Hello again!
I just finished setting up my simple DNS server in my OpenBSD box through some reading in one of the Linux howtos I have searched thru google and from the book I purchased all about Red Hat server administration. I just want to ask your corrections and suggestions for improvement. My test domain is "mydomain.bogus".
1. Here is the content of my /var/named/etc/named.conf file:
acl clients {
localnets;
::1;
};
options {
version ""; // remove this to allow version queries
listen-on { any; };
allow-recursion { clients; };
};
logging {
category lame-servers { null; };
};
// Standard zones
//
zone "." {
type hint;
file "standard/root.hint";
};
zone "localhost" {
type master;
file "standard/localhost";
allow-transfer { localhost; };
};
zone "0.0.127.in-addr.arpa" {
type master;
file "standard/loopback";
allow-transfer { localhost; };
};
zone "com" {
type delegation-only;
};
zone "net" {
type delegation-only;
};
// Master zones
//
// Forward lookup
zone "mydomain.bogus" {
type master;
file "master/mydomain.bogus";
};
// Reverse lookup
zone "0.168.192.in-addr-arpa" {
type master;
file "master/mydomain.arpa";
};
// Slave zones
//
//zone "otherzone.net" {
// type slave;
// file "slave/otherzone.net";
// masters { 192.0.2.1; [...;] };
//};
2. Here is the contend of my /var/named/standard/localhost file:
$ORIGIN localhost.
$TTL 6h
@ IN SOA localhost. root.localhost. (
1 ; serial
1h ; refresh
30m ; retry
7d ; expiration
1h ) ; minimum
NS localhost.
A 127.0.0.1
AAAA ::1
3. /var/named/standard/loopback file:
$ORIGIN 0.0.127.in-addr.arpa.
$TTL 6h
@ IN SOA localhost. root.localhost. (
1 ; serial
1h ; refresh
30m ; retry
7d ; expiration
1h ) ; minimum
NS localhost.
1 PTR localhost.
4. /var/named/master/mydomain.bogus file:
$ORIGIN mydomain.bogus.
$TTL 6h
@ IN SOA mydomain.bogus. root.mydomain.bogus. (
101820041 ; serial
1h ; refresh
30m ; retry
7d ; expiration
1h ) ; minimum TTL
NS intserver.mydomain.bogus.
MX 10 mail.mydomain.bogus.
localhost A 127.0.0.1
intserver A 192.168.0.1
mktg A 192.168.0.3
admin A 192.168.0.5
home A 192.168.0.10
mail CNAME intserver
gw CNAME intserver
5. /var/named/master/mydomain.arpa file:
$ORIGIN 0.168.192.in-addr-arpa.
$TTL 6h
@ IN SOA mydomain.bogus. root.mydomain.bogus. (
101820041 ; serial
1h ; refresh
30m ; retry
7d ; expiration
1h ) ; minimum TTL
NS intserver.mydomain.bogus.
MX 10 mail.mydomain.bogus.
1 PTR intserver
3 PTR mktg
5 PTR admin
10 PTR home
6. /etc/resolv.conf file:
domain mydomain.bogus
nameserver 127.0.0.1
search intserver.mydomain.bogus mydomain.bogus
lookup file bind
7. /etc/myname: intserver.mydomain.bogus
I no longer included here the "root.hint" file to make this thread shorter. It is the default included with named.
Here are some of my dig tests:
# dig -x 127.0.0.1
; <<>> DiG 9.2.3 <<>> -x 127.0.0.1
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64154
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; QUESTION SECTION:
;1.0.0.127.in-addr.arpa. IN PTR
;; ANSWER SECTION:
1.0.0.127.in-addr.arpa. 21600 IN PTR localhost.
;; AUTHORITY SECTION:
0.0.127.in-addr.arpa. 21600 IN NS localhost.
;; ADDITIONAL SECTION:
localhost. 21600 IN A 127.0.0.1
localhost. 21600 IN AAAA ::1
;; Query time: 15 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Oct 19 04:41:23 2004
;; MSG SIZE rcvd: 121
# dig
www.linuxquestions.org
; <<>> DiG 9.2.3 <<>>
www.linuxquestions.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25333
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 1
;; QUESTION SECTION:
;
www.linuxquestions.org. IN A
;; ANSWER SECTION:
www.linuxquestions.org. 5227 IN A 64.179.4.149
;; AUTHORITY SECTION:
linuxquestions.org. 5227 IN NS ns1.linuxquestions.net.
linuxquestions.org. 5227 IN NS ns1.linuxquestions.org.
linuxquestions.org. 5227 IN NS ns2.linuxquestions.org.
;; ADDITIONAL SECTION:
ns1.linuxquestions.net. 170827 IN A 64.179.4.147
;; Query time: 17 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Oct 19 04:44:21 2004
;; MSG SIZE rcvd: 144
# dig mktg.mydomain.bogus
; <<>> DiG 9.2.3 <<>> mktg.mydomain.bogus
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53826
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;mktg.mydomain.bogus. IN A
;; ANSWER SECTION:
mktg.mydomain.bogus. 21600 IN A 192.168.0.3
;; AUTHORITY SECTION:
mydomain.bogus. 21600 IN NS intserver.mydomain.bogus.
;; Query time: 13 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Oct 19 04:47:08 2004
;; MSG SIZE rcvd: 77
# ping mktg.mydomain.bogus
PING mktg.mydomain.bogus (192.168.0.3): 56 data bytes
64 bytes from 192.168.0.3: icmp_seq=0 ttl=128 time=1.627 ms
64 bytes from 192.168.0.3: icmp_seq=1 ttl=128 time=0.392 ms
64 bytes from 192.168.0.3: icmp_seq=2 ttl=128 time=0.334 ms
--- mktg.mydomain.bogus ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.334/0.784/1.627/0.596 ms
# ping intserver
PING intserver.mydomain.bogus (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=255 time=0.200 ms
64 bytes from 127.0.0.1: icmp_seq=1 ttl=255 time=0.192 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=255 time=0.173 ms
Do these tests showed that I have set this up properly?
And what this stuff "AAAA ::1" means. This is somewhat strange to me and I didn't see this explained in the howto and in the book.
And lastly, how can I make my DNS secured? In the howto it suggested that I should run named not as root but as an ordinary user. Since it explained the Linux way and this is OpenBSD,I'm sure that it is the other way around.
Thanks for any comments and suggestions....