Chris Tyler - Fedora Linux

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0

;; QUESTION SECTION:

;fedora.redhat.com. IN A

;; ANSWER SECTION:

fedora.redhat.com. 300 IN A 209.132.177.50

;; AUTHORITY SECTION:

redhat.com. 600 IN NS ns1.redhat.com.

redhat.com. 600 IN NS ns2.redhat.com.

redhat.com. 600 IN NS ns3.redhat.com.

;; Query time: 401 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Sat Mar 4 22:28:53 2006

;; MSG SIZE rcvd: 105

Once you have configured a master nameserver for a zone, you can configure another computer to fetch the zone information from that master nameserver and serve it to other machines. This can be done to share the workload for extremely busy domains or (more often) to provide some redundancy in case the master server is down or unreachable.

There is little point configuring a second nameserver if all of your services (mail server, web server, and so on) are on one server and that is the same machine that runs your master nameserver, because a failure or overload on that system would effectively cripple the other services along with the nameserver (and there is no value in being able to reach a server that can't provide service).

This type of nameserver is called a slave , but it is still considered authoritative for the domain if there is an NS record for it in the zone.

You may need to adjust your SELinux configuration to use slave zones (see Lab 8.2, "Using SELinux").

To configure a slave nameserver graphically, start the graphical configuration tool ( Figure 7-6 ), highlight the DNS Server entry, click on the New icon, and then click on the Zone option from the pull-down list. Create the zone in the same way you did on the master server, but set the Zone Type to "slave." Click OK, and the window shown in Figure 7-12 will appear.

Figure 7-12. Slave zone configuration window

Click on IPV4 Address, and the window will change to include fields for the IP address, as shown in Figure 7-13 .

Figure 7-13. Slave zone configuration window with address fields

Enter the IP address of the master nameserver, and then click on the upper OK button followed by the lower OK button. Click on the Save button on the main window, and the slave zone will be created.

To configure a slave zone by editing the configuration files, add a section to /var/named.conf that looks like this:

zone " fedorabook.com " IN {

type slave;

file " fedorabook.com.db ";

masters { 216.183.93.224 ; };

};

The zone and file values are the same as for a master zone. The type must be set to slave , and the masters value is a semicolon-separated list of zone master nameservers, enclosed in curly braces.

Once you have configured the slave zone, restart or reload named on the same machine. The initial zone transfer should be recorded in /var/log/messages :

zone fedorabook.com/IN: Transfer started.

transfer of 'chris.com/IN' from 216.183.93.224#53: connected using 47.52.6.120#55096

zone fedorabook.com/IN: transferred serial 2

Once the nameserver is working, you can configure your local clients to use it:

 If the computers on your local network have been manually configured with their IP information, change the nameserver IP address to that of the machine running named . Edit the file /etc/resolv.conf , or for Fedora Linux systems, use the menu option System→Administration→Network(the system-config-network tool, also known as neat ) and adjust the entries in the DNS tab. For other operating systems, use the appropriate network configuration tool (such as the Microsoft Windows Control Panel).

 If the computers on your local network are configured to get their IP information through the DHCP protocol, and the DHCP server is on a gateway or router device, program the DHCP settings on that gateway or router so that the IP address of your named server is used as the domain name server. Consult the device documentation for configuration information.

 If the computers on your local network are configured to get their IP information through the DHCP protocol, and you're using your Fedora system as the DHCP server, add the nameserver to your DHCPD configuration file.

If you configure only your local clients to use your nameserver, any zones that you have configured are accessible only to those clients.

In order to make your domain information accessible to other systems on the Internet, it is necessary to register your domain and give the IP address of your nameserver(s) to your domain registrar.

There are many registrars available; to find one, simply search for "domain registration" on any search engine. Be sure to read the fine print of the registrar's contract because some registrars will try to lock you into their service by charging you exorbitant transfer fees if you try to switch to another registrar at a later date.

Most registrars now offer a myriad of different packages with domain forwarding, web hosting, or email management features. If you are planning to do your own web serving and email hosting, you can forgo those features and sign up for the most basic registration service. Give the IP address of all of your named servers to your registrar as the nameservers for your domain.

Once your domain registration is complete, the nameservers for your top-level domain (TLD)such as .com or .org will start forwarding queries about your domain to your nameservers. It takes a short while for your domain information to circulate to all of the nameservers for your TLD, so be patient!

To test whether your domain name service is accessible to the Internet, use the dig command with your ISP's nameserver:

$ dig somehost.yourdomain.com @nameserver.yourisp.com

DNS is also capable of performing reverse mapping , which translates an IP address into a domain name. However, unless your ISP has provided you with a block of IP addresses that is a power of 256that is, either 256, 65,536, or 16,777,216 addressesreverse mapping is particularly difficult to set up. If you really need reverse mapping controlled by your nameserver, you'll need to find out how your ISP has configured this and whether they are willing to delegate the reverse mapping to you.

If you have a small number of Internet-accessible hosts, most ISPs prefer to enter your hostnames and IP addresses into their reverse-mapping tables rather than go through the arduous task of connecting a portion of their reverse map to your nameserver.

Domain name service is based on the concept of referrals . When a client program (such as a web browser) needs to convert a hostname into an IP address, it uses query functions in a resolver library . The resolver looks in the local hosts file ( /etc/hosts on Fedora, other Linux, Unix, and Mac OS X systems; c:\windows\system32\drivers\etc\hosts on Windows 2000, Windows Server 2003, and Windows XP), and if the hostname is not found in that file, it queries one of the caching nameservers specified in the operating system's network configuration. On a Fedora system (like most other Linux and Unix systems) the nameservers to be used are listed in /etc/resolv.conf .