|
34.2 Configuration with YaST
You can use the DNS module of YaST to configure a DNS server for your
local network.
When starting the module for the first time, a wizard starts,
prompting you to make
just a few basic decisions concerning administration of the server.
Completing this initial setup produces a very basic server configuration
that should be functioning in its essential aspects.
The expert mode can be used to deal with more advanced configuration
tasks, such as setting up ACLs, logging, TSIG
keys, and other options.
34.2.1 Wizard Configuration
The wizard consists of three steps or dialogs. At the appropriate places in
the dialogs, you are given the opportunity to enter the expert
configuration mode.
-
When starting the module for the first time, the dialog,
shown in Figure 34-1, opens. In it,
decide whether the PPP daemon should provide a list of forwarders
on dial-up via DSL or ISDN () or whether you want to supply your own list
().
-
The dialog consists of several parts and is responsible for
the management of zone files, described in Section 34.5,
Zone Files.
For a new zone, provide a name for it in . To add a reverse zone, the name must end
in .in-addr.arpa. Finally, select the (master or slave). See Figure 34-2. Click
to configure
other settings of an existing zone. To remove
a zone, click .
-
In the final dialog,
you can open the DNS port in the firewall by clicking
. Then decide whether or not the
DNS server should
be started ( or
). You can also
activate LDAP support. See Figure 34-3.
34.2.2 Expert Configuration
After starting the module, YaST opens a window displaying several
configuration options. Completing it results in a DNS server
configuration with the basic functions in place:
Starting the DNS Server
Under , define whether
the DNS server should be started when
the system boots (during booting the system) or manually. To start the DNS server immediately,
select . To stop
the DNS server, select .
To save the current settings, select
.
You can open the DNS port in the
firewall with
and modify the firewall settings with
.
By selecting , the
zone files are managed by an LDAP database. Any changes to zone data
written to the LDAP database are picked up by the DNS server as soon
as it is restarted or prompted to reload its configuration.
DNS Server: Basic Options
In this section, set basic server options. From the
menu, select the desired item
then specify the value in the corresponding entry
field. Include the new
entry by selecting .
Logging
To set what the DNS server should log
and how, select .
Under , specify where
the DNS server should write the log data. Use the
systemwide log file /var/log/messages by
selecting or specify a
different file by selecting . In the
latter case, additionally specify the maximum file size in
megabytes and the number of log files to store.
Further options are available under . Enabling
causes every query to be logged, in which
case the log file could grow extremely large. For this reason,
it is
not a good idea to enable this option for other than debugging purposes.
To log the data traffic during zone updates between DHCP and DNS server,
enable . To
log the data traffic during a zone transfer from master to slave, enable
. See Figure 34-4.
Using ACLs
Use this window to define ACLs (access control lists) to
enforce access restrictions.
After providing a distinct name under
, specify an IP address (with or
without netmask) under
in the following fashion:
{ 10.10/16; }
The syntax of the configuration file requires that the
address ends with a semicolon and is put into curly braces.
TSIG Keys
The main purpose of TSIGs (transaction signatures) is to secure
communications between DHCP and DNS servers. They are described in
Section 34.7,
Secure Transactions.
To generate a TSIG key, enter a distinctive name in the field labeled
and specify the file where the key should
be stored (). Confirm your choices with
.
To use a previously created key, leave the
field blank and select the file where it is stored under . After that, confirm with .
Adding a Slave Zone
To add a slave zone, select ,
choose the zone type
, and click .
In the under
, specify the master from which
the slave should fetch its data. To limit access to the server,
select one of the ACLs from the list. See
Figure 34-5.
Adding a Master Zone
To add a master zone, select ,
choose the zone type
, write the name of the new zone,
and click .
Editing a Master Zone
To edit a master zone, select ,
choose the zone type , select the master zone
from the
table, and click . The dialog consists of
several pages: (the one opened first),
, ,
, and .
The basic dialog, shown in Figure 34-6,
lets you define
settings for dynamic DNS and access options for zone transfers to
clients and slave name servers. To permit the dynamic update of zones,
select as well as the
corresponding TSIG key. The key must have been defined
before the update action starts.
To enable zone transfers, select the corresponding ACLs. ACLs
must have been defined already.
- Zone Editor (NS Records)
-
This dialog allows you to define alternative name servers for the zones
specified. Make sure that your own name server is included in the list.
To add a record, enter its name under then confirm with .
See Figure 34-7.
- Zone Editor (MX Records)
-
To add a mail server for the current zone to the existing list, enter
the corresponding address and priority value. After doing so,
confirm by selecting . See
Figure 34-8.
- Zone Editor (SOA)
-
This page allows you to create SOA (start of authority) records. For an
explanation of the individual options, refer to
Example 34-6. Changing SOA records is
not supported for dynamic zones managed via LDAP.
- Zone Editor (Records)
-
This dialog manages name resolution. In , enter
the hostname then select its
type. represents the main
entry. The value for this should be an IP address.
is an alias. Use the types
and for detailed or
partial records that expand on the information provided in the
and
tabs. These three types resolve to an existing A record.
is for reverse zones. It is the
opposite of an A record.
|
|