Burocrati, Amministratori, wegan
509
contributi
ConfigureBackUpAnycastDNS: differenze tra le versioni
Vai alla navigazione
Vai alla ricerca
m
cat
m (cat) |
|||
| (8 versioni intermedie di un altro utente non mostrate) | |||
| Riga 2: | Riga 2: | ||
===System Prerequisities=== | ===System Prerequisities=== | ||
We are assuming that on your system sshd is already installed | We are assuming that on your system sshd is already installed and well configured | ||
===Disclaimer=== | ===Disclaimer=== | ||
| Riga 20: | Riga 19: | ||
</pre> | </pre> | ||
====Enable | ====Enable monkeysphere==== | ||
Add | Add keyword to enable monkeysphere, at least 0.36 version, according to your architecture editing | ||
/etc/portage/package.keywords/monkeysphere | /etc/portage/package.keywords/monkeysphere | ||
<pre> | <pre> | ||
app-crypt/monkeysphere | =app-crypt/monkeysphere-0.36 ~Y0urArch1t3cture | ||
</pre> | </pre> | ||
====Install layman, monkeysphere and bind 9==== | ====Install layman, monkeysphere, sudo and bind 9==== | ||
Depending on your useflag configuration it will ask you other things, don't panic just read and try to understand | Depending on your useflag configuration it will ask you other things, don't panic just read and try to understand | ||
<pre> | <pre> | ||
emerge -avq app-portage/layman app-crypt/monkeysphere net-dns/bind | emerge -avq app-portage/layman | ||
layman -S | |||
layman -a eigenlay | |||
emerge -avq app-crypt/monkeysphere net-dns/bind app-admin/sudo | |||
</pre> | |||
===Setup eigendns user=== | |||
<pre> | |||
useradd eigendns | |||
# This password isn't be important as ssh password should be disabled on your server, at least for this eigendns and root users | |||
passwd eigendns | |||
mkdir /home/eigendns | |||
usermod -a -G named eigendns | |||
chmod -R 755 /home/eigendns | |||
chown -R eigendns:eigendns /home/eigendns | |||
</pre> | |||
===Set correct permission on bind config=== | |||
<pre> | |||
chown -R named:named /etc/bind | |||
chmod -R 771 /etc/bind | |||
</pre> | |||
===Add Some trusted identity certifier=== | |||
<pre> | |||
monkeysphere-authentication add-identity-certifier YOUR_PGP_FINGERPRINT | |||
monkeysphere-authentication add-identity-certifier PHOENIX_MAINTAINER_PGP_FINGERPRINT | |||
</pre> | |||
===Setup monkeysphere autorized ids for eigendns=== | |||
<pre> | |||
mkdir /home/eigendns/.monkeysphere | |||
echo 'EigenLab DNS Updater <info@eigenlab.org>' > /home/eigendns/.monkeysphere/authorized_user_ids | |||
chmod -R 755 /home/eigendns | |||
chown -R eigendns:eigendns /home/eigendns | |||
</pre> | |||
===Change autorized_keys location for sshd=== | |||
/etc/ssh/sshd_config | |||
<pre> | |||
#AuthorizedKeysFile .ssh/authorized_keys | |||
AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u | |||
</pre> | |||
restart sshd | |||
<pre> | |||
/etc/init.d/sshd restart | |||
</pre> | |||
===Update monkeysphere authorized users=== | |||
<pre> | |||
monkeysphere-authentication update-users | |||
</pre> | </pre> | ||
It is suggested to do this operation periodical for example adding this line to your crontab | |||
<pre> | |||
0 * * * * root monkeysphere-authentication update-users | |||
</pre> | |||
===Autorize eigendns to restart bind=== | |||
<pre> | |||
echo 'eigendns ALL= (root) NOPASSWD: /etc/init.d/named restart' >> /etc/sudoers | |||
</pre> | |||
===Contact Phoenix Admin=== | |||
Send an email to info _at_nospam_ eigenlab.org telling what you have done and requesting to be added to anycast dns automated update server list. | |||
The phoenix admin will answer to you how to complete the steps to be an anycast dns. | |||
[[Categoria:HowTo]] | |||
[[Categoria:EigenNet]] | |||