Author Cristhian Nunez
Date 2007-06-06
Overview
On the Internet, the Domain Name System (DNS) associates various sorts of information with so-called domain names; most importantly, it serves as the "phone book" for the Internet: it translates human-readable computer hostnames, e.g. en.wikipedia.org, into the IP addresses that networking equipment needs for delivering information. It also stores other information such as the list of mail exchange servers that accept e-mail for a given domain. In providing a worldwide keyword-based redirection service, DNS is an essential component of contemporary Internet use.
BIND (Berkeley Internet Name Domain, previously: Berkeley Internet Name Daemon) is the most commonly used DNS server on the Internet, especially on Unix-like systems, where it is a de facto standard. Supported by Internet Systems Consortium. BIND was originally created by four graduate students with CSRG at the University of California, Berkeley and first released with 4.3BSD. Paul Vixie started maintaining it in 1988 while working for DEC.
A new version of BIND (BIND 9) was written from scratch in part to address the architectural difficulties with auditing the earlier BIND code bases, and also to support DNSSEC (DNS Security Extensions). Other important features of BIND 9 include: TSIG, DNS notify, nsupdate, IPv6, rndc flush, views, multiprocessor support, and an improved portability architecture. It is commonly used on Linux systems.
DNS Features
- An A record or address record maps a hostname to a 32-bit IPv4 address.
- An AAAA record or IPv6 address record maps a hostname to a 128-bit IPv6 address.
- A CNAME record or canonical name record is an alias of one name to anther. The A record to which the alias points can be either local or remote - on a foreign name server. This is useful when running multiple services (like an FTP and a webserver) from a single IP address. Each service can then have its own entry in DNS (like ftp.example.com and www.example.com.)
- An MX record or mail exchange record maps a domain name to a list of mail exchange servers for that domain.
- A PTR record or pointer record maps an IPv4 address to the canonical name for that host. Setting up a PTR record for a hostname in the in-addr.arpa domain that corresponds to an IP address implements reverse DNS lookup for that address. For example (at the time of writing), www.icann.net has the IP address 192.0.34.164, but a PTR record maps 164.34.0.192.in-addr.arpa to its canonical name, referrals.icann.org.
- An NS record or name server record maps a domain name to a list of DNS servers authoritative for that domain. Delegations depend on NS records.
- An SOA record or start of authority record specifies the DNS server providing authoritative information about an Internet domain, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone.
- An SRV record is a generalized service location record.
- A TXT record allows an administrator to insert arbitrary text into a DNS record. For example, this record is used to implement the Sender Policy Framework and DomainKeys specifications.
- NAPTR records ("Naming Authority Pointer") are a newer type of DNS record that support regular expression based rewriting.
Other types of records simply provide information (for example, a LOC record gives the physical location of a host), or experimental data (for example, a WKS record gives a list of servers offering some well known service such as HTTP or POP3 for a domain).
Requirements
bind-utils-9.3.3-7.el5.rpm
bind-chroot.3.3-7.el5.rpm
bind-libs-9.3.3-7.el5.rpm
bind-9.3.3-7.el5.rpm
Implementation
Install all packages with rpm command.
rpm ivh package.rpm
Check if Bind is working under chroot system. If so, the default chroot directory will be located in /var/named/chroot/
Create the local zone for to add the dns registry
1.$TTL 86400 ; 1 day
2.mydomain.local IN SOA mydomain.local. cnunez.mydomain.local. (
3. 2007052401 ; serial
4. 28800 ; refresh (8 hours)
5. 7200 ; retry (2 hours)
6. 604800 ; expire (1 week)
7. 86400 ; minimum (1 day)
8. )
9. NS doberman.mydomain.local.
10. A 10.1.0.15
11.mydomain.local.
12.dev A 10.1.0.10
13.bulldog A 10.1.0.11
14.foxterrier A 10.1.0.12
Bind will check this file to create the forward zones
Line 1 specify the time in seconds to update
Line 2 The domain onemax.local is defined as SOA.
Line 3 2007052401 is the serial, If we have more DNS running as slave, in each modification that we make, we have to change the serial to update the dns slaves.
Line 4 is the time to update dns slaves.
Line 5 If the dns slaves are not available, it will retry update in 2 hours.
Line 6 Time to expire the zone
Line 7 total life time
Line 9 A Name Server entry Defined
Line 12 13 and 14, dns registry pointing to respectives ip address.
After do that, we need create a reverse local zone. This reverse local zone is to resolve from ip address – names
1.$TTL 259200 ; 3 days
2.@ IN SOA mydomain.local. cnunez.mydomain.local. (
3. 2007052401 ; serial
4. 28800 ; refresh (8 hours)
5. 7200 ; retry (2 hours)
6. 604800 ; expire (1 week)
7. 86400 ; minimum (1 day)
8. )
9.@ IN NS doberman.mydomain.local.
10.10 IN PTR dev.mydomain.local.
11.11 IN PTR bulldog.mydomain.local.
12.12 IN PTR foxterrier.mydomain.local.
Edit the /etc/named.conf configuration file and add the following lines
- acl "loopback" {
127.0.0.1;
};
acl "internals" {
10.0.0.0/8;
172.16.0.0/22;
};
zone "onemax.local" IN {
type master;
file "/var/named/onemax.local";
notify no;
allow-transfer { 10.1.0.12; };
zone "0.0.10.in-addr.arpa" {
type master;
notify no;
allow-transfer { 10.1.0.12; };
file "/var/named/10.0.0.db";
allow-update { none; };
zone "0.1.10.in-addr.arpa" {
type master;
notify no;
allow-transfer { 10.1.0.12; };
file "/var/named/10.0.0.db";
allow-update { none; };
In the /etc/named.conf, we specify all the zones that we want resolve. Our zone to resolve is onemax.local and the reverse one is 10.0.0.db
Finally, lets start the bind service
/etc/init.d/named start
Configure bind to start at every system restart
chkconfig –level 345 named on
- Check if bind is working correctly
nslookup bulldog.mydomain.local
Server: 10.1.0.15
Address: 10.1.0.15#53
Name: bulldog.mydomain.local
Address: 10.1.0.11
Check if reverse zone is working correctly too.
nslookup 10.1.0.11
Server: 10.1.0.15
Address: 10.1.0.15#53
11.0.1.10.in-addr.arpa name = bulldog.mydomain.local.
Cristhian Nunez
3 comentarios:
Howdy! I could have sworn I've been to this site before but after browsing through some of the post I realized it's new to me.
Anyhow, I'm definitely happy I found it and I'll be bookmarking and checking back frequently!
Also visit my website click through the up coming document
At this time I am going away to do my breakfast, after having my breakfast
coming over again to read additional news.
Have a look at my homepage ; Photography Tricks
I was curious if you ever thought of changing the layout of your website?
Its very well written; I love what youve got to say.
But maybe you could a little more in the
way of content so people could connect with it better.
Youve got an awful lot of text for only
having 1 or two pictures. Maybe you could space it out better?
My homepage; http://Www.Jnmassage.Info
Publicar un comentario