wm: doc

ref: ffec157d3bda49c52a9b832415e2adecde566c06
dir: /ndb-p9.ms/

View raw version
.PP
To run an authoritative DNS server, modify /cfg/$sysname/termrc or /cfg/$sysname/cpurc (whichever is appropriate) to include the following: 
.P1
ndb/dns -srR
.P2

.PP
The flag -s allows the DNS server to answer requests sent to UDP port 53.
-r allows ndb/dns to act as a resolver; -R causes ndb/dns to ignore
recursive lookups on behalf of remote systems. This may help
prevent DDoS amplification attacks.
.PP
Note: You *must* run ip/ipconfig before running ndb/dns (and possibly other
network services). Otherwise, you might see errors like:

.P1
ndb/dns: can't read my ip address
.P2

.PP
You will want to add your records to /lib/ndb/local, similar to the following:

sys=example dom=example.com
	ether=f2b2b3daeb89
	ip=198.51.100.2 ipmask=255.255.255.0 ipgw=198.51.100.1
	ntp=pool.ntp.org
	dns=198.51.100.1
	auth=198.51.100.1
	authdom=example.com

dom=example.com soa=
	refresh=300 ttl=300
	ns=ns1.example.com
	ns=ns2.example.com
	ip=198.51.100.2
	dnsslave=ns2.example.com
	mb=postmaster@example.com
	mx=mail.example.com pref=5
	txt="v=spf1 mx -all"

sys=ns1 dom=ns1.example.com ip=198.51.100.2
sys=ns2 dom=ns2.example.com ip=198.51.100.2
sys=mail dom=mail.example.com ip=198.51.100.2
sys=_dmarc dom=_dmarc.example.com txt="v=DMARC1; p=none"
dom=p9auth.example.com
	cname=example.com

dom=2.100.51.198.in-addr.arpa soa=
	refresh=300 ttl=300
	ns=ns1.example.com
	ns=ns2.example.com

.PP
Replace 198.51.100.1, 198.51.100.2, example.com, and postmaster@example.com with your actual values.

NOTE: ndb may be sensitive to poorly formatted whitespace. If ndb is not recognizing your tuples properly, double check your whitespace.

NOTE: Make sure to define your tuple for sys=example.com in /lib/ndb/local right after the definition for localhost, before other tuples. Otherwise, the system might use the wrong subnet mask, causing routing issues.

To refresh cs and dns after an update to /lib/ndb/local:

.P1
echo -n refresh > /net/cs
echo -n refresh > /net/dns
.P2

Suppose you have a server example.com, and you want to delegate subdomain.example.com.

In example.com, you need to have something like this in /lib/ndb/local:

.P1
dom=subdomain.example.com soa=delegated
    ns=ns1.subdomain.example.com
    ns=ns2.subdomain.example.com
    dom=ns1.subdomain.example.com ip=198.51.100.3
    dom=ns2.subdomain.example.com ip=198.51.100.4
.P2

Then, in subdomain.example.com, add this to /lib/ndb/local:

.P1
sys=ns1 dom=ns1.subdomain.example.com ip=198.51.100.3
sys=ns2 dom=ns2.subdomain.example.com ip=198.51.100.4

dom=subdomain.example.com soa=
         refresh=300 ttl=300
         ns=ns1.subdomain.example.com
         ns=ns2.subdomain.example.com
         ip=198.51.100.3
         dnsslave=ns2.subdomain.example.com
         mb=username@subdomain.example.com
         mx=mail.subdomain.example.com
         txt="v=spf1 mx -all"

dom=3.100.51.198.in-addr.arpa soa=
   refresh=300 ttl=300
   ns=ns1.subdomain.example.com
   ns=ns2.subdomain.example.com
.P2