|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Stop making mediocre tutorials.The best tutorials are video! Camtasia Studio makes it easy to create engaging, buzz-building screen videos at any size, in any popular format. Download the free trial!
|
|
#1
September 6th, 2002, 05:58 AM
|
||||
|
||||
|
Advice on named.conf and master zone file config
Hi,
I've just setup named on FreeBSD 4.6-STABLE: Code:
[11:26:46] munk@munkboxen /etc/namedb# named -v
named 8.3.3-REL Tue Jul 23 20:31:29 GMT 2002
root@munkboxen.mine.nu:/usr/obj/usr/src/usr.sbin/named
and I'm after a 'sanity' check from someone more knowledgeable than myself on my named and master zone file configuration. I won't skip the details at all, seems pretty stupid configuring a set of DNS records and then withholding it when asking for help seeing as the DNS records are to be publicly accessible anyway!!!  My configuration then is as follows: Code:
[11:31:43] munk@munkboxen /etc/namedb# cat named.conf
options {
directory "/etc/namedb";
};
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" {
type master;
file "localhost-v6.rev";
};
zone "munk.nu" {
type master;
file "db.munk.nu";
};
[11:32:02] munk@munkboxen /etc/namedb# cat db.munk.nu
munk.nu. IN SOA ns1.munk.nu. munk.munk.nu. (
20020906110212
10800 ; Refresh after 3 hours
3600 ; Retry after 1 hour
604800 ; Expire after 1 week
86400 ) ; Minimum TTL 1 day
;
; NS Records
;
IN NS ns1.munk.nu.
IN NS ns2.munk.nu.
;
; Host Records
;
localhost IN A 127.0.0.1
ns1 IN A 213.152.51.194
ns2 IN A 213.152.51.195
www IN A 213.152.51.194
freebie IN A 213.152.51.194
mail IN A 213.152.51.194
sparky IN A 213.152.51.195
winnie IN A 213.152.51.196
winnie IN A 213.152.51.196
;
; Mail Records
;
@ IN MX 10 mail.munk.nu.
[11:50:38] munk@munkboxen /etc# cat namedb/localhost.rev
; From: @(#)localhost.rev 5.1 (Berkeley) 6/30/90
; $FreeBSD: src/etc/namedb/PROTO.localhost.rev,v 1.6 2000/01/10 15:31:40 peter Exp $
;
; This file is automatically edited by the `make-localhost' script in
; the /etc/namedb directory.
;
$TTL 3600
@ IN SOA munk.nu. root.munk.nu. (
20020906 ; Serial
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
IN NS ns1.munk.nu.
1 IN PTR localhost.nu.
I followed Chapter 4. Setting Up BIND, from the O'Reilly book DNS and BIND to get this far. I've tested it as follows thus far: Code:
[11:32:55] munk@munkboxen /etc/namedb# nslookup www Server: localhost.nu Address: 127.0.0.1 Name: www.munk.nu Address: 213.152.51.194 [11:36:10] munk@munkboxen /etc/namedb# nslookup www.google.com. Server: localhost.nu Address: 127.0.0.1 Name: www.google.com Address: 216.239.39.101 however when I go to lookup a local hostname on a remote nameserver it does not resolve: Code:
[11:42:27] munk@nova /home/munk# nslookup www.munk.nu Server: pazs001o.blueyonder.co.uk Address: 62.30.64.113 *** pazs001o.blueyonder.co.uk can't find www.munk.nu: Non-existent host/domain A 'whois' lookup on 'munk.nu' reveals: Code:
[11:50:43] munk@munkboxen /etc# whois munk.nu
------------------------------------------------------------------------
.NU Domain Ltd Whois service
Domain Name (UTF-8): munk.nu
Record ID: 437528.
Record expires on 28-Aug-2004.
Record created on 28-Aug-2002.
Record status: Active.
Domain servers in listed order:
ns1.munk.nu 213.152.51.194
ns2.munk.nu 213.152.51.195
Copyright by .NU Domain Ltd - http://www.nunames.nu
------------------------------------------------------------------------
Database last updated: Fri Sep 6 06:46:15 2002
------------------------------------------------------------------------
My questions: 1. Do the master zone files look ok and if not how could they be optimized? 2. Assuming the config is correct, how long should it (normally) take for the DNS to propogate to remote nameservers across the internet? Is there any known method for speeding this up? (I noticed that everydns.net's nameservers seem to propogate very quickly after changes are made, literally in minutes.) TIA, Jez
|
|
#2
September 6th, 2002, 07:54 AM
|
||||
|
||||
|
mmm, *doh*
The reason it wasn't resolving queries from remote hosts was because I forgot to add a rule to my ipf firewall ruleset to allow inbound tcp/udp on port 53. Speaking of which can anyone comment on these ipf rules for allowing DNS queries?: Code:
# dns incoming: pass in quick on fxp0 proto tcp from any to 213.152.51.194 port = 53 flags S keep state pass in quick on fxp0 proto udp from any to 213.152.51.194 port = 53 Thanks in advance.
|
|
#3
September 8th, 2002, 08:43 AM
|
|||
|
|||
|
Keep state on udp ruleset as well.
