Configuring Secure64 x86

Configuring Secure64 x86 Support

The initial setup of the Secure64 x86 Authoritative server is as follows:

Configuring Secure64 x86 Authority Server

1. Using the terminal, SSH to the desired S64 x86 server. All the configurations and zones will be pushed in /srv/knot/6c/

2. Create new user "provision"
   
   

   sudo useradd provision
   sudo passwd provision

3. Create a directory called "6c" that will be used for the ProVision exports and set the permissions, so that we can push the configurations in /srv/knot/

   sudo mkdir --mode=u+rwx,g+wrs,o-rwx /srv/knot/6c
   sudo chown provision.knot /srv/knot/6c

4. In order to properly reload the server without asking for a password from ProVision, we must edit the sudoers file to let the user "provision" execute "sudo knotc reload" after push. So, add the following line at the end of /etc/sudoers:

   provision ALL=(ALL) NOPASSWD: /sbin/knotc reload

5. Add knot to be inside the "provision" group by editing the /etc/group as follows:

   provision:x:120:knot

6. Add provision to be a part of the knot group (in case knot replaces a zone), so that Provision is able to replace it again on push. So, we must once again edit /etc/group, as follows:

   knot:x:119:provision

7. Configure ProVision in the S64 server and add the include directive in /etc/knot/knot.conf:

   include: /srv/knot/6c/6c_knot.conf

8. Open the ProVision UI and navigate to the DNS section to add the S64x86 server. While adding server settings, you must verify that Post Command is set to “sudo knotc reload” and the configuration path to “/srv/knot/6c/6c_knot.conf”
   
   
   
9. An example server configuration for the S64 x86 server is shown below:

$ORIGIN 30 IN TYPE65464 ${p4} PTR ${a4}.pool.example.com.
$ORIGIN 600 IN TYPE65464 ${a4} A ${a4}
$ORIGIN TYPE65464 ${p6} PTR user${a6}.my.example.com.
$ORIGIN 5 IN SYNTH user${a6} AAAA ${a6}
$ORIGIN IN SYNTH nptr-${u} NAPTR 10 20 "A" "" "" srv-${u}
$ORIGIN IN SYNTH srv-${u} SRV 10 20 1234 srv-addr-${u}