Need DNS help
Paul Howarth
paul at city-fan.org
Sat Sep 18 12:35:55 UTC 2004
On Sat, 2004-09-18 at 01:46, Michael Sullivan wrote:
> Here's the espersonline.zone file:
>
> [root at bullet named]# cat espersonline.com.zone
> $TTL 86400
> ns1.espersonline.com. IN SOA localhost root (
> 29 ; serial
> 28800 ; refresh
> 14400 ; retry
> 3600000 ; expire
> 86400 ; ttl
> )
>
>
>
> bullet IN NS bullet
>
> bullet IN A 192.168.1.2
>
> bullet.ns1.espersonline.com. IN CNAME bullet
>
> I looked in /etc/named.conf, but there was no mention of
> espersonline.zone anywhere. Do I need to add it manually? Also the
> location of the espersonline.zone file was a little weird. It was in
> /var/named/chroot/var/named. Is this normal?
espersonline.com is a "real" domain name, with the nameserver
ns1.espersonline.com at your IP address, 68.15.193.18.
It looks like you want your server to handle internal LAN addresses too,
but those addresses shouldn't be visible from the Internet. So you need
to serve different data to clients on the Internet compared with those
on your LAN.
I'm not familiar with the bind configuration tool as I always edit my
configuration files by hand, so I'll show you how I'd do this.
Bind works with two types of files; the server configuration file
(named.conf), which tells it which domains to serve for, and the zone
files for the domains themselves.
It appears that you want a host bullet.espersonline.com to be on your
LAN, with address 192.168.1.2. If that's what you want, you'll need to
maintain separate "internal" and "external" versions of the zone file
for espersonline.com. What I would suggest is that you instead create a
subdomain, say "intranet", for your LAN hosts, and then that entire
subdomain would be invisible from the Internet. This makes for easier
maintenance, keeping your internal and external zones separate. Assuming
that's what you want to do, I'd start off with the following files:
/etc/named.conf:
---
//
// Intranet definition; hosts in these address ranges will get the
// "internal" view of things. Everyone else will get the "external"
// view.
//
acl "internalnet" {
{ 192.168.1.0/24; localhost; };
};
//
// Key for use with rndc (for runtime configuration changes)
//
include "/etc/rndc.key";
options {
directory "/var/named";
allow-query { any; };
allow-transfer { "internalnet"; };
statistics-file "named.stats";
dump-file "named_dump.db";
cleaning-interval 240;
};
//
// Allow runtime control from localhost using key only.
//
controls {
inet 127.0.0.1 allow { localhost; } keys { "rndckey"; };
};
//
// Now define the DNS zones to be served to internal clients
//
view "internal" {
// This view is for intranet clients only
match-clients { "internalnet"; };
// Do recursive lookups for local clients.
recursion yes;
//
// the root servers cache
//
zone "." {
type hint;
file "named.ca";
};
//
// Reverse zone for localhost
//
zone "0.0.127.in-addr.arpa" {
type master;
file "masters/127.0.0";
};
//
// Reverse zone for intranet
//
zone "1.168.192.in-addr.arpa." {
type master;
file "masters/192.168.1";
};
//
// Forward zone for intranet
//
zone "intranet.espersonline.com" in {
type master;
file "masters/intranet.espersonline.com";
};
//
// Forward zone for espersonline.com
//
zone "espersonline.com" {
type master;
file "masters/espersonline.com";
};
};
//
// External clients only get to see the espersonline.com zone
//
view "external" {
// This view is for the rest of the world
match-clients { any; };
// We don't look things up for external clients
recursion no;
//
// Forward zone for espersonline.com
//
zone "espersonline.com" {
type master;
file "masters/espersonline.com";
};
};
---
So that means you need the following zone files:
/var/named/chroot/var/named/named.ca
/var/named/chroot/var/named/masters/127.0.0
/var/named/chroot/var/named/masters/192.168.1
/var/named/chroot/var/named/masters/intranet.espersonline.com
/var/named/chroot/var/named/masters/espersonline.com
/var/named/chroot/var/named/named.ca:
This file contains a list of DNS servers to "prime" your server with,
i.e. the first servers to contact when doing lookups for external
addresses. If you install the caching-nameserver package, you'll find a
suitable file at /var/named/named.ca, which you should copy into the
chroot area.
/var/named/chroot/var/named/masters/127.0.0:
This is the reverse DNS zone for localhost/localnet
---
$ORIGIN 0.0.127.in-addr.arpa.
$TTL 86400 ; Default TTL for records in this zone (1 day)
@ IN SOA ns1.espersonline.com. root.espersonline.com. (
2004091801 ; serial
1H ; refresh
5M ; retry
2W ; expiry
4H ) ; minimum
NS ns1.espersonline.com.
1 PTR localhost.intranet.espersonline.com.
---
/var/named/chroot/var/named/masters/192.168.1:
This is the reverse DNS zone for your intranet
---
$ORIGIN 1.168.192.in-addr.arpa.
$TTL 86400 ; Default TTL for records in this zone (1 day)
@ IN SOA ns1.espersonline.com. root.espersonline.com. (
2004091801 ; serial
1H ; refresh
5M ; retry
2W ; expiry
4H ) ; minimum
NS ns1.espersonline.com.
2 PTR bullet.intranet.espersonline.com.
---
/var/named/chroot/var/named/masters/intranet.espersonline.com:
This is the forward DNS zone for your intranet
---
$ORIGIN intranet.espersonline.com.
$TTL 86400 ; Default TTL for records in this zone (1 day)
@ IN SOA ns1.espersonline.com. root.espersonline.com. (
2004091801 ; serial
1H ; refresh
5M ; retry
2W ; expiry
4H ) ; minimum
NS ns1.espersonline.com.
localhost A 127.0.0.1
bullet A 192.168.1.2
---
/var/named/chroot/var/named/masters/espersonline.com:
Finally, the view of the espersonline.com domain that the rest of the
world sees. I'm assuming you'll have a mail server at
ns1.espersonline.com for the domain espersonline.com.
---
$ORIGIN espersonline.com.
$TTL 86400 ; Default TTL for records in this zone (1 day)
@ IN SOA ns1.espersonline.com. root.espersonline.com. (
2004091801 ; serial
90M ; refresh
30M ; retry
2W ; expiry
6H ) ; minimum
NS ns1.espersonline.com.
MX 10 ns1
ns1 A 68.15.193.18
---
No doubt others will add other suggestions but this is a bare-bones
arrangement that should at least get you up and running.
For logging to work properly with the chroot, you also need to tweak
syslog: edit /etc/sysconfig/syslog and add:
-a /var/named/chroot/dev/log
to SYSLOGD_OPTIONS, then restart syslog (service syslog restart).
After starting named, look in /var/log/messages to make sure that named
started up properly and didn't complain about any of the files.
Once it's up and running, you can then use dig to do DNS lookups, e.g.
Lookup IP addresses:
dig ns1.espersonline.com
dig bullet.intranet.espersonline.com
Lookup hostnames from IP addresses:
dig -x 192.168.1.2
dig -x 127.0.0.1
Lookups of external names and addresses should also work, as your named
is now configured as a caching nameserver for your LAN clients.
Paul.
--
Paul Howarth <paul at city-fan.org>
More information about the users
mailing list