home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Caldera Network Desktop 1.0
/
caldera-network-desktop-1.0.bin
/
doc
/
HOWTO
/
mini
/
Caching-named
< prev
next >
Wrap
Text File
|
1995-11-30
|
16KB
|
433 lines
Caching named mini howto.
Version 1.1
(C)opyright 1995 Nicolai Langfeldt. Do not modify without amending
copyright, distribute freely but retain copyright message.
Please send money, comments and/or questions to janl@ifi.uio.no.
I would appreciate it if someone sent me a section 3 for (c)slip
users.
Contents:
1. Introduction
2. Setting it up
3. Automatic setup when connecting (and disconnecting).
4. Getting a new root.cache file.
5. Of forwarders and slaves.
1. Introduction
This mini howto describes how to set up set up a caching name server.
This is primarily usefull for people connected to the net with a
(dialup) modem, using SLIP, PPP and similar protocols, because name
lookups can be slow due to the slownes of modem comunications.
A clearification: When I say 'your machine' I mean the macine you dial
up to the net from, for most people this is their home machine. There
is room for confusion because quite a few people dial up to their own
internet connected machine at work, _that_ is not the machine I talk
of in this howto, I talk about the machine you call up from, the one
you connect to the net with a modem.
Before you start on this you should configure your machine so that you
can telnet in and out of it, and make successfuly make all kinds of
connections to the net, and you should be able to do 'telnet
127.0.0.1' and get your own machine. You also need good
/etc/host.conf, /etc/resolve.conf and /etc/hosts files as a starting
point. If you don't already have all this set up and working the
networking howto explains how to set it up.
I also assume you're not behind any kind of firewall that blocks name
queries. If you are you will need a special configuration that's
mentioned in section 5.
Name serving on unix is done by a program called named. This is a
part of the bind package that's coordinated by Paul Vixie. This can
be gotten on Linux ftp sites, but chances are that you already have a
named. It's usualy called /usr/sbin/named. You can use that if you
already have it.
If you need to set up named for more than just caching, for example
for setting up your own internet domain I sugest you get the book "DNS
and BIND" by C. Liu and P. Albitz from O'Reilly & Associates,
Sebastopol, CA, ISBN 0-937175-82-X 1992. There are also docs in the
bind distribution, including a FAQ and a manual as well as papers.
2. Setting it up
Tip: Make backup copies of all the files I instruct you to change if
you already have them, so if after going thru this nothing works you
can get it back to your old, working state.
First you need a file called /etc/named.boot. This is read when named
starts. For our purpose it should simply contain (remove leading
spaces):
; Boot file for nicolais caching name server
;
directory /var/named
;
; type domian source file or host
cache . root.cache
A file named /var/named/root.cache is named in this.
/var/named/root.cache should contain this (remove leading spaces
again):
; ---- Root hint cache dump ----
. IN NS A.ROOT-SERVERS.NET
. IN NS B.ROOT-SERVERS.NET
. IN NS C.ROOT-SERVERS.NET
. IN NS D.ROOT-SERVERS.NET
. IN NS E.ROOT-SERVERS.NET
. IN NS F.ROOT-SERVERS.NET
. IN NS G.ROOT-SERVERS.NET
. IN NS H.ROOT-SERVERS.NET
. IN NS I.ROOT-SERVERS.NET
;
; Prep the cache (hotwire the addresses). Order does not matter
;
A.ROOT-SERVERS.NET. IN A 198.41.0.4
B.ROOT-SERVERS.NET. IN A 128.9.0.107
C.ROOT-SERVERS.NET. IN A 192.33.4.12
D.ROOT-SERVERS.NET. IN A 128.8.10.90
E.ROOT-SERVERS.NET. IN A 192.203.230.10
F.ROOT-SERVERS.NET. IN A 39.13.229.241
G.ROOT-SERVERS.NET. IN A 192.112.36.4
H.ROOT-SERVERS.NET. IN A 128.63.2.53
I.ROOT-SERVERS.NET. IN A 192.36.148.17
It describes the root name servers in the world. This changes over
time, see below for how to get updated data.
