[Home] [Resume] [Work Responsibilities] [Search Page] [IT Menu]
Summary - Quick DNS configuration
|
|
The idea behind domain names is simple: Rather than forcing people to memorize IP numbers, we give them names to remember instead?
The DNS has another important use: it makes a service independent of the server. Take the well known Microsoft Web server, for instance. At any given time, the name microsoft.com translates into a list of servers that provide enough horsepower to maintain this popular service. The actual number of servers and their IP numbers can change at any time; what matters is that the symbolic name remains constant. You will always be able to reach http://microsoft.com/ without having to keep track of changing numeric IP addresses.
The process through which symbolic names are translated into numeric IP addresses is called address resolution .
DNS Contents
Long before the Internet turned into the many-tentacled worldwide monster that it is today, symbolic names were already in use. However, in those days, every computer on the Internet had its own copy of the list of all Internet machines. On LINUX systems, this list was stored in the file /etc/hosts.
Today, maintaining such a list is clearly an impossible task. Not only would it have to contain an entry for each of the tens of millions of computers on the network, it would also have to be updated continuously to reflect the changes that occur every second somewhere on the planet.
However, /etc/hosts still survives. No longer a list of all the computers on the Internet, it is still often used to list computers on your local network, or at least a few important systems that you want to be able to reach by name even if other means of name resolution are temporarily unavailable.
The structure of this file is simple and easy to understand. Each line contains an IP number followed by a list of names. The first of these is a fully qualified hostname , that is, the host's full name on the Internet; following that are nicknames, or alternative names by which the host is known.
The file has lots of comments (lines beginning with the # character) but only two lines of interest:
127.0.0.1 localhost 192.168.1.1 g4c2.3604e1 g4c2
The first line specifies a name for the loopback address. The second line assigns the name host.linux.sys to the IP address of the machine's Ethernet card, 192.168.1.1. It also contains a nickname so that programs on this machine can reference the machine by the word host instead of spelling out its fully qualified name.
One final note on /etc/hosts: Keep in mind that if this file is present, it is always consulted first, and entries in this file take precedence over data obtained from the network.
DNS Contents
The alternative to using /etc/hosts with an impossible number of hostnames is DNS.
So what happens when you type www.microsoft.com in your browser's address box? The browser connects to its local name server and asks for resolution of this name. Unless you're on Microsoft's private network, the name server has no information about this name, so it submits the query to one of the root servers. The root server won't have information about this specific address but it will give you the address of one of Microsoft's name servers. Your name server then contacts that server and obtains from it a list of IP addresses, which are returned to the Web browser. The browser picks one of the addresses and initiates a connection.
DNS Contents
Not every computer has a name server. You might be using multiple name servers for backup purposes or none at all, relying on your ISP's name server instead. But, how do applications know the whereabouts of the name server they need to query?
Under Linux, this information is stored in the file /etc/resolv.conf. This file can be edited by hand. Typically it is enough to have a file that contains only one line specifying your name server. If the name server is the local machine, you can use its loopback address, so /etc/resolv.conf might end up containing only the following line:
nameserver 127.0.0.1
Of course if your /etc/resolv.conf contains this line alone, you might as well not have it in the first place. That's because when this file is not present, the default behavior is to consult a name server on the local machine.
When an application on your system requests name service, the first thing that is consulted is this file. From this file, the system determines where to find a name server.
On my test system, /etc/resolv.conf was automatically generated during setup. The file contains these lines of relevance:
domain 3604e1 search 3604e1 nameserver 192.168.1.42
DNS Contents
The /etc/hosts.conf file lists the order of files that the computer will search to try and resolve a given computer name.
order host, bind
DNS Contents
The key reasons for running your own name server are control and flexibility. Running your own name server means that you don't need to rely on your ISP when your network configuration changes. It also lets you perform functions that your ISP wouldn't do, such as providing name service for a private network behind a firewall.
Setting up name service for a small network isn't rocket science. You only need to create a few relatively simple files that contain information about the zones your name server will service.
The name of the Linux name server program is named. This is another example of a UNIX daemon, a process that runs in the background performing server functions. named is normally started automatically from the system startup scripts.
DNS Contents
When named is started, it reads its configuration file, which in the past was called the boot file.
The new-style configuration file is usually named /etc/named.conf by default. The file's contents vaguely resemble the syntax of the C programming language. Blocks of option settings are enclosed by curly braces {}, and individual settings are terminated by a semicolon.
My test system uses the new version of named that came with Slackware Linux. Consequently, the named configuration file is called /etc/named.conf and uses the new syntax.
