v3.1 README3: A LINUX-TO-DEMON-INTERNET CONFIGURATION GUIDE 10/05/96
BIND: RUNNING A NAME SERVER UNDER SLACKWARE LINUX WITH DIS
==========================================================
Copyright 1994-6 John A. Phillips. john@linux.demon.co.uk
Please note that I don't really understand everything here, so some of
the stuff below may be a little off-beam, but it works (so far) for me.
Actually I don't use a local name server myself. I don't find it either
necessary or helpful in my situation. However, some people may find it
useful. Comments are welcome. As usual, use this information here at
your own risk.
Some of the files you need to install or modify are contained in the
package, for you to copy directly into place. See the list at the end
of this README. Configuration should be done as user "root".
3A Requirements and installation notes
--------------------------------------
From amongst the optional packages of disk set N, these are required for
basic network set-up. Other packages from disk set N may be needed in
the other packages in this guide. Please see the relevant README(s).
bind Required. This is the name server package.
NOTE 1: The name server in this package will be of little use in saving
network traffic for name resolution if you re-boot your machine very
frequently (about as often as you log in to Demon). The name server
cache is lost on shut-down and has to be re-generated from the network.
NOTE 2: Off-line, processes such as mail and news posting may take
longer to complete when you run a local name server, as name server time
outs seem to take longer.
NOTE 3: When running named I notice problems with netdate failing when
the clock is being adjusted by setclock in the BASE package. A cure is
to do a "nslookup ntp.demon.co.uk" whilst on line (assuming this is your
ntp server). This caches the name and IP address. Otherwise, set the
ntp server in setclock to another Demon machine, such as
demon-du.demon.co.uk.
3B The simplest possible set-up
-------------------------------
This is a very simple cache-only client. It is not authoritative at
all (not even over localhost and 127.0.0.1). I have been told this is a
security risk (but not why). However, it works.
Section 3C adds the SOA (Start of Authority) records for localhost and
127.0.0.1. I recommend that you do this on the assumption that the
advice I've heard about security is accurate.
Create directory /var/named (this is FSSTND compliant), and set up
/etc/named.boot (or copy it in place from named.boot1 in the package):
; /etc/named.boot: boot file for name server
;
directory /var/named
;
; type domain source file or host
;----------------------------------------------------------
;
cache . named.root
forwarders 158.152.1.58 158.152.1.43
This file says that further configuration files are to be found in
/var/named; that named.root contains "hints" about where to look things
up (the "root" nameservers); and that the nameservers in the forwarders
line (the demon nameservers) should be asked first if the cache does not
contain the name being looked up.
It is perfectly ok to leave out the forwarders line. The root
nameservers will be asked first for the answers to queries about names.
As the cache of names builds up, including nameserver entries, I think
that more appropriate nameservers will subsequently be asked for
information.
However including the forwarders line makes your system behave exactly
like a system using the demon nameservers via the list in resolv.conf,
except that the answers are cached, and the root nameservers are
available as a backup.
Set up /var/named/named.root thus (or copy it into place from the
package):
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC registration services
; under anonymous FTP as
; file /domain/named.root
; on server FTP.RS.INTERNIC.NET
; -OR- under Gopher at RS.INTERNIC.NET
; under menu InterNIC Registration Services (NSI)
; submenu InterNIC Registration Archives
; file named.root
;
; last update: Nov 8, 1995
; related version of root zone: 1995110800
;
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
; End of File
These are the top-level (root-domain) nameservers for the 'net. The
latest version of this file can be found on ftp.rs.internic.net in file
/domain/named.root.
Uncomment the "named" stanza in /etc/rc.d/rc.inet2 to run named at boot
time.
...
# Start the NAMED/BIND name server.
if [ -f ${NET}/named ]
then
echo -n " named"
${NET}/named
fi
...
Make sure /etc/host.conf is like this:
order hosts, bind
multi on
This makes sure the look-up for 127.0.0.1 or localhost is satisfied from
/etc/hosts (see below), because the cache-only non-authoritative
nameserver (in this section) will not even answer this query. If you
have the dummy interface in the kernel and it is set up in rc.inet1,
this will also allow /etc/hosts to resolve your own IP address and
hostname queries as well even when you are not connected.
Make sure /etc/hosts has at least these entries (configured for your own
hostname and IP address):
# For looping back.
127.0.0.1 localhost
# This machine.
AAA.BBB.CCC.DDD <YOUR_HOST_NAME>.demon.co.uk <YOUR_HOST_NAME>
If you have other demon machines in here, you can remove them, as named
will put them into its cache and remember them for you. If you keep
names and addresses here, they will be used before the names and
addresses in the cache (see /etc/host.conf), and any updates will not be
automatically made. Just keep the router (now demon-du, I believe) if
you are using DIP/CSLIP. PPP doesn't need it.
Some people have said that they prefer to leave key machine names in
/etc/hosts because this speeds things up a bit. Fair enough. You can
do this if you want. If the machine addresses ever change (which may be
unlikely for important machines), you can update them manually.
Make sure /etc/resolv.conf is like this:
search . demon.co.uk
nameserver 127.0.0.1
The first line could be "search ." or "domain demon.co.uk" - see "man 5
resolver" for the differences in name look-up behaviour. I prefer
"search . demon.co.uk", which looks up names as you supply them first,
then tries adding .demon.co.uk if the first look-up fails. This allows
you to use "ping gate" for example, rather than having to use "ping
gate.demon.co.uk".