These two files are supposedly described in the named man page. I say
supposedly because that man page is probably one of the least clear
man pages in creation if you don't already know how to set up named.
Next, when you're connected to the net you need a /etc/resolv.conf
looking like this:
search subdomain.your-domain.edu your-domain.edu
nameserver 127.0.0.1
The 'search' line specifies what domains should be searched for any
hostnames want to connect to. The 'nameserver' line specifies what
address your machine can reach a nameserver at, in this case your own
machine since that is where your named runs.
The example assumes you belong in the domain
subdomain.your-domain.edu, your machine then, is probably called
your-machine.subdomain.your-domain.edu. The search line would
normaly not contain your top domain ('edu' in this case). If you
frequently need to connect to hosts in another domain you can add that
domain to the search line like this:
search subdomain.your-domain.edu your-domain.edu other-domain.com
and so on. Obviosly you need to put real domain names in instead.
The last file you have to fix is /etc/host.conf. There should be a
line starting with 'order' and it should look like this:
order hosts,bind
If there is no order line you should stick one in. It tells the host
name resolving routinges to first look in /etc/hosts, then ask the
name server (which you in resolve.conf said is at 127.0.0.1)
These two latest files are documented in the resolv(8) manpage (do
'man 8 resolv'). That man page is IMHO readable, and everyone should
read it.
Now you can connect to the world and test your setup. Dial up and
establish your connection the usual way. Once the connection is
established (and /etc/resolve.conf has the right 'nameserver' line)
you start /usr/sbin/named. If you look in your syslog message file
(usualy called /var/adm/messages, use the command 'tail
/var/adm/messages' to see it's end) after you start named you should
see something like:
Jan 14 23:13:14 roke named[671]: starting. named 4.9.3-BETA9 Sat Jan 14 21:19:55 MET 1995 janl@roke:/usr/src/bind-4.9.3-BETA9/named
Jan 14 23:13:14 roke named[672]: Ready to answer queries.
If there is any messages about errors then there is a mistake
somewhere in the file named named in the message (one of named.boot
and root.cache I hope :-) Kill named and go back and check the files.
Once named does not complain you can start querying it. The program
designed for this is nslookup. Start it by giving linux the command
'nslookup':
$ nslookup
Default Server: localhost
Address: 127.0.0.1
>
If it does not say 'localhost' and '127.0.0.1' there is something
wrong in resolv.conf, go back and check it.
Now you can enter a query. Try looking up some machine close to you.
mnemosyne.uio.no is a Linux machine I run at the university of Oslo:
> mnemosyne.uio.no
Server: localhost
Address: 127.0.0.1
Name: mnemosyne.uio.no
Address: 129.240.21.233
nslookup now asked your named to look for the machine
mnemosyne.uio.no. It then contacted one of the name server machines
named in your root.cache file, and asked it's way from there. It
might take some seconds before you get the result as it searches all
the domains you named in /etc/resolve.conf. If you try again you get
this:
> mnemosyne.uio.no
Server: localhost
Address: 127.0.0.1
Non-authoritative answer:
Name: mnemosyne.uio.no
Address: 129.240.21.233
Note 'Non-authoritative answer:'. That means that named did not go
out on the network to ask this time, it instead looked in it's cache
and found it there. But the cached information _might_ be out of date
(also called 'stale'). So you are informed of this by it saying
'Non-authorative answer:'. So when nslookup says this the second time
you ask for a host it's a sign it caches the information and the
desired effect of setting up the named has been reached. You exit
nslookup by giving the command 'exit'.
A warning: It is not smart to run named when you are not connected to
the net, this is because named will try to send queries to the net and
it has a long timeout, and you have to wait for this timeout every
time some program tries to resolve a name. The next section explains
how I deal with seting up and taking down named when connecting and
disconnecting to the net.
So now you know how to set up the different configuration files so
named works.
3. Automatic setup when connecting (and disconnecting).
This section explains how I have set things up to automate everything.
