The Perfect Load-Balanced & High-Availability Web Cluster With 2 Servers Running Xen On Ubuntu 8.04 Hardy Heron - Page 3

8. DNS Server (web1, web2)

8.1 Install the DNS Server

Run :

apt-get install bind9

For security reasons we want to run BIND chrooted so we have to do the following steps:

/etc/init.d/bind9 stop

Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged user bind, chrooted to /var/lib/named. Modify the line: OPTIONS="-u bind" so that it reads OPTIONS="-u bind -t /var/lib/named":

vi /etc/default/bind9

OPTIONS="-u bind -t /var/lib/named"
# Set RESOLVCONF=no to not run resolvconf
RESOLVCONF=yes

Create the necessary directories under /var/lib:

mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run

Then move the config directory from /etc to /var/lib/named/etc:

mv /etc/bind /var/lib/named/etc

Create a symlink to the new config directory from the old location (to avoid problems when bind gets updated in the future):

ln -s /var/lib/named/etc/bind /etc/bind

Make null and random devices, and fix permissions of the directories:

mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind

We need to modify /etc/default/syslogd so that we can still get important messages logged to the system logs. Modify the line: SYSLOGD="" so that it reads: SYSLOGD="-a /var/lib/named/dev/log":

vi /etc/default/syslogd

#
# Top configuration file for syslogd
#
#
# Full documentation of possible arguments are found in the manpage
# syslogd(8).
#
#
# For remote UDP logging use SYSLOGD="-r"
#
SYSLOGD="-a /var/lib/named/dev/log"

Restart the logging daemon:

/etc/init.d/sysklogd restart

Start up BIND, and check /var/log/syslog for errors:

/etc/init.d/bind9 start

 

8.2 Configure bind

We are going to configure bind with 2 domains, example.com which will be the nameserver and we will configure bind for yoursite.com as well.

Now the main configuration file in BIND is named.conf, however named.conf.local is already included in named.conf and its there for customized configuration, so we will edit named.conf.local and we will add our zones, here I added a zone camed tm.local as well as a reverse zone for 192.168.1.0:

vi /etc/bind/named.conf.local

#EXAMPLE.COM
zone "example.com" {
        type master;
        file "/etc/bind/zones/example.com.db";
        };
#YOURSITE.COM
zone "yoursite.com" {
        type master;
        file "/etc/bind/zones/yoursite.com.db";
        };
# This is the zone definition for reverse DNS. replace 1.168.192 with your network address in reverse notation - e.g my network address is 192.168.1.X
zone "1.168.192.in-addr.arpa." {
     type master;
     file "/etc/bind/zones/rev.1.168.192.in-addr.arpa";
};

Note : If your ISP is delegating you a subnet maps (let says ip 192.168.1.100 to 192.168.1.112) read this for the reverse zone (see Customer/User Zone File) :

http://www.zytrax.com/books/dns/ch9/reverse.html

 

8.3 Configure zones

mkdir /etc/bind/zones
vi /etc/bind/zones/example.com.db

and make it look like this :

$TTL        86400
@       IN      SOA     ns1.example.com. admin.example.com. (
                        2008060902       ; serial, todays date + todays serial #
                        28800              ; refresh, seconds
                        7200              ; retry, seconds
                        604800              ; expire, seconds
                        86400 )            ; minimum, seconds
;
                NS      ns1.example.com.              ; Inet Address of name server 1
                NS      ns2.example.com.              ; Inet Address of name server 2
;
  MX      10 example.com.
example.com.      A        192.168.1.106
www                   A        192.168.1.106
ns1                      A        192.168.1.106
ns2                      A        192.168.1.106
dom01                 A        192.168.1.100
dom02                 A        192.168.1.101
lb1                       A        192.168.1.102
lb2                       A        192.168.1.103
web1                   A        192.168.1.104
web2                   A        192.168.1.105

example.com.       TXT  "v=spf1 ip4:192.168.1.104 ip4:192.168.1.105 a ptr a:web1.example.com a:web2.example.com ~all"

Now we will create the zone for yoursite.com :

vi /etc/bind/zones/yoursite.com.db

Make it look like this :

