GnuDIP Logo

GnuDIP Release 2.3 - Back End INSTALL File

Back End Scripts to Support Legacy BIND and tinydns

Releases of BIND prior to 8.2.3 and the tinydns DNS server software do not support dynamic DNS in the fashion prescribed by the IETF RFC-s, and cannot be updated using the nsupdate command.

It is still possible to use early BIND releases and tinydns with GnuDIP. A few additional scripts are involved. These scripts use the configuration file gnudip/etc/backend.conf.

At a minimum, this configuration file must contain a line defining the command used to log messages. In the sample file this is:

# logger command for backend server
logger = /usr/bin/logger -t gnudip-bkend

Each back end has an associated:

You must create the FIFO (using mkfifo). The fifo may be created anywhere, but /usr/local/gnudip/run/ would be an obvious place for it. Ensure that it is owned by and writable by user nobody (the "nobody" that GnuDIP runs as), with no access by any other user.

Three attributes must be provided in backend.conf for each back end. For example, the sample legacy BIND back end is defined by:

# name of fifo for
fifo.oldBIND.dyn3 = /usr/local/gnudip/run/backend.oldBIND.dyn3

# command to actually reload
reload.oldBIND.dyn3 = /usr/local/gnudip/sbin/

# minimum seconds between reloads
wait.oldBIND.dyn3 = 30

The sample tinydns back end is defined by:

# name of fifo for tinydns
fifo.tinydns = /usr/local/gnudip/run/tinydns

# command to actually reload
reload.tinydns = /usr/local/gnudip/sbin/

# minimum seconds between reloads
wait.tinydns = 5

To use a back end by default for all GnuDIP domains, you replace the global nsupdate command with the back end client script in gnudip.conf using a line like:

nsupdate = /usr/local/gnudip/sbin/ mybackend

To use a back end for a particular domain, you replace the nsupdate on a per domain basis using a line like:

nsupdate.mydomain = /usr/local/gnudip/sbin/ mybackend

The back end client script must be passed the back end name as an argument. The script will indicate that an update for the specified domain is needed by writing the back end name to the FIFO.

For testing puposes you should use this client from the command line:

usage: [ -h | backend ]
usage: Notify the backend server that that an
usage: update to the backend has occured. The 'backend'
usage: argument is used for look ups in backend.conf.
usage: -h: Print this usage message.

If the back end is for tinydns, you will need to specify an additional configuration parameter, either:

tinydns = YES

globally or

tinydns.mydomain = YES

for the per domain case. The Web Tool needs to know if a domain is being served by tinydns, in order to correctly validate MX values.

You may have multiple domains for the same back end.

You must also set up the back end server script to start at system start up using a command line like:

/usr/local/gnudip/sbin/ mybackend

Where you put this command line depends on the flavor of UNIX you have. For Slackware Linux it would go in /etc/rc.d/rc.local. You will have to determine where it goes on your system. It must also be passed the back end name as an argument.

For testing puposes you may start this server from the command line:

usage: [ -h | [ -d ] backend ]
usage: GnuDIP backend server.
usage: Receive notififications that updates to the backend have occured,
usage: and initiate reloads. The 'backend' argument is used for look
usage: ups in backend.conf.
usage: -h: Print this usage message.
usage: -d: Debug - stay attached to current terminal.

This server script will run your back end reload command when it receives a notification on the FIFO, unless enough time has not passed since the last time it was run. In that case it will run the reload script as soon as allowed. The script will be run as the root user.

You will in general need to customize the back end reload script to your particular GnuDIP installation. Two sample UNIX shell scripts are provided as a starting point:

These scripts are very simple because they each use a database scan script provided with GnuDIP:

Each sample reload script prefixes the output from the database scan script with additional input that is needed. It then initiates a DNS reload (i.e. on the local host).

You may require more sophisticated scripts for your environment.

The tinydns suite provides its own mechanism for detecting the changes to the domain file and performing an "incremental" zone transfer to secondary servers, using the rsync command. So if the primary tinydns server is on the GnuDIP machine, propogation of updates can be done in the normal way for tinydns.

Using BIND zone transfers to update secondary servers with early releases of BIND, while doing frequent zone reloads is problematic. The full zone transfers cause a severe demand on the network as the size of the zone grows. If you must use an early release of BIND, you may want to develop your mechanism for maintaining multiple servers.