DNS
Robin
Id like to set up a caching DNS on my machine to serve up local DNS
numbers and cache off ns1/2 at demon for the internet stuff.. this
should speed up the various queries on my local net, reduce network
traffic and also make it a damm sight easier to admin my local domain
rather than cut/pastin /etc/host files every week
I've played around with my /etc/named.conf but its a) making my head
hurt and b) not working. I;d really appreciate any good tips/short
howtos / copies of your named.bott and named.conf and a sample master
file I can understand cos its beginning to bug me :)
Ive figured I probably need a master zone and a slave zone .. after that
its a bit sletchy at the moment.
r.
Ian Northeast
>
> Hi,
>
> Id like to set up a caching DNS on my machine to serve up local DNS
> numbers and cache off ns1/2 at demon for the internet stuff.. this
> should speed up the various queries on my local net, reduce network
> traffic and also make it a damm sight easier to admin my local domain
> rather than cut/pastin /etc/host files every week
Do you want a caching or a forwarding DNS? A caching DNS will not cache
off any DNS in particular, it makes reference to the root nameservers
directly, using a hints file. Red Hat ship bind configured as a caching
(only) DNS by default, I don't know if Mandrake do. The clause that sets
up a caching DNS is:
zone "." {
type hint;
file "named.ca";
};
It doesn't matter what you call the file, but it must contain a valid
list of the root nameservers, which can be obtained with "dig
@a.root-servers.net . ns".
Forwarding is different; the nameserver doesn't know the root
nameservers but instead forwards all requests it cannot answer to other
nominated nameservers. It will also cache - all nameservers cache. Here
you would put:
forwarders { 158.152.1.58; 158.152.1.43; };
inside the "options" clause. You may need "forward-only;" in there too.
Internet etiquette suggests that you should obtain permission before
forwarding to someone else's nameserver; as a Demon customer I should
not think they would make any difficulty.
>
> I've played around with my /etc/named.conf but its a) making my head
> hurt and b) not working. I;d really appreciate any good tips/short
> howtos / copies of your named.bott and named.conf and a sample master
> file I can understand cos its beginning to bug me :)
Named.boot is for bind4. Named.conf for bind8. I am assuming that as you
are runnning a recent looking Mandrake you have bind8.
>
> Ive figured I probably need a master zone and a slave zone .. after that
> its a bit sletchy at the moment.
Do you mean master and slave servers? This would be for the internal
bit. It is normal to have one master and one or more slaves for the
internal data, each of which would also either have a hints file or a
forwarders option. More complex structures are possible.
Here you will have 3 internal domains - one for loopback, one for name
to address translation and one for the reverse (an in-addr.arpa domain).
All servers will be master for the first, which is always the same, and
one will be master and one slave for the other two. On a small network
you can get away with no slave but it's not recommended. Something like:
zone "0.0.127.in-addr.arpa" {
type master;
file "named.local";
};
On both
zone "mycompany.com" {
type master;
file "db.mycompany";
};
zone "0.168.192.in-addr.arpa" {
type master;
file
"db.192.168.0";
};
On the master
zone "mycompany.com" {
type slave;
file "db.mycompany";
masters {
192.168.0.1;
};
};
zone "0.168.192.in-addr.arpa" {
type slave;
file "db.192.168.0";
masters {
192.168.0.1;
};
};
On the slave. Names are fictitious and the addresses I quote are from
the private range and assume the master is on 192.168.0.1.
You have to build the zone files too of course. This will get too long
if I post samples of these. You should obtain a copy of "DNS and Bind"
by Cricket & Liu, O'Reilly 1-56592-512-2, from any good computer
bookshop. The authors provide a Perl script called "h2n", which is in a
package of utilities which can be obtained from
ftp://ftp.ora.com/published/orielly/nutshell/dnsbind/dns.tar.Z
H2n will take /etc/hosts and build the bind files.
But I *really* recommend the book.
Ian
Ian Northeast
> You should obtain a copy of "DNS and Bind"
> by Cricket & Liu, O'Reilly 1-56592-512-2, from any good computer
> bookshop. The authors provide a Perl script called "h2n", which is in a
> package of utilities which can be obtained from
>
> ftp://ftp.ora.com/published/orielly/nutshell/dnsbind/dns.tar.Z
>
> H2n will take /etc/hosts and build the bind files.
But misspelled it.
ftp://ftp.ora.com/published/oreilly/nutshell/dnsbind/dns.tar.Z
Should be right!