$TTL        86400
@       IN      SOA     ns1.example.com. admin.yoursite.com. (
                        2008060902       ; serial, todays date + todays serial #
                        28800              ; refresh, seconds
                        7200              ; retry, seconds
                        604800              ; expire, seconds
                        86400 )            ; minimum, seconds
;
                NS      ns1.example.com.              ; Inet Address of name server 1
                NS      ns2.example.com.              ; Inet Address of name server 2
;
  MX      10 yoursite.com.
yoursite.com.      A        192.168.1.107
www                   A        192.168.1.107

yoursite.com.       TXT  "v=spf1 ip4:192.168.1.104 ip4:192.168.1.105 a ptr a:web1.example.com a:web2.example.com ~all"

Now let's go ahead with the reverse zone.

vi /etc/bind/zones/rev.1.168.192.in-addr.arpa

$TTL        86400
@               IN      SOA     ns1.example.com. hostmaster.example.com. (
                                2008060901       ; serial, todays date + todays serial #
                                28800   ; Refresh
                                7200    ; Retry
                                604800  ; Expire
                                86400)  ; Minimum TTL
                        NS      ns1.example.com.
                        NS      ns2.example.com.
100       PTR     dom01.example.com.
101       PTR     dom02.example.com.
102       PTR     lb1.example.com.
103       PTR     lb2.example.com.
104       PTR     web1.example.com.
105       PTR     web2.example.com.
106       PTR     example.com.
107       PTR     yoursite.com.

Now configure the server to forward any requests to your ISP server so it case resolve external IPs.

vi /etc/bind/named.conf.options

Uncomment the forwarder section to look like this:

[...]
forwarders {
      # Replace the address below with the address of your ISP DNS server
      123.123.123.123;
};
[...]

 

8.4 Configure the server to use itself as DNS

vi /etc/resolv.conf

search example.com
nameserver localhost

We have to restart bind :

/etc/init.d/bind9 restart

 

8.5 Test the DNS server

We will first install dig which in included in the package dnsutils :

apt-get install dnsutils

Now we will see if our dns servers give us the right answers :

on web1

dig yoursite.com @192.168.1.105

on web2

dig yoursite.com @192.168.1.104

On both you should see an output like this :

;  DiG 9.4.2-P1  yoursite.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4547
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;yoursite.com.                 IN      A
;; ANSWER SECTION:
yoursite.com.          86400   IN      A       192.168.1.107
;; AUTHORITY SECTION:
yoursite.com.          15090   IN      NS      ns2.example.com.
yoursite.com.          15090   IN      NS      ns1.example.com.
;; ADDITIONAL SECTION:
ns2.example.com.       162439  IN      A       192.168.1.106
ns1.example.com.       162439  IN      A       192.168.1.106
;; Query time: 27 msec
;; WHEN: Sun Sep 21 19:07:17 2008
;; MSG SIZE  rcvd: 124

Now we will test reverse lookup :

on web1

dig -x 192.168.1.107 @192.168.1.105

on web2***

dig -x 192.168.1.107 @192.168.1.104

Output should be similar to this :

;  DiG 9.4.2-P1  -x 192.168.1.107
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22614
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;107.1.168.192.in-addr.arpa.     IN      PTR
;; ANSWER SECTION:
;107.1.168.192.in-addr.arpa. 86400 IN PTR  yoursite.com.
;; AUTHORITY SECTION:
;1.168.192.in-addr.arpa. 86400 IN  NS      ns2.example.com.
;1.168.192.in-addr.arpa. 86400 IN  NS      ns1.example.com.
;; ADDITIONAL SECTION:
ns1.example.com.       162147  IN      A       192.168.1.106
ns2.example.com.       162147  IN      A       192.168.1.106
;; Query time: 88 msec
;; WHEN: Sun Sep 21 19:12:09 2008
;; MSG SIZE  rcvd: 172

More info how to use dig :

http://www.madboa.com/geek/dig/

 

9. Proftpd (web1, web2)

9.1 Proftpd installation

In order to install Proftpd, run

apt-get install proftpd ucf

You will be asked a question:

Run proftpd: <-- standalone

 

9.2 Proftpd configuration

vi /etc/proftpd/proftpd.conf

For security reasons add the following lines to /etc/proftpd/proftpd.conf:

DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."

Then restart Proftpd:

/etc/init.d/proftpd restart

Share this page:

0 Comment(s)