Previous Next Contents

3. A Simple domain.

How to set up your own domain.

Before we really start this section I'm going to serve you some theory on how DNS works. And you're going to read it because it's good for you. If you don't `wanna' you should at least skim it very quickly. Stop skiming when you get to what should go in your named.boot file.

DNS is a hierarchical system. The top is written `.' and pronounced 'root'. Under . there are a number of Top Level Domains (TLDs), the best known ones are ORG, COM, EDU and NET, but there are many. When you want to find out the address of prep.ai.mit.edu your name server has to find a name server that serves edu. It asks a . server (it already knows the . servers, that's what the root.cache file is for), the . server gives a list of edu servers. I'll illustrate this here:

$ nslookup
Default Server:  localhost
Address:  127.0.0.1

> server c.root-servers.net.
Default Server:  c.root-servers.net
Address:  192.33.4.12

Ask the root server.

> set q=ns

Set the Query type to NS (name server records).

> edu.

The trailing . here is significant, it tells the server we're asking that edu is right under ., this narrows the search somewhat.

Server:  c.root-servers.net
Address:  192.33.4.12

edu     nameserver = E.ROOT-SERVERS.NET
edu     nameserver = I.ROOT-SERVERS.NET
edu     nameserver = F.ROOT-SERVERS.NET
edu     nameserver = G.ROOT-SERVERS.NET
edu     nameserver = A.ROOT-SERVERS.NET
edu     nameserver = H.ROOT-SERVERS.NET
edu     nameserver = B.ROOT-SERVERS.NET
edu     nameserver = C.ROOT-SERVERS.NET
edu     nameserver = D.ROOT-SERVERS.NET
E.ROOT-SERVERS.NET      internet address = 192.203.230.10
I.ROOT-SERVERS.NET      internet address = 192.36.148.17
F.ROOT-SERVERS.NET      internet address = 39.13.229.241
G.ROOT-SERVERS.NET      internet address = 192.112.36.4
A.ROOT-SERVERS.NET      internet address = 198.41.0.4
H.ROOT-SERVERS.NET      internet address = 128.63.2.53
B.ROOT-SERVERS.NET      internet address = 128.9.0.107
C.ROOT-SERVERS.NET      internet address = 192.33.4.12
D.ROOT-SERVERS.NET      internet address = 128.8.10.90

This tells us that *.root-servers.net serves edu., so we can go on asking c. Now we want to know who serves the next level of the domain name: mit.edu.:

> mit.edu.
Server:  c.root-servers.net
Address:  192.33.4.12

Non-authoritative answer:
mit.edu nameserver = STRAWB.mit.edu
mit.edu nameserver = W20NS.mit.edu
mit.edu nameserver = BITSY.mit.edu

Authoritative answers can be found from:
BITSY.mit.edu   internet address = 18.72.0.3
STRAWB.mit.edu  internet address = 18.71.0.151
W20NS.mit.edu   internet address = 18.70.0.160

steawb, w20ns and bitsy serves mit, select one and inquire about ai.mit.edu:

> server W20NS.mit.edu.

Hostnames are not case sensitive, but I use my mouse to cut and paste so it gets copied as is from the screen.

Server:  W20NS.mit.edu
Address:  18.70.0.160

> ai.mit.edu.
Server:  W20NS.mit.edu
Address:  18.70.0.160

Non-authoritative answer:
ai.mit.edu      nameserver = WHEATIES.AI.MIT.EDU
ai.mit.edu      nameserver = ALPHA-BITS.AI.MIT.EDU
ai.mit.edu      nameserver = GRAPE-NUTS.AI.MIT.EDU
ai.mit.edu      nameserver = TRIX.AI.MIT.EDU
ai.mit.edu      nameserver = MUESLI.AI.MIT.EDU

Authoritative answers can be found from:
AI.MIT.EDU      nameserver = WHEATIES.AI.MIT.EDU
AI.MIT.EDU      nameserver = ALPHA-BITS.AI.MIT.EDU
AI.MIT.EDU      nameserver = GRAPE-NUTS.AI.MIT.EDU
AI.MIT.EDU      nameserver = TRIX.AI.MIT.EDU
AI.MIT.EDU      nameserver = MUESLI.AI.MIT.EDU
WHEATIES.AI.MIT.EDU     internet address = 128.52.32.13
WHEATIES.AI.MIT.EDU     internet address = 128.52.35.13
ALPHA-BITS.AI.MIT.EDU   internet address = 128.52.32.5
ALPHA-BITS.AI.MIT.EDU   internet address = 128.52.37.5
GRAPE-NUTS.AI.MIT.EDU   internet address = 128.52.32.4
GRAPE-NUTS.AI.MIT.EDU   internet address = 128.52.36.4
TRIX.AI.MIT.EDU internet address = 128.52.32.6
TRIX.AI.MIT.EDU internet address = 128.52.38.6
MUESLI.AI.MIT.EDU       internet address = 128.52.32.7
MUESLI.AI.MIT.EDU       internet address = 128.52.39.7

So weaties.ai.mit.edu is a nameserver for ai.mit.edu:

> server WHEATIES.AI.MIT.EDU.
Default Server:  WHEATIES.AI.MIT.EDU
Addresses:  128.52.32.13, 128.52.35.13

Now I change query type, we've found the name server so now we're going to ask about everything wheaties knows about prep.ai.mit.edu.

> set q=any
> prep.ai.mit.edu.
Server:  WHEATIES.AI.MIT.EDU
Addresses:  128.52.32.13, 128.52.35.13

prep.ai.mit.edu CPU = dec/decstation-5000.25    OS = unix
prep.ai.mit.edu
        inet address = 18.159.0.42, protocol = tcp
         #21 #23 #25 #79
prep.ai.mit.edu preference = 1, mail exchanger = life.ai.mit.edu
prep.ai.mit.edu internet address = 18.159.0.42
ai.mit.edu      nameserver = alpha-bits.ai.mit.edu
ai.mit.edu      nameserver = wheaties.ai.mit.edu
ai.mit.edu      nameserver = grape-nuts.ai.mit.edu
ai.mit.edu      nameserver = mini-wheats.ai.mit.edu
ai.mit.edu      nameserver = trix.ai.mit.edu
ai.mit.edu      nameserver = muesli.ai.mit.edu
ai.mit.edu      nameserver = count-chocula.ai.mit.edu
ai.mit.edu      nameserver = life.ai.mit.edu
ai.mit.edu      nameserver = mintaka.lcs.mit.edu
life.ai.mit.edu internet address = 128.52.32.80
alpha-bits.ai.mit.edu   internet address = 128.52.32.5
wheaties.ai.mit.edu     internet address = 128.52.35.13
wheaties.ai.mit.edu     internet address = 128.52.32.13
grape-nuts.ai.mit.edu   internet address = 128.52.36.4
grape-nuts.ai.mit.edu   internet address = 128.52.32.4
mini-wheats.ai.mit.edu  internet address = 128.52.32.11
mini-wheats.ai.mit.edu  internet address = 128.52.54.11
mintaka.lcs.mit.edu     internet address = 18.26.0.36

So starting at . we found the successive name servers for the next level in the domain name. If you had used your own DNS server instead of using all those other servers, your named would of-course cache all the information it found while diging this out for you, and would not have to ask again for a while.

A much less talked about, but just as important domain is in-addr.arpa. It too is nested like the `normal' domains. in-addr.arpa is a hack, a good hack, but still a hack, that alows us to get the hosts name when we have it's address. If you have the address of a machine: 192.128.52.43 named procedes just like for the prep.ai.mit.edu example: find arpa. servers. Find in-addr.arpa. servers, find 192.in-addr.arpa. servers, find 128.192.in-addr.arpa. servers, find 52.128.192.in-addr.arpa. servers. Find needed records for 43.52.128.192.in-addr.arpa. Clever huh? (say `yes').

I have just told a lie. DNS does not work literally the way I just told you. But it's close enough.

Now to define our own domain. We're going to make the domain linux.bogus and define machines in it. I use a totally bogus domain name to make sure we disturb no-one Out There.

But before we can even start defining our own domain you have to teach your named about localhost.

Make the directory /var/named/pz (pz for Primary Zone) and place these lines at the end of your named.boot file:


primary         0.0.127.in-addr.arpa            pz/127.0.0
primary         localhost                       pz/localhost

Please note the lack of `.' at the end of the domain names in this file. The first line names the file pz/127.0.0 as defining 0.0.127.in-addr.arpa. This should be the contents:


$ORIGIN 0.0.127.IN-ADDR.ARPA.
@               IN      SOA     linux.bogus. hostmaster.linux.bogus. (
                                1       ; Serial
                                360000  ; Refresh
                                300     ; Retry
                                3600000 ; Expire
                                360000 )        ; Minimum
                        NS      ns.linux.bogus.
1                       PTR     localhost.

Please note the `.' at the end of the domain names in this file in contrast to the named.boot file above. This `zone file' contains 3 `resource records' (RRs): A SOA RR. A NS RR nd a PTR RR. SOA is short for Start Of Authority. Before the first record comes a $ORIGIN directive, it is widely considered Good Practice to have a $ORIGIN directive at the start of each zone file.

@ is a special notation meaning the origin, so the first line really says

  0.0.127.IN-ADDR.ARPA  IN      SOA ...

NS is the Name Server RR, it tells DNS what machine is the name server of the domain. And finaly the PTR record says that 1.0.0.127.IN-ADDR.ARPA (i.e. 127.0.0.1) is named localhost.

The SOA record is the preamble to _all_ zone files, and there should be exactly one in each zone file, the very first record. It describes the zone, where it comes from (a machine called linux.bogus), who is responsible for its contents (hostmaster@linux.bogus), what version of the zone file this is (serial: 1), and other things having to do with caching and secondary DNS servers. For the rest of the fields ,refresh, retry, expire and minimum use the numbers used in this HOWTO and you should be safe.

The NS record tells us who does DNS serving for 0.0.127.in-addr.arpa, it is ns.linux.bogus. The PTR record tells us that 1.0.0.127.in-addr.arpa (aka 127.0.0.1) is known as localhost.

The file pz/localhost should cointain this:


$ORIGIN localhost.
@               IN      SOA     linux.bogus. hostmaster.linux.bogus. (
                                1       ; Serial
                                360000  ; Refresh
                                300     ; Retry
                                3600000 ; Expire
                                360000 )        ; Minimum
                        NS      ns.linux.bogus.
                        A       127.0.0.1

If you're skipping ahead from section 2 you can kill and restart your named, then go back to section 2.

Now kill and restart your named and use nslookup to examine what you've done:

$ nslookup

Default Server:  localhost
Address:  127.0.0.1

> 127.0.0.1
Server:  localhost
Address:  127.0.0.1

Name:    localhost
Address:  127.0.0.1

so it manages to get localhost from 127.0.0.1, good. Don't push it, we'll move on to checking localhost:

> set q=any
> localhost.
Server:  localhost
Address:  127.0.0.1

localhost
        origin = linux.bogus
        mail addr = hostmaster.linux.bogus
        serial = 1
        refresh = 360000 (4 days 4 hours)
        retry   = 300 (5 mins)
        expire  = 3600000 (41 days 16 hours)
        minimum ttl = 360000 (4 days 4 hours)
localhost       nameserver = ns.linux.bogus
localhost       internet address = 127.0.0.1
localhost       nameserver = ns.linux.bogus

Looks good. Now for our main task, the linux.bogus domain, insert a new primary line in named.boot:


primary               linux.bogus                     pz/linux.bogus

Note the continued lack of ending `.' on the domain name in the named.boot file.

In the linux.bogus zone file we'll put some totally bogus data:


;
; Zone file for linux.bogus
;
$ORIGIN linux.bogus.
;
; Mandatory minimum for a working domain
;
@       IN      SOA     linux.bogus. hostmaster.linux.bogus. (
                        199511301       ; serial, todays date + todays serial #
                        900             ; refresh, seconds
                        600             ; retry, seconds
                        3600000         ; expire, seconds
                        86400 )         ; minimum, seconds
;
@               NS      ns.linux.bogus.
@               NS      ns.friend.bogus.
ns.friend.bogus. A      127.0.0.10
@               MX      10 mail.linux.bogus     ; Primary Mail Exchanger
@               MX      20 mail.friend.bogus. ; Secondary Mail Exchanger
mail.friend.bogus. A    127.0.0.11

There is one new RR type in this file, the MX, or Mail eXchanger RR. It tells mail systems where to send mail that is addressed to someone@linux.bogus, namely too mail.linux.bogus or mail.friend.bogus. The number before each machine name is that MX RRs priority, The RR with the lowest number (10) is the one mail should be sent to primarily. If that fails it can be sent to one with a higher number, a secondary mail handler, i.e. mail.friend.bogus which has priority 20 here.

Restart named by running /usr/sbin/named.restart. Examine the results with nslookup:

$ nslookup
> set q=any
> linux.bogus
Server:  localhost
Address:  127.0.0.1

linux.bogus
        origin = linux.bogus
        mail addr = hostmaster.linux.bogus
        serial = 199511301
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 3600000 (41 days 16 hours)
        minimum ttl = 86400 (1 day)
linux.bogus     nameserver = ns.linux.bogus
linux.bogus     nameserver = ns.friend.bogus
linux.bogus     preference = 10, mail exchanger = mail.linux.bogus.linux.bogus
linux.bogus     preference = 20, mail exchanger = mail.friend.bogus
linux.bogus     nameserver = ns.linux.bogus
linux.bogus     nameserver = ns.friend.bogus

Upon careful examination you will discover a bug. The line

 linux.bogus     preference = 10, mail exchanger = mail.linux.bogus.linux.bogus

is all wrong. It should be

  linux.bogus     preference = 10, mail exchanger = mail.linux.bogus

I deliberately made a mistake so you could learn from it :-) Looking in the zone file we find that the line


@               MX      10 mail.linux.bogus     ; Primary Mail Exchanger

is missing a period. Or has a 'linux.bogus' too many. If a machine name does not end in a period in a zone file the origin is added to it's end. So either

@               MX      10 mail.linux.bogus.    ; Primary Mail Exchanger

or

@               MX      10 mail                 ; Primary Mail Exchanger

is correct. I prefer the latter form, it's less to type. In a zone file the domain should either be written out and ended with a `.' or it should not be included at all, in which case it defaults to the $ORIGIN. I must stress that in the named.boot file there should _not_ be `.'s after the domain names. You have no idea how many times a `.' too many or few have fouled up things and confused the h*ll out of people.

So having made my point here is the new zone file, with some extra information in it too:


;
; Zone file for linux.bogus
;
$ORIGIN linux.bogus.
;
; Mandatory minimum for a working domain
;
@       IN      SOA     linux.bogus. hostmaster.linux.bogus. (
                        199511301       ; serial, todays date + todays serial #
                        900             ; refresh, seconds
                        600             ; retry, seconds
                        3600000         ; expire, seconds
                        86400 )         ; minimum, seconds
;
@               NS      ns              ; Inet Address of name server
@               NS      ns.friend.bogus.
ns.friend.bogus. A      127.0.0.10
@               MX      10 mail         ; Primary Mail Exchanger
@               MX      20 mail.friend.bogus. ; Secondary Mail Exchanger
mail.friend.bogus. A    127.0.0.11
;
; Extras
;
localhost       A       127.0.0.1
@               TXT     "Linux Bogus, your DNS consultant"
ns              A       127.0.0.2
                MX      10 mail
                MX      20 mail.friend.bogus.
                HINFO   "Pentium" "Linux 1.2"
                TXT     "RMS"
richard         CNAME   ns
www             CNAME   ns

donald          A       127.0.0.3
                MX      10 mail
                MX      20 mail.friend.bogus.
                HINFO   "i486"  "Linux 1.2"
                TXT     "DEK"
mail            A       127.0.0.4
                MX      10 mail
                MX      20 mail.friend.bogus.
                HINFO   "386sx" "Linux 1.0.9"
ftp             CNAME   127.0.0.5
                MX      10 mail
                MX      20 mail.friend.bogus.
                HINFO   "P6" "Linux 1.3.59"

There are a number of new RRs here: HINFO (Host INFOrmation) has two parts, it's a good habit to quote each. The first part is the hardware or CPU on the machine and the second part the software or OS on the machine. ns has a Pentium CPU and runs Linux 1.2. The TXT record is a free text record that you can use for anything you like. CNAME (Canonical NAME) is a way to give each machine several names. So richard and www is a alias for ns. It's important to note that A MX, CNAME and SOA record should never refer to an other CNAME record, they should only refer to something with a A record, so it would wrong to have


foobar  CNAME   richard                 ; NO!

but correct to have


foobar  CNAME   ns                      ; Yes!

It's also important to note that a CNAME is not a legal host name for a mail adddress: webmaster@www.linux.bogus is illegal with the setup shown above and you can expect quite a few mail admins Out There to enforce this rule even if it works for you. The way to avoild this is to use A records instead:


foobar  A       127.0.0.2

Paul Vixie, the primary named wizard, recomends not using CNAME. So consider not using it very seriously.

Load the new database by running /usr/sbin/named.reload, this causes named to read it's files again.

$ nslookup
Default Server:  localhost
Address:  127.0.0.1

> ls -d linux.bogus

This means that all records should be listed.

[localhost]
 linux.bogus.                   SOA   linux.bogus hostmaster.linux.bogus. (1995
11301 900 600 3600000 86400)
 linux.bogus.                   NS    ns.linux.bogus
 linux.bogus.                   NS    ns.friend.bogus
 linux.bogus.                   MX    10   mail.linux.bogus
 linux.bogus.                   MX    20   mail.friend.bogus
 linux.bogus.                   TXT   "Linux Bogus, your DNS consultant"
 mail                           A     127.0.0.4
 mail                           MX    10   mail.linux.bogus
 mail                           MX    20   mail.friend.bogus
 mail                           HINFO 386sx       Linux 1.0.9
 localhost                      A     127.0.0.1
 www                            CNAME ns.linux.bogus
 donald                         A     127.0.0.3
 donald                         MX    10   mail.linux.bogus
 donald                         MX    20   mail.friend.bogus
 donald                         HINFO i486        Linux 1.2
 donald                         TXT   "DEK"
 richard                        CNAME ns.linux.bogus
 ftp                            CNAME 127.0.0.5.linux.bogus
 ftp                            MX    10   mail.linux.bogus
 ftp                            MX    20   mail.friend.bogus
 ftp                            HINFO P6          Linux 1.3.59
 ns                             A     127.0.0.2
 ns                             MX    10   mail.linux.bogus
 ns                             MX    20   mail.friend.bogus
 ns                             HINFO Pentium     Linux 1.2
 ns                             TXT   "RMS"
 linux.bogus.                   SOA   linux.bogus hostmaster.linux.bogus. (1995
11301 900 600 3600000 86400)

That's good. Let's check what it says for www alone:

> set q=any
> www.linux.bogus.
Server:  localhost
Address:  127.0.0.1

www.linux.bogus canonical name = ns.linux.bogus

...In other words, the real name of www.linux.bogus is ns.linux.bogus

linux.bogus     nameserver = ns.linux.bogus
linux.bogus     nameserver = ns.friend.bogus
ns.linux.bogus  internet address = 127.0.0.2

and ns.linux.bogus has the address 127.0.0.2. Looks good too.

Of course, this domain is highly bogus, and so are all the addresses in it. For a real domain insert the real domain names and addresses and all the other information. When that is done you need a reverse lookup zone file, it should be like the 127.0.0 file and contain exactly one PTR RR for each address in use, i.e.

127.0.0.2       PTR     ns.linux.bogus.
127.0.0.3       PTR     donald.linux.bogus.
127.0.0.4       PTR     mail.linux.bogus.
127.0.0.5       PTR     ftp.linux.bogus.

for our example domain (in addition to the SOA RR of-course).

Now it's time for you to play around with things and set up your domain. When you've finished playing with the linux.bogus domain remove it from your named.boot file.


Previous Next Contents