Blue Team DNS¶
Warning
The old iscore_sync.sh and iscore_sync_forwarder.sh scripts have been deprecated. Instead use the
generate_iscore_zone.py scripts located in the scripts directory.
IScorE can handle DNS for Blue Teams in one of two ways: Provided DNS and Competitor DNS. By default, IScorE will handle DNS for Blue Teams. They can manage their records in the DNS section of the Blue Team Area. For Competitor DNS, Blue Teams are expected to provide their own DNS and provide the address for their DNS server through IScorE. For each method, IScorE includes scripts that will generate the appropriate zone and configuration files for each method.
In either configuration, the IScorE database needs to have a user that has read permissions specifically for the sync scripts. These script generate the configuration/zone files based on information in the database.
Provided DNS¶
This mode requires a master zone for each team. The default IScorE image has
zones defined for 40 teams. These zone files live in /etc/bind/teams. For
example, a configuration file for a CDC with 2 teams using isucdc.net would
look like this:
zone "isucdc.com." {
type master;
file "/etc/bind/db.empty";
}
zone "team1.isucdc.com." {
type master;
file "/etc/bind/teams/team1";
}
zone "team2.isucdc.com." {
type master;
file "/etc/bind/teams/team2";
}
Using this setup, there is a sync script (/etc/bind/teams/iscore_sync.sh on the ISERink image). This script should
be run every minute.
Note
Every team has MX record pointing the mail subdomain. Blue teams just need to
create A record at mail of their domain in IScorE.
Note
The iscore_sync.sh and generate_iscore_zone.py scripts automatically generate an MX record pointing
to mail.$ORIGIN.
Competitor DNS¶
This mode requires a forwarder zone for each team that points to the team’s DNS
server. There is a generation script (scripts/generate_iscore_zone.py in the IScorE directory) that should be run
every hour. Additionally rndc flush should be run immediately after the sync script.
Warning
When using this mode, the root zone, isucdc.com in this case, CAN NOT
exist. DNS will not work if it does. If that is not possible in your
environment, you will need to generate glue NS records for each team’s
DNS server.
Custom Domains¶
By default, IScorE assumes domain names to take the pattern teamN.<TEAM_DOMAIN_SUFFIX>. Alternatively, if a team has
a custom domain assigned, the team will have a domain of the pattern <custom>.<TEAM_DOMAIN_SUFFIX>. Currently the
scripts included with IScorE to generate DNS zones do not support custom domains. Custom domains are intended to be used
when team domains names do not follow a pattern. For example, if a scenario says that each team is in it’s own “city”,
the teams could have custom domains for their city (chicago, atlanta, etc.) rather than teamN.
DNS API¶
The IScorE API provides the ability to manage DNS records as well as get dns zones for each team. An example script for
provided and competitor DNS can be found in the scripts directory. More information about the DNS API can be found
here.
Settings¶
HOSTED_DNS_ZONE- What domain the DNS server resolves at. For instance if your DNS server is “ns.iserink.com” than this should be
“iserink.com”. This does NOT have to match
TEAM_DOMAIN_SUFFIX, although in most cases it will.
Sync Script Setup¶
The new sync script, generate_iscore_zone.py can be found in the scripts directory. It uses the new
DNS API to generate the DNS zone files for each team, or the forwarders configuration when using
Competitor DNS. The script needs a service account in IScorE that has an API token as described here. It is
required that the user either be a Django “staff” user or “superuser” in order to access the DNS API.
Note
If the account is marked as “staff” instead of “superuser”, it will get deleted when doing a Competition Reset.