System Administration: Another Step toward the BIND
How important are Domain Name Services? Consider this, suppose you want to set up your own web site, you go to a commercial registrar and attempt to acquire a domain name. The purchasing process won't proceed unless you can enter the IP addresses or Internet names of two existing, registered DNS servers for your domain.
For most people who have someone else set up and host their web site, that many not come into play. But for sophisticated sites where you might want to run a large email server or directory service, you need to control your own DNS.
As we've said previously, Linux distributions come with BIND, an application that runs the vast majority of all DNS servers. BIND runs a service or daemon called named. It's primary configuration file is called named.conf. (We assume that you know that Linux services or daemon's have configuration files associated with them.)
BIND's configuration file is basically a directory of all the domains hosted on that particular server. For example, if you contracted with an ISP to host a web site, you would probably use their services to list your domain on the Internet. Your domain would be one of perhaps hundreds or thousands of domains listed on the ISP's server.
Unfortunately, the ISP will not give you access to their DNS servers. So, if you need to make a change to your domain, you have to ask them to do it for you. That usually requires filing a trouble ticket with your ISP and then waiting for the ISP to make the change.
Using a third party to host your domain services usually means you'll be inconvenienced. If the ISP makes a mistake, you will have to get them to fix it. They also rarely provide all the services required by a web site's needs. So, many web site owners and developers operate their own DNS servers rather than use an ISP or other third party provider.
BIND uses named.conf, to point to a file containing all the information others need to know about your domain. We call that the domain's database. Every domain hosted on a DNS server must have its own unique zone file.
Actually, even if your domain is the only one listed on your DNS server, BIND needs zone files to function properly. We'll get into that later but right now we need to focus on your domain's database or zone file.
DNS Server Configurations
So far, we have written about DNS servers as if their only role involved resolving your domain. When a system administrator sets up a DNS server, he or she can choose amongst three configurations depending on the service needed.
The way one writes named.conf determines how a server behaves. Sometimes you only need a DNS server to perform lookups of other domains for your users. Then again sometimes you need to let other servers on the Internet obtain information about the domains you host. If you have an authoritative server over a domain then under BIND you also need a server that performs backup duties in case your primary server fails.
Let's look more closely at our choices:
The caching server
People often use a caching server to reduce the load of a primary name server. The server you set up to host domains is usually tied up answering queries from other DNS servers on the Internet. With any volume that job alone can put a strain on its resources. So, administrators use caching servers to store information locally for user lookups.
You'll see caching servers used by ISPs, for example, just to service their retail customers. Then they'll use another server for the customers that use the ISP to host their web sites.
The caching server has no authority; it simply makes DNS work faster by storing domain names it gets from authoritative servers and offering them to its clients. When you perform a query, the server keeps the results in cache. The next time you attempt to find a web site, you won't have to go through the entire search process again. You'll get the host to IP address information from the cache. When you install BIND, it sets up a caching server by default.
The master server
The master server contains the information about the domains it hosts and answers queries made by other computers on the Internet. This is the server we'll configure as we delve into our first zone file.
The slave or secondary server
If you registered a domain, you were required to provide the name of two domains servers. The second server you listed actually backs up the primary in case it fails. The secondary server's database is populated by a backup process in BIND.
The slave server is an authoritative server and answers queries unlike a caching server. Each public Internet domain needs one master server and at least one slave or secondary server. The slave server queries the master server at specific intervals and, if changes occur, updates its files by downloading them from the master server.
Back to named
When named receives a request it consults its own small directory, its configuration file, named.conf. The named process listens by default on port 53 of a Linux system. When it receives a query for an address, it looks for the information in its directories taking a short cut from named.conf to a zone file.
The following text depicts a simple named.conf file. If you can't understand it at this point, just get familiar with the way it looks, how its formatted and notice the terms used.
Remember, this file is typically already installed on your Linux server by default. Depending on the distribution, named.conf can live in different directories and the configuration file may look slightly different. Sometimes, for example, the file comes heavily commented.
Now the file. Comments in this file use the double slash marks “//
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- BitTorrent Inc.'s Sync
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- New Container Image Standard Promises More Portable Apps
- The Humble Hacker?
- The Death of RoboVM
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- Open-Source Project Secretly Funded by CIA
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide