lans can use wins. unix lans can use nis. but because dns is the directory service for the internet

8/9/2019 LANs Can Use WINS. UNIX LANs Can Use NIS. but Because DNS is the Directory Service for the Internet

1/63

How To Set Up Linux DNS Services

The material on this page was prepared using Sarge or Etchconfigured using our Installation and Packages pages.If you did not use our pages to set up your system, what youencounter on your system may be different than what is given here.

As mentioned on the Networking page, every system on the Internet must have a uniqueIP address. (This does not include systems that are behind a NAT firewall because theyare not directly on the Internet.) DNS acts as a directory service for all of these systems,allowing you to specify each one by its hostname. A telephone book allows you to lookup an individual person by name and get their telephone number, their unique identifier

on the telephone system's network. DNS allows you to look up individual server by nameand get its IP address, its unique identifer on the Internet.

There are other hostname-to-IP directory services in use, mainly for LANs. WindowsLANs can use WINS. UNIX LANs can use NIS. But because DNS is the directoryservice for the Internet (and can also be used for LANs) it is the most widely used. UNIXLANs could always use DNS instead of NIS, and starting with Windows 2000 Server,Windows LANs could use DNS instead of, or in addition to, WINS. And on small LANswhere there are only a few machines you could just use HOSTS files on each systeminstead of setting up a server running DNS, NIS, or WINS.


2/63

BOEDOET 1As a service, DNS is critical to the operation of the Internet. When you enter www.some-domain.com in a Web browser, it's DNS that takes the www host name and translates itto an IP address. Without DNS, you could be connected to the Internet just fine, but youain't goin' no where. Not unless you keep a record of the IP addresses of all of theresources you access on the Internet and use those instead of host/domain names.

So when you visit a Web site, you are actually doing so using the site's IP address eventhough you specified a host and domain name in the URL. In the background yourcomputer quickly queried a DNS server to get the IP address that corresponds to the Web

site's server and domain names. Now you know why you have to specify one or two DNSserver IP addresses in the TCP/IP configuration on your desktop PC (in the resolv.conffile on a Linux system and the TCP/IP properties in the Network Control Panel onWindows systems).

A "cannot connect" error doesn't necessarily indicate there isn't a connection to thedestination server. There may very well be. The error may indicate a failure in"resolving" the domain name to an IP address. I use the open source Firefox Webbrowser on Windows systems because the status bar gives more informational messageslike "Resolving host", "Connecting to", and "Transferring data" rather than just thegeneric "Opening page" with IE. (It also seems to render pages faster than IE.)

In short, always check for correct DNS operation when troubleshooting a probleminvolving the inability to access an Internet resource. The ability to resolve names iscritical, and later in this page we'll show you some tools you can use to investigate andverify this ability.

When you are surfing the Web viewing Web pages or sending an e-mail yourworkstation is sending queries to a DNS server to resolve server/domain names. (Back on


3/63

the Modems page we showed you how to set up your resolv.conf file to do this.) Whenyou have you own Web site that other people visit you need a DNS server to respond tothe queries from their workstations.

When you visit Web sites, the DNS server your workstation queries for name resolution

is typically run by your ISP, but you could have one of your own. When you have yourown Web site the DNS servers which respond to visitors queries are typically run by yourWeb hosting provider, but you could likewise have your own one of these too. Actually,if you set up your own DNS server it could be used to respond to both "internal" (fromyour workstation) and "external" (from your Web site's visitors) queries.

Even if you don't have your own domain name, or even your own LAN, you can stillbenefit from using a DNS server to allow others to access your Debian system. If youhave a single system connected to the Interent via a cable or DSL connection, you canhave it act as a Web/e-mail/FTP server using a neat service called "dynamic DNS" whichwe'll cover later. Dynamic DNS will even work with a modem if you want to play around

with it.

DNS Server Functions

You can set up a DNS server for several different reasons:

* Internet Domain Support: If you have a domain name and you're operatingWeb, e-mail, FTP, or other Internet servers, you'll use a DNS server ro respond toresolution queries so others can find and access your server(s). This is a seriousundertaking and you'd have to set up a minimum of two of them. On this page we'll referto these types of DNS servers as authoritative DNS servers for reasons you'll see later.However, there are alternatives to having your own authoritative DNS server if you have(or want to have) your own domain name. You can have someone else host your DNSrecords for you. Even if someone else is taking care of your domain's DNS records youcould still set up one of the following types of DNS servers.

* Local Name Resolution: Similar to the above scenario, this type of DNS serverwould resolve the hostnames of systems on your LAN. Typically in this scenario there isone DNS server and it does both jobs. The first being that it receives queries fromworkstations and the second being that it serves as the authoritative source for theresponses (this will be more clear as we progress). Having this type of DNS server wouldeliminate the need to have (and manually update) a HOSTS file on each system on yourLAN. On this page we'll refer to these as LAN DNS servers.

During the Debian installation you are asked to supply a domain name. Thisis an internal (private) domain name which is not visible to the outside world so, like theprivate IP address ranges you use on a LAN, it doesn't have to be registered with anyone.A LAN DNS server would be authoritative for this internal, private domain. For securityreasons, the name for this internal domain should not be the same as any public domainname you have registered. Private domain names are not restricted to using one of the


4/63

established public TLD (Top Level Domain) names such as .com or .net. You coulduse .corp or .inc or anything else for your TLD. Since a single DNS server can beauthoritative for multiple domains, you could use the same DNS server for both yourpublic and private domains. However, the server would need to be accessible from boththe Internet and the LAN so you'd need to locate it in a DMZ. Though you want to use

different public and private domain names, you can use the same name for the second-level domain. For example, my-domain.com for the public name and my-domain.inc forthe private name.

* Internet Name Resolution: LAN workstations and other desktop PCs need tosend Internet domain name resolution queries to a DNS server. The DNS server mostoften used for this is the ISP's DNS servers. These are often the DNS servers you specifyin your TCP/IP configuration. You can have your own DNS server respond to theseresolution queries instead of using your ISP's DNS servers. My ISP recently had aproblem where they would intermittently lose connectivity to the network segment thattheir DNS servers were connected to so they couldn't be contacted. It took me about 30

seconds to turn one of my Debian systems into this type of DNS server and I was sur

BOEDOE

T 1fing with no problems. On this page we'll refer to these as simple DNS servers. If asimple DNS server fails, you could just switch back to using your ISP's DNS servers. Asa matter of fact, given that you typically specify two DNS servers in the TCP/IPconfiguration of most desktop PCs, you could have one of your ISP's DNS servers listedas the second (fallback) entry and you'd never miss a beat if your simple DNS server did

go down. Turning your Debian system into a simple DNS server is simply a matter ofentering a single command.

Don't take from this that you need three different types of DNS servers. If you were to setup a couple authoritative DNS servers they could also provide the functionality of LANand simple DNS servers. And a LAN DNS server can simultaneously provide thefunctionality of a simple DNS server. It's a progressive type of thing.


5/63

If you were going to set up authoritative DNS servers or a simple DNS server you'd haveto have a 24/7 broadband connection to the Internet. Naturally, a LAN DNS server thatdidn't resolve Internet host/domain names wouldn't need this.

A DNS server is just a Debian system running a DNS application. The most widely used

DNS application is BIND (Berkeley Internet Name Domain) and it runs a daemon callednamed that, among other things, responds to resolution queries. We'll see how to install itafter we cover some basics.

DNS Basics Top of page

Finding a single server out of all of the servers on the Internet is like trying to find asingle file on drive with thousands of files. In both cases it helps to have some hierarchybuilt into the directory to logically group things. The DNS "namespace" is hierarchical inthe same type of upside-down tree structure seen with file systems. Just as you have the

root of a partition or drive, the DNS namespace has a root which is signified by a period.

DNS namespace hierarchy

When specifying the absolute path to a file in a file system you start at the root and go tothe file:

/etc/bind/named.conf

When specifying the absolute path to a server in the DNS namespace you start at theserver and go to the root:

www.aboutdebian.com.

Note that period after the 'com' as it's important. It's how you specify the root of thenamespace. An absolute path in the DNS namespace is called a FQDN (Fully QualifiedDomain Name). The use of FQDNs are prevalent in DNS configuration files and it'simportant that you always use that trailing period.

Internet resources are usually specified by a domain name and a server hostname. Thewww part of a URL is often the hostname of the Web server (or it could be an alias to aserver with a different host name). DNS is basically just a database with records for thesehostnames. The directory for the entire telephone system


6/63

BOEDOET 1is not stored in one huge phone book. Rather, it is broken up into many pieces with each

city having, and maintaining, its piece of the entire directory in its phone book. By thesame token, pieces of the DNS directory database (the "zones") are stored, andmaintained, on many different DNS servers located around the Internet. If you want tofind the telephone number for a person in Poughkeepsie, you'd have to look in thePoughkeepsie telephone book. If you want to find the IP address of the www server in thesome-domain.com domain, you'd have to query the DNS server that stores the DNSrecords for that domain.

The entries in the database map a host/domain name to an IP address. Here is a simplisticlogical view of the type of information that is stored (we'll get to the A, CNAME, and

MX designations in a bit).

A www.their-domain.com 172.29.183.103MX mail.their-domain.com 172.29.183.217A debian.your-domain.com 10.177.8.3CNAME www.your-domain.com 10.177.8.3MX debian.your-domain.com 10.177.8.3

This is why a real Internet server needs a static (unchanging) IP address. The IP addressof the server's NIC connected to the Internet has to match whatever address is in the DNSdatabase. Dynamic DNS does provide a way around this for home servers however,

which we'll see later.


7/63

KAMPUNG JAWA

BASIS

BLOK MWhen you want to browse to www.their-domain.com your DNS server (the one youspecify in the TCP/IP configuration on your desktop computer) most likely won't have aDNS record for the their-domain.com domain so it has to contact the DNS server thatdoes. When your DNS server contacts the DNS server that has the DNS records (referredto as "resource records" or "zone records") for their-domain.com your DNS server getsthe IP address of the www server and relays that address back to your desktop computer.So which DNS server has the DNS records for a particular domain?

When you register a domain name with someone like Network Solutions, one of the

things they ask you for are the server names and addresses of two or three "name servers"(DNS servers). These are the servers where the DNS records for your domain will bestored (and queried by the DNS servers of those browsing to your site). So where do youget the "name servers" information for your domain? Typically, when you host your Website using a Web hosting service they not only provide a Web server for your domain'sWeb site files but they will also provide a DNS server to store your domain's DNSrecords. In other words, you'll want to know who your Web hosting provider is going to


8/63

be before you register a domain name (so you can enter the provider's DNS serverinformation in the name servers section of the domain name registration application).

You'll see the term "zone" used in DNS references. Most of the time a zone just equatesto a domain. The only times this wouldn't be true is if you set up subdomains and set up

separate DNS servers to handle just those subdomains. For example, a company wouldset up the subdomains us.their-domain.com and europe.their-domain.com and would"delegate" a separate DNS server to each one of them. In the case of these two DNSservers their zone would be just the subdomains. The zone of the DNS server for theparent their-domain.com (which would contain the servers www.their-domain.com andmail.their-domain.com) would only contain records for those few machines in the parentdomain.

Note that in the above example "us" and "europe" are subdomains while "www" and"mail" are host names of servers in the parent domain.

Once you've got your Web site up and running on your Web hosting provider's serversand someone surf's to your site, the DNS server they specified in their local TCP/IPconfiguration will query your hosting provider's DNS servers to get the IP address foryour Web site. The DNS servers that host the DNS records for your domain, i.e. the DNSservers you specify in your domain name registration application, are the a

BOEDOET 1uthoritative DNS servers for your domain. The surfer's DNS server queries one of your

site's authoritative DNS servers to get an address and gets an authoritative response.When the surfer's DNS server relays the address information back to the surfer's local PCit is a "non-authoritaive" response because the surfer's DNS server is not an authoritativeDNS server for your domain.

Example: If you surf to MIT's Web site the DNS server you have specified in yourTCP/IP configuration queries one of MIT's authoritative DNS servers and gets anauthoritative response with the IP address for the 'www' server. Your DNS server then


9/63

sends a non-authoritative response back to your PC. You can easily see this for yourself.At a shell prompt, or a DOS window on a newer Windows system, type in:

nslookup www.mit.edu

First you'll see the name and IP address of your locally-specified DNS server. Then you'llsee the non-authoritative response your DNS server sent back containing the name and IPaddress of the MIT Web server.

If you're on a Linux system you can also see which name server(s) your DNS servercontacted to get the IP address. At a shell prompt type in:

whois mit.edu

and you'll see three authoritative name servers listed with the hostnames STRAWB,W20NS, and BITSY. The 'whois' command simply returns the contents of a site's domain

record.

Records and Records

Don't confuse DNS zone records with domain records. Your domain record is createdwhen you fill out a domain name registration application and is maintained by the domainregistration service (like Network Solutions) you used to register the domain name. Adomain only has one domain record and it contains administrative and technical contactinformation as well as entries for the authoritative DNS servers (aka "name servers") thatare hosting the DNS records for the domain. You have to enter the hostnames andaddresses for multiple DNS servers in your domain record for redundancy (fail-over)purposes.

DNS records (aka zone records) for a domain are stored in the domain's zone file on theauthoritative DNS servers. Typically, it is stored on the DNS servers of whatever Webhosting service is hosting your domain's Web site. However, if you have your own Webserver (rather than using a Web hosting service) the DNS records could be hosted by youusing your own authoritative DNS servers (as in MIT's case), or by a third party likeEasyDNS.

In short, the name servers you specified in your domain record host the domain's zonefile containing the zone records. The name servers, whether they be your Web hostingprovider's, those of a third party like EasyDNS, or your own, which host the domain'szone file are auhoritative DNS servers for the domain.

Because DNS is so important to the operation of the Internet, when you register a domainname you must specify a minimum of two name servers. If you set up your ownauthoritative DNS servers for your domain you must set up a minimum of two of them(for redundency) and these would be the servers you specify in your domain record.


10/63

While the multiple servers you specify in your domain record are authoritative for yourdomain, only one DNS server can be the primary DNS server for a dom

BOEDOE

T 1ain. Any others are "secondary" servers. The zone file on the primary DNS server is"replicated" (transferred) to all secondary servers. As a result, any changes made to DNSrecords must be made on the primary DNS server. The zone files on secondary serversare read-only. If you made changes to the records in a zone file on a secondary DNSserver they would simply be overwritten at the next replication. As you will see below,the primary server for a domain and the replication frequency are specified in a specialtype of zone record.

Early on in this page we said that the DNS zone records are stored in a DNS database

which we now know is called a zone file. The term "database" is used quite loosely. Thezone file is actually just a text file which you can edit with any text editor. A zone file isdomain-specific. That is, each domain has its own zone file. Actually, there are two zonefiles for each domain but we're only concerned with one right now. The DNS servers fora Web hosting provider will have many zone files, two for each domain it's hosting zonerecords for. A zone "record" is, in most cases, nothing more than a single line in the textzone file.

There are different types of DNS zone records. These numerous record types give youflexibility in setting up the servers in your domain. The most common types of zonerecords are:

* An A (Address) record is a "host record" and it is the most common type. It issimply a static mapping of a hostname to an IP address. A common hostname for a Webserver is 'www' so the A record for this server gives the IP address for this server in thedomain.

* An MX (Mail eXchanger) record is specifically for mail servers. It's a special typeof service-specifier record. It identifies a mail server for the domain. That's why you don't


11/63

have to enter a hostname like 'www' in an e-mail address. If you're running Sendmail(mail server) and Apache (Web server) on the same system (i.e. the same system is actingas both your Web server and e-mail server), both the A record for the system and the MXrecord would refer to the same server.

To offer some fail-over protection for e-mail, MX records also have a Priority field(numeric). You can enter two or three MX records each pointing to a different mailserver, but the server specified in the record with the highest priority (lowest number)will be chosen first. A mail server with a priority of 10 in the MX record will receive e-mail before a server with a priority of 20 in its MX record. Note that we are only talkingabout receiving mail from other Internet mail servers here. When a mail server is sendingmail, it acts like a desktop PC when it comes to DNS. The mail server looks at thedomain name in the recipient's e-mail address and the mail server then contacts its localDNS server (specified in the resolv.conf file) to get the IP address for the mail server inthe recipient's domain. When an authoriative DNS server for the recipient's domainreceives the query from the sender's DNS server it sends back the IP addresses from the

MX records it has in that domain's zone file.

* A CNAME (Canonical Name) record is an alias record. It's a way to have the samephysical server respond to two different hostnames. Let's say you're not only runningSendmail and Apache on your server, but you're also running WU-FTPD so it also acts asan FTP server. You could create a CNAME record with the alias name 'ftp' so peoplewould use ftp.your-domain.com and www.your-domain.com to access different services


12/63

on the same server.

Another use for a CNAME record was illustrated in the example near the top of thepage. Suppose you name your Web server 'debian' instead of 'www'. You could sim


13/63

BOEDOET 1ply create a CNAME record with the alias name 'www' but with the hostname 'debian'and debian's IP address.

* NS (Name Server) records specify the authoritative DNS servers for a domain.

* There can multiples of all of the above record types. There is one special recordtype of which there is only one record in the zone file. That's the SOA (Start OfAuthority) record and it's the first record in the zone file. An SOA record is only presentin a zone file located on authoritative DNS servers (non-authoritative DNS servers cancache zone records). It specifies such things as:

o The primary authoritative DNS server for the zone (domain).o The e-mail address of the zone's (domain's) administrator. In zone files, the '@'

has a specific meaning so the e-mail address is written as me.my-domain.com.


14/63

o Timing information as to when secondary DNS servers should refresh or

expire a zone file and a serial number to indicate the version of the zone file for the sakeof comparison.

The SOA record is the one that takes up several lines.

Several important points to note about the records in a zone file:

* Records can specify servers in other domains. This is most commonly used with MXand NS records when backup servers are located in a different domain but receive mail orresolve queries for your domain.

* There must be an A record for systems specified in all MX, NS, and CNAMErecords.

* A and CNAME records can specify workstations as well as servers (which you'll seewhen we set up a LAN DNS server).

Now lets look at a typical zone file. When a Debian system is set up as a DNS server thezone files are stored in the /etc/bind directory. In a zone file the two parantheses aroundthe timer values act as line-continuation characters as does the '\' character at the end ofsecond line. The ';' is the comment character. The 'IN' indicates an INternet-class record.


15/63

$TTL 86400my-name.com. IN SOA debns1.my-name.com. \

joe.my-name.com. {2004011522 ; Serial no., based on date

21600 ; Refresh after 6 hours

3600 ; Retry after 1 hour604800 ; Expire after 7 days3600 ; Minimum TTL of 1 hour

);Name serversdebns1 IN A 192.168.1.41debns2.joescuz.com. IN A 192.168.1.42

@ IN NS debns1my-name.com. IN NS debns2.my-name.com.

;Mail serversdebmail1 IN A 192.168.1.51debmail2.my-name.com. IN A 192.168.1.52

@ IN MX 10 debmail1my-name.com. IN MX 20 debmail2.my-name.com.


16/63

;Aliased servers

debhp IN A 192.168.1.61debdell.my-name.com. IN A 192.168.1.62

www IN CNAME debhp


17/63

ftp.my-name.com. IN CNAME debdell.my-name.com.

Several things to take note of when evaluating this example zone file:

* Records are grouped in fours and then subgrouped in twos. The lines are spaced apartonly to aid in the readability of this example. You don't want any blank lines in a zonefile.


18/63

* The first two records in the group of four use A records to specify the serve

rs, and then the second two records are types which specify what those servers are usedfor. Optionally, you could list all A records together, all NS records together, all CNAMErecords together, etc.


19/63

* The first record in the subgroup of two is a shorthand way of entering theinformation (without the FQDN). The second record is the longhand way. The '@' is ashorthand way of specifying "this zone" (domain).

* Whenever you specify a domain in a zone file it must have a trailing period to make

it a FQDN.

* The $TTL 86400 line at the very top of the file specifies the Time To Live value forthe record (used by secondary DNS servers).

* Notice that this zone file specifies the required two DNS servers (with the primaryspecified in the SOA record) and two mail servers (also for redundancy).

* Also notice the priority numbers before the hostnames in the MX records.

If you had a simpler setup with only one server with the hostname 'debian' that operatedas a Web, e-mail, and FTP server and you had your DNS records hosted by someone likeEasyDNS, your zone file would look a lot simpler:

$TTL 86400my-name.com. IN SOA ns1.easydns.com. \

me.my-name.com. (2004011522 ; Serial no., based on date

21600 ; Refresh after 6 hours3600 ; Retry after 1 hour

604800 ; Expire after 7 days3600 ; Minimum TTL of 1 hour

)debian IN A 192.168.1.51ns1.easydns.com. IN A 216.220.40.243ns2.easydns.com. IN A 205.210.42.20@ IN NS ns1.easydns.com.@ IN NS ns2.easydns.com.@ IN MX 10 debianwww IN CNAME debianftp IN CNAME debiandebian IN CNAME @

Naturally, the 192.168.1.51 private address in this example would have to be an ISP-assigned public address for an Internet-accessible server. We just used a private addressas an example.


20/63

Notice that the last CNAME record is a little different from the others. It specifies whichserver should handle requests when no hostname is specified, i.e. requests going tosimply my-name.com in a URL, etc. Notice also that you can specify other domains inyour zone file which is where the long-hand way of specifying a FQDN is useful.


21/63

Dynamic DNS Top of page

If you set up a Debian system to act as a combination firewall, NAT, and home Webserver you (and others if you wish) can access the Web pages on it (such as your Webcam images) from a remote location by entering the system's IP address in the URL. The


22/63

IP address would be whatever is assigned to you by your ISP. The problem is that, unlessyou pay extra to have a static IP address, the IP address assigned by your ISP will changefrom time to time and trying keeping up with these changes can be a pain. You can getaround this by using a host and domain name to access your system instead of an IPaddress. Being able to access your system using a consistent name in the URL even

though the IP address changes is a major benefit of dynamic DNS.

Dynamic DNS (DDNS) is the ability for a host (your Debian server) to update its ownDNS A record. A host's IP address (or what appears to be its IP address) can changewhen you use a home broadband service such as cable or DSL, or when you dial into anISP (PPP connection) using a modem. If you have a broadband connection, DDNS allowsyou to have a full-time Internet server even though you don't have a static IP address.

You run a small DDNS client on your server that sends DNS record update requests tothe DDNS server. If you have your own domain name, the DDNS server

is the one that's listed as the primary name server in your domain record. Most DNSservers do not support dynamic updates by default. They have to be configured to listenfor dynamic updates. When your server is booted up (or you run the client softwaremanually) it sends a request to the DDNS server to check/update the IP address in the Arecord for your server. If you've pulled a different IP address from your ISP since the lasttime a request was sent, the A record is updated with this new IP address.


23/63

When you use a firewall router, what appears to be your server's IP address is actually theIP address on the "external" router interface. As mentioned on the Networking page, therouter does NAT and this address translation can cause difficulties for dynamic DNS.ddclient is a DDNS client that works with firewalls, is compatible with a number ofDDNS services, and is available as a Debian package.

Dynamic DNS with Your Own Domain

You can use dynamic DNS if you already have, or want to have, your own registereddomain name. You may want your own domain name for several reasons:

* You want to set up production Internet servers for an organization or business withstatic IP addresses.

* You want to use your own domain name with your home server(s).* You want to (as in my case) set up a "non-production" domain just for playing

around with. A non-production domain would allow you to investigate how DNS works

by playing around with the zone record values. Being that there's no production servers inthe domain, there's no problem if you screw something up. (A non-production domain isa real domain with whatever name you choose but you just use it with test servers.Naturally, you can make it a production domain at any time just by setting up "real"servers.)

For this I use the Domain Name+DNS Only Service bundle from EasyDNS.com becauseit kills two birds with one stone (and because they have toll-free telephone tech support).EasyDNS will not only host your zone files on their DNS server, but register yourdomain name (and annually renew the domain name registration) all for $35/year. That'sa pretty good deal as well as being convenient. You don't have to go to one place toregister/renew your domain name, and then go to another place to host your DNS records.When you register a domain name with EasyDNS they'll set up some preliminary zonerecords for you and you just go in and add/modify/delete records.

EasyDNS provides a Web interface for DNS management so you can play around withthe settings, change server names, create alias records, etc.


24/63

EasyDNS Domain Settings

The best part is support for dynamic DNS is included in their DNS offerings so you canuse them for home and test servers that don't have static IP addresses (and ddclient will

work with them too).


As a side note, what if you already have a domain name with servers that have static IPaddresses? Most places that will host your DNS records (like your ISP or Web hostingprovider) won't let you even see them much less work with them. Having EasyDNS hostyour DNS records will allow you to have some control in the management of your DNS.Their straight DNS records hosting service (without the domain registration/renewalpiece) costs $20/year. Just be sure to update your domain record with the EasyDNS nameservers information once you sign up for the service and get your DNS records set up.

(You also have the option of transferring your domain to them, i.e. making them thedomain name registrar, if you want to take advantage of the single-payment conveniencething.)

Having your own non-production domain will not only let you play around with zonerecords, but you can experiment with having your own authoritative DNS server. One ofEasyDNS's servers would be the primary authoritative name server and you could set upyour Debian server as a secondary. Then you'd just use the 'nameservers' link in the Web


25/63

interface to enter your server's hostname and IP address as a secondary server entry. Thisway you could play with the "zone transfers" that take place between authoritativeservers.

But the benefits of having your own non-production domain go beyond just DNS. It also

comes in handy for testing Sendmail e-mail server and Apache Web serverconfigurations, etc. For instance, you can see if your Debian system properly sends andreceives e-mail for your non-production domain. Or you could install a test cerfificate(available for free from most certifying authorities like Thawte or Verisign) on yourDebian system acting as a Web server so you can investigate SSL functionality. Justabout any type of Internet server you want to play with will have more functionalitywhen you can give it a registered domain name that has DNS resolution capabilities. Andif you don't have any plans to eventually use it as a production domain, just let it expireafter the first year is up and the knowledge gained will be well worth the 35 bucks.


ddclient Configuration File for EasyDNS

We'll install ddclient in a bit. It'll prompt you for the necessary configuration informationduring the install. When it's finished it'll create the /etc/ddclient.conf file and it shouldlook something like this (the information you enter during the client install is in blue):

# Configuration file for ddclient generated by debconf## /etc/ddclient.conf

pid=/var/run/ddclient.pidprotocol=easydnsuse=if, if=eth0server=members.easydns.comlogin=bgatespassword=luvlinuxmy-last-name.net

If your server is behind a cable/DSL router (such as a Linksys, DLink, or Netgear) orsome other type of firewall or proxy server, replace the line:

use=if, if=eth0

with the line:

use=web, web=support.easydns.com/utils/get_ip.php


26/63

This simply uses a page on EasyDNS's Web site to display your 'outside' IP address. Theddclient software will read the IP address off the returned HTML code and send it toEasyDNS. It'll do this periodically which is necessary with the changing IP addresses youget with cable and DSL services.


27/63

Support for dynamic DNS is disabled by default which is fine if you do have static IPaddress(es) on your server(s). Enabling dynamic DNS using the EasyDNS Web interfaceis simply a matter of clicking on the "disabled" link as illustrated below andacknowledging the change on the subsequent confirmation page.


Once you've got your configuration file set up and you've set your domain for dynamicDNS, you can test your ddclient configuration to make sure it's working with the


28/63

command:

ddclient -daemon=0 -noquiet -debug -verbose


29/63

If you use Apache's virtual hosts feature to host multiple Web sites on your server andyou have multiple domain names registered with EasyDNS you can update the dynamicDNS for all the domains simultaneously by separating each of the domains with a comma(,) like so:


pid=/var/run/ddclient.pidprotocol=easydnsuse=if, if=eth0server=members.easydns.comlogin=bgatespassword=luvlinuxmy-last-name.net,moe.com,larry.com,curly.com

The EasyDNS Web interface allows you to add/modify A records, MX records andpriorities, aliases (CNAME records), and even the time intervals in the SOA record, allby clicking on the "dns" link shown in the figure above. The "nameservers" link takesyou to a page which lists the authoritative DNS server information (EasyDNS's nameservers) for your domain.

Your Own DNS Server ?

KAMPUN

G JAWA


30/63

BASISBLOK MIf you have your own domain name and you also want to try running your own DNSserver, EasyDNS.com has a Secondary DNS Service for $15/year which takes some ofthe risk out of running your own DNS. You set their servers up to transfer zoneinformation from your DNS server. You would then enter your DNS server address as theprimary in your domain record, and the EasyDNS DNS server addresses as the secondaryDNS servers in your domain record. Then, should your DNS server ever fail, nameresolution queries will go to the EasyDNS servers.

Your Own Domain Without Your Own Servers

Would you like your own domain name and receive e-mail and Web traffic to your

domain without all the work of setting up your own e-mail and Web servers? Piece ofcake!

Just get the Domain Name+DNS Plus Service bundle from EasyDNS.com for $55/year.This service includes the domain name registration (and renewals) and you'll be able to:

* have your domain name annually renewed automatically when you renew theservice.

* have e-mails sent to a [email protected] e-mail address automatically forwardedto whatever existing e-mail address you want (such as your e-mail address provided by

your ISP) without having to pay for additional e-mail services.

* use their EasySMTP service (included with the Plus bundle) to send e-mail messagesusing your [email protected] e-mail address.

* have Web requests to http://www.yourdomain.com automatically forwarded to anyURL you want (like your personal Web space you get from your ISP).


31/63

Your own domain name is nice to have for several reasons. You may want to use yourlast name for your domain name (if it's available). Some of the benefits of having yourown domain name include:

* You can set up lastname.com e-mail addresses for every member of your family(called "mailmaps") and simply forward their e-mail to their existing e-mail account evenif everyone uses a different ISP or Web-mail service.

* With your own domain name, your e-mail address and Web URL will always remainthe same no matter how often you switch ISPs or Web-mail services.

Because so many sites use your e-mail address as a login ID it's a real pain to changeyour e-mail address. Not to mention notifying everyone that your e-mail address isdifferent. With e-mail forwarding using your own domain name, if you switch ISPs you

simply change the forwarding address. The ability to have a consistent e-mail address isvaluable for students as their e-mail providers change while they go from high school tocollege to their first job (and having a lastname.com e-mail address looks good on aresume too). It allows you to have the same e-mail address if you're forced to changeISPs because you move to a different city. It also protects you from ISP mergers, failures,and name changes. And having a consistent Web URL via Web forwarding means youwon't lose all the search engine traffic to your Web pages if the URL to your personalWeb space changes.

One valuable thing about the EasyDNS.com service is that it supports SPF TXT records.This allows your to set up Sender Policy Framework for your mail server which preventsspammers from sending e-mails using your domain name. SPF is fast becoming thestandard for spam prevention. You use it to specify the IP addresses of servers which areallowed to send e-mails on behalf of your domain (usually only one or two). When aspammer sends an e-mail using your domain name, and the receiving e-mail (SMTP)server is configured to use SPF, the receiving e-mail server checks the source address ofthe e-mail against the allowed addresses listed in your SPF TXT record in your DNS. Ifthere's no match the mail is discarded.

Domain-less DNS For Free

If you have a broadband Internet connection without a static IP and have no desire tohave your own domain name, you can use a free service offered by dyndns.org to set up ahome Web/e-mail/ftp server. It offers a dynamic DNS service which will redirect trafficto your server using their domain name.

With this free service you use your server's hostname but dyndns.org's domain name.You're basically just adding/modifying an A record for your server in their zone file.Your Web server would have a URL like:


32/63

http://your-hostname.dyndns.org

E-mail addressed to your server would have to have an address like:

[email protected]

Because you'll be using your hostname with dyndns.org's domain name, you have tomake sure your hostname isn't the same as that of anyone else using their service. As aresult, you'll want to come up with a hostname for your server that's really unique. Recallthat you set the hostname during the installation. You can always change it by editingthe /etc/hosts file. However, you'll also need to check for the current hostname in theconfiguration files of any server applications that may use it, such as Sendmail andApache, and edit those files as well.

If you connect your Linux server to the Internet using a modem (we show you how on theModems page), you'll need to a way to keep your connection up long enough for any

dynamic DNS changes to take effect and this could take up to 45 minutes. Most ISPs willdrop an inactive connection before that. You can use the ping command to keep your PPPconnection up. The trick is to run it in the background and set it so it only sends a pingonce every five minutes. Pick a Web site and enter:

ping -i 300 www.chosen-site.com > /dev/null &

Just don't forget to bring it to the foreground and stop it once you've disconnected yourmodem connection. To bring it to the foreground simply type:

fg ping

and then press Ctrl-C to exit the ping program.

ddclient Configuration File for dyndns.org

If you selected the dyndns.org service when you installed ddclient your /etc/ddclient.conffile should look something like this:


pid=/var/run/ddclient.pidprotocol=dyndns2use=if, if=ppp0server=members.dyndns.orglogin=bgatespassword=luvlinuxyour-debian-box-hostname.dyndns.org


33/63

Note that this file indicates the ppp0 (dialup modem) interface was entered during theinstallation rather than the 'eth0' that you would use for a network card.

If your server is behind a cable/DSL router (such as a Linksys, DLink, or Netgear) orsome other type of firewall or proxy server, replace the line:

use=if, if=ppp0

with the line:

use=web, web=checkip.dyndns.com/, web-skip='Current IP Address:'

This simply uses a page on dyndns.org's Web site to display your 'outside' IP address.

The ddclient software will read the IP address off the returned HTML code.

Security Note: Even home Web/e-mail servers need to be set up securely.Spammers have a talent for quickly locating improperly secured e-mail servers and usingthem as spam relay points. This not only puts your server at risk but gobbles up all yourbandwidth. If you are going to set up a home Web/e-mail server, be sure to do it securely.That not only involves setting up the server in a secure fashion during the initial install,but also includes configuring Apache and Sendmail in a secure manner. The procedureson these pages do not result in secure servers. If you are going to set up your own Web/e-mail server you'll need to buy some books and do some research to learn how to do itsecurely. More information is given on the Securing Servers page. You'll also want totake a look at the Firewall page for information on how to use IPTABLES entries to helpprotect your server and your home network. (Remember that if you only have one serverApache and Sendmail are going to be running on the same system that is acting as yourNAT/firewall system.) In addition, the Packages page shows you how to use the cronscheduler and a shell script to automatically keep your system up to date with the latestsecurity patches.

Dynamic DNS is OK for home servers, but it's not really appropriate for businesses.Static IP addresses and having your ISP or a third party like EasyDNS host your DNSrecords would be more appropriate for Internet server implementations by businesses.

Installing ddclient

Before installing this package be sure to sign up for an account with EasyDNS ordyndns.org. You'll need your account username and password when you install thepackage. With your account set up you install the package by typing in

apt-get install ddclient


34/63

at the shell prompt. You'll then be prompted for the following:

1. Select the service you want to use.

2. The next screen may seem confusing if you selected EasyDNS in Step 1

because it prompts you for "your DynDNS fully qualified domain names" and then givesexamples for dyndns.org. What they mean by the "DynDNS" is "Dynamic DNS", not"DynDNS.org". The "fully qualified" is also a bit misleading. You don't need to enter atrailing period after the TLD (.com, .net, or .org Top Level Domain). All you need to dois enter your server's hostname followed by your, or dyndns.org's, domain name.Examples:

debian.gates.comorvery-unique-hostname.dyndns.org

3. Enter the username you chose when you signed up with your service.

4. Enter the password you chose when you signed up with your service.

5. Enter the interface that will be connecting to the service. This will most likelybe 'eth0' for an ethernet card (even if it is connected to a LAN which has a firewallrouter) or 'ppp0' for modem use (note that that's a zero on the end, not the letter O).

6. If you entered 'ppp0' you'll be asked if you want ddcleint to run automaticallyevery time you connect. You may want to select No here so you have the option ofrunning it or not.

7. You'll then be asked if you want to run ddclient as a daemon. If this server isgoing to be a full-time Web or e-mail server with a broadband connection you shouldanswer Yes to this.

The client will now be installed and the appropriate configuration file like the ones shownabove will be created. Even though the file was created for you, we showed you thetypical files for both dyndns.org and EasyDNS services in case you need to edit them at alater point. If you want to examine your config file you can do so using the nano texteditor with the command:

nano /etc/ddclient.conf

If you're using a modem connection you'll want to first connect to your ISP with the poncommand. If you didn't set ddclient to run as a daemon then just type in:

ddclient


35/63

at the shell prompt once you're connected. The resulting message will tell you what IPaddress your external interface has (and what the DNS record will be updated with.

As mentioned earlier, it will take awhile for this update to take affect. To see if it hastaken affect yet, try pinging using your domain name and see if the returned IP address

matches what was indicated in the message when you started ddclient. Note that even ifyou used the above ping command in the background to keep your connection up you canstill issue a second ping command in the foreground to check the returned IP address.

Other DNS Server Files Top of page

Given that a DNS server can host the zone files for many different domains, each havingtwo zone files, it needs a way to tell which zone files are for which domains. It does thisin the named.conf file which, like the zone files themselves, is located in the /etc/binddirectory (which you'll see when we install Bind shortly).

Of the two zone files for each domain the one we've been talking about all along has beenfor forward lookups (resolving names to IP addresses). This zone file is typically nameddb.my-last-name.net.

DNS also offers a "reverse lookup" function that allows you to translate IP addresses tohost/domain names. The information that allows this to happen is stored in the secondzone file. Here's a reverse-lookup zone file that corresponds to the simpler zone file weshowed earlier:

$TTL 864001.168.192.in-addr.arpa. IN SOA ns1.easydns.com. \

me.my-name.com. (2004011522 ; Serial no., based on date



)51 IN PTR debian@ IN NS ns1.easydns.com.@ IN NS ns2.easydns.com.

Note that the NS records are the same but there's no A records. And since we only haveone system handling all three Web, e-mail, and FTP server functions we only need onePTR record. A PTR (Pointer) record is the opposite of an A record. It has the host part ofthe IP address and gives the corresponding hostname. Typically you want a PTR record


36/63

for every A record in the forward-lookup file provided the server is in the domain. Wedon't have PTR records for the name servers above because they're in a different domain(and thus in a different address space).

Why is only the host part of the IP address needed in this file? Because the network

portion of the IP address is used when naming the reverse-lookup zone file, and it'sreversed. Because 192.168.1.x is a Class C network, the first three octets make up thenetwork portion of the IP address so it's used in the zone file name. Only the last octetspecifies the individual host so it's used to specify the host in PTR records. With theabove example IP address, the zone file would be named:

db.1.168.192

The reverse-lookup zone file is also located in the /etc/bind directory. There's anotherplace this naming convention is used. Take a look at the start of the SOA record. Thedomain is specified as

1.168.192.in-addr.arpa

in-addr.arpa is the default domain for all reverse lookups. As you'll see below, theshorthand method of specifying this with the '@' is normally used.

DNS Tools, Testing, and Troubleshooting Top of page

When you're testing changes to your DNS records things may not act the way you expectthem to. What you need is some patience. Most DNS servers cache lookups. If you makea change to a zone record on EasyDNS or dyndns.org, or the IP address you pulled fromyour ISP changes and ddclient sends the update, it'll take the DNS servers at EasyDNS ordyndns.org up to 15 minutes to update. Then the DNS server that your desktop system isusing to resolve names may cache the old information for another 20 to 30 minutes.

If you're using a Windows system to test DNS changes don't forget that it also has a DNScache. You can clear it manually in a DOS window with the command:

ipconfig /flushdns

As a result, if you make a change to your zone records give it at least 45 minutes beforeyou try to see if the changes had the desired effect. Web browsers also cache name-to-address information. If you're using a Web browser to test your changes, you may want togo and delete all the files in the browser's cache directory as well.

The above makes playing around with dynamic DNS when using a modem kind of apain. You have to keep the connection up for for at least 45 minutes because if youdisconnect, you'll pull a different IP address when you reconnect and your DNS records


37/63

will have invalid IP addresses. That's why I showed you how to run the ping command inthe background to keep the dial-up connection alive.

A DNS problem will likely be in one of three places:

* The DNS server addresses specified in the TCP/IP configuration on the PC you areusing to do the pinging are not correct.* The registrar's domain record does not contain the correct name server hostnames

and/or addresses.* The authoritative DNS servers for the domain do not have the domain's zone records

configured correctly.

The most basic tool for testing DNS is the ping command. If you can ping a Web serverusing its IP address but not it's domain name, you have a DNS problem. If you can ping aserver using its domain name you'll notice that the server's IP address is also displayed.

Verifying that this is the correct IP address will verify that DNS is working properly.Another thing ping can tell you is if you're pinging an actual server or an alias. Using theMIT example again, you may type in


38/63

ping www.mit.edu

but the response will be something like

Pinging DANDELION-PATCH.mit.edu


39/63

Another common tool for testing DNS is nslookup (name server lookup) and it's availableon Linux systems and NT-class Windows systems (NT-WS, 2000 Pro). As you sawearlier in this page this command will show you what name server your PC is using toresolve names, as well as return hostname and address information on the server that's

specified as the target of the command. However, it also has an interactive mode thatincrease its usefulness. If you simply type in:

nslookup

and you'll get a > prompt. There are several statements that you can enter at his prompt.One helpful one is when you want your system to send queries to a different, other thanthe default, name server. At the prompt type in the 'server' command followed by the IPaddress of the DNS server to use:

server 192.168.10.10

Then you just type in the domain name you want information on at the prompt. You'll seein the response that the name server being queried has changed to the one you specified.Type 'exit' at the prompt when you're done. Another similar tool on Linux systems is thedig command. You can specify the alternate DNS server to use on the command line:

dig 192.168.10.10 mit.edu any

The any parameter tells it to return information on all record types. Check the man pagesfor dig and nslookup for more information.

If you want to make sure that BIND isn't having a problem with your zone files, you cancheck the syslog after you boot the system (which is when BIND starts up and reads thezone files). At a shell prompt just type in:

nano /var/log/syslog

and look near the bottom of the file. You'll see messages when BIND was started. Checkto see if any of them refer to any errors that were encountered. If it didn't have a problemwith the zone file you'll see it referenced along with:

loaded serial 1

indicating that it has set the serial number (version) to 1.

Your Own DNS Server Top of page

Don't set up your Debian system as a DNS server if it doesn't have access to theInternet. It will try and use external DNS servers (called "root hints" which we explain


40/63

later) to resolve names and they won't be accessible. This will cause problems trying toFTP or telnet to your Debian server even over a local LAN using only IP addresses.

DNS is simply another server application. You can use your Linux system as an

authoritative, LAN, or simple DNS server. Simple DNS servers and LAN servers whichalso provide simple DNS services (resolving Internet host/domain names) need to beconnected to the Internet but being behind a firewall should not present a problem as longas you have UDP port 53 is open on the firewall. If you're going to set up and test asecondary authoritative DNS server you'll also need to have TCP port 53 open on thefirewall as well for zone transfers.

We'll show you how to set up simple and LAN DNS servers in this section. Setting upproduction ("real") authoritative DNS servers (remember that you need at least two) isbeyond the scope of this page because you'll need to do quite a bit more reading to learnabout zone transfers (insecure and secure) between primary and secondary servers and

you'll need to know a lot more about the named.conf file. The issue of server securityalso becomes more important. However, seeing how to set up DNS server files for a LANDNS server will be a good start.

Where to learn more - The best of our bookshelves:

DNS and BINDMore info... DNS and BIND is another case where an O'Reilly book isconsidered the bible in the industry. I doubt there's a DNS server admin out there thatdoesn't have a copy. The 4th Edition covers BIND 9 with its security enhancements. Thefirst three chapters provide a detailed foundation in the basics of DNS operation fromzone files to root name servers. From there it's all about server configuration. Setting upmultiple servers, incremental zone transfers, and round-robin load distribution are just afew of the things covered. It also covers how to set up a server to respond to DDNSrequests from clients and DHCP servers as well as how to control which systems havethis ability through ACLs (Access Control Lists). How to use BIND's debugging levelsand debugger output to solve problems is also covered.

A Simple DNS Server

As mentioned earlier, the most widely used DNS application is called BIND andinstalling it is simply a matter of entering the command:

apt-get install bind9

Congratulations! You now have a simple DNS server. Now just change the DNS serversettings in the TCP/IP configuration files on the workstations on your LAN so that theystart using this server as their preferred DNS server. You can use your ISP's DNS


41/63

server(s) as alternate servers as this will provide some redundancy if your server evergoes down. You'll also want to modify the /etc/resolv.conf file on the DNS server itselfso that it points to itself. Do that by opening the file in a text editor with the command:

nano /etc/resolv.conf

and making sure the first nameserver line is:

nameserver 127.0.0.1

Why is setting up a simple DNS server so easy? Because of things called "root hints".The root hints are a list of root-level DNS servers in the /etc/bind/db.root file. Yoursimple DNS server will query a root server to get the addresses of authoritative DNSservers for each given domain (so it can contact those authoritative DNS servers to getthe IP addresses of the desired hosts).

Just remember that your simple DNS server needs a 24/7 connection to the Internet. Or itat least needs to be connected to the Internet any time any system on your LAN needs toaccess anything on the Internet.

A LAN DNS Server

We'll cover setting up a LAN DNS server for a small LAN where the workstationaddresses are statically assigned. If you have a larger LAN that uses DHCP, you'll needto set up the server to respond to DDNS update requests because a system's A record willneed to be updated when DHCP assigns the system a different address.

In setting up a LAN DNS server we need to:

* Create the forward and reverse zone files.* Update the named.conf configuration file with things called "forwarders"* Update the named.conf configuration file so that the server knows it's authoritative

for the LAN domain.

The zone files are just like the zone files we have above. You can even copy/paste thefollowing zone files into a text editor and edit them accordingly if you want. If you'reviewing this page on a Windows system, you can copy/paste them into Notepad and FTPthem to your Debian system (remember to use ASCII mode when you FTP). Because thezone file names aren't Windows-friendly just save them in Notepad using names likeforward.txt and reverse.txt. You can rename them when we copy them from your homedirectory to the /etc/bind directory. Remember that FTP won't work with the root account(it's a security thing) so use the user account you created when you installed Debian.When you FTP the files to your Debian system they'll go into this account's homedirectory. We'll copy them over to the right place in a bit.


42/63

Here's the forward-lookup zone file for a LAN with the domain name kplan.net. Note thatthe A records are grouped together, as are the other record types, and that there are noblank lines. However, when trying to get my DNS server to work I did see an error in thesyslog file about the reverse-lookup zone file not ending in a "new line" so make surethere's a blank line at the bottom of the file.

$TTL 86400kplan.net. IN SOA woody.kplan.net. \

keith.kplan.net. (2004011522 ; Serial no., based on date



) potato-gw IN A 192.168.10.1

w2kpro IN A 192.168.10.10ntserver IN A 192.168.10.20solarisintel IN A 192.168.10.30solarissparc IN A 192.168.10.40woody IN A 192.168.10.50@ IN NS woody@ IN MX 10 woodywww IN CNAME woodyftp IN CNAME woodywoody IN CNAME @

And here's the reverse-lookup zone file for the same domain:

$TTL 86400@ IN SOA woody.kplan.net. \

keith.kplan.net. (2004011522 ; Serial no., based on date



)1 IN PTR potato-gw10 IN PTR w2kpro20 IN PTR ntserver30 IN PTR solarisintel40 IN PTR solarissparc


43/63

50 IN PTR woody@ IN NS woody

Notice that instead of using 10.168.192.in-addr.arpa at the start of the SOA record I justused the shortcut. Now when I add a new system to my network I can just add entries tothese two files rather than editing the HOSTS files on all of the servers and workstations.

