A Full-Functioned Nameserver

Previous page
Table of content
Next page

Because the IP addresses used in this example are part of the private address space (page 1049) you can copy the example and run the server without affecting global DNS. Also, to prevent contamination of the global DNS, each zone has the notify option set to NO. When you build a nameserver that is integrated with the Internet, you will want to use IP addresses that are unique to your installation. You may want to change the settings of the notify statements.

named.conf


The named.conf file in this example limits the IP addresses that named answers queries from and sets up logging:

$ cat /etc/named.conf options {     directory "/var/named";     allow-query {127.0.0.1; 192.168.0.0/24;};}; zone "." IN {     type   hint;     file   "named.ca";}; zone "0.168.192.in-addr.arpa" IN {     type   master;     file   "named.local";     notify NO; }; zone "sam.net" IN {     type   master;     file   "sam.net";     notify NO; };  logging{     channel "misc" {         file "/var/log/bind/misc.log" versions 4 size 4m;         print-time YES;         print-severity YES;         print-category YES;     };     channel "query" {        file "/var/log/bind/query.log" versions 4 size 4m;        print-time YES;        print-severity NO;        print-category NO;     };     category default {        "misc";     };     category queries {        "query";     }; };


The allow-query statement in the Options section specifies the IP addresses of the systems that the server will answer queries from. You must include the local system as 127.0.0.1 if it will be querying the server. The zone that this server is authoritative for is sam.net; the zone file for sam.net is /var/named/sam.net.

Logging


Logging is turned on by the Logging section. This section opens two logging channels: one that logs information to /var/log/bind/misc.log and one that logs information to /var/log/bind/query.log. When one of these logs grows to 4 megabytes (size 4m in the file statement), it is renamed by appending .1 to its filename and a new log is started. The numbers at the ends of other, similarly named logs are incremented. Any log that would have a larger number than that specified by the versions clause (4 in the example) is removed. See logrotate (page 559) for another way to maintain log files. The print statements determine whether the time, severity, and category of the information are sent to the log; specify each as YES or NO. The category determines what information is logged to the channel. In the example, default information is sent to the misc channel and queries are sent to the query channel. Refer to the named.conf man page for more choices.

named.local


The origin for the reverse zone file (named.local) is 0.168.192.in-addr.arpa (as specified in the Zone section that refers to this file in named.conf). Following the SOA and NS resource records, the first three PTR resource records equate address 1 in the subnet 0.168.192.in-addr.arpa (192.168.0.1) with the names gw.sam.net., www.sam.net., and ftp.sam.net., respectively. The next three PTR resource records equate 192.168.0.3 with mark.sam.net., 192.168.0.4 with mail.sam.net., and 192.168.0.6 with ns.sam.net..

$ cat named.local ; zone "0.168.192.in-addr.arpa" ; $TTL   3D @      IN      SOA     ns.sam.net. mgs@sobell.com. (                                2005110501    ; serial                                8H            ; refresh                                2H            ; retry                                4W            ; expire                                1D)           ; minimum        IN      NS      ns.sam.net. 1      IN      PTR     gw.sam.net. 1      IN      PTR     www.sam.net. 1      IN      PTR     ftp.sam.net. 3      IN      PTR     mark.sam.net. 4      IN      PTR     mail.sam.net. 6      IN      PTR     ns.sam.net.


sam.net


The zone file for sam.net takes advantage of many BIND features and includes TXT (page 728), CNAME (page 726), and MX (page 726) resource records. When you query for resource records, named returns the TXT resource record along with the records you requested. The first of the two NS records specifies an unqualified name (ns) to which BIND appends the zone name (sam.net), yielding an FQDN of ns.sam.net. The second nameserver is specified with an FQDN name that BIND does not alter. The MX records specify mail servers in a similar manner and include a priority number at the start of the data field; lower numbers indicate preferred servers.

