Next
Previous
Contents
A first stab at DNS config, very useful for dialup, cable-modem and ADSL
users.
On Red Hat and Red Hat related distributions you can achieve the same
practical result as this HOWTO's first section by installing the packages
bind, bind-utils and caching-nameserver. If you use
Debian simply install bind and bind-doc. Of course
just installing those packages won't teach you as much as reading this HOWTO. So
install the packages, and then read along verifying the files they installed.
A caching only name server will find the answer to name queries and remember
the answer the next time you need it. This will shorten the waiting time the
next time significantly, especially if you're on a slow connection.
First you need a file called /etc/named.conf (Debian:
/etc/bind/named.conf). This is read when named starts. For now it
should simply contain:
// Config file for caching only name server
options {
directory "/var/named";
// Uncommenting this might help if you have to go through a
// firewall and things are not working out. But you probably
// need to talk to your firewall admin.
// query-source port 53;
};
zone "." {
type hint;
file "root.hints";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "pz/127.0.0";
};
The Linux distribution packages may use different file names for each kind of
file mentioned here; they will still contain about the same things.
The `directory' line tells named where to look for files. All
files named subsequently will be relative to this. Thus pz is a
directory under /var/named, i.e., /var/named/pz.
/var/named is the right directory according to the Linux File
system Standard.
The file named /var/named/root.hints is named in this.
/var/named/root.hints should contain this: (If you cut and
paste this file from an electronic version of this document, please note that
there should be no leading spaces in the file, i.e. all the lines should
start with a non-blank character. Some document processing software will insert
spaces at beginning of the lines, causing some confusion. In that case please
remove the leading spaces)
;
; There might be opening comments here if you already have this file.
; If not don't worry.
;
. 6D IN NS M.ROOT-SERVERS.NET.
. 6D IN NS I.ROOT-SERVERS.NET.
. 6D IN NS E.ROOT-SERVERS.NET.
. 6D IN NS D.ROOT-SERVERS.NET.
. 6D IN NS A.ROOT-SERVERS.NET.
. 6D IN NS H.ROOT-SERVERS.NET.
. 6D IN NS C.ROOT-SERVERS.NET.
. 6D IN NS G.ROOT-SERVERS.NET.
. 6D IN NS F.ROOT-SERVERS.NET.
. 6D IN NS B.ROOT-SERVERS.NET.
. 6D IN NS J.ROOT-SERVERS.NET.
. 6D IN NS K.ROOT-SERVERS.NET.
. 6D IN NS L.ROOT-SERVERS.NET.
;
M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33
I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
D.ROOT-SERVERS.NET. 6D IN A 128.8.10.90
A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
H.ROOT-SERVERS.NET. 6D IN A 128.63.2.53
C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
B.ROOT-SERVERS.NET. 6D IN A 128.9.0.107
J.ROOT-SERVERS.NET. 6D IN A 198.41.0.10
K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129
L.ROOT-SERVERS.NET. 6D IN A 198.32.64.12
The file describes the root name servers in the world. The servers change
over time and must be maintained now and then. See the maintenance
section for how to keep it up to date.
The next section in named.conf is the last zone. I
will explain its use in a later chapter; for now just make this a file named
127.0.0 in the subdirectory pz: (Again, please
remove leading spaces if you cut and paste this)
$TTL 3D
@ IN SOA ns.linux.bogus. hostmaster.linux.bogus. (
1 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D) ; Minimum TTL
NS ns.linux.bogus.
1 PTR localhost.
Next, you need a /etc/resolv.conf looking something like this:
(Again: Remove spaces!)
search subdomain.your-domain.edu your-domain.edu
nameserver 127.0.0.1
The `search' line specifies what domains should be searched for
any host names you want to connect to. The `nameserver' line
specifies the address of your nameserver, in this case your own machine since
that is where your named runs (127.0.0.1 is right, no matter if your machine has
another address too). If you want to list several name servers put in one
`nameserver' line for each. (Note: Named never reads this file, the
resolver that uses named does. Note 2: In some resolv.conf files you find a line
saying "domain". That's fine, but don't use both "search" and "domain", only one
of them will work).
To illustrate what this file does: If a client tries to look up
foo, then foo.subdomain.your-domain.edu is tried
first, then foo.your-domain.edu, and finally foo. You
may not want to put in too many domains in the search line, as it takes time to
search them all.
The example assumes you belong in the domain
subdomain.your-domain.edu; your machine, then, is probably called
your-machine.subdomain.your-domain.edu. The search line should not
contain your TLD (Top Level Domain, `edu' in this case). If you
frequently need to connect to hosts in another domain you can add that domain to
the search line like this: (Remember to remove the leading spaces, if
any)
search subdomain.your-domain.edu your-domain.edu other-domain.com
and so on. Obviously you need to put real domain names in instead. Please
note the lack of periods at the end of the domain names. This is important;
please note the lack of periods at the end of the domain names.
After all this it's time to start named. If you're using a dialup connection
connect first. Type `ndc start', and press return, no options. If
that does not work try `/usr/sbin/ndc start' instead. If that
back-fires see the qanda section.
