wiki:marcos.mayfirst.org

Version 3 (modified by Daniel Kahn Gillmor, 13 years ago) (diff)

--

marcos.mayfirst.org

marcos.mayfirst.org is a simple xen domU hosting a dedicated resolving DNS cache for MF/PL. It was created in response to #765.

It is hosted on fred.mayfirst.org.

Creation

The guiding principle behind this machine is that it should do only one thing, and be stripped of as many superfluous services as possible.

I opted to go with debian lenny, since the new djbdns packages are now available.

0 fred:~# lvcreate --name marcos-disk --size 500M vg_fred0
  Logical volume "marcos-disk" created
0 fred:~# mkfs -t ext3 /dev/mapper/vg_fred0-marcos--disk 
mke2fs 1.40-WIP (14-Nov-2006)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
128016 inodes, 512000 blocks
25600 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=67633152
63 block groups
8192 blocks per group, 8192 fragments per group
2032 inodes per group
Superblock backups stored on blocks: 
	8193, 24577, 40961, 57345, 73729, 204801, 221185, 401409

Writing inode tables: done                            
Creating journal (8192 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 21 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.
0 fred:~# mount /dev/mapper/vg_fred0-marcos--disk /mnt/
0 fred:~# debootstrap lenny /mnt/
I: Retrieving Release
I: Retrieving Packages
I: Validating Packages
I: Resolving dependencies of required packages...
I: Resolving dependencies of base packages...
I: Found additional base dependencies: libldap-2.4-2 
I: Checking component main on http://ftp.debian.org/debian...
I: Retrieving adduser
 ...[skip boring debootstrap output]...
I: Configuring klogd...
I: Configuring tasksel...
I: Base system installed successfully.
0 fred:~# echo proc /proc proc defaults 0 0 > /mnt/etc/fstab 
0 fred:~# echo /dev/sda1 / ext3 defaults,errors=remount-ro 0 1 >> /mnt/etc/fstab
0 fred:~# echo /dev/sda2 none swap sw 0 0 >> /mnt/etc/fstab
0 fred:~# echo >/mnt/etc/hosts '127.0.0.1 localhost
209.51.163.29 marcos.mayfirst.org marcos

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
'
0 fred:~# echo marcos > /mnt/etc/hostname 
0 fred:~# cp -a {,/mnt}/etc/network/if-up.d/add-he-routes 
0 fred:~# cp -a {,/mnt}/etc/network/if-down.d/remove-he-routes
0 fred:~# emacs /mnt/etc/network/if-*.d/*-he-routes ## fix up to repair IP addresses and network interface designations
0 fred:~# lvcreate --size=200MB --name=marcos-swap vg_fred0
  Logical volume "marcos-swap" created
0 fred:~# mkswap /dev/mapper/vg_fred0-marcos--swap 
Setting up swapspace version 1, size = 209711 kB
no label, UUID=1fe97b9d-445b-458c-891b-925d23dfaa80
0 fred:~# umount /mnt
0 fred:~# 

Setting up the xen config:

0 fred:~# grep '^[^#]' /etc/xen/marcos
kernel  = '/boot/vmlinuz-2.6.18-6-xen-amd64'
ramdisk = '/boot/initrd.img-2.6.18-6-xen-amd64'
memory  = '64'
root    = '/dev/sda1 ro'
disk    = [ 'phy:vg_fred0/marcos-disk,sda1,w', 'phy:vg_fred0/marcos-swap,sda2,w' ]
name    = 'marcos'
vif  = [ 'ip=209.51.163.29' ]
on_poweroff = 'destroy'
on_reboot   = 'restart'
on_crash    = 'restart'
0 fred:~# 

additional packages

Within the domU, once it was started, i did:

aptitude install iproute less lsof emacs22-nox psmisc screen deborphan

I don't appear to need the kernel modules for this machine, since it is a dedicated host.

I used deborphan to clear up a few outstanding unneeded libraries from the debootstrap run, and to get rid of a handful of other unneeded packages

resolving name service

aptitude install runit djbdns

Setting up the actual resolving name service:

0 marcos:~# lsof -i
1 marcos:~# adduser --system dnslog
Adding system user `dnslog' (UID 100) ...
Adding new user `dnslog' (UID 100) with group `nogroup' ...
Creating home directory `/home/dnslog' ...
0 marcos:~# adduser --system dnscache
Adding system user `dnscache' (UID 101) ...
Adding new user `dnscache' (UID 101) with group `nogroup' ...
Creating home directory `/home/dnscache' ...
0 marcos:~# dnscache-conf dnscache dnslog /srv/dnscache 209.51.163.29
0 marcos:~# ln -s /srv/dnscache /etc/service
0 marcos:~# lsof -i
COMMAND   PID     USER   FD   TYPE DEVICE SIZE NODE NAME
dnscache 1536 dnscache    3u  IPv4   4816       UDP marcos.mayfirst.org:domain 
dnscache 1536 dnscache    4u  IPv4   4817       TCP marcos.mayfirst.org:domain (LISTEN)
0 marcos:/srv/dnscache/root/ip# ip route
209.51.163.192/28 dev eth0  scope link  src 209.51.163.29 
209.51.180.16/28 dev eth0  scope link  src 209.51.163.29 
209.51.172.0/28 dev eth0  scope link  src 209.51.163.29 
209.51.169.80/28 dev eth0  scope link  src 209.51.163.29 
209.51.163.0/27 dev eth0  proto kernel  scope link  src 209.51.163.29 
default via 209.51.163.1 dev eth0 
0 marcos:~# ls /srv/dnscache/root/ip/ | wc -l
1
0 marcos:~# for BASE in 209.51.163.192 209.51.180.16 209.51.172.0 209.51.169.80 209.51.163.0 209.51.163.16; do for INC in $(seq 0 15) ; do LAST=${BASE#*.*.*.}; NEW=/srv/dnscache/root/ip/${BASE%.*}.$(( $LAST + $INC )); if [ ! -e $NEW ]; then touch $NEW; fi; done; done
0 marcos:~# ls /srv/dnscache/root/ip/
97
0 marcos:~# 

SMTP

Administrative alerts from this machine should just be routed off the box to chavez, which is currently handling mail for mayfirst.org:

aptitude install nullmailer mailx

nullmailer was configured solely via debconf, with the following settings:

0 marcos:~# debconf-show nullmailer
* shared/mailname: marcos.mayfirst.org
  nullmailer/adminaddr: root@mayfirst.org
* nullmailer/relayhost: chavez.mayfirst.org
0 marcos:~# 

updates

I also wanted updates about available upgrades to get sent off, so i included cron-apt, and set it to nag when updates are available:

aptitude install cron-apt
echo 'MAILON="upgrade"' >> /etc/cron-apt/config