View Single Post
  #5  
Old 13th February 2006, 11:06
todvard todvard is offline
Member
 
Join Date: Aug 2005
Posts: 85
Thanks: 1
Thanked 6 Times in 5 Posts
Default

Here is a small workaround how i could get "views" working in Bind. I am not a php programmer, so i decided to use bash scripts to achieve my purpose. Here is a mini howto in 7 steps for Debian (3.1) Sarge:

1. Stop ISPConfig and bind
Code:
/etc/init.d/ispconfig_server stop
/etc/init.d/bind9 stop
2. We will split /etc/bind/named.conf into 3 parts: /etc/bind/named.conf, /etc/bind/named.conf.inside, /etc/bind/named.conf.outside

named.conf should looks like this:
Code:
options {
        pid-file "/var/run/bind/run/named.pid";
        directory "/etc/bind";
        auth-nxdomain no;
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
        // query-source address * port 53;
};

//
// a caching only nameserver config
//

// My script is generating a hunge amount notes in your log file.
// If you want it to be forwarded to separate log file uncomment
// the following lines. Don't forget to create /var/log/named folder, 
// or /var/lib/named/var/log/named if you are using bind in chroot
// enviroment.
//logging {
//        channel "default_log_channel" {
//                file "/var/log/named/bind.log" versions 8 size 2m;
//                print-category  yes;
//                print-time      yes;
//        };
//        category "default" {
//                "default_log_channel";
//        };

        category lame-servers { null; };
};

acl loopback    { 127/8; };
acl rfc1918     { 10/8; 172.16/12; 192.168/16; };

view "inside" {
        match-clients { loopback; rfc1918; };
        recursion yes;
        notify no;


zone "." {
        type hint;
        file "db.root";
};

zone "0.0.127.in-addr.arpa" {
        type master;
        file "db.local";
};



include "/etc/bind/named.conf.inside";

};



view "outside" {
        match-clients { any; };
        recursion no;
        allow-query { any; };

include "/etc/bind/named.conf.outside";

};
named.conf.inside will be generated automatically by ISPConfig, named.conf.outside will be generated by our script.
Read the commented part in named.conf file, if you want to forward log events to different file.


3. we have to change the way how ISPconfig is generating named.conf. Create backup first:
Code:
cp /root/ispconfig/isp/conf/named.conf.master /root/ispconfig/isp/conf/named.conf.master.orig
Modify /root/ispconfig/isp/conf/named.conf.master to looks like this:
Code:
<!-- BEGIN DYNAMIC BLOCK: named_reverse -->
zone "{ZONE}.in-addr.arpa" {
        type master;
        file "pri.{ZONE}.in-addr.arpa";
};
<!-- END DYNAMIC BLOCK: named_reverse -->

<!-- BEGIN DYNAMIC BLOCK: named -->
zone "{DOMAIN}" {
        type master;
        file "pri.{DOMAIN}";
};
<!-- END DYNAMIC BLOCK: named -->

<!-- BEGIN DYNAMIC BLOCK: named_slave -->
zone "{DOMAIN}" {
        type slave;
        file "sec.{DOMAIN}";
        masters { {MASTERS}; };
};
<!-- END DYNAMIC BLOCK: named_slave -->

//// MAKE MANUAL ENTRIES BELOW THIS LINE! ////
4. Create a bash script /usr/local/sbin/convert2extDNS.sh
Code:
#! /bin/sh

exit 0

WORKDIR=/etc/bind

mv $WORKDIR/named.conf.outside $WORKDIR/named.conf.outside~

# This is a dirty hack to find zone files leading with pri. and not ending with ~
for name in `cd /etc/bind; ls | grep -e '^pri.' | grep -v "~" | cut -c5-`
do
echo $name
cp $WORKDIR/out.pri.$name $WORKDIR/out.pri.$name~
cat $WORKDIR/pri.$name | sed 's/!!!INTERNAL_IP!!!/!!!EXTERNAL_IP!!!/g' > $WORKDIR/out.pri.$name

cat >> $WORKDIR/named.conf.outside <<EOF
zone "$name" {
   type master;
   file "out.pri.$name";
    allow-query { any; };
    allow-transfer {
        !!!TRANSFER_ALLOW_DNS_IP!!!;
        !!!TRANSFER_ALLOW_DNS_IP!!!;
        !!!TRANSFER_ALLOW_DNS_IP!!!;
        };
};
EOF
done

/etc/init.d/bind9 reload
Don't forget to replace in code:
!!!INTERNAL_IP!!! - with your ISPConfig servers internal IP address (eg.: 192.168.0.1)
!!!EXTERNAL_IP!!! - with your servers external IP address (eg: 61.123.123.123)
!!!TRANSFER_ALLOW_DNS_IP!!! - add in all server IPs followed by semicolon whom you want to allow transfer zone files (eg. secondary DNS servers, NIS test server IPs, etc.).

!!!!When you are done comment out "exit 0" in third row of the file.!!!


5. Include this line into crontab
Code:
*/2 *   * * *   root    /usr/local/sbin/convert2extDNS.sh 1>/dev/null 2>/dev/null

6. Start ISPConfig and bind
Code:
/etc/init.d/ispconfig_server start
/etc/init.d/bind9 start

7. Log in as admin user into ISPConfig and go to Management >> Settings >> DNS. Change "named.conf" setting from "/etc/bind/named.conf" to "/etc/bind/named.conf.inside"


Thats it. Drawbacks, my script isn't handling hosted secondary name servers, but i think it can be easily epanded. The hack to find the pir.zone file names isn't to elegant, if someone can came out with a better solution i'll be very happy.

Cheers,
T.

Last edited by todvard; 13th February 2006 at 11:10.
Reply With Quote