Node

Step by Step Installation

Zonecloud Node Installation - DNS Servers

Bind installation and Configuration

Install Bind on your DNS Node Server

yum install bind bind-chroot bind-utils -y 

Optionally, create security log files and add them in selinux policy (fail2ban or other firewall solution):

mkdir /var/named/logs
chown named:named /var/named/logs
touch /var/named/logs/security.log
chown named:named /var/named/logs/security.log
semanage fcontext -a -t named_log_t '/var/named/logs(/.*)?'
restorecon -Rv /var/named/logs 

Create the zone file which the Zonecloud node will write agent’s zones

touch /var/named/zones.conf
chown root:named /var/named/zones.conf
chmod 640 /var/named/zones.conf 

Edit /etc/named.conf.

In short, we need:

  • “recursion no” , “notify no” , “masterfile-format text”
  • bind on external IP address (“listen-on” option)
  • Include the “/var/named/zones.conf” in the end.
  • comment-out/remove any “allow-query” option

Optionally, remove the default zones that exist in the standard configuration file.
Any custom zones should be inside named.conf or in another include file.

Centos 7 named.conf example​
options {
    listen-on port 53 { 127.0.0.1; DNS_SERVER_IP; };
    listen-on-v6 port 53 { ::1; };
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    recursing-file "/var/named/data/named.recursing";
    secroots-file "/var/named/data/named.secroots";
    allow-transfer { none; };
    notify no;
    recursion no;
    masterfile-format text;

    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;

    version "";
    bindkeys-file "/etc/named.iscdlv.key";
    managed-keys-directory "/var/named/dynamic";
    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
};
 
logging {
    channel default_debug {
    file "data/named.run";
    severity dynamic;
};
 
channel security_file {
    file "/var/named/logs/security.log" versions 3 size 30m;
    severity dynamic;
    print-time yes;
};
 
 
category security {
    security_file;
};
 
};
 
 
include "/var/named/zones.conf"; 

Installing Node (zcloudnode) and configuration

Adding the repository

Centos 7
wget http://repo.nixpal.com/el7/nixpal-el7-1.1-1.el7.x86_64.rpm
$ yum localinstall nixpal-el7-1.1-1.el7.x86_64.rpm
 
Centos 8
wget http://repo.nixpal.com/el8/nixpal-el8-1.1-1.el8.x86_64.rpm
yum localinstall nixpal-el8-1.1-1.el8.x86_64.rpm 

Install zcloudnode

yum clean all
yum install zcloudnode 

Configure zcloudnode

Now add the

  • SERVER_HOSTNAME: your controller’s hostname
  • LICENSE: Obtained from us
  • TOKEN: Obtained from the controller

fields in /etc/zcloudnode.conf.

/* ZCloud Configuration Node Conf */
ZONES_FILE=/var/named/zones.conf
DAEMONIZE=FALSE
SERVER_HOSTNAME=zcloud.server.hostname
TOKEN=Token_From_zCloud_Server
UPDATE_INTERVAL=60
LICENSE=ZCNode-XXXXX
//LOG LEVEL: ERROR - WARNING - INFO -DEBUG
LOG_LEVEL=DEBUG
RNDC_PATH=/usr/sbin/rndc
ZONE_TEMPLATE=zone \"[%DOMAIN_NAME%]\" {\n\ttype slave;\n\tfile \"slaves/[%DOMAIN_NAME%].db\";\n\tmasters { [%SERVER_IP%]; };\n};\n 

Enable and start bind and zcloudnode

systemctl enable named-chroot --now
systemctl enable zcloudnode --now 

Debian / Ubuntu Instructions

First of all, you need to import the GPG key then get the nixpal.list file and just apt-get update:

wget -O /tmp/nixpal.key -q https://repo.nixpal.com/debian/KEY.gpg ; apt-key add /tmp/nixpal.key
wget -O /etc/apt/sources.list.d/nixpal.list https://repo.nixpal.com/debian/nixpal.list
apt-get update 

Now that repo is in place you can install the Node:

apt install zcloudnode 

Create a file that the Node will write the zones.
For debian/ubuntu can be /etc/bind/zones.conf:

touch /etc/bind/zones.conf 

Edit /etc/zcloudnode.conf to suit your needs.

ZONES_FILE=/etc/bind/zones.conf
SERVER_HOSTNAME=zcloud.server.hostname
TOKEN=Token_From_zCloud_Server
UPDATE_INTERVAL=60
LICENSE=ZCNode-XXXXX
//LOG LEVEL: ERROR - WARNING - INFO -DEBUG
LOG_LEVEL=DEBUG
RNDC_PATH=/usr/sbin/rndc
ZONE_TEMPLATE=zone \"[%DOMAIN_NAME%]\" {\n\ttype slave;\n\tfile \"slaves/[%DOMAIN_NAME%].db\";\n\tmasters { [%SERVER_IP%]; };\n};\n 

Don’t forget to include /etc/bind/zones.conf to named.conf.

In short, we need:

  • “recursion no” , “notify no” , “masterfile-format text”
  • bind on external IP address (“listen-on” option)
  • Include the “/var/named/zones.conf” in the end.
  • comment-out/remove any “allow-query” option

Optionally, remove the default zones that exist in the standard configuration file.
Any custom zones should be inside named.conf or in another include file.

Check the Centos 7 Example.

Questions? Issues?

Scroll to Top