$ cat sam.net ; zone "sam.net" ; $TTL       3D @        IN      SOA     ns.sam.net. mgs@sobell.com. (                                 200511051        ; serial                                 8H               ; refresh                                 2H               ; retry                                 4W               ; expire                                 1D )             ; minimum                  TXT     "Sobell Associates Inc."                  NS      ns          ; Nameserver address(unqualified)                  NS      ns.max.net.; Nameserver address (qualified)                  MX      10 mail     ; Mail exchange (primary/unqualified)                  MX      20 mail.max.net.; Mail exchange (2nd/qualified) localhost IN      A         127.0.0.1 www       IN       CNAME     ns ftp       IN       CNAME     ns gw        IN       A        192.168.0.1                    TXT      "Router" ns        IN       A        192.168.0.6                    MX       10 mail                    MX       20 mail.max.net. mark       IN      A        192.168.0.3                    MX       10 mail                    MX       20 mail.max.net.                    TXT      "MGS" mail       IN      A        192.168.0.4                    MX       10 mail                    MX       20 mail.max.net.


Some resource records have a value in the Name field; those without a name inherit the name from the previous resource record. In a similar manner, the previous resource record may have an inherited name value, and so on. The five resource records following the SOA resource record inherit the @, or zone name, from the SOA resource record. These resource records pertain to the zone as a whole. In the preceding example, the first TXT resource record inherits its name from the SOA resource record; it is the TXT resource record for the sam.net zone (give the command host t TXT sam.net to display the TXT resource record).

Following these five resource records are resource records that pertain to a domain within the zone. For example, the MX resource records that follow the A resource record with the Name field set to mark are resource records for the mark.sam.net. domain.

The A resource record for localhost is followed by two CNAME resource records that specify www(.sam.net.) and ftp(.sam.net.) as aliases for the nameserver ns.sam.net.. For example, a user connecting to ftp.sam.net will connect to 192.168.0.6. The resource records named gw, ns, mark, and mail are resource records for domains within the sam.net zone.

Log files


Before restarting named, create the directory for the log files and give it permissions and ownership as shown below. If you are running named in a chroot jail, create the bind directory in /var/named/chroot/var/log.

# mkdir /var/log/bind # chmod 744 /var/log/bind # chown named /var/log/bind # ls -ld /var/log/bind drwxr--r-- 2 named root 4096 Nov  5 19:41 /var/log/bind


With the log directory in place, named.conf in /etc (or in /var/named/chroot/etc if you are running named in a chroot jail), and the named.ca, named.local, and sam.net zone files in /var/named (or in /var/named/chroot/var/named if you are running named in a chroot jail), restart named and check the log files. The file /var/log/messages should show something like the following:

# cat /var/log/messages ... 19:25:48 peach named[22416]: starting BIND 9.3.2 -u named -t /var/named/chroot 19:25:48 peach named[22416]: found 1 CPU, using 1 worker thread 19:25:48 peach named[22416]: loading configuration from '/etc/named.conf' 19:25:48 peach named[22416]: listening on IPv4 interface lo, 127.0.0.1#53 19:25:48 peach named[22416]: listening on IPv4 interface eth0, 192.168.0.10#53 19:25:48 peach named[22416]: command channel listening on 127.0.0.1#953 19:25:48 peach named[22416]: command channel listening on ::1#953


The misc.log file may show errors that do not appear in the messages file:

# cat /var/log/bind/misc.log 19:25:48.077 general: info: zone 0.168.192.in-addr.arpa/IN: loaded serial 2005110501 19:25:48.079 general: info: zone sam.net/IN: loaded serial 200511051 19:25:48.097 general: notice: running




Previous page
Table of content
Next page
A Practical Guide to Red Hat Linux
A Practical Guide to Red HatВ® LinuxВ®: Fedoraв„ў Core and Red Hat Enterprise Linux (3rd Edition)
ISBN: 0132280272
EAN: 2147483647
Year: 2006
Pages: 383
Authors: Mark G. Sobell
BUY ON AMAZON
CompTIA Project+ Study Guide: Exam PK0-003
Beginning Cryptography with Java
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
Cisco CallManager Fundamentals (2nd Edition)
The Oracle Hackers Handbook: Hacking and Defending Oracle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy