DNS and BIND Talk Notes

These are the notes used by Brian Murphy when he gave his DNS and BIND talk at the Sept. 17, 2000 TFUG meeting.


What is DNS?

DNS is a distributed database of host information

Distributed because all of the data is not on 1
host.  We'll see more of this later.

What is BIND?

BIND = Berkeley Internet Name Domain software

BIND is an implementation of a DNS server

Each unit of data in DNS is indexed by a name.

The names are essentially paths in a large tree

(show tree)

The structure of the DNS is very similar to the
structure of the UNIX filesystem

Each intersection in the tree is called a node

The top node is called the root domain

each node is labeled with a simple name
([A-Za-z0-9-] 64 chars long)

the root domain is NULL; so, the domain looks
like it ends in a dot

the domain name is the path from the parent to the

the Fully Qualified Domain Name (FQDN) is the node
name and the domain name joined together (with a

A domain is a subtree of the domain name space

The terms domain and subdomain are interchangeable.
Subdomain is typically a term relative to domain
and refers to a domain contained within full domain

Levels refer to the position of a node in the tree

top-level = first-level = a child domain of the
root (i.e. org.)

second-level = a child of the first level
(i.e. tfug.org.)

The data associated with a domain name is called a
Resource Record (RR).  A RR basically maps to a
line in a db file (which we'll get to later)

A zone is some part of the domain name space.

A nameserver that has complete info for that zone
is said to be an authority for that zone.

The difference between a domain and zone is subtle.
A zone contains the domain names and data that a
domain contains *except* for the domain names and
data that are delegated elsewhere.

Delegations means making someone else responsible
for the subdomain.  This delegation property is why
DNS is often called a distributed database.

For example, the arizona.edu domain has
CCIT.arizona.edu, U.arizona.edu, and telcom.arizona.edu
as subdomains.  Authority for CCIT and U have been
delegated to CCIT's local nameserver, and thus are
not in the arizona.edu zone.  telcom however is not
delegated, hence telcom.arizona.edu is part of the
arizona.edu zone.

Stub resolver vs. Full resolver
a stub resolver only knows how to issue recursive
queries and get answers back.  a full resolver can
issue recursive and iterative queries.

recursive vs. iterative queries
An iterative query asks a nameserver what it knows,
a recursive query asks to resolver to find out the
most it can.

(Describe how a query works)

A full nameserver finds out answers to requests by
issuing iterative queries starting at the domain
root and takes referals until it gets an answer.

i.e. www.tfug.org.
HOST asks NS for answer
if NS is master or has answer cached, answer HOST
if not, NS asks . NS (a.root-servers.net.;found from named.ca) for www.tfug.org.
a.root-servers.net. returns referal for .org NS (f.root-servers.net.)
NS asks f.root-servers.net. for www.tfug.org.
f.root-servers.net. returns referal for tfug.org. NS (ns1.azstarnet.com.)
NS asks ns1.azstarnet.com. for www.tfug.org.
ns1.azstarnet.com is an authority for www.tfug.org. and returns the data to NS
NS answers HOST

(Show how to setup a nameserver)
install BIND (see www.isc.org)
(on RH systems, install caching-nameserver package for an initial named.conf and . cache db)
make the named.conf
put the cache file in the right place
start named (ndc start)
check syslog to see if it worked (tail /var/log/messages)

(show how to add a zone)
(1 - add zone statement to named.conf
 2 - create new zone db file)
(hint, copy an existing db file)

(show how to delegate a zone)
(Just add an NS record that points at a subdomain)


Q: What is a lame server?
A: A server that is not answering as an authority for a zone when it should be.

Q: Can I use a CNAME in the db file where it expects a hostname (i.e. NS records)
A: No.  Things will not work and you'll have a hard time figuring out why.

Q: What is the minimum setup needed for a simple caching only nameserver?
A: the "." hintzone in named.conf and the . cache db file.  The file is made
available by InterNIC at ftp://ftp.rs.internic.net/domain/named.root.

Q: A kill -HUP or ndc reload doesn't clear the nameserver cache
A: Cache is only cleared by killing and restarting named

Here is a sample db file:

; /etc/named.conf snippet:
; zone "example.com" {
;	type master;
;	file "db.example";
; };
; Sample zone that uses ns1.example.com as the SOA.
; root@example.com is the hostmaster for the zone
; Other nameservers will cache our answers for 1 day (our TTL)
; ns1 and ns2.example.com are the authoritative nameservers
; example.com has as an assigned IP address.
;	domains don't need an A record to be valid
; TXT and HINFO records are informative and completely optional
; email to user@example.com, user@www.example.com, and user@shell.example.com
;	goes to mail.example.com.  (Sendmail on mail.example.com needs to have
;	Cwexample.com, Cwwww.example.com, and Cwshell.example.com in its
;	sendmail.cf file for this to be work (aka Host Aliases))
; its perfectly okay to have multiple A records with the same IP address

$TTL 1d
example.com.	IN	SOA ns1.example.com. root.example.com.  (
                                      2000091600 ; Serial
                                      3h         ; Refresh
                                      1h         ; Retry
                                      7d         ; Expire
                                      1d )       ; Minimum TTL
		IN      NS      ns1.example.com.
		IN      NS      ns2.example.com.

		IN	A
		IN	MX	10 mail.example.com.
		IN	HINFO	"Pentium" "Linux"
		IN	TXT	"My example DNS zone"
www		IN	CNAME	example.com.
shell		IN	A
		IN	MX	10 mail.example.com.
mail		IN	A
pop		IN	A
		IN	TXT	"POP mail server"
ns1		IN	A
ns2		IN	A

Last updated: 09.19.00
Email: tfug-web@azstarnet.com