Hi guys, I have just written a Mini-DNS-HOWTO which is applicable as a streamliner for HardwareZone.com site. Elvin >> I need your help to go thru the "named.conf", "named.hosts", "named.local" and "named.rev" file before I post it to the public and on SLP's website. Once you have done that, add your name to it too :) Cheers! Moonshi Mohsenruddin aka MoonX [EMAIL PROTECTED] Asia/Singapore icq:2595480 http://www.linux.com.sg
Mini DNS-Howto ______________ By Moonshi Mohsenruddin [EMAIL PROTECTED] Introduction ------------ I wrote this simple Mini-DNS-HOWTO for everyone to get their butt up and start adding hostsnames and service mappings for their DNS entries in their own network but before you complete reading this material, please spend sometime reading the official Linux DNS-HOWTO by Nicolai Langfeldt <[EMAIL PROTECTED]> which is available at http://www.linux.com/howto/DNS-HOWTO.html Understanding the DNS entries ----------------------------- On Linux, the DNS (Domain Name Service Daemon) used is BIND (Berkeley Internet Name Domain) DNS. It is available for download at the Internet Software Consortium (ISC) homepage at http://www.isc.org/. Basically DNS is an Internet naming service to map a domain name to IP addresses. Example 1; "domain_name.com" actually points to an IP address "10.2.3.2" and all it's other services like "www", "ftp", "smtp" and "pop" are canonical names which could be local or pointing to many other different servers that handles the various services. Example 2; "www.domain_name.com" (WWW) points to a different host which has an IP address of "10.1.2.3" "ftp.domain_name.com" (FTP) points to a different host which has an IP address of "10.1.2.4" ...and the list goes on for SMTP/POP etc etc. So, setting up a DNS daemon is quite simple based on the information that you have just read right? Not really! It requires that you have setup your Linux server successfully with an ethernet card, routing tables, proper hostnames for each of your servers and Internet assigned IP address (registered with your ISPs). Finally what you need to do now is to register a domain name with Network Solutions (previously known as Internic) at http://www.networksolutions.com Nest, be sure to explicitly informed your ISP (Internet Service provider) that you are PRIMARY-ing your DNS and get your ISP to SECONDARY your DNS zones. This is to make it easy for your network administrators to update the DNS zone entries, adding more services, hosts and etc and getting it to be SECONDARY by your ISP as and when your PRIMARY DNS is updated. Once that is done, let's get to the ground up. Setting It Up ------------- BIND DNS comes with most major Linux distributions like SuSE 6.x, Redhat 6.x, Caldera 2.x, Debian 3.x and many other distributions. Firstly, make sure that you have the latest BIND DNS software as there are many exploits that have been discovered on previous versions. I will be using BIND DNS version 4.9.x to explain the setting up of BIND DNS and make sure you are "root" while you are doing this. The "named.conf" file --------------------- On Linux, most of the configuration files are named with a suffix of ".conf" and BIND DNS's will read this file from "/etc/named.conf" by default IF it is installed. # Example of "/etc/named.conf" options { directory "/var/named"; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; }; zone "." { type hint; file "named.ca"; }; zone "0.0.127.in-addr.arpa" { type master; file "named.local"; }; zone "3.2.10.in-addr.arpa" { type master; file "named.rev"; }; zone "domain_name.com" { type master; file "named.hosts"; allow-transfer { ip_addr_of_secondary_dns ;}; allow-update { ip_addr_of_secondary_dns ;}; }; zone "virtual_domain_hosting.com" { type master; file "virtual_domain"; }; # End of "/etc/named.conf file-- Based on the "/etc/named.conf" file above, "zone . " is pointing to "/var/named/named.ca" file, "zone 0.0.127.in-addr.arpa" (localhost file) is pointing to "/var/named/named.local", "zone 3.2.10.in-addr.arpa" is pointing to "/var/named/named.rev" (reverse lookup file), "zone domain_name.com" is pointing to "/var/named/named.hosts" file (all your IPs that is hosting services/daemons for this domain name goes in here) and "zone virtual_domain_hosting.com" goes into "/var/named/virtual_domain". The "named.hosts" file ---------------------- # Example of "/var/named/named.hosts" file. @ IN SOA hostname_of_DNS_Server.domain_name.com. postmaster.domain_name.com. ( 1999010101 ; Serial (YYYYMMDDSerialNo) 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ; Minimum ) IN NS hostname_of_primary_dns_server.domain_name.com. IN NS hostname_of_secondary_dns_server.domain_name.com. IN MX 10 mail.domain_name.com. localhost IN A 127.0.0.1 router IN A 10.1.2.1 dns_server_hostname IN A 10.1.2.2 mailserver_hostname IN A 10.1.2.3 www_server_hostname IN A 10.1.2.4 domain_name.com. IN A 10.1.2.2 www IN CNAME www_server_hostname ;(as pointed above IN A 10.1.2.4) ftp IN CNAME ftp_server_hostname pop IN CNAME mail_server_hostname smtp IN CNAME mail_server_hostname mail IN CNAME mail_server_hostname # End of "/var/named/named.hosts" file. The "named.local" file. ---------------------- Since BIND DNS needs to point to a localhost for loopback and reverse lookups, we need to add an entry for the ethernet device interface loopback. This is the example of the file. # Example of "/var/named/named.local" file. @ IN SOA hostname_of_dns_server.domain_name.com. postmaster.domain_name.com. ( 1999010101 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum IN NS dns_server_hostname.domain_name.com. 1 IN PTR localhost. # End of "/var/named/named.local" file. The "/var/named/named.rev" file. ------------------------------- Now that we have the "named.hosts", "named.local" file up, we need to make sure that a reverse-lookup file exists. All the "IN PTR" entries here points to a host(name) which has "IN A" entries in "/var/named/named.hosts" file for reverse lookups and the "numbers" used here are the suffix IP addresses given by your ISP. Example; IP Address = 10.1.2.2 Service = DNS Server as such, in the "/var/named/named.rev" file only the suffix IP which is "2" is used. # Example of "/var/named/named.rev" file. @ IN SOA domain_name.com. postmaster.domain_name.com. ( 1999010101 ; Serial (Change!) 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ; Minimum ) IN NS primary_dns_server_hostname.domain_name.com. IN NS secondary_dns_server_hostname.domain.com. 2 IN PTR domain_name.com. 2 IN PTR dns_server_hostname.domain.com. 3 IN PTR mail.domain_name.com. 3 IN PTR smtp.domain_name.com. 3 IN PTR pop.domain_name.com. 4 IN PTR www.domain_name.com. 5 IN PTR ftp.domain_name.com. # End of "/var/named/named.rev" file. Starting it. ----------- Well, that's all folks. These are the only files and configurations needed to run BIND DNS quickly. Once you have followed all the above, just make sure you START the daemon/service! As user "root", type this on console. "ndc start" (without the quotes please!) Once it is started, type; "ps ax | grep named" to make sure that the "named" (BIND DNS) service is running. Next, view the logfiles to see if there are any errors. Type; "tail -n 50 /var/log/messages" and scroll the last 50 lines to see what the logfile have to say. Finally, use "nslookup" to check your DNS zones. Type; "nslookup" "set domain=your_domain_name.com" then type; "your_domain_name.com" and you should see some information like this. # My "nslookup" example. # --------------------- moonshi@firewire:~ > nslookup Default Server: ns1.singa.pore.net Address: 202.169.225.80 # Then I do a "set domain" query to my domain name. > set domain=singa.pore.net # Followed by a "set query=any" > set q=any # and then I list the domain simply by typing the full domain name. > singa.pore.net # This is the query reply. Server: ns1.singa.pore.net Address: 202.169.225.80 > # to exit the "nslookup", type "exit". > exit # and you will get your usual prompt. moonshi@firewire:~ > # That's all. That's all folks. This is a very straight-forward Mini-DNS-HOWTO and once you get it up and running, I recommend that you read the DNS-HOWTO which I pointed earlier in this Mini-DNS-HOWTO introduction. I hope all of you whom are setting-up DNS and need to set it up fast will find this information helpful. However, I hold no responsibility if you follow my examples and still can't get it up to run. Pls send all emails to me IF needed at To: <[EMAIL PROTECTED]> Subject: Mini-DNS-HOWTO Thank you!
