How to set up your own domain.
Before we really start this section I'm going to serve you
some theory on how DNS works. And you're going to read it because
it's good for you. If you don't `wanna' you should at least skim it
very quickly. Stop skiming when you get to what should go in your
named.boot
file.
DNS is a hierarchical system. The top is written `.
' and
pronounced 'root'. Under . there are a number of Top Level Domains
(TLDs), the best known ones are ORG, COM, EDU and NET, but there are
many. When you want to find out the address of prep.ai.mit.edu
your name server has to find a name server that serves edu. It asks a
.
server (it already knows the .
servers, that's what the
root.cache
file is for), the .
server gives a list of edu
servers. I'll illustrate this here:
$ nslookup
Default Server: localhost
Address: 127.0.0.1
> server c.root-servers.net.
Default Server: c.root-servers.net
Address: 192.33.4.12
Ask the root server.
> set q=ns
Set the Query type to NS (name server records).
> edu.
The trailing . here is significant, it tells the server we're asking that edu is right under ., this narrows the search somewhat.
Server: c.root-servers.net
Address: 192.33.4.12
edu nameserver = E.ROOT-SERVERS.NET
edu nameserver = I.ROOT-SERVERS.NET
edu nameserver = F.ROOT-SERVERS.NET
edu nameserver = G.ROOT-SERVERS.NET
edu nameserver = A.ROOT-SERVERS.NET
edu nameserver = H.ROOT-SERVERS.NET
edu nameserver = B.ROOT-SERVERS.NET
edu nameserver = C.ROOT-SERVERS.NET
edu nameserver = D.ROOT-SERVERS.NET
E.ROOT-SERVERS.NET internet address = 192.203.230.10
I.ROOT-SERVERS.NET internet address = 192.36.148.17
F.ROOT-SERVERS.NET internet address = 39.13.229.241
G.ROOT-SERVERS.NET internet address = 192.112.36.4
A.ROOT-SERVERS.NET internet address = 198.41.0.4
H.ROOT-SERVERS.NET internet address = 128.63.2.53
B.ROOT-SERVERS.NET internet address = 128.9.0.107
C.ROOT-SERVERS.NET internet address = 192.33.4.12
D.ROOT-SERVERS.NET internet address = 128.8.10.90
This tells us that *.root-servers.net
serves edu.
, so we
can go on asking c
. Now we want to know who serves the next
level of the domain name: mit.edu.
:
> mit.edu.
Server: c.root-servers.net
Address: 192.33.4.12
Non-authoritative answer:
mit.edu nameserver = STRAWB.mit.edu
mit.edu nameserver = W20NS.mit.edu
mit.edu nameserver = BITSY.mit.edu
Authoritative answers can be found from:
BITSY.mit.edu internet address = 18.72.0.3
STRAWB.mit.edu internet address = 18.71.0.151
W20NS.mit.edu internet address = 18.70.0.160
steawb
, w20ns
and bitsy
serves mit
, select one and
inquire about ai.mit.edu
:
> server W20NS.mit.edu.
Hostnames are not case sensitive, but I use my mouse to cut and paste so it gets copied as is from the screen.
Server: W20NS.mit.edu
Address: 18.70.0.160
> ai.mit.edu.
Server: W20NS.mit.edu
Address: 18.70.0.160
Non-authoritative answer:
ai.mit.edu nameserver = WHEATIES.AI.MIT.EDU
ai.mit.edu nameserver = ALPHA-BITS.AI.MIT.EDU
ai.mit.edu nameserver = GRAPE-NUTS.AI.MIT.EDU
ai.mit.edu nameserver = TRIX.AI.MIT.EDU
ai.mit.edu nameserver = MUESLI.AI.MIT.EDU
Authoritative answers can be found from:
AI.MIT.EDU nameserver = WHEATIES.AI.MIT.EDU
AI.MIT.EDU nameserver = ALPHA-BITS.AI.MIT.EDU
AI.MIT.EDU nameserver = GRAPE-NUTS.AI.MIT.EDU
AI.MIT.EDU nameserver = TRIX.AI.MIT.EDU
AI.MIT.EDU nameserver = MUESLI.AI.MIT.EDU
WHEATIES.AI.MIT.EDU internet address = 128.52.32.13
WHEATIES.AI.MIT.EDU internet address = 128.52.35.13
ALPHA-BITS.AI.MIT.EDU internet address = 128.52.32.5
ALPHA-BITS.AI.MIT.EDU internet address = 128.52.37.5
GRAPE-NUTS.AI.MIT.EDU internet address = 128.52.32.4
GRAPE-NUTS.AI.MIT.EDU internet address = 128.52.36.4
TRIX.AI.MIT.EDU internet address = 128.52.32.6
TRIX.AI.MIT.EDU internet address = 128.52.38.6
MUESLI.AI.MIT.EDU internet address = 128.52.32.7
MUESLI.AI.MIT.EDU internet address = 128.52.39.7
So weaties.ai.mit.edu
is a nameserver for ai.mit.edu
:
> server WHEATIES.AI.MIT.EDU.
Default Server: WHEATIES.AI.MIT.EDU
Addresses: 128.52.32.13, 128.52.35.13
Now I change query type, we've found the name server so now we're
going to ask about everything wheaties knows about prep.ai.mit.edu
.
> set q=any
> prep.ai.mit.edu.
Server: WHEATIES.AI.MIT.EDU
Addresses: 128.52.32.13, 128.52.35.13
prep.ai.mit.edu CPU = dec/decstation-5000.25 OS = unix
prep.ai.mit.edu
inet address = 18.159.0.42, protocol = tcp
#21 #23 #25 #79
prep.ai.mit.edu preference = 1, mail exchanger = life.ai.mit.edu
prep.ai.mit.edu internet address = 18.159.0.42
ai.mit.edu nameserver = alpha-bits.ai.mit.edu
ai.mit.edu nameserver = wheaties.ai.mit.edu
ai.mit.edu nameserver = grape-nuts.ai.mit.edu
ai.mit.edu nameserver = mini-wheats.ai.mit.edu
ai.mit.edu nameserver = trix.ai.mit.edu
ai.mit.edu nameserver = muesli.ai.mit.edu
ai.mit.edu nameserver = count-chocula.ai.mit.edu
ai.mit.edu nameserver = life.ai.mit.edu
ai.mit.edu nameserver = mintaka.lcs.mit.edu
life.ai.mit.edu internet address = 128.52.32.80
alpha-bits.ai.mit.edu internet address = 128.52.32.5
wheaties.ai.mit.edu internet address = 128.52.35.13
wheaties.ai.mit.edu internet address = 128.52.32.13
grape-nuts.ai.mit.edu internet address = 128.52.36.4
grape-nuts.ai.mit.edu internet address = 128.52.32.4
mini-wheats.ai.mit.edu internet address = 128.52.32.11
mini-wheats.ai.mit.edu internet address = 128.52.54.11
mintaka.lcs.mit.edu internet address = 18.26.0.36
So starting at .
we found the successive name servers for the
next level in the domain name. If you had used your own DNS server
instead of using all those other servers, your named would of-course
cache all the information it found while diging this out for you, and
would not have to ask again for a while.
A much less talked about, but just as important domain is
in-addr.arpa
. It too is nested like the `normal' domains.
in-addr.arpa
is a hack, a good hack, but still a hack, that alows
us to get the hosts name when we have it's address. If you have the
address of a machine: 192.128.52.43 named procedes just like for the
prep.ai.mit.edu
example: find arpa.
servers. Find
in-addr.arpa.
servers, find 192.in-addr.arpa.
servers, find
128.192.in-addr.arpa.
servers, find 52.128.192.in-addr.arpa.
servers. Find needed records for 43.52.128.192.in-addr.arpa.
Clever huh? (say `yes').
I have just told a lie. DNS does not work literally the way I just told you. But it's close enough.
