About DNS

Previous page
Table of content
Next page

This section discusses how DNS works and provides resources for additional information on DNS.

How DNS Works

Application programs do not issue DNS queries directly but rather use the gethostbyname() system call. How the system comes up with the corresponding IP address is transparent to the calling program. The gethostbyname() call examines the hosts line in /etc/nsswitch.conf file (page 435) to determine which files it should examine and/or which services it should query and in what order to obtain the IP address corresponding to a domain name. When it needs to query DNS, the local system (i.e., the DNS client) queries the DNS database by calling the resolver library on the local system. This call returns the required information to the application program.

Prerequisites

Install the following packages:

  • bind

  • bind-utils

  • bind-config (FEDORA, optional, used to set up a caching-only nameserver; see the following caution box for an important note)

  • caching-nameserver (RHEL, optional, used to set up a caching-only nameserver)

  • system-config-bind (FEDORA, optional)

  • bind-chroot (optional, used to set up BIND to run in a chroot jail)

Run chkconfig to cause named to start when the system enters multiuser mode:

# /sbin/chkconfig named on


After you have configured named, start it with service:

# /sbin/service named start Starting named:                                            [  OK  ]


Caution: Remove caching-nameserver and install bind-config

The released version of Fedora Core 5, including the version on the DVD enclosed with this book, includes the caching-nameserver package.

Shortly after Fedora Core 5 was released, the caching-nameserver package was replaced by the bind-config package.

To follow the examples in this chapter, you must remove the caching-nameserver package and install the bind-config package. The following commands use yum (page 478) to accomplish these tasks. In addition, it may be helpful to remove or rename /etc/named.conf as shown below.

# yum remove caching-nameserver ... # yum install bind-config ... # mv /etc/named.conf /etc/named.conf.old


If you cannot or do not want to replace the caching-nameserver package, read the parts of this chapter that are labeled RHEL and that describe the named.caching-nameserver.conf file.

RHEL includes the caching-nameserver package.


More Information

DNS for Rocket Scientists is an excellent site that makes good use of links to present information on DNS in a very digestible form.

Local


Bind Administrator Reference Manual /usr/share/doc/bind*/arm/Bv9ARM.html or see the tip "Using this JumpStart" on page 735.

Web


DNS for Rocket Scientists www.zytrax.com/books/dns

BIND www.isc.org/products/BIND

DNS security www.sans.org/rr/papers/index.php?id=1069

HOWTO


DNS HOWTO

Book


DNS & BIND, fourth edition, by Albitz & Liu, O'Reilly & Associates (April 2001)

Notes

Firewall


The named server normally accepts queries on TCP and UDP port 53. If the server system is running a firewall, you need to open these ports. For information on using the Red Hat graphical firewall tool, see "Opening Other Ports" on page 768. For more general information, see Chapter 25, which details iptables.

SELinux


According to the Red Hat named man page, the default Red Hat SELinux policy for named is very secure and prevents known BIND security vulnerabilities from being exploited. This setup has some limitations, however. Refer to the named man page for more information.

If the system is running SELinux with a targeted policy and you want to modify the SELinux named settings, you must turn on one or more of the SELinux settings under the Name Service section as displayed by system-config-securitylevel (page 402).

chroot jail


The bind-chroot package sets up named to run in a chroot jail. With this package installed, all files that control BIND are located within this jail. In this case the filenames used in this chapter are symbolic links to the files in the chroot jail. See page 750 for more information.

named options


See the comments in the /etc/sysconfig/named file for information about named options that you can set there. One of the most important of these options sets the value of the ROOTDIR variable that controls the location of the chroot jail (page 750) that BIND runs in.

named.conf (FEDORA)


Traditionally, named looks for configuration information in the /etc/named.conf file. The caching-only nameserver, which is part of the bind-config package, places named configuration information in /etc/named.caching-nameserver.conf.

For the caching-only nameserver to work without any setup, and so that named will work normally if you create a /etc/named.conf file, the Red Hat Linux named init script (/etc/rc.d/init.d/named) first looks for configuration information in /etc/named.conf. If that file does not exist, it looks for configuration information in /etc/named.caching-nameserver.conf.



Previous page
Table of content
Next page
A Practical Guide to Red Hat Linux
A Practical Guide to Red HatВ® LinuxВ®: Fedoraв„ў Core and Red Hat Enterprise Linux (3rd Edition)
ISBN: 0132280272
EAN: 2147483647
Year: 2006
Pages: 383
Authors: Mark G. Sobell
BUY ON AMAZON
Absolute Beginner[ap]s Guide to Project Management
Network Security Architectures
Java for RPG Programmers, 2nd Edition
Cisco CallManager Fundamentals (2nd Edition)
PMP Practice Questions Exam Cram 2
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy