DNS HOWTO : A simple domain. : Our own domain
Previous: But first some dry theory
Next: The reverse zone

5.2. Our own domain

Now to define our own domain. We're going to make the domain freensd.bogus and define machines in it. I use a totally bogus domain name to make sure we disturb no-one Out There.

One more thing before we start: Not all characters are allowed in host names. We're restricted to the characters of the English alphabet: a-z, and numbers 0-9 and the character '-' (dash). Keep to those characters (BIND 9 will not bug you if you break this rule, BIND 8 will). Upper and lower-case characters are the same for DNS, so pat.uio.no is identical to Pat.UiO.No.

We've already started this part with this line in named.conf:


zone "0.0.127.in-addr.arpa" {
	type master;
	file "localhost.rev";
};

Please note the lack of `.' at the end of the domain names in this file. This says that now we will define the zone 0.0.127.in-addr.arpa, that we're the master server for it and that it is stored in a file called localhost.rev. We've already set up this file, it reads:


$TTL 3D
@               IN      SOA     ns.freebsd.bogus. hostmaster.freebsd.bogus. (
				1       ; Serial
				8H	; Refresh
				2H      ; Retry
				4W	; Expire
				1D)	; Minimum TTL
			NS      ns.freebsd.bogus.
1			PTR	localhost.

Please note the `.' at the end of all the full domain names in this file, in contrast to the named.conf file above. Some people like to start each zone file with a $ORIGIN directive, but this is superfluous. The origin (where in the DNS hierarchy it belongs) of a zone file is specified in the zone section of the named.conf file; in this case it's 0.0.127.in-addr.arpa.

This `zone file' contains 3 `resource records' (RRs): A SOA RR. A NS RR and a PTR RR. SOA is short for Start Of Authority. The `@' is a special notation meaning the origin, and since the `domain' column for this file says 0.0.127.in-addr.arpa the first line really means

0.0.127.in-addr.arpa.	IN	SOA ...

NS is the Name Server RR. There is no '@' at the start of this line; it is implicit since the previous line started with a '@'. Saves some typing that. So the NS line could also be written

0.0.127.in-addr.arpa.	IN	NS	ns.freebsd.bogus

It tells DNS what machine is the name server of the domain 0.0.127.in-addr.arpa, it is ns.freebsd.bogus. 'ns' is a customary name for name-servers, but as with web servers who are customarily named www.something. The name may be anything.

And finally the PTR (Domain Name Pointer) record says that the host at address 1 in the subnet 0.0.127.in-addr.arpa, i.e., 127.0.0.1 is named localhost.

The SOA record is the preamble to all zone files, and there should be exactly one in each zone file, at the top (but after the $TTL directive). It describes the zone, where it comes from (a machine called ns.freebsd.bogus), who is responsible for its contents (hostmaster@freebsd.bogus; you should insert your e-mail address here), what version of the zone file this is (serial: 1), and other things having to do with caching and secondary DNS servers. For the rest of the fields (refresh, retry, expire and minimum) use the numbers used in this HOWTO and you should be safe. Before the SOA comes a mandatory line, the $TTL 3D line. Put it in all your zone files.

Now restart your named (rndc stop; named) and use dig to examine your handy work. -x asks for the inverse query:

$ dig -x 127.0.0.1
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30944
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;1.0.0.127.in-addr.arpa.                IN      PTR

;; ANSWER SECTION:
1.0.0.127.in-addr.arpa. 259200  IN      PTR     localhost.

;; AUTHORITY SECTION:
0.0.127.in-addr.arpa.   259200  IN      NS      ns.freebsd.bogus.

;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Dec 23 03:02:39 2001
;; MSG SIZE  rcvd: 91

So it manages to get localhost from 127.0.0.1, good. Now for our main task, the freebsd.bogus domain, insert a new 'zone' section in named.conf:


zone "freebsd.bogus" {
	type master;
	notify no;
	file "pz/freebsd.bogus";
};

Note again the lack of ending `.' on the domain name in the named.conf file.

In the freebsd.bogus zone file we'll put some totally bogus data:


;
; Zone file for freebsd.bogus
;
; The full zone file
;
$TTL 3D
@	IN	SOA	ns.freebsd.bogus. hostmaster.freebsd.bogus. (
			199802151	; serial, todays date + todays serial #
			8H		; refresh, seconds
			2H		; retry, seconds
			4W		; expire, seconds
			1D )		; minimum, seconds
;
		NS	ns		; Inet Address of name server
		MX	10 mail.freebsd.bogus	; Primary Mail Exchanger
		MX	20 mail.friend.bogus.	; Secondary Mail Exchanger
;
localhost	A	127.0.0.1
ns		A	192.168.196.2
mail		A	192.168.196.4

Two things must be noted about the SOA record. ns.freebsd.bogus must be a actual machine with a A record. It is not legal to have a CNAME record for the machine mentioned in the SOA record. Its name need not be `ns', it could be any legal host name. Next, hostmaster.freebsd.bogus should be read as hostmaster@freebsd.bogus. This should be a mail alias, or a mailbox, where the person(s) maintaining DNS should read mail frequently. Any mail regarding the domain will be sent to the address listed here. The name need not be `hostmaster', it can be your normal e-mail address, but the e-mail address `hostmaster' is often expected to work as well.

There is one new RR type in this file, the MX, or Mail eXchanger RR. It tells mail systems where to send mail that is addressed to someone@freebsd.bogus, namely to mail.freebsd.bogus or mail.friend.bogus. The number before each machine name is that MX RR's priority. The RR with the lowest number (10) is the one mail should be sent to if possible. If that fails the mail can be sent to one with a higher number, a secondary mail handler, i.e., mail.friend.bogus which has priority 20 here.

Reload named by running rndc reload. Examine the results with dig:

$ dig any freebsd.bogus
; <<>> DiG 9.1.3 <<>> any freebsd.bogus
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55239
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;freebsd.bogus.               IN      ANY

;; ANSWER SECTION:
freebsd.bogus.        259200  IN      SOA     ns.freebsd.bogus. \
      hostmaster.freebsd.bogus. 199802151 28800 7200 2419200 86400
freebsd.bogus.        259200  IN      NS      ns.freebsd.bogus.
freebsd.bogus.        259200  IN      MX      20 mail.friend.bogus.
freebsd.bogus.        259200  IN      MX      10 mail.freebsd.bogus.freebsd.bogus.

;; AUTHORITY SECTION:
freebsd.bogus.        259200  IN      NS      ns.freebsd.bogus.

;; ADDITIONAL SECTION:
ns.freebsd.bogus.     259200  IN      A       192.168.196.2

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Dec 23 03:06:45 2001
;; MSG SIZE  rcvd: 184

Upon careful examination you will discover a bug. The line

freebsd.bogus.        259200  IN MX        10 mail.freebsd.bogus.freebsd.bogus.

is all wrong. It should be

freebsd.bogus.        259200  IN MX        10 mail.freebsd.bogus.

I deliberately made a mistake so you could learn from it :-) Looking in the zone file we find this line:

		MX	10 mail.freebsd.bogus	; Primary Mail Exchanger

It is missing a period. Or has a 'freebsd.bogus' too many. If a machine name does not end in a period in a zone file the origin is added to its end causing the double freebsd.bogus.freebsd.bogus. So either


		MX	10 mail.freebsd.bogus.	; Primary Mail Exchanger

or


		MX	10 mail			; Primary Mail Exchanger

is correct. I prefer the latter form, it's less to type. There are some BIND experts that disagree, and some that agree with this. In a zone file the domain should either be written out and ended with a `.' or it should not be included at all, in which case it defaults to the origin.

I must stress that in the named.conf file there should not be `.'s after the domain names. You have no idea how many times a `.' too many or few have fouled up things and confused the h*ll out of people.

So having made my point here is the new zone file, with some extra information in it as well:


;
; Zone file for freebsd.bogus
;
; The full zone file
;
$TTL 3D
@	IN	SOA	ns.freebsd.bogus. hostmaster.freebsd.bogus. (
			199802151	; serial, todays date + todays serial #
			8H		; refresh, seconds
			2H		; retry, seconds
			4W		; expire, seconds
			1D )		; minimum, seconds
;
		TXT	"FreeBSD.Bogus, your DNS consultants"
		NS	ns		; Inet Address of name server
		NS	ns.friend.bogus.
		MX	10 mail		; Primary Mail Exchanger
		MX	20 mail.friend.bogus. ; Secondary Mail Exchanger

localhost	A	127.0.0.1

gw		A	192.168.196.1
		TXT	"The router"

ns		A	192.168.196.2
		MX	10 mail
		MX	20 mail.friend.bogus.
www		CNAME	ns

donald		A	192.168.196.3
		MX	10 mail
		MX	20 mail.friend.bogus.
		TXT	"DEK"

mail		A	192.168.196.4
		MX	10 mail
		MX	20 mail.friend.bogus.

ftp		A	192.168.196.5
		MX	10 mail
		MX	20 mail.friend.bogus.

CNAME (Canonical NAME) is a way to give each machine several names. So www is an alias for ns. CNAME record usage is a bit controversial. But it's safe to follow the rule that a MX, CNAME or SOA record should never refer to a CNAME record, they should only refer to something with an A record, so it is inadvisable to have


foobar		CNAME	www			; NO!

but correct to have


foobar		CNAME	ns			; Yes!

Load the new database by running rndc reload, which causes named to read its files again.

$ dig freebsd.bogus axfr

; <<>> DiG 9.1.3 <<>> freebsd.bogus axfr
;; global options:  printcmd
freebsd.bogus.            259200  IN      SOA     ns.freebsd.bogus. hostmaster.freebsd.bogus. 199802151 28800 7200 2419200 86400
freebsd.bogus.            259200  IN      NS      ns.freebsd.bogus.
freebsd.bogus.            259200  IN      MX      10 mail.freebsd.bogus.
freebsd.bogus.            259200  IN      MX      20 mail.friend.bogus.
donald.freebsd.bogus.     259200  IN      A       192.168.196.3
donald.freebsd.bogus.     259200  IN      MX      10 mail.freebsd.bogus.
donald.freebsd.bogus.     259200  IN      MX      20 mail.friend.bogus.
donald.freebsd.bogus.     259200  IN      TXT     "DEK"
ftp.freebsd.bogus.        259200  IN      A       192.168.196.5
ftp.freebsd.bogus.        259200  IN      MX      10 mail.freebsd.bogus.
ftp.freebsd.bogus.        259200  IN      MX      20 mail.friend.bogus.
gw.freebsd.bogus.         259200  IN      A       192.168.196.1
gw.freebsd.bogus.         259200  IN      TXT     "The router"
localhost.freebsd.bogus.  259200  IN      A       127.0.0.1
mail.freebsd.bogus.       259200  IN      A       192.168.196.4
mail.freebsd.bogus.       259200  IN      MX      10 mail.freebsd.bogus.
mail.freebsd.bogus.       259200  IN      MX      20 mail.friend.bogus.
ns.freebsd.bogus.         259200  IN      MX      10 mail.freebsd.bogus.
ns.freebsd.bogus.         259200  IN      MX      20 mail.friend.bogus.
ns.freebsd.bogus.         259200  IN      A       192.168.196.2
www.freebsd.bogus.        259200  IN      CNAME   ns.freebsd.bogus.
freebsd.bogus.            259200  IN      SOA     ns.freebsd.bogus. hostmaster.freebsd.bogus. 199802151 28800 7200 2419200 86400
;; Query time: 41 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Dec 23 03:12:31 2001
;; XFR size: 23 records

That's good. As you see it looks a bit like the zone file itself. Let's check what it says for www alone:

$ dig www.freebsd.bogus

; <<>> DiG 9.1.3 <<>> www.freebsd.bogus
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16633
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.freebsd.bogus.               IN      A

;; ANSWER SECTION:
www.freebsd.bogus.        259200  IN      CNAME   ns.freebsd.bogus.
ns.freebsd.bogus.         259200  IN      A       192.168.196.2

;; AUTHORITY SECTION:
freebsd.bogus.            259200  IN      NS      ns.freebsd.bogus.

;; Query time: 5 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Dec 23 03:14:14 2001
;; MSG SIZE  rcvd: 80

In other words, the real name of www.freebsd.bogus is ns.freebsd.bogus, and it gives you some of the information it has about ns as well, enough to connect to it if you were a program.

Now we're halfway.


DNS HOWTO : A simple domain. : Our own domain
Previous: But first some dry theory
Next: The reverse zone