#acl AeroAdminGroup:read,write All:read == DNS == There are two DNS servers set up in the department * Vayu (10.101.1.1) * Shakti (10.101.1.2) DNS server is configured using [[http://cr.yp.to/djbdns.html|DJBDNS]]. There are two types of servers configured for DNS. * '''Tinydns''' is the primary dns server which maintains the database for iitb.ac.in zone * '''Dnscache''' is the caching dns server which resolves internal (within IIT) and external names. Vayu and Shakti run both DNS servers (tinydns and dnscache). DNS servers are run at the boot time using [[http://cr.yp.to/daemontools.html|daemontools]]. These tools are installed under `/command`. The service scanner `svscanboot` is started from `/etc/inittab`; it keeps scanning services configured under `/service`. Any service found in `/service` is automatically started. To manage the services started from /service, use `svc` command. * `$ svc d /service/dnscache` (to stop dnscache service) * `$ svc t /service/dnscache` (to terminate / restart dnscache service) === Tinydns === The configuration of tinydns is stored in `/home/dns/tinydns`. Primary DNS server for ''iitb.ac.in'' zone is '''idns.iitb.ac.in''' (10.200.12.151). `$ dig iitb.ac.in ns` To be able to run primary DNS server for ''iitb.ac.in'' zone on vayu or shakti, a dummy interface with IP address 10.200.12.151 is created. This dummy interface is configured as virtual loopback interface (lo:0). `# ifconfig lo:0` This is to ensure that in case the server idns.iitb.ac.in is down or unreachable due to network problem, all iitb.ac.in names can be resolved locally on vayu or shakti. The master database for ''iitb.ac.in'' zone is copied using rsync every hour from ''lists.iitb.ac.in'' via cron. `# crontab -l` ~+ Configuration Files (`/usr/local/tinydns`) +~ * `env/IP` - IP address on which to run tinydns service (10.200.12.151) * `env/ROOT` - Configuration directory for tinydns (/home/dns/tinydns/root) * `root/data` - Master database for ''iitb.ac.in'' zone === Dnscache === The configuration of dnscache is stored in `/home/dns/dnscache`. Dnscache DNS server resolves all hostnames. For iitb.ac.in names, it forwards the request to tinydns server running on the same machine (as mentioned on top). For other names, it send the request to ''dnscache.iitb.ac.in'' (10.200.1.11). In this setup, dnscache only forwards the requests to other dns servers. ~+ Configuration Files (`/usr/local/dnscache`) +~ * `env/IP` - IP address on which to run dnscache service (10.101.1.1 or 10.101.1.2) * `env/ROOT` - Configuration directory for dnscache (/home/dns/dnscache/root) * `env/FORWARDONLY` - Configure dnscache as the forward only DNS server (1) * `root/ip/` - This directory holds the IP addresses which are allowed to access this DNS server. File `10` will allow access to IP address 10.xx.yy.zz. * `root/servers/` - This directory holds the primary DNS servers for specific domains. File `cse.iitb.ac.in` contains the IP address of the primary DNS server for ''cse.iitb.ac.in'' zone (10.105.1.200). File `@` contains the IP address of the DNS server to which all requests are forwarded to. * `root/servers/@` * `root/servers/105.10.in-addr.arpa` * `root/servers/10.in-addr.arpa` * `root/servers/cse.iitb.ac.in` * `root/servers/iitb.ac.in`