Upload
buntha-chhay
View
221
Download
0
Embed Size (px)
Citation preview
7/29/2019 DNS configuration in Linux
1/4
Red Hat Linux 7
Unleashed
By William Ball
Table of Contents
Copyright
About the Lead Authors
About the Contributing
Authors
Acknowledgments
Tell Us What You Think!
Introduction
I. Red Hat Linux Installation
and User Services
Chapter 1. Introduction to Red
Hat Linux
Chapter 2. Installation of Your
Red Hat System
Chapter 3. LILO and Other
Boot Managers
Chapter 4. Configuring the X
Window System, Version 11
Chapter 5. Window Managers
Chapter 6. Connecting to the
Internet
Chapter 7. IRC, ICQ, and
Chat Clients
Chapter 8. Using Multimedia
and Graphics Clients
II. Configuring Services
Chapter 9. System Startup
and Shutdown
Chapter 10. SMTP and
Protocols
Chapter 11. FTP
Chapter 12. Apache Server
Chapter 13. Internet News
Chapter 14. Domain Name
Service and Dynamic Host
Configuration Protocol
A Brief History of the
Internet
A Word About This
Chapter's Examples
Important DNS Facts and
Concepts
DNS Server
Configuration Files
Configuring DNS Server Master Zones
As mentioned earlier, DNS comes in three flavors:
Master (also called primary)
Slave (also called secondary)
Caching-only
We discussed creating a caching-only server earlier in the chapter. Caching-only servers cannot answer queries, but can only pass
those queries on to other servers with master or slave zones that are authoritative over the domain in question. However, all DNS
servers should be configured to perform caching functions.
Now let's turn our attention to adding DNS server master zones. A DNS server master zone can answer queries about its domain
without querying other servers, because its data resides on the local hard disk. A DNS server master zone is considered to have
the most up-to-date records for all the hosts in that domain.
Adding Local Domain Resolution
Earlier in the chapter you created a caching-only DNS residing on the hypothetical host mainserv at address 192.168.100.1 in
domain domain.cxm. Assume that this same subnet has host mydesk at 192.168.100.2. It's an easy task to add local domain
resolution, using master zones. Here is the basic procedure:
1. Add master zone domain.cxm to named.conf , pointing to zone data file named.domain.cxm .
2. Add master zone 100.168.192-in-addr.arpa to named.conf, pointing to zone data file named.192.168.100 .
3. Create zone data file named.domain.cxm , resolving both hosts, sendmail and www.
4. Create reverse zone data file named.192.168.100 , resolving both IP addresses.
5. Restart named.
6. Test and troubleshoot.
NOTE
Anytime you modify a zone data file, you must be sure to increment that file's serial number. The serial number is the first number
after the first opening parenthesis and is usually expressed as yyyymmdd## to give you 100 chances per day to increase it.
Never use a serial number greater than 2147483647, because it will overflow the 32-bit internal representation of the serial number.
This would produce a very hard-to-find bug, as your secondaries get bogus serials and won't update as needed. Fortunately, this
will no longer be an issue by the year 2147 because compilers and operating systems will accommodate much bigger numbers
than 32 bits.
Obviously, serial numbers must never be more than 10 digits and must never include non-numerics.
Failure to increment it will result in various slave and cache DNS servers failing to pick up your modifications. It must be
incremented, not changed to a lesser value.
When you're creating a brand new zone data file, the best practice is to set its serial number to the present date, revision 0. For
instance, if you create it on February 21, 2002, the serial number for the new file should be 2002022100 .
Add Zone domain.cxmto named.confAdd the following code to /etc/named.conf :
zone "domain.cxm" { #DNS for all host this domain
type master; #file on this host
file "named.domain.cxm"; #dns file for domain
};
This says to refer any name or FQDN in domain domain.cxm to the data in named.domain.cxm , which, due to the type
master; statement, is input to the DNS server, not output from it and not an intermediate file. Note that the text to the right of the
pound signs (#) are comments. Next, create file named.domain.cxm .
