#
# Running multiple DNS bind8 servers inside a chroot environment
# & Synchronization of servers using ssh and ssh-keys
#
# Zoidial, Inc.
# Eric Thern  (eric NOSPAM(at) zoidial.com)
# September 11, 2002
#

#
# create public/private ssh key (4096 bit ssh2 DSA)
#
ssh-keygen -t dsa -b 4096 -f dnskey

#
# press enter twice and give it no password
# put the private key on the ns1, public key on your ns2+ servers
#

#
# creating filesystem stubs for the chroot
#
mkdir /etc/namedb/var
mkdir /etc/namedb/var/run
mkdir /etc/namedb/dev

#
# create the dev files for named to be happy
#
cd /etc/namedb/dev
mknod null c 2 2
mknod random c 2 3
chmod 666 {null,random}

#
# set up the pid file and ndc file to point to the chrooted ones
#
rm -Rf /var/run/named.pid
ln -s /etc/namedb/var/run/named.pid /var/run/named.pid
rm -Rf /var/run/ndc
ln -s /etc/namedb/var/run/ndc /var/run/ndc


#
# running named in a chroot (/etc/namedb) with user/group bind
#
named -u bind -g bind -c named.conf -t /etc/namedb

#
# syslogd settings
#
syslogd -s -s -b 66.62.70.15 -l /etc/namedb/dev/log

#
# rc.conf settings
#
named_enable="YES"
named_flags="-u bind -g bind -c named.conf -t /etc/namedb"

syslogd_enable="YES"
syslogd_flags="-s -s -b 66.62.70.15 -l /etc/namedb/dev/log"



-------- start of named script -------------

#
# copy over named zone files - all stored in /etc/named/ in this case
#
scp -i /root/.ssh/dnskey /etc/named/* root@ns2.server.com:/etc/namedb/.
#
# copy over any included files from other sources, if necessary.
#
scp -i /root/.ssh/dnskey /etc/named/INC/subnet*.include root@ns2.server.com:/etc/namedb/.
#
# copy over named.conf file, if it is in a different directory than /etc/named and not covered above
#
scp -i /root/.ssh/dnskey /etc/named.conf root@ns2.server.com:/etc/namedb/.

#
# exec these commands through ssh
# cd into /etc/namedb
ssh -i /root/.ssh/dnskey ns2.server.com "cd /etc/namedb; \
# copy named.conf to named.original as a backup
cp /etc/namedb/named.conf /etc/namedb/named.original; \
# have a stub file named.LOCAL with only the beginning stuff, no zones, redirect this to named.conf
cat /etc/namedb/named.LOCAL > /etc/namedb/named.conf; \
# echo a space into named.conf (if needed or wanted)
echo "" >> /etc/namedb/named.conf; \
# grep for zone files in named.original and redirect them into named.conf
grep zone /etc/namedb/named.original >> /etc/namedb/named.conf; \
# recursively change ownership to user bind group bind
chown -R bind:bind /etc/namedb; \
# change modes to 700
chmod 700 /etc/namedb; \
# make sure the named.pid is linked correctly
ln -fs /etc/namedb/var/run/named.pid /var/run/named.pid; \
# make sure ndc is linked correctly
ln -fs /etc/namedb/var/run/ndc /var/run/ndc; \
# restart named using 'named.restart' (uses ndc)
named.restart"

-----------  end of named script -----------------