Now to define our own domain. We're going to make the domain
freensd.bogus
and define machines in it. I use a totally bogus
domain name to make sure we disturb no-one Out There.
One more thing before we start: Not all characters are allowed in
host names. We're restricted to the characters of the English
alphabet: a-z, and numbers 0-9 and the character '-' (dash). Keep to
those characters. Upper and lower-case characters are the same for
DNS, so pat.uio.no
is identical to Pat.UiO.No
.
We've already started this part with this line in named.conf
:
zone "0.0.127.in-addr.arpa" { type master; file "localhost.rev"; };
Please note the lack of `.
' at the end of the domain names in
this file. This says that now we will define the zone
0.0.127.in-addr.arpa
, that we're the master server for it and
that it is stored in a file called localhost.rev
. We've already
set up this file, it reads:
$TTL 3D @ IN SOA ns.freebsd.bogus. hostmaster.freebsd.bogus. ( 1 ; Serial 8H ; Refresh 2H ; Retry 4W ; Expire 1D) ; Minimum TTL NS ns.freebsd.bogus. 1 PTR localhost.
Please note the `.
' at the end of all the full domain names in
this file, in contrast to the named.conf
file above. Some people
like to start each zone file with a $ORIGIN
directive, but
this is superfluous. The origin (where in the DNS hierarchy it
belongs) of a zone file is specified in the zone section of the
named.conf
file; in this case it's 0.0.127.in-addr.arpa
.
This `zone file' contains 3 `resource records' (RRs): A SOA RR. A NS RR and a PTR RR. SOA is short for Start Of Authority. The `@' is a special notation meaning the origin, and since the `domain' column for this file says 0.0.127.in-addr.arpa the first line really means
0.0.127.in-addr.arpa. IN SOA ...
NS is the Name Server RR. There is no '@' at the start of this line; it is implicit since the previous line started with a '@'. Saves some typing that. So the NS line could also be written
0.0.127.in-addr.arpa. IN NS ns.freebsd.bogus
It tells DNS what machine is the name server of the domain
0.0.127.in-addr.arpa
, it is ns.freebsd.bogus
. 'ns' is a
customary name for name-servers, but as with web servers who are
customarily named www.
something the name may be anything.
And finally the PTR (Domain Name Pointer) record says that the host
at address 1 in the subnet 0.0.127.in-addr.arpa
, i.e., 127.0.0.1
is named localhost
.
The SOA record is the preamble to all zone files, and there
should be exactly one in each zone file. It describes the zone, where
it comes from (a machine called ns.freebsd.bogus
), who is
responsible for its contents (hostmaster@freebsd.bogus
; you should
insert your e-mail address here), what version of the zone file this
is (serial: 1), and other things having to do with caching and
secondary DNS servers. For the rest of the fields (refresh, retry,
expire and minimum) use the numbers used in this HOWTO and you should
be safe. Before the SOA comes a mandatory line, the $TTL 3D
line. Put it in all your zone files.
Now restart your named (the command is ndc restart
) and use
dig to examine your handy work. -x
asks for the inverse query:
$ dig -x 127.0.0.1
; <<>> DiG 8.2 <<>> -x
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; 1.0.0.127.in-addr.arpa, type = ANY, class = IN
;; ANSWER SECTION:
1.0.0.127.in-addr.arpa. 1D IN PTR localhost.
;; AUTHORITY SECTION:
0.0.127.in-addr.arpa. 1D IN NS ns.penguin.bv.
;; Total query time: 5 msec
;; FROM: lookfar to SERVER: default -- 127.0.0.1
;; WHEN: Sat Dec 16 01:13:48 2000
;; MSG SIZE sent: 40 rcvd: 110
So it manages to get localhost
from 127.0.0.1, good. Now for
our main task, the freebsd.bogus
domain, insert a new 'zone'
section in named.conf
:
zone "freebsd.bogus" { notify no; type master; file "pz/freebsd.bogus"; };
Note again the lack of ending `.
' on the domain name in the
named.conf
file.
