DNS HOWTO : A simple domain. : Our own domain
Previous: But first some dry theory
Next: The reverse zone

5.2. Our own domain

Now to define our own domain. We're going to make the domain freensd.bogus and define machines in it. I use a totally bogus domain name to make sure we disturb no-one Out There.

One more thing before we start: Not all characters are allowed in host names. We're restricted to the characters of the English alphabet: a-z, and numbers 0-9 and the character '-' (dash). Keep to those characters. Upper and lower-case characters are the same for DNS, so pat.uio.no is identical to Pat.UiO.No.

We've already started this part with this line in named.conf:


zone "0.0.127.in-addr.arpa" {
	type master;
	file "localhost.rev";
};

Please note the lack of `.' at the end of the domain names in this file. This says that now we will define the zone 0.0.127.in-addr.arpa, that we're the master server for it and that it is stored in a file called localhost.rev. We've already set up this file, it reads:


$TTL 3D
@               IN      SOA     ns.freebsd.bogus. hostmaster.freebsd.bogus. (
				1       ; Serial
				8H	; Refresh
				2H      ; Retry
				4W	; Expire
				1D)	; Minimum TTL
			NS      ns.freebsd.bogus.
1			PTR	localhost.

Please note the `.' at the end of all the full domain names in this file, in contrast to the named.conf file above. Some people like to start each zone file with a $ORIGIN directive, but this is superfluous. The origin (where in the DNS hierarchy it belongs) of a zone file is specified in the zone section of the named.conf file; in this case it's 0.0.127.in-addr.arpa.

This `zone file' contains 3 `resource records' (RRs): A SOA RR. A NS RR and a PTR RR. SOA is short for Start Of Authority. The `@' is a special notation meaning the origin, and since the `domain' column for this file says 0.0.127.in-addr.arpa the first line really means

0.0.127.in-addr.arpa.	IN	SOA ...

NS is the Name Server RR. There is no '@' at the start of this line; it is implicit since the previous line started with a '@'. Saves some typing that. So the NS line could also be written

0.0.127.in-addr.arpa.	IN	NS	ns.freebsd.bogus

It tells DNS what machine is the name server of the domain 0.0.127.in-addr.arpa, it is ns.freebsd.bogus. 'ns' is a customary name for name-servers, but as with web servers who are customarily named www.something the name may be anything.

And finally the PTR (Domain Name Pointer) record says that the host at address 1 in the subnet 0.0.127.in-addr.arpa, i.e., 127.0.0.1 is named localhost.

The SOA record is the preamble to all zone files, and there should be exactly one in each zone file. It describes the zone, where it comes from (a machine called ns.freebsd.bogus), who is responsible for its contents (hostmaster@freebsd.bogus; you should insert your e-mail address here), what version of the zone file this is (serial: 1), and other things having to do with caching and secondary DNS servers. For the rest of the fields (refresh, retry, expire and minimum) use the numbers used in this HOWTO and you should be safe. Before the SOA comes a mandatory line, the $TTL 3D line. Put it in all your zone files.

Now restart your named (the command is ndc restart) and use dig to examine your handy work. -x asks for the inverse query:

$ dig -x 127.0.0.1

; <<>> DiG 8.2 <<>> -x 
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;;      1.0.0.127.in-addr.arpa, type = ANY, class = IN

;; ANSWER SECTION:
1.0.0.127.in-addr.arpa.  1D IN PTR  localhost.

;; AUTHORITY SECTION:
0.0.127.in-addr.arpa.   1D IN NS        ns.penguin.bv.

;; Total query time: 5 msec
;; FROM: lookfar to SERVER: default -- 127.0.0.1
;; WHEN: Sat Dec 16 01:13:48 2000
;; MSG SIZE  sent: 40  rcvd: 110

So it manages to get localhost from 127.0.0.1, good. Now for our main task, the freebsd.bogus domain, insert a new 'zone' section in named.conf:


zone "freebsd.bogus" {
	notify no;
	type master;
	file "pz/freebsd.bogus";
};

Note again the lack of ending `.' on the domain name in the named.conf file.

