ConfigureBackUpAnycastDNS: differenze tra le versioni

Da EigenWiki.
Vai alla navigazione Vai alla ricerca
(Creata pagina con '==Configure your gentoo server as anycast DNS== ===System Prerequisities=== We are assuming that on your system sshd is already installed end well configured ===Disclaimer=...')
 
m (cat)
 
(9 versioni intermedie di un altro utente non mostrate)
Riga 2: Riga 2:


===System Prerequisities===
===System Prerequisities===
We are assuming that on your system sshd is already installed end well configured
We are assuming that on your system sshd is already installed and well configured
 


===Disclaimer===
===Disclaimer===
Riga 9: Riga 8:


Do not copy/paste things on your system without fully understanding what you are doing!
Do not copy/paste things on your system without fully understanding what you are doing!
This guide can break your ssh server setup if followed as dogma!!


This guide can break your ssh server setup if followed as dogma!


===Install the necessary software===
===Install the necessary software===
Riga 20: Riga 19:
</pre>
</pre>


====Enable ** keyword for monkeysphere====
====Enable monkeysphere====
Add that keyword to install version 9999 editing
Add keyword to enable monkeysphere, at least 0.36 version, according to your architecture editing
/etc/portage/package.keywords/monkeysphere
/etc/portage/package.keywords/monkeysphere
<pre>
<pre>
app-crypt/monkeysphere::eigenlay        **
=app-crypt/monkeysphere-0.36 ~Y0urArch1t3cture
</pre>
</pre>


====Install layman, monkeysphere and bind 9====
====Install layman, monkeysphere, sudo and bind 9====
Depending on your useflag configuration it will ask you other things, don't panic just read and try to understand
Depending on your useflag configuration it will ask you other things, don't panic just read and try to understand
<pre>
<pre>
emerge -avq app-portage/layman app-crypt/monkeysphere net-dns/bind
emerge -avq app-portage/layman
layman -S
layman -a eigenlay
emerge -avq app-crypt/monkeysphere net-dns/bind app-admin/sudo
</pre>
 
===Setup eigendns user===
<pre>
useradd eigendns
# This password isn't be important as ssh password should be disabled on your server, at least for this eigendns and root users
passwd eigendns
mkdir /home/eigendns
usermod -a -G named eigendns
chmod -R 755 /home/eigendns
chown -R eigendns:eigendns /home/eigendns
</pre>
 
===Set correct permission on bind config===
<pre>
chown -R named:named /etc/bind
chmod -R 771 /etc/bind
</pre>
 
===Add Some trusted identity certifier===
<pre>
monkeysphere-authentication add-identity-certifier YOUR_PGP_FINGERPRINT
monkeysphere-authentication add-identity-certifier PHOENIX_MAINTAINER_PGP_FINGERPRINT
</pre>
 
===Setup monkeysphere autorized ids for eigendns===
<pre>
mkdir /home/eigendns/.monkeysphere
echo 'EigenLab DNS Updater <info@eigenlab.org>' > /home/eigendns/.monkeysphere/authorized_user_ids
chmod -R 755 /home/eigendns
chown -R eigendns:eigendns /home/eigendns
</pre>
 
===Change autorized_keys location for sshd===
/etc/ssh/sshd_config
<pre>
#AuthorizedKeysFile .ssh/authorized_keys
AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u
</pre>
 
restart sshd
<pre>
/etc/init.d/sshd restart
</pre>
 
===Update monkeysphere authorized users===
<pre>
monkeysphere-authentication update-users
</pre>
</pre>
It is suggested to do this operation periodical for example adding this line to your crontab
<pre>
0 * * * *      root    monkeysphere-authentication update-users
</pre>
===Autorize eigendns to restart bind===
<pre>
echo 'eigendns ALL= (root) NOPASSWD: /etc/init.d/named restart' >> /etc/sudoers
</pre>
===Contact Phoenix Admin===
Send an email to info _at_nospam_ eigenlab.org telling what you have done and requesting to be added to anycast dns automated update server list.
The phoenix admin will answer to you how to complete the steps to be an anycast dns.
[[Categoria:HowTo]]
[[Categoria:EigenNet]]

Versione attuale delle 06:23, 30 apr 2017

Configure your gentoo server as anycast DNS

System Prerequisities

We are assuming that on your system sshd is already installed and well configured

Disclaimer

Follow this guide critically!

Do not copy/paste things on your system without fully understanding what you are doing!

This guide can break your ssh server setup if followed as dogma!

Install the necessary software

Enable git useflag for layman editing

/etc/portage/package.use/layman

app-portage/layman      git

Enable monkeysphere

Add keyword to enable monkeysphere, at least 0.36 version, according to your architecture editing /etc/portage/package.keywords/monkeysphere

=app-crypt/monkeysphere-0.36 ~Y0urArch1t3cture

Install layman, monkeysphere, sudo and bind 9

Depending on your useflag configuration it will ask you other things, don't panic just read and try to understand

emerge -avq app-portage/layman
layman -S
layman -a eigenlay
emerge -avq app-crypt/monkeysphere net-dns/bind app-admin/sudo

Setup eigendns user

useradd eigendns
# This password isn't be important as ssh password should be disabled on your server, at least for this eigendns and root users
passwd eigendns 
mkdir /home/eigendns
usermod -a -G named eigendns
chmod -R 755 /home/eigendns
chown -R eigendns:eigendns /home/eigendns

Set correct permission on bind config

chown -R named:named /etc/bind
chmod -R 771 /etc/bind

Add Some trusted identity certifier

monkeysphere-authentication add-identity-certifier YOUR_PGP_FINGERPRINT
monkeysphere-authentication add-identity-certifier PHOENIX_MAINTAINER_PGP_FINGERPRINT

Setup monkeysphere autorized ids for eigendns

mkdir /home/eigendns/.monkeysphere
echo 'EigenLab DNS Updater <info@eigenlab.org>' > /home/eigendns/.monkeysphere/authorized_user_ids
chmod -R 755 /home/eigendns
chown -R eigendns:eigendns /home/eigendns

Change autorized_keys location for sshd

/etc/ssh/sshd_config

#AuthorizedKeysFile .ssh/authorized_keys
AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u

restart sshd

/etc/init.d/sshd restart

Update monkeysphere authorized users

monkeysphere-authentication update-users

It is suggested to do this operation periodical for example adding this line to your crontab

0 * * * *       root    monkeysphere-authentication update-users

Autorize eigendns to restart bind

echo 'eigendns ALL= (root) NOPASSWD: /etc/init.d/named restart' >> /etc/sudoers

Contact Phoenix Admin

Send an email to info _at_nospam_ eigenlab.org telling what you have done and requesting to be added to anycast dns automated update server list. The phoenix admin will answer to you how to complete the steps to be an anycast dns.