Andrew Hudson - Fedora™ Unleashed, 2008 edition

► Manually editing the system's /etc/resolv.confconfiguration file to add name-server, domain, or search definition entries

Successful DNS lookups depend on the system's networking being enabled and correctly configured. You can learn more about how to accomplish that in Chapter 14, "Networking."

When an application needs to resolve a hostname, it calls system library functions to do the name resolution. If the GNU C library installed is version 2 or later, the /etc/nsswitch.confconfiguration file is used. Older versions of the library use /etc/host.conf. Fedora uses the newer GNU C library, but /etc/host.confis still provided for applications that have been statically linked with other libraries. The two files should be kept in sync.

The /etc/host.conffile, known as the resolver configuration file , specifies which services to use for name resolution and the order in which they are to be used. This file has been superseded by /etc/nsswitch.conf, but is still provided for applications that use other libraries.

By default with Fedora, this file contains the following:

order hosts,bind

The order shown here is to first consult /etc/hostsfor a hostname. If the hostname is found in /etc/hosts, use the IP address specified there. If the hostname is not found in /etc/hosts, try to resolve the name with DNS (BIND).

One other option is available, although it is not set by default. This is NIS, which is Sun's Network Information Service .

The file /etc/nsswitch.confis the system databases and name service switch configuration file. It contains methods for many types of lookups, but here we are concerned with DNS resolution, so the line we are interested in is the hostsline. This line defines the methods to be used for resolving hostnames and the order in which to apply them. The methods used are the following:

► db — Local database files ( *.db)

► files — Use the local file /etc/hosts

► dns — Use BIND

► nis — Use Sun's NIS

► nisplus — Use Sun's NIS+

The default line with Fedora is this:

hosts: files dns

With this default, the same methods and order are specified as in the default /etc/host.conf. First /etc/hostsis searched, and then DNS is used.

Another example is as follows:

hosts: files dns nisplus nis

In this example, name searches that fail in /etc/hostsand with DNS continue to the NIS services ( nisplusand nis). NIS included with Fedora is the ypservdaemon.

When you are testing your configuration, you might want to halt name searching at a specific point. You can use the entry [NOTFOUND=return]. For example, to stop searching after looking in /etc/hosts, you would use the following line:

hosts: files [NOTFOUND=return] dns nisplus nis

The file /etc/hostscontains a table of local hosts (hostnames and IP addresses) used for local DNS-type lookups. The file is used if the keyword hostsis included in the order line of /etc/host.conf.

Using /etc/hoststo provide hostnames and hostname aliases can be effective when used on small networks. For example, a short /etc/hostsmight look like this:

...

192.168.0.3 teletran.hudson.com teletran webserver #always breaks

192.168.0.4 optimus.hudson.com optimus mailserver

192.168.0.5 prowl.hudson.com prowl music repository

192.168.0.6 megatron.hudson.com fileserver

...

This example shows a short list of hosts. The format of the file is an IP address, a host name/domain name, and aliases (such as teletranand optimus). Using this approach, a system administrator would maintain and update a master hosts list, and then replicate the complete /etc/hostsfile to every computer on the LAN. Users are then able to access other systems by simply using the hostname alias (such as teletran). The format of /etc/hostsis easy to understand and easy to maintain, and can be used in conjunction with DNS, and in conjunction with a Dynamic Host Configuration Protocol (DHCP) server on the same network.

Two disadvantages of using /etc/hostsbecome readily apparent on a large network: maintenance and replication. Maintaining huge lists of IP addresses, hostnames, and aliases — along with ensuring that changes are regularly updated to every host on the network — can be a challenge.

The /etc/hostsfile can be edited with a text editor or with the system-config-networkGUI configuration tool, which can be launched by going to System, Administration and choosing Network. Choose the Hosts tab to edit the file.

The file /etc/resolv.confspecifies how DNS searches are made. The file contains a list of nameservers (DNS servers to connect to) and some options. For example, a simple but usable / etc/resolv.conf generally contains at least two nameserver entries, specifying a primary and secondary nameserver. This example uses fictitious internal IP addresses:

nameserver 192.168.0.1

nameserver 192.168.0.2

search mydomain.com

The IP addresses listed in the /etc/resolv.conffile are usually assigned by an ISP and represent the remote nameservers. Other optional keywords, such as domainand search, are used to specify a local domain and search list for queries; the two terms are mutually exclusive, however (and these terms are explained shortly). If you have both, the last term listed is used.

You can configure the information in /etc/resolv.conffrom the system-config-networktool by launching the tool from the Network menu item in the System Settings menu. The DNS tab enables you to enter or edit the DNS information, as shown in Figure 23.1.

FIGURE 23.1 The GUI Network Configuration tool is one of Fedora's best-designed GUI tools, permitting extensive network configuration.

If your system is set to use DHCP, any existing /etc/resolv.confis saved as resolv.conf.predhclientand a new /etc/resolv.confis created with the DNS information supplied by DHCP when the DHCP connection is made. When DHCP is released, the saved file is moved back as /etc/resolv.conf.

We begin with a look at the ideas behind DNS prior to discussing the details of the soft ware used to implement it. An understanding at this level is invaluable in avoiding the majority of problems that administrators commonly experience with DNS, as well as in diagnosing and quickly solving the ones that do occur. The following overview omits several small details in the protocol because they are not relevant to the everyday tasks of a DNS administrator. If you need more information about DNS, consult the DNS standards, especially RFC 1034. The RFCs related to DNS are distributed with BIND. Fedora installs them in /usr/share/doc/bind-*/rfc/.