DNS - make it sample and fast


1. Preamble
In this article will try to show how to make sample DNS server. Do not expect here to see master/slave architecture, DNSSEC, sophisticated settings and so on (maybe in some late article). DNS server will serve example.net domain which is free and everyone can use it locally. Examples are based on Bind v9 and RHEL/CentOS. If you use different distribution, please consult your manuals.
2. First lets check prerequisites
[root@nsd ~]# rpm -qa |grep bind
bind-utils-9.3.6-4.P1.el5_4.2
ypbind-1.19-12.el5
bind-libs-9.3.6-4.P1.el5_4.2
bind-chroot-9.3.6-4.P1.el5_4.2
bind-9.3.6-4.P1.el5_4.2

If you do not have it installed you can do it with command
[root@nsd ~]# yum install bind-chroot

I will use chroot environment to make server a little bit more secure. But this do not change so much examples below
3. Check the directory tree
[root@nsd ~]# grep -v ^# /etc/sysconfig/named
ROOTDIR=/var/named/chroot
[root@nsd ~]# cd /var/named/chroot/
[root@nsd chroot]# tree
.
|-- dev
|   |-- null
|   |-- random
|   `-- zero
|-- etc
|   |-- localtime
|   `-- rndc.key
`-- var
    |-- log
    |-- named
    |   |-- data
    |   `-- slaves
    |-- run
    |   `-- named
    `-- tmp

10 directories, 5 files
4. Looks good so lets start with build our named.conf file
4.1. Options
options {
  directory "/var/named";
  allow-recursion {10.1.0.0/24;};
};

Base directory for files is set to be /var/named and access will be enabled from my local network IP range. Do not forget that the actual path is /var/named/chroot/var/named because of chroot environment
4.2. Root servers
zone "." {
  type hint;
  file "root.servers";
};

This is definition for servers, who will serve top level Internet zone . (dot)
4.3. Local host
zone "localhost" in{
  type master;
  file "master.localhost";
  allow-update{none;};
};
zone "0.0.127.in-addr.arpa" in{
  type master;
  file "localhost.rev";
  allow-update{none;};
};

Here is the definition for localhost zone and its corresponding reverse zone.
4.4. My zone
zone "example.net" in{
  type master;
  file "data/master.example.net";
};

I will not allow any slaves, because this will be the only DNS in to the network
4.5 My reverse zone
zone "0.1.10.IN-ADDR.ARPA" in{
  type master;
  file "10.1.0.rev";
};

I will manage locally 10.1.0 network
5. Create file named.conf and check configuration
[root@nsd chroot]# vi etc/named.conf
[root@nsd chroot]# service named configtest
_default/example.net/in: file not found
_default/localhost/in: file not found
_default/0.0.127.in-addr.arpa/in: file not found
_default/0.1.10.IN-ADDR.ARPA/in: file not found
zone example.net/IN: loading master file master.example.net: file not found
zone localhost/IN: loading master file master.localhost: file not found
zone 0.0.127.in-addr.arpa/IN: loading master file localhost.rev: file not found
zone 0.1.10.IN-ADDR.ARPA/IN: loading master file 10.1.0.rev: file not found

As it is expected zone files do not exist, but I will create them soon. Do not forget the actual place of config file is in chroot-ed environment i.e. /var/named/chroot/etc and not in /etc
at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Compressed tar archive

There are some cases when you want to create compressed tar archive but you do not have enough disk space to keep original files and tar arc...

  • Sample firewall in AIX
    To build firewall under AIX is sample, but as each host based firewall should be done careful 1. Prerequisites To start firewall in AIX yo...
  • Compressed tar archive
    There are some cases when you want to create compressed tar archive but you do not have enough disk space to keep original files and tar arc...
  • Oracle ASM - yet another LVM (system configuration)
    4. Its time for some system administrator tasks. Oracle ASM need special mark of disks will work with 4.1. Because of some reason (i don...