Zones
There are several categories of zones that must be configured. You need to have forward lookup zones, which allow the nameserver to match names to IP Addresses. You’ll define these zones in the /etc/bind directory, in files with the “db” prefix.
Then, you’ll need to have matching reverse lookup zones, which allow the nameserver to match IP Addresses to names. Information for these zones will also be stored in the /etc/bind directory, also in files with the “db” prefix.
Once you’ve installed BIND9, you can look in this directory, and see that there are “db” files that define some other types of zones that the nameserver needs to do its job:
-rw-r–r– 1 root root 601 2010-03-14 16:46 bind.keys
-rw-r–r– 1 root root 237 2010-03-14 16:46 db.0
-rw-r–r– 1 root root 271 2010-03-14 16:46 db.127
-rw-r–r– 1 root root 237 2010-03-14 16:46 db.255
-rw-r–r– 1 root root 353 2010-03-14 16:46 db.empty
-rw-r–r– 1 root root 270 2010-03-14 16:46 db.local
-rw-r–r– 1 root root 2940 2010-03-14 16:46 db.root
-rw-r–r– 1 root bind 463 2010-03-14 16:46 named.conf
-rw-r–r– 1 root bind 490 2010-03-14 16:46 named.conf.default-zones
-rw-r–r– 1 root bind 165 2010-03-14 16:46 named.conf.local
-rw-r–r– 1 root bind 572 2010-03-14 16:46 named.conf.options
-rw-r—– 1 bind bind 77 2010-03-23 06:21 rndc.key
-rw-r–r– 1 root root 1317 2010-03-14 16:46 zones.rfc1918
All of these files, except for the “db.empty” file, are pre-configured and ready to use. The “0″ and “255″ files are used to set up your broadcast zone. The “127″ and “local” files are used to enable the host machine’s local loopback zone. As you may expect, the “root” file contains references to the root nameservers on the Internet. This is the only one of these files that may ever have to be changed. Periodically, you’ll want to check the Internic ftp site to download an updated copy.
The “empty” file is a template, used to help you create zone files for your domain.
; BIND reverse data file for empty rfc1918 zone
;
; DO NOT EDIT THIS FILE – it is used for multiple zones.
; Instead, copy it, edit named.conf, and use that copy.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
86400 ) ; Negative Cache TTL
;
@ IN NS localhost.
Zone Data
Before we can actually discuss how to configure the forward lookup zones, we’ll have to discuss the different elements of the zone data.
TTL–This stands for “Time to Live”. When other nameservers obtain data from your nameserver, they’ll hold these data in cache for later use. That way, the other nameservers won’t have to consult yours quite as often. The TTL field tells these other nameservers how long to obtain these data in their cache.
SOA–The Start-of-Authority resource record indicates that this nameserver is authoritative for a particular zone, and sets certain parameters for the zone.
NS–Nameserver resource records list all of the nameservers that are authoritative for a particular zone.
MX–Mail Exchange records point the way to a mail server.
Address records–These map the names of the hosts in the zone to their IP addresses.
Alias records–These map shorter, easier to remember host names to their longer real–or canonical—names.
Forward Zones
For this example, ABC Widgets will be used to illustrate how to build DNS. They’ve finally decided to come into the 21st century by installing a modern Local Area Network. They’ll begin by defining a domain, which they’ll call abcwidgets.com. Accordingly, the name of the file for this zone will be “db.abcwidgets.com”. Since it will be on an internal network, they plan to use private IP addresses in the 192.168.0 range.
Note: For DNS zone files, comments begin with a semi-colon.
$TTL 3h
abcwidgets.com. IN SOA goodwidget.abcwidgets.com. tim.abcwidgets.com. (
1 ; Serial number
3h ; Refresh after three hours
1h ; Retry after one hour
1w ; Expires after one week
1h ) ; Negative caching TTL set to one hour
The Time-to-Live directive begins with a dollar sign. Here, the TTL is set to three hours. This is the Start-of-Authority record. It firsts sets the name of the zone. The “IN” means that this is an Internet zone. The SOA, of course, means that this is an SOA record. The “goodwidget.abcwidgets.com” is the full canonical name of the host that the primary nameserver resides on. The “tim.abcwidgets.com” is the email address of the person who’s responsible for this zone. Typically, the first period would be replaced by a “@”, but in this file you have to use a period because the “@” has special meaning.
The serial number is set to let the slave nameservers know when they should update their backup files. If the serial number on the master nameserver is higher than the one on the slave nameserver, the slave will pull down the new data for that zone. You would want to increment this number any time you update the zone files on the master nameserver.
The refresh setting tells the slave how often to check with the master server to see if zone data have been updated.
The retry setting is for when the slave nameserver fails to contact the master nameserver at its specified interval. This tells the slave how long to wait before trying again.
The expire setting tells the slave how long to keep the old zone data if it can’t make contact with have to the master.
Finally, the Negative caching TTL tells the server how long to keep any negative responses to queries in its cache. A negative cache stores information on addresses that the nameserver can’t resolve.)
Here is a list all of the nameservers for this zone.
abcwidgets.com IN NS goodwidget.abcwidgets.com
abcwidgets.com IN NS awesomewidget.abcwidgets.com
Next, list the canonical names, matched with their IP addresses, for all of the hosts on the network.
localhost.abcwidgets.com IN A 127.0.0.1
shortwidget.abcwidgets.com IN A 192.168.0.101
longwidget.abcwidgets.com IN A 192.168.0.102
goodwidget.abcwidgets.com IN A 192.168.0.103
awesomewidget.abcwidgets.com IN A 192.168.0.104
badwidget.abcwidgets.com IN A 192.168.0.105
Now, list the mailservers
abcwidgets.com IN MX 10 shortwidget.abcwidgets.com
abcwidgets.com IN MX 20 badwidget.abcwidgets.com
With the mail exchange records, first list the domain that the mail server will be servicing. At the end of the line, list the names of the host computers on which the mail servers will reside. The “10″ and the “20″ signify the priority of the mailservers. Lower, numbers take greater priority, so the second mailserver won’t get used until the first one breaks, or otherwise becomes unreachable. Be aware that spammers often send mail to the secondary mail server hoping it is not as well configured to repel spam as the main mail server.
Aliases allow users to use a shortened, easier to type version of host names.
short.abcwidgets.com IN CNAME shortwidget.abcwidgets.com
long.abcwidgets.com IN CNAME longwidget.abcwidgets.com
Interface specific names allow us to give a name to the default gateway.
gw0.abcwidgets.com IN A 192.168.0.1
Reverse Zones
For every forward lookup zone file, you need a matching reverse lookup zone file. These files contain another kind of resource record that we haven’t introduced you to yet. It’s called the PTR record.
Here’s an example of a reverse lookup zone file. They’re named after the network’s IP address, so we’ll name this file “db.192.168.0″.
$TTL3h
0.168.192.in-addr.arpa. IN SOA goodwidget.abcwidgets.com tim.abcwidgets.com (
1 ; Serial number
3h ; Refresh after three hours
1h ; Retry after one hour
1w ; Expires after one week
1h ) ; Negative caching TTL of one hour
Nameservers
0.168.192.in-addr.arpa. IN PTR goodwidget.abcwidgets.com
0.168.192.in-addr.arpa. IN PTR awesomewidget.abcwidgets.com
This is the PTR resource record for the nameservers. Notice that you have to write the network addresses in backwards order, and append the “in-addr.arpa”.
Next, write the PTR resource record that matches IP addresses with the canonical names of the network hosts.
101.0.168.192 IN PTR shortwidget.abcwidgets.com
102.0.168.192 IN PTR longwidget.abcwidgets.com
103.0.168.192 IN PTR goodwidget.abcwidgets.com
104.0.168.192 IN PTR awesomewidget.abcwidgets.com
105.0.168.192 IN PTR badwidget.abcwidgets.com
{ 2 comments }
Don’t forget to terminate each FQDN with a trailing dot in each zone file. Otherwise, the zone name will be appended to the end of all entries.
Hi
very usefully tutorials for newbies on DNS config..
Thanks very much