Hack 56 Running Your Own Top-Level Domain

Set up your own TLD in BIND for ease of navigation.

If you administer a network that uses private addressing, you've almost certainly encountered the disassociated schizophrenia of trying to maintain zone files that properly reflect internal and external IP addresses. With the introduction of Views in Bind 9, supporting multiple address ranges in a single domain has been significantly streamlined.

While using views is one way to attack the problem, consider the ease of setting up your own top-level domain. Normally, zone entries in named.conf look something like this:

zone "oreillynet.com" {         type master;         file "data/oreillynet.com"; };

This is an entry appropriate for an authoritative DNS server for the oreillynet.com subdomain. The actual top-level domains (i.e., .com, .net, .org, .int, etc.) are only delegated to the mysterious 13 known as the root DNS servers. Even though your servers won't be consulted by the rest of the Internet, it can be handy to set up your very own TLD that works only on your local network.

For example, suppose you have a group of machines that use the private 192.168.1.0/24 network. These machines aren't directly reachable from the Internet, and you don't really want to advertise their DNS information to would-be network crackers. Try a non-standard TLD:

zone "bp" {         type master;         file "data/bp";         allow-transfer { 192.168.1/24; };         allow-query { 192.168.1/24; }; };

The bp is short for BackPlane and, more to the point, the bp is just plain short. With the preceding code added to your zone file, set up a master record for bp just as you would any other domain:

$TTL 86400 @     IN SOA  ns.bp. root.homer.bp. (                 2002090100      ; Serial                 10800           ; Refresh after 3 hours                 3600            ; Retry after 1 hour                 604800          ; Expire (1 week)                 60              ; Negative expiry time                 )       IN NS           ns.bp. ns            IN A                 192.168.1.1 homer         IN A                 192.168.1.10 bart                IN A         192.168.1.11 lisa                IN A         192.168.1.12

Reload named, and you should be able to simply ping homer.bp. If you'd like other name servers to maintain slave copies of your TLD, just add them as usual:

zone "bp" {         type slave;         file "db.bp";         masters { 192.168.1.1; }; };

In this way, you can extend your new TLD across your entire private network architecture. If you're running tunnels over the Internet [Hack #54] to connect remote offices or friends, support for your TLD could theoretically grow to be as large as you like. This is exactly what some wireless community networks (like NoCatNet and SeattleWireless) are doing. For example, users on SeattleWireless can browse to http://www.rob.swn/ to hit a web server that I host on the wireless network. This shortcut of using a custom TLD saves a lot of typing, doesn't require Internet access to work, and is much easier than remembering IP addresses.