Submitter: Matthew Carpenter
Color Conventions in this document:
Configuration Files in this document have been color-coded to better ease in reading.
Red
Items you must change
Blue
Various Filenames and Paths
Dark Green
Comments and Record Description
Dark Purple
Optional Records
How this document is organized:
BASIC DNS THEORY
GETTING DNS TO WORK (General)
CACHING ONLY CONFIGURATION (and appropriate files)
STANDARD CONFIGURATION (and appropriate files)
FILES COMMON TO ALL CONFIGURATIONS
"Above all else, know thyself"
VERY BASIC (and loosely correct) THEORY
If you don’t understand DNS I’ll cover it VERY briefly. If you need more information, see the man pages for named and the DNS-HowTo.
DNS is a X.500 compliant, hierarchical distributed data system. That means the information is spread all over the world with several "known" points of origin known and a "tree-like" organization. These points of origins are known as Root Name Servers. Every DNS client (*nix, Win9x, NT, Netware, etc..) is given one or more "local" servers. (for dialup ISP’s they are generally located at the ISP and you are given the address when you dial in) In general, when a request is made for a name-lookup, the "local" DNS server is asked to resolve the name. If that server(s) doesn’t have an answer, it asks the "Root Name Servers" for the DNS server(s) responsible for the given domain. One of those is requested to resolve the host name to an IP address.
There is much more to this, such as caching, local host files, etc.. but this is the basic information about DNS server protocol.
Directions:
1)Edit Configuration Files
2)Start (or restart) DNS
Commands:
To Start DNS(as root): ndc start(/usr/sbin/ndc is the filename)
To Restart DNS: ndc restart
To Stop DNS: ndc stop
A "caching only" DNS server is one which is configured without any domains for which to be responsible for.
Configuration Files for DNS proper
/etc/named.conf
this defines a directory to store the DNS config files
<DNSROOT>/root.hints
Contains "pointers" to the Root Servers**
<DNSROOT>/127.0.0
Contains config for the local host/subnet**
**note: the files in <DNSROOT> may be named something else. This is defined in /etc/named.conf
Configuration Files for the Local Host Name Resolution (important for testing)
/etc/resolv.conf
Only to make this computer use itself for DNS
/etc/nsswitch
Only to make this computer check /etc/hosts and DNS*
/etc/host.conf
Only to make this computer check /etc/hosts and DNS*
*note: which of these two is important depends on your libc version I usually change both
CONFIGURING DNS:
The following section shows working configuration files complete with comments
/etc/named.conf(Caching Only Configuration)
#———————————————-
#This file must be named named.conf and be in /etc
#It is used by the "named" daemon to determine the basic configuration and what files contain the details
options { #Global DNS settings
directory "/var/named"; #tells DNS to use the listed directory for other config files
#forward first; #check the "forwarders" before doing any resolution
#forwarders { # list of domain servers the check ("local" DNS)
#10.150.22.7; #internal DNS server for company
#};
};
zone "." { #Settings for the ROOT ZONE
type hint; #Specifies this as the ROOT ZONE type
file "root.hints"; #File that containing links to the ROOT SERVERS (/var/named/root.hints)
};
zone "0.0.127.in-addr.arpa" { #Used for reverse lookup (ie IP Address to Name)
#notice it is your network address backwards+"in-addr.arpa"
#So this is for 127.0.0 network
type master; #Specifies this as a MASTER ZONE
file "pz/127.0.0"; #File that contains the details for this zone (/var/named/pz/127.0.0)
};
#———————————————-
Notice the structure for each section of the file. When troubleshooting keep this in mind:
sectiontype {
optiontype setting;
optiontype setting;
optiontype setting;
};
/etc/resolv.conf(Caching Only Configuration)
#———————————————-
#change the domain info to fit yours. Don’t change the nameserver entry
search subdomain.e-i-s.cc e-i-s.cc ;where subdomain.e-i-s.cc is the subdomain the DNS server is in
;and e-i-s.cc is your domain
nameserver 127.0.0.1
#———————————————-
NOTE: You must also see the configuration files common to all configurations here
CHANGING THE CONFIGURATION
As the Caching Only DNS simply retrieves and stores the IP information as new host resolutions are requested, there is not a whole lot of configuration change involved. It just works. (And hopefully I’ve done a good enough job showing you so that it DOES) There is one thing you can change, and that is to make the server check with one or more DNS servers before going to the ROOT SERVERS. These are known as Forwarders. You can configure forwarding by uncommenting (removing the "#" from the beginning of) the purple lines in /etc/named.conf.
