Node
Step by Step Installation
Zonecloud Node Installation - DNS Servers
Bind installation and Configuration
Install Bind on your DNS Node Server
yum install bind bind-chroot bind-utils -y
Optionally, create security log files and add them in selinux policy (fail2ban or other firewall solution):
mkdir /var/named/logs
chown named:named /var/named/logs
touch /var/named/logs/security.log
chown named:named /var/named/logs/security.log
semanage fcontext -a -t named_log_t '/var/named/logs(/.*)?'
restorecon -Rv /var/named/logs
Create the zone file which the Zonecloud node will write agent’s zones
touch /var/named/zones.conf
chown root:named /var/named/zones.conf
chmod 640 /var/named/zones.conf
Edit /etc/named.conf.
In short, we need:
- “recursion no” , “notify no” , “masterfile-format text”
- bind on external IP address (“listen-on” option)
- Include the “/var/named/zones.conf” in the end.
- comment-out/remove any “allow-query” option
Optionally, remove the default zones that exist in the standard configuration file.
Any custom zones should be inside named.conf or in another include file.
Centos 7 named.conf example
options {
listen-on port 53 { 127.0.0.1; DNS_SERVER_IP; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-transfer { none; };
notify no;
recursion no;
masterfile-format text;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
version "";
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
channel security_file {
file "/var/named/logs/security.log" versions 3 size 30m;
severity dynamic;
print-time yes;
};
category security {
security_file;
};
};
include "/var/named/zones.conf";
Installing Node (zcloudnode) and configuration
Adding the repository
Centos 7
wget http://repo.nixpal.com/el7/nixpal-el7-1.1-1.el7.x86_64.rpm
$ yum localinstall nixpal-el7-1.1-1.el7.x86_64.rpm
Centos 8
wget http://repo.nixpal.com/el8/nixpal-el8-1.1-1.el8.x86_64.rpm
yum localinstall nixpal-el8-1.1-1.el8.x86_64.rpm
Install zcloudnode
yum clean all
yum install zcloudnode
Configure zcloudnode
Now add the
- SERVER_HOSTNAME: your controller’s hostname
- LICENSE: Obtained from us
- TOKEN: Obtained from the controller
fields in /etc/zcloudnode.conf.
/* ZCloud Configuration Node Conf */
ZONES_FILE=/var/named/zones.conf
DAEMONIZE=FALSE
SERVER_HOSTNAME=zcloud.server.hostname
TOKEN=Token_From_zCloud_Server
UPDATE_INTERVAL=60
LICENSE=ZCNode-XXXXX
//LOG LEVEL: ERROR - WARNING - INFO -DEBUG
LOG_LEVEL=DEBUG
RNDC_PATH=/usr/sbin/rndc
ZONE_TEMPLATE=zone \"[%DOMAIN_NAME%]\" {\n\ttype slave;\n\tfile \"slaves/[%DOMAIN_NAME%].db\";\n\tmasters { [%SERVER_IP%]; };\n};\n
Enable and start bind and zcloudnode
systemctl enable named-chroot --now
systemctl enable zcloudnode --now
Debian / Ubuntu Instructions
First of all, you need to import the GPG key then get the nixpal.list file and just apt-get update:
wget -O /tmp/nixpal.key -q https://repo.nixpal.com/debian/KEY.gpg ; apt-key add /tmp/nixpal.key
wget -O /etc/apt/sources.list.d/nixpal.list https://repo.nixpal.com/debian/nixpal.list
apt-get update
Now that repo is in place you can install the Node:
apt install zcloudnode
Create a file that the Node will write the zones.
For debian/ubuntu can be /etc/bind/zones.conf:
touch /etc/bind/zones.conf
Edit /etc/zcloudnode.conf to suit your needs.
ZONES_FILE=/etc/bind/zones.conf
SERVER_HOSTNAME=zcloud.server.hostname
TOKEN=Token_From_zCloud_Server
UPDATE_INTERVAL=60
LICENSE=ZCNode-XXXXX
//LOG LEVEL: ERROR - WARNING - INFO -DEBUG
LOG_LEVEL=DEBUG
RNDC_PATH=/usr/sbin/rndc
ZONE_TEMPLATE=zone \"[%DOMAIN_NAME%]\" {\n\ttype slave;\n\tfile \"slaves/[%DOMAIN_NAME%].db\";\n\tmasters { [%SERVER_IP%]; };\n};\n
Don’t forget to include /etc/bind/zones.conf to named.conf.
In short, we need:
- “recursion no” , “notify no” , “masterfile-format text”
- bind on external IP address (“listen-on” option)
- Include the “/var/named/zones.conf” in the end.
- comment-out/remove any “allow-query” option
Optionally, remove the default zones that exist in the standard configuration file.
Any custom zones should be inside named.conf or in another include file.
Check the Centos 7 Example.