ConfigureBackUpAnycastDNS: differenze tra le versioni

Da EigenWiki.
Vai alla navigazione Vai alla ricerca
Nessun oggetto della modifica
Riga 26: Riga 26:
</pre>
</pre>


====Install layman, monkeysphere and bind 9====
====Install layman, monkeysphere, sudo and bind 9====
Depending on your useflag configuration it will ask you other things, don't panic just read and try to understand
Depending on your useflag configuration it will ask you other things, don't panic just read and try to understand
<pre>
<pre>
Riga 32: Riga 32:
layman -S
layman -S
layman -a eigenlay
layman -a eigenlay
emerge -avq app-crypt/monkeysphere net-dns/bind
emerge -avq app-crypt/monkeysphere net-dns/bind app-admin/sudo
</pre>
</pre>
===Setup eigendns user===
<pre>
useradd eigendns
# This password isn't be important as ssh password should be disabled on your server, at least for this eigendns and root users
passwd eigendns
mkdir /home/eigendns
usermod -a -G named eigendns
chmod -R 755 /home/eigendns
chown -R eigendns:eigendns /home/eigendns
</pre>
===Set correct permission on bind config===
<pre>
chown -R named:named /etc/bind
chmod -R 771 /etc/bind
</pre>
===Add Some trusted identity certifier===
<pre>
monkeysphere-authentication add-identity-certifier YOUR_PGP_FINGERPRINT
monkeysphere-authentication add-identity-certifier PHOENIX_MAINTAINER_PGP_FINGERPRINT
</pre>
===Setup monkeysphere autorized ids for eigendns===
<pre>
mkdir /home/eigendns/.monkeysphere
echo 'EigenLab DNS Updater <info@eigenlab.org>' > /home/eigendns/.monkeysphere/authorized_user_ids
chmod -R 755 /home/eigendns
chown -R eigendns:eigendns /home/eigendns
</pre>
===Change autorized_keys location for sshd===
/etc/ssh/sshd_config
<pre>
#AuthorizedKeysFile .ssh/authorized_keys
AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u
</pre>
restart sshd
<pre>
/etc/init.d/sshd restart
</pre>
===Update monkeysphere authorized users===
<pre>
monkeysphere-authentication update-users
</pre>
It is suggested to do this operation periodical for example adding this line to your crontab
<pre>
0 * * * *      root    monkeysphere-authentication update-users
</pre>
===Autorize eigendns to restart bind===
<pre>
echo 'eigendns ALL= (root) NOPASSWD: /etc/init.d/named restart' >> /etc/sudoers
<pre>

Versione delle 12:46, 23 mar 2013

Configure your gentoo server as anycast DNS

System Prerequisities

We are assuming that on your system sshd is already installed and well configured

Disclaimer

Follow this guide critically!

Do not copy/paste things on your system without fully understanding what you are doing!

This guide can break your ssh server setup if followed as dogma!

Install the necessary software

Enable git useflag for layman editing

/etc/portage/package.use/layman

app-portage/layman      git

Enable ** keyword for monkeysphere

Add that keyword to install version 9999 editing /etc/portage/package.keywords/monkeysphere

app-crypt/monkeysphere::eigenlay        **

Install layman, monkeysphere, sudo and bind 9

Depending on your useflag configuration it will ask you other things, don't panic just read and try to understand

emerge -avq app-portage/layman
layman -S
layman -a eigenlay
emerge -avq app-crypt/monkeysphere net-dns/bind app-admin/sudo

Setup eigendns user

useradd eigendns
# This password isn't be important as ssh password should be disabled on your server, at least for this eigendns and root users
passwd eigendns 
mkdir /home/eigendns
usermod -a -G named eigendns
chmod -R 755 /home/eigendns
chown -R eigendns:eigendns /home/eigendns

Set correct permission on bind config

chown -R named:named /etc/bind
chmod -R 771 /etc/bind

Add Some trusted identity certifier

monkeysphere-authentication add-identity-certifier YOUR_PGP_FINGERPRINT
monkeysphere-authentication add-identity-certifier PHOENIX_MAINTAINER_PGP_FINGERPRINT

Setup monkeysphere autorized ids for eigendns

mkdir /home/eigendns/.monkeysphere
echo 'EigenLab DNS Updater <info@eigenlab.org>' > /home/eigendns/.monkeysphere/authorized_user_ids
chmod -R 755 /home/eigendns
chown -R eigendns:eigendns /home/eigendns

Change autorized_keys location for sshd

/etc/ssh/sshd_config

#AuthorizedKeysFile .ssh/authorized_keys
AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u

restart sshd

/etc/init.d/sshd restart

Update monkeysphere authorized users

monkeysphere-authentication update-users

It is suggested to do this operation periodical for example adding this line to your crontab

0 * * * *       root    monkeysphere-authentication update-users

Autorize eigendns to restart bind

echo 'eigendns ALL= (root) NOPASSWD: /etc/init.d/named restart' >> /etc/sudoers