Previous Page | Next Page

  1. Introduction
  2. About Linux
  3. Installation and getting started
  4. Logging in and out
  5. Basic Linux Commands
  6. Linux Files and File Permissions
  7. Linux Directory Structure
  8. Finding Files
  9. Linux Help
  10. Setting Time
  11. Devices
  12. Tips
  13. Accessing Other Filesystems
  14. Accessing Removable Media
  15. Making and Managing Filesystems
  16. Emergency Filesystems and Procedures
  17. LILO and Runlevels
  18. Init
  19. Environment, Shell Selection, and Startu
  20. Linux Kernel
  21. Package Installation and Printing
  22. Configuration, Logging and CRON
  23. Keys and Terminal Configuration
  24. Sound Configuration
  25. Managing Users
  26. Passwords
  27. Process Control
  28. Configuration and Diagnostic Tools
  29. Overall Configuration
  30. Using PAM
  31. Basic Network Setup
  32. Tools and Terms
  33. Novell and Printing
  34. Inetd Services
  35. Xinetd Services
  36. Other Network Services
  37. FTP and Telnet
  38. Samba
  39. Identd (auth)
  40. X Configuration
  41. X Use
  42. Using X Remotely
  43. X Documentation
  44. DNS
  45. DHCP and BOOTP
  46. Apache
  47. NFS
  48. PPP
  49. Mail
  50. Routing
  51. IP Masquerading
  52. Proxy Servers and ipchains
  53. UUCP
  54. News
  55. NIS
  56. Network Security
  57. Secure Shell
  58. Text Processing
  59. Shell Programming
  60. Emacs
  61. VI
  62. Recommended Reading
  63. Credits

Linux Domain Name Service (DNS)

Please note: There is a new program version for DNS called BIND 8. The old version used slightly different setup files such as "named.boot" rather than "named.conf" as in the new version. This is why you may see confusing documentation in books and on the web. I have tried to document BIND 8 here.

DNS and its structure is explained in more detail in the "networking" manual written for this document series. This section explains setup of the name server.

The daemon that provides the service - named
Set up the following files as per this example:

  1. /etc/hosts - Local host names.
  2. /etc/host.conf - Configures the relationship between DNS and the /etc/hosts file.
  3. /etc/resolv.conf - Configures the name resolver for interaction with the domain name server.
  4. /etc/named.conf - Defines the main parameters for the name server.
  5. /var/named/named.ca - Hints file specified in the /etc/named.conf file.
  6. /var/named/named.local - Local hosts file specified in the /etc/named.conf file
  7. /var/named/db.10.1.hosts - Zone file specified in the /etc/named.conf file.
  8. /var/named/db.mycompany.com.hosts - Reverse zone file specified in the /etc/named.conf file.

domain=mycompany.com. nameserver=mymachine=10.1.0.100 mail server=mailmachine=10.1.0.4 Windows box=10.1.3.16.

  1. File: /etc/hosts
    127.0.0.1	localhost	localhost.localdomain
    10.1.0.100	mymachine.mycompany.com	mymachine
    
  2. File: /etc/host.conf
    	order hosts, bind
    	multi on
    	nospoof on
    	alert on
    

The line "nospoof on" checks for IP address spoofing and "alert on" will send a warning if an attempt to spoof is detected. The order command specifies that when the client is resolving names to first look in the /etc/host file, then use BIND8 (DNS) to resolve the name. Another valid option for the command order is nis which stands for Network Information Service, created by Sun. The line "multi on" specifies that all valid addresses for a host found in the hosts file should be returned. This means that the same host name will be returned for a machine that has more than one network address such as a machine that interfaces to two or more networks. For example I have a machine interfacing to network 192.168.199.0 at IP address 192.168.199.1 and the other interface is on network 10.1.0.0 at IP address 10.1.1.100. It allows both networks to refer to the machine with the same name.

  • File: /etc/resolv.conf
    	domain mycompany.com
    	search mycompany.com mynet.net
    	nameserver 127.0.0.1
    	nameserver 10.1.0.100
    

    Commands:

    • search - Specifies domain names used to expand a host name prior to sending the DNS query to the nameserver. The search list may contain up to 6 domain names, each separated by whitespace. The "mynet.net" shown above is only used for an example and is not normally included.
    • nameserver - Up to three nameserver commands may be used. Each nameserver command specifies an IP address of a nameserver that can be used to answer name queries.
    • domain - The name of the local domain which is used to expand the host name before sending the query to the name server. If no domain is specified, the value in the search command is used.

