HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Tips/Tricks/Mods (http://www.howtoforge.com/forums/forumdisplay.php?f=29)
-   -   Small DNS server (http://www.howtoforge.com/forums/showthread.php?t=61246)

markc 1st April 2013 10:10

Small DNS server
 
I have a small 220 Mb VPS and thought I could put it to use as a slave DNS server using Debian wheezy. It was an interesting exercise seeing what could or could not run in such a small VPS and this is a bit of a brain dump FWIW. I tried using nginx with just fcgiwrap but it would mean adding "#!/usr/bin/php5-cgi" to a couple of dozen first run PHP scripts. There is no way php-fpm would run along with MySQL and Bind so I ended up installing lighttpd just to run the ISPConfig CP and I only had to alter one file...

Code:

chmod 640 /usr/local/ispconfig/interface/lib/config.inc.php
so that lighttpd running as www-data could access it (the ispconfig user belongs to the www-data group on Debian/Ubuntu systems). Yes, pure CGI (not FastCGI) is pretty slow but it works. I also added just postfix on it's own so the system could send out any email notices. Here is a list of running services...

Code:

~ free
            total      used      free    shared    buffers    cached
Mem:        225280    111036    114244          0          0          0
-/+ buffers/cache:    111036    114244
Swap:      524288          0    524288

~ ps aux
USER      PID %CPU %MEM    VSZ  RSS TTY      STAT START  TIME COMMAND
root        1  0.0  0.3  10608  824 ?        Ss  Mar31  0:00 init [2]     
root      3245  0.0  0.7  58808  1640 ?        Sl  Mar31  0:00 /usr/sbin/rsyslogd -c5
bind      3269  0.0  5.2  86940 11760 ?        Ssl  Mar31  0:00 /usr/sbin/named -u bind
root      3294  0.0  0.4  18836  952 ?        Ss  Mar31  0:00 /usr/sbin/cron
www-data  3315  0.0  1.1  80444  2512 ?        S    Mar31  0:00 /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf
root      3345  0.0  0.2  4132  652 ?        S    Mar31  0:00 /bin/sh /usr/bin/mysqld_safe
mysql    3657  0.0  4.2  63528  9472 ?        Sl  Mar31  0:00 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --user=m
root      3865  0.0  1.0  37744  2428 ?        Ss  Mar31  0:00 /usr/lib/postfix/master
postfix  3866  0.0  1.0  39864  2376 ?        S    Mar31  0:00 qmgr -l -t fifo -u
root      3882  0.0  0.4  40936  928 ?        Ss  Mar31  0:00 pure-ftpd (SERVER)                                                                                 
root      3945  0.0  0.5  41640  1212 ?        Ss  Mar31  0:00 /usr/sbin/sshd
postfix  5925  0.0  1.0  39812  2336 ?        S    Mar31  0:00 pickup -l -t fifo -u -c
root      5969  0.0  1.6  69432  3812 ?        Ss  00:55  0:00 sshd: root@pts/0
root      5971  0.0  0.8  17900  2024 pts/0    Ss  00:55  0:00 -bash
root      5984  0.0  0.4  15260  1092 pts/0    R+  00:59  0:00 ps aux

I had to disable InnoDB for Mysql so here is it's my.cnf...

Code:

[client]
user                    = MYSQL_USERNAME
password                = MYSQL_PASSWORD
port                    = 3306
socket                  = /var/run/mysqld/mysqld.sock

[mysqld]
default-storage-engine  = myisam
port                    = 3306
socket                  = /var/run/mysqld/mysqld.sock
key_buffer_size        = 16K
max_allowed_packet      = 1M
table_open_cache        = 4
sort_buffer_size        = 64K
read_buffer_size        = 256K
read_rnd_buffer_size    = 256K
net_buffer_length      = 2K
thread_stack            = 128K
server-id              = 1
general_log            = 1
general_log_file        = /var/log/mysql/mysql.log
log_error              = /var/log/mysql/error.log
log_slow_queries        = /var/log/mysql/mysql-slow.log
long_query_time        = 2
log-queries-not-using-indexes
ignore_builtin-innodb
skip-external-locking

[mysqldump]
quick
max_allowed_packet      = 16M

[mysql]
no-auto-rehash

[myisamchk]
key_buffer_size        = 8M
sort_buffer_size        = 8M

[mysqlhotcopy]
interactive-timeout

and the lighttpd conf...

