System Administration: Another Step toward the BIND

How important are Domain Name Services? Consider this, suppose you want to set up your own web site, you go to a commercial registrar and attempt to acquire a domain name. The purchasing process won't proceed unless you can enter the IP addresses or Internet names of two existing, registered DNS servers for your domain.

For most people who have someone else set up and host their web site, that many not come into play. But for sophisticated sites where you might want to run a large email server or directory service, you need to control your own DNS.

As we've said previously, Linux distributions come with BIND, an application that runs the vast majority of all DNS servers. BIND runs a service or daemon called named. It's primary configuration file is called named.conf. (We assume that you know that Linux services or daemon's have configuration files associated with them.)

BIND's configuration file is basically a directory of all the domains hosted on that particular server. For example, if you contracted with an ISP to host a web site, you would probably use their services to list your domain on the Internet. Your domain would be one of perhaps hundreds or thousands of domains listed on the ISP's server.

Unfortunately, the ISP will not give you access to their DNS servers. So, if you need to make a change to your domain, you have to ask them to do it for you. That usually requires filing a trouble ticket with your ISP and then waiting for the ISP to make the change.

Using a third party to host your domain services usually means you'll be inconvenienced. If the ISP makes a mistake, you will have to get them to fix it. They also rarely provide all the services required by a web site's needs. So, many web site owners and developers operate their own DNS servers rather than use an ISP or other third party provider.

BIND uses named.conf, to point to a file containing all the information others need to know about your domain. We call that the domain's database. Every domain hosted on a DNS server must have its own unique zone file.

Actually, even if your domain is the only one listed on your DNS server, BIND needs zone files to function properly. We'll get into that later but right now we need to focus on your domain's database or zone file.

DNS Server Configurations

So far, we have written about DNS servers as if their only role involved resolving your domain. When a system administrator sets up a DNS server, he or she can choose amongst three configurations depending on the service needed.

The way one writes named.conf determines how a server behaves. Sometimes you only need a DNS server to perform lookups of other domains for your users. Then again sometimes you need to let other servers on the Internet obtain information about the domains you host. If you have an authoritative server over a domain then under BIND you also need a server that performs backup duties in case your primary server fails.

Let's look more closely at our choices:

The caching server

People often use a caching server to reduce the load of a primary name server. The server you set up to host domains is usually tied up answering queries from other DNS servers on the Internet. With any volume that job alone can put a strain on its resources. So, administrators use caching servers to store information locally for user lookups.

You'll see caching servers used by ISPs, for example, just to service their retail customers. Then they'll use another server for the customers that use the ISP to host their web sites.

The caching server has no authority; it simply makes DNS work faster by storing domain names it gets from authoritative servers and offering them to its clients. When you perform a query, the server keeps the results in cache. The next time you attempt to find a web site, you won't have to go through the entire search process again. You'll get the host to IP address information from the cache. When you install BIND, it sets up a caching server by default.

The master server

The master server contains the information about the domains it hosts and answers queries made by other computers on the Internet. This is the server we'll configure as we delve into our first zone file.

The slave or secondary server

If you registered a domain, you were required to provide the name of two domains servers. The second server you listed actually backs up the primary in case it fails. The secondary server's database is populated by a backup process in BIND.

The slave server is an authoritative server and answers queries unlike a caching server. Each public Internet domain needs one master server and at least one slave or secondary server. The slave server queries the master server at specific intervals and, if changes occur, updates its files by downloading them from the master server.

Back to named

When named receives a request it consults its own small directory, its configuration file, named.conf. The named process listens by default on port 53 of a Linux system. When it receives a query for an address, it looks for the information in its directories taking a short cut from named.conf to a zone file.

The following text depicts a simple named.conf file. If you can't understand it at this point, just get familiar with the way it looks, how its formatted and notice the terms used.

Remember, this file is typically already installed on your Linux server by default. Depending on the distribution, named.conf can live in different directories and the configuration file may look slightly different. Sometimes, for example, the file comes heavily commented.

Now the file. Comments in this file use the double slash marks “//

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Mail Archive

Selena's picture

Thanks for the great example we decided to use the "mail archive" instead of setting up our own mail server since we are a small working group.

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix