wm: doc

ref: b346e0e2c7d02b7fa1e67ab84ec981db9924f024
dir: /ndb-p9.ms/

View raw version 
.PP
To run an authoritative DNS server, modify /cfg/$sysname/termrc or /cfg/$sysname/cpurc (whichever is appropriate) to include the following: 
.P1
ndb/dns -srR
.P2

.PP
The flag -s allows the DNS server to answer requests sent to UDP port 53.
-r allows ndb/dns to act as a resolver; -R causes ndb/dns to ignore
recursive lookups on behalf of remote systems. This may help
prevent DDoS amplification attacks.
.PP
Note: You *must* run ip/ipconfig before running ndb/dns (and possibly other
network services). Otherwise, you might see errors like:

.P1
ndb/dns: can't read my ip address
.P2

.PP
You will want to add your records to /lib/ndb/local, similar to the following:

sys=example dom=example.com
	ether=f2b2b3daeb89
	ip=198.51.100.2 ipmask=255.255.255.0 ipgw=198.51.100.1
	ntp=pool.ntp.org
	dns=198.51.100.1
	auth=198.51.100.1
	authdom=example.com

dom=example.com soa=
	refresh=300 ttl=300
	ns=ns1.example.com
	ns=ns2.example.com
	ip=198.51.100.2
	dnsslave=ns2.example.com
	mb=postmaster@example.com
	mx=mail.example.com pref=5
	txt="v=spf1 mx -all"

sys=ns1 dom=ns1.example.com ip=198.51.100.2
sys=ns2 dom=ns2.example.com ip=198.51.100.2
sys=mail dom=mail.example.com ip=198.51.100.2
sys=_dmarc dom=_dmarc.example.com txt="v=DMARC1; p=none"
dom=p9auth.example.com
	cname=example.com

dom=2.100.51.198.in-addr.arpa soa=
	refresh=300 ttl=300
	ns=ns1.example.com
	ns=ns2.example.com

.PP
Replace 198.51.100.1, 198.51.100.2, example.com, and postmaster@example.com with your actual values.

NOTE: ndb may be sensitive to poorly formatted whitespace. If ndb is not recognizing your tuples properly, double check your whitespace.

To refresh cs and dns after an update to /lib/ndb/local:

.P1
echo -n refresh > /net/cs
echo -n refresh > /net/dns
.P2

Suppose you have a server example.com, and you want to delegate subdomain.example.com.

In example.com, you need to have something like this in /lib/ndb/local:

.P1
dom=subdomain.example.com soa=delegated
    ns=ns1.subdomain.example.com
    ns=ns2.subdomain.example.com
    dom=ns1.subdomain.example.com ip=198.51.100.3
    dom=ns2.subdomain.example.com ip=198.51.100.4
.P2

Then, in subdomain.example.com, add this to /lib/ndb/local:

.P1
sys=ns1 dom=ns1.subdomain.example.com ip=198.51.100.3
sys=ns2 dom=ns2.subdomain.example.com ip=198.51.100.4

dom=subdomain.example.com soa=
         refresh=300 ttl=300
         ns=ns1.subdomain.example.com
         ns=ns2.subdomain.example.com
         ip=198.51.100.3
         dnsslave=ns2.subdomain.example.com
         mb=username@subdomain.example.com
         mx=mail.subdomain.example.com
         txt="v=spf1 mx -all"

dom=3.100.51.198.in-addr.arpa soa=
   refresh=300 ttl=300
   ns=ns1.subdomain.example.com
   ns=ns2.subdomain.example.com
.P2