DNS configuration in Linux

7/29/2019 DNS configuration in Linux

1/4

Red Hat Linux 7

Unleashed

By William Ball

Table of Contents

Copyright

About the Lead Authors

About the Contributing

Authors

Acknowledgments

Tell Us What You Think!

Introduction

I. Red Hat Linux Installation

and User Services

Chapter 1. Introduction to Red

Hat Linux

Chapter 2. Installation of Your

Red Hat System

Chapter 3. LILO and Other

Boot Managers

Chapter 4. Configuring the X

Window System, Version 11

Chapter 5. Window Managers

Chapter 6. Connecting to the

Internet

Chapter 7. IRC, ICQ, and

Chat Clients

Chapter 8. Using Multimedia

and Graphics Clients

II. Configuring Services

Chapter 9. System Startup

and Shutdown

Chapter 10. SMTP and

Protocols

Chapter 11. FTP

Chapter 12. Apache Server

Chapter 13. Internet News

Chapter 14. Domain Name

Service and Dynamic Host

Configuration Protocol

A Brief History of the

Internet

A Word About This

Chapter's Examples

Important DNS Facts and

Concepts

DNS Server

Configuration Files

Configuring DNS Server Master Zones

As mentioned earlier, DNS comes in three flavors:

Master (also called primary)

Slave (also called secondary)

Caching-only

We discussed creating a caching-only server earlier in the chapter. Caching-only servers cannot answer queries, but can only pass

those queries on to other servers with master or slave zones that are authoritative over the domain in question. However, all DNS

servers should be configured to perform caching functions.

Now let's turn our attention to adding DNS server master zones. A DNS server master zone can answer queries about its domain

without querying other servers, because its data resides on the local hard disk. A DNS server master zone is considered to have

the most up-to-date records for all the hosts in that domain.

Adding Local Domain Resolution

Earlier in the chapter you created a caching-only DNS residing on the hypothetical host mainserv at address 192.168.100.1 in

domain domain.cxm. Assume that this same subnet has host mydesk at 192.168.100.2. It's an easy task to add local domain

resolution, using master zones. Here is the basic procedure:

1. Add master zone domain.cxm to named.conf , pointing to zone data file named.domain.cxm .

2. Add master zone 100.168.192-in-addr.arpa to named.conf, pointing to zone data file named.192.168.100 .

3. Create zone data file named.domain.cxm , resolving both hosts, sendmail and www.

4. Create reverse zone data file named.192.168.100 , resolving both IP addresses.

5. Restart named.

6. Test and troubleshoot.

NOTE

Anytime you modify a zone data file, you must be sure to increment that file's serial number. The serial number is the first number

after the first opening parenthesis and is usually expressed as yyyymmdd## to give you 100 chances per day to increase it.

Never use a serial number greater than 2147483647, because it will overflow the 32-bit internal representation of the serial number.

This would produce a very hard-to-find bug, as your secondaries get bogus serials and won't update as needed. Fortunately, this

will no longer be an issue by the year 2147 because compilers and operating systems will accommodate much bigger numbers

than 32 bits.

Obviously, serial numbers must never be more than 10 digits and must never include non-numerics.

Failure to increment it will result in various slave and cache DNS servers failing to pick up your modifications. It must be

incremented, not changed to a lesser value.

When you're creating a brand new zone data file, the best practice is to set its serial number to the present date, revision 0. For

instance, if you create it on February 21, 2002, the serial number for the new file should be 2002022100 .

Add Zone domain.cxmto named.confAdd the following code to /etc/named.conf :

zone "domain.cxm" { #DNS for all host this domain

type master; #file on this host

file "named.domain.cxm"; #dns file for domain

};

This says to refer any name or FQDN in domain domain.cxm to the data in named.domain.cxm , which, due to the type

master; statement, is input to the DNS server, not output from it and not an intermediate file. Note that the text to the right of the

pound signs (#) are comments. Next, create file named.domain.cxm .

