Table of contents

Introduction

The application DNS REST BIND forms a bridge between AutoDNS and a BIND name server, allowing the zones in AutoDNS to be managed. The actions required for this in AutoDNS are passed to the BIND server with the help of DNS REST BIND. The REST protocol based on HTTP is used to do this. In order to ensure a secure connection, we suggest that you start the server in SSL mode. You can either integrate your own certificates or use the certificate already in place in the application.

The AutoDNS actions are processed in two steps:

  1. The order data is checked and saved in the relevant queue. The corresponding BIND zone data is also generated and saved.
  2. All open orders are carried out and the AutoDNS configuration file is rewritten. After this is done, the BIND server is restarted. This step is asynchronous, but the interval can be adjusted.

System requirements

The application requires a Java Virtual Machine (JDK). It is also dependent on the javad-util package, included in delivery. Although there are no special hardware requirements, we nevertheless recommend an x86 system with at least 128 MB storage.

Recommendation

We use the OpenJDK Amazon Corretto-8  to develop our software, therefore we recommend the usage of Amazon Corretto-8. Amazon Corretto is a free, cross-platform and production-ready distribution of the Open Java Development Kit (OpenJDK). Corretto provides long-term support that includes performance enhancements and security fixes. It can be installed easily using the following commands:

First import the repository

rpm --import https://yum.corretto.aws/corretto.key curl -L -o /etc/yum.repos.d/corretto.repo https://yum.corretto.aws/corretto.repo

Finally install the JDK:

yum install java-1.8.0-amazon-corretto-devel

First installation

Installation using package manager yum 

DNS REST BIND was designed for use with systems based on RPM and is available as an RPM package. As soon as the InterNetX repositories are available, DNS REST BIND can be installed easily using the following command:

yum install dns-rest-bind.rpm

The package manager resolves the requirements and enables the installation of missing programs.

Configuration

Predefined variables

VariableDescriptionDefault Path

CONFIGDIR

Configuration Files

 /etc/javad/dns-rest-bind

HOME

Home Directory

 /var/lib/javad/dns-rest-bind

APPDIR

Program Files

 /usr/share/java/dns-rest-bind

Password configuration

The server uses HTTP BASIC Auth to authorize the user. You can define the users and corresponding passwords in the file passwd in the configuration index.

The file uses the following format:

User: Password,rest-user

Example:  user.one: pwsecret,rest-user

Rest-user cannot be changed and must follow the password – it defines the user group specified in the server.

Logging configuration

The file log4j.xml is saved in the configuration index at installation.

The file defines the logging behavior. This is based on "Log4j-Logger". It writes the log data to /var/log/javad/dns-rest-bind.info.log file. Logging is set so that a maximum of 1 GB hard drive space can be used, i.e. 10 files of 100 MB each.

If you would like to perform the logging via e.g. syslog, please refer to the "Log4j" configuration.

Configuration of the BIND connection

The following parameters are defined in the configuration folder under bind.properties:

NameFormatDescription
jobXmlDao.directoryStringThe path to the job spool directory.
Default: /var/spool/javad/dns-rest-bind/job-data
bind.zoneDirectoryStringThe path to the zone files directory, must be also defined within the bind conf.
Default: /var/named/data
bind.rndcStringThe path to the RNDC command.
Default: /usr/sbin/rndc
bind.configStringThe path to the specific AutoDNS BIND definition file. The file will be generated by the application.
Default: /var/named/autodns.conf
bind.reloadDelayIntegerReload every minute in milli seconds, after the time of seconds the bind server is reloaded, using the RNDC command.
Default: 60000
bind.chgrpStringThe path to the chgrp command.
Default: /bin/chgrp
bind.chmodStringThe path to the chmod command.Default: /bin/chmod
bind.groupStringThe bind user group.Default: named
bind.named-checkconfStringThe path to the named-checkconf command.Default: named-checkconf
bind.named-checkzoneStringThe path to the name-checkzone command.Default: named-checkzone
bind.axfrTimeoutIntegerThe AXFR timeout in seconds.Default: 60
bind.localAxfrIPThe local address to bind.Default: 0.0.0.0

Server start parameters

The server starting parameters are defined in the tables. 

These can be modified under /etc/sysconfig/javad/dns-rest-bind under the item PARAM.

NameRequiredTypeDescription
Port, -pyesintegerServer port that waits for requests.
Default: 9090
sslnobooleanIs HTTPS used instead of HTTP? For SSL further parameters are required.
Default: false
keystorenopathSSL keystore
keystore-passwordnostringPassword for the SSL keystore. The password is stored AES encrypted.
cert-passwordnostringPassword for the certificate. The password is stored AES encrypted.
passwdyesstringPath to the user file.
Default:  /etc/javad/dns-rest-bind/passwd
hostnamenoipIP Address the server should bind to.
Default: 0.0.0.0
configyespathPath to the multiserver configuration.
Default file: $CONFIGDIR/multiserver.conf

General parameters

NameRequiredTypeDescription
USERyesstringThe user the server is started with.
Default: autodns
VMOPTSyesstringDefines JDK specific parameters like memory usage.
Default: -Dconf-dir=file:$CONFIGDIR
PARAMSyesstringStart parameter for the server. See: Configuration of the Server Start Parameters.
Default: see server parameters
JMXnobooleanStarts the VM with JMX.
Default: false
JMXPORTnointegerThe JMX port.
Default: 10120
DEBUGnobooleanStarts the VM in the remote debug mode.
Default: false
DEBUGPORTnointegerDefault: 10220