In the freebsd.bogus
zone file we'll put some totally bogus
data:
; ; Zone file for freebsd.bogus ; ; The full zone file ; $TTL 3D @ IN SOA ns.freebsd.bogus. hostmaster.freebsd.bogus. ( 199802151 ; serial, todays date + todays serial # 8H ; refresh, seconds 2H ; retry, seconds 4W ; expire, seconds 1D ) ; minimum, seconds ; NS ns ; Inet Address of name server MX 10 mail.freebsd.bogus ; Primary Mail Exchanger MX 20 mail.friend.bogus. ; Secondary Mail Exchanger ; localhost A 127.0.0.1 ns A 192.168.196.2 mail A 192.168.196.4
Two things must be noted about the SOA record. ns.freebsd.bogus
must be a actual machine with a A record. It is not legal to
have a CNAME record for the machine mentioned in the SOA record. Its
name need not be `ns', it could be any legal host name. Next,
hostmaster.freebsd.bogus should be read as hostmaster@freebsd.bogus. This
should be a mail alias, or a mailbox, where the person(s) maintaining
DNS should read mail frequently. Any mail regarding the domain will
be sent to the address listed here. The name need not be
`hostmaster', it can be your normal e-mail address, but the e-mail
address `hostmaster' is often expected to work as well.
There is one new RR type in this file, the MX, or Mail eXchanger
RR. It tells mail systems where to send mail that is addressed to
someone@freebsd.bogus
, namely to mail.freebsd.bogus
or
mail.friend.bogus
. The number before each machine name is that
MX RR's priority. The RR with the lowest number (10) is the one mail
should be sent to if possible. If that fails the mail can be sent to
one with a higher number, a secondary mail handler, i.e.,
mail.friend.bogus
which has priority 20 here.
Restart named by running ndc restart
. Examine the results
with dig:
$ dig any freebsd.bogus +pfmin
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23499
;; QUERY: 1, ANSWER: 4, AUTHORITY: 1, ADDITIONAL: 1
;; QUERY SECTION:
;; freebsd.bogus, type = ANY, class = IN
;; ANSWER SECTION:
freebsd.bogus. 3D IN MX 10 mail.freebsd.bogus.freebsd.bogus.
freebsd.bogus. 3D IN MX 20 mail.friend.bogus.
freebsd.bogus. 3D IN NS ns.freebsd.bogus.
freebsd.bogus. 3D IN SOA ns.freebsd.bogus. hostmaster.freebsd.bogus. (
199802151 ; serial
8H ; refresh
2H ; retry
4W ; expiry
1D ) ; minimum
Upon careful examination you will discover a bug. The line
freebsd.bogus. 3D IN MX 10 mail.freebsd.bogus.freebsd.bogus.
is all wrong. It should be
freebsd.bogus. 3D IN MX 10 mail.freebsd.bogus.
I deliberately made a mistake so you could learn from it :-) Looking in the zone file we find this line:
MX 10 mail.freebsd.bogus ; Primary Mail Exchanger
It is missing a period. Or has a 'freebsd.bogus' too many. If a
machine name does not end in a period in a zone file the origin is
added to its end causing the double freebsd.bogus.freebsd.bogus
. So
either
MX 10 mail.freebsd.bogus. ; Primary Mail Exchanger
or
MX 10 mail ; Primary Mail Exchanger
is correct. I prefer the latter form, it's less to type. There are
some BIND experts that disagree, and some that agree with this. In a
zone file the domain should either be written out and ended with a
`.
' or it should not be included at all, in which case it
defaults to the origin.
I must stress that in the named.conf file there should not be
`.
's after the domain names. You have no idea how many times a
`.
' too many or few have fouled up things and confused the h*ll
out of people.
