DNS, the Domain Name System, is one of those things that scares a lot of
Systems Administrators to talk about (Other things in this group are
Sendmail and how to get your shirt, pants, shoes, and socks to match). In
what will probably become a small series of articles, I'd like to try to
explain some of the finer points of DNS to everyone, and probably learn a
thing or two myself.
DNS is that wonderful system that lets us remember
things like www.brainbuzz.com instead of 208.178.167.8, and to find out
that mail to brainbuzz.com is handled by mail.brainbuzz.com. In normal
operation, a client queries a DNS server for a record. Usually, this record
is the IP address of a name, otherwise known as the A record. This name
can be an alias to another A record (i.e. www.example.com is an alias for
machine1.example.com), in which case it is known as a CNAME. There are other
records I'll show, but its important that you know these ones. When you
ask your local DNS server for a particular record that isn't local (ie
www.brainbuzz.com), it goes out and asks around to find out what the answer
is. It'll then cache this information for later use.
This installment
will cover the setup of a primary nameserver for the fictitious domain
"example.com". In the DNS scheme of things, a domain has a primary/master
name server, and zero or more secondary nameservers that get their data
from the primary. These servers make up those that can authoritatively
answer a query for the particular domain, cleverly named "authoritative
servers". In this case, we've got two servers under our control,
ns1.example.com and ns2.example.com with IP addresses of 10.0.0.1 and
10.0.0.2 respectively.
In order to proceed, you're going to need the
latest revision of BIND, the Berkeley Internet Name Daemon, available at
http://www.isc.org/products/BIND/ or with your distribution. The latest
version is 8.2.2P5 and fixes some security bugs, so it might be a good idea
to see if your distribution offers some updates. RedHat users take note,
6.1 comes with 8.2.2, with P5 being offered on the updates site as P3. Go
figure.
BIND8 is configured via the /etc/named.conf file. This file
specifies the domains, which are referred to as "zones", that the nameserver
handles, along with server options and what to do with unknown
queries.
The first part of named.conf is the server options. A
typical entry looks like: options { directory
"/var/named"; check-names master warn; datasize
20M; };
Three options are set, the first specifies the directory
where the zone files will be found. The second line says that the server
should log any records that might be a problem, but still answer the query,
for zones that it is the master for. The final line puts a limit on the
amount of memory that the server can use.
Now, the nameserver must be
told where to get information for example.com. For now we're dealing with
ns1.example.com, the primary nameserver. zone "example.com" IN
{ type master; file "example.com.zone"; allow-update { none;
}; allow-transfer { any; }; };
This one is bit more complex
than the options. Line 1 defines a zone, called example.com, which is an
Internet zone (DNS is about 17 years old now, so it used to handle other
things). Proceeding through the configuration, the server is told that it
is the master for the zone, and that the data can be found in the
example.com.zone file (in /var/named, as previously configured). The last
two lines say that nobody is allowed to update the zone via Dynamic DNS, and
that anyone can do a zone transfer (AXFR), allowing them to retrieve all the
records for the zone.
Let's quickly recap - We have installed BIND,
told it that the zone files are in /var/named, and that it is to be the
master (primary) nameserver for the example.com domain, with the data
located in /var/named/example.com.zone. What we need now is the zone file
itself.
All zone files start with an SOA record (Start Of Authority).
It's probably the most complex one (The line numbers are for
illustration):
1. example.com IN SOA ns1.example.com
swalberg.brainbuzz.com. ( 2. 2000011603 ; serial
YYYYMMDDNN 3. 3H ; refresh 4. 15M ; retry 5. 1W ;
expiry 6. 1D ) ; minimum
Line 1 starts the SOA record for
the Internet domain example.com (first three words). The fourth word is the
"origin" which is rarely looked at, but is the name of the nameserver.
(Most configurations substitute...
You must be logged in to view this entire article. Click Here to Finish Reading this Article
Earn an affordable, online bachelor's degree in Information Technology—Security Emphasis plus nine IT certifications including Sun Certified Programmer for the Java Platform, MySQL Core, and Security+. Your prior college and IT certifications may waive some degree requirements FREE subscription to Network World. Your complimentary subscription will include 50 weekly issues jam packed with news analysis, expert industry opinion and management/career advice, all of which is packaged with your business needs in mind. We want to help you connect the technology dots and help you advance your company's business goals
Email this Article
Print this Article
