Bind DNS question
 

I, I'm very newbie in stuff about dns, networking and similar. I'm running mandrake Linux 9.1 whit Apache 2.0.47, and bind dns server 9.2 my doubt is about configuring bind. I have read a lot of manual and helps but i still don't understand very well. I don't whant to use my ISP dns to run my domain web servers, i whant to know when you configured /etc/named.conf it request something about zone, secundary, slave, dns, i supposed zone is where you put the register domain named, secundary and slave I'm still don't know what it is, and when it request my dns what i should put my local IP addres or what?? please I need a a big hand here.

ok lets say you have a domain name example.com taht you paid for. You must tell your registra that you domain name server is your box (if you have someone like godaddy you can add entries into the domain server list). Assuming u have all that worked out, you have to create a zone file for the domain and you'll have to add an entry in your named.conf file:

in your named.conf file, you'll need atleast the following:

the named.conf file is located usually in /etc/ or in my case /etc/bind/
and the zone files in /var/named/ or in my case /var/bind/pri and /var/bind/sec
(i use gentoo and it does things different )
if you are unsure about the location, there is an options block in the /etc/named.conf file that has a line that tells you where it looks for zone files


the 1st part of the zone file looks tricky at first but when you look at the finished product it starts to make sense.

the 1st line is usually a TTL statement (time to live). I think this tells servers that cache your servers responses how long to hold on to them before it should query your server again for the ip address of you domain name.

$TTL 3h ; (3 hours)


after that is the SOA recored (Statement of Authority i think).
This has a bunch of numbers (times and stuff, the comments here help out)

my SOA looks like this

the 1st line has the followin form your.domain. IN SOA master.name.server. email.address. (

the nameserver part will be the actual machine itself, i call mine ns.gigahurts.org.
because i own gigahurts.net and gigahurts.org but ns.gigahurts.org is an acutal registered domain name server. the email address part has to contain all "dots" ( . ) no @ symbols. The @ symbol is a special character in zone files. So if the email address is hostmaster@gigahurts.net then it would be hostmaster.gigahurts.net. in the SOA record.

Make usre you put those extra .'s on the end like i have them gigahurts.net.
if you dont, you'll end up with example.com.example.com . The dot tells bind not to append the domain name on the end. This is a common mistake (i've made it a few times).

the rest of the SOA record can be used verbatim. I wont go into what they mean but sometimes you'll see the times in seconds rather than in hours and days or weeks.


the very next thing after the SOA record should be NS records. This tells BIND what the name servers are for your domain. Usualy u want 2, a master (what u are createing) and a slave or secondary server incase your server crashes.

this tells bind what your authoritative nameservers are. one should match what u put in the SOA record. the one in the SOA record is the master.

now you may look at that and say "ns.example.com doesnt exsist". Well just hold on, it's comming :).

Address Records (A records). this is where you list hostnames and the IPs to give for them.

this is really all you need unless u want to do some email stuff. I dont use CNAMES because those cause double lookups and for my small zone, it isnt necessary but a CNAME record is an alias for something that already has an A record like...

pimp.example.com. IN CNAME www.example.com.

when someone on the net tries to get the ip address for pimp.example.com it will cause a lookup of the ip address of www.exmple.com. I just go ahead and give pimp the same IP as www and make it an A record but in some cases a CNAME is better, especially if the IP address changes a lot of you dont know what the ip is (maybe the CNAME is for a computer not owned by u or something).

like you may be able to do this...

yahoo.example.com IN CNAME www.yahoo.com.

but, why the hell would u wanna do that?

anyway, the finished product:


how to clean up the file....

remeber how leaving off the "DOTS" will append "example.com", well this is actally helpful. You can create your records by doing this....


www IN A 192.168.1.1 ; by leaving off the dot, it becomes www.example.com
ftp IN A 192.168.1.23; same here, it becomes ftp.example.com

but if you put www.example.com and leave off the " . " you'll get www.example.com.example.com so becarefule.

also everytime you change your zone file you MUST add 1 to the serial number in the SOA and reload the zone files (i use killall -1 named ) -1 re-reads in the config file.

If you dont increment the serial number, your slaves wont be notified of the changes.

if you want to run a mail server, you'll need MX records:

i usually make 2 MX records ... mail.examle.com and exmaple.com
my mail server is setup to recieve mail for the domain mail.gigahurts.net but my DNS will take anything that is gigahurts.net or mail.gigahurts.net here is the setup.

mail.example.com. IN A 192.168.1.234
mail.example.com. IN MX 10 mail.example.com.
example.com. IN MX 20 mail.example.com.

so if email is sent to root@example.com , it is sent to [email]root@mail.example.com
and if mail is sent to root@mail.examle.com , same thing, this way you can get
email from both names but your mail server gets it's own hostname (mail)

any questions, ask and i'll try to explain more. i get all this from the book DNS and BIND by Paul Albitz and Cricket Liu (4th Edition covers bind 9).

oh, unless you own the ip address you are using, dont worry about the PTR records. You ISP already handles that. The reverse look-up only works if you own the IP.

Robert0380

Like that was was a nice reply. Thanks!

I've been diigin around and playing with this...............

the one question i haven't found an answer for is..
my hostname on my main server, should be ( dumbshat.com ) the same as my
domain name ? or like ns.dumbshat.com ?

sorry for the lame question lq

THANKS

hi guys!

also need some info about dns, we have a working microsoft dns server and want to migrate this to linux, its a master domain and without slave (secondary) nameserver...we are hosting lot of subdomain with an MX entries.

for example i have this domain "mydomain.com" and want to add a subdomain "subdomain.mydomain.com" with MX record on that with corresponding PTR records, where should i put the entries?

i read lots of documents regarding this and am little bit confuse, and got no information about subdomains in one server, all i have here are flat domain examples.

another thing is, according to what i have read, all ns entries will be notified by the server (in this case my server in "mydomain.com) if there are new entries added....if i included my isp nameserver (adding their nameserver as ns record), changes in my server will be relected on their server...it should be that way right? so why should i need another (slave) server just to resolve destination by my private network, or people looking for us from outside?

hope someone with a big heart will help me on this...a good link would be enough anyway...thanks

Only put your ISP's name servers in your zone file if you know with 100% certainty that they agreed to act as slaves for you (this is extremely rare). You cannot just send unsolicited zone updates to another name server--it won't accept them unless it's specifically configured to do so.

You can delegate subdomains to a different name server, but a more simple approach (it only scales to a point, so don't use it for a huge zone) would be to add them to your base zone. For instance if you have mydomain.tld and also support.mydomain.tld, you can add an IN MX record for mydomain.tld and for support.mydomain.tld in the same zone. You should be able to abbreviate that like

thanks so much chort!

BIND 9 DNS Issue
 

We have a small internal DNS server set up that is working great for both forward and reverse lookups of our machine names with one exception. We decided recently to move our Web and email to an external hosting service and now we can not access the URL because the local DNS server thinks that it is the SOA for that domain.

i.e when we enter our web site into the browser "www.domain.com" it searches the internal DNS and can't resolve the name. Since our internal DNS is the SOA for domain.com.

I have tried using an A record to point to the IP I get when pinging www.domain.com from an external DNS server , but that does not work.

Is there a way to make DNS lookup www.domain.com on an external (ie ISP) DNS server, but do all othe rlookups for the domain on the intrnal server?

I have tried putting the ISP's DNS as a second entry in the resolv.conf file but that does not seem to work. It appears to stop seaching after the failure to locate the record on the internal DNS.

Any help is appreciated.

Thanks
Paul

hi guys!

at last, i have configured a working dns, but still got a minor problem. i need to allow my localnet to use this dns server.

Localnetwork ---> DNS (with to ipa) --->Internet

in MS Windblows it was easy but unfortunately i'm having a hard time in BIND with this kind of configuration, i got an rndc error.

again, any help will be appreciated. ;-)