From owner-freebsd-questions Thu Nov 11 22: 8:30 1999 Delivered-To: freebsd-questions@freebsd.org Received: from laurasia.com.au (lauras.lnk.telstra.net [139.130.93.142]) by hub.freebsd.org (Postfix) with ESMTP id F09C714D6E for ; Thu, 11 Nov 1999 22:08:14 -0800 (PST) (envelope-from mike@laurasia.com.au) Received: (from mike@localhost) by laurasia.com.au (8.9.1a/8.9.1) id OAA01557; Fri, 12 Nov 1999 14:23:44 +0800 (WST) From: Michael Kennett Message-Id: <199911120623.OAA01557@laurasia.com.au> Subject: Re: DNS (was: DNS & Virtual hosting) In-Reply-To: <4.1.19991111235710.0094b460@mail.udel.edu> from John at "Nov 12, 99 00:09:56 am" To: papalia@UDel.Edu (John) Date: Fri, 12 Nov 1999 14:23:44 +0800 (WST) Cc: freebsd-questions@freebsd.org X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi John, [Previous emails trimmed down -- I went overboard on this one!] > I wasn't sure about the virtual hosting part... I've been looking at > playing with DNS for a while, but all the warnings in the conf files make > it a bit daunting. But, what can I learn without trying :) the file in > /usr/share/doc/smm/10.named - how/with what is that read? It seems > readable in lynx, but quite a mess. The file to read is `paper.ascii.gz'. This is a compressed (gzip) ascii documented that has been formatted with nroff (?). I've always read these documents straight from the command line with: $ zmore paper.ascii.gz (I think zmore is part of the stock FreeBSD install. If not, do $ gunzip -c paper.ascii.gz | more ) The mess in the file are some embedded control codes for highlighting text, etc... If you want to print the document out as straight ascii, you'll have to filter out these codes. Try: $ gunzip -c paper.ascii.gz | col -b > > >With DNS, there need to be (at least) two machines that contain records for > >the foo.bar domain. Both of these machines should be available *all* the > >time (24 hours each day). You'd also need to find a friend/associate who is > >prepared to act as a `secondary' DNS server for your domain name. > > I think I can find someone to ask to do that (hopefully). > > >Finally, once you have a DNS server setup, the name will propagate out to > >the world. This propagation is controlled by the `expiry' time parameter > >in the DNS records -- if you set the expiry time to 4 weeks, you can't > >change (radically!) your setup the next day. Every 4 weeks the non-authorit- > >ative DNS servers will flush out (expire) the foo.bar domain records, and > >refetch them (when demanded) from an authoritative source. > > Now, this is the kinda stuff that I need to learn before putting all my > eggs in my own DNS basket. For example, the name propagates, but how? > This kinda makes it sounds like you don't even really have to go thru > NetworkSolutions or the other registration services to actually register? > That just kinda sounds odd (then again, I'm currently in the infancy of > knowledge on this :) ) Other than reading the entire O'Reilly book on Bind > and DNS, is there a how-to on configuring named? I couldn't locate one on > freebsd, freebsddiary, or freebsdrocks. Network Solutions, and other NIC's (e.g. aunic) in the world provide the root of the DNS system. Let's say that your domain name is foo.bar, and that you have the machines `www' and `gateway' with the IP addresses below: gateway 192.168.27.1 (acting as the DNS server for foo.bar) www 192.168.27.2 So what happens when someone looks up a web page on www.foo.bar??? Clearly, the name `www.foo.bar' has to get converted into the IP Address 192.168.27.2. (I'll go thru' this in all the gory detail for a Unix system) 1. The application sends a request to the resolver (3) (also resolv.conf (5)). 2. The resolver library routines look at the file /etc/resolv.conf to find out where *this* machine should look up names. 3. Assuming that the /etc/resolv.conf has a `nameserver' command in it, the resolver forwards the name lookup to the nameserver. 4. The nameserver checks its cache to see if anyone has requested www.foo.bar before (and that it hasn't expired). If it has an up-to-date mapping of the name, it sends back the IP address 192.168.27.2. Otherwise (www.foo.bar has not been requested before): 5. The nameserver sends off a query to its `owner' (called a forwarder in the named.conf file). This nameserver acts in the same way as step 4 (checks if www.foo.bar has been requested before, etc....) Finally, the request for the www.foo.bar lookup will filter up to the top level registration service (e.g. Network Solutions) who owns the `bar' domain. This top level service will then lookup the `foo' component, which will point to your domain name server. 6. The request is forwarded to your domain name server. It looks up the name `www', finds a match, and sends back the IP Address 192.168.27.2 7. The IP Address (192.168.27.2) filters back to application that requested the lookup. Along the way, the name mapping www.foo.bar -> 192.168.27.2 is stored in a variety of caches so that the next request can be done more efficiently. **** You must register with Network Solutions or another NIC!!! -- They are the `root' of the domain name hierarchy. Setting Up Your DNS Configuration --------------------------------- The main configuration file is /etc/namedb/named.conf. From memory, the default FreeBSD config file is well commented. You'll need to add in a section on the `forwarders' (who your DNS server should query when it doesn't know the answer). Also, for each domain name that your DNS server is going to be authoritative for, you'll need different `zone' entries. For example, for the foo.bar domain, you'd have: zone "foo.bar" { type master; file "foo.bar.domain"; }; This tells your DNS server that whenever it gets a request for the foo.bar it should look for the answer in the foo.bar.domain file. The foo.bar.domain file should look like (for a basic example): ; Start-Of-Authority record @ IN SOA gateway.foo.bar. postmaster.foo.bar. ( 199911121 ; Serial number (Day+Revision) 3600 ; Refresh (seconds) 900 ; Retry 86400 ; Expiry (seconds -> 1 day) 3600 ) ; Minimum ; Nameservers for the 'foo.bar' domain IN NS gateway IN NS ; Machines in the foo.bar domain gateway IN A 192.168.27.1 www IN A 192.168.27.2 Things get more complicated when you start adding in mail servers (MX records) etc... But really, that is all there is to it! If you add a new machine into the foo.bar domain, you just add in another Address record (A) to the DNS zone file: new IN A 192.168.27.3 etc.... NOTE: the 192.168.*.* IP addresses are private - they cannot be used on the internet as is (so don't copy this example straight off!!) Some Hints: ----------- 1. You can set up a DNS server on your machine *without* registering a domain name, or even creating any zone files. To do this: a) Get the IP address of the University/Dept. DNS server. b) Set up your DNS server to `forward' requests to the Uni DNS server. In your /etc/namedb/named.conf (5) file, you'll add an entry like: options { forwarders { }; }; c) Set up your resolv.conf (5) file to point to the localhost (address 127.0.0.1) with the `nameserver' directive. d) Send the DNS server a SIGHUP (kill -HUP ) to inform it that the configuration has changed. To test that this is working, use the nslookup (8) command. 2. Create a `play' domainname (for a while, I had `laurasia.home'. You could use `foo.bar' :-) a) Create the zone file (e.g. as above) b) Add the `zone' directive to /etc/namedb/named.conf (5) as shown above. c) Send the DNS server a SIGHUP (kill -HUP ) to inform it that the configuration has changed. Using this play domain, test that your DNS server is serving the new names with nslookup (8). Go to another machine, and test if it can recognize the play domain. You can do this by using nslookup in the interactive mode, and using the `server' command (look at the manpage). If you've got this far, register a domain name with Network Solutions et. al., and start serving up some awesome FreeBSD pages! I'm sure there are lots of small details that I've left out, and that you'll tripover as you begin to play with the setup. Feel free to ask the list (freebsd-questions) and we'll try to sort them out. Good Luck Mike Kennett (mike@laurasia.com.au) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message