Red Hat Linux Fedora For Dummies [Electronic resources] نسخه متنی

Building a DNS Server

Every device connected to the Internet, including your Red Hat Linux computer, requires an Internet Protocol (IP) address in order to communicate properly. IP addresses are unique numbers and are therefore difficult for us carbon-based humans to remember and use. The Domain Name System (DNS) solves that problem by converting numbers to names, making it possible to use names like www.redhat.com rather than 66.187.232.56. In many ways, DNS makes the Internet usable and therefore popular.

DNS is an interdependent information-sharing system — a distributed database. No centralized servers contain actual addresses, such as www.redhat.com. Instead, DNS is structured so that local servers store local addresses, and a few centralized servers store information about where to go to find local addresses.

Introducing DNS components

The overall DNS system is a complex system that contains many components. But because we show you how to build a DNS server for your private network, you can use a more simple system. Building your DNS server requires understanding only a relative handful of DNS components.

This list outlines the basic DNS components:

Domains: You’re probably familiar with domains whether you realize it or not. Domains are the networks you access all the time on the Internet. For example, redhat.com is a domain (and www.redhat.com is the name of a server within the redhat.com domain).

Domains can optionally be divided into subdomains. For example, Red Hat has a subdomain, beta.redhat.com, used for its beta software development.

Domains themselves are divided into domains. The ubiquitous .com, .edu, and .org are all top-level domains. They organize the Internet into business, educational, and not-for-profit arenas, respectively.

Zones: Domains are divided into zones. DNS servers service zones. A zone can map directly to a domain; multizones can service a domain too. The DNS server you’re building in this section consists of a single domain that services the fictitious paunchy.net domain.

Authoritative name servers: Every zone must have an authoritative name server. It holds the information for every host within the zone. You can create primary and secondary authoritative name servers. The secondaries back up the primaries.

Non-authoritative name servers: You can create name servers that don’t necessarily provide the most up-to-date information.

Caching name server: Name servers can be configured to look up addresses from other name servers and temporarily save, or cache, the information. Caching name servers helps spread out the load of servicing large domains.

Root name servers: The authorities who control domain name registrations provide root name servers that hold the addresses of name servers for each domain. DNS queries go to root name servers to find out where to find authoritative name servers.

This list describes the parameters found in DNS configuration and zone files. The parameters are called resource records (RR):

A records: Address (A) records map IP names to numeric addresses.

C records: Canonical (C) records define aliases for A records.

MX records: Mail exchange (MX) records specify the mail servers that service a domain.

NS records: Name server (NS) records specify the name server for a zone.

SOA: The start of authority (SOA) parameter creates a section that describes the generic properties of a zone file. The SOA configures parameters that set the serial number and various timeouts, plus the domain name of a zone.

Understanding how a DNS address request works

This section gives you a look at how your browser finds the Red Hat Linux Web page:

You open your browser and enter the URL www.redhat.com.

The browser asks Linux for the Web page’s numeric address.

Linux looks in its /etc/resolv.conf configuration file and finds the address of a name server.

Tip You can use any available DNS server on the Internet. For example, you can use Albuquerque’s finest ISP Southwest Cyberport DNS server, 198.59. 115.2, from anywhere on the Internet. You should use your own ISP’s servers because it has fewer routers, or hops, to go through, which results in better reliability and speed.

Linux requests the IP address for www.redhat.com from the name server.

If the name server doesn’t know the IP address of www.redhat.com, it asks a root server for the address of an authoritative name server for the redhat.com domain.

The root server returns the address of the Red Hat authoritative name server, the first of which is ns1.redhat.com (66.187.233.210).

The name server asks ns1.redhat.com for the address of www. redhat.com.

The name server ns1.redhat.com returns the www.redhat.com address.

Using the numeric www.redhat.com IP address, your browser starts communicating with the web server.

Building a DNS server

It’s time to build a server. The steps in this section describe how to build an authoritative name server for your private network. The server provides the addresses for the private, nonroutable private network we describe in Chapter 15. Therefore, you don’t have to register the addresses with any authority. The DNS server is authoritative for your private domain, but that information isn’t available outside your network.

The steps in this section show you how to install the DNS server software. You create the /etc/named.conf, /var/named/local.zone, /var/named/ paunchy.zone, and /var/named/1.168.192.zone files.

Installing the DNS software

Start by installing the bind RPM that contains the named server software:

Log in to your computer as root and insert this book’s companion DVD-ROM.

Start a GNOME Terminal session.

Enter this command in the terminal emulator window:

rpm -ivh /mnt/cdrom/Redhat/RPMS/bind-9*

Now you have to create the DNS configuration file, /etc/named.conf:

Creating the DNS configuration file

These steps describe how to create a basic named.conf file:

Start the text editor by clicking the GNOME Menu button and choosing AccessoriesText Editor.

Enter this configuration in the Gedit window:

options { directory "/var/named"; };
zone  "." {
type hint;
file  "named.ca";
};
zone  "localhost" {
type master;
file  "localhost.zone";
};
zone  "paunchy.net" {
type master;
file  "paunchy.zone";
};
zone  "1.168.192.in-addr.arpa" {
type master;
file  "1.168.192.zone";};

This list describes the various parts of the /var/named file:

The options section defines the /var/named directory as the location of the database files. You can configure many more options. Enter the command man named.conf for more information.

The named.ca section defines the master name servers that serve the entire Internet.

The first zone section, localhost, defines the master server for the internal loopback interface.

The second zone section sets the master server for the paunchy.net domain or zone to be found in the file /var/named/paunchy.zone.

