Version 2 (modified by Daniel Kahn Gillmor, 14 years ago) (diff)

-- is a simple xen domU hosting a dedicated resolving DNS cache for MF/PL. It was created in response to #765.

It is hosted on


I opted to go with debian lenny, since the new djbdns packages are included upstream, and there will be no other services on the box.

0 fred:~# lvcreate --name marcos-disk --size 500M vg_fred0
  Logical volume "marcos-disk" created
0 fred:~# mkfs -t ext3 /dev/mapper/vg_fred0-marcos--disk 
mke2fs 1.40-WIP (14-Nov-2006)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
128016 inodes, 512000 blocks
25600 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=67633152
63 block groups
8192 blocks per group, 8192 fragments per group
2032 inodes per group
Superblock backups stored on blocks: 
	8193, 24577, 40961, 57345, 73729, 204801, 221185, 401409

Writing inode tables: done                            
Creating journal (8192 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 21 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.
0 fred:~# mount /dev/mapper/vg_fred0-marcos--disk /mnt/
0 fred:~# debootstrap lenny /mnt/
I: Retrieving Release
I: Retrieving Packages
I: Validating Packages
I: Resolving dependencies of required packages...
I: Resolving dependencies of base packages...
I: Found additional base dependencies: libldap-2.4-2 
I: Checking component main on
I: Retrieving adduser
 ...[skip boring debootstrap output]...
I: Configuring klogd...
I: Configuring tasksel...
I: Base system installed successfully.
0 fred:~# echo proc /proc proc defaults 0 0 > /mnt/etc/fstab 
0 fred:~# echo /dev/sda1 / ext3 defaults,errors=remount-ro 0 1 >> /mnt/etc/fstab
0 fred:~# echo /dev/sda2 none swap sw 0 0 >> /mnt/etc/fstab
0 fred:~# echo >/mnt/etc/hosts ' localhost marcos

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
0 fred:~# echo marcos > /mnt/etc/hostname 
0 fred:~# cp -a {,/mnt}/etc/network/if-up.d/add-he-routes 
0 fred:~# cp -a {,/mnt}/etc/network/if-down.d/remove-he-routes
0 fred:~# emacs /mnt/etc/network/if-*.d/*-he-routes ## fix up to repair IP addresses and network interface designations
0 fred:~# lvcreate --size=200MB --name=marcos-swap vg_fred0
  Logical volume "marcos-swap" created
0 fred:~# mkswap /dev/mapper/vg_fred0-marcos--swap 
Setting up swapspace version 1, size = 209711 kB
no label, UUID=1fe97b9d-445b-458c-891b-925d23dfaa80
0 fred:~# umount /mnt
0 fred:~# 

Setting up the xen config:

0 fred:~# grep '^[^#]' /etc/xen/marcos
kernel  = '/boot/vmlinuz-2.6.18-6-xen-amd64'
ramdisk = '/boot/initrd.img-2.6.18-6-xen-amd64'
memory  = '64'
root    = '/dev/sda1 ro'
disk    = [ 'phy:vg_fred0/marcos-disk,sda1,w', 'phy:vg_fred0/marcos-swap,sda2,w' ]
name    = 'marcos'
vif  = [ 'ip=' ]
on_poweroff = 'destroy'
on_reboot   = 'restart'
on_crash    = 'restart'
0 fred:~# 

additional packages

Within the domU, once it was started, i did:

aptitude install iproute less lsof emacs22-nox psmisc screen runit djbdns

I don't appear to need the kernel modules for this machine, since it is a dedicated host.

resolving name service

Setting up the actual resolving name service:

0 marcos:~# lsof -i
1 marcos:~# adduser --system dnslog
Adding system user `dnslog' (UID 100) ...
Adding new user `dnslog' (UID 100) with group `nogroup' ...
Creating home directory `/home/dnslog' ...
0 marcos:~# adduser --system dnscache
Adding system user `dnscache' (UID 101) ...
Adding new user `dnscache' (UID 101) with group `nogroup' ...
Creating home directory `/home/dnscache' ...
0 marcos:~# dnscache-conf dnscache dnslog /srv/dnscache
0 marcos:~# ln -s /srv/dnscache /etc/service
0 marcos:~# lsof -i
dnscache 1536 dnscache    3u  IPv4   4816       UDP 
dnscache 1536 dnscache    4u  IPv4   4817       TCP (LISTEN)
0 marcos:/srv/dnscache/root/ip# ip route dev eth0  scope link  src dev eth0  scope link  src dev eth0  scope link  src dev eth0  scope link  src dev eth0  proto kernel  scope link  src 
default via dev eth0 
0 marcos:~# ls /srv/dnscache/root/ip/ | wc -l
0 marcos:~# for BASE in; do for INC in $(seq 0 15) ; do LAST=${BASE#*.*.*.}; NEW=/srv/dnscache/root/ip/${BASE%.*}.$(( $LAST + $INC )); if [ ! -e $NEW ]; then touch $NEW; fi; done; done
0 marcos:~# ls /srv/dnscache/root/ip/
0 marcos:~# 


Administrative alerts from this machine should just be routed off the box to chavez, which is currently handling mail for

aptitude install nullmailer mailx

nullmailer was configured solely via debconf, with the following settings:

0 marcos:~# debconf-show nullmailer
* shared/mailname:
* nullmailer/relayhost:
0 marcos:~# 


I also wanted updates about available upgrades to get sent off, so i included cron-apt, and set it to nag when updates are available:

aptitude install cron-apt
echo 'MAILON="upgrade"' >> /etc/cron-apt/config