System Administration: Another Step toward the BIND - IV
In this session we're going to look at a zone file listed in our named.conf file.
So let's look at pri.example.org. Notice the a CNAME and SPF files. We didn't list those in our file types in part III, but we'll demonstrate what they do in the next session.
Here's our zone file:
@ IN SOA server1.example.org. root.localhost. ( 2006012103; serial 28800; refresh, seconds 7200; retry, seconds 604800; expire, seconds 86400 ); minimum, seconds ; NS server1.example.org.; NS server2.example.org. ; ; MX 10 server1.example.org. ; example.org. A 184.108.40.206 www A 220.127.116.11 server1 A 18.104.22.168 server2 A 22.214.171.124 ftp CNAME www example.org. TXT "v=spf1 a mx ~all" server1.example.org. TXT "v=spf1 a -all"
The first line in our zone file looks like this:
@ IN SOA server1.example.org. root.localhost. (
The "@" sign in the line refers to the "origin" for this zone file which is server1.example.org. DNS uses this as simply a label to designate the Start Of Authority (SOA) record that appears at the beginning of any zone file defining a domain. Don't make too much out of this. If you read much about DNS, then you will see people using this strange term "current origin". Few people explain what that means. It's just another bit of jargon.
The next item on the line "IN" stands for Internet. People call this a class field. Three classes exist including "HS" for Hesiod servers and "CH" which stands for Chaosnet servers.
You will only see Internet servers, but if you sweat the small stuff then you might want to know that HS and CH protocols barely exist. These are old typologies dating back to the 1970s. If you ever use them, it might be in a laboratory in a far off corner with some lab rats.
IETF RFC 1035, Domain Names - Implementation and Specification says:
The SOA record stores information about the name of the server that supplied the data for the zone; the administrator of the zone; the current version of the data file [serial number]; the number of seconds a secondary name server should wait before checking for updates; the number of seconds a secondary name server should wait before retrying a failed zone transfer; the maximum number of seconds that a secondary name server can use data before it must either be refreshed or expire; and a default number of seconds for the time-to-live file on resource records.
What's next? The mailing address of the administrator in this file is root@localhost. Obviously, my mail server delivers local mail so messages related to this process will go to root's mailbox.
In case you missed it, the first line is only part of the SOA record. It has additional fields. Notice the "(" at the end of the line. Here's the rest of the record. Remember these exist for the benefit of the slave server.
2006012103; serial 28800; refresh, seconds 7200; retry, seconds 604800; expire, seconds 86400 ); minimum, seconds
The serial number is the only field in the record that does not refer to seconds.
The remaining fields use seconds to denote their values. For example, the number of seconds a secondary name server should wait before checking for updates is in the refresh record. 28800 seconds is 480 minutes or 8 hours.
Also notice that the SOA record ends at the end of the Minimum-Time to Live (TTL). You can see the ")" symbol which closes the record values.
Next we write our NS records. This record specifies the name servers that are responsible for our domain. You can list as many as you want even though two are used by convention.
NS server1.example.org.; NS server2.example.org. ;
Please note: the semicolon (';') does not mark the end of a line; instead it marks the beginning of a comment in a zone file. You can write
NS server1.example.org.; This is my primary name server.
However, if you do not have any comments, you can as well write:
In the next session, we'll analyze the remainder of the zone file. For now, you might want to take a bit of a breather.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Death of RoboVM
- BitTorrent Inc.'s Sync
- The US Government and Open-Source Software
- The Humble Hacker?
- Open-Source Project Secretly Funded by CIA
- ACI Worldwide's UP Retail Payments
- New Container Image Standard Promises More Portable Apps
- AdaCore's SPARK Pro
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide