DNS
(increment SOA!) |
(New DNS setup) |
||
| Line 1: | Line 1: | ||
| + | This page describes Wikimedia's DNS setup. Wikimedia use two separate kinds of DNS servers, authoritative nameservers (that respond to queries from 3rd party nameservers for our domains) and resolvers (that resolve DNS queries for our own servers) | ||
| + | |||
| + | == Authoritative nameservers == | ||
| + | In the new DNS setup, Wikimedia have 3 authoritative DNS servers, all running PowerDNS. The three authoritative servers are: | ||
| + | * ns0.wikimedia.org - 207.142.131.207 (secondary IP on [[zwinger]]) | ||
| + | * ns1.wikimedia.org - 207.142.131.208 ([[larousse]]) | ||
| + | * ns2.wikimedia.org - 145.97.39.158 (secondary IP on [[pascal]]) | ||
| + | |||
| + | The servers are running with two PowerDNS backends each: the Bind backend (which emulates/reads Bind style zonefiles) and Geobackend (which is responsible for geographic DNS). The two backends are ''overlapping'', meaning that for a given query the Bind backend is asked first, and if that declines to answer (because it doesn't have the requested record), the next backend, geobackend will be asked. Therefor, the usual contents of the zones are in regular Bind style zonefiles, and the geodns record <tt>rr.wikimedia.org.</tt> is ''added'' by geobackend. | ||
| + | |||
| + | Zwinger is the master namserver, sort of, but the slaves are '''not''' using AXFR! Zonefiles and other configuration are replicated through the use of <tt>rsync</tt> in an update script. | ||
| + | |||
| + | All configuration files can be found in | ||
| + | /usr/local/etc/powerdns/ | ||
| + | on all three hosts. | ||
| + | |||
| + | The main PowerDNS configuration file is <tt>/usr/local/etc/pdns.conf</tt>. Its configuration is documented on [[PowerDNS]]. | ||
| + | |||
| + | Additionally, there's a Bind backend configuration file, <tt>/usr/local/etc/bind.conf</tt>. It's compatible with Bind's own configuration format, but is only used to list the domains which the Bind backend has to serve. (Almost) all other options are ignored. In our setup, <tt>bind.conf</tt> is autogenerated from the [[#Domain templates|domain templates]]. | ||
| + | |||
| + | === Domain templates === | ||
| + | Because Wikimedia have a lot of zones that essentially contain the same records (aliases for <tt>wikipedia.org</tt> and other projects), the old DNS setup used a single zonefile for multiple zones. That has the advantage that just a single change in a zonefile affects many zones. Unfortunately, it doesn't permit the use of $ORIGIN lines in the zonefile. In the new DNS setup, each zone gets its own zonefile, but multiple zonefiles can be generated from a single ''zone template''. | ||
| + | |||
| + | The zone templates are (regular) files in | ||
| + | /usr/local/etc/powerdns/templates/ | ||
| + | Each ''regular file'' in this directory corresponds to a zone with the same name. Each ''symbolic link'' to a regular file in this directory corresponds to a ''domain alias''. So, in this example: | ||
| + | # ls -l templates/mediawiki* | ||
| + | lrwxrwxrwx 1 root root 13 Jun 19 15:52 templates/mediawiki.com -> mediawiki.org | ||
| + | lrwxrwxrwx 1 root root 13 Jun 19 15:52 templates/mediawiki.net -> mediawiki.org | ||
| + | -rw-r--r-- 1 root root 1500 Jun 19 15:12 templates/mediawiki.org | ||
| + | ...one zone <tt>mediawiki.org</tt> is listed, with two alias zones, <tt>mediawiki.com</tt> and <tt>mediawiki.net</tt>. | ||
| + | |||
| + | ==== Substitution variables ==== | ||
| + | Within the zone template, a few predefined variables can be used, that will be substituted when the actual zonefiles are generated from the template. These variables include: | ||
| + | ; <tt>$zonename</tt> : The actual zone qname (FQDN) of the zonefile to be generated | ||
| + | ; <tt>$serial</tt> : The SOA serial number, derived from the current date and hour in <tt>YYYYMMDDHH</tt> format | ||
| + | ; <tt>$langlist</tt> : A list of ''language subdomain CNAMEs'', i.e. a list of all language abbreviations for all languages any Wikimedia project has, generated from <tt>/home/wikipedia/common/langlist</tt>. | ||
| + | |||
| + | == Resolvers == | ||
| + | :''To be written. Is still using the old DNS setup.'' | ||
| + | |||
| + | == Old setup == | ||
[[Larousse]], [[albert]] and [[zwinger]] are listed as authoritative name servers for *.pmtpa.wmnet. Larousse and zwinger are running [[PowerDNS]]. All three are running named. (BIND? version?) | [[Larousse]], [[albert]] and [[zwinger]] are listed as authoritative name servers for *.pmtpa.wmnet. Larousse and zwinger are running [[PowerDNS]]. All three are running named. (BIND? version?) | ||
| − | ==Important files== | + | ===Important files=== |
; /var/named/master/wmnet.zone : This is the internal zone, it's the equivalent of /etc/hosts before we massacred that file | ; /var/named/master/wmnet.zone : This is the internal zone, it's the equivalent of /etc/hosts before we massacred that file | ||
