DNS Configuration

To configure a DNS server, ensure that the following files are as below with having IP
address eth0: 202.168.255.225 and eth1: 192.168.0.1
[root@ns1 ~]# more /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
BROADCAST=202.168.255.255
HWADDR=00:13:20:6C:E7:D9
IPADDR=202.168.255.225
NETMASK=255.255.255.0
NETWORK=202.168.255.0
ONBOOT=yes
TYPE=Ethernet

[root@ns1 ~]# more /etc/sysconfig/network-scripts/ifcfg-eth1

DEVICE=eth1
BOOTPROTO=static
BROADCAST=192.168.0.255
HWADDR=00:13:F7:1A:71:11
IPADDR=192.168.0.1
NETMASK=255.255.255.0
NETWORK=192.168.0.0
ONBOOT=yes
TYPE=Ethernet
DHCP must be enabled in NIC configuration of DHCP clients (windows)
Obtain an IP address automatically
Obtain DNS server address automatically.

[root@ns1 ~]# more /etc/resolv.conf

search ns1.ccd.net
nameserver 192.168.0.1
#nameserver 202.168.254.8

http://www.charvolant.org/~doug/network/html/node10.html

Page No: 1

The next job is to configure the following files as described below

[root@ns1 ~]# vi /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
192.168.0.1
ns1.ccd.net host
#ns1.ccd.net is FQDN and host is the alias of ns1.ccd.net
127.0.0.1
localhost.localdomain
localhost
#The above line must not be modified at all.
[root@ns1 ~]# vi /etc/resolv.conf
search ns1.ccd.net
nameserver 192.168.0.1
#nameserver 202.168.254.8
[root@ns1 ~]# vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=ns1.ccd.net
GATEWAY=202.168.255.4
[root@ns1 ~]# vi /etc/dhcpd.conf
ddns-update-style interim;
ignore client-updates;
subnet 192.168.0.0 netmask 255.255.255.0 {
# --- default gateway
option routers
option subnet-mask
option nis-domain
option domain-name
option domain-name-servers

192.168.0.1;
255.255.255.0;
"domain.org";
"ccd.net";
192.168.0.1;

option time-offset
-18000; # Eastern Standard Time
#
option ntp-servers
192.168.1.1;
#
option netbios-name-servers 192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- you understand Netbios very well
#
option netbios-node-type 2;
range dynamic-bootp 192.168.0.11 192.168.0.20;
default-lease-time 21600;
max-lease-time 43200;
# we want the nameserver to appear at a fixed address
host shofik {
next-server marvin.redhat.com;
hardware ethernet 00:14:85:ED:40:77;
fixed-address 192.168.0.5;
}
http://www.charvolant.org/~doug/network/html/node10.html

Page No: 2

}
[root@ns1 ~]# vi /etc/named.conf
options {
directory "/var/named";
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "ccd.net" IN {
type master;
file "ccd.net.fw";
allow-update { none; };
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "ccd.net.rv";
allow-update { none; };
};
include "/etc/rndc.key";
The file named.conf must be present both in /etc and /var/named/chroot/etc/ and
both file content must be same.
Any blank line must be comment out by semicolon(;) inside forward and reverse zone
file(ccd.net.fw & ccd.net.rv in this case) in order to avoid errors.

http://www.charvolant.org/~doug/network/html/node10.html

Page No: 3

[root@ns1 ~]# vi /var/named/ccd.net.fw

$TTL 86400
;value = 1 day in second
bbn.net.
IN SOA dns1.bbn.net. root.dns1.bbn.net. (
;dns1.bbn.net is the FQDN and root.dns1.bbn.net is the System Administrtor
;
2008020201 ; Serial (yy=2008, mm=02, dd=02, any serial=01)
28800
; Refresh (time in second)
14400
; Retry (time in second)
3600000 ; Expire (time in second)
86400 ) ; Minimum (time in second)
; Domain Declaretion
bbn.net.
IN NS
dns1.bbn.net.
; MailServer Declaretion
bbn.net.
IN MX 5
mail.bbn.net.
;IP address
dns1
IN
A
192.168.0.1
mail
IN
A
202.168.255.225
;Alies
smtp
CNAME
mail
;
Sub-domain(smtp.bbn.net) also hosted on dns1.bbn.net
pop
CNAME
mail
;
Sub-domain(pop.bbn.net) also hosted on dns1.bbn.net
[root@ns1 ~]# vi /var/named/ccd.net.rv
$TTL 86400
@
IN SOA

dns1.bbn.net. root.dns1.bbn.net. (
2008020201 ; Serial
28800
; Refresh
14400
; Retry
3600000 ; Expire
86400 ) ; Minimum
@
IN NS
dns1.bbn.net.
1
IN PTR dns1.bbn.net.
;1 is the last octet of the IP on which domain is hosted or any serial number is acceptable.
225 IN PTR mail.bbn.net.
;255 is the last octet of the IP on which mail server is hosted or any serial number is
acceptable.
; No entry is required here for aliases
The above file ccd.net.fw and ccd.net.rv must be copied to var/named/chroot/var/named/
Now its the right time to restart network & named service to update the system
Ex: /etc/init.d/network restart
Ex: /etc/init.d/named restart

Congratulations! You have configured your desired domain, isnt it ??

http://www.charvolant.org/~doug/network/html/node10.html

Page No: 4

Link http://www.charvolant.org/~doug/network/html/node10.html
DNS allows systems to look up host names, both within the private network and across
the Internet. There are other ways of doing this, for example you could just run identical
hosts files on all your machines. But somehow, this is more fun. In addition, Windows 95
machines examine their hosts databases in an odd order which makes using host tables
difficult; the win95netbug FAQ rovides information on this, as well as help on how to
reconfigure win95 to reorder the lookup order.[24]
You can set up the DNS server on any Unix system. The standard Solaris 2.6 install
comes with BIND 4.9.x, suitably altered to deal with the additional Solaris naming
systems. However, 4.9.x seems to do a great deal of maintenance work at fairly random
times. This is fine if you have a permanent connection, but not so fine with a dialup. As a
result, I have got BIND 8.2 from the Internet Software Consortium and installed that
instead.[12]
As a result, I'm going to talk about BIND 8.2 here. The version of BIND which comes
with Solaris 2.5.1 seems a lot more dialup friendly. So, if you are using an older version
of Solaris, you can probably stay with the supplied version; the boot files are
considerably different, however, so you will need to examine the documentation.

Compiling BIND 8.2

Compiling BIND 8.2 is fairly straightforward. However, before compiling, you will need
to apply any patches to the supplied source code. The command patch < patch1 will
apply the patch.
To configure the Makefiles, use make depend from the src directory. To make the
programs, use make To install, first remove the .settings file and then use make
install Installation goes into directories under /usr/local
The source code for BIND does not come with any manual pages. A separate
documentation download contains man pages. The install Makefile for the man pages,
however, expects a BSD-style install and, therefore, you will need to put /usr/ucb at the
start of your PATH environment variable if you want a painless install. You may also need
to modify the Makefile to remove pre-formatted man pages.

DNS Server Configuration

To configure the DNS server, you need to set up a number of (text) database files. The
DNS server daemon (called named) first consults a boot file. This boot file tells the
daemon to consult a series of further database files which gives it enough information to
start serving names.

http://www.charvolant.org/~doug/network/html/node10.html

Page No: 5

Choosing a Domain
Before setting up your DNS server, you will need to choose a domain name. Since
nobody, except you, will accept your domain as a genuine domain (we hope) you have a
reasonable amount of latitude over what domain names you can pick.
Since I work for AFS, I have decided to call my domain canberra.afs.net.au I am pretty
certain that nobody else is going to use that name.
You'll have to decide what domain name to pick. As a suggestion, if you are connecting
to ORAC, then a domain of whimsical-name.orac.net.au might be a good idea. On the
other hand, I haven't consulted ORAC about this, so it might not.
For the purposes of example, I an going to use the domain name flibble.orac.net.au
The Boot File
The boot file is consulted by named to on startup, so that initial options and data can be
loaded. A sample /usr/local/etc/named.conf file for a server is shown in figure 2.
# Boot file for server solaris, primary server
# for flibble.orac.net.au.
#
options {
directory "/var/named";
forwarders {
299.18.99.151;
299.8.183.1;
};
forward first;
dialup yes;
heartbeat-interval 1440;
};
zone "." {
type hint;
file "named.ca";
};
zone "flibble.orac.net.au." {
type master;
file "private.hosts";
};
zone "3.5.10.in-addr.arpa." {
type master;
file "private.rev";
};
zone "0.0.127.in-addr.arpa." {
type master;
file "private.local";
};

http://www.charvolant.org/~doug/network/html/node10.html

Page No: 6

The meaning of the lines in this file are:

directory
The directory in which the database files will be found. The /var/named
directory is traditional, although inexplicable, since configuration files usually go
under pathname/etc
forwarders
A list of IP addresses to forward queries to. This saves us from doing all the work
of working down the domain tree when finding a domain. You can set your
forwarders to the name servers supplied by your ISP.
forward
The forwarding behaviour. Queries are first forwarded to the addresses listed in
forwarders. Only if no forwarding server responds will this server do its own
work. Setting this option to only means that this server never does its own search.
dialup
Indicate that this is a dialup machine and that, therefore, maintenance work should
be grouped together rather than done at any old time. This option is the main
reason for my installing BIND 8.2.
heartbeat-interval
The interval (in minutes) between performing maintenance activities. This option
is set, by default, to 60 minutes. Setting it to 1440 minutes means than
maintenance is done once a day.
zone
Data about a particular domain. The string in double quotes give the domain
name, with . being the top-level, root domain. The name server is to be the master
server for the domain flibble.orac.net.au (name to IP-address) and the networks
10.5.3 and 127.0.0 (IP-Address to name).
type
The type of domain data. hint means that the data is there so that the top-level
domain servers can be found. master means that this is the master server for this
domain.
file
The file to read the name server data from. These files are discussed below.
The /var/named/named.ca File
The server, when it is doing its own work, rather than forwarding, needs a start point for
searching for domains. This file contains the IP addresses of the servers for the root
domain name servers. The base version of this file is shown in figure 3. The first section
of this file states that the name servers (NS) for the root domain (.) are the ones listed.
The second section says, for each name server, what its IP-address (A) is. The numbers
(518400 and 3600000) give the time-outs in seconds for these entries; these figures
should be large enough for the time out not to be a problem.
Once you have this file, it's a good idea to pick up the most current official version at
ftp://rs.internic.net/domain/named.root.

http://www.charvolant.org/~doug/network/html/node10.html

Page No: 7

;
;
Initial cache data for named
;
Servers
;
.
518400
IN
NS
.
518400
IN
NS
.
518400
IN
NS
.
518400
IN
NS
.
518400
IN
NS
.
518400
IN
NS
.
518400
IN
NS
.
518400
IN
NS
.
518400
IN
NS
;
;
Addresses
;
D.ROOT-SERVERS.NET.
3600000
E.ROOT-SERVERS.NET.
3600000
I.ROOT-SERVERS.NET.
3600000
F.ROOT-SERVERS.NET.
3600000
G.ROOT-SERVERS.NET.
3600000
A.ROOT-SERVERS.NET.
3600000
H.ROOT-SERVERS.NET.
3600000
B.ROOT-SERVERS.NET.
3600000
C.ROOT-SERVERS.NET.
3600000

servers

D.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.

IN
IN
IN
IN
IN
IN
IN
IN
IN

A
A
A
A
A
A
A
A
A

128.8.10.90
192.203.230.10
192.36.148.17
192.5.5.241
192.112.36.4
198.41.0.4
128.63.2.53
128.9.0.107
102.33.4.12

Figure 3: Initial named.ca Cache File for BIND

http://www.charvolant.org/~doug/network/html/node10.html

Page No: 8

The /var/named/private.hosts file

This file contains the IP addresses of the private network. A sample private.hosts file
is shown in figure 4.
;
;
Hosts file for domain flibble.orac.net.au.
;
;name
ttl
class
type
data
;
;
Source of authority
@
IN
SOA
solaris.flibble.orac.net.au.
root.solaris.flibble.orac.net.au. (
2000050201
; Serial
10800
; Refresh - 3 hours
3600
; Retry - 1 hour
432000
; Expire - 1 week
86400)
; Minimum - 1 day
IN
NS
solaris.flibble.orac.net.au.
;
;
Machines for the flibble.orac.net.au domain
;
;name
ttl
class
type
data
localhost
IN
A
127.0.0.1
solaris
IN
A
10.5.3.1
win95
IN
A
10.5.3.21
linux
IN
A
10.5.3.22
;
;
Aliases
;
mail
IN
CNAME
solaris
www
IN
CNAME
solaris
;
;
Domain mailing addresses
;
flibble.orac.net.au.
IN
MX
10
solaris.flibble.orac.net.au.
flibble.orac.net.au.
IN
A
10.5.3.1

Figure 4: Sample private.hosts File for BIND

Some explanation of the various codes is probably in order:
@
Domain. This is a short-hand for the domain given by the named.conf file
(flibble.orac.net.au in this case).
IN
Internet. Indicates that we are talking about the Internet class of records.
Supposedly, there are other possible classes here.

http://www.charvolant.org/~doug/network/html/node10.html

Page No: 9

SOA
Source of Authority. This entry contains information on which machine is the
primary name server for information about this domain (solaris.flibble.orac.net.au
in this case) and who to contact in the case of trouble
(root.solaris.flibble.orac.net.au). The serial number is used to indicate where
changes have occurred. The other numbers give the time to expiry of the
information broadcast by this name server.
The serial numbers need to increase with each version of the file. A fairly
common practice is to use YYYYMMDDVV with the year, month and day being
the date of update and VV being the version number within the day. In the past,
serial numbers of the form 1.2 were common, but this is now deprecated.
NS
Name Server. This line indicates that solaris.flibble.orac.net.au is the name server
for this domain.
A
Address. These lines give the IP addresses of the various hosts.
CNAME
Canonical Name. These lines give canonical names (aliases) for various common
names. These names are not strictly needed, but redirect requests to
www.flibble.orac.net.au etc. to solaris.flibble.orac.net.au
MX
Mail Exchange This line gives the system to which mail addressed to
user@flibble.orac.net.au should be sent to (solaris in this case).
The /var/named/private.rev file
This file allows ``reverse lookup.'' With this file, a system can get the name of a host
from its IP address. A sample private.rev file is shown in figure 5. The PTR code
allows an IP address. The 10.5.3. part of the address is derived from the entry in the
named.conf file (see section 3.4.2).
;
Reverse address file for domain flibble.orac.net.au
;
;name
ttl
class
type
data
;
;
Source of authority
@
IN
SOA
solaris.flibble.orac.net.au.
root.solaris.flibble.orac.net.au. (
2000050201
; Serial
10800
; Refresh - 3 hours
3600
; Retry - 1 hour
432000
; Expire - 1 week
86400)
; Minimum - 1 day
IN
NS
solaris.flibble.orac.net.au.
;
;
Machines names
;
;name
ttl
class
type
data
1
IN
PTR
solaris.flibble.orac.net.au.
21
IN
PTR
win95.flibble.orac.net.au.

http://www.charvolant.org/~doug/network/html/node10.html

Page No: 10

22

IN

PTR

linux.flibble.orac.net.au.

The /var/named/private.local file

This file allows reverse lookup for the localhost address. This file is not strictly
necessary. A sample private.local file is shown in figure 6.

;
;
Reverse address file for localhost
;
;name
ttl
class
type
data
;
;
Source of authority
@
IN
SOA
solaris.flibble.orac.net.au.
root.solaris.flibble.orac.net.au. (
2000050201
; Serial
10800
; Refresh - 3 hours
3600
; Retry - 1 hour
432000
; Expire - 1 week
86400)
; Minimum - 1 day
IN
NS
solaris.flibble.orac.net.au.
;
;
Machines names
;
;name
ttl
class
type
data
1
IN
PTR
localhost.