Now to define our own domain. We're going to make the domain linux.bogus and define machines in it. I use a totally bogus domain name to make sure we disturb no-one Out There.
But before we can even start defining our own domain you have to teach your named about localhost.
Make the directory /var/named/pz
(pz for Primary Zone) and
place these lines at the end of your named.boot
file:
primary 0.0.127.in-addr.arpa pz/127.0.0 primary localhost pz/localhost
Please note the lack of `.
' at the end of the domain names in
this file. The first line names the file pz/127.0.0
as
defining 0.0.127.in-addr.arpa
. This should be the contents:
$ORIGIN 0.0.127.IN-ADDR.ARPA. @ IN SOA linux.bogus. hostmaster.linux.bogus. ( 1 ; Serial 360000 ; Refresh 300 ; Retry 3600000 ; Expire 360000 ) ; Minimum NS ns.linux.bogus. 1 PTR localhost.
Please note the `.
' at the end of the domain names in this file in
contrast to the named.boot
file above. This `zone file' contains 3
`resource records' (RRs): A SOA RR. A NS RR nd a PTR RR. SOA is
short for Start Of Authority. Before the first record comes a $ORIGIN
directive, it is widely considered Good Practice to have a $ORIGIN
directive at the start of each zone file.
@ is a special notation meaning the origin, so the first line really says
0.0.127.IN-ADDR.ARPA IN SOA ...
NS is the Name Server RR, it tells DNS what machine is the name server of the domain. And finaly the PTR record says that 1.0.0.127.IN-ADDR.ARPA (i.e. 127.0.0.1) is named localhost.
The SOA record is the preamble to _all_ zone files, and there
should be exactly one in each zone file, the very first record. It
describes the zone, where it comes from (a machine called
linux.bogus
), who is responsible for its contents
(hostmaster@linux.bogus
), what version of the zone file this is
(serial: 1), and other things having to do with caching and secondary
DNS servers. For the rest of the fields ,refresh, retry, expire and
minimum use the numbers used in this HOWTO and you should be safe.
The NS record tells us who does DNS serving for
0.0.127.in-addr.arpa
, it is ns.linux.bogus
. The PTR record
tells us that 1.0.0.127.in-addr.arpa
(aka 127.0.0.1) is known as
localhost
.
The file pz/localhost
should cointain this:
$ORIGIN localhost. @ IN SOA linux.bogus. hostmaster.linux.bogus. ( 1 ; Serial 360000 ; Refresh 300 ; Retry 3600000 ; Expire 360000 ) ; Minimum NS ns.linux.bogus. A 127.0.0.1
If you're skipping ahead from section 2 you can kill and restart your named, then go back to section 2.
Now kill and restart your named and use nslookup to examine what you've done:
$ nslookup
Default Server: localhost
Address: 127.0.0.1
> 127.0.0.1
Server: localhost
Address: 127.0.0.1
Name: localhost
Address: 127.0.0.1
so it manages to get localhost
from 127.0.0.1, good. Don't push
it, we'll move on to checking localhost
:
> set q=any
> localhost.
Server: localhost
Address: 127.0.0.1
localhost
origin = linux.bogus
mail addr = hostmaster.linux.bogus
serial = 1
refresh = 360000 (4 days 4 hours)
retry = 300 (5 mins)
expire = 3600000 (41 days 16 hours)
minimum ttl = 360000 (4 days 4 hours)
localhost nameserver = ns.linux.bogus
localhost internet address = 127.0.0.1
localhost nameserver = ns.linux.bogus
Looks good. Now for our main task, the linux.bogus
domain, insert a
new primary line in named.boot
:
primary linux.bogus pz/linux.bogus
Note the continued lack of ending `.
' on the domain name in the
named.boot
file.