As far as your named setup: 1) Rename your localhost.rev to db.127 and change that in named.conf accordingly 2) Create a new zone record named db.localhost or whatever. As far as sample you can search google. The reason of this because localhost related zone records should be separated from your db.munk.nu zone. That is to remove the A record of localhost in your db.munk.nu. Right now localhost.munk.nu resolves to 127.0.0.1 on my end, which is a common misconfiguration to many named servers 3) There are many reasons to set your hostname to ns1.munk.nu instead of munkboxen.mine.nu 4) Drop mail.munk.nu and use ns1.munk.nu as your MX because ns1.munk.nu is glued at roots.
|
|
#4
September 8th, 2002, 08:30 PM
|
||||
|
||||
|
Keep state on udp ruleset as well.
>> mmm ok thanks, forgot you could keep state on udp. Out of interest, given that noone will be performing zone transfers from me, how often would tcp requests typically be made to port 53 (ie requests made to my named server externally)? Am I to understand that it is only 'broken' resolvers that submit DNS resolution requests on port 53 via TCP? 1) Rename your localhost.rev to db.127 and change that in named.conf accordingly >> I was following the FreeBSD named setup instructions in handbook - the unfortunate naming convention used in the 'make-localhost' sh script seems an oddity for FreeBSD.2) Create a new zone record named db.localhost or whatever. >> Thanks, corrected. 3) There are many reasons to set your hostname to ns1.munk.nu instead of munkboxen.mine.nu >> I currently set: Code:
[2:18:59] munk@freebie /etc/namedb# hostname freebie.munk.nu although: Code:
[2:20:47] munk@freebie /etc/namedb# cat /etc/hosts 127.0.0.1 localhost 213.152.51.193 router 213.152.51.194 ns1 freebie munkboxen.mine.nu munkboxen www.console-pimps.net \ munk.nu freebie.munk.nu www.munk.nu ns1.munk.nu freebie.munk.nu 213.152.51.195 sparky \ sparky.munk.nu 213.152.51.196 winnie winnie.munk.nu and this is a real mess. ('console-pimps.net' is another domain I'm running from this machine as well!!!) Should I set 'hostname ns1.munk.nu'? Should I trim /etc/hosts? 4) Drop mail.munk.nu and use ns1.munk.nu as your MX because ns1.munk.nu is glued at roots. >> I had untold issues with Code:
Sep 8 12:03:30 freebie sm-mta[86701]: g88C3TMi086699: SYSERR(root): mail.munk.nu. config error: mail loops back to me (MX problem?) *UNTIL* I echoed "munk.nu" to /etc/mail/local-host-names. After this all was fine. I will be moving to djbdns soon because I don't like the way BIND cobbles all the DNS features together as one - recursive resolution, caching, zone transfers, etc... - and would prefer to use djbdns (I did set it up for a while and found the caching name service / dns-cache and the main named tinydns to be sweet  . BIND does seem very 'clutzy' and open to attack by piling so much functionality into one single daemon.One very quick question, I can't for the life of me (really daft this I'm sure) work out how to assign a zone record for 'munk.nu' using BIND (ie when I type in 'host munk.nu' I want it to resolve to 213.152.51.194). Can you clarify how this is done? Really glad you got to this thread freebsd Thanks a lot.Jez Last edited by munkfish : September 8th, 2002 at 08:34 PM.
|
|
#5
September 9th, 2002, 06:44 AM
|
|||
|
|||
|
Quote:
You really shouldn't have any routable IP entry in /etc/hosts. Relying on /etc/hosts to resolve FQDNs is just a workaround for some clueless newbies. Don't forget, /etc/hosts was never meant to be a way to configure FQDN to create valid DNS entry. If removing a line in /etc/hosts makes you unable to resolve a name, then that name really have a DNS misconfiguration itself that need to be fixed. BTW, some software like any djbware never read /etc/hosts file. >> Should I set 'hostname ns1.munk.nu'? Yes, it's a very common setup to set your hostname to be ns1.xxx.yyy or even mail.xxx.yyy. >> how to assign a zone record for 'munk.nu' using BIND Just add another A record like so: Code:
munk.nu. IN A 213.152.51.194
|
|
| Viewing: Dev Shed Forums > System Administration > DNS > Advice on named.conf and master zone file config |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
