|
|
Copyright 1998, EZine Publications
Domain Name Service (DNS) is an Internet service that associates a Text
Name with a Numeric Address. Normally when a user or program refers to a
domain name (such as WWW.WHITEHOUSE.GOV) to locate a resource on the
Internet, DNS is used to convert that name to a numeric address (such as
198.137.240.91) which is then used to actually locate the resource.
Every device that can be reached on the Internet via TCP/IP is
identified by a unique 24 bit numeric address, called an Internet Protocol
(IP) Address. IP addresses are normally written as four numbers separated
by periods. Each of the four numbers can range from 0 to 255 (e.g.,
198.137.240.91). IP addresses are grouped by ranges into networks and are
used to locate a specific machine or resource on the Internet much in the
same way that a telephone number is used to identify a telephone
instrument on the international telephone system.
Because humans often find it easier to remember names than numbers, the
DNS system was devised to associate the names with the numeric IP
addresses. The Domain Name System is a hierarchical, distributed system.
It is hierarchical in that names are grouped into domains, then within a
domain into sub-domains, and so on until the individual machine is
uniquely identified.
The primary top level domains that the Domain Name System is grouped
into are:
Unique names are registered within each primary domain, such as
WHITEHOUSE.GOV within .GOV, MICROSOFT.COM within .COM, and ATT.NET within
.NET. Normally a business or organization registers a single domain name
to uniquely identify themselves on the Internet. This is what is most
often referred to as "the Domain Name". This Domain Name might refer to an
actual computer system, but it most often refers to a network of
computers, and each computer system or service in that network has its own
unique name added to the Domain Name, such as WWW.WHITEHOUSE.GOV,
FTP.MICROSOFT.COM, and MAIL.ATT.NET. As networks grow more and more
complex, additional levels can be added to a network, each adding their
own name to the levels in the Domain Name. For example a system belonging
to Joe in the Accounts Receivable Section of the Accounting Department in
the Texas Regional Management Center for ABC Corporation might have a name
such as JOE.AR.ACCTNG.MGMT.TEXAS.ABC.COM.
As you can see by the above examples, the Domain Name grows to the left
as each new level is added to the hierarchy, and each network level is
separated by a single period. In addition to logically organizing the
name, this has another meaning: It identifies how the DNS system is
distributed for that specific name.
The Domain Name System is built as a distributed information system. At
the base of the distributed system is a series of root DNS servers. A DNS
server is a computer that has information on one sub- section of the
entire DNS system. The DNS server is available on the Internet to provide
this information to users on the net. The root servers are maintained by a
number of organizations such as College Universities, the US Military, and
NASA. As of this writing there are 9 root servers each providing duplicate
information. The multiple systems provide redundancy and serve to spread
the load of the service among various systems. In the DNS system each root
server actually has a unique name, but each also responds to the name of
"." (referred to as Dot).
The Dot servers, or root servers, have information on the IP addresses
of other DNS servers that have information on the primary domains (.Com,
.Net, .Gov, etc.). Within each primary domain server there is information
identifying each sub-domain under that primary domain. For example: the
root servers have information telling where to find the DNS servers for
the .COM domain. The DNS servers for the .COM domain have the information
telling where to find the servers holding information on MICROSOFT.COM,
IBM.COM, INTEL.COM, and any other Domain Name in the .Com Domain.
Following this out further, the servers with the information on
MICROSOFT.COM will have the information on the address of
WWW.MICROSOFT.COM, FTP.MICROSOFT.COM, etc.
When a program does a lookup of a Domain Name, the query follows the
path from the root out to the server that actually can identify the name.
For example, if a computer was trying to contact the imaginary computer
belonging to Joe in Accts Receivable, the procedure might take place like
this:
The computer trying to identify JOE.AR.ACCTNG.MGMT.TEXAS.ABC.COM looks
in its local database and does not find the address for this computer. It
contacts its local Name Server (a DNS server on its local LAN or at it's
Internet provider) and asks for the address of
JOE.AR.ACCTNG.MGMT.TEXAS.ABC.COM.
The name server does not know the address, so it contacts a root server
and asks for the address for JOE.AR.ACCTNG.MGMT.TEXAS.ABC.COM. The root
server will reply that it does not know, but will provide the addresses
for the .COM servers.
