DNS server

From CLONWiki
Revision as of 19:47, 1 September 2007 by Boiarino (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
===================== from web =========================

DNS Configuration

DNS allows systems to look up host names, both within the private network and across the Internet. There are other ways of doing this, for example you could just run identical hosts files on all your machines. But somehow, this is more fun. In addition, Windows 95 machines examine their hosts databases in an odd order which makes using host tables difficult; the win95netbug FAQ rovides information on this, as well as help on how to reconfigure win95 to reorder the lookup order.[24]

You can set up the DNS server on any Unix system. The standard Solaris 2.6 install comes with BIND 4.9.x, suitably altered to deal with the additional Solaris naming systems. However, 4.9.x seems to do a great deal of maintenance work at fairly random times. This is fine if you have a permanent connection, but not so fine with a dialup. As a result, I have got BIND 8.2 from the Internet Software Consortium and installed that instead.[12]

As a result, I'm going to talk about BIND 8.2 here. The version of BIND which comes with Solaris 2.5.1 seems a lot more dialup friendly. So, if you are using an older version of Solaris, you can probably stay with the supplied version; the boot files are considerably different, however, so you will need to examine the documentation.

Compiling BIND 8.2

Compiling BIND 8.2 is fairly straightforward. However, before compiling, you will need to apply any patches to the supplied source code. The command patch < patch1 will apply the patch.

To configure the Makefiles, use make depend from the src directory. To make the programs, use make To install, first remove the .settings file and then use make install Installation goes into directories under /usr/local

The source code for BIND does not come with any manual pages. A separate documentation download contains man pages. The install Makefile for the man pages, however, expects a BSD-style install and, therefore, you will need to put /usr/ucb at the start of your PATH environment variable if you want a painless install. You may also need to modify the Makefile to remove pre-formatted man pages.


DNS Server Configuration

To configure the DNS server, you need to set up a number of (text) database files. The DNS server daemon (called named) first consults a boot file. This boot file tells the daemon to consult a series of further database files which gives it enough information to start serving names.

Choosing a Domain

Before setting up your DNS server, you will need to choose a domain name. Since nobody, except you, will accept your domain as a genuine domain (we hope) you have a reasonable amount of latitude over what domain names you can pick.

Since I work for AFS, I have decided to call my domain canberra.afs.net.au I am pretty certain that nobody else is going to use that name.

You'll have to decide what domain name to pick. As a suggestion, if you are connecting to ORAC, then a domain of whimsical-name.orac.net.au might be a good idea. On the other hand, I haven't consulted ORAC about this, so it might not.

For the purposes of example, I an going to use the domain name flibble.orac.net.au


The Boot File

The boot file is consulted by named to on startup, so that initial options and data can be loaded. A sample /usr/local/etc/named.conf file for a server is shown in figure 2.

Figure 2: Sample named.conf File for BIND

  1. Boot file for server solaris, primary server
  2. for flibble.orac.net.au.

options {

   directory "/var/named";
   forwarders {
       299.18.99.151;
       299.8.183.1;
   };
   forward first;
   dialup yes;
   heartbeat-interval 1440;

};

zone "." {

   type hint;
   file "named.ca";

};

zone "flibble.orac.net.au." {

   type master;
   file "private.hosts";

};

zone "3.5.10.in-addr.arpa." {

   type master;
   file "private.rev";

};

zone "0.0.127.in-addr.arpa." {

   type master;
   file "private.local";

};



The meaning of the lines in this file are:

directory

   The directory in which the database files will be found. The /var/named directory is traditional, although inexplicable, since configuration files usually go under pathname/etc

forwarders

   A list of IP addresses to forward queries to. This saves us from doing all the work of working down the domain tree when finding a domain. You can set your forwarders to the name servers supplied by your ISP.

forward

   The forwarding behaviour. Queries are first forwarded to the addresses listed in forwarders. Only if no forwarding server responds will this server do its own work. Setting this option to only means that this server never does its own search.

dialup

   Indicate that this is a dialup machine and that, therefore, maintenance work should be grouped together rather than done at any old time. This option is the main reason for my installing BIND 8.2.

heartbeat-interval

   The interval (in minutes) between performing maintenance activities. This option is set, by default, to 60 minutes. Setting it to 1440 minutes means than maintenance is done once a day.

zone

   Data about a particular domain. The string in double quotes give the domain name, with . being the top-level, root domain. The name server is to be the master server for the domain flibble.orac.net.au (name to IP-address) and the networks 10.5.3 and 127.0.0 (IP-Address to name).

type

   The type of domain data. hint means that the data is there so that the top-level domain servers can be found. master means that this is the master server for this domain.

file

   The file to read the name server data from. These files are discussed below. 

The /var/named/named.ca File

The server, when it is doing its own work, rather than forwarding, needs a start point for searching for domains. This file contains the IP addresses of the servers for the root domain name servers. The base version of this file is shown in figure 3. The first section of this file states that the name servers (NS) for the root domain (.) are the ones listed. The second section says, for each name server, what its IP-address (A) is. The numbers (518400 and 3600000) give the time-outs in seconds for these entries; these figures should be large enough for the time out not to be a problem.

Once you have this file, it's a good idea to pick up the most current official version at ftp://rs.internic.net/domain/named.root.

Figure 3: Initial named.ca Cache File for BIND

Initial cache data for named servers
Servers

. 518400 IN NS D.ROOT-SERVERS.NET. . 518400 IN NS E.ROOT-SERVERS.NET. . 518400 IN NS I.ROOT-SERVERS.NET. . 518400 IN NS F.ROOT-SERVERS.NET. . 518400 IN NS G.ROOT-SERVERS.NET. . 518400 IN NS A.ROOT-SERVERS.NET. . 518400 IN NS H.ROOT-SERVERS.NET. . 518400 IN NS B.ROOT-SERVERS.NET. . 518400 IN NS C.ROOT-SERVERS.NET.

Addresses

D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90 E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10 I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17 F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241 G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4 A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4 H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53 B.ROOT-SERVERS.NET. 3600000 IN A 128.9.0.107 C.ROOT-SERVERS.NET. 3600000 IN A 102.33.4.12



The /var/named/private.hosts file

This file contains the IP addresses of the private network. A sample private.hosts file is shown in figure 4.

Figure 4: Sample private.hosts File for BIND

Hosts file for domain flibble.orac.net.au.
name ttl class type data
Source of authority

@ IN SOA solaris.flibble.orac.net.au. root.solaris.flibble.orac.net.au. (

               2000050201    ; Serial
               10800    ; Refresh - 3 hours
               3600    ; Retry - 1 hour
               432000    ; Expire - 1 week
               86400)    ; Minimum - 1 day
        IN    NS    solaris.flibble.orac.net.au.
Machines for the flibble.orac.net.au domain
name ttl class type data

localhost IN A 127.0.0.1 solaris IN A 10.5.3.1 win95 IN A 10.5.3.21 linux IN A 10.5.3.22

Aliases

mail IN CNAME solaris www IN CNAME solaris

Domain mailing addresses

flibble.orac.net.au. IN MX 10 solaris.flibble.orac.net.au. flibble.orac.net.au. IN A 10.5.3.1



Some explanation of the various codes is probably in order:

@

   Domain. This is a short-hand for the domain given by the named.conf file (flibble.orac.net.au in this case).

IN

   Internet. Indicates that we are talking about the Internet class of records. Supposedly, there are other possible classes here.

SOA

   Source of Authority. This entry contains information on which machine is the primary name server for information about this domain (solaris.flibble.orac.net.au in this case) and who to contact in the case of trouble (root.solaris.flibble.orac.net.au). The serial number is used to indicate where changes have occurred. The other numbers give the time to expiry of the information broadcast by this name server.
   The serial numbers need to increase with each version of the file. A fairly common practice is to use YYYYMMDDVV with the year, month and day being the date of update and VV being the version number within the day. In the past, serial numbers of the form 1.2 were common, but this is now deprecated.

NS

   Name Server. This line indicates that solaris.flibble.orac.net.au is the name server for this domain.

A

   Address. These lines give the IP addresses of the various hosts.

CNAME

   Canonical Name. These lines give canonical names (aliases) for various common names. These names are not strictly needed, but redirect requests to www.flibble.orac.net.au etc. to solaris.flibble.orac.net.au

MX

   Mail Exchange This line gives the system to which mail addressed to user@flibble.orac.net.au should be sent to (solaris in this case). 

The /var/named/private.rev file

This file allows ``reverse lookup. With this file, a system can get the name of a host from its IP address. A sample private.rev file is shown in figure 5. The PTR code allows an IP address. The 10.5.3. part of the address is derived from the entry in the named.conf file (see section 3.4.2).

Figure 5: Sample private.rev File for DNS

Reverse address file for domain flibble.orac.net.au
name ttl class type data
Source of authority

@ IN SOA solaris.flibble.orac.net.au. root.solaris.flibble.orac.net.au. (

               2000050201    ; Serial
               10800    ; Refresh - 3 hours
               3600    ; Retry - 1 hour
               432000    ; Expire - 1 week
               86400)    ; Minimum - 1 day
       IN    NS    solaris.flibble.orac.net.au.
Machines names
name ttl class type data

1 IN PTR solaris.flibble.orac.net.au. 21 IN PTR win95.flibble.orac.net.au. 22 IN PTR linux.flibble.orac.net.au.



The /var/named/private.local file

This file allows reverse lookup for the localhost address. This file is not strictly necessary. A sample private.local file is shown in figure 6.

