Part 5 - Deploy & Config
- In Part One, We talked about the hardware
- In Part Two, We burned Ubuntu on your MicroSD card.
- In Part Three, We got everything set up to my personal liking, but ymmv.
- In Part Four, We got CoreDNS built.
- In Part Six We add a few odds & ends to make the host more durable
- And in Part Seven We add the bits for the eInk display
According to our local copy of users uids/gid across different flavors of unix, Gentoo is the only unix variant that has assigned or reserved a UID/GID for CoreDNS: 312 Additionally in other variants 312 isnt a contended placeholder!
ERGO! 312 it is!
useradd --home-dir /home/coredns --uid 312 --create-home --system coredns --user-group --shell /sbin/nologin --comment "CoreDNS User"
Lets create the CoreDNS config directory, The CoreDNS User home directory, and the CoreDNS Binary
install --group coredns --owner coredns --mode 0777 --verbose -d /etc/coredns /home/coredns
install --group=coredns --owner=coredns --mode=0755 /usr/src/coredns/coredns /usr/bin/coredns
… I hope you weren’t thinking this would be a big thing.
Put this file in /lib/systemd/system/coredns.service:
[Unit]
Description=CoreDNS DNS server
Documentation=https://coredns.io
After=network.target
[Service]
PermissionsStartOnly=true
LimitNOFILE=1048576
LimitNPROC=512
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
User=coredns
WorkingDirectory=/home/coredns
ExecStart=/bin/bash -c '/usr/bin/coredns -conf=/etc/coredns/Corefile'
ExecReload=/bin/kill -SIGUSR1 $MAINPID
Restart=on-failure
[Install]
WantedBy=multi-user.target
Let systemd know you’ve changed its’ configuration files via the command systemctl daemon-reload
….. I know, Kinda anti-climactic.
Okay…. Everything essential is in place….now lets make a minimal configuration and kick the tires….
systemctl disable systemd-resolved
systemctl stop systemd-resolved
Now that systemd-resolved is out of the picture, we have to fix resolv.conf.
systemd-resolved symlinks it to a dynamic file ( /run/systemd/resolve/stub-resolv.conf ):
root@coredns-03:~# ls -la /etc/resolv.conf
lrwxrwxrwx 1 root root 37 Aug 31 20:09 /etc/resolv.conf -> /run/systemd/resolve/stub-resolv.con
This is simple enough to fix though:
root@coredns-03:~# rm /etc/resolv.conf && cat <<EOF>/etc/resolv.conf
nameserver 127.0.0.1
domain wolfspyre.com
search wolfspyre.com wolfspyre.io
EOF
Here’s a minimal Corefile:
(external) {
health
prometheus 0.0.0.0:9153
metadata
log . "{remote} {type} {name} {class} {size} {rcode} {duration}"
errors
cache
template ANY AAAA { rcode NOERROR }
}
.:53 {
import external
forward . 127.0.0.1:5301 127.0.0.1:5302
}
.:5301 {
import external
forward . 8.8.8.8 8.8.4.4 { tls_servername dns.google }
}
.:5302 {
import external
forward . 1.1.1.1 1.0.0.1 { tls_servername cloudflare-dns.com }
}
With the above Corefile installed. we should be able to kick off the CoreDNS service and make sure it returns queries
systemctl enable coredns
systemctl start coredns
systemctl status coredns
root@coredns-03:/usr/src/coredns# service coredns status
β coredns.service - CoreDNS DNS server
Loaded: loaded (/lib/systemd/system/coredns.service; enabled; vendor preset:>
Active: active (running) since Tue 2022-09-13 15:26:58 CDT; 4s ago
Docs: https://coredns.io
Main PID: 37561 (coredns)
Tasks: 9 (limit: 4416)
Memory: 10.3M
CPU: 280ms
CGroup: /system.slice/coredns.service
ββ37561 /usr/bin/coredns -conf=/etc/coredns/Corefile
Sep 13 15:26:58 coredns-03 systemd[1]: Started CoreDNS DNS server.
Sep 13 15:26:58 coredns-03 coredns[37561]: .:53
Sep 13 15:26:58 coredns-03 coredns[37561]: .:5301
Sep 13 15:26:58 coredns-03 coredns[37561]: .:5302
Sep 13 15:26:58 coredns-03 coredns[37561]: CoreDNS-1.9.4
Sep 13 15:26:58 coredns-03 coredns[37561]: linux/arm64, go1.19.1, 8655b7cb-dirty
Well whaddaya know! It works!
Neat, eh?
Lets continue on and install some extra stuff to make this host a little more durable