Need DNS help

Sat Sep 18 12:35:55 UTC 2004

On Sat, 2004-09-18 at 01:46, Michael Sullivan wrote:
> Here's the espersonline.zone file:
> 
> [root at bullet named]# cat espersonline.com.zone
> $TTL 86400
> ns1.espersonline.com.   IN      SOA     localhost       root    (
>                                 29 ; serial
>                                 28800 ; refresh
>                                 14400 ; retry
>                                 3600000 ; expire
>                                 86400 ; ttl
>                                 )
>  
> 
> 
> bullet  IN      NS      bullet
>  
> bullet          IN      A       192.168.1.2
>  
> bullet.ns1.espersonline.com.            IN CNAME        bullet
> 
> I looked in /etc/named.conf, but there was no mention of
> espersonline.zone anywhere.  Do I need to add it manually?  Also the
> location of the espersonline.zone file was a little weird.  It was in
> /var/named/chroot/var/named.  Is this normal?

espersonline.com is a "real" domain name, with the nameserver
ns1.espersonline.com at your IP address, 68.15.193.18.

It looks like you want your server to handle internal LAN addresses too,
but those addresses shouldn't be visible from the Internet. So you need
to serve different data to clients on the Internet compared with those
on your LAN.

I'm not familiar with the bind configuration tool as I always edit my
configuration files by hand, so I'll show you how I'd do this.

Bind works with two types of files; the server configuration file
(named.conf), which tells it which domains to serve for, and the zone
files for the domains themselves.

It appears that you want a host bullet.espersonline.com to be on your
LAN, with address 192.168.1.2. If that's what you want, you'll need to
maintain separate "internal" and "external" versions of the zone file
for espersonline.com. What I would suggest is that you instead create a
subdomain, say "intranet", for your LAN hosts, and then that entire
subdomain would be invisible from the Internet. This makes for easier
maintenance, keeping your internal and external zones separate. Assuming
that's what you want to do, I'd start off with the following files:

/etc/named.conf:
---
//
// Intranet definition; hosts in these address ranges will get the
// "internal" view of things. Everyone else will get the "external"
// view.
//
acl "internalnet" {
	{ 192.168.1.0/24; localhost; };
};

//
// Key for use with rndc (for runtime configuration changes)
//
include "/etc/rndc.key";

options {
	directory "/var/named";
	allow-query { any; };
	allow-transfer { "internalnet"; };
	statistics-file "named.stats";
	dump-file "named_dump.db";
	cleaning-interval 240;
};

//
// Allow runtime control from localhost using key only.
//
controls {
	inet 127.0.0.1 allow { localhost; } keys { "rndckey"; };
};

//
// Now define the DNS zones to be served to internal clients
//
view "internal" {

	// This view is for intranet clients only
	match-clients { "internalnet"; };

	// Do recursive lookups for local clients.
	recursion yes;

	//
	// the root servers cache
	//
	zone "." {
		type hint;
		file "named.ca";
	};

	//
	// Reverse zone for localhost
	//
	zone "0.0.127.in-addr.arpa" {
		type master;
		file "masters/127.0.0";
	};

	//
	// Reverse zone for intranet
	//
	zone "1.168.192.in-addr.arpa." {
		type master;
		file "masters/192.168.1";
	};

	//
	// Forward zone for intranet
	//
	zone "intranet.espersonline.com" in {
		type master;
		file "masters/intranet.espersonline.com";
	};

	//
	// Forward zone for espersonline.com
	//
	zone "espersonline.com" {
		type master;
		file "masters/espersonline.com";
	};

};

//
// External clients only get to see the espersonline.com zone
//
view "external" {

	// This view is for the rest of the world
	match-clients { any; };

	// We don't look things up for external clients
	recursion no;

	//
	// Forward zone for espersonline.com
	//
	zone "espersonline.com" {
		type master;
		file "masters/espersonline.com";
	};

};
---

So that means you need the following zone files:

/var/named/chroot/var/named/named.ca
/var/named/chroot/var/named/masters/127.0.0
/var/named/chroot/var/named/masters/192.168.1
/var/named/chroot/var/named/masters/intranet.espersonline.com
/var/named/chroot/var/named/masters/espersonline.com

/var/named/chroot/var/named/named.ca:
This file contains a list of DNS servers to "prime" your server with,
i.e. the first servers to contact when doing lookups for external
addresses. If you install the caching-nameserver package, you'll find a
suitable file at /var/named/named.ca, which you should copy into the
chroot area.

/var/named/chroot/var/named/masters/127.0.0:
This is the reverse DNS zone for localhost/localnet
---
$ORIGIN 0.0.127.in-addr.arpa.

$TTL	86400	; Default TTL for records in this zone (1 day)

@	IN	SOA	ns1.espersonline.com. root.espersonline.com. (
				2004091801	; serial
				1H		; refresh
				5M		; retry
				2W		; expiry
				4H )		; minimum

		NS	ns1.espersonline.com.

1		PTR	localhost.intranet.espersonline.com.
---

/var/named/chroot/var/named/masters/192.168.1:
This is the reverse DNS zone for your intranet
---
$ORIGIN 1.168.192.in-addr.arpa.

$TTL	86400	; Default TTL for records in this zone (1 day)

@	IN	SOA	ns1.espersonline.com. root.espersonline.com. (
				2004091801	; serial
				1H		; refresh
				5M		; retry
				2W		; expiry
				4H )		; minimum

		NS	ns1.espersonline.com.

2		PTR	bullet.intranet.espersonline.com.
---

/var/named/chroot/var/named/masters/intranet.espersonline.com:
This is the forward DNS zone for your intranet
---
$ORIGIN intranet.espersonline.com.

$TTL	86400	; Default TTL for records in this zone (1 day)
                                                                                                                              @	IN	SOA	ns1.espersonline.com. root.espersonline.com. (
				2004091801	; serial
				1H		; refresh
				5M		; retry
				2W		; expiry
				4H )		; minimum

		NS	ns1.espersonline.com.

localhost	A	127.0.0.1

bullet		A	192.168.1.2
---

/var/named/chroot/var/named/masters/espersonline.com:
Finally, the view of the espersonline.com domain that the rest of the
world sees. I'm assuming you'll have a mail server at
ns1.espersonline.com for the domain espersonline.com.
---
$ORIGIN espersonline.com.

$TTL	86400	; Default TTL for records in this zone (1 day)

@	IN	SOA	ns1.espersonline.com. root.espersonline.com. (
				2004091801	; serial
				90M		; refresh
				30M		; retry
				2W		; expiry
				6H )		; minimum

		NS	ns1.espersonline.com.

		MX 10	ns1

ns1		A	68.15.193.18
---

No doubt others will add other suggestions but this is a bare-bones
arrangement that should at least get you up and running.

For logging to work properly with the chroot, you also need to tweak
syslog: edit /etc/sysconfig/syslog and add:

-a /var/named/chroot/dev/log

 to SYSLOGD_OPTIONS, then restart syslog (service syslog restart).

After starting named, look in /var/log/messages to make sure that named
started up properly and didn't complain about any of the files.

Once it's up and running, you can then use dig to do DNS lookups, e.g.

Lookup IP addresses:
dig ns1.espersonline.com
dig bullet.intranet.espersonline.com

Lookup hostnames from IP addresses:
dig -x 192.168.1.2
dig -x 127.0.0.1

Lookups of external names and addresses should also work, as your named
is now configured as a caching nameserver for your LAN clients.

Paul.
-- 
Paul Howarth <paul at city-fan.org>