DNS Administration

Topics

Name Services
Name Service Configuration
Setting Up a DNS Server
DNS Utilities

Assignment

Name Services

Scheme for storing and accessing IP Address/Name mappings
Berkeley Internet Name Domain (BIND)

Setting up a domain
- Go to www.internic.net and then to one of the providers, primarily Network Solutions.
- Register the domain (e.g. dogbreath.com)
- Provide the IP address of two primary domain name servers
- Pay $70 for two years of usage
Setting up a subdomain
- Assign address space segments and names and set up domain name servers. For example, establish fleas.dogbreath.com as one of your subdomains and specify one or more domain name servers. One could be the primary for the dogbreath.com domain.
Setting up a host
- Assign and IP address and name. They must be unique over the connected network.
- Put it into the domain name table.
Assignment
- What happens if you type in "nslookup esus.cs.montana.edu"?
- What happens if you type in "nslookup dogbreath.com"?
- What happens if you type in "nslookup www.algore.com" or nslookup "www.georgebush.com"?
- Try the following (run nslookup and then try the following commands)
- Try the following
- Try the following
- Try the following

Name Services

Resolver Configuration

The first thing you need to do in configure the resolver. This is the critter that responds to requests for gethostbyname and gethostbyaddr.

host.conf

order hosts,bind multi on trim montana.edu

order = order to try various services (hosts, bind, nis)
hosts only means no name services, just a hosts file.
multi = can hosts be multihomed (more than one IP address)
nospoof on/off = thwart attempts to fake name/address mappings
alert - write a syslog message is anyone tries to spoof
trim string = remove the string from all addresses before looking in /etc/hosts. Multiple trims can be used so that multiple domains can be searched. This is not particularly good.
Environment overrides
- RESOLV_HOST_CONF - replacement for /etc/host.conf
- RESOLV_SERV_ORDER - overrides order
- RESOLV_SPOOF_CHECK - overrides spoof (off, warn, warn off)
- RESOLV_MULTI - overrides multi
- RESOLV_OVERRIDE_TRIM_DOMAINS - list of trim domains
- RESOLV_ADD_TRIM_DOMAINS - list of trim domains

BIND Configuration

resolv.conf
- Which name server to use for BIND lookups domain cs.montana.edu search csnet.montana.edu nameserver 153.90.192.10 nameserver 153.90.2.15
- domain - what is the local domain
- search - list of domains to search (up to 6) for a match
- nameserver - IP address of a nameserver; taken in order (up to 3)

Using linuxconf

DNS Configuration

Setting Up a DNS Server

In order to set up your own DNS server, you need to make sure that you don't create problems for anyone else, so check with your domain administrator. There are 3 types of DNS servers - caching only, secondary and primary. A caching server caches the DNS name tables, but does not provide authoritative responses for any domain. Primary name servers and secondary name servers are registered as authoritative for a particular zone, which means some domain. There is a primary and secondary nameserver registered for montana.edu, and a primary and secondary for cs.montana.edu. In addition, there can be as many caching nameservers as you want for any zone and they are not registered.

For example,

Primary DNS servers have hard-coded tables of name-address mappings that have to be kept up to date. Secondary servers get their tables from the primary servers. Caching only servers get their's by remembering the addresses they've looked up.

Running named

named is the name server and usually runs from system startup. It accepts requests from other hosts and replies.
Configured with named.conf and writes /var/run/named.pid.
If a secondary server, download the zone files from the primary server.

rndc

rndc (Remote Name Daemon Controller) is a service that allows control of the the behavior of the name server. We will discuss it more later, but the name does appear in the configuration of named. Without rndc many maintenance tasks would have to be carried out manually. rndc replaces ndc but does not have all the functionality at this point.

Configuring named.conf

Master Server

Slave Server

Caching Server

The default files that you might get on your Linux system are:

Default caching /etc/named.conf

local loopback reverse file

Typical hint file for root servers

local loopback forward file

The DNS Database Files (Zone Files)

The zone files for DNS are composed of a set of records which provide a variety of information for the name server.

Standard Resource Record (RR) formats
- SOA - Start of Authority - beginning of zone data
- NS - Name Server - Identity of zone name server
- A - Host name to address mapping
- PTR - Address to host name (reverse) data
- MX - Mail exchange
- CNAME - Canonical name
- HINFO - Host hardware and OS Be carful!!
- WKS - Well known service (unused)

The order of the records in the file is SOA records, then NS records then any other necessary records.