A "standard configuration" DNS server is one which is configured to be responsible to resolve names to IP Addresses (and vice versa) for a domain.
Configuration Files for DNS proper
/etc/named.conf
this defines a directory to store the DNS config files
<DNSROOT>/root.hints
Contains "pointers" to the Root Servers**
<DNSROOT>/127.0.0
Config for reverse-lookup to the local host/subnet**
<DNSROOT>/<domain>
Config for domain**
<DNSROOT>/<in-addr.arpa file>
Config for reverse lookup for your domain
**note: the files in <DNSROOT> may be named something else. This is defined in /etc/named.conf
Configuration Files for the Local Host Name Resolution (important for testing)
/etc/resolv.conf
Only to make this computer use itself for DNS
/etc/nsswitch
Only to make this computer check /etc/hosts and DNS*
/etc/host.conf
Only to make this computer check /etc/hosts and DNS*
*note: which of these two is important depends on your libc version I usually change both
CONFIGURING DNS:
The following section shows working configuration files complete with comments
/etc/name
d.conf(Standard Configuration)
#———————————————-
#This file must be named named.conf and be in /etc
#It is used by the "named" daemon to determine the basic configuration and what files contain the details
options { #Global DNS settings
directory "/var/named"; #tells named where to find the rest of the config files
#forward first; #check the "forwarders" before doing any resolution
#forwarders {# list of domain servers the check ("local" DNS)
#10.150.22.7; #internal DNS server for company
#};
};
zone "." { #Settings for the ROOT ZONE
type hint; #Specifies this as the ROOT ZONE type
file "root.hints"; #File that containing links to the ROOT SERVERS (/var/named/root.hints)
};
zone "0.0.127.in-addr.arpa" { #Used for reverse lookup (ie IP Address to Name)
#notice it is your network address backwards+"in-addr.arpa"
#So this is for 127.0.0 network
type master; #Specifies this as a MASTER ZONE
file "pz/127.0.0"; #File that contains the details for this zone (/var/named/pz/127.0.0)
};
zone "e-i-s.cc" { #Your zone name (domain name)
notify no; # notify is used with master/slave DNS servers. Not necessary for one DNS svr.
type master; # Specify this as a MASTER ZONE
file "pz/e-i-s.cc"; #File that contains details for this zone (/var/named/pz/e-i-s.cc)
};
zone "10.133.10.in-addr.arpa" { #Again-Reverse Lookup
type master; #Again-MASTER ZONE
file "pz/10.133.10"; #Again-Details file. (/var/named/pz/10.133.10)
};
#———————————————-
Notice the structure for each section of the file. When troubleshooting keep this in mind:
sectiontype {
optiontype setting;
optiontype setting;
optiontype setting;
};
Notice the use of a trailing "." on hostnames. In zone files, the use of a trailing "." is to signify that the address is the distinguished name. Names without the trailing"." are assumed to be relative names and will have the zone name added to the end, thus ALL names in reverse-lookup zones use the trailing ". " (I would HATE to have a machine named "carpy.e-i-s.cc.0.0.127.in-addr.arpa" Yck!
/etc/resolv.conf(Standard Configuration)
#———————————————-
#change the domain info to fit yours. Don’t change the nameserver entry
domain e-i-s.cc
search subdomain.e-i-s.cc e-i-s.cc
;where subdomain.e-i-s.cc is the subdomain the DNS server is in
;and e-i-s.cc is your domain
nameserver 10.133.10.38
#———————————————-
NOTE: You must also see the configuration files common to all configurations here
CHANGING THE CONFIGURATION
As a Standard (Full) DNS Configuration, there are many (and probably more all the time) changes that can be made to the configuration. I will focus on two main changes you need to know. Just like a caching config, you can make the server check with one or more DNS servers before going to the ROOT SERVERS. These are known as Forwarders. You can configure forwarding by uncommenting (removing the "#" from the beginning of) the purple lines in /etc/named.conf.
The other changes you need to be able to make are to configure your DNS server to be responsible for resolving names for a new domain. There are three main things needing to be done:
Create the zone file for the domain (/var/named/pz/somedomain.com)
Create the in-addr.arpa zone file for the domain (/var/named/pz/0.0.10.in-addr.arpa)
Add the two entries into /etc/named.conf(domain entry and in-addr.arpa entry) with appropriate values.
CONFIG FILES COMMON FOR EACH CONFIGURATION
/var/named/root.hints(Common)
#———————————————-
#nothing real interesting here. These don’t change much but when they do you need to update the IP addresses
. 6D IN NS G.ROOT-SERVERS.NET
. 6D IN NS J.ROOT-SERVERS.NET
. 6D IN NS K.ROOT-SERVERS.NET
. 6D IN NS L.ROOT-SERVERS.NET
. 6D IN NS M.ROOT-SERVERS.NET
. 6D IN NS A.ROOT-SERVERS.NET
. 6D IN NS H.ROOT-SERVERS.NET
. 6D IN NS B.ROOT-SERVERS.NET
. 6D IN NS C.ROOT-SERVERS.NET
. 6D IN NS D.ROOT-SERVERS.NET
. 6D IN NS E.ROOT-SERVERS.NET
. 6D IN NS I.ROOT-SERVERS.NET
. 6D IN NS F.ROOT-SERVERS.NET
G.ROOT-SERVERS.NET. 5w6d16h IN A 192.112.36.4
J.ROOT-SERVERS.NET. 5w6d16h IN A 198.41.0.10
K.ROOT-SERVERS.NET. 5w6d16h IN A 193.0.14.129
L.ROOT-SERVERS.NET. 5w6d16h IN A 198.32.64.12
M.ROOT-SERVERS.NET. 5w6d16h IN A 202.12.27.33
A.ROOT-SERVERS.NET. 5w6d16h IN A 198.41.0.4
H.ROOT-SERVERS.NET. 5w6d16h IN A 128.63.2.53
B.ROOT-SERVERS.NET. 5w6d16h IN A 128.9.0.107
C.ROOT-SERVERS.NET. 5w6d16h IN A 192.33.4.12
D.ROOT-SERVERS.NET. 5w6d16h IN A 128.8.10.90
E.ROOT-SERVERS.NET. 5w6d16h IN A 192.203.230.10
I.ROOT-SERVERS.NET. 5w6d16h IN A 192.36.148.17
F.ROOT-SERVERS.NET. 5w6d16h IN A 192.5.5.241
#———————————————-
Notice that each line in the first section begins with a "." The rest I have NO IDEA about.
/var/named/pz/127.0.0(Common)
; ———————————————-
;Defines the local zone.Change the various names to suit your network
@ IN SOA carpy.e-i-s.cc. netdude.e-i-s.cc. (
1 ;Serial
8H ;Refresh
2H ;Retry
1W ;Expire
1D) ;Minimum TTL
; above is the StartOfAuthority (SOA) record.
; The "@" means the origin (ie. 0.0.127.in-addr.arpa)
; carpy.e-i-s.cc. specifies the authoritative nameserver (I think-not documented)
; netdude.e-i-s.cc specifies (don't cringe) the email address responsible for this.
; (REPLACE "@" WITH "." -don't ask!)
NS carpy.e-i-s.cc.
; above is the NameServer record.
1 PTR localhost.
; above is a pointer record to the localhost
; ———————————————-
/etc/nsswitch.conf(Common)
# snippit-make sure this line exists and looks like this
#———————————————-
hosts: files dns
#———————————————-
/etc/host.conf(Common)
# snippit – make sure this line exists and looks like this
#———————————————-
order hosts,bind
#———————————————-
<
p>Source: Configuring Bind – Linux StepByStep