  • File /etc/named.conf. - This file replaces named.boot in the old configuration. The first two zones need to be defined for all servers and if they are the only ones defined, the result would be a caching only nameserver. In each of the rest of the zones your server can be designated as a master or a slave for that zone.
    // generated by named-bootconf.pl
    
    options {
    	directory "/var/named";
    	/*
    	 * If there is a firewall between you and nameservers you want
    	 * to talk to, you might need to uncomment the query-source
    	 * directive below.  Previous versions of BIND always asked
    	 * questions using port 53, but BIND 8.1 uses an unprivileged
    	 * port by default.
    	 */
    	// query-source address * port 53;
    };
    
    zone "." {
    	type hint;
    	file "named.ca";
    };
    
    zone "0.0.127.in-addr.arpa" {
    	type master;
    	file "named.local";
    };
    
    zone "1.10.in-addr.arpa" {
    	type master;
    	file "db.10.1.hosts";
    	allow transfer { 127.0.0.1; };
    };
    
    zone "mycompany.com" {
    	type master;
    	file "db.mycompany.com.hosts";
    	notify yes;
    	allow transfer { 127.0.0.1; };
    };
    

    Commands:

    • acl - A named IP address control list for access control
    • include - Allows an additional file to be included in this configuration file.
    • key - Security key for authentification and authorization.
    • logging - Determines where DNS logging is stored and what events are logged.
    • options
      • directory - Defines the directory all files are to be found in.
      • forwarders - Forward first and forward only are the two choices. Forward first is the default which causes the server to forward queries not in its own cache to specific servers (forwarders) before querying any external server. Forward only means the query is only sent to the forwarders.
    • server - Gives characteristics of a remote server.
      • bogus - yes or no (default). Mark it bogus if it is sending bad data.
      • support-ixfr
      • transfers - Not yet used but will limit number of concurrent in bound zone transfers.
      • transfer-format - one-answer or many-answers. Many answers works for bind 8.1 and above and is more efficient.
      • keys - Used to identify a key defined by the key statement
    • zone - Parts of the network (zones) which are to be serviced by the nameserver.
      • allow-transfer - Specifies The hosts allowed to receive zone transfers from the server. Any transfer specification in the zone statement will override the allow-transfer statement.
      • allow-update - Specifies hosts that are allowed to send DNS updates to the server. No updates are allowed from any hosts as a default.
      • also notify - Allows nameservers not in the zone's database record to receive a DNS NOTIFY message when zone information is updated.
      • dialup - yes or no
      • type - Defines the type of nameserver for this zone. Choices:
        • master
        • slave
        • hint - Specifies the initial set of nameservers for the root zone.
        • forward - Directs all queries to other servers
        • stub - Replicates only the NS records of a master zone instead of the entire zone but otherwise is like a slave.
      • file - Defines the file name that will provide information for this zone.
      • masters - Defines the master server for the zone if this server for this zone is a slave. Syntax: "masters {192.168.1.6; };"
      • notify - Options are "notify no" or "notify yes" which determines if slave servers will be notified immediately when the zone information is updated. Notify yes is the default.

    There are many more options associated with this file. For more information, read the BIND configuration file guide for BIND version 8 or higher. The option "allow transfer", above, limits DNS zone transfers to the loopback address. If there were a slave nameserver, its IP address should be here. With the allow transfer option set, other machines cannot get DNS information. This limits the effectiveness of IP spoofers and spammers.

  • File: /var/named/named.ca (if you have one, don't modify unless you have to). This is the hints file that helps the name server locate root nameservers at startup.
    Some documentation says to modify the line "A.ROOT-SERVERS.NET." to put your Linux box address:
    A.ROOT-SERVERS.NET.      3600000      A     10.1.0.100

    but this is not correct. Some versions of the name server will generate error messages to var/log/messages if this is done.
    I use:

    ;       This file holds the information on root name servers needed to
    ;       initialize cache of Internet domain name servers
    ;       (e.g. reference this file in the "cache  .  <file>"
    ;       configuration file of BIND domain name servers).
    ;
    ;       This file is made available by InterNIC registration services
    ;       under anonymous FTP as
    ;           file                /domain/named.root
    ;           on server           FTP.RS.INTERNIC.NET
    ;       -OR- under Gopher at    RS.INTERNIC.NET
    ;           under menu          InterNIC Registration Services (NSI)
    ;              submenu          InterNIC Registration Archives
    ;           file                named.root
    ;
    ;       last update:    Aug 22, 1997
    ;       related version of root zone:   1997082200
    ;
    ;
    ; formerly NS.INTERNIC.NET
    ;
    .                        3600000  IN  NS    A.ROOT-SERVERS.NET.
    A.ROOT-SERVERS.NET.      3600000      A     201.12.27.33
    ;
    ; formerly NS1.ISI.EDU
    ;
    .                        3600000      NS    B.ROOT-SERVERS.NET.
    B.ROOT-SERVERS.NET.      3600000      A     128.9.0.107
    ;
    ; formerly C.PSI.NET
    ;
    .                        3600000      NS    C.ROOT-SERVERS.NET.
    C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
    ;
    ; formerly TERP.UMD.EDU
    ;
    .                        3600000      NS    D.ROOT-SERVERS.NET.
    D.ROOT-SERVERS.NET.      3600000      A     128.8.10.90
    ;
    ; formerly NS.NASA.GOV
    ;
    .                        3600000      NS    E.ROOT-SERVERS.NET.
    E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
    ;
    ; formerly NS.ISC.ORG
    ;
    .                        3600000      NS    F.ROOT-SERVERS.NET.
    F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
    ;
    ; formerly NS.NIC.DDN.MIL
    ;
    .                        3600000      NS    G.ROOT-SERVERS.NET.
    G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
    ;
    ; formerly AOS.ARL.ARMY.MIL
    ;
    .                        3600000      NS    H.ROOT-SERVERS.NET.
    H.ROOT-SERVERS.NET.      3600000      A     128.63.2.53
    ;
    ; formerly NIC.NORDU.NET
    ;
    .                        3600000      NS    I.ROOT-SERVERS.NET.
    I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
    ;
    ; temporarily housed at NSI (InterNIC)
    ;
    .                        3600000      NS    J.ROOT-SERVERS.NET.
    J.ROOT-SERVERS.NET.      3600000      A     198.41.0.10
    ;
    ; housed in LINX, operated by RIPE NCC
    ;
    .                        3600000      NS    K.ROOT-SERVERS.NET.
    K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129 
    ;
    ; temporarily housed at ISI (IANA)
    ;
    .                        3600000      NS    L.ROOT-SERVERS.NET.
    L.ROOT-SERVERS.NET.      3600000      A     198.32.64.12
    ;
    ; housed in Japan, operated by WIDE
    ;
    ;.                        3600000      NS    M.ROOT-SERVERS.NET.
    ;M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
    ; End of File
    

    The official root nameserver file is at ftp:.rs.internic.net and is called /domain/named.root.

  • File: /var/named/named.local (should not need to change)
    unchanged as:
    @       IN      SOA     localhost.		root.localhost. (
                      1999112701            ; Serial number as date and two digit number YYMMDDXX
                      28800                 ; Refresh in seconds 28800=8H
                      7200                  ; Retry in seconds 7200=2H
                      3600000               ; Expire 3600000=1 week
                      86400)                ; Minimum TTL 86400=24Hours
    @       IN      NS      localhost.
    1       IN      PTR     localhost.
    
  • Create File: /var/named/db.10.1.hosts: Note: The first 2 lines are to be on one line!! The '\' means continue the line on the next line.
    1.10.in-addr.arpa.	IN	SOA	mymachine.mycompany.com.\
    	root.mymachine.mycompany.com. (
    		1999112701
    		10800
    		3600
    		604800
    		86400 )		;Default TTL
    1.10.in-addr.arpa.	 IN	NS	mymachine.mycompany.com.
    100.0.1.10.in-addr.arpa. IN	PTR	mymachine.mycompany.com.
    4.0.1.10.in-addr.arpa.	IN		PTR	mailmachine.mycompany.com.
    16.3.1.10.in-addr.arpa.  IN	PTR	george.mycompany.com.
    

    In the SOA section are five parameters as follows:

    1. Serial number (1999112701) - If less than master's SN, the slave gets a new copy of this file from the master.
    2. Refresh (10800) - The time in seconds between when the slave compares this file's SN with the master.
    3. Retry (3600) - The time the server should wait before asking again if the master fails to respond to a file update (SOA request).
    4. Expire (604800)- Time in seconds the slave server can respond even though it cannot get an updated zone file.
    5. TTL (86400) - The time to live (TTL) in seconds that a resolver will use data received from a nameserver before it will ask for the same data again.

  • Create file /var/named/db.mycompany.com.hosts: Note: The first 2 lines are to be on one line!!
    mycompany.com.		IN	SOA	mymachine.mycompany.com.	root.mymachine.mycompany.com. (
    		1999112701
    		10800
    		3600
    		604800
    		86400 )		
    mycompany.com.		IN	NS	mymachine.mycompany.com.
    mycompany.com.		IN	MX		10		mailmachine.mycompany.com.
    mymachine.mycompany.com.	IN	A	10.1.0.100
    mailmachine.mycompany.com.	IN	A	10.1.0.4
    george.mycompany.com.	IN	A	10.1.3.16
    

    Database Record Description:

    • A - Ties a host name with an IP address.
    • CNAME - Stands for canonical name which is an alias for a host.
    • MX - Mail exchanger. The lower associated number for each given mail server indicates a higher preference to use that server.
    • NS - Indicates a name server.
    • PTR - Gives the hostname for an IP address.
    • SOA - Start of authority shows where the zone's data starts.

  • Type "ndc restart" to restart the domain name server

  • You can use "nslookup" to test your operations if you want. When in nslookup you should be able to type the name of a machine and get info about it, or type its full address and get information about it. Type "?" for help and "exit" to get out. To start the named daemon in Redhat, you can use the program "linuxconf" and select "Control service activity", then select named and activate it so it will run the next time the system is booted. If you don't have "linuxconf", you would need to activate it in your system's initialization scripts.

    Other notes:
    To get it running:

    Type "ps ax |more to see all processes running and look to see if it is one of them.
    If it is look and see if it is listed in /etc/services. If not add the following lines to the file.

    	nameserver	42/tcp	name
    	domain		53/tcp	nameserver
    	domain		53/udp	nameserver
    

    Type "ndc start" or "ndc restart".

    Other pertinent files:

    /etc/nsswitch.conf - Several system administration database source files are defined here This is in support of the Network Information System (NIS) which can be used to control many administrative functions on many systems from one location.