[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sheflug] Guide to setting up DNS server
On Wed, 2003-11-12 at 09:59, Chris Johnson wrote:
> I've decided to set up a DNS server for our network. However having looked
> at the bind (9) documentation I'm a still confused.
You're looking in the wrong places then - bind 9 is well easy. Don't be
put off by the jargon; you need to understand it but it's simple. I
would advise you to stick with bind9 and do a proper job too, you may
need the facilities of a real DNS server in the future (replicating to
other offices? Dynamic DHCP? Etc..).
Simple guide:
authoritative: I'm responsible for the information about the
domain you're asking about
recursive: I'm responsible for getting the information you
want from the authoritative server
All domains have an authoritative server - that's the server which holds
the data related to a domain. As a user, you don't usually have direct
access too all the authoritative servers for the domains you want to
look up, so recursive DNS servers do this on your behalf for you.
Authority is "delegated" per zone: for example, my local DNS server is
recursive for most domain names, but is authoritative for .alexworld, my
local domain. Hosting DNS servers, on the other hand, are usually
authoritative for a large number of domains but very rarely recursive
(since they have no users they are serving for queries other than about
the domains they hold).
So, within named.conf you will see stanzas like:
zone "." {
type hint;
file "/etc/bind/db.root";
};
This sets our server up as recursive for the entire internet - I can
query about any domain name, and my server will attempt to work out
where to get the information from. "." is like the root of a tree, and
all domains branch from it - com., for example, or co.uk.
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
This sets us up as authoritative for *.localhost. If our server sees
anything ending in localhost, rather than go out to the internet for it,
it will look in our zone file - /etc/bind/db.local. Let's examine that
file:
$TTL 604800
@ IN SOA localhost. root.localhost. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
@ IN A 127.0.0.1
What we have here is a TTL directive, and three records. The TTL is
about how long records should "last" - if someone asks me about these
records, how long should I say they are valid for? (Roughly ;)
The three records are simple - @ is just a nickname for our current
zone, localhost. All records are of type 'IN' - INternet, suitable for
use on TCP/IP networks. The first is an SOA record, split over a number
of lines - every zone needs one, it's the statement of authority and
just contains more information about how long these records are valid
for. It contains the name of the primary nameserver for this domain
(localhost.), and an email address for someone responsible for the
domain (root.localhost. == root [at] localhost - first dot is actually an @
sign ;)
Last two records - well, one 'NS' (name server) record, saying that the
name server for localhost. (@) is localhost. itself. The second actually
tells us what the IP address for localhost./@ is - 127.0.0.1. A records
point names at IP addresses.
And that is all you need to know to successfully set up a forward zone.
It looks a lot of information, but actually it's not. All you need is a
reasonable understanding of how DNS works
(http://computer.howstuffworks.com/dns.htm is sufficient, and you do
really need to know this stuff, otherwise you will get odd
hard-to-diagnose problems...).
Cheers,
Alex.
___________________________________________________________________
Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html
GNU the choice of a complete generation.