|
 |
|
Please note: There is a new program version for DNS called BIND 8. The
old version used slightly different setup files such as "named.boot" rather
than "named.conf" as in the new version. This is why you may see confusing
documentation in books and on the web. I have tried to document BIND 8 here.
DNS and its structure is explained in more detail in the "networking" manual
written for this document series. This section explains setup of the name
server.
The daemon that provides the service - named
Set up the following files as per this example:
- /etc/hosts - Local host names.
- /etc/host.conf - Configures the relationship between DNS and the
/etc/hosts file.
- /etc/resolv.conf - Configures the name resolver for interaction with
the domain name server.
- /etc/named.conf - Defines the main parameters for the name server.
- /var/named/named.ca - Hints file specified in the /etc/named.conf
file.
- /var/named/named.local - Local hosts file specified in the /etc/named.conf
file
- /var/named/db.10.1.hosts - Zone file specified in the /etc/named.conf
file.
- /var/named/db.mycompany.com.hosts - Reverse zone file specified in the
/etc/named.conf file.
domain=mycompany.com. nameserver=mymachine=10.1.0.100 mail server=mailmachine=10.1.0.4
Windows box=10.1.3.16.
- File: /etc/hosts
127.0.0.1 localhost localhost.localdomain
10.1.0.100 mymachine.mycompany.com mymachine
- File: /etc/host.conf
order hosts, bind
multi on
nospoof on
alert on
|
|
The line "nospoof on" checks for IP address spoofing and "alert on" will send
a warning if an attempt to spoof is detected. The order command specifies that
when the client is resolving names to first look in the /etc/host file, then use
BIND8 (DNS) to resolve the name. Another valid option for the command order is
nis which stands for Network Information Service, created by Sun. The line
"multi on" specifies that all valid addresses for a host found in the hosts file
should be returned. This means that the same host name will be returned for a
machine that has more than one network address such as a machine that interfaces
to two or more networks. For example I have a machine interfacing to network
192.168.199.0 at IP address 192.168.199.1 and the other interface is on network
10.1.0.0 at IP address 10.1.1.100. It allows both networks to refer to the
machine with the same name.
File: /etc/resolv.conf
domain mycompany.com
search mycompany.com mynet.net
nameserver 127.0.0.1
nameserver 10.1.0.100
Commands:
- search - Specifies domain names used to expand a host name prior to
sending the DNS query to the nameserver. The search list may contain up to 6
domain names, each separated by whitespace. The "mynet.net" shown above is
only used for an example and is not normally included.
- nameserver - Up to three nameserver commands may be used. Each nameserver
command specifies an IP address of a nameserver that can be used to answer
name queries.
- domain - The name of the local domain which is used to expand the host
name before sending the query to the name server. If no domain is specified,
the value in the search command is used.
File /etc/named.conf. - This file replaces named.boot in the old
configuration. The first two zones need to be defined for all servers and if
they are the only ones defined, the result would be a caching only nameserver.
In each of the rest of the zones your server can be designated as a master or a
slave for that zone.
// generated by named-bootconf.pl
options {
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
zone "." {
type hint;
file "named.ca";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "named.local";
};
zone "1.10.in-addr.arpa" {
type master;
file "db.10.1.hosts";
allow transfer { 127.0.0.1; };
};
zone "mycompany.com" {
type master;
file "db.mycompany.com.hosts";
notify yes;
allow transfer { 127.0.0.1; };
};
Commands:
- acl - A named IP address control list for access control
- include - Allows an additional file to be included in this configuration
file.
- key - Security key for authentification and authorization.
- logging - Determines where DNS logging is stored and what events are
logged.
- options
- directory - Defines the directory all files are to be found in.
- forwarders - Forward first and forward only are the two choices. Forward
first is the default which causes the server to forward queries not in its
own cache to specific servers (forwarders) before querying any external
server. Forward only means the query is only sent to the forwarders.
- server - Gives characteristics of a remote server.
- bogus - yes or no (default). Mark it bogus if it is sending bad data.
- support-ixfr
- transfers - Not yet used but will limit number of concurrent in bound
zone transfers.
- transfer-format - one-answer or many-answers. Many answers works for
bind 8.1 and above and is more efficient.
- keys - Used to identify a key defined by the key statement
- zone - Parts of the network (zones) which are to be serviced by the
nameserver.
- allow-transfer - Specifies The hosts allowed to receive zone transfers
from the server. Any transfer specification in the zone statement will
override the allow-transfer statement.
- allow-update - Specifies hosts that are allowed to send DNS updates to
the server. No updates are allowed from any hosts as a default.
- also notify - Allows nameservers not in the zone's database record to
receive a DNS NOTIFY message when zone information is updated.
- dialup - yes or no
- type - Defines the type of nameserver for this zone. Choices:
- master
- slave
- hint - Specifies the initial set of nameservers for the root zone.
- forward - Directs all queries to other servers
- stub - Replicates only the NS records of a master zone instead of the
entire zone but otherwise is like a slave.
- file - Defines the file name that will provide information for this
zone.
- masters - Defines the master server for the zone if this server for this
zone is a slave. Syntax: "masters {192.168.1.6; };"
- notify - Options are "notify no" or "notify yes" which determines if
slave servers will be notified immediately when the zone information is
updated. Notify yes is the default.