In the linux.bogus zone file we'll put some totally bogus data:
; ; Zone file for linux.bogus ; $ORIGIN linux.bogus. ; ; Mandatory minimum for a working domain ; @ IN SOA linux.bogus. hostmaster.linux.bogus. ( 199511301 ; serial, todays date + todays serial # 900 ; refresh, seconds 600 ; retry, seconds 3600000 ; expire, seconds 86400 ) ; minimum, seconds ; @ NS ns.linux.bogus. @ NS ns.friend.bogus. ns.friend.bogus. A 127.0.0.10 @ MX 10 mail.linux.bogus ; Primary Mail Exchanger @ MX 20 mail.friend.bogus. ; Secondary Mail Exchanger mail.friend.bogus. A 127.0.0.11
There is one new RR type in this file, the MX, or Mail eXchanger
RR. It tells mail systems where to send mail that is addressed to
someone@linux.bogus
, namely too mail.linux.bogus
or
mail.friend.bogus
. The number before each machine name is that
MX RRs priority, The RR with the lowest number (10) is the one mail
should be sent to primarily. If that fails it can be sent to one with
a higher number, a secondary mail handler, i.e. mail.friend.bogus
which has priority 20 here.
Restart named by running /usr/sbin/named.restart
. Examine
the results with nslookup:
$ nslookup
> set q=any
> linux.bogus
Server: localhost
Address: 127.0.0.1
linux.bogus
origin = linux.bogus
mail addr = hostmaster.linux.bogus
serial = 199511301
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 3600000 (41 days 16 hours)
minimum ttl = 86400 (1 day)
linux.bogus nameserver = ns.linux.bogus
linux.bogus nameserver = ns.friend.bogus
linux.bogus preference = 10, mail exchanger = mail.linux.bogus.linux.bogus
linux.bogus preference = 20, mail exchanger = mail.friend.bogus
linux.bogus nameserver = ns.linux.bogus
linux.bogus nameserver = ns.friend.bogus
Upon careful examination you will discover a bug. The line
linux.bogus preference = 10, mail exchanger = mail.linux.bogus.linux.bogus
is all wrong. It should be
linux.bogus preference = 10, mail exchanger = mail.linux.bogus
I deliberately made a mistake so you could learn from it :-) Looking in the zone file we find that the line
@ MX 10 mail.linux.bogus ; Primary Mail Exchanger
is missing a period. Or has a 'linux.bogus' too many. If a machine name does not end in a period in a zone file the origin is added to it's end. So either
@ MX 10 mail.linux.bogus. ; Primary Mail Exchanger
or
@ MX 10 mail ; Primary Mail Exchanger
is correct. I prefer the latter form, it's less to type. In a zone
file the domain should either be written out and ended with a `.
'
or it should not be included at all, in which case it defaults to the
$ORIGIN. I must stress that in the named.boot file there should _not_
be `.
's after the domain names. You have no idea how many times
a `.
' too many or few have fouled up things and confused the h*ll
out of people.
So having made my point here is the new zone file, with some extra information in it too:
; ; Zone file for linux.bogus ; $ORIGIN linux.bogus. ; ; Mandatory minimum for a working domain ; @ IN SOA linux.bogus. hostmaster.linux.bogus. ( 199511301 ; serial, todays date + todays serial # 900 ; refresh, seconds 600 ; retry, seconds 3600000 ; expire, seconds 86400 ) ; minimum, seconds ; @ NS ns ; Inet Address of name server @ NS ns.friend.bogus. ns.friend.bogus. A 127.0.0.10 @ MX 10 mail ; Primary Mail Exchanger @ MX 20 mail.friend.bogus. ; Secondary Mail Exchanger mail.friend.bogus. A 127.0.0.11 ; ; Extras ; localhost A 127.0.0.1 @ TXT "Linux Bogus, your DNS consultant" ns A 127.0.0.2 MX 10 mail MX 20 mail.friend.bogus. HINFO "Pentium" "Linux 1.2" TXT "RMS" richard CNAME ns www CNAME ns donald A 127.0.0.3 MX 10 mail MX 20 mail.friend.bogus. HINFO "i486" "Linux 1.2" TXT "DEK" mail A 127.0.0.4 MX 10 mail MX 20 mail.friend.bogus. HINFO "386sx" "Linux 1.0.9" ftp CNAME 127.0.0.5 MX 10 mail MX 20 mail.friend.bogus. HINFO "P6" "Linux 1.3.59"
There are a number of new RRs here: HINFO (Host INFOrmation) has two parts, it's a good habit to quote each. The first part is the hardware or CPU on the machine and the second part the software or OS on the machine. ns has a Pentium CPU and runs Linux 1.2. The TXT record is a free text record that you can use for anything you like. CNAME (Canonical NAME) is a way to give each machine several names. So richard and www is a alias for ns. It's important to note that A MX, CNAME and SOA record should never refer to an other CNAME record, they should only refer to something with a A record, so it would wrong to have
foobar CNAME richard ; NO!
