.\" Some useful macros. .de cmd .Nd "\\$*" .br .. .de cmdname .Nm "\\$*" .. .de TITLE .Sh "\\$*" .. .de SUBTITLE .Nm "\\$*" .br .. . .\" Old manpage style: .\" .TH deployment 7 "24th november 2024" "netlib.re" "deployment manual" . .\" Recent mdoc style: .Dd 24 november 2024 .Dt "netlib.re deployment" 8 .Os Linux "(Ubuntu and Alpine)" . .TITLE NETLIB.RE DEPLOYMENT This manual page serves as documentation for the deployment and maintenance of the netlib.re service. The following subjects will be covered. .Nm "tooling" .Nd "both custom and the already packaged ones" .br .Nm "config" .Nd "how to deploy from scratch" .br .Nm "testing" .Nd "how to do some testing" .br .Nm "limitations" .Nd "what could go wrong and what's to anticipate" The deployment was done on two machines: .br .Nm BAGUETTE (primary) .Nd 89.234.141.125, ns0.karchnu.fr .br .Nm GANDI (secondary) .Nd 92.243.18.19, ns1.karchnu.fr .TITLE TOOLING .Nm authd (custom) .Nd the authentication daemon .br .Nm dnsmanagerd (custom) .Nd the dns manager daemon .br .Nm inotifywait .Nd wait for changes on the file system (used for domain sync) .br .Nm "dig, ss and netstat" .Nd to test the name servers and to debug network-related stuff .TITLE DEPLOYMENT .SUBTITLE install powerdns .cmd ubuntu $ apt install pdns-server pdns-backend-bind .cmd alpine $ apk add pdns pdns-backend-bind .SUBTITLE stop (and disable) systemd-resolved This tool prevents powerdns to start since it works on the same port (53). .br .cmd ubuntu $ systemctl stop systemd-resolved .cmd ubuntu $ systemctl disable systemd-resolved .cmd alpine $ no systemd-resolved by default on this system .SUBTITLE run powerdns .cmd ubuntu $ systemctl restart pdns .cmd alpine $ service pdns restart .SUBTITLE install inotify-tools .cmd ubuntu $ apt install inotify-tools .cmd alpine $ apk add inotify-tools NOTE : powerdns documentation on alpine is basically just a lot of SQL files in /usr/share/doc/pdns/ .TITLE TESTING TOOLS .SUBTITLE testing port 53 .cmd ubuntu $ ss -pln | grep :53 .cmd alpine $ netstat -ta .SUBTITLE install dig .cmd ubuntu $ apt install dnsutils .cmd alpine $ already installed? .SUBTITLE testing the deployment and zone updates .cmd $ dig @ns0.karchnu.fr .TITLE CONFIGURATION and ZONE UPDATES Well, there isn't much configuration since both powerdns instances just run "as is" with the bind backend that is filled on-the-fly. .SUBTITLE watchdogs in a few words These commands should run either on the primary or secondary name server. They are distributed with .cmdname dnsmanagerd in the .cmdname deployment directory. .SUBTITLE primary-watchdog.sh (on primary) Reads file in /var/powerdns and run a command (pdns_control bind-reload-now) to update the zone, then send the new (or updated) file on the secondary name server. In case the domain wasn't already served, the domain is added (pdns_control bind-add-zone). .SUBTITLE secondary-watchdog.sh (on secondary) Same as primary-watchdog.sh but without remote operations. .SUBTITLE primary-dnsmanagerd-to-powerdns.sh (on primary) TODO: explanations, why doesn't dnsmanagerd use /var/powerdns directly? .\" Since there is a migration to handle, .\" .cmdname dnsmanagerd .\" writes bind9 files in a temporary directory before being sent to /var/powerdns. .\" This enables to first load old zones (they are still served as before) then to update them on-the-fly once the users make changes on the new website. .TITLE LIMITATIONS