Certification Objective 11.01-Understanding DNS: Zones, Domains, and Delegation

DNS, the Domain Name System, maintains a database that can help your computer translate domain names such as www.redhat.com to IP addresses such as 209.132.177.50. As no individual DNS server is large enough to keep a database for the entire Internet, each server is configured by default to refer requests to other DNS servers.

Basic Parameters

DNS on RHEL 5 is based on the named daemon, which is built on the BIND package developed through the Internet Software Consortium. (More information is available from the BIND home page at www.isc.org/products/BIND.) RHEL 5 includes BIND version 9.3. While this version of BIND supports the use of the /usr/sbin/rndc configuration interface, RHEL 5 still includes sample files based on the older /etc/ named.conf configuration file. However, you can use the rndc command to manage DNS operation, in the same way that you used apachectl to manage the Apache server.

Packages

If you're configuring your Linux computer solely as a DNS client, you can skip this section. The basic DNS client configuration files are automatically installed with even a minimal installation of RHEL 5.

On the other hand, if you're configuring your Linux computer as a DNS server, you'll need to install the packages associated with the DNS Name Server package group. You can do so with the package management tools described in Chapter 5. However, there are nine RPM packages associated with DNS:

• bind Includes the basic name server software, including /usr/sbin/named.

• bind-chroot Includes directories that isolate BIND in a so-called "chroot jail," which limits access if DNS is compromised.

• bind-devel Includes development libraries for BIND.

• bind-libbind-devel Contains the libbind BIND resolver library.

• bind-libs Adds library files used by the bind and bind-utils RPMs.

• bind-sdb Supports alternative databases, such as LDAP. Per the Red Hat Exam Prep guide and course outlines, I see no evidence that such relationships are covered on the Red Hat exams.

• bind-utils Contains tools such as dig and host that provide information about a specific Internet host. It should already be installed in any minimum installation of RHEL.

• caching-nameserver Includes files associated with a caching nameserver.

• system-config-bind A GUI configuration tool useful for adding host and reverse address lookup data. It's not officially a part of the DNS Name Server package group.

These tools are easy to install from any Red Hat network installation source that you may have created in Chapter 2. Different options and commands for installing RPMs from a remote installation source are described in Chapter 5.

A DNS Client

There are two client configuration files associated with DNS: /etc/hosts and /etc/ resolv.conf. They are fairly straightforward, as described in the next section.

When your computer looks for another computer on a TCP/IP network such as the Internet, it typically looks in two places: /etc/hosts and any DNS servers that you've set up for your network. The order is determined by a single line in /etc/ nsswitch.conf:

 hosts: files,dns 

When your computer searches for another computer, this line tells your computer to search first through the /etc/hosts database. The following line in my /etc/hosts drives a Web browser address to my local IP address:

 127.0.0.1   Enterprise5   localhost.localdomain   localhost 

While you could theoretically also configure every computer on the Internet in your /etc/hosts configuration file, it's not realistic. However, if your LAN is small, you could add the IP address and host name of each computer on your network on /etc/hosts. You could then duplicate this file on each computer on your LAN. Then you could use an external DNS server, provided by your ISP, for Internet access.

It's easy to configure a Linux computer as a DNS client. You may have already done so during the RHEL installation process. If you have a working DHCP server, it probably provided the settings you need as a DNS client. Alternatively, you can configure your computer as a DNS client with the Network Configuration utility described in Chapter 7. You can even configure your computer directly through your /etc/resolv.conf file. It's easy to do; the following version of this file lists two DNS servers on the Internet:

 nameserver 207.217.120.83 nameserver 207.217.126.81 

If you want to add or change the DNS servers for your computer, you can open this file directly in the text editor of your choice.

In the following section, you'll get a chance to learn about DNS nameserver configuration files from the ground up. Many of the lessons associated with a caching-only name server apply to slave and master DNS servers.