System Administration: Another Step toward the BIND - IV
In this session we're going to look at a zone file listed in our named.conf file.
So let's look at pri.example.org. Notice the a CNAME and SPF files. We didn't list those in our file types in part III, but we'll demonstrate what they do in the next session.
Here's our zone file:
@ IN SOA server1.example.org. root.localhost. ( 2006012103; serial 28800; refresh, seconds 7200; retry, seconds 604800; expire, seconds 86400 ); minimum, seconds ; NS server1.example.org.; NS server2.example.org. ; ; MX 10 server1.example.org. ; example.org. A 184.108.40.206 www A 220.127.116.11 server1 A 18.104.22.168 server2 A 22.214.171.124 ftp CNAME www example.org. TXT "v=spf1 a mx ~all" server1.example.org. TXT "v=spf1 a -all"
The first line in our zone file looks like this:
@ IN SOA server1.example.org. root.localhost. (
The "@" sign in the line refers to the "origin" for this zone file which is server1.example.org. DNS uses this as simply a label to designate the Start Of Authority (SOA) record that appears at the beginning of any zone file defining a domain. Don't make too much out of this. If you read much about DNS, then you will see people using this strange term "current origin". Few people explain what that means. It's just another bit of jargon.
The next item on the line "IN" stands for Internet. People call this a class field. Three classes exist including "HS" for Hesiod servers and "CH" which stands for Chaosnet servers.
You will only see Internet servers, but if you sweat the small stuff then you might want to know that HS and CH protocols barely exist. These are old typologies dating back to the 1970s. If you ever use them, it might be in a laboratory in a far off corner with some lab rats.
IETF RFC 1035, Domain Names - Implementation and Specification says:
The SOA record stores information about the name of the server that supplied the data for the zone; the administrator of the zone; the current version of the data file [serial number]; the number of seconds a secondary name server should wait before checking for updates; the number of seconds a secondary name server should wait before retrying a failed zone transfer; the maximum number of seconds that a secondary name server can use data before it must either be refreshed or expire; and a default number of seconds for the time-to-live file on resource records.
What's next? The mailing address of the administrator in this file is root@localhost. Obviously, my mail server delivers local mail so messages related to this process will go to root's mailbox.
In case you missed it, the first line is only part of the SOA record. It has additional fields. Notice the "(" at the end of the line. Here's the rest of the record. Remember these exist for the benefit of the slave server.
2006012103; serial 28800; refresh, seconds 7200; retry, seconds 604800; expire, seconds 86400 ); minimum, seconds
The serial number is the only field in the record that does not refer to seconds.
The remaining fields use seconds to denote their values. For example, the number of seconds a secondary name server should wait before checking for updates is in the refresh record. 28800 seconds is 480 minutes or 8 hours.
Also notice that the SOA record ends at the end of the Minimum-Time to Live (TTL). You can see the ")" symbol which closes the record values.
Next we write our NS records. This record specifies the name servers that are responsible for our domain. You can list as many as you want even though two are used by convention.
NS server1.example.org.; NS server2.example.org. ;
Please note: the semicolon (';') does not mark the end of a line; instead it marks the beginning of a comment in a zone file. You can write
NS server1.example.org.; This is my primary name server.
However, if you do not have any comments, you can as well write:
In the next session, we'll analyze the remainder of the zone file. For now, you might want to take a bit of a breather.
Webinar: 8 Signs You’re Beyond Cron
11am CDT, April 29th
- March 2015 Issue of Linux Journal: High-Performance Computing
- New Products
- Not So Dynamic Updates
- Users, Permissions and Multitenant Sites
- Flexible Access Control with Squid Proxy
- Security in Three Ds: Detect, Decide and Deny
- April 2015 Video Preview
- Tighten Up SSH
- DevOps: Everything You Need to Know
- Non-Linux FOSS: MenuMeters