A first stab at DNS config, very useful for dialup, cable-modem, ADSL and similar users.
On Red Hat and Red Hat related distributions you can achieve the
same practical result as this HOWTO's first section by installing the
packages bind
, bind-utils
and caching-nameserver
. If
you use Debian simply install bind
(or bind9
, as of this
writing, BIND 9 is not supported by Debian Stable (potato)) and
bind-doc
. Of course just installing those packages won't teach
you as much as reading this HOWTO. So install the packages, and then
read along verifying the files they installed.
A caching only name server will find the answer to name queries and remember the answer the next time you need it. This will shorten the waiting time the next time significantly, especially if you're on a slow connection.
First you need a file called /etc/namedb/named.conf
.
This is read when named starts. For now it should simply contain:
// Config file for caching only name server // // The version of the HOWTO you read may contain leading spaces // (spaces in front of the characters on these lines ) in this and // other files. You must remove them for things to work. // // Note that the filenames and directory names may differ, the // ultimate contents of should be quite similar though. options { directory "/etc/namedb"; // Uncommenting this might help if you have to go through a // firewall and things are not working out. But you probably // need to talk to your firewall admin. // query-source port 53; }; controls { inet 127.0.0.1 allow { localhost; } keys { rndc_key; }; }; key "rndc_key" { algorithm hmac-md5; secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K"; }; zone "." { type hint; file "named.root"; }; zone "0.0.127.in-addr.arpa" { type master; file "localhost.rev"; };
The FreeBSD distribution packages may use different file names for each kind of file mentioned here; they will still contain about the same things.
The `directory
' line tells named where to look for files. All
files named subsequently will be relative to this.
/etc/namedb
is the standard directory
according to the hier(7) manpage.
The file named /etc/namedb/named.root
is named in this.
/etc/namedb/named.root
should contain this:
; ; There might be opening comments here if you already have this file. ; If not don't worry. ; ; About any leading spaces in front of the lines here: remove them! ; Lines should start in a ;, . or character, not blanks. ; . 6D IN NS A.ROOT-SERVERS.NET. . 6D IN NS B.ROOT-SERVERS.NET. . 6D IN NS C.ROOT-SERVERS.NET. . 6D IN NS D.ROOT-SERVERS.NET. . 6D IN NS E.ROOT-SERVERS.NET. . 6D IN NS F.ROOT-SERVERS.NET. . 6D IN NS G.ROOT-SERVERS.NET. . 6D IN NS H.ROOT-SERVERS.NET. . 6D IN NS I.ROOT-SERVERS.NET. . 6D IN NS J.ROOT-SERVERS.NET. . 6D IN NS K.ROOT-SERVERS.NET. . 6D IN NS L.ROOT-SERVERS.NET. . 6D IN NS M.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4 B.ROOT-SERVERS.NET. 6D IN A 128.9.0.107 C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12 D.ROOT-SERVERS.NET. 6D IN A 128.8.10.90 E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10 F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241 G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4 H.ROOT-SERVERS.NET. 6D IN A 128.63.2.53 I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17 J.ROOT-SERVERS.NET. 6D IN A 198.41.0.10 K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129 L.ROOT-SERVERS.NET. 6D IN A 198.32.64.12 M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33
The file describes the root name servers in the world. The servers change over time and must be maintained now and then. See the maintenance section for how to keep it up to date.
The next section in named.conf
is the last zone
. I will
explain its use in a later chapter; for now just make this a file
named localhost.rev
in the subdirectory etc/namedb/:
(Again, please remove leading spaces if you cut and paste this)
$TTL 3D @ IN SOA ns.freebsd.bogus. hostmaster.freebsd.bogus. ( 1 ; Serial 8H ; Refresh 2H ; Retry 4W ; Expire 1D) ; Minimum TTL NS ns.freebsd.bogus. 1 PTR localhost.
The sections called key
and controls
together specify
that your named can be remotely controlled by a program called
rndc
if it connects from the local host, and identifis itself
with the encoded secret key. This key is like a password. For rndc
to work you need /etc/rndc.conf
to match this:
key rndc_key { algorithm "hmac-md5"; secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K"; }; options { default-server localhost; default-key rndc_key; };
As you see the secret is identical. If you want to use rndc
from other machines their times need to be within 5 minutes of
eachother. I recommend using the ntp (xntpd
and ntpdate
)
software to do this.
Next, you need a /etc/resolv.conf
looking something like
this: (Again: Remove spaces!)
search subdomain.your-domain.edu your-domain.edu nameserver 127.0.0.1
The `search
' line specifies what domains should be searched
for any host names you want to connect to. The `nameserver
' line
specifies the address of your nameserver, in this case your own
machine since that is where your named runs (127.0.0.1 is right, no
matter if your machine has another address too). If you want to list
several name servers put in one `nameserver
' line for
each. (Note: Named never reads this file, the resolver that uses named
does. Note 2: In some resolv.conf files you find a line saying
"domain". That's fine, but don't use both "search" and "domain", only
one of them will work).
To illustrate what this file does: If a client tries to look up
foo
, then foo.subdomain.your-domain.edu
is tried
first, then foo.your-domain.edu
, and finally foo
.
You may not want to put in too many domains in the search line, as it
takes time to search them all.
The example assumes you belong in the domain
subdomain.your-domain.edu
; your machine, then, is probably
called your-machine.subdomain.your-domain.edu
. The search
line should not contain your TLD (Top Level Domain, `edu
' in this
case). If you frequently need to connect to hosts in another domain
you can add that domain to the search line like this: (Remember to
remove the leading spaces, if any)
search subdomain.your-domain.edu your-domain.edu other-domain.com
and so on. Obviously you need to put real domain names in instead. Please note the lack of periods at the end of the domain names. This is important; please note the lack of periods at the end of the domain names.