The resource records have the format:

[domain name] [ttl] [class] type data

domain of the RR - e.g. cs.montana.edu (if not given, the same as the previous RR). If a name or ip address ends in a period, it indicates that it is complete. If it doesn't, it implies that the name needs to be completed with a domain. More on this later.
ttl - time to live seconds
class - what kind of record (IN = IP address, etc)
type - type of RR, described below
data - the data, which depends on the class and type

SOA (start of authority) - the following records contain data for this zone. SOA origin contact serial refresh retry expire minimum @ IN SOA cs.montana.edu admin.cs.montana.edu ( 10 ; serial number 86400 ; refresh once per pay 3600 ; retry once per day for secondary 360000 ; expire in 42 days for secondary 604800 ; minimum ttl, 1 week

NS - name server identifier
NS name IN NS ercax1.coe.montana.edu

A (Address) - the following record contains a mapping for the domain specified in the last SOA. name class A address esus IN A 153.90.192.1 cslab08 IN A 153.90.199.8

PTR (Reverse) - the following record contains a mapping for the domain specified in the last SOA. address class PTR name 1.192 IN PTR esus.cs.montana.edu 8.199 IN PTR cslab08.csnet.montana.edu

CNAME (Canonical name) - an alias name class CNAME domain-name esus IN A 153.90.192.1 www IN CNAME esus

MX (Mail exchange) - identifies a mail exchange for a domain MX name IN MX mail.cs.montana.edu

DNS Configuration Example

Lab Machine Example

Configure one of the hosts in the lab to be the master name server for a zone named csnet.org that contains all the lab systems.

/etc/named.conf

/var/named/csnet.db

/var/named/csnet-rev.db

named runs as user and group named by defaults, so /var/named and all files under it should be named.named ownership.

y2k Domain Example

/etc/named.boot

; directory /var/named cache . y2k.ca ; ; primary for y2k domain ; primary y2k.org y2k.hosts primary 66.160.in-addr.arpa y2k.rev primary 0.0.127.in-addr.arpa y2k.local ; ; secondary for y2k.survivor addresses ; secondary survivor.y2k.org 160.66.50.1 survivor.hosts secondary 50.66.160.in-addr.arpa 160.66.50.1 survivor.rev

/etc/named.conf

y2k.ca

; Root domain servers ; . 99999999 IN NS terp.umd.org. . 99999999 IN NS aos.brl.mil. . 99999999 IN NS c.nyser.net. . 99999999 IN NS ns.nasa.gov. . 99999999 IN NS ns.nic.ddn.mil. . 99999999 IN NS a.isi.org. . 99999999 IN NS nic.nordu.net. ' terp.umd.org. 99999999 IN A 128.8.10.90 aos.brl.mil. 99999999 IN A 195.5.25.82 c.nyser.net. 99999999 IN A 192.33.4.12 ns.nasa.gov. 99999999 IN A 192.52.195.10 ns.nic.ddn.mil. 99999999 IN A 192.67.67.53 a.isi.org. 99999999 IN A 128.9.0.107 a.isi.org. 99999999 IN A 26.3.0.103 nic.nordu.org. 99999999 IN A 192.36.148.17

y2k.local

@ IN SOA y2k.org admin.y2k.org ( 1 ; serial 36000 ; refresh 100 hours 3600 ; retry every hour 3600000 ; expire after 1000 3600 ; ttl is 100 hours ) IN NS dns.y2k.org. 1 IN PTR localhost.

y2k.hosts

@ IN SOA y2k.org admin.y2k.org ( 1 ; serial 43200 ; refresh 12 hours 3600 ; retry every hour 3600000 ; expire after 1000 2592000 ; ttl 72 hours ) ; nameservers IN NS dns.y2k.org. IN NS server.y2k.org. IN NS fallback.y2k.org. ; mail servers for y2k.org IN MX 1 server.y2k.org. IN MX 10 disaster.y2k.org. ; local hosts localhost IN A 127.0.0.1 disaster IN A 160.66.199.1 IN MX 10 160.66.199.1 catastrophe IN CNAME disaster.y2k.org. oblivion IN A 160.66.20.12 bombshell IN A 160.66.20.22 bugs IN A 160.66.20.43 tweety IN A 160.66.20.50 armageddon IN A 160.66.150.13 ; mailserver for user@armegeddon.y2k.org addresses IN MX 1 server.y2k.org testlab01 IN A 160.66.150.101 testlab02 IN A 160.66.150.102 testlab03 IN A 160.66.150.103 testlab04 IN A 160.66.150.104 printer IN A 160.66.100.36 dns IN A 160.66.100.100 server IN A 160.66.100.120 IN MX 1 160.66.100.120 www IN CNAME server.y2k.montana.org. millenium IN CNAME server.y2k.montana.org. ; glue records for subdomains within this domain. In this ; case, survivor is a subdomain of y2k dns.survivor IN A 160.66.50.1 survivor IN NS dns.survivor.y2k.org. IN NS fallback.y2k.org

