View Single Post
  #2   (View Single Post)  
Old 5th March 2010
J65nko J65nko is online now
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default Installation scripts

Because I run my garage department nameserver on a regular reinstalled OpenBSD snapshot I use the following two scripts to automate the install and configuration.

The named configuration script
Code:
#----------------------------------------
FILE=/var/named/etc/caching-forward-only.conf
#FILE=$( basename ${FILE} )

echo Creating ${FILE} 

cat <<END >${FILE}
// Caching and forward only configuration

// Access Control List

acl  clients    {
    192.168.222.0/24  ;
};

options {
    forward only ;
    forwarders { 192.168.222.10 ; } ; 
    allow-query { clients ; } ;
    // max-cache-size is in bytes : echo '2 * 1024^2' | bc
    max-cache-size 2097152 ; 
    empty-zones-enable yes;
} ;

# After editing this file please use 'named-checkconf' to validate!

END
The /etc/rc.conf.local configuration is done with
Code:
# ----------------------------------------
FILE=./etc/rc.conf.local
#FILE=$( basename ${FILE} )
echo Enabling 'named' as forward-only resolver in ${FILE}

cat <<END >> $FILE

#  note that the 'named' configuration file is in '/var/naned/etc'
#  because of the chroot in "/var/named" , it has to be specified 
#  without the "/var/named" part.
named_flags='-4 -c /etc/caching-forward-only.conf'

END
You can check with netstat, whether named is running, it will use port 53 on both TCP and UDP
Code:
$ netstat -an -f inet
Active Internet connections (including servers)
Proto   Recv-Q Send-Q  Local Address          Foreign Address        (state)
tcp          0      0  192.168.222.25.22      192.168.222.244.35967  ESTABLISHED
tcp          0      0  127.0.0.1.587          *.*                    LISTEN
tcp          0      0  127.0.0.1.25           *.*                    LISTEN
tcp          0      0  *.515                  *.*                    LISTEN
tcp          0      0  192.168.222.25.22      *.*                    LISTEN
tcp          0      0  127.0.0.1.953          *.*                    LISTEN
tcp          0      0  192.168.222.25.53      *.*                    LISTEN
tcp          0      0  127.0.0.1.53           *.*                    LISTEN
Active Internet connections (including servers)
Proto   Recv-Q Send-Q  Local Address          Foreign Address        (state)
udp          0      0  192.168.222.25.27727   85.17.207.62.123      
udp          0      0  192.168.222.25.34152   213.206.97.167.123    
udp          0      0  192.168.222.25.34002   194.109.64.200.123    
udp          0      0  *.19590                *.*                   
udp          0      0  192.168.222.25.53      *.*                   
udp          0      0  127.0.0.1.53           *.*                   
udp          0      0  *.514                  *.*
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote