Node

Step by Step Installation

Zonecloud Node Installation - DNS Servers

Bind installation and Configuration

Install Bind on your DNS Node Server

yum install bind bind-chroot bind-utils -y 

Optionally create security log files and add them in selinux policy (fail2ban or other firewall solution):

mkdir /var/named/logs
chown named:named /var/named/logs
touch /var/named/logs/security.log
chown named:named /var/log/named/security.log
semanage fcontext -a -t named_log_t '/var/named/logs(/.*)?'
restorecon -Rv /var/named/logs 

Create the zone file which the Zonecloud node will write agent’s zones

touch /var/named/zones.conf
chown root:named /var/named/zones.conf
chmod 640 /var/named/zones.conf 

Edit named.conf. Note: We need "recursion no" , "notify no" . We also need "masterfile-format text" to check zones. Include the zones.conf in the end. Remove any other zones if you like. Any custom zones should be inside named.conf or in another include file. Don’t forget to bind to an external IP (listen-on port 53): Centos 7 named.conf example

options {
    listen-on port 53 { 127.0.0.1; DNS_SERVER_IP; };
    listen-on-v6 port 53 { ::1; };
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    recursing-file "/var/named/data/named.recursing";
    secroots-file "/var/named/data/named.secroots";
    allow-transfer { none; };
    notify no;
    recursion no;
    masterfile-format text;
    dnssec-enable yes;
    dnssec-validation yes;
    version "";
    bindkeys-file "/etc/named.iscdlv.key";
    managed-keys-directory "/var/named/dynamic";
    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
};
 
logging {
    channel default_debug {
    file "data/named.run";
    severity dynamic;
};
 
channel security_file {
    file "/var/named/logs/security.log" versions 3 size 30m;
    severity dynamic;
    print-time yes;
};
 
 
category security {
    security_file;
};
 
};
 
 
include "/var/named/zones.conf"; 

Installing Node (zcloudnode) and configuration – Adding the repository

Centos 7

wget http://repo.nixpal.com/el7/nixpal-el7-1.1-1.el7.x86_64.rpm
$ yum localinstall nixpal-el7-1.1-1.el7.x86_64.rpm
 

Centos 8

wget http://repo.nixpal.com/el8/nixpal-el8-1.1-1.el8.x86_64.rpm
yum localinstall nixpal-el8-1.1-1.el8.x86_64.rpm 

Now install zcloudnode

yum clean all
yum install zcloudnode 

Now add the Server, License and Token in zcloudnode.conf accordingly to Controller interface. Should be like this: – Don’t forget to include the proper zones files. include “/var/named/zones.conf”; In named.conf

/* ZCloud Configuration Node Conf */
ZONES_FILE=/var/named/zones.conf
DAEMONIZE=FALSE
SERVER_HOSTNAME=zcloud.server.hostname TOKEN=Token_From_zCloud_Server
UPDATE_INTERVAL=60
//LOG LEVEL: ERROR - WARNING - INFO -DEBUG
LOG_LEVEL=DEBUG
RNDC_PATH=/usr/sbin/rndc 

Enable and start bind and zcloudnode

systemctl start named-chroot --now
systemctl start zcloudnode --now 

Debian / Ubuntu Instructions

First of all you need to import the GPG key then get the nixpal.list file and just apt-get update. Complete command list

wget -O /tmp/nixpal.key -q https://repo.nixpal.com/debian/KEY.gpg ; apt-key add /tmp/nixpal.key
wget -O /etc/apt/sources.list.d/nixpal.list https://repo.nixpal.com/debian/nixpal.list
apt-get update 

Now that repo is in place you can install the Node

apt-get install zcloudnode 

Create a file that the Node will write the zones

touch /etc/bind/zones.conf 

Edit /etc/zcloudnode.conf to suit your needs.
You need to save zones in a file that named can read.
For debian/ubuntu can be /etc/bind/zones.conf

ZONES_FILE=/etc/bind/zones.conf
SERVER_HOSTNAME=controller.yourdomain.com
TOKEN=uS8hlta9ZxdE5afINSg446DqinZYAbVTioLKJJ
 
UPDATE_INTERVAL=60
//LOG LEVEL: ERROR - WARNING - INFO -DEBUG
LOG_LEVEL=ERROR
 
RNDC_PATH=/usr/sbin/rndc 

Don’t forget to include /etc/bind/zones.conf to named.conf.

Edit named.conf. Recursion no, Notify no. We also need masterfile-format text to check zones. Include the zones.conf in the end.
Remove any other zones if you like. Any custom zones could be inside named.conf or another include.
Don’t forger to bind to an IP (listen-on port 53).

Questions? Issues?

Scroll to Top