~ CHAPTER 12:
DNS ~
What is DNS?
DNS is a hierarchical Database, connected to zones.
Advantages: 1. easier to remember a name vs IP address
runs in the background
Pre-windows 2000 Manual entries.
Disadvantage: Huge
security hole for Linux.
Class Information:
resolv.conf (in /etc)
BIND (Berkley Internet Bind) Version 8 or higher and it will be
dynamic. Use the named^v
command to view the version #.
/etc/hosts (pico^/etc/hosts) it should look like this:
local.host.localdomain^localhost.
10.10.1.104 computer
Do not log in DNS, it will really tie up things and waste resources.
Backup the “named.ca” file since it has the cached file with all the internet files. Very slick,
not in Microsoft. This is under the /var/named directory.
Don’t forget that a file that ends with a d is a service.
Client End for DNS:
****** ON
EXAM *****
You can have a maximum of 3 Name Servers for DNS
For example, corp.com; blursky.com; and class301.com
resolve.conf in the /etc directory.
Server Side for DNS:
*** ON EXAM ***
1st thing you need is named.conf service init.d or etc.d
2nd is DNS installed, if not install @ BIND.org.
3rd is How can it be dynamic. Well you need version 8.0 or above
Need autoupdate: which will allow any; name address and local nets
var/named.conf. But version 7.10 has in /etc/named.conf as usual nothing works.
======================================================================
linux12.html PAGE
2 2002/07/18
INTRODUCTION:
Initially, IP address-to-name mapping was done through the maintenance of a hosts.txt file
that was distributed via FTP to all the machines on the Internet.
named if ends in a d is a DNS Service.
resolv.conf. Nameserver
10.10.1.100
search^nwtraders.msft
There can be a maximum if 3 name servers /file. If others search the area, list.com address.
Domains and Hosts
Up until now, you’ve likely referenced sites by their fully qualified domain name (FQDN), like this
one: www.hyperreal.org.
The central repository listing of all the primary name servers, called the root server, is the only list
of existing domains.
Subdomains
A subdomain exhibits all the properties of a domain, except that it has delegated a subsection of the
domain instead of all the hosts at a site.
When the primary name server for ucr.edu receives a request for a host name whose FQDN ends in
sc.ucr.edu, the primary forwardsw the request down to the primary name server for cs.ucr.edu.
The www is of course the host name.
Types of Servers
Primary servers are the ones considered authoritative for a particular domain.
particular domain. Clients can tell the difference between a caching server and a primary or
secondary server, because when a caching server answers a request, it answers it
nonauthoritatively”.
======================================================================
linux12.html PAGE
3 2002/07/18
Installing a DNS Server
Most Linux distributions come with the option to install a DNS server when the system is installed for
the first time. The DNS server of choice for Linux and for almost all UNIX servers is BIND, the
Berkeley Internet Name Domain server.
Download
Use the make and install commands.
Read the BIND documentation if you must make changes.
Other Information:
/etc/nsswitch.conf. file tells the system where it should look up certain kinds of configuration
information (services).
Using the NOTFOUND can speed up searches.
ACLs Access Control Lists. Allows you to specify a group of addresses as having access or no
access to your DNS server. Each group gets a name, and you can use this name in other
configuration options. The entries in an ac1 statement do not themselves change the behavior
of BIND.
The Logging Statement
The logging statement is used to specify what information you want logged, and where.
When this statement is used in conjunction with the syslog facility, you get an extremely powerful
and configurable logging system. The items logged are a number of statistics about the status of named.
By default, they are logged to the /var/log/messages file.
Statistics are defaulted to every 60 minutes. If set to 0, no statistics are generated.
Zones
A DNS zone is not the same thing as a DNS domain. The difference is subtle, but important.
Lets, review: Domains are designated along organizational boundaries. A single organization can
be separated into smaller administrative subdomains. Zones are set up in the named.conf file.
DNS needs the resolv.conf file in the /etc directory.
======================================================================
linux12.html PAGE
4 2002/07/18
Additional Options
Allow-update (dynamic) everyone can update, be careful with this one. Here are some of the options:
· check-names
· allow-update
· allow-query
· allow-transfer
· max-transfer-time-in
· notify
· also-notify
Speeds up the Internet lookups.
DNS Records Types
SOA. Start of Authority. The SOA record starts the description of a site’s DNS entries. The
format of this entry is as follows:
domain.com. Replace it with your name, nwtraders.com
IN tells the name server that this is an Internet record.
ns.domain.com is the FQDN for the name server for this domain.
hostmaster.domain.com. is the e-mail address for the domain administrator.
NS: Name Server.
A: Address Record is used for providing a mapping from host name to IP address.
PTR Pointer Record. Is used for determining reverse name resolution.
MX: Mail Exchanger. The MX record is in charge of telling other sites about your zone’s mail server.
CNAME: Canonical name. CNAME records allows you to create aliases for host names.
This is useful when you want to provide a highly available service with an easy-to remember name,
but still give the host a real name.
host.
The host tool is really the master of all DNS tools. Replaces nslookup.
dig. Similar to ping command.
Whois. Is used for determining ownership of a domain.
Summary:
· comp.protocols.dns.bind
· comp.protocols.dns.ops
· comp.protocols.dns.std