The name server selects a .COM server from the list and contacts it,
asking for the address for JOE.AR.ACCTNG.MGMT.TEXAS.ABC.COM. The .COM
server will reply that it does not know, but will provide the addresses
for the DNS servers for ABC.COM.
The name server selects a ABC.COM server and contacts it, asking for
the address for JOE.AR.ACCTNG.MGMT.TEXAS.ABC.COM. The ABC.COM server will
reply that it does not know, but will provide the addresses for the DNS
servers for TEXAS.ABC.COM.
This process continues until the name server finally contacts a DNS
server that contains the information on JOE.AR.ACCTNG.MGMT.TEXAS.ABC.COM.
This server will reply with the IP address, Mail Server address, and other
applicable information.
The name server will pass the requested information back to the
computer that made the original request. In addition, the name server will
place this information in it’s local database cache along with information
telling how long to keep this information on file before it should be
expired as old and no longer reliable.
Note: Please be aware that this is an oversimplification of how DNS
works. There are many other details to the operation of the system. This
does, however, give a basic idea of how the overall system functions.
One of the first things that most companies do when they become
seriously involved with the Internet is to select and register a unique
Domain Name. This way they have a unique identity on the Internet.
Anyone can register a Domain Name on the Internet as long as they can
properly fill out and submit the correct forms. For names in the .COM,
.NET, and .ORG Domains, the Internet Network Information Center (InterNIC)
provides this service and will register a new domain name for the fee of
$100 US. This registers the name for 2 years. After the first 2 years
expire, each additional year of registration will be billed at $50. The
InterNIC maintains a Registration Services web site with informative help
and the proper forms at HTTP://RS.InterNIC.Net.
For an overview of selecting and registering a Domain Name, please see
the article "Registering a
Domain Name".
If you have a your own Domain Name, and you have a permanent connection
to the Internet, and you have a network of any size, it is often a good
idea to set up your own DNS server. This gives the systems on your network
a local contact for DNS information and allows you to maintain and control
the names and addresses of your own systems. The DNS server you set up
might be as simple as a small 486/33 system running Linux, or you might
set up DNS as one of several services hosted by a larger UNIX or NT
Server.
Normally the only requirement for a DNS server is that it be connected
to the Internet on a permanent basis and that it be reachable from the
Internet via TCP/IP.
Most DNS servers, whether they are on UNIX, NT, or any other system,
follow a similar structure and setup scheme. This is because most are
based on the publicly available Berkeley Bind program source code. With
this in mind, this article will first go over the general setup
principles, then will link to separate pages giving examples of how to set
up specific versions of DNS on a Windows NT system and on a Linux system.
The first step to setting up a DNS server is to acquire the software
for the specific server on which you intend to host the service. Then you
need to copy it into the correct directories on that system. Consult the
documentation for your particular software for instructions on how to do
this.
Once you have the software loaded onto the system, the next step is to
set up a Boot Configuration file. This file tells your DNS server what
Domain Names it is hosting, the directories on the server system to use,
and the names of the files from which the DNS server will load it’s
databases. This file is often called the NAMED.BOOT file. This is an
example of a typical NAMED.BOOT file: |
; ; boot file for name server ; directory /etc cache . root.cache primary wlw.com db.wlw.com primary 146.217.205.IN-ADDR.ARPA db.205.217.146 primary 0.0.127.IN-ADDR.ARPA db.127.0.0 |
|
The lines that begin with a semi-colon are comments and are ignored by the software. The line that begins ‘directory’ tells the software the name of the directory to be used for files that do not have a full path name. The line that begins ‘cache’ tells the software where to find the file containing the list of root servers. Each line beginning with ‘primary’ identifies to the software a domain for which it will be hosting authoritative database information. It also identifies the name of the file from which the information for this domain should be read. For example, in the above file, the server will be a Primary DNS server for the WLW.Com domain, and the information on that domain is found in the file ‘/etc/db.wlw.com’. The two primary lines that have .IN-ADDR.ARPA as part of the domain name are identifying to the software that it will be providing Reverse Arpa lookup services. Reverse Arpa is how the DNS system allows a program or user to find the Domain Name for given IP addresses in addition to finding the IP addresses for specific Domain Names. After setting up the NAMED.BOOT file, the next step is to get a current Root Server list. This is a file that lists the servers at the root of the DNS distributed database. One good place to get this file is from NIC.DDN.MIL. Go to their home page, HTTP://NIC.DDN.MIL, select Domain Naming System (DNS) Information, select Domain Naming System Files, and then select the ROOT.CACHE file (as of this writing, the direct URL for this is FTP://NICDDN.MIL/domain/named.cache). This file should be downloaded and copied into the correct directory for your software. Some systems name this file "root.cache", on others it could be "named.cache" or "cache.dns" . Consult your specific documentation for the correct directory and name required by your software. The next step in setting up your DNS server is to set up a domain database file. This file defines the domain to the DNS server. This is the most critical file in setting up your DNS server, and is the one in which the most errors are usually made. Study the documentation that comes with your particular DNS software for information relating specifically to your server. The following is an example of a simple domain database file: |
wlw.com. in soa dns.wlw.com. hostmaster.wlw.com. (
1996090101 ; Serial number yyymmddnn
10800 ; Refresh in 3 hrs
3600 ; retry in 1 hr
604800 ; expire in 7 days
86400 ) ; minimum ttl 1 day
@ in ns dns.wlw.com.
in ns ns1.berkeley.edu.
in mx 10 mail.wlw.com.
in mx 20 mail.att.net.
dns in a 205.217.146.198
in mx 10 mail.wlw.com.
in mx 20 mail.att.net.
localhost in a 127.0.0.1
mail in a 205.217.146.200
www in cname dns.wlw.com.
|
|
On the first line of the file, the arguments "wlw.com. in soa" states that this defines the start of authority for the Internet domain wlw.com. The section "wlw.com." specifies the domain name, the "in" specifies Internet, and "soa" specifies it is the start of authority. The next section of the first line, "dns.wlw.com", specifies that this DB file was created on the system known as dns.wlw.com. The next section of the line, "hostmaster.wlw.com", identifies the E-Mail address to which inquiries about this domain should be sent. To determine the E-Mail address replace the first period in the name with an @, in this case giving you Hostmaster@WLW.Com as the address. A period is used instead of the @ because an @ is a special character in a DNS DB file. Note that the first line ends in a left parenthesis. This allows the Start of Authority record to span multiple lines. The next five lines contain additional information for the SOA record. The serial number line must contain a unique number that is incremented each time the DB file is updated or changed. This allows other DNS servers to determine if the information they have is out of date. A very common practice is to create a serial number from the year, month, and day, followed by a two-digit number. The serial number "1996090101" would break down to Sept. 1, 1996, first time edited that day. The next three lines contain information that is specifically for a Secondary DNS server. In the DNS system only one server is normally Authoritative for a particular domain. Even if there are other servers hosting for the domain, they all get their information from the Primary. The other servers are called Secondary servers. Secondary servers contact the Primary and pull information from it, then check back regularly to make sure that their information is still accurate. The "refresh" line specifies that a secondary DNS server checking this server for information should check every 3 hours (10800 seconds is 3 hours) to make sure it’s data is accurate. The "retry" line specifies that if a secondary DNS server checks this server for information and finds it down, it should check back in 1 hour (3600 seconds is 1 hour). The "expire" line specifies that if a secondary DNS server is unable to contact this server for 7 days, then it should expire all the information on this domain as unreliable (604800 seconds is 7 days). The "ttl" line applies to all of the information in the DB file. It specifies that any server that requests information about this domain should cache that