Blue Team DNS

Warning

The old iscore_sync.sh and iscore_sync_forwarder.sh scripts have been deprecated. Instead use the generate_iscore_zone.py scripts located in the scripts directory.

IScorE can handle DNS for Blue Teams in one of two ways: Provided DNS and Competitor DNS. By default, IScorE will handle DNS for Blue Teams. They can manage their records in the DNS section of the Blue Team Area. For Competitor DNS, Blue Teams are expected to provide their own DNS and provide the address for their DNS server through IScorE. For each method, IScorE includes scripts that will generate the appropriate zone and configuration files for each method.

In either configuration, the IScorE database needs to have a user that has read permissions specifically for the sync scripts. These script generate the configuration/zone files based on information in the database.

Provided DNS

This mode requires a master zone for each team. The default IScorE image has zones defined for 40 teams. These zone files live in /etc/bind/teams. For example, a configuration file for a CDC with 2 teams using isucdc.net would look like this:

zone "isucdc.com." {
    type master;
    file "/etc/bind/db.empty";
}

zone "team1.isucdc.com." {
    type master;
    file "/etc/bind/teams/team1";
}

zone "team2.isucdc.com." {
    type master;
    file "/etc/bind/teams/team2";
}

Using this setup, there is a sync script (/etc/bind/teams/iscore_sync.sh on the ISERink image). This script should be run every minute.

Note

The iscore_sync.sh and generate_iscore_zone.py scripts automatically generate an MX record pointing to mail.$ORIGIN.

Competitor DNS

This mode requires a forwarder zone for each team that points to the team’s DNS server. There is a generation script (scripts/generate_iscore_zone.py in the IScorE directory) that should be run every hour. Additionally rndc flush should be run immediately after the sync script.

Warning

When using this mode, the root zone, isucdc.com in this case, CAN NOT exist. DNS will not work if it does. If that is not possible in your environment, you will need to generate glue NS records for each team’s DNS server.

Custom Domains

By default, IScorE assumes domain names to take the pattern teamN.<TEAM_DOMAIN_SUFFIX>. Alternatively, if a team has a custom domain assigned, the team will have a domain of the pattern <custom>.<TEAM_DOMAIN_SUFFIX>. Currently the scripts included with IScorE to generate DNS zones do not support custom domains. Custom domains are intended to be used when team domains names do not follow a pattern. For example, if a scenario says that each team is in it’s own “city”, the teams could have custom domains for their city (chicago, atlanta, etc.) rather than teamN.

DNS API

The IScorE API provides the ability to manage DNS records as well as get dns zones for each team. An example script for provided and competitor DNS can be found in the scripts directory. More information about the DNS API can be found here.

Settings

HOSTED_DNS_ZONE
What domain the DNS server resolves at. For instance if your DNS server is “ns.iserink.com” than this should be “iserink.com”. This does NOT have to match TEAM_DOMAIN_SUFFIX, although in most cases it will.

Sync Script Setup

The new sync script, generate_iscore_zone.py can be found in the scripts directory. It uses the new DNS API to generate the DNS zone files for each team, or the forwarders configuration when using Competitor DNS. The script needs a service account in IScorE that has an API token as described here. It is required that the user either be a Django “staff” user or “superuser” in order to access the DNS API.

Note

If the account is marked as “staff” instead of “superuser”, it will get deleted when doing a Competition Reset. The next version of IScorE is planned to introduce actual service accounts that will only have access to the API and will not be deleted by Competition Reset.