DNS, the Domain Name System, is one of those things that scares a lot of
Systems Administrators to talk about (Other things in this group are
Sendmail and how to get your shirt, pants, shoes, and socks to match). In
what will probably become a small series of articles, I'd like to try to
explain some of the finer points of DNS to everyone, and probably learn a
thing or two myself.
DNS is that wonderful system that lets us remember
things like www.brainbuzz.com instead of 208.178.167.8, and to find out
that mail to brainbuzz.com is handled by mail.brainbuzz.com. In normal
operation, a client queries a DNS server for a record. Usually, this record
is the IP address of a name, otherwise known as the A record. This name
can be an alias to another A record (i.e. www.example.com is an alias for
machine1.example.com), in which case it is known as a CNAME. There are other
records I'll show, but its important that you know these ones. When you
ask your local DNS server for a particular record that isn't local (ie
www.brainbuzz.com), it goes out and asks around to find out what the answer
is. It'll then cache this information for later use.
This installment
will cover the setup of a primary nameserver for the fictitious domain
"example.com". In the DNS scheme of things, a domain has a primary/master
name server, and zero or more secondary nameservers that get their data
from the primary. These servers make up those that can authoritatively
answer a query for the particular domain, cleverly named "authoritative
servers". In this case, we've got two servers under our control,
ns1.example.com and ns2.example.com with IP addresses of 10.0.0.1 and
10.0.0.2 respectively.
In order to proceed, you're going to need the
latest revision of BIND, the Berkeley Internet Name Daemon, available at
http://www.isc.org/products/BIND/ or with your distribution. The latest
version is 8.2.2P5 and fixes some security bugs, so it might be a good idea
to see if your distribution offers some updates. RedHat users take note,
6.1 comes with 8.2.2, with P5 being offered on the updates site as P3. Go
figure.
BIND8 is configured via the /etc/named.conf file. This file
specifies the domains, which are referred to as "zones", that the nameserver
handles, along with server options and what to do with unknown
queries.
The first part of named.conf is the server options. A
typical entry looks like: options { directory
"/var/named"; check-names master warn; datasize
20M; };
Three options are set, the first specifies the directory
where the zone files will be found. The second line says that the server
should log any records that might be a problem, but still answer the query,
for zones that it is the master for. The final line puts a limit on the
amount of memory that the server can use.
Now, the nameserver must be
told where to get information for example.com. For now we're dealing with
ns1.example.com, the primary nameserver. zone "example.com" IN
{ type master; file "example.com.zone"; allow-update { none;
}; allow-transfer { any; }; };
This one is bit more complex
than the options. Line 1 defines a zone, called example.com, which is an
Internet zone (DNS is about 17 years old now, so it used to handle other
things). Proceeding through the configuration, the server is told that it
is the master for the zone, and that the data can be found in the
example.com.zone file (in /var/named, as previously configured). The last
two lines say that nobody is allowed to update the zone via Dynamic DNS, and
that anyone can do a zone transfer (AXFR), allowing them to retrieve all the
records for the zone.
Let's quickly recap - We have installed BIND,
told it that the zone files are in /var/named, and that it is to be the
master (primary) nameserver for the example.com domain, with the data
located in /var/named/example.com.zone. What we need now is the zone file
itself.
All zone files start with an SOA record (Start Of Authority).
It's probably the most complex one (The line numbers are for
illustration):
1. example.com IN SOA ns1.example.com
swalberg.brainbuzz.com. ( 2. 2000011603 ; serial
YYYYMMDDNN 3. 3H ; refresh 4. 15M ; retry 5. 1W ;
expiry 6. 1D ) ; minimum
Line 1 starts the SOA record for
the Internet domain example.com (first three words). The fourth word is the
"origin" which is rarely looked at, but is the name of the nameserver.
(Most configurations substitute...
You must be logged in to view this entire article. Click Here to Finish Reading this Article
CramSession Memeber Benefit: Subscribe to Windows IT Pro for FREE!
Windows IT Pro is the only independent resource for managing, securing, and troubleshooting the Windows enterprise. Included in your subscription is: The inside scoop on
Microsoft won't tell you about Windows Server; Access to veteran experts like Mike Otey, Mark Minasi, and Paul Thurrott; Thousands of tips and solutions to help you get more done in less time; Tips
from the trenches and other nuggets of wisdom from readers like you; Comprehensive coverage of Active Directory, security, virtualization and disaster recovery, and more; Comparative, thorough, and
impartial product reviews; Admission into the single largest IT community in the world!
FREE subscription to Network World.
Your complimentary subscription will include 50 weekly issues jam packed with news analysis, expert industry opinion and management/career advice, all of which is packaged with your business needs in
mind. We want to help you connect the technology dots and help you advance your company's business goals.
CCNA & CCNP Lab Suggestions
Many people ask me what would make a good CCNA lab? Well, that can be a tricky question based upon your budget and future Cisco aspirations. So let’s start off with a few basic concepts I hope we can
all agree on. Real Routers. Read more…
Email this Article
Print this Article
