Example of name server configuration
To illustrate how all the components of the DNS server working together, we will setup an imaginary domain example.org. By default, configurations file of named daemon located in the directory /etc/namedb and should be modified, except situation when you need a simple resolver. To create a primary zone for the local host go to the directory /etc/namedb and run
# sh make-localhost
As result in the catalog master should be created files localhost.rev for local address area and localhost-v6.rev for IPv6 configuration. Links to these files already contained in the configuration file named.conf. Listing of localhost.rev is shown below:
; From: @(#)localhost.rev 5.1 (Berkeley) 6/30/90 ; $FreeBSD: src/etc/namedb/PROTO.localhost.rev,v 1.6 2000/01/10 15:31:40 peter Exp $ ; ; This file is automatically edited by the `make-localhost' script in ; the /etc/namedb directory. ; $TTL 3600 @ IN SOA test.example.org. root. test.example.org. ( 20070219; Serial 3600; Refresh 900; Retry 3600000; Expire 3600); Minimum IN NS test.example.org. 1 IN PTR localhost. example.org. As the listing shows, the server is configured on the machine with the name test, for the domain example.org. After that, we can begin to create the zone files. Consider the contents of the forward zone file zone.example.org.
@ 86400 IN SOA ns.example.org. root.example.org. ( 2003040501 28800 7200 604800 86400) IN NS 192.168.1.1 ns IN A 192.168.1.1 test IN A 192.168.1.1 localhost IN A 127.0.0.1 cmp1 IN A 192.168.1.2 cmp2 IN A 192.168.1.3 cmp3 IN A 192.168.1.4 cmp4 IN A 192.168.1.5 cmp5 IN A 192.168.1.6 cmp6 IN A 192.168.1.7 cmp7 IN A 192.168.1.8 cmp8 IN A 192.168.1.9
root@example.org – e-mail address of the person responsible for maintaining the DNS server. 2003040501 – serial number, 28800 – update rate (seconds), 7200 – repeated attempts to resolve (seconds), 604800 – expire (seconds), 86400 – Cache TTL (seconds). IN NS 192.168.1.1 – indicate IP-address of the name server cmp1 IN A 192.168.1.2 – resource record, used to translate host name to IP-address.
Consider the contents of the reverse zone file 1.168.192.rev.
$TTL 86400 @ 86400 IN SOA ns.example.org. root.example.org. ( 2003090501 28800 7200 604800 86400) IN NS ns.example.org. 1 IN PTR ns.example.org. 1 IN PTR test.example.org. 2 IN PTR cmp1.example.org. 3 IN PTR cmp2.example.org. 4 IN PTR cmp3.example.org. 5 IN PTR cmp4.example.org. 6 IN PTR cmp5.example.org. 7 IN PTR cmp6.example.org. 8 IN PTR cmp7.example.org. 9 IN PTR cmp8.example.org. Structure of the zone files have much in common with each other. In spite of this, the main difference is the use of a pointer PTR for reverse resolve IP-address of the computer in its symbolic name. Note that in the reverse zone file is specified only the last octet of the IP-address that uniquely identifies the host. So record 3 IN PTR cmp2.example.org. indicates that the name cmp2.example.org mapped address 192.168.1.3.
Now we define the path to the DNS database file in the configuration file named.conf:
// $FreeBSD: src/etc/namedb/named.conf,v 1.21.2.1 2005/09/10 08:27:27 dougb Exp $ // // Refer to the named.conf(5) and named(8) man pages, and the documentation // in /usr/share/doc/bind9 for more details. options { directory "/etc/namedb"; pid-file "/var/run/named/pid"; dump-file "/var/dump/named_dump.db"; statistics-file "/var/stats/named.stats"; // If named is being used only as a local resolver, this is a safe default. // For named to be accessible to the network, comment this option, specify // the proper IP address, or delete this option. listen-on { 192.168.1.1; }; // If you have IPv6 enabled on this system, uncomment this option for // use as a local resolver. To give access to the network, specify // an IPv6 address, or the keyword "any". // listen-on-v6 {::1; }; // In addition to the "forwarders" clause, you can force your name // server to never initiate queries of its own, but always ask its // forwarders only, by enabling the following line: // // forward only; // If you've got a DNS server around at your upstream provider, enter // its IP address here, and enable the line below. This will make you // benefit from its cache, thus reduce overall DNS traffic in the Internet. /* forwarders { 195.5.27.1; }; */ /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND versions 8 and later * use a pseudo-random unprivileged UDP port by default. */ // query-source address * port 53; }; zone "." { type hint; file "named.root"; }; zone "0.0.127.IN-ADDR.ARPA" { type master; file "master/localhost.rev"; }; // RFC 3152 zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" { type master; file "master/localhost-v6.rev"; }; zone "example.org" { type master; file "master/zone.example.org"; }; zone "0.168.192.in-addr.arpa" { type master; file "master/1.168.192.rev"; };
Refer to the list is of named.conf, all files that support DNS server configure, stored in the directory /etc/namedb. Dump files stores in /var/dump/named_dump.db. DNS-server 195.5.27.1 is used as forwarder. Also note that the root file pointers named.root remained unchanged during we was configuring DNS server. Now we can start the name server. For a single start of daemon in this configuration, use the command:
# /etc/rc.d/named forcestart
For starting named daemon during system boot put in /etc/rc.conf file the following line:
named_enable="YES"
The efficiency of the name server can be verified with the utility nslookup.
3. KEY QUESTIONS
3.1 Explain the function of Domain Name Service. 3.2 What are the components of BIND server? 3.3 Which utility is used to control the server BIND? 3.4 What is the difference between authoritative and caching name servers? 3.5 What files are needed to configure an authoritative name server? 3.6 List the direction use in zone files. Explain their purpose. 3.7 List the main types of RR-records, explain each of them. 3.8 How the named daemon can be started during system boot? 4. HOME WORK 4.1 Learn the key points. 4.2 Prepare the answers to key questions.
5. LAB
5.1 Configuring name server does for the domain student_surname.org. 5.2 Create zone files for local host. 5.3 Using example create your own forward zone file in your home catalog /home/studentXX/. then copy it to the directory, /etc/named/master/ with an appropriate name. 5.4 Using example create your own reverse zone file in your home catalog /home/studentXX/. then copy it to the directory, /etc/named/master/ with an appropriate name. 5.5 Specify links for those files in the configuration file named.conf. Besides this, edit the other parameters necessary for operation of name server. Use PC with ip-address 192.168.0.145 as forwarder. 5.6 Start BIND server using rndc utility. 5.7 Verify the efficiency of DNS server using nslookup utility.
6. REQUIREMENTS FOR THE PROTOCOL 6.1 Name of laboratory work. 6.2 Objective of the work. 6.3 Results of the home work. 6.4 Brief description of the work has been doing. 6.5 The conclusions. 6.6 Date, signature of the student, teacher’s visa.
|