My way might not suit you at all, but you might get a idea from
something I've done. Also, I use ppp for dialup, while many use slip
or cslip, so almost everything in your setup can be different from
mine. But slip's dip program should be able to do many of the things I
do.
Normaly, when I'm not connected to the net I have a resolv.conf file
simply containing the line
domain uio.no
This ensures I don't have to wait for the hostname resolving library
to try to connect to a nameserver that can't help me. But when I
connect I want to start my named and have a resolv.conf looking like
the one described above. I have solved this by keeping two
resolv.conf 'template' files named resolv.conf.local and
resolve.conf.connected. The latter looks like the resolve.conf
described before in this document.
To automaticaly connect to the net I run a script called 'ppp-on':
#!/bin/sh
cp -v /etc/resolv.conf.connected /etc/resolv.conf
echo calling...
pppd
pppd has a file called 'options' that tells it the particulars of how
to get connected. Once my ppp connection is up the pppd starts a
script called ip-up (this is described in the pppd man page). This is
parts of the script:
#!/bin/sh
...
echo 1>&2 PPP: IP up
...
/usr/sbin/named
echo PPP: ip-up finished
I.e. I start my named there. When ppp is disconnected pppd runs a
script called ip-down:
#!/bin/sh
echo 1>&2 PPP: IP down
cp /etc/resolv.conf.local /etc/resolv.conf
kill `cat /var/run/named.pid`
So this gets things configured and up when connecting and
disconfigured and down when disconnecting.
It's also a good idea to insert
cp /etc/resolv.conf.local /etc/resolv.conf
in your bootup scripts. The best place is /etc/rc.d/rc.inet1 if you
have it, if not in /etc/rc.d/rc.local or /etc/rc.local.
4. Getting a new root.cache file.
I mentioned that the root.cache information changes from time to time.
So you might want to update it once in a long while. Start nslookup thus:
nslookup | tee nslookup.log
then give the command
> set type=ns
This means that nslookup should ask for 'ns' (or NameServer) records,
it usualy asks for A, address records.
> .
This means, get me root information. In a unix filesystem the root
is '/', in the name server system the root is '.' and is often written
so. The answer to my query was:
Server: localhost
Address: 127.0.0.1
Non-authoritative answer:
(root) nameserver = B.ROOT-SERVERS.NET
(root) nameserver = C.ROOT-SERVERS.NET
(root) nameserver = D.ROOT-SERVERS.NET
(root) nameserver = E.ROOT-SERVERS.NET
(root) nameserver = I.ROOT-SERVERS.NET
(root) nameserver = F.ROOT-SERVERS.NET
(root) nameserver = G.ROOT-SERVERS.NET
(root) nameserver = A.ROOT-SERVERS.NET
(root) nameserver = H.ROOT-SERVERS.NET
Authoritative answers can be found from:
(root) nameserver = B.ROOT-SERVERS.NET
(root) nameserver = C.ROOT-SERVERS.NET
(root) nameserver = D.ROOT-SERVERS.NET
(root) nameserver = E.ROOT-SERVERS.NET
(root) nameserver = I.ROOT-SERVERS.NET
(root) nameserver = F.ROOT-SERVERS.NET
(root) nameserver = G.ROOT-SERVERS.NET
(root) nameserver = A.ROOT-SERVERS.NET
(root) nameserver = H.ROOT-SERVERS.NET
B.ROOT-SERVERS.NET internet address = 128.9.0.107
C.ROOT-SERVERS.NET internet address = 192.33.4.12
D.ROOT-SERVERS.NET internet address = 128.8.10.90
E.ROOT-SERVERS.NET internet address = 192.203.230.10
I.ROOT-SERVERS.NET internet address = 192.36.148.17
F.ROOT-SERVERS.NET internet address = 39.13.229.241
G.ROOT-SERVERS.NET internet address = 192.112.36.4
A.ROOT-SERVERS.NET internet address = 198.41.0.4
H.ROOT-SERVERS.NET internet address = 128.63.2.53
It says that the answer is non-authorative, and that an authorative
answer can be gotten from one of a list of hosts. We want a
authorative answer so we tell nslookup to use one of the named
servers. I pick i.root-servers.net because everyone else probably use
a :-) You can choose any you fancy.
