Warning: Declaration of action_plugin_recaptcha2::register(&$controller) should be compatible with DokuWiki_Action_Plugin::register(Doku_Event_Handler $controller) in /var/www/coredomain_wiki/lib/plugins/recaptcha2/action.php on line 0

Warning: Declaration of action_plugin_divalign2::register(&$controller) should be compatible with DokuWiki_Action_Plugin::register(Doku_Event_Handler $controller) in /var/www/coredomain_wiki/lib/plugins/divalign2/action.php on line 0

Warning: Declaration of syntax_plugin_divalign2_common::handle($match, $state, $pos, &$handler) should be compatible with DokuWiki_Syntax_Plugin::handle($match, $state, $pos, Doku_Handler $handler) in /var/www/coredomain_wiki/lib/plugins/divalign2/common.php on line 28

Warning: Declaration of syntax_plugin_divalign2_common::render($mode, &$renderer, $data) should be compatible with DokuWiki_Syntax_Plugin::render($format, Doku_Renderer $renderer, $data) in /var/www/coredomain_wiki/lib/plugins/divalign2/common.php on line 28
create_t2 [CoreNIC]

User Tools

Site Tools


Creating a Tier-2 DNS Server

This is a guide for configuring your Tier-2 DNS server to work with the CoreNIC network. Please note that DNS servers are reccomended to have a storage drive (HDD/SSD) with at least 10GB of space and with at least 1.5GB of RAM. You MUST use SSH keys and DISABLE passworded SSH login for security reasons. Passworded SSH servers will NOT be allowed on our network.

Auto-Install Script

The preferred way to configure your Tier-2 server is to use the script that is designed to automatically update your BIND configuration files. It can do the following things:

  • Update itself (all scripts are PGP signed and verified)
  • Auto-install the CoreSign Root CA (for wget commands)
  • Auto-download and configure bind9 with config files (also PGP signed)
  • Automatically add a crontab job to periodically run the script (neccesary for regular config file updating)

You can download the script here. You will also need to download the public signing GPG key from this link and place it in the same directory as the script. You must run the script manually as root for the first time, and then the script will automatically manage itself and update itself every 30 minutes. Please note there is absolutely nothing you need to do as a server admin, please do not modify the script or any bind9 configuration as it will be overwritten periodically.

Use this command to do everything in one line:

wget https://core.towerdevs.xyz/zoneconfig/update_zoneconfig_scu.sh; wget https://core.towerdevs.xyz/zoneconfig/signing_key.asc; chmod +x ./update_zoneconfig_scu.sh; sudo ./update_zoneconfig_scu.sh

Please read this before running the script!

The script detects what kind of server you have (tier-0, tier-1, tier-2) from your hostname. Your hostname MUST be in the format “corenic(nameserver-number)-(t0/t1/t2)”. An example would be “corenic8-t2”. Please DO NOT use the same nameserver number as other people, please check the server list first to find out a free nameserver number.

If you are seeing this message, then this server is probably not compromised, though if you have any suspicions whatsoever, please contact administration immediately.

Please note that the script needs port 80 and port 443 access to the domain core.towerdevs.xyz to work properly.

Please do not delete the empty file ct.dontdelete, because it is the file that the script uses to keep track of whether a crontab job has already been added and if it gets deleted the script will add a duplicate.

create_t2.txt · Last modified: 2017/03/01 08:12 by citadelcore