Red Hat Linux 7 Unleashed | Configuring DNS Server Master Zones | InformIT

Page 1 of 4

Account Sign In

View Your Cart

the trusted technology learning source

Topics

Store
Red Hat Linux 7 Unleashed
By William Ball

Authors

Safari Books Online

Imprints

Explore

Configuring DNS Server Master Zones

As mentioned earlier, DNS comes in three flavors: Master (also called primary)

Table of Contents Copyright About the Lead Authors About the Contributing Authors Acknowledgments Tell Us What You Think! Introduction I. Red Hat Linux Installation and User Services Chapter 1. Introduction to Red Hat Linux Chapter 2. Installation of Your Red Hat System Chapter 3. LILO and Other Boot Managers Chapter 4. Configuring the X Window System, Version 11 Chapter 5. Window Managers Chapter 6. Connecting to the Internet Chapter 7. IRC, ICQ, and Chat Clients Chapter 8. Using Multimedia and Graphics Clients

Slave (also called secondary) Caching-only We discussed creating a caching-only server earlier in the chapter. Caching-only servers cannot answer queries, but can only pass those queries on to other servers with master or slave zones that are authoritative over the domain in question. However, all DNS servers should be configured to perform caching functions. Now let's turn our attention to adding DNS server master zones. A DNS server master zone can answer queries about its domain without querying other servers, because its data resides on the local hard disk. A DNS server master zone is considered to have the most up-to-date records for all the hosts in that domain.

Adding Local Domain Resolution

Earlier in the chapter you created a caching-only DNS residing on the hypothetical host mainserv at address 192.168.100.1 in domain domain.cxm. Assume that this same subnet has host mydesk at 192.168.100.2. It's an easy task to add local domain resolution, using master zones. Here is the basic procedure: 1. Add master zone domain.cxm to named.conf, pointing to zone data file named.domain.cxm. 2. Add master zone 100.168.192-in-addr.arpa to named.conf, pointing to zone data file named.192.168.100. 3. Create zone data file named.domain.cxm, resolving both hosts, sendmail and www. 4. Create reverse zone data file named.192.168.100, resolving both IP addresses. 5. Restart named. 6. Test and troubleshoot. NOTE Anytime you modify a zone data file, you must be sure to increment that file's serial number. The serial number is the first number after the first opening parenthesis and is usually expressed as yyyymmdd## to give you 100 chances per day to increase it. Never use a serial number greater than 2147483647, because it will overflow the 32-bit internal representation of the serial number.

II. Configuring Services Chapter 9. System Startup and Shutdown Chapter 10. SMTP and Protocols Chapter 11. FTP Chapter 12. Apache Server

This would produce a very hard-to-find bug, as your secondaries get bogus serials and won't update as needed. Fortunately, this will no longer be an issue by the year 2147 because compilers and operating systems will accommodate much bigger numbers than 32 bits. Obviously, serial numbers must never be more than 10 digits and must never include non-numerics. Failure to increment it will result in various slave and cache DNS servers failing to pick up your modifications. It must be incremented, not changed to a lesser value. When you're creating a brand new zone data file, the best practice is to set its serial number to the present date, revision 0. For

Chapter 13. Internet News Chapter 14. Domain Name Service and Dynamic Host Configuration Protocol A Brief History of the Internet A Word About This Chapter's Examples Important DNS Facts and Concepts DNS Server Configuration Files

instance, if you create it on February 21, 2002, the serial number for the new file should be 2002022100.

Add Zone domain.cxm to named.conf

Add the following code to /etc/named.conf: zone "domain.cxm" { type master; file "named.domain.cxm"; }; #DNS for all host this domain #file on this host #dns file for domain

This says to refer any name or FQDN in domain domain.cxm to the data in named.domain.cxm, which, due to the type master; statement, is input to the DNS server, not output from it and not an intermediate file. Note that the text to the right of the pound signs (#) are comments. Next, create file named.domain.cxm.

Add Master Zone 100.168.192-in-addr.arpa to named.conf

Add the following code to /etc/named.conf:

http://www.informit.com/library/content.aspx?b=red_hat_linux7&seqNum=129

1/27/2013

Red Hat Linux 7 Unleashed | Configuring DNS Server Master Zones | InformIT

Page 2 of 4

Configuring resolv.conf with linuxconf A Trivial Caching DNS Configuring DNS Server Master Zones Delegating Authority Adding a Slave DNS Server Troubleshooting DNS DNS Resources Automatically Configuring Clients with DHCP Summary Chapter 15. NIS: Network Information Service Chapter 16. NFS: Network Filesystem Chapter 17. Samba III. System Administration and Management Chapter 18. Linux Filesystems, Disks, and Other Devices Chapter 19. Printing with Linux Chapter 20. TCP/IP Network Management Chapter 21. Linux System Administration Chapter 22. Backup and Restore Chapter 23. System Security IV. Red Hat Development and Productivity Chapter 24. Linux C/C++ Programming Tools Chapter 25. Shell Scripting Chapter 26. Automating Tasks Chapter 27. Configuring and Building Kernels Chapter 28. Emulators, Tools, and Window Clients V. Appendixes A. The Linux Documentation Project B. Top Linux Commands and Utilities C. The GNU General Public License D. Red Hat Linux RPM Package Listings It could take a few minutes for this command to finish. Once it finishes, test it. First, try accessing the machine with telnet and make sure you get the login: prompt within a second or two. If telnet hangs, investigate your reverse DNS zones and reverse DNS zone data files. Next, try running the following commands: In the preceding, the @ at the start stands for what was called from /etc/named.conf, in this case 100.168.192.in-addr.arpa. The 1 and 2 in the name field at the bottom are prepended to that, so the full reverse domains are 1.100.168.192.in-addr.arpa, which resolves to mainserv.domain.cxm, and 2.100.168.192.in-addr.arpa, which resolves to mydesk.domain.cxm. 1 2 IN IN PTR PTR mainserv.domain.cxm. mydesk.domain.cxm. IN NS Nameserver mainserv.domain.cxm has authority over zone @, which, via the zone call in named.conf, is set to domain.cxm. The information between the parentheses contains timing details explained earlier in this chapter. A single nameserver (NS) for @ (domain.cxm) is at mainserv. mainserv handles the mail (MX) for domain.cxm. The mainserv and mydesk hosts in domain.cxm have addresses 192.168.100.1 and 192.168.100.2, respectively. Alias www refers to mainserv, which by a previous line is set to 192.168.100.1. The IN NS and IN MX statements have no name identifier in column 1. An IN item lacking a name identifier defaults to the name identifier of the last statement possessing an identifier, which in this case is the top line. The preceding zone data file is built for simplicity. Real-life servers have an ns IN A 192.168.100.1 type line so they can call the nameserver ns in all files. That way, if the nameserver is changed from mainserv to mydesk, the only required change in any file is the ns IN A line. Real-life zones also have at least two IN NS lines, so if one nameserver goes down, the other one picks up the slack. Note that syntax is important, especially because zone data file syntax is different from boot file syntax. All name identifiers must be in column 1. All periods (.) are vital because a name ending in a period is considered absolute, while a name not ending in a period is considered relative to the @ symbol, which is substituted by the domain from the named.conf zone record. mainserv mydesk www IN IN IN IN IN zone "100.168.192.in-addr.arpa" { type master; file "named.192.168.100"; }; #DNS for all IP's in subnet #file on this host #DNS file for this subnet

The preceding says to refer any IP address in the 192.168.100 subnet to the data in named.192.168.100, which resides in /var/named as specified by directory clause in the options statement of /etc/named.conf. See Listing 14.1 in the section DNS Server Configuration Files earlier in this chapter.

Create Zone Data File named.domain.cxm

Create the following /var/named/named.domain.cxm: @ IN SOA mainserv.domain.cxm. hostmaster.domain.cxm. 2000072001 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum NS MX 10 A A CNAME mainserv mainserv 192.168.100.1 192.168.100.2 mainserv (

Create Reverse Zone Data File named.192.168.100

Create the following named.192.168.100: @ IN SOA mainserv.domain.cxm. hostmaster.domain.cxm. ( 2000072001 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum mainserv.domain.cxm.

