What to do after you have NicTool Communicating

[LogicX]

One of the hardest steps of the entire NicTool process is just getting the proper perl modules installed, things patched up, database setup, and get it to the point where you can log in to NicToolClient, have it communicate with NicToolServer, and have your eyes light up as you see the potential for easy adminstration.

Prerequisites

Well now you get to setup DNS servers to use the precious data!

At this point in time djbdns is the only DNS server that export tools exist for, so thats what we'll talk about.

Firstly you're welcome to follow Matt's http://www.tnpi.biz/internet/dns/djbdns-freebsd.shtml" target="_blank">djbdns install instructions.

I would suggest using a syntax of:
tinydns-conf bind bin /usr/local/tinydns-ns4.domain.com 216.122.1.4

Alter and execute this command to setup Each and Every Distinct DNS server you'll be running (on their respective servers). (don't forget to check permissions as noted below, and also to symlink it into /var/service)

in this fashion, you'll have separate named directories if your machine will be authorative for multiple names.

Export Tool Prerequisites

This effectively can be done from any number of separate servers, or all on the same.

Firstly, you need to have a nameserver added and configured properly through NicToolClient.

In the config, the datadir path is the path specified in the dns server's configuration as seen in NicToolClient.  You'll want to set it to /usr/local/tinydns-ns4.domain.com/root that we mentioned earlier.   (Also set the log path to /usr/local/tinydns-ns4.domain.com/log/main )

I personally set the update time to 120 seconds.  Even if you do not want it that low (the md5 check we setup below prevents it from actually initiating an rsync transfer until a change has been made), atleast set it that low for testing purposes until you're confident everything works.


Create a user called tinydns on the server that will be executing the tinydns-ns4.domain.com server.

If necessary also create a tinydns user on the server that will be executing the djbdns export script (as a service)

You'll want to get an http://www.arches.uga.edu/~pkeck/ssh/" target="_blank">ssh key working.

Once you've put the respective id_*sa file on the sending server, and the id_*sa.pub file's contents into ~tinydns/.ssh/authorized_keys on the receiving server, we can try connecting.

You will now want to manually (as tinydns on the sending server) ssh to mailto:tinydns@ns4.domain.com" target="_blank">tinydns@ns4.domain.com and tinydns@216.122.1.4 and indicate that you accept the host keys for those servers.

This will allow the djbdns export tool to perform this act autonomously.

Now you can traverse into the NicToolServer/sys/djbdns/nameserver directory, where you will find instructions in a README file.

Specifically you do the following:

• cd NicToolServer/sys/djbdns
• cp Makefile.FreeBSD Makefile
• make

You'll need to use http://www.tnpi.biz/support/forums/index.php?t=tree&th=293&start=0&rid=81" target="_blank">Rob Lensen's http://inferno.fuzz.nl/install.pl.patch" target="_blank"> install.pl patch to work (atleast with the version shipping with NicToolServer 2.01)

Export Tool Install

Back to NicToolServer/sys/djbdns/nameserver where you'll be running install.pl, be sure to note that the usage specified by install.pl itself is accurate:

usage: ./install.pl directory nsid user loguser NT_DB_HOST_NAME NT_DB_NAME NT_DB_USER_NAME NT_DB_PASSWORD NT_DB_TYPE [exportopts]

Review your available options.  The default would be something similar to:

./install.pl /home/tinydns/ns4.domain.com 99 tinydns bin localhost nictool badpassword mysql -r -md5 -force -noserials -buildcdb

/home/tinydns/ns4.domain.com may of course be any path you'd like, as long as its owned by the tinydns user, and it can gain access to it.  This is a separate service, which only pushes updates, and its only interaction with the tinydns daemon itself is when it rsync's the data.cdb to one of the /usr/local/tinydns-* dns servers -- whether that rsync is to the local machine or a remote one is irrelevant.

99 is the specific nameserver ID that you want it to create updates for.  You can find this by hovering your mouse over the nameserver list in NicToolClient, and reading the value for nt_nameserver_id=99

This will of course create a nice little directory tree for the service that will grab the files from your mysql nictool database, and write them to a tinydns compatible data (and respective optimized data.cdb file), and then rsync the updates to the tinydns install itself.

Before we proceed any further you may find it necessary to fix some permission problems with tinydns and the export tool.  Specifically, from http://www.tnpi.biz/support/forums/index.php?t=tree&th=335&start=0&rid=81" target="_blank">another post of mine:

• In my experience the tinydns-conf and axfrdns-conf scripts did not properly set permissions of /usr/local/axfrdns && /usr/local/tinydns directory trees. I rectified as follows:
  • chown -R user:group /usr/local/axfrdns /usr/local/tinydns
  • chown -R loguser:loggroup[/i] /usr/local/axfrdns /usr/local/tinydns
  • chown tinydns_export_ssh_user /usr/local/tinydns

Deprecated

Finally note that if you modified the export tool to run the log portion as any user besides dnslog, you'll need to manually update your respective /home/tinydns/ns4.domain.com/log/run file to say that user instead of dnslog. Deprecated due to Rob Lensen's patches.

Now if you symlink that into the service directory:
ln -s /home/tinydns/ns4.domain.com /service/

it should start up, and begin by creating and populating
/home/tinydns/ns4.domain.com/data-ns4.domain.com

the data.cdb file located there is the file which is rsync'd to mailto:tinydns@ns4.domain.com" target="_blank">tinydns@ns4.domain.com/usr/local/tinydns-ns4.domain.com/root path

You can fire everything up, and you may have to modify a zone file being served by Name Server 99 to make it update and replicate the change.


Troubleshooting

How do you know if its working?

