[[PageOutline]] = `marcos.mayfirst.org` = `marcos.mayfirst.org` is a simple xen domU hosting a dedicated resolving DNS cache for MF/PL. It was created in response to #765. It is hosted on [wiki:fred.mayfirst.org]. == Creation == The guiding principle behind this machine is that it should do only one thing, and be stripped of as many superfluous services as possible. I opted to go with debian lenny, since the new [DebianPackage:djbdns] packages are now available. {{{ 0 fred:~# lvcreate --name marcos-disk --size 500M vg_fred0 Logical volume "marcos-disk" created 0 fred:~# mkfs -t ext3 /dev/mapper/vg_fred0-marcos--disk mke2fs 1.40-WIP (14-Nov-2006) Filesystem label= OS type: Linux Block size=1024 (log=0) Fragment size=1024 (log=0) 128016 inodes, 512000 blocks 25600 blocks (5.00%) reserved for the super user First data block=1 Maximum filesystem blocks=67633152 63 block groups 8192 blocks per group, 8192 fragments per group 2032 inodes per group Superblock backups stored on blocks: 8193, 24577, 40961, 57345, 73729, 204801, 221185, 401409 Writing inode tables: done Creating journal (8192 blocks): done Writing superblocks and filesystem accounting information: done This filesystem will be automatically checked every 21 mounts or 180 days, whichever comes first. Use tune2fs -c or -i to override. 0 fred:~# mount /dev/mapper/vg_fred0-marcos--disk /mnt/ 0 fred:~# debootstrap lenny /mnt/ I: Retrieving Release I: Retrieving Packages I: Validating Packages I: Resolving dependencies of required packages... I: Resolving dependencies of base packages... I: Found additional base dependencies: libldap-2.4-2 I: Checking component main on http://ftp.debian.org/debian... I: Retrieving adduser ...[skip boring debootstrap output]... I: Configuring klogd... I: Configuring tasksel... I: Base system installed successfully. 0 fred:~# echo proc /proc proc defaults 0 0 > /mnt/etc/fstab 0 fred:~# echo /dev/sda1 / ext3 defaults,errors=remount-ro 0 1 >> /mnt/etc/fstab 0 fred:~# echo /dev/sda2 none swap sw 0 0 >> /mnt/etc/fstab 0 fred:~# echo >/mnt/etc/hosts '127.0.0.1 localhost 209.51.163.29 marcos.mayfirst.org marcos # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts ' 0 fred:~# echo marcos > /mnt/etc/hostname 0 fred:~# cp -a {,/mnt}/etc/network/if-up.d/add-he-routes 0 fred:~# cp -a {,/mnt}/etc/network/if-down.d/remove-he-routes 0 fred:~# emacs /mnt/etc/network/if-*.d/*-he-routes ## fix up to repair IP addresses and network interface designations 0 fred:~# lvcreate --size=200MB --name=marcos-swap vg_fred0 Logical volume "marcos-swap" created 0 fred:~# mkswap /dev/mapper/vg_fred0-marcos--swap Setting up swapspace version 1, size = 209711 kB no label, UUID=1fe97b9d-445b-458c-891b-925d23dfaa80 0 fred:~# umount /mnt 0 fred:~# }}} Setting up the xen config: {{{ 0 fred:~# grep '^[^#]' /etc/xen/marcos kernel = '/boot/vmlinuz-2.6.18-6-xen-amd64' ramdisk = '/boot/initrd.img-2.6.18-6-xen-amd64' memory = '64' root = '/dev/sda1 ro' disk = [ 'phy:vg_fred0/marcos-disk,sda1,w', 'phy:vg_fred0/marcos-swap,sda2,w' ] name = 'marcos' vif = [ 'ip=209.51.163.29' ] on_poweroff = 'destroy' on_reboot = 'restart' on_crash = 'restart' 0 fred:~# }}} == additional packages == Within the domU, once it was started, i did: {{{ aptitude install iproute less lsof emacs22-nox psmisc screen deborphan }}} I don't appear to need the kernel modules for this machine, since it is a dedicated host. I used `deborphan` to clear up a few outstanding unneeded libraries from the `debootstrap` run, and to get rid of a handful of other unneeded packages == resolving name service == {{{ aptitude install runit djbdns }}} Setting up the actual resolving name service: {{{ 0 marcos:~# lsof -i 1 marcos:~# adduser --system dnslog Adding system user `dnslog' (UID 100) ... Adding new user `dnslog' (UID 100) with group `nogroup' ... Creating home directory `/home/dnslog' ... 0 marcos:~# adduser --system dnscache Adding system user `dnscache' (UID 101) ... Adding new user `dnscache' (UID 101) with group `nogroup' ... Creating home directory `/home/dnscache' ... 0 marcos:~# dnscache-conf dnscache dnslog /srv/dnscache 209.51.163.29 0 marcos:~# ln -s /srv/dnscache /etc/service 0 marcos:~# lsof -i COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME dnscache 1536 dnscache 3u IPv4 4816 UDP marcos.mayfirst.org:domain dnscache 1536 dnscache 4u IPv4 4817 TCP marcos.mayfirst.org:domain (LISTEN) 0 marcos:/srv/dnscache/root/ip# ip route 209.51.163.192/28 dev eth0 scope link src 209.51.163.29 209.51.180.16/28 dev eth0 scope link src 209.51.163.29 209.51.172.0/28 dev eth0 scope link src 209.51.163.29 209.51.169.80/28 dev eth0 scope link src 209.51.163.29 209.51.163.0/27 dev eth0 proto kernel scope link src 209.51.163.29 default via 209.51.163.1 dev eth0 0 marcos:~# ls /srv/dnscache/root/ip/ | wc -l 1 0 marcos:~# for BASE in 209.51.163.192 209.51.180.16 209.51.172.0 209.51.169.80 209.51.163.0 209.51.163.16; do for INC in $(seq 0 15) ; do LAST=${BASE#*.*.*.}; NEW=/srv/dnscache/root/ip/${BASE%.*}.$(( $LAST + $INC )); if [ ! -e $NEW ]; then touch $NEW; fi; done; done 0 marcos:~# ls /srv/dnscache/root/ip/ 97 0 marcos:~# }}} == SMTP == Administrative alerts from this machine should just be routed off the box to `chavez`, which is currently handling mail for mayfirst.org: {{{ aptitude install nullmailer mailx }}} `nullmailer` was configured solely via `debconf`, with the following settings: {{{ 0 marcos:~# debconf-show nullmailer * shared/mailname: marcos.mayfirst.org nullmailer/adminaddr: root@mayfirst.org * nullmailer/relayhost: chavez.mayfirst.org 0 marcos:~# }}} == updates == I also wanted updates about available upgrades to get sent off, so i included `cron-apt`, and set it to nag when updates are available: {{{ aptitude install cron-apt echo 'MAILON="upgrade"' >> /etc/cron-apt/config }}}