Bind Cinfiguration Examples

A Caching-Only Server Appropriate for a subnet that a wants a local

server but don’t want to deal with data files. TO be configured: boot file, cache file

Cache file Name : /var/domain/root ; /etc/named.ca Purpose: hold name server and address records for

the root servers.

Sample cache file

; Initial cache data for root domain servers

99999999 IN NS NS.ITERNIC.NET 99999999 IN NS TERP.UMD.EDU

99999999 IN NS NS.NASA.GOV99999999 IN NS AOS.ARL.ARMY.MIL99999999 IN NS KAVA.NISC.SRI.COM99999999 IN NS C.NYSER.NET99999999 IN NS NIC.NORDU.NET

99999999 IN NS NS.NIC.DDN.MIL

;Prime the cache , hotwire the addresses NS.INTERNIC.NET 99999999 IN A 198.41.0.4 TERP.UMD.EDU 99999999 In A 128.8.10.90........................................

Primary server

A primary server for a small company To configure :boot file , cache file , add some data files sample /etc/named.boot

; Bind 4.9.3 boot file for xor.com

directory /var/domain

cache . Root.cache

primary xor.com xor.hosts

Primary 21.108.192/IN-ADDR.ARPA xor.rev

Primary 0.0.127.IN-ADDR.ARPA local.rev

/var/domain/xor.host: The domain’s forward data .

Primary server(continued)

xor.rev : The reverse mappings.

local.rev: The reverse local host zone .

A Primary Server for a Large site The DNS is kept in serveral files The reverse-mapping zones are organized by subnet number . Configure files: cahce file , boot file.

Forward zone : /var/domain/forward/cs

more complex ,may include some host work as a router . Reverse zones : /var/domain/reverse

Are uaually sorted by the host digit of the IP address.

Reverse mapping for the local host address(127.0.0.1) doesn’t change.

Primary server(continued)

Glue RecordsIt is to help the zones connect together to form a coherent hierarchy.

List a subdomain’s server as a glue records in the data for the parent zone.

Example: a fraction of colorado.edu zone file

;subdomain information

cs IN NS ns.cs.colorado.edu.

IN NS piper.cs.colorado.edu.

IN NS anchor.cs.colorado.edu.

ee IN NS ee-gw.ee.colorado.edu.

IN NS ns.cs.clolrado.edu

Primary server(continued)

;glue records

ns.cs IN A 128.138.243.151

piper.cs IN A 128.138.204.4

anchor.cs IN A 128.138.243.100

ee-gw.ee IN A 128.138.200.1

Updating Zone Files

When to update: make a chage to a domain.

What to update: data files on the promary server.

Steps: modify data files(including forward and reverse zones). Increment the serial number in the SOA record for the zone

and send a hangup signal to named.

Zone Transfers

What is Zone Transfer a mechanism it synchronize the DNS servers.It maks all the data for a

zone is transferred at once.

Steps Secondary server notices that its data is out of date. Secondary server wants to refresh its data. Secondary server requests a zone transfer from the promary server. Secondary server makes a backup copy of the zone data on disk. Primary server send the zone data and the secondary server receives it. The secondary use the new data only after the transfer is completed

Zone transfer uses the TCP on port53 and log information via syslog with the tag “named-xfer”

Security issues

Why need Security issues DNS is an inherently open system.

How to secure control Zone transfers through the xfrnets directive in the

named.boot file . Build an access list of hosts and networks to secure zones. Protect network at a lover level through router access

control lists and normal security hygiene on each host.

Testing and DebugggingDebugging aids for named:

command-line debug. Signals:tell named to adjust the debugging level or to dump

its database or statistics nslookup or dig :verify name lookups

syslog :report error messages . levels of message:

criterrwarningnoticeinfo

Testing and Debuggging

Debug Debug levels: indicated by integers from 0 to 11, the

higher the number the more verbose the output Debugging information is written to the file

/var/temp/named.run

Signals for named named listens for the following signals:

Signal Function• usr1 increments debug lever by 1

• usr2 terns off debugging

• int dumps database to named_dump.db

• iot/abrt dumps statistics to named.stats

Testing and Debuggging• Hup reloads boot file and database files

• kill kills named, must restart by hand(flushes cache)

• winch toggles tracing of incoming queries(bind4.9).

Debugging with nslookup and dig Nslookup: a user level command that queries the DNS database.

Dig(domain information groper):similar as nslookup, but have a nicer user interface.

Lame delegations How it results: if the domain is never used or the name servers is

changed without updating the parent domain’s glue records. Lame delegation has bad effects.

Host Management Tools

The task of Host management tools:to manage the DNS database files and other data files over a

whole naming domain.

Addhost includes: addhosted, ineted. the add host database includes :

Name server data Invertory dataResponsible person/department.

DNS for systems not on the Internet

For whom a small company that is not yet on the Internet or an

organization that hide its local structure behind a firewall.

Setup cache file shuld point to local name servers. Not to the root

servers of the Internet need to get a registered domain name and legitimate IP

addresses.

Versions of BIND

Versions: BIND4.9.3. UTBIND: based onBIND4.8.3, by University of Tornto. Other various patched version for SUNOS that coexsit

with NIS

Specifics for various Operating systems

The difference of BIND for different OS Configuration files the release of BIND that is based on How to intergrate BIND with other sources of

administrative data.

Solaris’s BIND: based on BIND version 4.8.3

HP-UX’s BiND based on BIND 4.8.3

Specifics for various Operating systems

IRIX’s BIND: based on BIND 4.8.3

SUNOS’s BIND: based on BIND4.8.1

OSF/1’s BIND based on BIND 4.9

Recommended supplemental Reading

Books on Internet topic in the O’Reilly Nutshell series. Public mailing list for DNS and BIND issues

bind-request@uunet.uu.net “name server oerations Guide for BIND” in UNIX systerm

Managers Manual, Usenix Assocaiton, 1994