| |
Network: DNS: setting up a dns server(last edit: 2002-05-18)
Introduction
In this document I will try to give an example of how to
set up DNS server. Most of this info comes from the
'FreeBSD handbook' (the printed version).
The default FreeBSD dns daemon is called 'named' and it
is part of the 'bind' port (/usr/ports/bind8). The dir
'/etc/namedb' is the place where named searches for
configuration files / zone files.
The following files are of interest for us and we will
create/edit them allong the way:
- named.conf
- db.example.org
- example-reverse
- localhost.rev
In this document I will explain how to create/edit these
file to configure a DNS server which will operate on
a local network and queries two outside DNS servers if he
doesn't know the answer.
Here is a schema of the network:
/-----------------------\
| The internet |
\-----------------------/
|
|
|--------------------|
| DNS server/gateway |
| ns.example.org |
| 192.168.1.1 |
|--------------------|
|
|
|-------------------------------------------------|
| |
|-----------------| |------------------|
| Host | | Host |
| sun.example.org | | moon.example.org |
| 192.168.1.100 | | 192.168.1.101 |
|-----------------| |------------------|
named.conf
This file is by default in the dir /etc/namedb and whe only
have to edit it.
Here is an example of how it should look like:
---
options {
directory "/etc/namedb";
forwarders {
[dns-server 1]; [dns-server 2];
};
query-source address * port 53;
};
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
zone "example.org" {
type master;
file "db.example.org";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "example.org-reverse";
};
---
Here is what all of this means:
forwarders
This should be a semicollon seperated (don't forget the last one)
list of dns servers. If your dns server doesn't know the answer it
will ask these dns servers.
query-source address
With this option you can force the DNS server to use a specific port,
this is usefull when using a firewall.
zone "."
This zone is for the top level domains, the file 'named.root' contains
all the root servers (the addresses haven't changed for years so you
don't have to edit this file).
zone "example.org"
This specifies the file in which the DNS server can find the information
about the domain 'example.org'
zone "1.168.192.in-addr.arpa"
This zone is used for reverse DNS lookups. As you might notice the ip
address is backwards and the last number misses. This is a work-around
for a 'chicken and the egg' kind of problem. How does a DNS server know
at which server it can find the information it looks for? It resolves the
ip address and queries the authoritive server but how can he query the
server? by resolving the host name. You see, this is a little problem.
This is why this approach is chosen. I won't explain any deeper because
it is not necesary to know for setting up the DNS server.
db.example.org
This is the zone file for your domain. Here is an example:
---
$TTL 86400
example.org. IN SOA ns.example.org. admin.example.org. (
2001220201 ; Serial (YYYYDDMM plus 2 digit serial)
86400 ; refresh (1 day)
7200 ; retry (2 hours)
8640000 ; expire (100 days)
86400) ; minimum (1 day)
IN NS ns.example.org.
IN MX 10 mail.example.org.
ns IN A 192.168.1.1
sun IN A 192.168.1.100
moon IN A 192.168.1.101
maan IN CNAME moon
---
Comments in the configuration files are unlike usually marked with semicollons
in stead of hashes!!!
Behind each domain a dot is marked bold. This is because this dot HAS to be there
and it is a common mistake to forget it.
$TTL
This it the default time to life, should be in here.
SOA
This is short for Start Of Authority and it should be followed by the domain of
the originating host and an e-mail address of the administrator of the DNS server.
As you might notice: there is now add symbol in the e-mail address. This is because
the add symbol has a differen meaning here and therefor the first dot is replaced
by the add symbol whenever it is needed.
Serial
This is the serial number for this zone, it should be increased each time
something has been changed. A good structure for the serial number is
YYYYDDMM plus 2 digits. This means the year in 4 digits followed by the day,
month and a sequence number. The latter is usefull when you udate the zone file
more then once on a day.
IN NS ns.example.org.
This tells the dns server that 'dns.example.org' is authoritive for this zone.
In this case thet authoritive dns server is on the same domain (example.org) as the
domain it is authoritive for. Here's an example of a more realistic zone:
---
$TTL 86400
mydomain.org. IN SOA ns.example.org. admin.example.org. (
2001220201 ; Serial (YYYYDDMM plus 2 digit serial)
86400 ; refresh (1 day)
7200 ; retry (2 hours)
8640000 ; expire (100 days)
86400) ; minimum (1 day)
IN NS ns.example.org.
IN MX 10 mail.example.org.
mydomain.org. A 211.211.211.211
www IN A 212.212.212.212
db IN A 213.213.213.213
---
As you can see an mx record and an etry for the domain name without subdomain
have been added to this example. The example.org is still in here because it is the
authoritive dns server.
example.org-reverse
This file is used for reverse lookups
---
$TTL 86400
@ IN SOA ns.example.org. admin.example.org. (
2001220200 ; Serial (date, 2 digits version)
86400 ; refresh (1 day)
7200 ; retry (2 hours)
8640000 ; expire (100 days)
86400) ; minimum (1 day)
IN NS ns.example.org.
100 IN PTR sun.example.org.
101 IN PTR moon.example.org.
---
PTR
PTR stands for Pointer.
localhost.rev
This file just maps 127.0.0.1 to localhost.
---
$TTL 3600
@ IN SOA ns.example.org. admin.example.org. (
2001220200 ; Serial
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
IN NS ns.example.org.
1 IN PTR localhost.example.org.
---
Starting the DNS server
So now you have created/edited all the necesary config files and want to start
your server. You can do this by hand by typing in (as root) '/usr/sbin/named'.
Now check /var/log/messages for errors. If your server runs without errors,
change the '/etc/resolv.conf' file to match the following:
---
domain example.org
nameserver 192.168.1.1
---
Now start nslookup and query your server for one of the subdomains in your zone
file.
If all this works you'll probely want to start the DNS server automaticaly when
your server boots. Put the following lines in '/etc/rc.conf'
---
named_enable="YES"
named_program="/usr/sbin/named"
named_flags="-u bind -g bind"
---
Make sure the user and group 'bind' exist. If you don't start named with this
user/group it will be started as root:wheel (need I explain why you should't do
this?)
Well that should be all if you have questions you can try
i_dont_get_it@lowlife.org and if
we have time and you said please we'll answer >;-)
Click here to go back to the index.
|