Internal Network Name Serving
- Henry is used as the internal network name server. This name server works in cooperation with the name server on Gateway. Familiarizing oneself with the network topology and Gateway's nameserver configuration will give insight and perspective to this configuration. This name server does all the lookups for internal network dns requests. If the dns request is not found in its cache, it checks the cache in Gateway before initiating a lookup from a root name server. This name server shadows the name server on Gateway providing the internal 192.168.0.* addresses to the various configured servers, whereas Gateway's name serving is for the internet to find the external ip addresses to the port forwarding ip masquerading firewall, Gateway.
- References
- Bind Online Documentation
- DNS-HOWTO
- Trinity OS Ch 24.
- DNS and Bind, Second Edition from O'Reiley and Associates
Installing and Configuring the Name Server
- This section is not a tutorial on how to do DNS, it just specifies Gateway's external DNS configuration with limitted explanation of why some things are done. The reader is referred to Trinity OS , DNS-HOWTO, and DNS and Bind for very good descriptions on how DNS works, and how to work DNS.
- If Bind is not present on the system (rpm -qi bind), get it (say from rpmfind.net) and install it (rpm -Uhv bind*). Confirm or create the following configuration files:
- resolv.conf
- >>>>>>>>>>>>>>>>>/etc/resolv.conf
search novatek.co.nz nameserver 127.0.0.1<<<<<<<<<<<<<<<<<<<<<<<</etc/resolv.conf
- nsswitch.conf
- >>>>>>>>>>>>>>>>>/etc/nsswitch.conf
# /etc/nsswitch.conf passwd: files nisplus nis shadow: files nisplus nis group: files nisplus nis ### This is the important line - it must have 'files' followed by 'dns' ### hosts: files nisplus nis dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: nisplus publickey: nisplus automount: files nisplus aliases: files nisplus<<<<<<<<<<<<<<<<<<<<<<<</etc/nsswitch.conf
- named.conf
- >>>>>>>>>>>>>>>>>/etc/named.conf
options { // Root directory for master (db) files. directory "/var/named"; // If a lookup is not in our cache, query Gateway before attempting // to resolve. forward first; forwarders { 192.168.0.254; }; listen-on port 53 { 127.0.0.1; // localhost 192.168.0.3; // physical ip address }; // may be required if this name server is behind a firewall // query-source address * port 53; }; // The next two zones are the minimum required for a caching nameserver. zone "." { type hint; file "db.root"; }; zone "0.0.127.in-addr.arpa" { type master; notify no; file "db.127.0.0"; }; zone "novatek.co.nz" { type master; notify no; allow-transfer { 24.113.94.87; 24.113.98.164; 127.0.0.1; 192.168.0/24; }; file "primary/db.novatek.co.nz"; }; zone "cmex.org" { type master; notify no; allow-transfer { 24.113.94.87; 24.113.98.164; 127.0.0.1; 192.168.0/24; }; file "primary/db.cmex.org"; }; zone "0.168.192.in-addr.arpa" { type master; notify no; allow-transfer { 24.113.94.87; 24.113.98.164; 127.0.0.1; 192.168.0/24; }; file "primary/db.192.168.0"; };<<<<<<<<<<<<<<<<<<<<<<<</etc/named.conf
- Like with Gateway, we are faced with the challenge of getting the root hints file for the first time without the dns being properly, configured. We could use the same trick as we did in Gateway, or much simply just use ftp to copy the /var/named/db.root file over from Gateway.