If you view your syslog message file (usually called
/var/adm/messages, but another directory to look in is
/var/log and another file to look in is syslog) while
starting named (do tail -f /var/log/messages) you should see
something like:
(the lines ending in \ continues on the next line)
Dec 15 23:53:29 localhost named[3768]: starting. named 8.2.2-P7 \
Fri Nov 10 04:50:23 EST 2000 ^Iprospector@porky.\
devel.redhat.com:/usr/src/bs/BUILD/bind-8.2.2_P7/\
src/bin/named
Dec 15 23:53:29 localhost named[3768]: hint zone "" (IN) loaded\
(serial 0)
Dec 15 23:53:29 localhost named[3768]: Zone "0.0.127.in-addr.arpa"\
(file pz/127.0.0): No default TTL set using SOA\
minimum instead
Dec 15 23:53:29 localhost named[3768]: master zone\
"0.0.127.in-addr.arpa" (IN) loaded (serial 1)
Dec 15 23:53:29 localhost named[3768]: listening on [127.0.0.1].53 (lo)
Dec 15 23:53:29 localhost named[3768]: listening on [10.0.0.129].53\
(wvlan0)
Dec 15 23:53:29 localhost named[3768]: Forwarding source address is\
[0.0.0.0].1034
Dec 15 23:53:29 localhost named[3769]: Ready to answer queries.
If there are any messages about errors then there is a mistake. Named will
name the file it is in. Go back and check the file. Run "ndc restart" when you
have fixed it.
Now you can test your setup. Traditionally a program called
nslookup is used for this. These days dig is
recommended:
$ dig -x 127.0.0.1
; <<>> DiG 8.2 <<>> -x
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; 1.0.0.127.in-addr.arpa, type = ANY, class = IN
;; ANSWER SECTION:
1.0.0.127.in-addr.arpa. 1D IN PTR localhost.
;; AUTHORITY SECTION:
0.0.127.in-addr.arpa. 1D IN NS ns.penguin.bv.
;; Total query time: 30 msec
;; FROM: lookfar to SERVER: default -- 127.0.0.1
;; WHEN: Sat Dec 16 00:16:12 2000
;; MSG SIZE sent: 40 rcvd: 110
If that's what you get it's working. We hope. Anything else, go back and
check everything. Each time you change the named.conf file you need
to restart named using the ndc restart command.
Now you can enter a query. Try looking up some machine close to you.
pat.uio.no is close to me, at the University of Oslo:
$ dig pat.uio.no
; <<>> DiG 8.2 <<>> pat.uio.no
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUERY SECTION:
;; pat.uio.no, type = A, class = IN
;; ANSWER SECTION:
pat.uio.no. 1D IN A 129.240.130.16
;; AUTHORITY SECTION:
uio.no. 1D IN NS nissen.uio.no.
uio.no. 1D IN NS ifi.uio.no.
uio.no. 1D IN NS nn.uninett.no.
;; ADDITIONAL SECTION:
nissen.uio.no. 1D IN A 129.240.2.3
ifi.uio.no. 1H IN A 129.240.64.2
nn.uninett.no. 1D IN A 158.38.0.181
;; Total query time: 112 msec
;; FROM: lookfar to SERVER: default -- 127.0.0.1
;; WHEN: Sat Dec 16 00:23:07 2000
;; MSG SIZE sent: 28 rcvd: 162
This time dig asked your named to look for the machine
pat.uio.no. It then contacted one of the name server machines named
in your root.hints file, and asked its way from there. It might
take tiny while before you get the result as it may need to search all the
domains you named in /etc/resolv.conf. Please note the "aa" on the
"flags:" line. It means that the answer is authoritative, that it is fresh from
an authoritative server. I'll explain "authoritative" later.
If you ask the same again you get this:
$ dig pat.uio.no
; <<>> DiG 8.2 <<>> pat.uio.no
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUERY SECTION:
;; pat.uio.no, type = A, class = IN
;; ANSWER SECTION:
pat.uio.no. 23h59m58s IN A 129.240.130.16
;; AUTHORITY SECTION:
UIO.NO. 23h59m58s IN NS nissen.UIO.NO.
UIO.NO. 23h59m58s IN NS ifi.UIO.NO.
UIO.NO. 23h59m58s IN NS nn.uninett.NO.
;; ADDITIONAL SECTION:
nissen.UIO.NO. 23h59m58s IN A 129.240.2.3
ifi.UIO.NO. 1d23h59m58s IN A 129.240.64.2
nn.uninett.NO. 1d23h59m58s IN A 158.38.0.181
;; Total query time: 4 msec
;; FROM: lookfar to SERVER: default -- 127.0.0.1
;; WHEN: Sat Dec 16 00:23:09 2000
;; MSG SIZE sent: 28 rcvd: 162
Note the lack of a "aa" flag in this answer. That means that named did not go
out on the network to ask this time, as the information is in the cache now. But
the cached information might be out of date (stale). So you are
informed of this (very slight) possibility by the "aa" not being there. But, now
you know that your cache is working.
All OSes implementing the standard C API has the calls gethostbyname and
gethostbyaddr. These can get information from several different sources. Which
sources it gets it from is configured in /etc/nsswitch.conf on
Linux (and some other Unixes). This is a long file specifying from which file or
database to get different kinds of data types. It usually contains helpful
comments at the top, which you should consider reading. After that find the line
starting with `hosts:'; it should read:
hosts: files dns
(You remembered about the leading spaces, right? I won't mention them
again.)
If there is no line starting with `hosts:' then put in the one
above. It says that programs should first look in the /etc/hosts
file, then check DNS according to resolv.conf.
Now you know how to set up a caching named. Take a beer, milk, or whatever
you prefer to celebrate it.
Next
Previous
Contents
| 