DNS Tutorial

[jamrock]

I had promised Lovepython to put together a little tutorial on Linux DNS. So here we go.

DNS and telephone directories are all about name resolution.

Telephone directories translate the names of people or companies into telephone numbers. Telephones use numbers and people use names. There needs to be some method of finding out the telephone numbers for people.

DNS translates computer names into I.P. addresses. Computers use I.P. addresses and people use names. There needs to be some method of finding out the I.P. addresses for computers.

When we want to browse my network places for appserv1, DNS tells the computer the address of appserv1. When we type www.techjamaica.com, DNS tells the computer the I.P. address for www.techjamaica.com.

DNS is a feature of TCP/IP. It has the same basic functionality on Windows or Linux. It is good to start with some background information re: DNS. Here is some reading material.

We can look at the configuration files later.

http://www.microsoft.com/technet/pro...n/w2kdns2.mspx

http://www.linux-mag.com/2000-08/dns_01.html

It really doesn't matter if you read up Windows DNS or Linux DNS. The basics are the same. It is just that Microsoft has integrated their DNS with DHCP and Active Directory. This integration is important because they need it for Group Policy Objects to work.

[lovepython]

i started reading the material i'll let u know when i'm done. kinda multitasking at the moment. this is just one of the personal projects that i'm working on.

[lovepython]

ok i think i'm ready for the next step, hopefully that was alot of reading and a hole lot of stuff that i never even know about.

[jamrock]

Okay.. Cool...

I will get the rest of the information together.

DNS is easy to set up on Windows and Linux. Windows does the work for you so the typical admin never looks at a zone file. With Linux, you get to understand how the protocol works. Ever wonder why so many hackers have Linux/Unix backgrounds? Linux forces you to understand the inner workings of these things.

[lovepython]

oh ok well i have experience with setting up dns on windows but in linux it seems like its gonna take a little more effort.

[jamrock]

Actually, it won't.

It will take a little more knowledge.

Here is a summary:

Install the RPM from the cd.

Create your dns configuration file (/etc/named.conf)
Create your forward lookup zone file
Create your reverse lookup zone file
Create your loopback record

Start the DNS service.

The difference is that you need to know what a zone file looks like. I will give you sample files that you can edit.

If you compare the Linux zone files with the Windows zone files, you will see the exact same information. Why???

Because DNS is a fuction of the TCP/IP protocol. It is implemented the same way in all operating systems.

I just need to find a spare hour one evening this week.

Edit

I just remembered that I had posted some sample files some time ago. Here is the link.

http://www.techjamaica.com/forums/sh...hlight=jamrock

Install Bind using your distro's package manager and we can start. Hopefully we can continue tomorrow evening.

[jamrock]

I assume you have installed Bind using your distro's package manager.

We can now examine the DNS files.

The first file is the DNS configuration file. // represents comments. Anything following this not read by DNS.

Windows uses a central registry that keeps track of the applications that have been installed. Linux takes a different approach. Each application has its own configuration file.

This has certain advantages. One big advantage is that it is possible to install, re-install and restart applications without restarting the computer. Microsoft has reduced the amounts of restarts required with Windows 2003, but in general Windows needs significantly more restarts than Linux.

Another big advantage is that it is easy to transfer applications from one server to the next. Just install the application on another server and copy across the relevant configuration files.

On Redhat type systems the configuration file is /etc/named.conf.

options {

This indicates that we are setting the options for DNS. Windows DNS should have an options section if my memory is accurate. Don't have Windows DNS setup just now. Check and let me know what information is located there.

directory "/var/named";

States the directory in which the zone files are located. We will explain zone files in more detail later. The package install may create the directory for you.

/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/

// This ensures that DNS uses port 53
query-source address * port 53;

This restricts DNS to working on port 53. This is good if you have a firewall. You can open that port.

// If my DNS server can't resolve the address, try my ISP's name servers
forwarders {208.10.152.100; 208.10.152.140; };

Some people put the external (ISP) DNS server as the secondary DNS server during the client configuration. I use forwarders. This tells the client that if the local DNS server cannot resolve the request, ask the ISP's servers.

You should put the addresses of your ISP's DNS servers here.

};

This ends the options section. Important to close the brackets.

zone "." IN {
type hint;
file "named.ca";
};

This is the first zone. This file contains the list of the root servers. Note the brackets to open and close the section.

zone "mycorp.com" IN {
type master;
file "db.mycorp.com";
allow-update { none; };
allow-query {192.168.1/24;};
allow-transfer {none;} ;
};

This is my forward lookup zone. It tells DNS to look for the list of I.P. addresses in a file call db.mycorp.com. This file is located in /var/named as per the setting at the top.

The forward lookup zone resolves computer names to i.p. addresses.

I am preventing dynamic updates of my DNS database.

The server is only allowed to respond to queries from machines on the 192.168.1 subnet.

I am not allowing secondary DNS servers to pull the list of computer names and I.P. addresses from this server. I can put the addresses of the DNS servers that I want to receive zone transfers here.

zone "1.168.192.in-addr.arpa" IN {
type master;
file "db.192.168.1";
allow-update { none; };
allow-query {192.168.1/24;};
allow-transfer {none;};
};

This is the reverse lookup zone. The reverse lookup zone resolves i.p. addresses to computer names.

zone "0.0.127.in-addr.arpa" IN {
type master;
file "db.127.0.0";
allow-update { none; };
allow-transfer {none;};

This is the loopback record.

All you need to do is to take the sample file, and edit it using your own names for the various zone files. The installation normally creates the named.ca file which is a standard.

Look at the Windows configuration and you should see the same basic settings.

BTW,

The forum software does not handle spaces very weill. The zone files in the link are not formatted properly.

Here is a good example of what zone files look like

http://www.redhat.com/docs/manuals/l...bind-zone.html

Just to emphasize a point. DNS takes 10 minutes to set up. You just install it, edit your sample configuration files and you are good to go.

Here is some Red Hat documentation on the /etc/named.conf

http://www.redhat.com/docs/manuals/l...namedconf.html

Let me know if you have any questions. Remember to look at your Windows DNS settings.

[lovepython]

I'm kinda behind at the moment cause the box that i installed fedora on is giving so probs. i"ll let u know as sonn as i get it running and i have configured the dns files. where do i find the windows dns settings?

[jamrock]

where do i find the windows dns settings?

The following documents will help. The titles refer to Windows 2000 but they are also relvant to Windows 2003.

http://support.microsoft.com/default...300202&sd=tech

http://support.microsoft.com/kb/237675/

http://support.microsoft.com/kb/316341/

I have always found it easiest to set up DNS when I am running dcpromo to create the first domain controller in the forrest. All you have to do is to answer a few questions and Windows does all the work for you.

The only disadvantage is that this approach will not teach you how DNS works. I only started understanding DNS when I had to set it up on Linux.

[lovepython]

i finally got my linux box running and installed fedora core 5 but there seems to be a problem. when i go to the /etc folder to find and edit the named.conf file ist icon has a question mark and when i try to open it, it tells me that the fail appeard to be missing. what should i do?