Commit d0101652 authored by Loïc Dachary's avatar Loïc Dachary
Browse files

Merge branch 'move_bind_glue_doc' into 'master'

move the BIND delegation setup to user guide

See merge request !506
parents d6647c9b b33fb84f
Pipeline #2073 passed with stage
in 11 minutes and 26 seconds
......@@ -25,24 +25,6 @@ It can be set in `~/.enough/example.com/inventory/host_vars/bind-host/zone.yml`
@ 1800 IN MX 10 spool.mail.gandi.net.
Delegation
----------
To enable DNS delegation for ``example.com``, the following records
need to be added:
.. code::
example.com. IN NS bind.example.com.
bind.example.com. IN A 51.178.60.121
The DNS delegation for a subdomain follows the same logic:
.. code::
sub.example.com. IN NS bind.sub.example.com.
bind.sub.example.com. IN A 51.178.60.121
Host Resolver
-------------
......
......@@ -91,11 +91,12 @@ be created by Enough:
.. code::
enough --domain example.com service create bind
$ enough --domain example.com service create bind
Upon successfull completion, a machine named ``bind-host`` exists and
its public IP must be used as a `GLUE record
<https://en.wikipedia.org/wiki/Glue_record>`__.
<https://en.wikipedia.org/wiki/Glue_record>`__. In order to fetch the
``bind-host`` public IP, use this command:
.. code::
......@@ -106,14 +107,33 @@ its public IP must be used as a `GLUE record
| 2b9a1bda-c2c0 | bind-host | ACTIVE | Ext-Net=51.178.60.121 | Debian 10 | s1-2 |
+---------------+--------------+--------+-----------------------+-----------+--------+
To verify the DNS running at bind-host works as expected:
Because you can not create the glue records without knowing the ``bind-host``
IP, you will need to:
#. execute the ``enough --domain example.com service create bind`` command
which will create the ``bind-host`` server and then fail once the domain
name has been added
#. create the glue records, setup a DNS delegation
#. execute the ``enough --domain example.com service create bind`` again in
order to complete the bind service setup
To verify the DNS running at ``bind-host`` works as expected:
.. code::
$ dig @ip-of-the-bind-host bind.example.com
$ enough --domain example.com ssh bind-host
It can then be used to instruct the `registrar
To verify the delegation is effective:
.. code::
$ getent hosts bind.example.com
Delegation through a registrar
++++++++++++++++++++++++++++++
The ``bind-host`` IP can then be used to instruct the `registrar
<https://en.wikipedia.org/wiki/Domain_name_registrar>`__ of
``example.com`` to delegate all domain name resolutions to this
IP. The exact method for performing this DNS delegation depends on the
......@@ -127,11 +147,27 @@ to be done only once.
It will take time for the delegation to be effective.
It can be as quick as one hour but delays from 24h to 72h are not uncommon.
To verify the delegation is effective:
Delegation through a self hosted BIND service
+++++++++++++++++++++++++++++++++++++++++++++
In this setup, the domain is already handled by another self hosted BIND
service (not ``bind-host``). The following DNS records need to be added to the
BIND configuration zone file in order to enable DNS delegation for
``example.com``:
.. code::
example.com. IN NS bind.example.com.
bind.example.com. IN A 51.178.60.121
The DNS delegation for a subdomain follows the same logic:
.. code::
getent hosts bind.example.com
sub.example.com. IN NS bind.sub.example.com.
bind.sub.example.com. IN A 51.178.60.121
libvirt Enough instance
-----------------------
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment