Spring 2009Configuring DNS: Client sideSetting up static clients is quite easy with bind. Justchange resolv.conf+ configure /etc/resolv.confdomain cs.fsu.edu; CS nameservernameserver 128.186.120.179; another CS nameservernameserver 128.186.120.178CNT 4603Spring 2009; opendns, just for backupnameserver 208.67.222.222DHCP clients by default overwrite /etc/resolv.conf;if you are configuring a DHCP client to use a fixed/etc/resolv.conf, you would have to look to see howto override the DHCP daemon’s attempts to overwrite/etc/resolv.confCNT 4603Spring 2009DNS resolutionTraditionally, the client will try the listed nameserversin order: 128.186.120.179, then 128.186.120.178, then“opendns”; each machine was given 30 seconds to fail,thus a name lookup failure could take 90 seconds to bereported with three servers listed.+ you can comment out the CS nameservers then usenslookup and see resultsCNT 4603Spring 2009+ or put a bogus address in the first entry to see if theresolver tries number 2+ the changes take effect immediately# nslookup www.yahoo.comCNT 4603Spring 2009A simple named.conf file//// named.conf for Red Hat Enterprise caching-nameserver//options {directory "/var/named";dump-file "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";/** If there is a firewall between you and nameservers you want* to talk to, you might need to uncomment the query-source* directive below. Previous versions of BIND always asked* questions using port 53, but BIND 8.1 uses an unprivileged* port by default.CNT 4603Spring 2009*/// query-source address * port 53;};//// a caching only nameserver config//controls {inet 127.0.0.1 allow { localhost; } keys { rndckey; };};zone "." IN {type hint;file "named.ca";};zone "localdomain" IN {type master;file "localdomain.zone";allow-update { none; };CNT 4603Spring 2009};zone "localhost" IN {type master;file "localhost.zone";allow-update { none; };};zone "0.0.127.in-addr.arpa" IN {type master;file "named.local";allow-update { none; };};zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {type master;file "named.ip6.local";allow-update { none; };};CNT 4603Spring 2009zone "255.in-addr.arpa" IN {type master;file "named.broadcast";allow-update { none; };};zone "0.in-addr.arpa" IN {type master;file "named.zero";allow-update { none; };};include "/etc/rndc.key";CNT 4603Spring 2009+ Setting up a caching-only BIND server used to bemore popular, now nscd appears to be more popular.nscd however has been problematic: it has been myexperience that it can cache old or bad data, and fail torespect TTLs.+ In between caching-only BIND and nscd infunctionality is dnsmasq, which incorporates supportfor most of a local DNS server and also includes aDHCP server.CNT 4603Spring 2009+ All of these are very easy to do these days: forinstance, yum -y install caching-nameserver or yum-y install dnsmasq, then turn on the default installation/etc/init.d/named start or /etc/init.d/dnsmasq.(You may (or may not) have to make some changesto /etc/resolv.conf)[root@sophie root]# nslookup> www.yahoo.comServer: 127.0.0.1Address: 127.0.0.1#53Non-authoritative answer:CNT 4603Spring 2009www.yahoo.com canonical name = www.yahoo.akadns.net.Name: www.yahoo.akadns.netAddress: 68.142.226.43Name: www.yahoo.akadns.netAddress: 68.142.226.45Name: www.yahoo.akadns.netAddress: 68.142.226.50Name: www.yahoo.akadns.netAddress: 68.142.226.35Name: www.yahoo.akadns.netAddress: 68.142.226.38Name: www.yahoo.akadns.netAddress: 68.142.226.39CNT 4603Spring 2009Name: www.yahoo.akadns.netAddress: 68.142.226.41Name: www.yahoo.akadns.netAddress: 68.142.226.42>CNT 4603Spring 2009Logging and namederrors: like most daemons, named errors (and otherinformation) are routed through syslog, which you controlwtih /etc/syslog.conf:# Log all kernel messages to the console.# Logging much else clutters up the screen.#kern.* /dev/console# Log anything (except mail) of level info or higher.# Don’t log private authentication messages!*.info;mail.none;news.none;authpriv.none;cron.none /var/log/messagesCNT 4603Spring 2009# The authpriv file has restricted access.authpriv.* /var/log/secure# Log all the mail messages in one place.mail.* /var/log/maillog# Log cron stuffcron.* /var/log/cron# Everybody gets emergency messages*.emerg *# Save news errors of level crit and higher in a special file.uucp,news.crit /var/log/spooler# Save boot messages also to boot.loglocal7.* /var/log/boot.log#CNT 4603Spring 2009# INN#news.=crit /var/log/news/news.critnews.=err /var/log/news/news.errnews.notice /var/log/news/news.noticeAnd here is what you see in /var/log/messages[root@sophie root]# egrep -i named /var/log/messagesFeb 14 10:18:20 sophie named[7597]: starting BIND 9.2.4 -u named -t /var/named/chrootFeb 14 10:18:20 sophie named[7597]: using 1 CPUFeb 14 10:18:20 sophie named: named startup succeededFeb 14 10:18:20 sophie named[7597]: loading configuration from ’/etc/named.conf’Feb 14 10:18:20 sophie named[7597]: no IPv6 interfaces foundFeb 14 10:18:20 sophie named[7597]: listening on IPv4 interface lo, 127.0.0.1#53Feb 14 10:18:20 sophie named[7597]: listening on IPv4 interface eth0, 128.186.120.8#53Feb 14 10:18:20 sophie named[7597]: command channel listening on 127.0.0.1#953Feb 14 10:18:20 sophie named[7597]: zone 0.in-addr.arpa/IN: loaded serial 42Feb 14 10:18:20 sophie named[7597]: zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700Feb 14 10:18:20 sophie named[7597]: zone 255.in-addr.arpa/IN: loaded serial 42Feb 14 10:18:20 sophie named[7597]: zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 1997022700CNT 4603Spring 2009Feb 14 10:18:20 sophie named[7597]: zone localdomain/IN: loaded serial 42Feb 14 10:18:20 sophie named[7597]: zone localhost/IN: loaded serial 42Feb 14 10:18:20 sophie named[7597]: runningCNT
View Full Document