Add Master Zone 100.168.192-in-addr.arpa to named.conf

Add the following code to /etc/named.conf :

the trusted technology learning source

View Your CartAccount Sign In

Topics Store Authors Safari Books Online Imprints Explore

Page 1 of 4Red Hat Linux 7 Unleashed | Configuring DNS Server Master Zones | InformIT

1/27/2013http://www.informit.com/library/content.aspx?b=red_hat_linux7&seqNum=129


2/4

Configuring resolv.conf

with linuxconf

A Trivial Caching DNS

Configuring DNS

Server Master Zones

Delegating Authority

Adding a Slave DNS

Server

Troubleshooting DNS

DNS Resources

Automatically Configuring

Clients with DHCP

Summary

Chapter 15. NIS: Network

Information Service

Chapter 16. NFS: Network

Filesystem

Chapter 17. Samba

III. System Administration and

Management

Chapter 18. LinuxFilesystems, Disks, and Other

Devices

Chapter 19. Printing with

Linux

Chapter 20. TCP/IP Network

Management

Chapter 21. Linux System

Administration

Chapter 22. Backup and

Restore

Chapter 23. System Security

IV. Red Hat Development and

Productivity

Chapter 24. Linux C/C++

Programming Tools

Chapter 25. Shell Scripting

Chapter 26. Automating

Tasks

Chapter 27. Configuring and

Building Kernels

Chapter 28. Emulators, Tools,

and Window Clients

V. Appendixes

A. The Linux Documentation

Project

B. Top Linux Commands andUtilities

C. The GNU General Public

License

D. Red Hat Linux RPM

Package Listings

zone "100.168.192.in-addr.arpa" { #DNS for all IP's in subnet

type master; #file on this host

file "named.192.168.100"; #DNS file for this subnet

};

The preceding says to refer any IP address in the 192.168.100 subnet to the data in named.192.168.100 , which resides

in /var/named as specified by directory clause in the options statement of /etc/named.conf . See Listing 14.1 in the

section DNS Server Configuration Files earlier in this chapter.

Create Zone Data File named.domain.cxm

Create the following /var/named/named.domain.cxm :

@ IN SOA mainserv.domain.cxm. hostmaster.domain.cxm. (

2000072001 ; Serial

28800 ; Refresh

14400 ; Retry

3600000 ; Expire

86400 ) ; Minimum

IN NS mainserv

IN MX 10 mainserv

mainserv IN A 192.168.100.1

mydesk IN A 192.168.100.2

www IN CNAME mainserv

Nameserver mainserv.domain.cxm has authority over zone @, which, via the zone call in named.conf , is set to domain.cxm .

The information between the parentheses contains timing details explained earlier in this chapter. A single nameserver (NS) for @

(domain.cxm) is at mainserv. mainserv handles the mail (MX) for domain.cxm . The mainserv and mydesk hosts in

domain.cxm have addresses 192.168.100.1and 192.168.100.2 , respectively. Alias www refers to mainserv, which by a

previous line is set to 192.168.100.1 .

The IN NS and IN MX statements have no name identifier in column 1. An IN item lacking a name identifier defaults to the name

identifier of the last statement possessing an identifier, which in this case is the top line.

The preceding zone data file is built for simplicity. Real-life servers have an ns IN A 192.168.100.1 type line so they can call

the nameserver ns in all files. That way, if the nameserver is changed from mainserv to mydesk, the only required change in any

file is the ns IN A line. Real-life zones also have at least two IN NS lines, so if one nameserver goes down, the other one picks

up the slack.

Note that syntax is important, especially because zone data file syntax is different from boot file syntax. All name identifiers must be

in column 1. All periods (.) are vital because a name ending in a period is considered absolute, while a

name not ending in a period is considered relative to the @ symbol, which is substituted by the

domain from the named.conf zone record.

Create Reverse Zone Data File named.192.168.100

Create the following named.192.168.100:


2000072001 ; Serial

28800 ; Refresh

14400 ; Retry

3600000 ; Expire

86400 ) ; Minimum

IN NS mainserv.domain.cxm.

1 IN PTR mainserv.domain.cxm.

2 IN PTR mydesk.domain.cxm.

In the preceding, the @ at the start stands for what was called from /etc/named.conf, in this

case 100.168.192.in-addr.arpa. The 1 and 2 in the name field at the bottom are prepended to that,

so the full reverse domains are 1.100.168.192.in-addr.arpa, which resolves to

mainserv.domain.cxm, and 2.100.168.192.in-addr.arpa, which resolves to mydesk.domain.cxm.