The third zone section defines the reverse lookup master server to be found in the /var/named/1.168.192.in-addr.arpa file.

Save the configuration to /etc/named.conf by choosing FileSave As.

Enter /etc/named.conf in the Selection box and click OK.

Gedit saves your DNS configuration file.

Creating a localhost zone file

To create the localhost.zone file, follow these steps:

From the Gedit text editor, choose FileNew from the menu.

Enter the following configuration. (Of course, you can select the machine names you want. The names are arbitrary. In fact, the IP addresses are arbitrary too. You can select any nonroutable address space you want.)

$TTL 86400
@       IN      SOA     @  root.localhost (
1 ; serial
28800 ; refresh
7200 ; retry
604800 ; expire
86400 ; ttl
)
@       IN      NS      localhost.
@       IN      A       127.0.0.1

Tip Semicolons (;) indicate comments. All characters following a semicolon are treated as a comment and don’t affect the operation of the DNS configuration files.

Save the configuration by choosing FileSave As.

Enter /var/named/local.zone in the Selection box and click OK.

Creating the private network zone file

Next, you create the paunchy.zone file, which serves the private network. This file contains the A and C records for all machines in your zone (in this case, the zone maps directly to the paunchy.net domain.)

From the Gedit text editor, choose FileNew from the menu.

Enter the following configuration. (Of course, you can select your own machine names. The names are arbitrary. In fact, the IP addresses are arbitrary too. You can select any nonroutable address space you want.)

$TTL 86400
@               IN      SOA     paunchy.net. root.paunchy.net. (
200112211
10800
3600
3600000
86400 )
IN      NS      ns.paunchy.net.
IN      A       192.168.1.254
; servers
veracruz         IN      A       192.168.1.254
www          CNAME           veracruz
ns           CNAME           veracruz
; workstations
chivas       IN      A       192.168.1.1   ; Linux
pumas        IN      A       192.168.1.2   ; Linux
tigres       IN      A       192.168.1.100 ; Windows

Save the configuration by choosing FileSave As.

Enter /var/named/paunchy.zone in the Selection box and click OK.

Creating the reverse zone file

The last step is to create a reverse DNS lookup file for your zone. This file is optional but quite useful. By providing reverse lookup capability to your network, you can specify a numeric IP address and get a name back:

Back in the Gedit text editor, choose FileNew from the menu.

Create the reverse DNS configuration file parameters:

$TTL 86400
@       IN      SOA     paunchy.net     root.paunchy.net (
2002030801
28800
7200
604800
86400
)
@       IN      NS      paunchy.net.
;       servers
254     IN      PTR    veracruz
Linux workstations
1      IN      PTR     cancun
2      IN      PTR     veracruz
;  Windows workstations
101      IN      PTR   cozumel

Choose FileSave As.

Enter /var/named/1.168.192.zone in the Selection box and click OK.

Create the rndc configuration and key file. The rndc utility is used to control the name server. Enter this command to automatically create the configuration and key:

Open a GNOME Terminal window and create the rndc configuration and key file by entering this command:

rndc-confgen

Again, the filename 1.168.192.zone is arbitrary. You can call it reverse.zone or anything else you want as long as you match the name in the /etc/named. conf file — that is, named.conf would need to call the reverse IP address database reverse.zone rather than 1.168.192.zone.

Starting your DNS server

After you have created the DNS configuration and zone files, you can start your server:

Click the GNOME Menu and choose System SettingsServer SettingsServices.

Locate the named service and click its radio button.

This step selects the server to be started at boot time.

Click the Restart button.

Click the OK button in the Information window that pops up.

You now have a DNS server.

TipAlternatively, you can start the DNS server by running this command: /etc/init.d/named start.

Configuring your DNS clients

To use your new DNS server, you have to configure the hosts on your LAN and modify the /etc/resolv.conf file on your Linux computers. Modify the network settings on your Windows machines.

Modify the resolv.conf file on Linux computers to look like this:

search paunchy.net
nameserver 192.168.1.254

You can specify as many as three name servers, so you may add your ISP’s name server as an alternative:

search paunchy.net
nameserver 192.168.1.254
nameserver 198.59.115.2

Open a GNOME Terminal window and run this command.

host cancun

You see this result:

cancun.paunchy.net has address 192.168.1.121

The host command provides numerous options that provide more information about your query. For example, you can see information about where the host command gets its information. Add the verbose (-v) option to the preceding example and you see this information.

Trying "cancun.paunchy.net"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18016
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;cancun.paunchy.net.            IN      A
;; ANSWER SECTION:
cancun.paunchy.net.  86400   IN    A    192.168.1.1
;; AUTHORITY SECTION:
paunchy.net.         86400   IN    NS   ns.paunchy.net.1
Received 69 bytes from 192.168.1.120#53 in 263 ms

This list describes what the various sections in the preceding output mean.

Question section: You see in the Question section that the query is cancun.paunchy.net. Note that we ask for only the address of cancun but that the search parameter in the resolv.conf file specifies that the paunchy.net domain be appended to cancun. You also see that an A record is part of the query — you’re asking for an IP address.

Answer section: This is the answer to your query. The answer includes the host name and domain — cancun.sandia.gov — and its numeric IP address. The Answer section also includes the time-to-live (TTL) value.

Authority section: This data shows where the information was found in the preceding Answer section. You got the answer from the name server — 192.168.1.254 — that you just built.

All the computers on your network can use your DNS server. Your DNS supplies addresses for all internal machines. The server forwards requests for external addresses as necessary.