So having made my point here is the new zone file, with some extra information in it as well:
; ; Zone file for freebsd.bogus ; ; The full zone file ; $TTL 3D @ IN SOA ns.freebsd.bogus. hostmaster.freebsd.bogus. ( 199802151 ; serial, todays date + todays serial # 8H ; refresh, seconds 2H ; retry, seconds 4W ; expire, seconds 1D ) ; minimum, seconds ; TXT "FreeBSD.Bogus, your DNS consultants" NS ns ; Inet Address of name server NS ns.friend.bogus. MX 10 mail ; Primary Mail Exchanger MX 20 mail.friend.bogus. ; Secondary Mail Exchanger localhost A 127.0.0.1 gw A 192.168.196.1 HINFO "Cisco" "IOS" TXT "The router" ns A 192.168.196.2 MX 10 mail MX 20 mail.friend.bogus. HINFO "Pentium" "FreeBSD 3.0" www CNAME ns donald A 192.168.196.3 MX 10 mail MX 20 mail.friend.bogus. HINFO "i486" "FreeBSD 3.0" TXT "DEK" mail A 192.168.196.4 MX 10 mail MX 20 mail.friend.bogus. HINFO "386sx" "FreeBSD 2.2" ftp A 192.168.196.5 MX 10 mail MX 20 mail.friend.bogus. HINFO "P6" "FreeBSD 3.0"
There are a number of new RRs here: HINFO (Host INFOrmation) has two parts; it's a good habit to quote each. The first part is the hardware or CPU on the machine, and the second part the software or OS on the machine. The machine called 'ns' has a Pentium CPU and runs FreeBSD 3.0. CNAME (Canonical NAME) is a way to give each machine several names. So www is an alias for ns.
CNAME record usage is a bit controversial. But it's safe to follow the rule that a MX, CNAME or SOA record should never refer to a CNAME record, they should only refer to something with an A record, so it is inadvisable to have
foobar CNAME www ; NO!
but correct to have
foobar CNAME ns ; Yes!
It's also safe to assume that a CNAME is not a legal host name for
an e-mail address: webmaster@www.freebsd.bogus
is an illegal e-mail
address given the setup above. You can expect quite a few mail admins
Out There to enforce this rule even if it works for you. The way to
avoid this is to use A records (and perhaps some others too, like a MX
record) instead:
www A 192.168.196.2
A number of the arch-BIND-wizards, recommend not using CNAME at all. But the discussion of why or why not is beyond the scope of this HOWTO.
But as you see, this HOWTO and many sites do not follow this rule.
Load the new database by running ndc reload
, which causes
named to read its files again.
$ dig freebsd.bogus axfr
; <<>> DiG 8.2 <<>> freebsd.bogus axfr
$ORIGIN freebsd.bogus.
@ 3D IN SOA ns hostmaster (
199802151 ; serial
8H ; refresh
2H ; retry
4W ; expiry
1D ) ; minimum
3D IN NS ns
3D IN NS ns.friend.bogus.
3D IN MX 10 mail
3D IN MX 20 mail.friend.bogus.
3D IN TXT "FreeBSD.Bogus, your DNS consultants"
gw 3D IN TXT "The router"
3D IN HINFO "Cisco" "IOS"
3D IN A 192.168.196.1
localhost 3D IN A 127.0.0.1
mail 3D IN HINFO "386sx" "FreeBSD 2.1.5"
3D IN MX 10 mail
3D IN MX 20 mail.friend.bogus.
3D IN A 192.168.196.4
www 3D IN CNAME ns
donald 3D IN TXT "DEK"
3D IN HINFO "i486" "FreeBSD 2.2"
3D IN MX 10 mail
3D IN MX 20 mail.friend.bogus.
3D IN A 192.168.196.3
ns 3D IN HINFO "Pentium" "FreeBSD 2.2"
3D IN MX 10 mail
3D IN MX 20 mail.friend.bogus.
3D IN A 192.168.196.2
ftp 3D IN HINFO "P6" "FreeBSD 2.1.7"
3D IN MX 10 mail
3D IN MX 20 mail.friend.bogus.
3D IN A 192.168.196.5
@ 3D IN SOA ns hostmaster (
199802151 ; serial
8H ; refresh
2H ; retry
4W ; expiry
1D ) ; minimum
;; Received 29 answers (29 records).
;; FROM: lookfar to SERVER: 127.0.0.1
;; WHEN: Sat Dec 16 01:35:05 2000
That's good. As you see it looks a lot like the zone file itself.
Let's check what it says for www
alone:
$ dig www.freebsd.bogus +pfmin
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27345
;; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 1
;; QUERY SECTION:
;; www.freebsd.bogus, type = A, class = IN
;; ANSWER SECTION:
www.freebsd.bogus. 3D IN CNAME ns.freebsd.bogus.
ns.freebsd.bogus. 3D IN A 192.168.196.2
In other words, the real name of www.freebsd.bogus
is
ns.freebsd.bogus
, and it gives you some of the information it has
about ns as well, enough to connect to it if you were a program.
Now we're halfway.