Restart named, and then Test and TroubleshootRestart with this command:

# /etc/rc.d/init.d/named restart

It could take a few minutes for this command to finish.

Once it finishes, test it. First, try accessing the machine with telnet and make sure you get the

login: prompt within a second or two. If telnet hangs, investigate your reverse DNS zones and

reverse DNS zone data files.

Next, try running the following commands:




3/4

ping 192.168.100.1

ping 192.168.100.2

Do each ping from each server. If any IP ping fails, there's a network connectivity problem that

must be solved before you attempt to activate DNS. Once connectivity is proved, do the following:

ping mainserv

ping mydesk

ping mainserv.domain.cxm.

ping mydesk.domain.cxm.

ping www.domain.cxm.

NOTE

If the fully qualified domain names (that is, mydesk.domain.cxm) succeed but the server names

(that is, mainserv) fail, check to make sure you have the proper search statement

in /etc/resolv.conf. It's the search domain.cxm line that enables resolution of the hostname

alone.

If the preceding ping commands succeed, it confirms a working DNS. If not, troubleshoot (covered

later in this section). The following nslookup commands add further confirmation if they succeed,

don't hang, and deliver the right IP address:

nslookup mainserv

nslookup mydesk

nslookup mainserv.domain.cxm.

nslookup mydesk.domain.cxm.

nslookup www.domain.cxm.

nslookup 192.168.100.1

nslookup 192.168.100.2

Each command should quickly deliver the expected results. If you have sendmail up and running,

test the IN MX statements with email operations.

Troubleshooting is essentially the process of elimination. Try to determine whether it's the

forward or reverse lookup that is giving you problems. Try to narrow it down to a single domain,

server, or IP. Use ping to make sure you have network connectivity.

Adding Virtual Domain Resolution

Not all IP addresses denote actual hardware. Some are alias addresses intended to represent Web

sites. These Web sites are sometimes granted individual alias IP addresses. Here are the steps to

add a virtual domain (in the existing subnet):

1. Create the zone in named.conf.

2. Create a new zone data file.

3. Add an IN PTR line to the existing reverse DNS file for the subnet.

4. Restart named.

In the following example, add domain vdomain.cxm at IP address 192.168.100.101. This IP address

is created by the following command:

# /sbin/ifconfig eth0:0 192.168.100.101 netmask 255.255.255.0

This IP is made into a virtual host Web site in /etc/httpd/conf/httpd.conf, so all it needs is a

domain name. Assuming you want to give 192.168.100.101 the name vdomain.cxm, add the following

zone to named.conf:

zone "vdomain.cxm" { #DNS for virtual domain

type master; #file is on this host

file "named.vdomain.cxm"; #dns file for domain

};

As you can see, the zone data file is named.vdomain.cxm. Create that file as follows:


2000072001 ; Serial

28800 ; Refresh

14400 ; Retry

3600000 ; Expire

86400 ) ; Minimum

IN NS mainserv.domain.cxm.

@ IN A 192.168.100.101

www IN CNAME @




4/4

Share This

Read the preceding as follows: mainserv.domain.cxm has authority over @ (vdomain.cxm). The

nameserver for @ is mainserv.domain.cxm, and vdomain.cxm (@) has the address 192.168.100.101, as

does http://www.vdomain.cxm .

The reason both vdomain.cxm and http://www.vdomain.cxm are resolved is so they can be accessed as

http://vdomain.cxm or http://www.vdomain.cxm .

Now add the reverse DNS for the virtual domain with this line in named.192.168.100:

001 101 IN PTR vdomain.cxm.

002

NOTE

The preceding example placed the virtual domain in the host's subnet. It can be in a different

subnet (and often is). In that case, a new reverse DNS zone data file must be set up for the

additional subnet, and several routing and forwarding steps must be taken so the different subnet

is visible to browsers around the world.

Once again, test your work with nslookup and any other DNS diagnostic tools you might be using.

Delegating Authority | Next SectionPrevious Section

2013 Pearson Education, Informit. All rights reserved.

800 East 96th Street, Indianapolis, Indiana 46240

About Affiliates Contact Us Jobs Legal Notice Privacy Policy Press Promotions Site Map Write for Us


1/27/2013http://www informit com/library/content aspx?b red hat linux7&seqNum 129

Documents

DNS configuration in Linux