⑤ Deploy & Config
User and Group
Directories
Init scripts
Setup CoreDNS
Services
Enablement / Disablement
Base functional config
Test
Install CoreDNS #
User and group #
CoreDNS user #
According to our local copy of users uids/gid across different flavors of unix, Gentoo is the only unix variant that has assigned or reserved a UID/GID for CoreDNS: 312 Additionally in other variants 312 isnt a contended placeholder!
ERGO! 312 it is!
useradd --home-dir /home/coredns --uid 312 \
--create-home --system coredns --user-group --shell /sbin/nologin --comment "CoreDNS User" Directories and binaries #
Lets create the CoreDNS config directory, The CoreDNS User home directory, and the CoreDNS Binary
install --group coredns --owner coredns --mode 0777 -d /etc/coredns /home/coredns
install --group=coredns --owner=coredns --mode=0755 /usr/src/coredns/coredns /usr/bin/coredns… I hope you weren’t thinking this would be a big thing.
Install scripts and binaries #
Install the init script #
Put this file in /lib/systemd/system/coredns.service:
[Unit]
Description=CoreDNS DNS server
Documentation=https://coredns.io
After=network.target
[Service]
PermissionsStartOnly=true
LimitNOFILE=1048576
LimitNPROC=512
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
User=coredns
WorkingDirectory=/home/coredns
ExecStart=/bin/bash -c '/usr/bin/coredns -conf=/etc/coredns/Corefile'
ExecReload=/bin/kill -SIGUSR1 $MAINPID
Restart=on-failure
[Install]
WantedBy=multi-user.targetLet systemd know you’ve changed its’ configuration files via the command systemctl daemon-reload
….. I know, Kinda anti-climactic.
Setup CoreDNS #
Okay…. Everything essential is in place….now lets make a minimal configuration and kick the tires….
Disable systemd-resolved #
systemctl disable systemd-resolved
systemctl stop systemd-resolvedresolv.conf #
Now that systemd-resolved is out of the picture, we have to fix resolv.conf.
systemd-resolved symlinks it to a dynamic file ( /run/systemd/resolve/stub-resolv.conf ):
root@coredns-03:~# ls -la /etc/resolv.conf
lrwxrwxrwx 1 root root 37 Aug 31 20:09 /etc/resolv.conf -> /run/systemd/resolve/stub-resolv.con
This is simple enough to fix though:
root@coredns-03:~# rm /etc/resolv.conf && cat <<EOF>/etc/resolv.conf
nameserver 127.0.0.1
domain wolfspyre.com
search wolfspyre.com wolfspyre.io
EOFDeploy a minimal, but functiona config to /etc/coredns/Corefile #
Here’s a minimal Corefile:
(external) {
health
prometheus 0.0.0.0:9153
metadata
log . "{remote} {type} {name} {class} {size} {rcode} {duration}"
errors
cache
template ANY AAAA { rcode NOERROR }
}
.:53 {
import external
forward . 127.0.0.1:5301 127.0.0.1:5302
}
.:5301 {
import external
forward . 8.8.8.8 8.8.4.4 { tls_servername dns.google }
}
.:5302 {
import external
forward . 1.1.1.1 1.0.0.1 { tls_servername cloudflare-dns.com }
}With the above Corefile installed. we should be able to kick off the CoreDNS service and make sure it returns queries
Enable and start CoreDNS #
systemctl enable coredns
systemctl start coredns
systemctl status corednsroot@coredns-03:/usr/src/coredns# service coredns status
● coredns.service - CoreDNS DNS server
Loaded: loaded (/lib/systemd/system/coredns.service; enabled; vendor preset:>
Active: active (running) since Tue 2022-09-13 15:26:58 CDT; 4s ago
Docs: https://coredns.io
Main PID: 37561 (coredns)
Tasks: 9 (limit: 4416)
Memory: 10.3M
CPU: 280ms
CGroup: /system.slice/coredns.service
└─37561 /usr/bin/coredns -conf=/etc/coredns/Corefile
Sep 13 15:26:58 coredns-03 systemd[1]: Started CoreDNS DNS server.
Sep 13 15:26:58 coredns-03 coredns[37561]: .:53
Sep 13 15:26:58 coredns-03 coredns[37561]: .:5301
Sep 13 15:26:58 coredns-03 coredns[37561]: .:5302
Sep 13 15:26:58 coredns-03 coredns[37561]: CoreDNS-1.9.4
Sep 13 15:26:58 coredns-03 coredns[37561]: linux/arm64, go1.19.1, 8655b7cb-dirtyWell whaddaya know! It works!
Neat, eh?
Lets continue on and install some extra stuff to make this host a little more durable