Notes for Week 6

Configuration files for Bind (named)

"server" is the name of the name server, and "lab265" is the name of the zone.

All punctuation is required, and SOA and PTR resource records start in column 1.

named.conf - where to find zone files and cache hints

options {
        directory "/etc/namedb";
    	pid-file "/var/run/named.pid";
    	statistics-file "/var/run/named.stats";
};
controls {
    inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};
key "rndc_key" {
    algorithm hmac-md5;
    secret "";
};
zone "." {
        type hint;
        file "named.ca";
};
zone "rwc.uc.edu" {
        type forward;
        forward first;
        forwarders { 10.228.64.106; };
};
zone "0.0.127.in-addr.arpa" {
        type master;
        file "127.0.0";
};
zone "lab265" {
        allow-transfer { 192.168.1.150; };
        notify no;
        type master;
        file "lab265";
};
zone "1.168.192.in-addr.arpa" {
        notify no;
        type master;
        file "192.168.1";
};

named.ca is located at ftp.rs.internic.net/domain/named.root.

rwc.uc.edu is a forward zone; all lookups for domain names in that zone are forwarded to the RWC DNS server. Ordinary configurations normally do not include a forward zone.

The "allow-transfer" clause for the lab265 zone is an example of how to restrict zone transfers to one or a set of IP address.

The "notify no;" option tells named not to notify secondary servers when the configuration has been updated. Ordinary configurations normally would not do this.

127.0.0 - zone file for reverse lookups on localhost

@      86400    IN      SOA     server.lab265. root.server.lab265. ( 1 8H 2H 1W 1D)
;
; Start of Authority record begins each zone file
;
; 86400 is the time to live (in client resolver cache) in seconds
; 
; "root.server.lab265" means "root@server.lab265", e-mail address for questions
;
; 1 = serial #, used by secondary server to check if updates have been made
; 8H = 8 hours, how often secondary server attempts to refresh data from primary
; 2H = 2 hours, how long to wait before retrying failed refresh
; 1W = 1 week, how long to wait before flushing data if no refreshes have been successful
; 1D = 1 day, how long answers from this server can be trusted without checking again
;
                NS      server.lab265.
;
; NS record specifies name of name server (present in each zone file)
;
1               PTR     localhost.
;
; this mandatory pointer record is for 127.0.0.1 
;         (127.0.0 from named.conf, 1 from PTR record)
;

192.168.1 - zone file for reverse (ip address to name) lookups on hosts

@      86400    IN      SOA     server.lab265. root.server.lab265. ( 1 8H 2H 1W 1D)
                NS      server.lab265.
1               PTR     server.lab265.
;
; this pointer record is for 192.168.1.1 - need one per host
;

In general it is bad practice to serve reverse lookups for any address other than 127.0.0.1 unless they are needed for authentication.

lab265 - zone file for name to ip address lookups on hosts

@      86400    IN      SOA     server.lab265. root.server.lab265. ( 1 8H 2H 1W 1D)
                NS      server.lab265.
      localhost A       127.0.0.1
      server    A       192.168.1.1
      www       CNAME   server
;
; server record describes host "server.lab265" (lab265 from named.conf)
;
; need one A record for each host + localhost (mandatory)
; need one CNAME record for each alias (optional)
;

"kill -S SIGHUP (named pid)" will cause named to re-read its configuration files. Alternatively, you can "/etc/rc.d/init.d/bind restart".

EXERCISES for Week 6:
1. Change the IP address in the configuration files from 192.168.1.1 to your IP address. Change the zone name from lab265 to island(n), where n is 1, 2, 3 or 4. Be sure to check the system log after each time you restart (or SIGHUP) named.
2. Add resource records for the PCs on your island.
3. Test your configuration with both forward and reverse lookups for each PC you added.

Please send comments or suggestions to the author.