| Line 9: | Line 51: | ||
Edit one of these files on zwinger, '''not forgetting to increment the SOA''', and then restart with <tt>/etc/init.d/named restart</tt>. | Edit one of these files on zwinger, '''not forgetting to increment the SOA''', and then restart with <tt>/etc/init.d/named restart</tt>. | ||
| − | ==Zones== | + | ===Zones=== |
; *.pmtpa.wmnet : 10/8 addresses valid within our Tampa network | ; *.pmtpa.wmnet : 10/8 addresses valid within our Tampa network | ||
Revision as of 18:18, 19 June 2005
This page describes Wikimedia's DNS setup. Wikimedia use two separate kinds of DNS servers, authoritative nameservers (that respond to queries from 3rd party nameservers for our domains) and resolvers (that resolve DNS queries for our own servers)
Contents |
Authoritative nameservers
In the new DNS setup, Wikimedia have 3 authoritative DNS servers, all running PowerDNS. The three authoritative servers are:
- ns0.wikimedia.org - 207.142.131.207 (secondary IP on zwinger)
- ns1.wikimedia.org - 207.142.131.208 (larousse)
- ns2.wikimedia.org - 145.97.39.158 (secondary IP on pascal)
The servers are running with two PowerDNS backends each: the Bind backend (which emulates/reads Bind style zonefiles) and Geobackend (which is responsible for geographic DNS). The two backends are overlapping, meaning that for a given query the Bind backend is asked first, and if that declines to answer (because it doesn't have the requested record), the next backend, geobackend will be asked. Therefor, the usual contents of the zones are in regular Bind style zonefiles, and the geodns record rr.wikimedia.org. is added by geobackend.
Zwinger is the master namserver, sort of, but the slaves are not using AXFR! Zonefiles and other configuration are replicated through the use of rsync in an update script.
All configuration files can be found in
/usr/local/etc/powerdns/
on all three hosts.
The main PowerDNS configuration file is /usr/local/etc/pdns.conf. Its configuration is documented on PowerDNS.
Additionally, there's a Bind backend configuration file, /usr/local/etc/bind.conf. It's compatible with Bind's own configuration format, but is only used to list the domains which the Bind backend has to serve. (Almost) all other options are ignored. In our setup, bind.conf is autogenerated from the domain templates.
Domain templates
Because Wikimedia have a lot of zones that essentially contain the same records (aliases for wikipedia.org and other projects), the old DNS setup used a single zonefile for multiple zones. That has the advantage that just a single change in a zonefile affects many zones. Unfortunately, it doesn't permit the use of $ORIGIN lines in the zonefile. In the new DNS setup, each zone gets its own zonefile, but multiple zonefiles can be generated from a single zone template.
The zone templates are (regular) files in
/usr/local/etc/powerdns/templates/
Each regular file in this directory corresponds to a zone with the same name. Each symbolic link to a regular file in this directory corresponds to a domain alias. So, in this example:
# ls -l templates/mediawiki* lrwxrwxrwx 1 root root 13 Jun 19 15:52 templates/mediawiki.com -> mediawiki.org lrwxrwxrwx 1 root root 13 Jun 19 15:52 templates/mediawiki.net -> mediawiki.org -rw-r--r-- 1 root root 1500 Jun 19 15:12 templates/mediawiki.org
...one zone mediawiki.org is listed, with two alias zones, mediawiki.com and mediawiki.net.
Substitution variables
Within the zone template, a few predefined variables can be used, that will be substituted when the actual zonefiles are generated from the template. These variables include:
- $zonename
- The actual zone qname (FQDN) of the zonefile to be generated
- $serial
- The SOA serial number, derived from the current date and hour in YYYYMMDDHH format
- $langlist
- A list of language subdomain CNAMEs, i.e. a list of all language abbreviations for all languages any Wikimedia project has, generated from /home/wikipedia/common/langlist.
Resolvers
- To be written. Is still using the old DNS setup.
Old setup
Larousse, albert and zwinger are listed as authoritative name servers for *.pmtpa.wmnet. Larousse and zwinger are running PowerDNS. All three are running named. (BIND? version?)
Important files
- /var/named/master/wmnet.zone
- This is the internal zone, it's the equivalent of /etc/hosts before we massacred that file
- /var/named/master/wikimedia.zone
- This is the list of names available externally under *.wikimedia.org
Edit one of these files on zwinger, not forgetting to increment the SOA, and then restart with /etc/init.d/named restart.
Zones
- *.pmtpa.wmnet
- 10/8 addresses valid within our Tampa network
- *.lopar.wmnet
- 10/8 addresses valid within our Paris network
- *.wikimedia.org
- Assorted external addresses from Tampa and Paris.
resolv.conf in Florida is set up to search *.pmtpa.wmnet then *.wikimedia.org. So if a machine does not have an internal address, the resolver automatically tries for an external address.