- db.root
- >>>>>>>>>>>>>/var/named/db.root
; <<>> DiG 8.2 <<>> @a.root-servers.net . ns ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10 ;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13 ;; QUERY SECTION: ;; ., type = NS, class = IN ;; ANSWER SECTION: . 6D IN NS A.ROOT-SERVERS.NET. . 6D IN NS H.ROOT-SERVERS.NET. . 6D IN NS B.ROOT-SERVERS.NET. . 6D IN NS C.ROOT-SERVERS.NET. . 6D IN NS D.ROOT-SERVERS.NET. . 6D IN NS E.ROOT-SERVERS.NET. . 6D IN NS I.ROOT-SERVERS.NET. . 6D IN NS F.ROOT-SERVERS.NET. . 6D IN NS G.ROOT-SERVERS.NET. . 6D IN NS J.ROOT-SERVERS.NET. . 6D IN NS K.ROOT-SERVERS.NET. . 6D IN NS L.ROOT-SERVERS.NET. . 6D IN NS M.ROOT-SERVERS.NET. ;; ADDITIONAL SECTION: A.ROOT-SERVERS.NET. 5w6d16h IN A 198.41.0.4 H.ROOT-SERVERS.NET. 5w6d16h IN A 128.63.2.53 B.ROOT-SERVERS.NET. 5w6d16h IN A 128.9.0.107 C.ROOT-SERVERS.NET. 5w6d16h IN A 192.33.4.12 D.ROOT-SERVERS.NET. 5w6d16h IN A 128.8.10.90 E.ROOT-SERVERS.NET. 5w6d16h IN A 192.203.230.10 I.ROOT-SERVERS.NET. 5w6d16h IN A 192.36.148.17 F.ROOT-SERVERS.NET. 5w6d16h IN A 192.5.5.241 G.ROOT-SERVERS.NET. 5w6d16h IN A 192.112.36.4 J.ROOT-SERVERS.NET. 5w6d16h IN A 198.41.0.10 K.ROOT-SERVERS.NET. 5w6d16h IN A 193.0.14.129 L.ROOT-SERVERS.NET. 5w6d16h IN A 198.32.64.12 M.ROOT-SERVERS.NET. 5w6d16h IN A 202.12.27.33 ;; Total query time: 147 msec ;; FROM: gateway.novatek.co.nz to SERVER: a.root-servers.net 198.41.0.4 ;; WHEN: Sat Jul 3 16:05:12 1999 ;; MSG SIZE sent: 17 rcvd: 436<<<<<<<<<<<<</var/named/db.root
- db.127.0.0
- >>>>>>>>>>>>>/var/named/db.127.0.0
$TTL 1D @ IN SOA gateway.novatek.co.nz. hostmaster.novatek.co.nz. ( 1999070313 ; serial 8H ; refresh 2H ; retry 1W ; expire 1D) ; min TLL IN NS gateway.novatek.co.nz. 1 IN PTR localhost.<<<<<<<<<<<<</var/named/db.127.0.0
- db.novatek.co.nz
- >>>>>>>>>>>>>/var/named/primary/db.novatek.co.nz
$TTL 1D @ IN SOA henry.novatek.co.nz. hostmaster.novatek.co.nz. ( 2000022805 ; serial 8H ; refresh 2H ; retry 1W ; expire 1D) ; Min TLL IN NS henry.novatek.co.nz. IN RP jon.novatek.co.nz. hostmaster.novatek.co.nz. IN TXT "Jonathan Marks - Fax (707) 221-3689" IN MX 10 mail localhost IN A 127.0.0.1 IN MX 10 mail hercules IN A 192.168.0.1 IN MX 10 mail homer IN A 192.168.0.2 IN MX 10 mail henry IN A 192.168.0.3 IN MX 10 mail hal-9000 IN A 192.168.0.4 IN MX 10 mail beatroot IN A 192.168.0.5 IN MX 10 mail hershel IN A 192.168.0.6 IN MX 10 mail gateway IN A 192.168.0.254 IN MX 10 mail mail IN A 192.168.0.204 ftp IN A 192.168.0.201 www IN A 192.168.0.200 novatek.co.nz. IN A 192.168.0.200 ; Aliases jon IN CNAME www vanessa IN CNAME www steven IN CNAME www cara IN CNAME www ns1 IN CNAME henry<<<<<<<<<<<<<<<<<<<<<</var/named/primary/db.novatek.co.nz
- Note that /var/named/db.novatek.co.nz only holds the internal addresses (192.168.0.*) in this, Herny's, configuration, and in Gateway's configuration, only holds external ip addresses.
- db.cmex.org
- >>>>>>>>>>>>>>>>>>>>>>/var/named/primary/db.cmex.org
$TTL 1D @ IN SOA henry.novatek.co.nz. hostmaster.novatek.co.nz. ( 2000022802 ; serial 8H ; refresh 2H ; retry 1W ; expire 1D) ; Min TLL IN NS henry.novatek.co.nz. IN RP jon.novatek.co.nz. hostmaster.novatek.co.nz. IN TXT "Jonathan Marks - Fax (707) 221-3689" IN MX 10 mail mail IN A 192.168.0.205 ftp IN A 192.168.0.203 www IN A 192.168.0.202 cvs IN A 192.168.0.206 cmex.org. IN A 192.168.0.202<<<<<<<<<<<<<<<<<<<<<<</var/named/primary/db.cmex.org
- db.192.168.0
- >>>>>>>>>>>>>>>>>>>>>>>/var/named/primary/db.192.168.0
$TTL 1D @ IN SOA henry.novatek.co.nz. hostmaster.novatek.co.nz. ( 2000022603 ; serial 8H ; refresh 2H ; retry 1W ; expire 1D) ; Min TLL IN NS henry.novatek.co.nz. 1 IN PTR hercules.novatek.co.nz. 2 IN PTR homer.novatek.co.nz. 3 IN PTR henry.novatek.co.nz. 4 IN PTR hal-9000.novatek.co.nz. 5 IN PTR beatroot.novatek.co.nz. 6 IN PTR hershel.novatek.co.nz. 200 IN PTR www.novatek.co.nz. 201 IN PTR ftp.novatek.co.nz. 202 IN PTR www.cmex.org. 203 IN PTR ftp.cmex.org. 204 IN PTR mail.novatek.co.nz. 205 IN PTR mail.cmex.org. 206 IN PTR cvs.cmex.org. 207 IN PTR news.novatek.co.nz.<<<<<<<<<<<<<<<<<<<<<<<</var/named/primary/db.192.168.0