The file begins with a section named options:
options {
directory "/var/named";
};
The only option specified here is the name of the directory that contains additional named configuration files. On Slackware Linux, this directory is not present. You will need to create the subdirectory, /var/named for this purpose.
zone "." {
type hint;
file "named.ca";
};
The domain name . is used to reference the root domain . The file named.ca contains information about name servers for this domain. The named program uses this file for initialization.
zone "3604e1" {
type master;
file "named.3604e1 ";
};
The domain 3604e1 is the zone for which this server is responsible as a master server.
zone "1.168.192.IN-ADDR.ARPA" {
type master;
file "named.192.168.1";
};
A name server can not only provide IP numbers that correspond with names; it can also perform a reverse lookup , finding the name that corresponds with an IP number. Without this reverse lookup capability, name service isn't complete. In fact, there are servers on the Internet that refuse connections from any machine whose address cannot be looked up this way.
By convention, for reverse lookup you use a pseudo domain name. This form always ends with IN-ADDR.ARPA and is preceded by the network's IP number in reverse order. Because I used private network numbers in the form 192.168.xxx.yyy, the pseudo domain name is therefore 168.192.IN-ADDR.ARPA.
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "named.local";
};
In order for the name server to work correctly, you also need to be able to perform reverse lookup on the localhost address, 127.0.0.1. This third file provides reverse lookup on this address family.
DNS Contents
Next to the configuration file, the most important file named uses is the root cache, usually named root.cache. I have named mine named.ca. Basically, this file lists those name servers that named contacts first when resolving a domain name.
The root cache should be periodically (for example, once every few months) refreshed by the system's administrator to ensure that it contains up-to-date information. A good source for a recent root.cache file is ftp://rs.internic.net/domain/named.root.
Here is the an example root.cache file, with comment lines removed.
DNS Contents
Zone files contain actual information about specific domains for which the name server provides service as a primary or master server.
Each zone file contains one or more records. Each record consists of several fields, some of which are optional. The files are named.local - named.3604e1 and named.192.168.1
The first field specifies the name that the record describes. It always must start at the beginning of the line. The name can be a single @ character, which is a substitute for the name of the zone that the file describes; or it can be an ordinary name which is interpreted as a name within the domain that the zone file describes. For instance, if you have a zone file for the domain 3604e1, the @ character in a zone file would be a substitute for this domain name; the word host would be taken to mean host.3604e1, that is, a name within the 3604e1 domain. The first field can be omitted when multiple records are present that all refer to the same name.
The second field is the record's class; almost always, it is set to IN, which signifies an Internet record.
The third field describes the record's type. Under ordinary circumstances, you'll encounter five, perhaps six different record types, although a lot more exist. These frequently used record types are:
 |
SOA. The Statement of Authority record provides information about the zone. Three fields follow the SOA keyword:
| Originating Host . The fully qualified name with a period at the end of the host where this data was created.
| Administrator email . The email address of the zone's maintainer with the @ character replaced by a period and another period appended at the end.
| Parameters. A list enclosed between parentheses that contains five numerical values:
| NS. Name Server records specify the name of the master name server for this zone. Following this keyword is the name of that server, with a period appended at the end.
| MX. Mail Exchanger records specify the systems that handle mail for this zone. Following the keyword are two fields: the preference value is a number, followed by the mail server's name. Mail exchangers with a lower preference are contacted first; thus you can use MX records to specify primary mail servers and backups (with a higher preference) that are used in case the primary mail server is unreachable.
| A. Address records identify the IP address for the specified name.
| PTR. Pointer records provide address-to-name mappings and are used for reverse lookup (matching a host name to an IP number).
| CNAME. Canonical name records let you create aliases. For instance, if www.mydomain, ftp.mydomain, and mail.mydomain are really all aliases for the single computer known as myhost.mydomain, you can use CNAME records for this purpose. |
On my test system, I created three zone files, all in the /var/named directory. The first, named.3604e1 describes the 3604e1 domain and contains the following text:
@ IN SOA g4c2.3604e1. hostmaster.3604e1. (
2000100901 ; Serial number
28800 ; Refresh after 3 hours
14400 ; Retry hourly
3600000 ; Expire after a week
86400 ) ; Time to live is 3 hours
IN NS g4c2.3604e1
IN MX 10 g4c2.3604e1
localhost IN A 127.0.0.1
g4c2 IN A 192.168.1.42
g4c4 IN A 192.168.1.44g3c2 IN A 192.168.1.32
g3c4 IN A 192.168.1.34
The Refresh, Retry, Expire, and TTL values are a result of experience. Setting them too short results in excessive queries. Setting them too long causes another problem: if you make a system change, it will be a while before the changes are propagated, during which time many remote machines will still attempt to reach your site using the wrong information.
The second file, named.192.168.1, contains address-to-name mappings for 3604e1 network.