Figure 6: Sample private.local File for DNS

Reverse address file for localhost
name ttl class type data
Source of authority

@ IN SOA solaris.flibble.orac.net.au. root.solaris.flibble.orac.net.au. (

               2000050201    ; Serial
               10800    ; Refresh - 3 hours
               3600    ; Retry - 1 hour
               432000    ; Expire - 1 week
               86400)    ; Minimum - 1 day
       IN    NS    solaris.flibble.orac.net.au.
Machines names
name ttl class type data

1 IN PTR localhost.



Starting the named Daemon

Once you have the files for named set up, you can start the /usr/local/sbin/named daemon. This daemon will read the /usr/local/etc/named.conf file for its configuration.

You will probably want to make the named daemon start up during startup. To do this, modify the /etc/init.d/inetsvc file so that the lines which read


if [ -f /usr/sbin/in.named -a -f /etc/named.boot ]; then

   /usr/sbin/in.named;     echo "starting internet domain name server."

fi


now read


if [ -f /usr/local/sbin/named -a -f /usr/local/etc/named.conf ]; then

   /usr/local/sbin/named; echo "starting ISC internet domain name server."

elif [ -f /usr/sbin/in.named -a -f /etc/named.boot ]; then

   /usr/sbin/in.named;     echo "starting Solaris internet domain name server."

fi


If you have installed named in an automounted local directory, you may need to delay the starting of the daemon somewhat, until the automounter is running.

DNS Client Configuration

Once you have set up the DNS server, you will need to configure each system to use the name server.


Configuring Solaris Clients

To configure a Solaris client properly you will need to edit the /etc/nsswitch.conf so that the DNS server is consulted. Modify the hosts line in so that it reads:


hosts: files dns


This line means that the Solaris system will first look up a name in the /etc/hosts file (see section 3.3.1). If the name isn't there, then DNS will be used.

You will also have to set up the /etc/resolv.conf file so that the correct name servers are consulted. A sample resolver file is:


Resolver for domain flibble.orac.net.au.

domain flibble.orac.net.au nameserver 10.5.3.1 nameserver 203.30.77.33


The entries in this file are pretty self-evident. The name servers are tried in order, so if the local name server is down, the ORAC name server will be tried instead.

The last thing you need to do is set the local domain name. You probably do not have to do this, but neatness demands it. The two commands you need are domainname flibble.orac.net.au and domainname > /etc/defaultdomain where flibble.orac.net.au is replaced by your chosen domain name.

Disabling nscd Cache Refreshes

Solaris 2.6 comes with a name caching daemon, nscd This daemon keeps a cache of recent name queries to allow a more speedy response to common queries.

nscd is all very nice. But, in it's default configuration, it refreshes the queries in it's cache every hour or so. If you have a dial-out connection, this means that every hour, your line will come up to re-query any names that are in the cache; not a good thing.

To disable the refresh, alter /etc/nscd.conf so that the line reading keep-hot-count hosts 20 now reads keep-hot-count hosts 0 Then make the nscd daemon re-read it's configuration file by sending it a HUP signal.

Configuring Linux Clients

Configuring Linux DNS clients is similar to configuring Solaris clients as described above, in section 3.4.3, except that you do not have to configure the /etc/nsswitch.conf file and you only need to configure the domain name if you have NIS installed.


Configuring Windows 95 Clients

To configure DNS for Windows 95, you need to open the Network section of the Control Panel and choose the TCP/IP properties. For the example network, we have:

Tab Field Value DNS Configuration Enable DNS

 	Host 	win95
 	Domain 	flibble.orac.net.au
 	Add 	10.5.3.1
 	Add 	203.30.77.33

Testing the DNS Configuration

Once you have the DNS configuration working, you will probably want to test it. The basic tool for testing the server configuration is /usr/local/sbin/nslookup This tool allows you to interrogate the name server and see how it responds to various questions.

Testing the Server

The DNS daemon can be made to provide debugging information by sending it a USR1 signal, via kill. The daemon will start tracing its behaviour by writing records into the file /var/named/named.run Sending the daemon a USR2 signal turns off debugging.

The daemon can be made to dump it's current state into the file /var/named/named_dump.db by sending it a INT signal.

Testing the clients

For Unix systems, using nslookup to test client behaviour is obvious. Windows 95 does not have a suitable testing package. I used WS_Ping to test my setup.[25] WS_Ping is not freeware.

====