The second line just points to the named on your own host as your
system's name server. I think other name servers (up to two more) could
be added after "nameserver 127.0.0.1", and will be used in the event
that your named goes down, but I haven't tried this.
That's it! Reboot now or run named manually.
You can't for now run nslookup (to make manual queries about names) on
your machine whilst it's not on the net, since nslookup does not seem to
go through the resolver library, and named seems to need to resolve
localhost and/or 127.0.0.1 first in order to work with nslookup.
However calls via the resolver library (e.g. from "telnet localhost" or
"ftp 127.0.0.1") will work through the resolver library asking
/etc/hosts.
Errors and other informative comments from named are logged in the file
/var/adm/syslog.
You can cause a running named to re-load its configuration files with
killall -HUP named
The command /usr/sbin/named.reload does the same and could be used
instead.
You can cause the current data cache and hints to be dumped to the file
/var/tmp/named_dump.db with the command
killall -INT named
It is instructive to do this and see the dump file on a newly started
named, and then after a simple connection to Demon, and then again after
a few FTPs to sites around the world.
A further command /usr/sbin/named.restart is also available to kill and
then re-start named if you wish to do this.
3C Adding SOA records for localhost and 127.0.0.1
-------------------------------------------------
This section adds the bits to run a named that is basically a cache-only
client but is authoritative over localhost (and 127.0.0.1). The set-up
is said to be more secure than the basic set-up in section 3B.
The set-up is installed as in section 3B, above, with the extras
explained below. I recommend you to follow this section as well.
Add a couple of extra lines (those starting with "primary") to the
original /etc/named.boot to make it look like this (or install the
named.boot file from the package as /etc/named.boot):
; /etc/named.boot: boot file for name server
;
directory /var/named
;
; type domain source file or host
;----------------------------------------------------------
;
cache . named.root
primary localhost named.hosts
primary 0.0.127.IN-ADDR.ARPA named.local
forwarders 158.152.1.58 158.152.1.43
Create /var/named/named.hosts like this (or copy the file in the package
into place):
; /var/named/named.hosts: local host
; origin is localhost. (see named.boot)
;
@ IN SOA <HOST>.demon.co.uk. <NAME>.<HOST>.demon.co.uk. (
94122401 ; serial number
86400 ; refresh: 24 hours
3600 ; retry: 1 hour
3600000 ; expire: 42 days (approx)
604800 ) ; minimum: 1 week
IN NS localhost.
localhost. IN A 127.0.0.1
Configure <HOST> as your hostname, <NAME> as your local e-mail address,
as appropriate (this entry should look like an Internet e-mail address
with the "@" replaced by ".". Watch for the "."s at the end of names.
They are important.
How do you choose the timeouts etc? I copied them from examples. Any
comments would be welcome.
Create /var/named/named.local like this (or copy it into place from the
package):
; /var/named/named.local: reverse mapping of 127.0.0
; origin is 0.0.127.in-addr.arpa. (see named.boot)
;
@ IN SOA <HOST>.demon.co.uk. <NAME>.<HOST>.demon.co.uk. (
94122401 ; serial number
360000 ; refresh: 100 hours
3600 ; retry: 1 hour
3600000 ; expire: 42 days (approx)
360000 ) ; minimum: 100 hours
IN NS localhost.
1 IN PTR localhost.
Configure <HOST> as your hostname, <NAME> as your local e-mail address,
as appropriate (this entry should look like an Internet e-mail address
with the "@" replaced by ".". Watch for the "."s at the end of names.
They are important.
How do you choose the timeouts etc? I copied them from examples. Again
any comments would be welcome.
That's it. Start or re-start named.
Now it is possible to have "order bind, hosts" in /etc/host.conf (if you
want). This allows /etc/hosts to be kept as a back-up rather than
consulted first. Actually I currently run my server as in section 3C,
but I still use "order hosts, binds", and a vestigial /etc/hosts file
just like the one in section 3B.
By the way, some people have advised me to be authoritative over
localhost.demon.co.uk. However I have checked that Demon's nameservers
return the correct answer for this name (127.0.0.1), which is then
cached. However, Demon's name servers certainly do not recognize just
localhost.
3D Conclusion
--------------
That's how it works for me. As I said, I don't understand a lot of the
"why's" yet, but the "how's" are in principle sorted (in the two
simplest cases anyway). I recommend Olaf Kirch's Linux Network
Administration Guide (superb in general), but supplemented by something
like the Sun Answerbook chapter 17, which for me sorted out a great deal
of my confusion over named. The O'Reilly book on DNS and BIND is also a
good source of information.
To return to using Demon's name servers, /etc/resolv.conf and
/etc/host.conf should be restored to their original configurations from
the BASE package. If you want to make this permanent, you should also
stop named from being run by /etc/rc.d/rc.inet2, and kill the current
process. The configuration files may be left in place.
3E Bugs
--------
I still get occasional entries in /var/adm/syslog of the sort:
Sep 3 05:04:25 linux named[47]: recvfrom: Connection refused
I believe this is cured by getting the latest bind package.
3F Acknowledgments
--------------------
Thanks to John Man (jman@home.org) for helpful comments.
3F Files in this package
------------------------
File name (Slackware) Location in this package
===================== ========================
/var/named/named.root bind/named.root
/var/named/named.local bind/named.local
/var/named/named.hosts bind/named.hosts
/etc/named.boot bind/named.boot1 (section 3B)
/etc/named.boot bind/named.boot (section 3C)
END OF README3