A primary master name server for a zone reads the data for the zone from a file on it's host and are authoritative for that zone.The necessary files to setup a primary master name server are:
named.conf
db.127.0.0
db.208.164.186
db.openna
db.cache
named script
To configure the /etc/named.conf file for a master name server, use this configuration for the server on your network that acts as a master name server. After compiling
DNS, you need to set up a primary domain name for your server. We'll use openna.com as an example domain, and assume you are using IP network address
of 208.164.186.0. To do this, add the following lines to your /etc/named.conf.
Create the named.conf file touch /etc/named.conf and add:
options {
directory "/var/named";
fetch-glue no;
recursion no;
allow-query { 208.164.186/24; 127.0.0/8; };
allow-transfer { 208.164.186.2; };
transfer-format many-answers;
};
// These files are not specific to any zone
zone "." in {
type hint;
file "db.cache";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "db.127.0.0";
};
// These are our primary zone files
zone "openna.com" in {
type master;
file "db.openna ";
};
zone "186.164.208.in-addr.arpa" in {
type master;
file "db.208.164.186";
};
|
-
The fetch-glue no option can be used in conjunction with the option recursion no to prevent the server's cache from growing or becoming corrupted. Also, disabling recursion puts your name servers
into a passive mode, telling it never to send queries on behalf of other name servers or resolvers. A non-recursive name server is very difficult to spoof, since it doesn't send queries, and hence doesn't cache any data.
-
In the allow-query line, 208.164.186/24 and 127.0.0/8 are the IP addresses allowed to ask ordinary questions to the server.
-
In the allow-transfer line, 208.164.186.2 is the IP address allowed to receive zone transfers from the server. You must ensure that only your real slave name servers can transfer zones from your name serve,
as the information provided is often used by spammers and IP spoofers.
:
The options recursion no, allow-query, and allow-transfer in the named.conf file above are security features.
To configure the /var/named/db.127.0.0 file for a master and slave name server, you can use this configuration file by both a master name server and a slave name server.
The db.127.0.0 file covers the loopback network. Create the following files in /var/named/.
Create the db.127.0.0 file, touch /var/named/db.127.0.0 and add:
; Revision History: April 22, 1999 - [email protected]
; Start of Authority (SOA) records.
$TTL 345600
@ IN SOA deep.openna.com. admin.mail.openna.com. (
00 ; Serial
86400 ; Refresh
7200 ; Retry
2592000 ; Expire
345600 ) ; Minimum
; Name Server (NS) records.
NS deep.openna.com.
NS mail.openna.com.
; only One PTR record.
1 PTR localhost.
|
To configure the /var/named/db.208.164.186 file for a master name server, Use this configuration for the server on your network that acts as a master name server. The file db.208.164.186 maps
host names to addresses. Create the following files in /var/named/.
Create the db.208.164.186 file, touch /var/named/db.208.164.186 and add:
; Revision History: April 22, 1999 - [email protected]
; Start of Authority (SOA) records.
$TTL 345600
@ IN SOA deep.openna.com. admin.mail.openna.com. (
00 ; Serial
86400 ; Refresh
7200 ; Retry
2592000 ; Expire
345600 ) ; Minimum
; Name Server (NS) records.
NS deep.openna.com.
NS mail.openna.com.
; Addresses Point to Canonical Names (PTR) for Reverse lookups
1 PTR deep.openna.com.
2 PTR mail.openna.com.
3 PTR www.openna.com.
|
To configure of the /var/named/db.openna file for a master name server, use this configuration for the server on your network that acts as a master name server. The file db.openna maps
addresses to host names. Create the following file in /var/named/.
Create the db.openna file touch /var/named/db.openna and add:
; Revision History: April 22, 1999 - [email protected]
; Start of Authority (SOA) records.
$TTL 345600
@ IN SOA deep.openna.com. admin.mail.openna.com. (
00 ; Serial
86400 ; Refresh
7200 ; Retry
2592000 ; Expire
345600 ) ; Minimum
; Name Server (NS) records.
NS deep.openna.com.
NS mail.openna.com.
; Mail Exchange (MX) records.
MX 0 mail.openna.com.
; Address (A) records.
localhost A 127.0.0.1
deep A 208.164.186.1
mail A 208.164.186.2
www A 208.164.186.3
; Aliases in Canonical Name (CNAME) records.
;www CNAME deep.openna.com.
|
To configure the /var/named/db.cache file for a master and slave name servers Before starting your DNS server you must take a copy of the db.cache file and copy it into
the /var/named/ directory. The db.cache tells your server where the servers for the root zone are.
Use the following command on another Unix computer in your organization to query a new db.cache file for your DNS Server or pick one from your Red Hat Linux CD-ROM source distribution:
[root@deep] /# dig @.aroot-servers.net . ns > db.cache
|
Don't forget to copy the
db.cache file to the
/var/named/ directory on your server where you're installing
DNS server after retrieving it over the Internet.