Apologies.
Ian
Robin
> Do you want a caching or a forwarding DNS? A caching DNS will not cache
> off any DNS in particular, it makes reference to the root nameservers
> directly, using a hints file. Red Hat ship bind configured as a caching
> (only) DNS by default, I don't know if Mandrake do. The clause that sets
> up a caching DNS is:
>
> zone "." {
> type hint;
> file "named.ca";
> };
yep .. thats how its set up by default .. mandrake is just dedrat with
KDE on top. But you're right .. I don;t want that ...
> Forwarding is different; the nameserver doesn't know the root
> nameservers but instead forwards all requests it cannot answer to other
> nominated nameservers. It will also cache - all nameservers cache. Here
> you would put:
>
> forwarders { 158.152.1.58; 158.152.1.43; };
ahh .. now thats wod I want ..
> Internet etiquette suggests that you should obtain permission before
> forwarding to someone else's nameserver; as a Demon customer I should
> not think they would make any difficulty.
presumably i already am forwarding requests out of netscape, etc. etc.
so I guess that permision is implicit when you sign up to demon, but
i'll ask over on demon service to be sure.
> >
> > I've played around with my /etc/named.conf but its a) making my head
> > hurt and b) not working. I;d really appreciate any good tips/short
> > howtos / copies of your named.bott and named.conf and a sample master
> > file I can understand cos its beginning to bug me :)
>
> Named.boot is for bind4. Named.conf for bind8. I am assuming that as you
> are runnning a recent looking Mandrake you have bind8.
yup bind 8 .. so ignore ill ignore named.boot its obviously a hangover
[sic] from a previous install.
> You have to build the zone files too of course. This will get too long
> if I post samples of these. You should obtain a copy of "DNS and Bind"
> by Cricket & Liu, O'Reilly 1-56592-512-2, from any good computer
> bookshop. The authors provide a Perl script called "h2n", which is in a
> package of utilities which can be obtained from
>
> ftp://ftp.ora.com/published/orielly/nutshell/dnsbind/dns.tar.Z
>
> H2n will take /etc/hosts and build the bind files.
>
> But I *really* recommend the book.
I'll look on the network bookshelf CD .. failing that I'll order it.
cheers .. most helpful.
i'll be back asking more questions when i got some part of it working
...
--
robin
n...@rszemeti.demon.co.uk but replace ng with my name
I _really_ hate spam .....
Robin
> H2n will take /etc/hosts and build the bind files.
>
> But I *really* recommend the book.
>
> Ian
indeed .. h2n built all the files in a jiffy .. cracking bit of perl
that.
a slight bit of tweaking of an error or two in /etc/host and bobs your
aunties live in lover. sorted.
I will order the book, cos I wanna know what all the lines in the files
mean .. but its got it up and running which will make administering the
admittedly small domain somewhat easier (like its about 10 machines but
many have aliases and I was getting VERY bored of copying /etc/host
everywhere ... each time somehting got added or changed)
help much appreciated ta.
'Dungeon' Dave
forth:
>Hi,
>
> I;d really appreciate any good tips/short
>howtos / copies of your named.bott and named.conf and a sample
>master
>file I can understand cos its beginning to bug me :)
The Linux How-Tos on DNS aren't bad (but are written from the point of
view that you're at an American University with a permanent connection
to the Internet on the end of a bit of network string!). I used them in
setting up our DNS at work.
>
www.linux.org, I think.
--
"Dungeon" Dave, in anti-harvest mode...
From: ab...@yahoo.com
From: ab...@btinternet.com
From: *@localhost
Ian Northeast
> I will order the book, cos I wanna know what all the lines in the files
> mean .. but its got it up and running which will make administering the
> admittedly small domain somewhat easier (like its about 10 machines but
> many have aliases and I was getting VERY bored of copying /etc/host
> everywhere ... each time somehting got added or changed)
Personally I reckon that the point where it becomes easier to run DNS
than maintain /etc/hosts is 3 machines. I could be wrong - it might be
2.
Ian
'Dungeon' Dave
<i...@house-from-hell.demon.co.uk> uttered forth:
I've got two DNS servers - but I've also written a script so that the
hosts file of one machine is automatically updated from the other. I
extended this to the DNS database files to ensure that both were
synched.
Ian Northeast
> I've got two DNS servers - but I've also written a script so that the
> hosts file of one machine is automatically updated from the other. I
> extended this to the DNS database files to ensure that both were
> synched.
