eigenLab Anycast DNS infrastructure

TODO overview

Configure your Gentoo server as eigenLab internal anycast DNS

DISCLAIMER

Read this guide critically! Do not copy/paste commands you find here without understanding what they means ( look for their mean on their man or your preferred web search )!! If you use this guide without understanding you can make your server inaccessible via SSH !!

Create eigendns user on your server

useradd eigendns
passwd eigendns # this password is not used for login as password login should be disabled on your server via SSH
mkdir /home/eigendns

layman -S
layman -a eigenlay
emerge -vq net-dns/bind
emerge -vq app-crypt/monkeysphere # You will need to unlock ** keywords for 9999 version

usermod -a -G named eigendns
chown -R named:named /etc/bind
chmod -R 771 /etc/bind

monkeysphere-authentication add-identity-certifier $YOUR_PGP_FINGEPRINT_GOES_HERE
mkdir /home/eigendns/.monkeysphere
echo 'EigenLab DNS Updater <info@eigenlab.org>' > /home/eigendns/.monkeysphere/authorized_user_ids
# edit SSH server config do this by and not with this line
## echo 'AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u' >> /etc/ssh/sshd_config
/etc/init.d/sshd restart
monkeysphere-authentication update-users
# If you have a cron daemon this is very useful
echo "0 * * * *       root    monkeysphere-authentication update-users" >> /etc/crontab
chmod -R 755 /home/eigendns
chown -R eigendns:eigendns /home/eigendns
emerge -vq app-admin/sudo
echo 'eigendns ALL= (root) NOPASSWD: /etc/init.d/named restart' >> /etc/sudoers