Chapter 14
DNS: Domain Name Service
|
|
|
|
|
![](gif/black.gif) |
In this chapter: |
|
|
|
![*](gif/bullet.gif) ![](gif/clear.gif) |
Configuring DNS
|
![*](gif/bullet.gif) ![](gif/clear.gif) |
Setting up a "caching only" name server
|
![*](gif/bullet.gif) ![](gif/clear.gif) |
Debugging your configuration
|
|
|
|
![](gif/black.gif) |
|
A machine on the Internet (or on your local area network) can usually
be addressed using its name or its IP address. This is true from a
user standpoint, but for applications, the IP address is the only way
to reach a remote host. This implies the need of a translation of
names to addresses. The Domain Name Service (DNS) provides exactly
this: It maps a name to an address and vice versa. It also can give
additional information about hosts, such as short descriptions and
hints for9 mail routing.
|
![NOTE](gif/icon_note.gif) |
SuSE Linux 6.1 ships with two versions of the DNS daemon. You can
choose between version 4.9.7 and version 8.1.2 of the bind package
that contains named, the daemon handling DNS
requests. Use the newer version. It offers more functionality and
improved security. Also note that the syntax for the bootup file has
changed slightly. If remaining compatible is a major issue for you, or
you set DNS up already and want only to move it over to the Linux
machine, you might want to install the older version.
|
|
|
14.1 | Configuring the Domain Name Service |
|
This section reviews the latest version, bind 8.1.2. To get the name
server started at all, the variable START_BIND, found in
/etc/rc.config, has to be set to yes. The main
configuration file read by named (the name server daemon), is
/etc/named.conf. The named.conf that comes with SuSE is
an extensive example of all possible features. Other than
demonstrating what is possible, it's pretty useless. A much shorter
and actually useful example follows.
|
| #
# Bind 8 configuration for a cache only server
#
options {
directory "/var/named";
forward first;
forwarders {
168.253.48.19;
198.6.1.1;
209.0.51.1;
};
};
# Root servers
zone "." {
type hint;
file "root.hint";
};
# the loopback device
zone "localhost" IN {
type master;
file "localhost.zone";
check-names fail;
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "127.0.0.zone";
check-names fail;
allow-update { none; };
};
|
|
This example setup shows a server without a local database. You use
caching-only servers to minimize DNS traffic for your local
network. If all local machines point to this server, a lookup will be
made only when the requested entry has not been requested before. Any
known address to name (or name to address) translations will be cached
by this server, and it can answer requests directly without making a
time-consuming lookup over the external link.
|
![TIP](gif/icon_tip.gif) |
Even if you have a few machines (or even a single host), it may make
sense to set up a caching-only DNS server. Not only will the traffic
going to your ISP be reduced, but also the increased speed will be
worth the effort. DNS queries are expensive in terms of time, and the
server cache will reduce these to a minimum.
|
|
In the options section, you see that the directory
/var/named is specified. All files given in the rest of
the configuration are expected to be in this directory. A list of
forwarders specifies name servers that are first queried before a real
lookup to the root servers is made. This is done with the assumption
that these forwarders are faster to reach than the root servers. You
should replace these addresses with the addresses of the name
servers of your ISP. The next section specifies the root servers,
whose addresses can be found in the file /var/named/root.hint.
|
![NOTE](gif/icon_note.gif) |
This file is made available by InterNIC registration services under
anonymous FTP as file /domain/named.root on the server
FTP.RS.INTERNIC.NET. It is also part of the bind8 package
provided by SuSE. It's recommended that you use the newest version, so
you may want to check whether a more recent version exists than the
one provided on the CD.
|
|
The last section in the example is used to resolve the addresses used
for the local loopback device. The zone files 127.0.0.zone and
localhost.zone are also part of the SuSE bind8 package and are
located in /var/named.
This example doesn't include any real host/address database (zone
files), but it gives you an idea of the structure used in the named
configuration file.
|
![NOTE](gif/icon_note.gif) |
For a complete documentation of bind, look at the Web site of the
Internet Software Consortium,
http://www.isc.org/bind8/index.html. A good book on this
subject is DNS and BIND, 3rd Edition, by Paul Albitz and Cricket Liu.
|
|
|
14.2 | Debugging the Domain Name Service |
|
If you have to set up a DNS server, you may come to the point at which
you want to know what's going on inside the server. The
named daemon has some nice debugging features, which
are triggered by sending signals to the deamon:
|
|
![*](gif/bullet.gif) ![](gif/clear.gif) |
SIGHUP
Causes server to reread /etc/named.conf and reload the
database. It will also cause the server to check the serial number
on all secondary zones; normally, the serial numbers are checked only
at the SOA-specified intervals.
|
![*](gif/bullet.gif) ![](gif/clear.gif) |
SIGINT
Dumps the current database and cache information to
/var/named/nameddump.db. This gives you a list of all
data known to the server at this moment.
|
![*](gif/bullet.gif) ![](gif/clear.gif) |
SIGILL
Dumps statistics data into
/var/named/named.stats. Statistics data is appended to
the file.
|
![*](gif/bullet.gif) ![](gif/clear.gif) |
SIGTERM
Dumps the primary and secondary database files. Used to save modified
data on shutdown if the104 server is compiled with dynamic updating
enabled.
|
![*](gif/bullet.gif) ![](gif/clear.gif) |
SIGUSR1
Turns on debugging; each SIGUSR1 sent to the server increments the
debug level. This feature allows you to see what the server is doing
and where it tries to look up the requested names or addresses. The
more SIGUSR1 signals you send to the server, the more detailed is
the output in /var/named/named.run.
|
![*](gif/bullet.gif) ![](gif/clear.gif) |
SIGUSR2
Turns off debugging completely.
|
![*](gif/bullet.gif) ![](gif/clear.gif) |
SIGWINCH
Toggles logging of all incoming queries via syslog. Each DNS request
will be logged in /var/log/messages.
|
|
|
Instead of sending these signals to the daemon, the tool
ndc can be used. It supports the commands
status, dumpdb, reload,
stats, trace, notrace,
querylog, start, stop and
restart on the commanline. The function of these commands
is equivalent to the signals listed abobve. For a detailed list of
these commands refer to the man page ndc(8).
|
![NOTE](gif/icon_note.gif) |
The man page gives different locations for the listed log files. The
standard behavior would be to have all the output files in
/var/tmp. However, SuSE decided to change this and have
named dump its debugging output to /var/named.
|
|
|
![](gif/black.gif) |
Summary: |
|
The domain name service translates machine names in actual IP
addresses and vice versa. The bind package is the package
containing the server and the tools to access the DNS information.
The DNS server uses ASCII file databases to hold the information about
the domains it serves. You also can set up a server without local
data as a caching server to minimize IP traffic and to speed up DNS
queries. Signals can be sent to the server to make it write debugging
output or dump its current database. This makes it easy to debug
the local configuration and optimize the server setup.
|
![](gif/black.gif) |