- Okay, now that all the files are in place, lets restart the named and see what happens:
- /etc/rc.d/init.d/named restart
- and watch /var/log/messages for the following similar trace. In a separate xterm / console issue a:
- tail -f /var/log/mesages
---------------------------- Apr 21 19:47:21 henry named: named shutdown succeeded Apr 21 19:47:22 henry named[8022]: starting. named 8.2.2-P5 Mon Feb 28 10:17:53 EST 2000 ^Iroot@porky.devel.redhat.com:/usr/src/bs/BUILD/bind-8.2.2_P5/src/bin/named Apr 21 19:47:22 henry named[8022]: hint zone "" (IN) loaded (serial 0) Apr 21 19:47:22 henry named[8022]: master zone "0.0.127.in-addr.arpa" (IN) loaded (serial 1999022700) Apr 21 19:47:22 henry named[8022]: master zone "novatek.co.nz" (IN) loaded (serial 2000022805) Apr 21 19:47:22 henry named[8022]: master zone "cmex.org" (IN) loaded (serial 2000022802) Apr 21 19:47:22 henry named[8022]: master zone "0.168.192.in-addr.arpa" (IN) loaded (serial 2000022603) Apr 21 19:47:22 henry named[8022]: listening on [127.0.0.1].53 (lo) Apr 21 19:47:22 henry named[8022]: listening on [192.168.0.3].53 (eth0) Apr 21 19:47:22 henry named[8022]: Forwarding source address is [0.0.0.0].1043 Apr 21 19:47:22 henry named: named startup succeeded Apr 21 19:47:22 henry named[8023]: group = 25 Apr 21 19:47:22 henry named[8023]: user = named Apr 21 19:47:22 henry named[8023]: Ready to answer queries. ----------------------------Ensuring things are working
- I carried out the following sequence to check that things work.
- nslookup - localhost
---------------------- Default Server: localhost Address: 127.0.0.1 > hershel Server: localhost Address: 127.0.0.1 Name: hershel.novatek.co.nz Address: 192.168.0.6 > gateway Server: localhost Address: 127.0.0.1 Name: gateway.novatek.co.nz Address: 192.168.0.254 > cvs.novatek.co.nz. Server: localhost Address: 127.0.0.1 *** localhost can't find cvs.novatek.co.nz.: Non-existent host/domain > cvs.cmex.org Server: localhost Address: 127.0.0.1 Name: cvs.cmex.org Address: 192.168.0.206 > www.hp.com Server: localhost Address: 127.0.0.1 Non-authoritative answer: Name: www.hp.com Addresses: 192.151.52.13, 192.6.35.16, 192.151.52.10, 192.151.11.32 192.151.11.13 > www.amp.com Server: localhost Address: 127.0.0.1 Name: amp.com Address: 208.239.159.25 Aliases: www.amp.com > exit -------------------------Name Server Maintenance
- Once DNS is running, we need to periodically (say, once a month) update the hints database. The following script is plagiarised from the DNS HOWTO and TrinityOS.
- >>>>>>>>>>>>>>>>>>>>>>>>/var/named/update-db.root
#!/bin/sh # # Update the nameserver cache information file once per month. # This is run automatically by a cron entry. # export PATH=/sbin:/usr/sbin:/bin:/usr/bin: cd /var/named dig @a.root-servers.net . ns > root.hints 2> result DIG_OUTCOME=FAIL if [ `grep -c SERVFAIL root.hints` = 0 ] && [ `grep -c ROOT-SERVERS root.hints` -gt 0 ] then DIG_OUTCOME=SUCCESS mv -f db.root db.root.old cp -f root.hints db.root chown root:root db.root chmod 444 db.root echo -n "Restarting named: " >> result /etc/rc.d/init.d/named restart >> result fi ( echo "To: hostmaster <root>" echo "From: system <root>" echo "Subject: DNS monthly hints.db update status: $DIG_OUTCOME." echo cat root.hints result echo ) | /usr/sbin/sendmail -t rm -f result root.hints exit 0<<<<<<<<<<<<<<<<<<<<<</var/named/update-db.root
- Now make the file rwx only by root.
chmod 700 /var/named/root-hints-update
And put it in the monthly cron job.
ln -s /var/named/update-db.root /etc/cron.monthly/update-db.root'
Last modified: Tue Feb 8 22:00:00 PST 2000
Copyright © Jonathan Marks, 1999, 2000. All rights
reserved.
http://jon.novatek.co.nz/linux/config/henry-ns.html.