but correct to have
foobar CNAME ns ; Yes!
It's also important to note that a CNAME is not a legal host name
for a mail adddress: webmaster@www.linux.bogus
is illegal with
the setup shown above and you can expect quite a few mail admins Out
There to enforce this rule even if it works for you. The way to
avoild this is to use A records instead:
foobar A 127.0.0.2
Paul Vixie, the primary named wizard, recomends not using CNAME. So consider not using it very seriously.
Load the new database by running /usr/sbin/named.reload
,
this causes named to read it's files again.
$ nslookup
Default Server: localhost
Address: 127.0.0.1
> ls -d linux.bogus
This means that all records should be listed.
[localhost]
linux.bogus. SOA linux.bogus hostmaster.linux.bogus. (1995
11301 900 600 3600000 86400)
linux.bogus. NS ns.linux.bogus
linux.bogus. NS ns.friend.bogus
linux.bogus. MX 10 mail.linux.bogus
linux.bogus. MX 20 mail.friend.bogus
linux.bogus. TXT "Linux Bogus, your DNS consultant"
mail A 127.0.0.4
mail MX 10 mail.linux.bogus
mail MX 20 mail.friend.bogus
mail HINFO 386sx Linux 1.0.9
localhost A 127.0.0.1
www CNAME ns.linux.bogus
donald A 127.0.0.3
donald MX 10 mail.linux.bogus
donald MX 20 mail.friend.bogus
donald HINFO i486 Linux 1.2
donald TXT "DEK"
richard CNAME ns.linux.bogus
ftp CNAME 127.0.0.5.linux.bogus
ftp MX 10 mail.linux.bogus
ftp MX 20 mail.friend.bogus
ftp HINFO P6 Linux 1.3.59
ns A 127.0.0.2
ns MX 10 mail.linux.bogus
ns MX 20 mail.friend.bogus
ns HINFO Pentium Linux 1.2
ns TXT "RMS"
linux.bogus. SOA linux.bogus hostmaster.linux.bogus. (1995
11301 900 600 3600000 86400)
That's good. Let's check what it says for www alone:
> set q=any
> www.linux.bogus.
Server: localhost
Address: 127.0.0.1
www.linux.bogus canonical name = ns.linux.bogus
...In other words, the real name of www.linux.bogus
is
ns.linux.bogus
linux.bogus nameserver = ns.linux.bogus
linux.bogus nameserver = ns.friend.bogus
ns.linux.bogus internet address = 127.0.0.2
and ns.linux.bogus has the address 127.0.0.2. Looks good too.
Of course, this domain is highly bogus, and so are all the addresses in it. For a real domain insert the real domain names and addresses and all the other information. When that is done you need a reverse lookup zone file, it should be like the 127.0.0 file and contain exactly one PTR RR for each address in use, i.e.
127.0.0.2 PTR ns.linux.bogus.
127.0.0.3 PTR donald.linux.bogus.
127.0.0.4 PTR mail.linux.bogus.
127.0.0.5 PTR ftp.linux.bogus.
for our example domain (in addition to the SOA RR of-course).
Now it's time for you to play around with things and set up your
domain. When you've finished playing with the linux.bogus
domain
remove it from your named.boot
file.