= `marcos.mayfirst.org` = `marcos.mayfirst.org` is a simple xen domU hosting a dedicated resolving DNS cache for MF/PL. It was created in response to #765. It is hosted on [wiki:fred.mayfirst.org]. == Creation == I opted to go with debian lenny, since the new [DebianPackage:djbdns] packages are included upstream, and there will be no other services on the box. {{{ 0 fred:~# lvcreate --name marcos-disk --size 500M vg_fred0 Logical volume "marcos-disk" created 0 fred:~# mkfs -t ext3 /dev/mapper/vg_fred0-marcos--disk mke2fs 1.40-WIP (14-Nov-2006) Filesystem label= OS type: Linux Block size=1024 (log=0) Fragment size=1024 (log=0) 128016 inodes, 512000 blocks 25600 blocks (5.00%) reserved for the super user First data block=1 Maximum filesystem blocks=67633152 63 block groups 8192 blocks per group, 8192 fragments per group 2032 inodes per group Superblock backups stored on blocks: 8193, 24577, 40961, 57345, 73729, 204801, 221185, 401409 Writing inode tables: done Creating journal (8192 blocks): done Writing superblocks and filesystem accounting information: done This filesystem will be automatically checked every 21 mounts or 180 days, whichever comes first. Use tune2fs -c or -i to override. 0 fred:~# mount /dev/mapper/vg_fred0-marcos--disk /mnt/ 0 fred:~# debootstrap lenny /mnt/ I: Retrieving Release I: Retrieving Packages I: Validating Packages I: Resolving dependencies of required packages... I: Resolving dependencies of base packages... I: Found additional base dependencies: libldap-2.4-2 I: Checking component main on http://ftp.debian.org/debian... I: Retrieving adduser ...[skip boring debootstrap output]... I: Configuring klogd... I: Configuring tasksel... I: Base system installed successfully. 0 fred:~# echo proc /proc proc defaults 0 0 > /mnt/etc/fstab 0 fred:~# echo /dev/sda1 / ext3 defaults,errors=remount-ro 0 1 >> /mnt/etc/fstab 0 fred:~# echo /dev/sda2 none swap sw 0 0 >> /mnt/etc/fstab 0 fred:~# echo >/mnt/etc/hosts ' localhost marcos.mayfirst.org marcos # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts ' 0 fred:~# echo marcos > /mnt/etc/hostname 0 fred:~# cp -a {,/mnt}/etc/network/if-up.d/add-he-routes 0 fred:~# cp -a {,/mnt}/etc/network/if-down.d/remove-he-routes 0 fred:~# emacs /mnt/etc/network/if-*.d/*-he-routes ## fix up to repair IP addresses and network interface designations 0 fred:~# lvcreate --size=200MB --name=marcos-swap vg_fred0 Logical volume "marcos-swap" created 0 fred:~# mkswap /dev/mapper/vg_fred0-marcos--swap Setting up swapspace version 1, size = 209711 kB no label, UUID=1fe97b9d-445b-458c-891b-925d23dfaa80 0 fred:~# umount /mnt 0 fred:~# }}} Setting up the xen config: {{{ 0 fred:~# grep '^[^#]' /etc/xen/marcos kernel = '/boot/vmlinuz-2.6.18-6-xen-amd64' ramdisk = '/boot/initrd.img-2.6.18-6-xen-amd64' memory = '64' root = '/dev/sda1 ro' disk = [ 'phy:vg_fred0/marcos-disk,sda1,w', 'phy:vg_fred0/marcos-swap,sda2,w' ] name = 'marcos' vif = [ 'ip=' ] on_poweroff = 'destroy' on_reboot = 'restart' on_crash = 'restart' 0 fred:~# }}} == additional packages == Within the domU, once it was started, i did: {{{ aptitude install iproute less lsof emacs22-nox psmisc screen runit djbdns }}} I don't appear to need the kernel modules for this machine, since it is a dedicated host. == resolving name service == Setting up the actual resolving name service: {{{ 0 marcos:~# lsof -i 1 marcos:~# adduser --system dnslog Adding system user `dnslog' (UID 100) ... Adding new user `dnslog' (UID 100) with group `nogroup' ... Creating home directory `/home/dnslog' ... 0 marcos:~# adduser --system dnscache Adding system user `dnscache' (UID 101) ... Adding new user `dnscache' (UID 101) with group `nogroup' ... Creating home directory `/home/dnscache' ... 0 marcos:~# dnscache-conf dnscache dnslog /srv/dnscache 0 marcos:~# ln -s /srv/dnscache /etc/service 0 marcos:~# lsof -i COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME dnscache 1536 dnscache 3u IPv4 4816 UDP marcos.mayfirst.org:domain dnscache 1536 dnscache 4u IPv4 4817 TCP marcos.mayfirst.org:domain (LISTEN) 0 marcos:/srv/dnscache/root/ip# ip route dev eth0 scope link src dev eth0 scope link src dev eth0 scope link src dev eth0 scope link src dev eth0 proto kernel scope link src default via dev eth0 0 marcos:~# ls /srv/dnscache/root/ip/ | wc -l 1 0 marcos:~# for BASE in; do for INC in $(seq 0 15) ; do LAST=${BASE#*.*.*.}; NEW=/srv/dnscache/root/ip/${BASE%.*}.$(( $LAST + $INC )); if [ ! -e $NEW ]; then touch $NEW; fi; done; done 0 marcos:~# ls /srv/dnscache/root/ip/ 97 0 marcos:~# }}} == SMTP == Administrative alerts from this machine should just be routed off the box to `chavez`, which is currently handling mail for mayfirst.org: {{{ aptitude install nullmailer mailx }}} `nullmailer` was configured solely via `debconf`, with the following settings: {{{ 0 marcos:~# debconf-show nullmailer * shared/mailname: marcos.mayfirst.org nullmailer/adminaddr: root@mayfirst.org * nullmailer/relayhost: chavez.mayfirst.org 0 marcos:~# }}} == updates == I also wanted updates about available upgrades to get sent off, so i included `cron-apt`, and set it to nag when updates are available: {{{ aptitude install cron-apt echo 'MAILON="upgrade"' >> /etc/cron-apt/config }}}