@ IN SOA host.linux.sys. root.host.linux.sys. (
1 ; Serial number
10800 ; Refresh after 3 hours
3600 ; Retry hourly
604800 ; Expire after a week
10800 ; Time to live is 3 hours
)
IN NS g4c2.3604e1.
42 IN PTR g4c2.3604e1.
44 IN PTR g4c4.3604e1.32 IN PTR g3c2.3604e1.
34 IN PTR g3c4.3604e1.
This file contains an SOA record and NS record identical to those in named.3604e1. The PTR record is for the name 42; when the zone's name, 168.192.1.IN-ADDR.ARPA (from /etc/named.conf) is appended, I get the correct IN-ADDR.ARPA form of the numeric address 192.168.1.1: 1.1.168.192.IN-ADDR.ARPA.
Lastly, the named.local file provides address-to-name mappings for the localhost address:
@ IN SOA host.linux.sys. root.host.linux.sys. (
1 ; Serial number
10800 ; Refresh after 3 hours
3600 ; Retry hourly
604800 ; Expire after a week
10800 ; Time to live is 3 hours
)
IN NS host.linux.sys.
1.0.0 IN PTR localhost.
As before, the SOA and NS records are unchanged; the PTR record describes 127.0.0.1.
DNS Contents
The configuration files for named aren't simple to understand, and errors are often made even by experienced administrators. How can you tell if this is the case? How do you verify that your configuration files are valid and accurate?
When you are done with a configuration change, the first thing to do is to restart the name server. If a name server is already running, this can be done using the hang-up signal:
killall 3HUP named
If no name server is running, start the named program, which will take care of moving itself to the background. The program is typically found in the /sbin or /usr/sbin directories.
/usr/sbin/named
To verify that the data supplied by named is accurate, use the nslookup tool in interactive mode. Typing nslookup reveals the presence of a working name server as specified by /etc/resolv.conf.
DNS Contents
named.conf
/*
* A simple BIND 8 configuration
*/
options {directory "/var/named";
};
logging { category lame-servers { null; }; category cname { null; };};
zone "3604e1" in {type master;
file "named.3604e1";
};
zone "1.168.192.in-addr.arpa" in {type master;
file "named.192.168.1";
};
/*zone "bar.org" in {type slave;
file "bar.hosts";
masters { 192.168.1.1; };};*/
zone "." in {type hint;
file "named.ca";
};
zone "0.0.127.in-addr.arpa" in {type master;
file "named.local";
};
named.192.168.1
@ IN SOA host.linux.sys. root.host.linux.sys. (
1 ; Serial number
10800 ; Refresh after 3 hours
3600 ; Retry hourly
604800 ; Expire after a week
10800 ; Time to live is 3 hours
)
IN NS g4c2.3604e1.
42 IN PTR g4c2.3604e1.
44 IN PTR g4c4.3604e1.32 IN PTR g3c2.3604e1.
34 IN PTR g3c4.3604e1.
named.local
@ IN SOA host.linux.sys. root.host.linux.sys. (
1 ; Serial number
10800 ; Refresh after 3 hours
3600 ; Retry hourly
604800 ; Expire after a week
10800 ; Time to live is 3 hours
)
IN NS host.linux.sys.
1.0.0 IN PTR localhost.named.3604e1
@ IN SOA g4c2.3604e1. hostmaster.3604e1. (
2000100901 ; Serial number
28800 ; Refresh after 3 hours
14400 ; Retry hourly
3600000 ; Expire after a week
86400 ) ; Time to live is 3 hours
IN NS g4c2.3604e1
IN MX 10 g4c2.3604e1
localhost IN A 127.0.0.1
g4c2 IN A 192.168.1.42
g4c4 IN A 192.168.1.44g3c2 IN A 192.168.1.32
g3c4 IN A 192.168.1.34
www IN CNAME g4c2
named.ca
. 3600000 IN NS A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 . 3600000 NS B.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107 . 3600000 NS C.ROOT-SERVERS.NET. C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 . 3600000 NS D.ROOT-SERVERS.NET. D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90 . 3600000 NS E.ROOT-SERVERS.NET. E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 . 3600000 NS F.ROOT-SERVERS.NET. F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 . 3600000 NS G.ROOT-SERVERS.NET. G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 . 3600000 NS H.ROOT-SERVERS.NET. H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 . 3600000 NS I.ROOT-SERVERS.NET. I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 . 3600000 NS J.ROOT-SERVERS.NET. J.ROOT-SERVERS.NET. 3600000 A 198.41.0.10 . 3600000 NS K.ROOT-SERVERS.NET. K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 . 3600000 NS L.ROOT-SERVERS.NET. L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12 . 3600000 NS M.ROOT-SERVERS.NET. M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
resolv.conf
domain 3604e1 search 3604e1 nameserver 192.168.1.42
hosts.conf
order host, bind
DNS Contents
