Chris Tyler - Fedora Linux

Once you have entered all of the resource records you want, click Save to save the information. If named is already running, it will be reloaded so that the changes take effect immediately.

named can also be configured by directly editing the configuration files and datafiles, which is the approach used by many experienced users.

The overall operation of named is controlled by the file /etc/named.conf . This is the default configuration installed by the BIND package:

//

// named.conf for Red Hat caching-nameserver

//

options {

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

/*

* If there is a firewall between you and nameservers you want to talk to, you might need to uncomment the query-source

* directive below. Previous versions of BIND always asked questions using port 53, but BIND 8.1 uses an unprivileged port by default.

*/

// query-source address * port 53;

};

//

// a caching-only nameserver config

//

controls {

inet 127.0.0.1 allow { localhost; } keys { rndckey; };

};

zone "." IN {

type hint;

file "named.ca";

};

zone "localdomain" IN {

type master;

file "localdomain.zone";

allow-update { none; };

};

zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.local";

allow-update { none; };

};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {

type master;

file "named.ip6.local";

allow-update { none; };

};

zone "255.in-addr.arpa" IN {

type master;

file "named.broadcast";

allow-update { none; };

};

zone "0.in-addr.arpa" IN {

type master;

file "named.zero";

allow-update { none; };

};

include "/etc/rndc.key";

The options section sets up the basic file and directory locations for the server. controls limits which machines can control named (in this case, only programs running on the localhost, and only if they have the correct security key); and the include line at the end accesses that encryption key from another file and causes named to act as though it's included in this file.

The rest of this file consists of zone sections. The first zone section is for the entire Internet and refers to the file /var/named/named.ca , which contains the names and addresses of the master domain name servers, called the root servers . The extension .ca stands for cache .

If you have the package bind-chroot installed, then prepend the directory /var/named/chroot/ to pathnames throughout this chapter. For example, /var/named would become /var/named/chroot/var/named , and /etc/named.conf would become /var/named/chroot/etc/named.conf .

bind-chroot is a package intended to increase the security of the nameserver. It is considered obsolete, since SELinux now provides similar protection.

The remaining zone sections are used to resolve standard requests, such as the address of localhost and localhost.localdomain (always 127.0.0.1), and the reverse of those requests.

To create a new zone, add it to the end of this file (you can copy an existing zone entry and then modify it):

zone " fedorabook.com " IN {

type master;

file " fedorabook.com.db ";

allow-update { none; };

};

This specifies the name of the zone (exactly the same as the name of the domain) and the file in which this zone's information can be found. You can enter any filename you want, but names based on the domain and ending with .db or hosts such as fedorabook.com.db or fedorabookhosts are traditional.

Next, create the file for the zone. This is a standard text file with a very exact syntax.

The file starts with the default TTL for the zone:

$TTL 3D

The value here represents three days. You can use any combination of numbers suffixed with W , D , H , M , or S (representing units of weeks, days, hours, minutes, and seconds) concatenated together, or you can specify the time in seconds; some examples are shown in Table 7-5.

Table 7-5. named time values

The zone file then contains the Start of Authority (SOA) resource record:

@ SOA ns1 chris.global.proximity.on.ca. (2007201702,3D,1H,3D,1H)

The @ sign means "this zone", and SOA is the record type. The values are the authoritative master nameserver ( ns1 ), followed by the administrative email contact, with the @ converted to a period (therefore, usernames containing periods cannot be used for administrative contacts).

All hostnames and domain names in a zone file will have the name of the zone added to the end of them unless they end with a period. Thus, in this example, bluesky (with no period) would be interpreted as bluesky.fedorabook.com, as would bluesky.fedorabook.com with no period: bluesky.fedorabook.com.fedorabook.com.

The values in parentheses at the end of the record are the serial number and the time values for this record. It's helpful (and common practice) to split this information across several lines and add comments to label which time value is which:

@ SOA ns1 chris.global.proximity.on.ca. (

2007201702 ; serial number

3D ; refresh

1H ; retry

3D ; expire

1H ) ; minimum

Notice that comments start with a semicolon. The time values used here are the same ones configured using the graphical tool.

The rest of the zone file contains resource records. We need NS records to indicate the nameservers for this domain:

IN NS bluesky

IN NS darkday

The first field is blank; the line must be indented at least one space. The next field value, IN , specifies that these records are related to the Internet (TCP/IP address family). NS indicates the record type (nameserver), and the last field is the hostname of the nameserver.

We also need A records to indicate the IP address of each computer: