These are the notes used by Brian Murphy when he gave his DNS and BIND talk at the Sept. 17, 2000 TFUG meeting.
************ DNS and BIND ************ What is DNS? DNS is a distributed database of host information Distributed because all of the data is not on 1 host. We'll see more of this later. What is BIND? BIND = Berkeley Internet Name Domain software BIND is an implementation of a DNS server Each unit of data in DNS is indexed by a name. The names are essentially paths in a large tree (show tree)
The structure of the DNS is very similar to the structure of the UNIX filesystem
Each intersection in the tree is called a node The top node is called the root domain each node is labeled with a simple name ([A-Za-z0-9-] 64 chars long) the root domain is NULL; so, the domain looks like it ends in a dot the domain name is the path from the parent to the root the Fully Qualified Domain Name (FQDN) is the node name and the domain name joined together (with a dot) A domain is a subtree of the domain name space The terms domain and subdomain are interchangeable. Subdomain is typically a term relative to domain and refers to a domain contained within full domain Levels refer to the position of a node in the tree top-level = first-level = a child domain of the root (i.e. org.) second-level = a child of the first level (i.e. tfug.org.) The data associated with a domain name is called a Resource Record (RR). A RR basically maps to a line in a db file (which we'll get to later) A zone is some part of the domain name space. A nameserver that has complete info for that zone is said to be an authority for that zone. The difference between a domain and zone is subtle. A zone contains the domain names and data that a domain contains *except* for the domain names and data that are delegated elsewhere. Delegations means making someone else responsible for the subdomain. This delegation property is why DNS is often called a distributed database. For example, the arizona.edu domain has CCIT.arizona.edu, U.arizona.edu, and telcom.arizona.edu as subdomains. Authority for CCIT and U have been delegated to CCIT's local nameserver, and thus are not in the arizona.edu zone. telcom however is not delegated, hence telcom.arizona.edu is part of the arizona.edu zone. Stub resolver vs. Full resolver a stub resolver only knows how to issue recursive queries and get answers back. a full resolver can issue recursive and iterative queries. recursive vs. iterative queries An iterative query asks a nameserver what it knows, a recursive query asks to resolver to find out the most it can. (Describe how a query works) A full nameserver finds out answers to requests by issuing iterative queries starting at the domain root and takes referals until it gets an answer. i.e. www.tfug.org. HOST asks NS for answer if NS is master or has answer cached, answer HOST if not, NS asks . NS (a.root-servers.net.;found from named.ca) for www.tfug.org. a.root-servers.net. returns referal for .org NS (f.root-servers.net.) NS asks f.root-servers.net. for www.tfug.org. f.root-servers.net. returns referal for tfug.org. NS (ns1.azstarnet.com.) NS asks ns1.azstarnet.com. for www.tfug.org. ns1.azstarnet.com is an authority for www.tfug.org. and returns the data to NS NS answers HOST (Show how to setup a nameserver) install BIND (see www.isc.org) (on RH systems, install caching-nameserver package for an initial named.conf and . cache db) make the named.conf put the cache file in the right place start named (ndc start) check syslog to see if it worked (tail /var/log/messages) (show how to add a zone) (1 - add zone statement to named.conf 2 - create new zone db file) (hint, copy an existing db file) (show how to delegate a zone) (Just add an NS record that points at a subdomain) Q&A Q: What is a lame server? A: A server that is not answering as an authority for a zone when it should be. Q: Can I use a CNAME in the db file where it expects a hostname (i.e. NS records) A: No. Things will not work and you'll have a hard time figuring out why. Q: What is the minimum setup needed for a simple caching only nameserver? A: the "." hintzone in named.conf and the . cache db file. The file is made available by InterNIC at ftp://ftp.rs.internic.net/domain/named.root. Q: A kill -HUP or ndc reload doesn't clear the nameserver cache A: Cache is only cleared by killing and restarting named
Here is a sample db file:
;
; /etc/named.conf snippet:
;
; zone "example.com" {
; type master;
; file "db.example";
; };
;
; Sample zone that uses ns1.example.com as the SOA.
; root@example.com is the hostmaster for the zone
;
; Other nameservers will cache our answers for 1 day (our TTL)
;
; ns1 and ns2.example.com are the authoritative nameservers
;
; example.com has 10.0.0.1 as an assigned IP address.
; domains don't need an A record to be valid
;
; TXT and HINFO records are informative and completely optional
;
; email to user@example.com, user@www.example.com, and user@shell.example.com
; goes to mail.example.com. (Sendmail on mail.example.com needs to have
; Cwexample.com, Cwwww.example.com, and Cwshell.example.com in its
; sendmail.cf file for this to be work (aka Host Aliases))
;
; its perfectly okay to have multiple A records with the same IP address
$TTL 1d
example.com. IN SOA ns1.example.com. root.example.com. (
2000091600 ; Serial
3h ; Refresh
1h ; Retry
7d ; Expire
1d ) ; Minimum TTL
IN NS ns1.example.com.
IN NS ns2.example.com.
IN A 10.0.0.1
IN MX 10 mail.example.com.
IN HINFO "Pentium" "Linux"
IN TXT "My example DNS zone"
www IN CNAME example.com.
shell IN A 10.0.0.2
IN MX 10 mail.example.com.
mail IN A 10.0.0.3
pop IN A 10.0.0.3
IN TXT "POP mail server"
ns1 IN A 10.0.0.4
ns2 IN A 10.0.0.5