Figure 6: Sample private.local File for DNS

Starting the named Daemon
Once you have the files for named set up, you can start the /usr/local/sbin/named
daemon. This daemon will read the /usr/local/etc/named.conf file for its
configuration.
You will probably want to make the named daemon start up during startup. To do this,
modify the /etc/init.d/inetsvc file so that the lines which read

if [ -f /usr/sbin/in.named -a -f /etc/named.boot ]; then

/usr/sbin/in.named;
echo "starting internet domain name
server."
fi

now read

http://www.charvolant.org/~doug/network/html/node10.html

Page No: 11

if [ -f /usr/local/sbin/named -a -f /usr/local/etc/named.conf ]; then

/usr/local/sbin/named; echo "starting ISC internet domain name
server."
elif [ -f /usr/sbin/in.named -a -f /etc/named.boot ]; then
/usr/sbin/in.named;
echo "starting Solaris internet domain name
server."
fi

If you have installed named in an automounted local directory, you may need to delay the
starting of the daemon somewhat, until the automounter is running.

DNS Client Configuration

Once you have set up the DNS server, you will need to configure each system to use the
name server.

Configuring Solaris Clients

To configure a Solaris client properly you will need to edit the /etc/nsswitch.conf so
that the DNS server is consulted. Modify the hosts line in so that it reads:

hosts:

files dns

This line means that the Solaris system will first look up a name in the /etc/hosts file
(see section 3.3.1). If the name isn't there, then DNS will be used.
You will also have to set up the /etc/resolv.conf file so that the correct name servers
are consulted. A sample resolver file is:

;
;
Resolver
;
domain
nameserver
nameserver

for domain flibble.orac.net.au.

flibble.orac.net.au
10.5.3.1
203.30.77.33

The entries in this file are pretty self-evident. The name servers are tried in order, so if
the local name server is down, the ORAC name server will be tried instead.
http://www.charvolant.org/~doug/network/html/node10.html

Page No: 12

The last thing you need to do is set the local domain name. You probably do not have to
do this, but neatness demands it. The two commands you need are domainname
flibble.orac.net.au and domainname > /etc/defaultdomain where
flibble.orac.net.au is replaced by your chosen domain name.
Disabling nscd Cache Refreshes

Solaris 2.6 comes with a name caching daemon, nscd This daemon keeps a cache of
recent name queries to allow a more speedy response to common queries.
nscd is all very nice. But, in it's default configuration, it refreshes the queries in it's cache
every hour or so. If you have a dial-out connection, this means that every hour, your line
will come up to re-query any names that are in the cache; not a good thing.
To disable the refresh, alter /etc/nscd.conf so that the line reading keep-hot-count
hosts 20 now reads keep-hot-count hosts 0 Then make the nscd daemon re-read it's
configuration file by sending it a HUP signal.
Configuring Linux Clients
Configuring Linux DNS clients is similar to configuring Solaris clients as described
above, in section 3.4.3, except that you do not have to configure the
/etc/nsswitch.conf file and you only need to configure the domain name if you have
NIS installed.

Configuring Windows 95 Clients

To configure DNS for Windows 95, you need to open the Network section of the Control
Panel and choose the TCP/IP properties. For the example network, we have:
Tab

Field

Value

DNS Configuration Enable DNS

Host

win95

Domain flibble.orac.net.au
Add

10.5.3.1

Add

203.30.77.33

Testing the DNS Configuration

Once you have the DNS configuration working, you will probably want to test it. The
basic tool for testing the server configuration is /usr/local/sbin/nslookup This tool
allows you to interrogate the name server and see how it responds to various questions.
http://www.charvolant.org/~doug/network/html/node10.html

Page No: 13

Testing the Server

The DNS daemon can be made to provide debugging information by sending it a USR1
signal, via kill. The daemon will start tracing its behaviour by writing records into the file
/var/named/named.run Sending the daemon a USR2 signal turns off debugging.
The daemon can be made to dump it's current state into the file
/var/named/named_dump.db by sending it a INT signal.
Testing the clients
For Unix systems, using nslookup to test client behaviour is obvious. Windows 95 does
not have a suitable testing package. I used WS_Ping to test my setup.[25] WS_Ping is
not freeware.

http://www.charvolant.org/~doug/network/html/node10.html

Page No: 14