Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 12 Nov 1999 14:23:44 +0800 (WST)
From:      Michael Kennett <mike@laurasia.com.au>
To:        papalia@UDel.Edu (John)
Cc:        freebsd-questions@freebsd.org
Subject:   Re: DNS (was: DNS & Virtual hosting)
Message-ID:  <199911120623.OAA01557@laurasia.com.au>
In-Reply-To: <4.1.19991111235710.0094b460@mail.udel.edu> from John at "Nov 12, 99 00:09:56 am"

next in thread | previous in thread | raw e-mail | index | archive | help
Hi John,

[Previous emails trimmed down -- I went overboard on this one!]

> I wasn't sure about the virtual hosting part... I've been looking at
> playing with DNS for a while, but all the warnings in the conf files make
> it a bit daunting.  But, what can I learn without trying :)  the file in
> /usr/share/doc/smm/10.named - how/with what is that read?  It seems
> readable in lynx, but quite a mess.

The file to read is `paper.ascii.gz'. This is a compressed (gzip) ascii
documented that has been formatted with nroff (?). I've always read these
documents straight from the command line with:

  $  zmore paper.ascii.gz

(I think zmore is part of the stock FreeBSD install. If not, do

  $  gunzip -c paper.ascii.gz | more

)

The mess in the file are some embedded control codes for highlighting text,
etc...  If you want to print the document out as straight ascii, you'll have
to filter out these codes. Try:

  $  gunzip -c paper.ascii.gz | col -b

> 
> >With DNS, there need to be (at least) two machines that contain records for
> >the foo.bar domain. Both of these machines should be available *all* the
> >time (24 hours each day). You'd also need to find a friend/associate who is
> >prepared to act as a `secondary' DNS server for your domain name.
> 
> I think I can find someone to ask to do that (hopefully).
> 
> >Finally, once you have a DNS server setup, the name will propagate out to
> >the world. This propagation is controlled by the `expiry' time parameter
> >in the DNS records -- if you set the expiry time to 4 weeks, you can't
> >change (radically!) your setup the next day. Every 4 weeks the non-authorit-
> >ative DNS servers will flush out (expire) the foo.bar domain records, and
> >refetch them (when demanded) from an authoritative source.
> 
> Now, this is the kinda stuff that I need to learn before putting all my
> eggs in my own DNS basket.  For example, the name propagates, but how?
> This kinda makes it sounds like you don't even really have to go thru
> NetworkSolutions or the other registration services to actually register?
> That just kinda sounds odd (then again, I'm currently in the infancy of
> knowledge on this :) ) Other than reading the entire O'Reilly book on Bind
> and DNS, is there a how-to on configuring named?  I couldn't locate one on
> freebsd, freebsddiary, or freebsdrocks.

Network Solutions, and other NIC's (e.g. aunic) in the world provide the
root of the DNS system. Let's say that your domain name is foo.bar, and that
you have the machines `www' and `gateway' with the IP addresses below:

gateway  192.168.27.1       (acting as the DNS server for foo.bar)
www      192.168.27.2

So what happens when someone looks up a web page on www.foo.bar???
Clearly, the name `www.foo.bar' has to get converted into the IP Address
192.168.27.2. (I'll go thru' this in all the gory detail for a Unix system)

1.  The application sends a request to the resolver (3) (also resolv.conf (5)).
2.  The resolver library routines look at the file

      /etc/resolv.conf

    to find out where *this* machine should look up names.
3.  Assuming that the /etc/resolv.conf has a `nameserver' command in it,
    the resolver forwards the name lookup to the nameserver.
4.  The nameserver checks its cache to see if anyone has requested www.foo.bar
    before (and that it hasn't expired). If it has an up-to-date mapping of
    the name, it sends back the IP address 192.168.27.2.

    Otherwise (www.foo.bar has not been requested before):

5. The nameserver sends off a query to its `owner' (called a forwarder in
   the named.conf file).

   This nameserver acts in the same way as step 4 (checks if www.foo.bar
   has been requested before, etc....)