If you created these files on a Windows system using Notepad and FTPed them to yourDebian server, go into the directory you FTPed them into and move/rename them like so:

mv forward.txt /etc/bind/db.kplan.netandmv reverse.txt /etc/bind/db.10.168.192

While the zone file naming convention that BIND uses by default is db. followed by thedomain name, and the reverse-lookup zone file is similar except that the domain name isreplaced by the reversed network address, you can actually name them whatever youwant. You tell the server what zone files to use in the named.conf file.

named.conf

The named.conf file is the main configuration file for a DNS server. In it you tell theserver what, if any, forwarders to use, what domains it's authoritative for, and which zonefiles it should use for each domain.

Forwarders let you specify other DNS servers to use when your DNS server receives aquery for a domain it isn't authoritative for. Your LAN DNS server will be authoritativefor your LAN's domain name, but it won't know about domains on the Internet. When itgets a query for an Internet domain it will forward the request out to a DNS serverspecified in the forwarders section of the named.conf file.

Open the /etc/bind/named.conf file using the ee text editor. In the options section you'llsee an indented block of text like this:

// forwarders {// 0.0.0.0;// };

You typically want to put your ISP's DNS servers here. The '//' are comment characters inthis file so you'll need to remove those also. You should end up with a block of text thatlooks like this:


44/63

forwarders {192.168.243.9;192.168.253.9;};

We used private addresses in the above example but naturally these would be publically-accessible DNS servers (your ISP's). Now we have to add the content to the file so theserver knows it knows it's authoritative for the kplan.net domain. At the bottom of the fileyou'll see the line:

// add entries for other zones below here

Below this line we'll enter the following for the forward and reverse zone files:

zone "kplan.net" {type master;

file "/etc/bind/db.kplan.net";};

zone "10.168.192.in-addr.arpa" {type master;

file "/etc/bind/db.10.168.192";};

Save the file and we're in business from a server perspective. The named daemon isrunning, we already have a root hints database, our zone files our set up, and ourforwarders are set up in the configuration file. Now just change the /etc/resolv.conf fileon any Debian and UNIX systems so it looks like this:

search kplan.netnameserver 192.168.10.50

On Windows systems you'd have to change the "Preferred DNS server" in the TCP/IPproperties to the 192.168.10.50 address.

Now that you've got a feel for what DNS does for you, and possibly have your owndomain name with name resolution capabilities, it's time to start setting up some servers.


45/63

Sonic Foundry Media Site Web Streaming

SECURITY WARNING

Do NOT plan to use the system you will create using these guide pages as a "production"(real) server. It will NOT be secure!

There are many steps involved in creating a secure Internet or LAN server. While we dorefer to some things you can do to make your system more secure, there are many othermeasures related to system security that also need to be taken into consideration and theyare not covered on these pages.

These guide pages are meant as a learning tool only. The knowledge gained on these

pages will help you understand the material covered in security-related publications whenyou are ready to consider setting up a production server.

Did you find this page helpful ?If so, please help keep this site operatingby using our CD, gear, or book pages.

Site, content, documents, original images Copyright 2003-2009 Keith ParkanskyAll rights reservedDuplication of any portion of this site or the material contained herein withoutthe express written consent of Keith Parkansky, USA is strictly prohibited.

This site is in no way affiliated with the Debian Project, the debian.org Web site, orSoftware In The Public Interest, Inc. No endorsement of this site by the Debian Projector Software In the Public Interest is expressed or implied. Debian and the Debian logoare registered trademarks of Software In The Public Interest, Inc. Linux is a registeredtrademark of Linus Torvalds. The Tux penguin graphic is the creation of Larry Ewing.

LIABILITY

IN NO EVENT WILL KEITH PARKANSKY OR HOSTWAY INCORPORATED ORANY OF ITS' SUBSIDIARIES BE LIABLE TO ANY PARTY (i) FOR ANY DIRECT,INDIRECT, SPECIAL, PUNITIVE OR CONSEQUENTIAL DAMAGES(INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF BUSINESSPROFITS, BUSINESS INTERRUPTION, LOSS OF PROGRAMS ORINFORMATION, AND THE LIKE), OR ANY OTHER DAMAGES ARISING IN ANY


46/63

WAY OUT OF THE AVAILABILITY, USE, RELIANCE ON, OR INABILITY TOUSE THE INFORMATION, METHODS, HTML OR COMPUTER CODE, OR"KNOWLEDGE" PROVIDED ON OR THROUGH THIS WEBSITE, COMMONLYREFERRED TO AS THE "ABOUT DEBIAN" WEBSITE, OR ANY OF ITS'ASSOCIATED DOCUMENTS, DIAGRAMS, IMAGES, REPRODUCTIONS,

COMPUTER EXECUTED CODE, OR ELECTRONICALLY STORED ORTRANSMITTED FILES OR GENERATED COMMUNICATIONS OR DATA EVENIF KEITH PARKANSKY OR HOSTWAY INCORPORATED OR ANY OF ITS'SUBSIDIARIES SHALL HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCHDAMAGES, AND REGARDLESS OF THE FORM OF ACTION, WHETHER INCONTRACT, TORT, OR OTHERWISE; OR (ii) FOR ANY CLAIM ATTRIBUTABLETO ERRORS, OMISSIONS, OR OTHER INACCURACIES IN, OR DESTRUCTIVEPROPERTIES OF ANY INFORMATION, METHODS, HTML OR COMPUTERCODE, OR "KNOWLEDGE" PROVIDED ON OR THROUGH THIS WEBSITE,COMMONLY REFERRED TO AS THE "ABOUT DEBIAN" WEBSITE, OR ANY OFITS' ASSOCIATED DOCUMENTS, DIAGRAMS, IMAGES, REPRODUCTIONS,

COMPUTER EXECUTED CODE, OR ELECTRONICALLY STORED,TRANSMITTED, OR GENERATED FILES, COMMUNICATIONS, OR DATA. ALLINFORMATION, METHODS, HTML OR COMPUTER CODE IS PROVIDEDSTRICTLY "AS IS" WITH NO GUARANTY OF ACCURACY AND/ORCOMPLETENESS. USE OF THIS SITE CONSTITUTES ACCEPTANCE OF ALLSTATED TERMS AND CONDITIONS.


47/63


48/63


49/63


50/63


51/63


52/63

BONJER

..


53/63

KAPAL69

CAMP 6

JAVA


54/63

C6J


55/63

BOEDO

ET

BASIS


56/63

BLOK

M


57/63

BOEDO

ET


58/63

BASIS

BLOK

M


59/63


60/63

BOEDO

ET


61/63

BASIS

BLOK

M


62/63

KAPAL

69


63/63

CAMP 6JAVA

C6J

lans can use wins. unix lans can use nis. but because dns is the directory service for the internet

Documents