y2k.rev

@ IN SOA y2k.org admin.y2k.org ( 1 ; serial 43200 ; refresh 12 hours 3600 ; retry every hour 3600000 ; expire after 1000 2592000 ; ttl 72 hours ) ; nameservers IN NS dns.y2k.org. IN NS server.y2k.org. IN NS fallback.y2k.org. ; reverse addresses 1.199 IN PTR disaster.y2k.org 12.20 IN PTR bombshell.y2k.org 22.20 IN PTR bugs.y2k.org 43.20 IN PTR tweety.y2k.org 12.150 IN PTR armageddon.y2k.org 101.150 IN PTR testlab01.y2k.org 102.150 IN PTR testlab02.y2k.org 103.150 IN PTR testlab03.y2k.org 104.150 IN PTR testlab04.y2k.org 36.100 IN PTR printer.y2k.org 100.100 IN PTR dns.y2k.org 120.100 IN PTR server.y2k.org ; nameservers for subdomain 50 IN NS dns.survivor.y2k.org IN NS omegaman.survivor.y2k.org

DNS Utilities

rndc - name daemon control program

rndc start
rndc restart
When starting named, watch /var/log/messages for help in determining why it doesn't work.

nslookup

nslookup [host or ip address] - direct lookup
nslookup - interactive
- host [server] - lookup host on (optionally) server
- server domain - change the server to the authoritative server for the given domain
- root - - change server to the root server (ns.internic.net)
- ls domain [option] [> filename] - list domain
  - -t querytype - specify the query type (A, CNAME, HINFO, MINFO, MX, NS, PTR, SOA, TXT, UINFO, WKS) A is the default.
- set keyword [=value] - change state information for lookups
  - all - print current values
  - debug - turn on debugging
  - domain=name - set the default domain name
  - type=value - set type of query (see querytype)

dig

dig @server domain query-type query-class
server = the name of a domain server or ip address (optional)
domain = dns name
query type =
- a = network address
- any = all info
- mx = mail records
- ns = name server records
- soa = SOA records
- soa = SOA records
query class =
- in = Internet
- any = any domain

dig @153.90.2.15 esus.cs.montana.edu a in

; <<>> DiG 8.2 <<>> @153.90.2.15 esus.cs.montana.edu a in
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;; QUERY SECTION:
;;      esus.cs.montana.edu, type = A, class = IN

;; ANSWER SECTION:
esus.cs.montana.edu.    1D IN A         153.90.192.1
;; AUTHORITY SECTION:
cs.montana.edu.         1D IN NS        dns1.msu.montana.edu.
cs.montana.edu.         1D IN NS        coesrv.coe.montana.edu.
cs.montana.edu.         1D IN NS        dns2.msu.montana.edu.
cs.montana.edu.         1D IN NS        terra.oscs.montana.edu.

;; ADDITIONAL SECTION:
dns1.msu.montana.edu.   1D IN A         153.90.2.15
coesrv.coe.montana.edu.  1D IN A  153.90.192.10
dns2.msu.montana.edu.   2H IN A         153.90.2.80
terra.oscs.montana.edu.  2H IN A  153.90.2.1

;; Total query time: 19 msec
;; FROM: harkin.cs.montana.edu to SERVER: 153.90.2.15
;; WHEN: Wed Nov  8 14:47:51 2000
;; MSG SIZE  sent: 37  rcvd: 223

dig esus.cs.montana.edu

dig @153.90.2.15 cs.montana.edu mx

   .
   .
;; ANSWER SECTION:
cs.montana.edu.         1D IN MX        0 esus.cs.montana.edu.
   .
   .

Assignment

Due:

Here are some prototypical files that you might need to set up a system.
Set up the files to make your host a slave name server for the domain that consists of the machines in EPS 259. The ip addresses are 153.90.199.101 - 153.90.199.122. The domain name is csnet.montana.edu, which includes some other IP's as well, but you can ignore that. At this point, don't start named.
Connect your slave server to 153.90.192.44 as the master server.
Set up your system to be the master server for your own little domain, call it cs409xx, where xx is the number of your machine. For example,
In this domain, you should have only your machine and you can give it any name you want within that domain. For example, slowerthandirt.cs40988.montana.edu. You could other addresses in there as long as no other host lists you as a server. Then put your own machine in resolv.conf as a name server. Now, you should be able to do an nslookup on your host (slowerthandirt.cs40988.montana.edu).

DNS Administration

Contents

Topics

Assignment

Name Services

Setting up a domain

Setting up a subdomain

Setting up a host

Assignment

Name Services

Resolver Configuration

BIND Configuration

Using linuxconf

Setting Up a DNS Server

Running named

rndc

Configuring named.conf

The DNS Database Files (Zone Files)

DNS Configuration Example

Lab Machine Example

y2k Domain Example

/etc/named.boot

/etc/named.conf

y2k.ca

y2k.local

y2k.hosts

y2k.rev

DNS Utilities

Assignment