hir.is 10.in-addr.arpa |
||
| 38 | exit |
||
| 39 | </pre> |
||
| 40 | # Restart using daemontools |
||
| 41 | <pre>sudo svc -t /etc/dnscache</pre> |
||
| 42 | |||
| 43 | h2. DNS when outside of the RU network |
||
| 44 | |||
| 45 | When you go outside of the RU network, you just need to delete the ru.is file so that it gets the external addresses |
||
| 46 | <pre>sudo rm /etc/dnscache/root/servers/ru.is</pre>. Yes, this is ugly. |
||
| 47 | |||
| 48 | Alternatively, you can set to never cache and run off @/etc/resolve.conf@ as per http://cr.yp.to/djbdns/run-cache-none.html |
||
| 49 | |||
| 50 | Another option is this perl script that dumps changes from @/etc/resolve.conf@ into the appropriate place: http://www.thismetalsky.org/projects/dhcp_dns |