Add Master Zone 100.168.192-in-addr.arpa to named.conf
Add the following code to /etc/named.conf :
the trusted technology learning source
View Your CartAccount Sign In
Topics Store Authors Safari Books Online Imprints Explore
Page 1 of 4Red Hat Linux 7 Unleashed | Configuring DNS Server Master Zones | InformIT
1/27/2013http://www.informit.com/library/content.aspx?b=red_hat_linux7&seqNum=129
7/29/2019 DNS configuration in Linux
2/4
Configuring resolv.conf
with linuxconf
A Trivial Caching DNS
Configuring DNS
Server Master Zones
Delegating Authority
Adding a Slave DNS
Server
Troubleshooting DNS
DNS Resources
Automatically Configuring
Clients with DHCP
Summary
Chapter 15. NIS: Network
Information Service
Chapter 16. NFS: Network
Filesystem
Chapter 17. Samba
III. System Administration and
Management
Chapter 18. LinuxFilesystems, Disks, and Other
Devices
Chapter 19. Printing with
Linux
Chapter 20. TCP/IP Network
Management
Chapter 21. Linux System
Administration
Chapter 22. Backup and
Restore
Chapter 23. System Security
IV. Red Hat Development and
Productivity
Chapter 24. Linux C/C++
Programming Tools
Chapter 25. Shell Scripting
Chapter 26. Automating
Tasks
Chapter 27. Configuring and
Building Kernels
Chapter 28. Emulators, Tools,
and Window Clients
V. Appendixes
A. The Linux Documentation
Project
B. Top Linux Commands andUtilities
C. The GNU General Public
License
D. Red Hat Linux RPM
Package Listings
zone "100.168.192.in-addr.arpa" { #DNS for all IP's in subnet
type master; #file on this host
file "named.192.168.100"; #DNS file for this subnet
};
The preceding says to refer any IP address in the 192.168.100 subnet to the data in named.192.168.100 , which resides
in /var/named as specified by directory clause in the options statement of /etc/named.conf . See Listing 14.1 in the
section DNS Server Configuration Files earlier in this chapter.
Create Zone Data File named.domain.cxm
Create the following /var/named/named.domain.cxm :
@ IN SOA mainserv.domain.cxm. hostmaster.domain.cxm. (
2000072001 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS mainserv
IN MX 10 mainserv
mainserv IN A 192.168.100.1
mydesk IN A 192.168.100.2
www IN CNAME mainserv
Nameserver mainserv.domain.cxm has authority over zone @, which, via the zone call in named.conf , is set to domain.cxm .
The information between the parentheses contains timing details explained earlier in this chapter. A single nameserver (NS) for @
(domain.cxm) is at mainserv. mainserv handles the mail (MX) for domain.cxm . The mainserv and mydesk hosts in
domain.cxm have addresses 192.168.100.1and 192.168.100.2 , respectively. Alias www refers to mainserv, which by a
previous line is set to 192.168.100.1 .
The IN NS and IN MX statements have no name identifier in column 1. An IN item lacking a name identifier defaults to the name
identifier of the last statement possessing an identifier, which in this case is the top line.
The preceding zone data file is built for simplicity. Real-life servers have an ns IN A 192.168.100.1 type line so they can call
the nameserver ns in all files. That way, if the nameserver is changed from mainserv to mydesk, the only required change in any
file is the ns IN A line. Real-life zones also have at least two IN NS lines, so if one nameserver goes down, the other one picks
up the slack.
Note that syntax is important, especially because zone data file syntax is different from boot file syntax. All name identifiers must be
in column 1. All periods (.) are vital because a name ending in a period is considered absolute, while a
name not ending in a period is considered relative to the @ symbol, which is substituted by the
domain from the named.conf zone record.
Create Reverse Zone Data File named.192.168.100
Create the following named.192.168.100:
@ IN SOA mainserv.domain.cxm. hostmaster.domain.cxm. (
2000072001 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS mainserv.domain.cxm.
1 IN PTR mainserv.domain.cxm.
2 IN PTR mydesk.domain.cxm.
In the preceding, the @ at the start stands for what was called from /etc/named.conf, in this
case 100.168.192.in-addr.arpa. The 1 and 2 in the name field at the bottom are prepended to that,
so the full reverse domains are 1.100.168.192.in-addr.arpa, which resolves to
mainserv.domain.cxm, and 2.100.168.192.in-addr.arpa, which resolves to mydesk.domain.cxm.
Restart named, and then Test and TroubleshootRestart with this command:
# /etc/rc.d/init.d/named restart
It could take a few minutes for this command to finish.
Once it finishes, test it. First, try accessing the machine with telnet and make sure you get the
login: prompt within a second or two. If telnet hangs, investigate your reverse DNS zones and
reverse DNS zone data files.