   Finally, the request for the www.foo.bar lookup will filter up to the
   top level registration service (e.g. Network Solutions) who owns the
   `bar' domain. This top level service will then lookup the `foo'
   component, which will point to your domain name server.

6. The request is forwarded to your domain name server. It looks up the
   name `www', finds a match, and sends back the IP Address 192.168.27.2

7. The IP Address (192.168.27.2) filters back to application that requested
   the lookup. Along the way, the name mapping www.foo.bar -> 192.168.27.2
   is stored in a variety of caches so that the next request can be done
   more efficiently.

**** You must register with Network Solutions or another NIC!!!
   -- They are the `root' of the domain name hierarchy.


Setting Up Your DNS Configuration
---------------------------------

The main configuration file is /etc/namedb/named.conf. From memory, the
default FreeBSD config file is well commented. You'll need to add in
a section on the `forwarders' (who your DNS server should query when it
doesn't know the answer).

Also, for each domain name that your DNS server is going to be authoritative
for, you'll need different `zone' entries. For example, for the foo.bar
domain, you'd have:

  zone "foo.bar" {
    type master;
    file "foo.bar.domain";
  };

This tells your DNS server that whenever it gets a request for the foo.bar
it should look for the answer in the foo.bar.domain file.

The foo.bar.domain file should look like (for a basic example):

  ; Start-Of-Authority record
  @    IN    SOA    gateway.foo.bar.  postmaster.foo.bar. (
                    199911121        ; Serial number (Day+Revision)
                    3600             ; Refresh (seconds)
                    900              ; Retry
                    86400            ; Expiry (seconds -> 1 day)
                    3600 )           ; Minimum
  ; Nameservers for the 'foo.bar' domain
       IN   NS gateway
       IN   NS <your secondary domain name server for foo.bar>

  ; Machines in the foo.bar domain
  gateway  IN  A    192.168.27.1
  www      IN  A    192.168.27.2


Things get more complicated when you start adding in mail servers (MX
records) etc... But really, that is all there is to it! If you add a
new machine into the foo.bar domain, you just add in another Address
record (A) to the DNS zone file:

  new      IN  A    192.168.27.3

etc....


NOTE: the 192.168.*.* IP addresses are private - they cannot be used on the
internet as is (so don't copy this example straight off!!)


Some Hints:
-----------

1. You can set up a DNS server on your machine *without* registering a
   domain name, or even creating any zone files. To do this:

     a)   Get the IP address of the University/Dept. DNS server.
     b)   Set up your DNS server to `forward' requests to the Uni DNS server.

          In your /etc/namedb/named.conf (5) file, you'll add an entry like:

           options {
             forwarders {
               <uni.dns.server.ip.address>
             };
           };

     c)   Set up your resolv.conf (5) file to point to the localhost
          (address 127.0.0.1) with the `nameserver' directive.
     d)   Send the DNS server a SIGHUP (kill -HUP <DNS process ID>) to
          inform it that the configuration has changed.

   To test that this is working, use the nslookup (8) command.

2. Create a `play' domainname (for a while, I had `laurasia.home'. You
   could use `foo.bar' :-)
     a)   Create the zone file (e.g. as above)
     b)   Add the `zone' directive to /etc/namedb/named.conf (5) as shown
          above.
     c)   Send the DNS server a SIGHUP (kill -HUP <DNS process ID>) to
          inform it that the configuration has changed.

   Using this play domain, test that your DNS server is serving the new
   names with nslookup (8).

   Go to another machine, and test if it can recognize the play domain.
   You can do this by using nslookup in the interactive mode, and using
   the `server' command (look at the manpage).


If you've got this far, register a domain name with Network Solutions
et. al., and start serving up some awesome FreeBSD pages!

I'm sure there are lots of small details that I've left out, and that
you'll tripover as you begin to play with the setup. Feel free
to ask the list (freebsd-questions) and we'll try to sort them out.

Good Luck

Mike Kennett
(mike@laurasia.com.au)



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911120623.OAA01557>