ConfigureBackUpAnycastDNS: differenze tra le versioni
(Creata pagina con '==Configure your gentoo server as anycast DNS== ===System Prerequisities=== We are assuming that on your system sshd is already installed end well configured ===Disclaimer=...') |
m (cat) |
||
(9 versioni intermedie di un altro utente non mostrate) | |||
Riga 2: | Riga 2: | ||
===System Prerequisities=== | ===System Prerequisities=== | ||
We are assuming that on your system sshd is already installed | We are assuming that on your system sshd is already installed and well configured | ||
===Disclaimer=== | ===Disclaimer=== | ||
Riga 9: | Riga 8: | ||
Do not copy/paste things on your system without fully understanding what you are doing! | Do not copy/paste things on your system without fully understanding what you are doing! | ||
This guide can break your ssh server setup if followed as dogma! | |||
===Install the necessary software=== | ===Install the necessary software=== | ||
Riga 20: | Riga 19: | ||
</pre> | </pre> | ||
====Enable | ====Enable monkeysphere==== | ||
Add | Add keyword to enable monkeysphere, at least 0.36 version, according to your architecture editing | ||
/etc/portage/package.keywords/monkeysphere | /etc/portage/package.keywords/monkeysphere | ||
<pre> | <pre> | ||
app-crypt/monkeysphere | =app-crypt/monkeysphere-0.36 ~Y0urArch1t3cture | ||
</pre> | </pre> | ||
====Install layman, monkeysphere and bind 9==== | ====Install layman, monkeysphere, sudo and bind 9==== | ||
Depending on your useflag configuration it will ask you other things, don't panic just read and try to understand | Depending on your useflag configuration it will ask you other things, don't panic just read and try to understand | ||
<pre> | <pre> | ||
emerge -avq app-portage/layman app-crypt/monkeysphere net-dns/bind | emerge -avq app-portage/layman | ||
layman -S | |||
layman -a eigenlay | |||
emerge -avq app-crypt/monkeysphere net-dns/bind app-admin/sudo | |||
</pre> | |||
===Setup eigendns user=== | |||
<pre> | |||
useradd eigendns | |||
# This password isn't be important as ssh password should be disabled on your server, at least for this eigendns and root users | |||
passwd eigendns | |||
mkdir /home/eigendns | |||
usermod -a -G named eigendns | |||
chmod -R 755 /home/eigendns | |||
chown -R eigendns:eigendns /home/eigendns | |||
</pre> | |||
===Set correct permission on bind config=== | |||
<pre> | |||
chown -R named:named /etc/bind | |||
chmod -R 771 /etc/bind | |||
</pre> | |||
===Add Some trusted identity certifier=== | |||
<pre> | |||
monkeysphere-authentication add-identity-certifier YOUR_PGP_FINGERPRINT | |||
monkeysphere-authentication add-identity-certifier PHOENIX_MAINTAINER_PGP_FINGERPRINT | |||
</pre> | |||
===Setup monkeysphere autorized ids for eigendns=== | |||
<pre> | |||
mkdir /home/eigendns/.monkeysphere | |||
echo 'EigenLab DNS Updater <info@eigenlab.org>' > /home/eigendns/.monkeysphere/authorized_user_ids | |||
chmod -R 755 /home/eigendns | |||
chown -R eigendns:eigendns /home/eigendns | |||
</pre> | |||
===Change autorized_keys location for sshd=== | |||
/etc/ssh/sshd_config | |||
<pre> | |||
#AuthorizedKeysFile .ssh/authorized_keys | |||
AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u | |||
</pre> | |||
restart sshd | |||
<pre> | |||
/etc/init.d/sshd restart | |||
</pre> | |||
===Update monkeysphere authorized users=== | |||
<pre> | |||
monkeysphere-authentication update-users | |||
</pre> | </pre> | ||
It is suggested to do this operation periodical for example adding this line to your crontab | |||
<pre> | |||
0 * * * * root monkeysphere-authentication update-users | |||
</pre> | |||
===Autorize eigendns to restart bind=== | |||
<pre> | |||
echo 'eigendns ALL= (root) NOPASSWD: /etc/init.d/named restart' >> /etc/sudoers | |||
</pre> | |||
===Contact Phoenix Admin=== | |||
Send an email to info _at_nospam_ eigenlab.org telling what you have done and requesting to be added to anycast dns automated update server list. | |||
The phoenix admin will answer to you how to complete the steps to be an anycast dns. | |||
[[Categoria:HowTo]] | |||
[[Categoria:EigenNet]] |
Versione attuale delle 06:23, 30 apr 2017
Configure your gentoo server as anycast DNS
System Prerequisities
We are assuming that on your system sshd is already installed and well configured
Disclaimer
Follow this guide critically!
Do not copy/paste things on your system without fully understanding what you are doing!
This guide can break your ssh server setup if followed as dogma!
Install the necessary software
Enable git useflag for layman editing
/etc/portage/package.use/layman
app-portage/layman git
Enable monkeysphere
Add keyword to enable monkeysphere, at least 0.36 version, according to your architecture editing /etc/portage/package.keywords/monkeysphere
=app-crypt/monkeysphere-0.36 ~Y0urArch1t3cture
Install layman, monkeysphere, sudo and bind 9
Depending on your useflag configuration it will ask you other things, don't panic just read and try to understand
emerge -avq app-portage/layman layman -S layman -a eigenlay emerge -avq app-crypt/monkeysphere net-dns/bind app-admin/sudo
Setup eigendns user
useradd eigendns # This password isn't be important as ssh password should be disabled on your server, at least for this eigendns and root users passwd eigendns mkdir /home/eigendns usermod -a -G named eigendns chmod -R 755 /home/eigendns chown -R eigendns:eigendns /home/eigendns
Set correct permission on bind config
chown -R named:named /etc/bind chmod -R 771 /etc/bind
Add Some trusted identity certifier
monkeysphere-authentication add-identity-certifier YOUR_PGP_FINGERPRINT monkeysphere-authentication add-identity-certifier PHOENIX_MAINTAINER_PGP_FINGERPRINT
Setup monkeysphere autorized ids for eigendns
mkdir /home/eigendns/.monkeysphere echo 'EigenLab DNS Updater <info@eigenlab.org>' > /home/eigendns/.monkeysphere/authorized_user_ids chmod -R 755 /home/eigendns chown -R eigendns:eigendns /home/eigendns
Change autorized_keys location for sshd
/etc/ssh/sshd_config
#AuthorizedKeysFile .ssh/authorized_keys AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u
restart sshd
/etc/init.d/sshd restart
Update monkeysphere authorized users
monkeysphere-authentication update-users
It is suggested to do this operation periodical for example adding this line to your crontab
0 * * * * root monkeysphere-authentication update-users
Autorize eigendns to restart bind
echo 'eigendns ALL= (root) NOPASSWD: /etc/init.d/named restart' >> /etc/sudoers
Contact Phoenix Admin
Send an email to info _at_nospam_ eigenlab.org telling what you have done and requesting to be added to anycast dns automated update server list. The phoenix admin will answer to you how to complete the steps to be an anycast dns.