Automated generation of T1 zone files


The following document will help you set up scripts to work with BIND9 on a tier-1 server. If you are looking for information on automating the zones for a tier-2 server, please find that information here.

Note that you can always find the latest script files here.



Notes:


Requirements:



Begin by creating a directory to place the files:

#mkdir /opt/bind-tools
#cd /opt/bind-tools/


Obtain the default config file:
# wget http://www.opennic.oss/bindtools/t1zone.conf

Edit the config file with your favorite editor. Assumptions are made that your BIND config is stored under /etc/bind/ and that your actual zone files are store under /var/named/. You will specifically need to make changes to the LOCAL, xTLD, and xIP variables to point to your own tier-1 server, and the VIEWS variable to match the views your server is using.



Download the first script:
# wget http://www.opennic.oss/bindtools/gettld.sh

Attempt to run the script and see if there are any problems.
# chmod 755 gettld.sh
# ./gettld.sh

If you see any errors, make the appropriate changes to t1zone.conf. If the script runs, take a look at the file tld.info. It should be a list of the TLD zones currently used by OpenNIC, each on a new line. You can view a sample of what the file should look like at http://www.opennic.oss/bindtools/tld.info.txt



Download the second script:
# wget http://www.opennic.oss/bindtools/makeinclude.sh

Attempt to run the script:
# chmod 755 makeinclude.sh
# ./makeinclude.sh

You should see the text of a zone config file being output to your screen. The IP address for your own tier-1 server should be commented in each zone and marked as excluded. You will likely also see other addresses commented and marked as invalid serial. This simply means that the server has not received the latest zone yet. The list of commented servers will change if you run the script again in an hour, and is typical of the daily operations.

Please verify that the filenames in the output from this script match your own configuration and directories. A sample of the expected output can be found here: http://www.opennic.oss/bindtools/zone.opennic.txt

If the script runs successfully, create a config file for BIND to use. Please verify that the filename used below does not overwrite any file you may already have. Also note that if you changed the value of "zoneFileName" in t1zone.conf, you should match that to the command you enter here.
# ./makeinclude.sh > /etc/bind/zone.opennic



The last script to obtain will run the previous scripts, update your BIND configuration, and reload BIND with the new updates.

DO NO RUN THIS SCRIPT UNTIL YOU HAVE VERIFIED THAT THE PREVIOUS SCRIPTS ARE RUNNING WITHOUT ERROR!

Obtain and run the script from here:
# wget http://www.opennic.oss/bindtools/t1zone.sh
# chmod 755 t1zone.sh
# ./t1zone.sh

Once the script finishes running, confirm that /etc/bind/zone.opennic exists, and that the information presented within it appears to be correct. This should be identical to the file generated in the last step of the makeinclude.sh section above.

Prepare your BIND configuration to work with the generated config file. Note that this will require you to be familiar with how the BIND config files work, and the particulars of your own setup. I will try to provide sample configurations here, but if you have trouble getting your setup to work, please request help on the OpenNIC mailing list.

The first step is to remove any existing configuration you might have for OpenNIC, including the root zone. All references to OpenNIC TLDs and the root zone will now be included within the newly generated config file (which should exist if you followed the final step in the previous section on testing makeinclude.sh).

Next you will need to include the zone.opennic config file in your BIND configuration. The exact method of doing that will vary greatly depending on how your particular system is configured. As an example, assuming a very basic system, you can simply add the following line to the end of your named.conf file:
include "/etc/bind/zone.opennic";


If you use views in your configuration, you will want to use the include line at the end of both your lan and net views.

Once you have the proper includes added, it's time to restart BIND:
# /etc/init.d/bind9 restart

Check your log files for any errors, especially regarding the OpenNIC TLDs. If everything seems correct, then perform the following tests:

This should give a list of nameservers (nsX.opennic.glue.)
# dig +short @localhost . NS

This should return the address 75.127.96.89
# dig +short @localhost opennic.glue

This should return the address 202.83.95.229
# dig +short @localhost www.geek

Using your own TLD in this command (replace "oss"), verify local lookups:
# dig +short @localhost oss

Your system should now be fully capable of looking up data from all OpenNIC TLDs. The next step should be requesting someone from the mailing list or from IRC to also perform some lookups off your server and verify that queries are also working externally.



The last step is to fully automate the process of updating your system. You will want to add a cron job to update the TLD information six times a day (once every four hours). Note that the exact method of doing this will change depending on which type of cron you have installed. The method I present here is for hc-cron, which is standard on many systems.

The simplest way to perform updates is to add the following line to your crontab file (/etc/crontab):

55 3,7,11,15,19,23 * * * root /opt/bind-tools/t1zone.sh


Note that this can be run either as root, or as your local BIND user, but you will need to verify permissions on /opt/bind-tools/ and on /etc/bind/zone.opennic to ensure the updates can generate and overwrite files as needed.

Once cron has been updated, you should see /etc/bind/zone.opennic being updated every day at 3:55am, 7:55am, 11:55am, 3:55pm, 7:55pm, and 11:55pm. If desired, these times can be changed to better suit your server.
There are no comments on this page.
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki