Skip to content

Latest commit

 

History

History
88 lines (64 loc) · 3.66 KB

README.md

File metadata and controls

88 lines (64 loc) · 3.66 KB

No Longer Maintained

This release is no longer being maintained.

Maybe https://github.com/cloudfoundry-community/bind9-boshrelease is a better alternative.

BOSH BIND 9 Release

This is a BOSH release that can be used to deploy a BIND 9 nameserver.

BOSH is a tool that deploys VMs and software. ISC's BIND 9 is a DNS nameserver.

How To

0. Install BOSH and BOSH CLI

BOSH runs in a special VM which will need to be deployed prior to deploying this BIND release. You will also need to have installed the BOSH CLI on your local workstation (i.e. the bosh_cli Ruby gem)

1. Target BOSH and login

We assume you're using BOSH Lite (BOSH under VirtualBox); however, if you have already deployed a MicroBOSH or full BOSH, then substitute the correct IP address/hostname and credentials below.

Target the IP address (defaults to 192.168.50.4) and log in with the default account and password (admin/admin):

bosh target 192.168.50.4
bosh login admin admin

2. Clone and cd to this repo

git clone https://github.com/cunnie/bosh-bind-9-release.git
cd bosh-bind-9-release

3. Download and upload the stemcells to BOSH

mkdir stemcells
pushd stemcells
curl -OL https://s3.amazonaws.com/bosh-warden-stemcells/bosh-stemcell-2776-warden-boshlite-centos-go_agent.tgz
popd
bosh upload stemcell stemcells/bosh-stemcell-2776-warden-boshlite-centos-go_agent.tgz

4. Create and upload the BOSH Release

bosh create release --force
    Please enter development release name: bind-9
bosh upload release dev_releases/bind-9/bind-9-0+dev.1.yml

If you iterate through several releases, remember to increment the release number when uploading (e.g. "...9-0+dev.2.yml").

5. Create Manifest from Example

We copy the manifest template and set its UUID to our BOSH's UUID.

If you're not using BOSH Lite, edit the manifest to change the network information and IP addresses:

cp examples/bind-9-bosh-lite.yml config/
perl -pi -e "s/PLACEHOLDER-DIRECTOR-UUID/$(bosh status --uuid)/" config/bind-9-bosh-lite.yml

6. Deploy and Test

If you're not using BOSH Lite, then substite the correct IP address when you use the nslookup command. The IP address is available from your deployment manifest or by typing bosh vms.

bosh deployment config/bind-9-bosh-lite.yml
bosh -n deploy
# if you're using BOSH Lite, you'll probably need
# to add a route similar to something like this
sudo route add -net 10.244.0.0/24 192.168.50.4
#  attempt the lookup
nslookup google.com 10.244.0.66

Stemcells

This has been tested with the following stemcells:

  • bosh-aws-xen-hvm-centos-7-go_agent version 2962

Bugs

The deployed server must be able to reach the Internet, for it downloads and installs necessary JSON packages (via yum in the case of CentOS and apt-get in the case of Ubuntu). This is admittedly a hack, and a more elegant solution would be to create a BOSH release of the JSON libraries.

The example deployment manifests do not include a persistent store; In other words, it would be reasonable to use this release to deploy a secondary or caching-only nameserver, but not a primary nameserver.

The configuration in the example deployment manifest allows recursive requests from anywhere, technically an "Open DNS Resolver". This allows the deployed nameserver to be used in a Distributed Denial of Service attack using DNS Amplification. Please modify the manifest to exclude recursive queries before deploying the nameserver to the Internet at large.