Node
Step by Step Installation
Zonecloud Node Installation - DNS Servers
Bind installation and Configuration
Install Bind on your DNS Node Server
yum install bind bind-chroot bind-utils -y Optionally create security log files and add them in selinux policy (fail2ban or other firewall solution):
mkdir /var/named/logs
chown named:named /var/named/logs
touch /var/named/logs/security.log
chown named:named /var/log/named/security.log
semanage fcontext -a -t named_log_t '/var/named/logs(/.*)?'
restorecon -Rv /var/named/logs Create the zone file which the Zonecloud node will write agent’s zones
touch /var/named/zones.conf
chown root:named /var/named/zones.conf
chmod 640 /var/named/zones.conf Edit named.conf. Note: We need "recursion no" , "notify no" . We also need "masterfile-format text" to check zones. Include the zones.conf in the end. Remove any other zones if you like. Any custom zones should be inside named.conf or in another include file. Don’t forget to bind to an external IP (listen-on port 53): Centos 7 named.conf example
options {
listen-on port 53 { 127.0.0.1; DNS_SERVER_IP; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-transfer { none; };
notify no;
recursion no;
masterfile-format text;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
version "";
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
channel security_file {
file "/var/named/logs/security.log" versions 3 size 30m;
severity dynamic;
print-time yes;
};
category security {
security_file;
};
};
include "/var/named/zones.conf"; Installing Node (zcloudnode) and configuration – Adding the repository
Centos 7
wget http://repo.nixpal.com/el7/nixpal-el7-1.1-1.el7.x86_64.rpm
$ yum localinstall nixpal-el7-1.1-1.el7.x86_64.rpm
Centos 8
wget http://repo.nixpal.com/el8/nixpal-el8-1.1-1.el8.x86_64.rpm
yum localinstall nixpal-el8-1.1-1.el8.x86_64.rpm Now install zcloudnode
yum clean all
yum install zcloudnode Now add the Server, License and Token in zcloudnode.conf accordingly to Controller interface. Should be like this: – Don’t forget to include the proper zones files. include “/var/named/zones.conf”; In named.conf
/* ZCloud Configuration Node Conf */
ZONES_FILE=/var/named/zones.conf
DAEMONIZE=FALSE
SERVER_HOSTNAME=zcloud.server.hostname
TOKEN=Token_From_zCloud_Server
UPDATE_INTERVAL=60
//LOG LEVEL: ERROR - WARNING - INFO -DEBUG
LOG_LEVEL=DEBUG
RNDC_PATH=/usr/sbin/rndc Enable and start bind and zcloudnode
systemctl start named-chroot --now
systemctl start zcloudnode --now Debian / Ubuntu Instructions
Info!
We strongly suggest to use Centos 7 or 8 for DNS Servers (Nodes) with Selinux and chroot-named.
Of course you can install Zonecloud Node in Debian or Ubuntu if you feel comfortable managing it.
First of all you need to import the GPG key then get the nixpal.list file and just apt-get update. Complete command list
wget -O /tmp/nixpal.key -q https://repo.nixpal.com/debian/KEY.gpg ; apt-key add /tmp/nixpal.key
wget -O /etc/apt/sources.list.d/nixpal.list https://repo.nixpal.com/debian/nixpal.list
apt-get update Now that repo is in place you can install the Node
apt-get install zcloudnode Create a file that the Node will write the zones
touch /etc/bind/zones.conf Edit /etc/zcloudnode.conf to suit your needs.
You need to save zones in a file that named can read.
For debian/ubuntu can be /etc/bind/zones.conf
ZONES_FILE=/etc/bind/zones.conf
SERVER_HOSTNAME=controller.yourdomain.com
TOKEN=uS8hlta9ZxdE5afINSg446DqinZYAbVTioLKJJ
UPDATE_INTERVAL=60
//LOG LEVEL: ERROR - WARNING - INFO -DEBUG
LOG_LEVEL=ERROR
RNDC_PATH=/usr/sbin/rndc Don’t forget to include /etc/bind/zones.conf to named.conf.
Edit named.conf. Recursion no, Notify no. We also need masterfile-format text to check zones. Include the zones.conf in the end.
Remove any other zones if you like. Any custom zones could be inside named.conf or another include.
Don’t forger to bind to an IP (listen-on port 53).