Next, try running the following commands:
Page 2 of 4Red Hat Linux 7 Unleashed | Configuring DNS Server Master Zones | InformIT
1/27/2013http://www.informit.com/library/content.aspx?b=red_hat_linux7&seqNum=129
7/29/2019 DNS configuration in Linux
3/4
ping 192.168.100.1
ping 192.168.100.2
Do each ping from each server. If any IP ping fails, there's a network connectivity problem that
must be solved before you attempt to activate DNS. Once connectivity is proved, do the following:
ping mainserv
ping mydesk
ping mainserv.domain.cxm.
ping mydesk.domain.cxm.
ping www.domain.cxm.
NOTE
If the fully qualified domain names (that is, mydesk.domain.cxm) succeed but the server names
(that is, mainserv) fail, check to make sure you have the proper search statement
in /etc/resolv.conf. It's the search domain.cxm line that enables resolution of the hostname
alone.
If the preceding ping commands succeed, it confirms a working DNS. If not, troubleshoot (covered
later in this section). The following nslookup commands add further confirmation if they succeed,
don't hang, and deliver the right IP address:
nslookup mainserv
nslookup mydesk
nslookup mainserv.domain.cxm.
nslookup mydesk.domain.cxm.
nslookup www.domain.cxm.
nslookup 192.168.100.1
nslookup 192.168.100.2
Each command should quickly deliver the expected results. If you have sendmail up and running,
test the IN MX statements with email operations.
Troubleshooting is essentially the process of elimination. Try to determine whether it's the
forward or reverse lookup that is giving you problems. Try to narrow it down to a single domain,
server, or IP. Use ping to make sure you have network connectivity.
Adding Virtual Domain Resolution
Not all IP addresses denote actual hardware. Some are alias addresses intended to represent Web
sites. These Web sites are sometimes granted individual alias IP addresses. Here are the steps to
add a virtual domain (in the existing subnet):
1. Create the zone in named.conf.
2. Create a new zone data file.
3. Add an IN PTR line to the existing reverse DNS file for the subnet.
4. Restart named.
In the following example, add domain vdomain.cxm at IP address 192.168.100.101. This IP address
is created by the following command:
# /sbin/ifconfig eth0:0 192.168.100.101 netmask 255.255.255.0
This IP is made into a virtual host Web site in /etc/httpd/conf/httpd.conf, so all it needs is a
domain name. Assuming you want to give 192.168.100.101 the name vdomain.cxm, add the following
zone to named.conf:
zone "vdomain.cxm" { #DNS for virtual domain
type master; #file is on this host
file "named.vdomain.cxm"; #dns file for domain
};
As you can see, the zone data file is named.vdomain.cxm. Create that file as follows:
@ IN SOA mainserv.domain.cxm. hostmaster.domain.cxm. (
2000072001 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS mainserv.domain.cxm.
@ IN A 192.168.100.101
www IN CNAME @
Page 3 of 4Red Hat Linux 7 Unleashed | Configuring DNS Server Master Zones | InformIT
1/27/2013http://www.informit.com/library/content.aspx?b=red_hat_linux7&seqNum=129
7/29/2019 DNS configuration in Linux
4/4
Share This
Read the preceding as follows: mainserv.domain.cxm has authority over @ (vdomain.cxm). The
nameserver for @ is mainserv.domain.cxm, and vdomain.cxm (@) has the address 192.168.100.101, as
does http://www.vdomain.cxm .
The reason both vdomain.cxm and http://www.vdomain.cxm are resolved is so they can be accessed as
http://vdomain.cxm or http://www.vdomain.cxm .
Now add the reverse DNS for the virtual domain with this line in named.192.168.100:
001 101 IN PTR vdomain.cxm.
002
NOTE
The preceding example placed the virtual domain in the host's subnet. It can be in a different
subnet (and often is). In that case, a new reverse DNS zone data file must be set up for the
additional subnet, and several routing and forwarding steps must be taken so the different subnet
is visible to browsers around the world.
Once again, test your work with nslookup and any other DNS diagnostic tools you might be using.
Delegating Authority | Next SectionPrevious Section
2013 Pearson Education, Informit. All rights reserved.
800 East 96th Street, Indianapolis, Indiana 46240
About Affiliates Contact Us Jobs Legal Notice Privacy Policy Press Promotions Site Map Write for Us
Page 4 of 4Red Hat Linux 7 Unleashed | Configuring DNS Server Master Zones | InformIT
1/27/2013http://www informit com/library/content aspx?b red hat linux7&seqNum 129