Node Installation - ZoneCloud

Node

Step by Step Installation

Zonecloud Node Installation - DNS Servers

Bind installation and Configuration

Install Bind on your DNS Node Server

yum install bind bind-chroot bind-utils -y

Optionally, create security log files and add them in selinux policy (fail2ban or other firewall solution):

mkdir /var/named/logs
chown named:named /var/named/logs
touch /var/named/logs/security.log
chown named:named /var/named/logs/security.log
semanage fcontext -a -t named_log_t '/var/named/logs(/.*)?'
restorecon -Rv /var/named/logs

Create the zone file which the Zonecloud node will write agent’s zones

touch /var/named/zones.conf
chown root:named /var/named/zones.conf
chmod 640 /var/named/zones.conf

Edit /etc/named.conf.

In short, we need:

“recursion no” , “notify no” , “masterfile-format text”
bind on external IP address (“listen-on” option)
Include the “/var/named/zones.conf” in the end.
comment-out/remove any “allow-query” option

Optionally, remove the default zones that exist in the standard configuration file.
Any custom zones should be inside named.conf or in another include file.

Centos 7 named.conf example

options {
    listen-on port 53 { 127.0.0.1; DNS_SERVER_IP; };
    listen-on-v6 port 53 { ::1; };
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    recursing-file "/var/named/data/named.recursing";
    secroots-file "/var/named/data/named.secroots";
    allow-transfer { none; };
    notify no;
    recursion no;
    masterfile-format text;

    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;

    version "";
    bindkeys-file "/etc/named.iscdlv.key";
    managed-keys-directory "/var/named/dynamic";
    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
};
 
logging {
    channel default_debug {
    file "data/named.run";
    severity dynamic;
};
 
channel security_file {
    file "/var/named/logs/security.log" versions 3 size 30m;
    severity dynamic;
    print-time yes;
};
 
 
category security {
    security_file;
};
 
};
 
 
include "/var/named/zones.conf";

Installing Node (zcloudnode) and configuration

Adding the repository

Centos 7

wget http://repo.nixpal.com/el7/nixpal-el7-1.1-1.el7.x86_64.rpm
$ yum localinstall nixpal-el7-1.1-1.el7.x86_64.rpm

Centos 8

wget http://repo.nixpal.com/el8/nixpal-el8-1.1-1.el8.x86_64.rpm
yum localinstall nixpal-el8-1.1-1.el8.x86_64.rpm

Install zcloudnode

yum clean all
yum install zcloudnode

Configure zcloudnode

Now add the

SERVER_HOSTNAME: your controller’s hostname
LICENSE: Obtained from us
TOKEN: Obtained from the controller

fields in /etc/zcloudnode.conf.

/* ZCloud Configuration Node Conf */
ZONES_FILE=/var/named/zones.conf
DAEMONIZE=FALSE
SERVER_HOSTNAME=zcloud.server.hostname
TOKEN=Token_From_zCloud_Server
UPDATE_INTERVAL=60
LICENSE=ZCNode-XXXXX
//LOG LEVEL: ERROR - WARNING - INFO -DEBUG
LOG_LEVEL=DEBUG
RNDC_PATH=/usr/sbin/rndc
ZONE_TEMPLATE=zone \"[%DOMAIN_NAME%]\" {\n\ttype slave;\n\tfile \"slaves/[%DOMAIN_NAME%].db\";\n\tmasters { [%SERVER_IP%]; };\n};\n

Enable and start bind and zcloudnode

systemctl enable named-chroot --now
systemctl enable zcloudnode --now

Debian / Ubuntu Instructions

Info We strongly suggest to use Centos 7 or 8 for DNS Servers (Nodes) with Selinux and chroot-named. Of course you can install Zonecloud Node in Debian or Ubuntu if you feel comfortable managing it.

First of all, you need to import the GPG key then get the nixpal.list file and just apt-get update:

wget -O /tmp/nixpal.key -q https://repo.nixpal.com/debian/KEY.gpg ; apt-key add /tmp/nixpal.key
wget -O /etc/apt/sources.list.d/nixpal.list https://repo.nixpal.com/debian/nixpal.list
apt-get update

Now that repo is in place you can install the Node:

apt install zcloudnode

Create a file that the Node will write the zones.
For debian/ubuntu can be /etc/bind/zones.conf:

touch /etc/bind/zones.conf

Edit /etc/zcloudnode.conf to suit your needs.

ZONES_FILE=/etc/bind/zones.conf
SERVER_HOSTNAME=zcloud.server.hostname
TOKEN=Token_From_zCloud_Server
UPDATE_INTERVAL=60
LICENSE=ZCNode-XXXXX
//LOG LEVEL: ERROR - WARNING - INFO -DEBUG
LOG_LEVEL=DEBUG
RNDC_PATH=/usr/sbin/rndc
ZONE_TEMPLATE=zone \"[%DOMAIN_NAME%]\" {\n\ttype slave;\n\tfile \"slaves/[%DOMAIN_NAME%].db\";\n\tmasters { [%SERVER_IP%]; };\n};\n

Don’t forget to include /etc/bind/zones.conf to named.conf.

In short, we need:

“recursion no” , “notify no” , “masterfile-format text”
bind on external IP address (“listen-on” option)
Include the “/var/named/zones.conf” in the end.
comment-out/remove any “allow-query” option

Optionally, remove the default zones that exist in the standard configuration file.
Any custom zones should be inside named.conf or in another include file.

Check the Centos 7 Example.

Node

Zonecloud Node Installation - DNS Servers

Bind installation and Configuration

Install Bind on your DNS Node Server

Edit /etc/named.conf.

Centos 7 named.conf example

Installing Node (zcloudnode) and configuration

Adding the repository

Centos 7

Centos 8

Install zcloudnode

Configure zcloudnode

Enable and start bind and zcloudnode

Debian / Ubuntu Instructions

Questions? Issues?

Contact Us

Useful Links

Node

Zonecloud Node Installation - DNS Servers

Bind installation and Configuration

Install Bind on your DNS Node Server

Edit /etc/named.conf.

Centos 7 named.conf example​

Installing Node (zcloudnode) and configuration

Adding the repository

Centos 7

Centos 8

Install zcloudnode

Configure zcloudnode

Enable and start bind and zcloudnode

Debian / Ubuntu Instructions

Questions? Issues?

Centos 7 named.conf example