In the freebsd.bogus zone file we'll put some totally bogus data:


;
; Zone file for freebsd.bogus
;
; The full zone file
;
$TTL 3D
@	IN	SOA	ns.freebsd.bogus. hostmaster.freebsd.bogus. (
			199802151	; serial, todays date + todays serial #
			8H		; refresh, seconds
			2H		; retry, seconds
			4W		; expire, seconds
			1D )		; minimum, seconds
;
		NS	ns		; Inet Address of name server
		MX	10 mail.freebsd.bogus	; Primary Mail Exchanger
		MX	20 mail.friend.bogus.	; Secondary Mail Exchanger
;
localhost	A	127.0.0.1
ns		A	192.168.196.2
mail		A	192.168.196.4

Two things must be noted about the SOA record. ns.freebsd.bogus must be a actual machine with a A record. It is not legal to have a CNAME record for the machine mentioned in the SOA record. Its name need not be `ns', it could be any legal host name. Next, hostmaster.freebsd.bogus should be read as hostmaster@freebsd.bogus. This should be a mail alias, or a mailbox, where the person(s) maintaining DNS should read mail frequently. Any mail regarding the domain will be sent to the address listed here. The name need not be `hostmaster', it can be your normal e-mail address, but the e-mail address `hostmaster' is often expected to work as well.

There is one new RR type in this file, the MX, or Mail eXchanger RR. It tells mail systems where to send mail that is addressed to someone@freebsd.bogus, namely to mail.freebsd.bogus or mail.friend.bogus. The number before each machine name is that MX RR's priority. The RR with the lowest number (10) is the one mail should be sent to if possible. If that fails the mail can be sent to one with a higher number, a secondary mail handler, i.e., mail.friend.bogus which has priority 20 here.

Restart named by running ndc restart. Examine the results with dig:

$ dig any freebsd.bogus +pfmin
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23499
;; QUERY: 1, ANSWER: 4, AUTHORITY: 1, ADDITIONAL: 1
;; QUERY SECTION:
;;      freebsd.bogus, type = ANY, class = IN

;; ANSWER SECTION:
freebsd.bogus.            3D IN MX        10 mail.freebsd.bogus.freebsd.bogus.
freebsd.bogus.            3D IN MX        20 mail.friend.bogus.
freebsd.bogus.            3D IN NS        ns.freebsd.bogus.
freebsd.bogus.            3D IN SOA       ns.freebsd.bogus. hostmaster.freebsd.bogus. (
                                        199802151       ; serial
                                        8H              ; refresh
                                        2H              ; retry
                                        4W              ; expiry
                                        1D )            ; minimum

Upon careful examination you will discover a bug. The line

freebsd.bogus.            3D IN MX        10 mail.freebsd.bogus.freebsd.bogus.

is all wrong. It should be

freebsd.bogus.            3D IN MX        10 mail.freebsd.bogus.

I deliberately made a mistake so you could learn from it :-) Looking in the zone file we find this line:

		MX	10 mail.freebsd.bogus	; Primary Mail Exchanger

It is missing a period. Or has a 'freebsd.bogus' too many. If a machine name does not end in a period in a zone file the origin is added to its end causing the double freebsd.bogus.freebsd.bogus. So either


		MX	10 mail.freebsd.bogus.	; Primary Mail Exchanger

or


		MX	10 mail			; Primary Mail Exchanger

is correct. I prefer the latter form, it's less to type. There are some BIND experts that disagree, and some that agree with this. In a zone file the domain should either be written out and ended with a `.' or it should not be included at all, in which case it defaults to the origin.

I must stress that in the named.conf file there should not be `.'s after the domain names. You have no idea how many times a `.' too many or few have fouled up things and confused the h*ll out of people.

So having made my point here is the new zone file, with some extra information in it as well:


;
; Zone file for freebsd.bogus
;
; The full zone file
;
$TTL 3D
@	IN	SOA	ns.freebsd.bogus. hostmaster.freebsd.bogus. (
			199802151	; serial, todays date + todays serial #
			8H		; refresh, seconds
			2H		; retry, seconds
			4W		; expire, seconds
			1D )		; minimum, seconds
;
		TXT	"FreeBSD.Bogus, your DNS consultants"
		NS	ns		; Inet Address of name server
		NS	ns.friend.bogus.
		MX	10 mail		; Primary Mail Exchanger
		MX	20 mail.friend.bogus. ; Secondary Mail Exchanger

localhost	A	127.0.0.1

gw		A	192.168.196.1
		HINFO	"Cisco" "IOS"
		TXT	"The router"

ns		A	192.168.196.2
		MX	10 mail
		MX	20 mail.friend.bogus.
		HINFO	"Pentium" "FreeBSD 3.0"
www		CNAME	ns

donald		A	192.168.196.3
		MX	10 mail
		MX	20 mail.friend.bogus.
		HINFO	"i486"	"FreeBSD 3.0"
		TXT	"DEK"

mail		A	192.168.196.4
		MX	10 mail
		MX	20 mail.friend.bogus.
		HINFO	"386sx" "FreeBSD 2.2"

ftp		A	192.168.196.5
		MX	10 mail
		MX	20 mail.friend.bogus.
		HINFO	"P6" "FreeBSD 3.0"

There are a number of new RRs here: HINFO (Host INFOrmation) has two parts; it's a good habit to quote each. The first part is the hardware or CPU on the machine, and the second part the software or OS on the machine. The machine called 'ns' has a Pentium CPU and runs FreeBSD 3.0. CNAME (Canonical NAME) is a way to give each machine several names. So www is an alias for ns.

CNAME record usage is a bit controversial. But it's safe to follow the rule that a MX, CNAME or SOA record should never refer to a CNAME record, they should only refer to something with an A record, so it is inadvisable to have


foobar		CNAME	www			; NO!

but correct to have


foobar		CNAME	ns			; Yes!

It's also safe to assume that a CNAME is not a legal host name for an e-mail address: webmaster@www.freebsd.bogus is an illegal e-mail address given the setup above. You can expect quite a few mail admins Out There to enforce this rule even if it works for you. The way to avoid this is to use A records (and perhaps some others too, like a MX record) instead:


www		A	192.168.196.2

A number of the arch-BIND-wizards, recommend not using CNAME at all. But the discussion of why or why not is beyond the scope of this HOWTO.

But as you see, this HOWTO and many sites do not follow this rule.

Load the new database by running ndc reload, which causes named to read its files again.

$ dig freebsd.bogus axfr

; <<>> DiG 8.2 <<>> freebsd.bogus axfr 
$ORIGIN freebsd.bogus.
@                       3D IN SOA       ns hostmaster (
                                        199802151       ; serial
                                        8H              ; refresh
                                        2H              ; retry
                                        4W              ; expiry
                                        1D )            ; minimum

                        3D IN NS        ns
                        3D IN NS        ns.friend.bogus.
                        3D IN MX        10 mail
                        3D IN MX        20 mail.friend.bogus.
                        3D IN TXT       "FreeBSD.Bogus, your DNS consultants"
gw                      3D IN TXT       "The router"
                        3D IN HINFO     "Cisco" "IOS"
                        3D IN A         192.168.196.1
localhost               3D IN A         127.0.0.1
mail                    3D IN HINFO     "386sx" "FreeBSD 2.1.5"
                        3D IN MX        10 mail
                        3D IN MX        20 mail.friend.bogus.
                        3D IN A         192.168.196.4
www                     3D IN CNAME     ns
donald                  3D IN TXT       "DEK"
                        3D IN HINFO     "i486" "FreeBSD 2.2"
                        3D IN MX        10 mail
                        3D IN MX        20 mail.friend.bogus.
                        3D IN A         192.168.196.3
ns                      3D IN HINFO     "Pentium" "FreeBSD 2.2"
                        3D IN MX        10 mail
                        3D IN MX        20 mail.friend.bogus.
                        3D IN A         192.168.196.2
ftp                     3D IN HINFO     "P6" "FreeBSD 2.1.7"
                        3D IN MX        10 mail
                        3D IN MX        20 mail.friend.bogus.
                        3D IN A         192.168.196.5
@                       3D IN SOA       ns hostmaster (
                                        199802151       ; serial
                                        8H              ; refresh
                                        2H              ; retry
                                        4W              ; expiry
                                        1D )            ; minimum

;; Received 29 answers (29 records).
;; FROM: lookfar to SERVER: 127.0.0.1
;; WHEN: Sat Dec 16 01:35:05 2000

That's good. As you see it looks a lot like the zone file itself. Let's check what it says for www alone:

$ dig www.freebsd.bogus +pfmin
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27345
;; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 1
;; QUERY SECTION:
;;      www.freebsd.bogus, type = A, class = IN

;; ANSWER SECTION:
www.freebsd.bogus.        3D IN CNAME     ns.freebsd.bogus.
ns.freebsd.bogus.         3D IN A         192.168.196.2

In other words, the real name of www.freebsd.bogus is ns.freebsd.bogus, and it gives you some of the information it has about ns as well, enough to connect to it if you were a program.

Now we're halfway.


DNS HOWTO : A simple domain. : Our own domain
Previous: But first some dry theory
Next: The reverse zone