Code:

server.modules = (
  "mod_access",
  "mod_alias",
  "mod_compress",
  "mod_redirect",
#  "mod_rewrite",
)

server.document-root        = "/var/www"
server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
server.errorlog            = "/var/log/lighttpd/error.log"
server.pid-file            = "/var/run/lighttpd.pid"
server.username            = "www-data"
server.groupname            = "www-data"
server.port                = 80
index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
url.access-deny            = ( "~", ".inc", ".ht" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
cgi.assign                  = ( ".php" => "/usr/bin/php5-cgi" )
compress.cache-dir          = "/var/cache/lighttpd/compress/"
compress.filetype          = ( "application/javascript", "text/css", "text/html", "text/plain" )

$HTTP["url"] =~ "\.(js|css|gif|jpg|png|ico|txt|swf|html|htm)$" {
  expire.url = ( "" => "access 3 days" )
}

$HTTP["url"] =~ "\.(gif|jpe?g|png|htc|css|js|ico)$" {
  accesslog.filename = "/dev/null"
}

$SERVER["socket"] == "0.0.0.0:443" {
  ssl.engine                = "enable"
  ssl.pemfile              = "/etc/ssl/private/lighttpd.pem"
  ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
  ssl.honor-cipher-order = "enable"
  server.document-root      = "/usr/local/ispconfig/interface/web"
}

# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.assign.pl"
include_shell "/usr/share/lighttpd/include-conf-enabled.pl"

plus these lighttpd modules enabled...

Code:

~ ls /etc/lighttpd/conf-enabled/* -1
/etc/lighttpd/conf-enabled/05-auth.conf@
/etc/lighttpd/conf-enabled/10-accesslog.conf@
/etc/lighttpd/conf-enabled/10-cgi.conf@
/etc/lighttpd/conf-enabled/10-expire.conf@
/etc/lighttpd/conf-enabled/50-phpmyadmin.conf@

And slightly related is I had an emergency where our main mailserver leaked spam via a compromised user account so to help some clients avoid the blacklisting I wanted to set up an alternate outgoing-only SMTP server. I got another even smaller 128Mb VPS (from RamNode with 3Gb SSD) and tried to install postfix but I am more familiar with courier-mta. I ended up using a SSH tunnel back to our main server 10,000 Km away for MySQL access, to avoid running MySQL with a lot of data locally, and to my surprise it came together after a couple of hours work and is currently using only 15Mb of ram!

I think my point is that if ISPConfig could work with SQLite then by using lighttpd+CGI and courier-mta/imap with perhaps MaraDNS then it would be possible to run a few dozen clients out of a $20/yr VPS. And the neat point about these ultra cheap VPS is that they obviously come with an IP and most hosting providers charge more than $20 per year (and up to double that) for just one extra IP!

ressel 26th April 2013 00:46

Why did you install a webserver if it's only dns slave?

markc 27th April 2013 04:07

So I could add and manage the actual slave zones via ISPConfig.

I didn't want to MySQL replicate a huge amount of otherwise useless (to this server) database content and so far my tests with mirroring ISPConfig to other servers has not been very satisfactory. I'm still not clear on how to manage other servers from a single centralised instance of ISPConfig and I needed this particular slave server up and running asap and using lighttpd and its non-fast CGI module was the quickest path to get it all working on such a small VPS.


All times are GMT +2. The time now is 06:46.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.