> server i.root-servers.net
Default Server: i.root-servers.net
Address: 192.36.148.17
Now to ask for the root ns records again:
> .
Server: i.root-servers.net
Address: 192.36.148.17
(root) nameserver = H.ROOT-SERVERS.NET
(root) nameserver = B.ROOT-SERVERS.NET
(root) nameserver = C.ROOT-SERVERS.NET
(root) nameserver = D.ROOT-SERVERS.NET
(root) nameserver = E.ROOT-SERVERS.NET
(root) nameserver = I.ROOT-SERVERS.NET
(root) nameserver = F.ROOT-SERVERS.NET
(root) nameserver = G.ROOT-SERVERS.NET
(root) nameserver = A.ROOT-SERVERS.NET
(root) nameserver = H.ROOT-SERVERS.NET
(root) nameserver = B.ROOT-SERVERS.NET
(root) nameserver = C.ROOT-SERVERS.NET
(root) nameserver = D.ROOT-SERVERS.NET
(root) nameserver = E.ROOT-SERVERS.NET
(root) nameserver = I.ROOT-SERVERS.NET
(root) nameserver = F.ROOT-SERVERS.NET
(root) nameserver = G.ROOT-SERVERS.NET
(root) nameserver = A.ROOT-SERVERS.NET
H.ROOT-SERVERS.NET internet address = 128.63.2.53
B.ROOT-SERVERS.NET internet address = 128.9.0.107
C.ROOT-SERVERS.NET internet address = 192.33.4.12
D.ROOT-SERVERS.NET internet address = 128.8.10.90
E.ROOT-SERVERS.NET internet address = 192.203.230.10
I.ROOT-SERVERS.NET internet address = 192.36.148.17
F.ROOT-SERVERS.NET internet address = 39.13.229.241
G.ROOT-SERVERS.NET internet address = 192.112.36.4
A.ROOT-SERVERS.NET internet address = 198.41.0.4
Mission acomplished, quit nslookup:
> exit
You now have the complete nslookup seesion log in a file called
nslookup.log. Start a editor and remove all but the results of the
last query. To make a named.cache file of the rest you change it in
this manner:
(root) nameserver = H.ROOT-SERVERS.NET
should become
. IN NS H.ROOT-SERVERS.NET.
Note the _trailing_ '.', it's _very_ significant. It specifies that
net is a root domain, and should be there. There need only be line
for each name server, you can delete the duplicate ones. Then you
change lines on the form
H.ROOT-SERVERS.NET internet address = 128.63.2.53
to
H.ROOT-SERVERS.NET. 999999 IN A 128.63.2.53
Note the trailing '.' after 'NET' . again. Then save the file again.
If you examine the result of the edit and your /var/named/root.cache
they should be remarkably alike, so this corresponds to the root.conf
file. Move the new file to /var/named/root.cache. Now run
/usr/sbin/named.restart and test your new setup by connecting to
5. Of forwarders and slaves.
There are one or two enhancements you can make on this setup. One
involves asking other close by name servers if they have the name
cached, thus (possebly, if we're lucky) avoiding having to wait for a
reply from halfway across the globe. You can't use _any_ close by
nameserver for forwarding; it has to accept recursive queries (to
quote the named manpage). If you don't know any close-by forwarders
ask your provider if they know any name servers you can use as
forwarder. In My Humble Opinion your provider should be be able to be
your forward server. Never, ever use another server as forwarder
without the permission of it's admin, it's rude.
A forwarders line should be in the named.boot file, and looks like
this (DO NOT USE THIS LINE, IT WILL NOT WORK! Use your local
forwarders instead):
forwarders 127.0.0.2 127.0.0.3
You can list as many forwarders as you like.
A line like this
slave
in named.boot will put your name server in slave mode, this means it
will only query it's forwarders. If you're behind a firewall or
perhaps have to pay for all network traffic this is usefull.