A quick clue can be found by doing an ls -la in /usr/local/tinydns-ns4.domain.com/root and seeing in data.cdb has been updated along with your zone changes, (and at whatever you set the update time to).

If the file has not changed you'll want to first of all read my http://www.tnpi.biz/support/forums/index.php?t=tree&th=335&start=0&rid=81" target="_blank">NicTool Synopsis post where I give numerous suggestions of things to be aware of.

Next you can try reading the /home/tinydns/ns4.domain.com/log/main/current file for any obvious errors.

Finally double check your datadir path for the nameserver (try copy/pasting the path into a shell, and doing an ls -la on it to verify its valid).

[Nick Cockinos]

Nice! I still have a couple of questions though...

Quote:

tinydns-conf bind bin /usr/local/tinydns-ns4.domain.com 216.122.1.4

Is this done for every name server you create local and remote?

Quote:

./install.pl /home/tinydns/ns4.domain.com 99 tinydns bin localhost nictool badpassword mysql -r -md5 -force -noserials -buildcdb

Is the path specified correct or should it be the same as /usr/local/tinydns-ns4.domain.com?

After running make in /usr/local/www/NicToolServer/sys/djb/, then install.pl as above (modified for my situation) in nameserver, I get the following error:

Quote:

./install.pl /home/tinydns/ns1.netunltd.com.au 4 tinydns bin localhost nictool badpassword mysql -r -md5 -force -noserials -buildcdb syntax error at ./install.pl line 21, near "unless -f " Execution of ./install.pl aborted due to compilation errors.

N.B. I changed the password to what I have for nictool

Thanks for the time you've taken to write this up.

Nick

[LogicX]

nickcockinos wrote on Thu, 16 December 2004 03:04

Nice! I still have a couple of questions though... Quote: tinydns-conf bind bin /usr/local/tinydns-ns4.domain.com 216.122.1.4 Is this done for every name server you create local and remote?

Added the following to the guide:
"Alter and execute this command to setup Each and Every Distinct DNS server you'll be running (on their respective servers). (don't forget to check permissions as noted below, and also to symlink it into /var/service)"

Quote:

Quote: ./install.pl /home/tinydns/ns4.domain.com 99 tinydns bin localhost nictool badpassword mysql -r -md5 -force -noserials -buildcdb Is the path specified correct or should it be the same as /usr/local/tinydns-ns4.domain.com?

Added text:
"/home/tinydns/ns4.domain.com may of course be any path you'd like, as long as its owned by the tinydns user, and it can gain access to it.  This is a separate service, which only pushes updates, and its only interaction with the tinydns daemon itself is when it rsync's the data.cdb to one of the /usr/local/tinydns-* dns servers -- whether that rsync is to the local machine or a remote one is irrelevant."

Quote:

After running make in /usr/local/www/NicToolServer/sys/djb/, then install.pl as above (modified for my situation) in nameserver, I get the following error: Quote: ./install.pl /home/tinydns/ns1.netunltd.com.au 4 tinydns bin localhost nictool badpassword mysql -r -md5 -force -noserials -buildcdb syntax error at ./install.pl line 21, near "unless -f " Execution of ./install.pl aborted due to compilation errors.

added text:
"You'll need to use http://www.tnpi.biz/support/forums/index.php?t=tree&th=293&start=0&rid=81" target="_blank">Rob Lensen's http://inferno.fuzz.nl/install.pl.patch" target="_blank"> install.pl patch to work (atleast with the version shipping with NicToolServer 2.01)"

deprecated text:
"Finally note that if you modified the export tool to run the log portion as any user besides dnslog, you'll need to manually update your respective /home/tinydns/ns4.domain.com/log/run file to say that user instead of dnslog."

Quote:

N.B. I changed the password to what I have for nictool Thanks for the time you've taken to write this up. Nick

[Nick Cockinos]

I had a heap of trouble getting this all working. Then I noticed this directory;
  /usr/local/tinydns-ns1.netunltd.com.au/data-ns1.netunltd.com .au

I then changed the data path in NicToolClient to the one above and hey presto everything started working.

So, at what point did this directory get created? The default data directory is /usr/local/tinydns-ns1.netunltd.com.au/root.

Also worth noting, in the example;

Quote:

./install.pl /home/tinydns/ns4.domain.com 99 tinydns bin localhost nictool badpassword mysql -r -md5 -force -noserials -buildcdb

There seems to be a missing field. I ran ./run manually from /home/tinydns/ns1.netunltd.com.au and got some erros about missing variables (NT_DB_TYPE, etc). I found them all in /home/tinydns/ns1.netunltd.ocm.au/env and had to manually alter them with the correct data. For example, NT_DB_TYPE was set to -r when it shoud've been mysql. I'm not sure what particular field is missing or in what order they are presented but maybe this will help some others to locate this particular problem.

Noticed also that the path for ROOT in env had to be changed to    /usr/local/tinydns-ns1.netunltd.com.au/data-ns1.netunltd.com .au

From /log/main/current

Quote:

envdir: fatal: unable to run /usr/local/tinydns-ns1.netunltd.com.au/nt_export_djb.pl: file does not exist

OK, so I have data being written to    /usr/local/tinydns-ns1.netunltd.com.au/data-ns1.netunltd.com .au, and I have set the same path in NicToolClient and also ROOT in env.

What file is the export looking for?

Is it failing on the send side or is this failing before it gets to that point?

If the file remains unchanged I don't get the fail error.
http://www.netunltd.com.au/images/NicToolStatus.gif" border=0 alt="http://www.netunltd.com.au/images/NicToolStatus.gif">

Do we need to create an export directory and specify that somewhere too?

I've got some more questions coming but they might need to be in a new thread.

Thanks

Nick