There are many more options associated with this file. For more information,
read the BIND configuration file guide for BIND version 8 or higher. The option
"allow transfer", above, limits DNS zone transfers to the loopback address. If
there were a slave nameserver, its IP address should be here. With the allow
transfer option set, other machines cannot get DNS information. This limits the
effectiveness of IP spoofers and spammers.
File: /var/named/named.ca (if you have one, don't modify unless you
have to). This is the hints file that helps the name server locate root
nameservers at startup.
Some documentation says to modify the line "A.ROOT-SERVERS.NET." to put your
Linux box address:
A.ROOT-SERVERS.NET. 3600000 A 10.1.0.100
but this is not correct. Some versions of the name server will generate error
messages to var/log/messages if this is done.
I use:
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC registration services
; under anonymous FTP as
; file /domain/named.root
; on server FTP.RS.INTERNIC.NET
; -OR- under Gopher at RS.INTERNIC.NET
; under menu InterNIC Registration Services (NSI)
; submenu InterNIC Registration Archives
; file named.root
;
; last update: Aug 22, 1997
; related version of root zone: 1997082200
;
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 201.12.27.33
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; temporarily housed at NSI (InterNIC)
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 198.41.0.10
;
; housed in LINX, operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
;
; temporarily housed at ISI (IANA)
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12
;
; housed in Japan, operated by WIDE
;
;. 3600000 NS M.ROOT-SERVERS.NET.
;M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
; End of File
The official root nameserver file is at ftp:.rs.internic.net and is called
/domain/named.root.
File: /var/named/named.local (should not need to change)
unchanged as:
@ IN SOA localhost. root.localhost. (
1999112701 ; Serial number as date and two digit number YYMMDDXX
28800 ; Refresh in seconds 28800=8H
7200 ; Retry in seconds 7200=2H
3600000 ; Expire 3600000=1 week
86400) ; Minimum TTL 86400=24Hours
@ IN NS localhost.
1 IN PTR localhost.
Create File: /var/named/db.10.1.hosts: Note: The first 2 lines are to
be on one line!! The '\' means continue the line on the next line.
1.10.in-addr.arpa. IN SOA mymachine.mycompany.com.\
root.mymachine.mycompany.com. (
1999112701
10800
3600
604800
86400 ) ;Default TTL
1.10.in-addr.arpa. IN NS mymachine.mycompany.com.
100.0.1.10.in-addr.arpa. IN PTR mymachine.mycompany.com.
4.0.1.10.in-addr.arpa. IN PTR mailmachine.mycompany.com.
16.3.1.10.in-addr.arpa. IN PTR george.mycompany.com.
In the SOA section are five parameters as follows:
- Serial number (1999112701) - If less than master's SN, the slave gets a
new copy of this file from the master.
- Refresh (10800) - The time in seconds between when the slave compares this
file's SN with the master.
- Retry (3600) - The time the server should wait before asking again if the
master fails to respond to a file update (SOA request).
- Expire (604800)- Time in seconds the slave server can respond even though
it cannot get an updated zone file.
- TTL (86400) - The time to live (TTL) in seconds that a resolver will use
data received from a nameserver before it will ask for the same data again.
Create file /var/named/db.mycompany.com.hosts: Note: The first 2
lines are to be on one line!!
mycompany.com. IN SOA mymachine.mycompany.com. root.mymachine.mycompany.com. (
1999112701
10800
3600
604800
86400 )
mycompany.com. IN NS mymachine.mycompany.com.
mycompany.com. IN MX 10 mailmachine.mycompany.com.
mymachine.mycompany.com. IN A 10.1.0.100
mailmachine.mycompany.com. IN A 10.1.0.4
george.mycompany.com. IN A 10.1.3.16
Database Record Description:
- A - Ties a host name with an IP address.
- CNAME - Stands for canonical name which is an alias for a host.
- MX - Mail exchanger. The lower associated number for each given mail
server indicates a higher preference to use that server.
- NS - Indicates a name server.
- PTR - Gives the hostname for an IP address.
- SOA - Start of authority shows where the zone's data starts.
Type "ndc restart" to restart the domain name server
You can use "nslookup" to test your operations if you want. When in nslookup
you should be able to type the name of a machine and get info about it, or type
its full address and get information about it. Type "?" for help and "exit" to
get out. To start the named daemon in Redhat, you can use the program "linuxconf"
and select "Control service activity", then select named and activate it so it
will run the next time the system is booted. If you don't have "linuxconf", you
would need to activate it in your system's initialization scripts.
Other notes:
To get it running:
Type "ps ax |more to see all processes running and look to see
if it is one of them.
If it is look and see if it is listed in /etc/services. If not add the following
lines to the file.
nameserver 42/tcp name
domain 53/tcp nameserver
domain 53/udp nameserver
Type "ndc start" or "ndc restart".
Other pertinent files:
/etc/nsswitch.conf - Several system administration database
source files are defined here This is in support of the Network Information
System (NIS) which can be used to control many administrative functions on many
systems from one location.
|About Linux || Linux Command
|| User Creation Command || file Permission ||
File System || Ttips and Tricks
||
|| Lan Setup ||
NFS Server || DNS Server||
Samba Server || TelNet || FTP Server
|
Copyright © 2000 - 2005 sourabhvikas. All rights reserved Worldwide.
Any duplication, reproduction, or distribution of this material is strictly
prohibited.
To access reprinting rights, please contact
Vikas and Sourabh. |
|
Feedback
|| Disclaimer
|| Privacy Policy |