Unless you are running a "stealth" master - i.e. one whose job is to
take over if the main one fails, this isn't IMO the way to do it. You
should have one master and any number of slaves (a slave can be a slave
to another slave BTW). The slaves will survive the absence of the master
as long as the expiration period on the domain - typically a few days at
least.
Ian
'Dungeon' Dave
>
>> I've got two DNS servers - but I've also written a script so that the
>> hosts file of one machine is automatically updated from the other. I
>> extended this to the DNS database files to ensure that both were
>> synched.
>
>Unless you are running a "stealth" master - i.e. one whose job is to
>take over if the main one fails, this isn't IMO the way to do it.
It was intended to be built this way.
> You
>should have one master and any number of slaves (a slave can be a
>slave
>to another slave BTW). The slaves will survive the absence of the master
>as long as the expiration period on the domain - typically a few days at
>least.
.. but will not automatically update the db files from the master, only
the cache.
>
>Ian
Ian Northeast
>
> .. and it came to pass that Ian Northeast
> <i...@house-from-hell.demon.co.uk> uttered forth:
> > You
> >should have one master and any number of slaves (a slave can be a
> >slave
> >to another slave BTW). The slaves will survive the absence of the master
> >as long as the expiration period on the domain - typically a few days at
> >least.
>
> .. but will not automatically update the db files from the master, only
> the cache.
Eh? Slaves update their db files from the master, that is the point. It
is indeed possible to configure a slave to keep its data in memory only
but this is not the usual way to do it, it would cause the slave to lose
all its data if it was restarted for any reason. Slaves do *not* get
their cache from the master, the cache is built from the results of
queries the server has made, this process is identical on a master or a
slave.
Older versions of bind (<8) used the term "cache" to refer to the hints
file for the root nameservers; this is misleading. This file is never
transferred between master and slaves. The older versions also used
"cache" to mean what it still does - ephemeral information built up from
queries made previously and used to save repeated queries.
Regards, Ian
'Dungeon' Dave
Shit - they do? :-( Guess I'll have to go back to the drawing board. I
know that caches can be neighboured (zone transfers, etc) but I thought
this was only the contents held in memory, not the /var/named files.
> It
>is indeed possible to configure a slave to keep its data in memory only
Exactly the reason I didn't build a slave...
>but this is not the usual way to do it, it would cause the slave to lose
>all its data if it was restarted for any reason.
... but precisely a reason why I should have. Grrrrrr!
> Slaves do *not* get
>their cache from the master, the cache is built from the results of
>queries the server has made, this process is identical on a master or a
>slave.
Aha!
>
>Older versions of bind (<8) used the term "cache" to refer to the hints
>file for the root nameservers; this is misleading. This file is never
>transferred between master and slaves. The older versions also used
>"cache" to mean what it still does - ephemeral information built up from
>queries made previously and used to save repeated queries.
Ah... ok. Ta for this info - severe case of "tree, barking, that one
instead" situation. Glad to have been put right on the issue, and
furthermore it also means that I can achieve what I want using a
master/slave DNS server.
What's your knowledge of DNS under DeadRat6.1 like? Can I pump you for
more info at all? Most of mine has been gleaned from the HowTos.
Ian Northeast
>
> What's your knowledge of DNS under DeadRat6.1 like? Can I pump you for
> more info at all? Most of mine has been gleaned from the HowTos.
Which I must admit I havn't read, having been using DNS since long
before Linux was common.
Bind is pretty much the same on any Unix variant. Bind4 and bind8 are
quite different, but either can be run on any platform[1]. FWIW I have
bind8 running on RH5.2 and 6.2, but have never tried 6.1 specifically. I
would not expect this to be an issue.
By all means ask more questions but on the NGs please, not personal
email. This one (a new thread would be advisable) or uk.comp.os.linux
would be good. You don't want the benefit of my sole unchallenged
opinion! There are more people on ucol but the signal to noise ratio is
lower.
Regards, Ian
[1] including Windows I have heard. *shudder*.
'Dungeon' Dave
>email. This one (a new thread would be advisable) or uk.comp.os.linux
>would be good. You don't want the benefit of my sole unchallenged
>opinion! There are more people on ucol but the signal to noise ratio is
>lower.
Thanks for the offer, and yeah - I'm more than happy to post Q'n'As here
(or ucol - will head off over there now).
>
>Regards, Ian
>
>[1] including Windows I have heard. *shudder*.
Would that be M$'s version? (MINT- Microsoft Internet Naming Thread ;-P)