Restart named, and then Test and Troubleshoot

Restart with this command: # /etc/rc.d/init.d/named restart

http://www.informit.com/library/content.aspx?b=red_hat_linux7&seqNum=129

1/27/2013

Red Hat Linux 7 Unleashed | Configuring DNS Server Master Zones | InformIT

Page 3 of 4

ping 192.168.100.1 ping 192.168.100.2 Do each ping from each server. If any IP ping fails, there's a network connectivity problem that must be solved before you attempt to activate DNS. Once connectivity is proved, do the following: ping ping ping ping ping NOTE If the fully qualified domain names (that is, mydesk.domain.cxm) succeed but the server names (that is, mainserv) fail, check to make sure you have the proper search statement in /etc/resolv.conf. It's the search domain.cxm line that enables resolution of the hostname alone. If the preceding ping commands succeed, it confirms a working DNS. If not, troubleshoot (covered later in this section). The following nslookup commands add further confirmation if they succeed, don't hang, and deliver the right IP address: nslookup nslookup nslookup nslookup nslookup nslookup nslookup mainserv mydesk mainserv.domain.cxm. mydesk.domain.cxm. www.domain.cxm. 192.168.100.1 192.168.100.2 mainserv mydesk mainserv.domain.cxm. mydesk.domain.cxm. www.domain.cxm.

Each command should quickly deliver the expected results. If you have sendmail up and running, test the IN MX statements with email operations. Troubleshooting is essentially the process of elimination. Try to determine whether it's the forward or reverse lookup that is giving you problems. Try to narrow it down to a single domain, server, or IP. Use ping to make sure you have network connectivity.

Adding Virtual Domain Resolution

Not all IP addresses denote actual hardware. Some are alias addresses intended to represent Web sites. These Web sites are sometimes granted individual alias IP addresses. Here are the steps to add a virtual domain (in the existing subnet): 1. Create the zone in named.conf. 2. Create a new zone data file. 3. Add an IN PTR line to the existing reverse DNS file for the subnet. 4. Restart named. In the following example, add domain vdomain.cxm at IP address 192.168.100.101. This IP address is created by the following command: # /sbin/ifconfig eth0:0 192.168.100.101 netmask 255.255.255.0

This IP is made into a virtual host Web site in /etc/httpd/conf/httpd.conf, so all it needs is a domain name. Assuming you want to give 192.168.100.101 the name vdomain.cxm, add the following zone to named.conf: zone "vdomain.cxm" { type master; file "named.vdomain.cxm"; }; #DNS for virtual domain #file is on this host #dns file for domain

As you can see, the zone data file is named.vdomain.cxm. Create that file as follows: @ IN SOA mainserv.domain.cxm. hostmaster.domain.cxm. 2000072001 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum IN @ www IN IN NS A CNAME mainserv.domain.cxm. 192.168.100.101 @ (

http://www.informit.com/library/content.aspx?b=red_hat_linux7&seqNum=129

1/27/2013

Red Hat Linux 7 Unleashed | Configuring DNS Server Master Zones | InformIT

Page 4 of 4

Read the preceding as follows: mainserv.domain.cxm has authority over @ (vdomain.cxm). The nameserver for @ is mainserv.domain.cxm, and vdomain.cxm (@) has the address 192.168.100.101, as does http://www.vdomain.cxm. The reason both vdomain.cxm and http://www.vdomain.cxm are resolved is so they can be accessed as http://vdomain.cxm or http://www.vdomain.cxm. Now add the reverse DNS for the virtual domain with this line in named.192.168.100: 001 101 002 NOTE The preceding example placed the virtual domain in the host's subnet. It can be in a different subnet (and often is). In that case, a new reverse DNS zone data file must be set up for the additional subnet, and several routing and forwarding steps must be taken so the different subnet is visible to browsers around the world. Once again, test your work with nslookup and any other DNS diagnostic tools you might be using. Previous Section Delegating Authority | Next Section Share This IN PTR vdomain.cxm.

About

Affiliates

Contact Us

Jobs

Legal Notice

Privacy Policy

Press

Promotions

Site Map

Write for Us

2013 Pearson Education, Informit. All rights reserved. 800 East 96th Street, Indianapolis, Indiana 46240

http://www.informit.com/library/content.aspx?b=red_hat_linux7&seqNum=129

1/27/2013