Tag: linux

PowerDNS AXFR transfer import

Lately I have been pretty busy with large DNS migration projects, and fortunately PowerDNS has created a very handy tool: zone2sql

Assume you can do an AXFR transfer (dig AXFR @<ip from old server> example.com), the output you get here you can convert to a MySQL query for example.

With this generated MySQL query you can import the whole zone without any trouble into the new database backend of the new server.

Prerequisites:

1. A working PowerDNS authoritative server

2. A MySQL/MariaDB backend

3. AXFR tranfer possibility

Steps:

1. Get the zone information: (in my test case the old nsauth server is 10.0.0.1)

dig AXFR @10.0.0.1 example.com > example.com.txt

2. Examine the output:

cat example.com.txt

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> AXFR @10.0.0.1 example.com
; (1 server found)
;; global options: +cmd
example.com.             3600    IN      SOA     nsauth1.example.com. postmaster.example.com. 2015041601 43200 3600 3600000 86400
example.com.             3600    IN      NS      nsauth1.example.com.
example.com.             3600    IN      MX      10 mx1.example.com.
www.example.com.         86400   IN      A       10.0.0.100
example.com.             3600    IN      NS      nsauth2.example.com.
example.com.             3600    IN      SOA     nsauth1.example.com. postmaster.example.com. 2015041601 43200 3600 3600000 86400
;; Query time: 3 msec
;; SERVER: 10.0.0.1#53(10.0.0.1)
;; WHEN: ma jun 22 16:23:51 CEST 2015
;; XFR size: 6 records (messages 3, bytes 315)

3. With the zone2sql tool, convert the above information to a MySQL query:

zone2sql --gmysql --zone-name=example.com --zone=example.com.txt > example.com.sql

The output written to example.com.sql is like this:

insert into domains (name,type) values (example.com','NATIVE');
insert into records (domain_id, name, type,content,ttl,prio,disabled) select id ,'example.com', 'NS', 'nsauth1.example.com', 3600, 0, 0 from domains where name='example.com';

etc

4. Now import the generated .sql file in the MySQL/MariaDB backend server from commandline (assume the backend is running locally):

mysql -u root -p pdns < example.com.sql

After this is completed the new zone including all records is now available in the new authortitative server.

The PowerAdmin tool is very helpful (http://www.poweradmin.org/) and recently I managed to enable the LDAP user function which is very handy.

SSH key login without password

Create a public SSH key on your local server:

ssh-keygen -t rsa

Copy the public SSH key to the remote server

ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host

After this is completed you can login with the existing username (of course on both servers) without a password.
For extra security you can set a password on your key file when you create it with the first command.

Destroy all content of the disk (shred)

Since a couple of years there is a brilliant tool included in Debian/Ubuntu distro’s: shred

This tool will write random stuff on your harddisk which makes it harder to recover.

There are some nice options to write multiple times over the previous data.

This is something I use:

shred -n2 -v -z /dev/sde

-n2: This will write 2 times over the previous data
-v: Verbose, so you can monitor the process
-z: Zero all previous writes out to hide the shred.
/dev/sde: Your device you want to erase, replace with your own!

Of course with very expensive hardware there are some parts recoverable, but for normal use I think it’s fine.

Use at your own risk!