information for 1 day, then expire it as old and unreliable (86400 seconds is 1 day). Any time any DNS server requests information from the server, this value will be sent along with the other information. The right parenthesis on the "ttl" line ends the SOA entry in the file. Note that on the SOA line as well as on all other lines in the file, any excess white space (spaces and tabs) separating the arguments is ignored by most DNS programs (check the documentation provided with your software for rules specific to your server software). This allows you to use spaces to make your DB file easier for you to read. Also note that the information on a line following a semi-colon is ignored as comments and should also be used to make the file easier for you to read. The next line in the file begins "@ in ns". This line identifies that a computer that serves as a DNS Name Server for this domain is dns.wlw.com. The @ is a shorthand way of referring to the domain name, and in this file is therefore the same as writing "wlw.com.". The "in ns" specifies Internet Name Server. The "dns.wlw.com." specifies the name of the system providing the service. Note the trailing period in the name "dns.wlw.com.", this is important: In a standard DNS DB file, any name argument that does not end with a period will have the name of the domain added to it. If this argument was written "dns.wlw.com" without the trailing period, the DNS program would expand that to "dns.wlw.com.wlw.com.", providing incorrect information. To save space and time, the name could be written "dns", which would be expanded correctly to "dns.wlw.com.". The next line after the "@ in ns" also identifies a computer that serves as a DNS server for this domain. When a line in the DB file does not begin with a name, and does not begin with an @, then it will default to the last name used, in this case it uses the @ which expands to "wlw.com.". This line identifies ns1.berkeley.com as another system providing Name Services for the domain wlw.com. The next line in the DB file begins " in mx". This line specifies that the computer that will provide Internet Mail Exchanger services for wlw.com is mail.wlw.com. The " in mx" specifies Internet Mail Exchanger. Because the line begins with spaces instead of a name, the program will use the last name specified which was @ (expanded to wlw.com.). The next argument, "10", is known as a preference value. The last argument specifies that the system providing the mail exchanger services is known as mail.wlw.com. A mail exchanger is a computer to which mail for this computer can be sent. In effect, this line says "When you are trying to send E-Mail to Anyone@WLW.Com, then it should actually be sent to Anyone@Mail.WLW.Com." The next line in the DB file also begins " in mx". This line identifies another computer that will provide Internet Mail Exchanger services for the wlw.com domain. Note that the preference argument on this line (20) is higher than the preference value on the previous line. This tells anyone out on the Internet who is trying to send mail to wlw.com that they should try Mail.WLW.Com first, and if it is unreachable, then try Mail.ATT.Com. This implies that Mail.ATT.Com will hold the mail until Mail.WLW.Com is reachable, then will forward the mail to be picked up. In large networks it is not uncommon to have 2, 3, or more mail exchangers with different preference values to guarantee that a server is available to receive incoming mail. The next line in the DB file begins "dns in a". This specifies that the Internet Address of the computer "dns.wlw.com." is 205.217.146.198. Note that the name argument "dns" does not have a trailing period, so it will be expanded to "dns.wlw.com.". The "in a" specifies Internet Address. The number at the end of the line specifies the IP address for this name. Also note that the IP address does not end with a trailing period. The IP address is not a name argument so it will not have the domain name appended to it. Following the line that defines dns.wlw.com. are two " in mx" lines. These two lines specify the mail exchangers to be used if any mail is addressed to anyone@dns.wlw.com. The next line is one that is found in almost all DNS DB files. It begins "localhost" and defines to the DNS system how to find the local loopback for any computer in the wlw.com domain. A standard feature of TCP/IP is that the address 127.0.0.1 will "loop back" to the computer that originates the request. It is a similar feature of DNS that the name "localhost" will also loop back to the computer originating the request. Note that the name "localhost" does not have a trailing period. This means the name will be expanded to "localhost.wlw.com.". The next line of the DB file is another address record. It specifies that the Internet address for mail.wlw.com. is 205.217.146.200. The last line in this file is "www in cname dns.wlw.com.". This tells the DNS program that another name for dns.wlw.com. is www.wlw.com. The argument "www" does not end with a period, so it is expanded to "www.wlw.com.". The "in cname" specifies that this is an Internet Canonical Name, a $100 term for "Alias". The last argument specifies that this defines an alias for "dns.wlw.com.". The result of this is that when the name WWW.WLW.Com is requested in a lookup, the DNS system will return the address 205.217.146.198. There are many other things that can be included in a DNS database file, but the above covers the basic information that will get probably 90% of users up and running. After the main DB file is set up, the next thing to set up is the Reverse Arpa files. Reverse Arpa is a feature that allows a user or a program to take an IP address and look up the Domain Name that is associated with it. When it was decided to add this ability to the DNS system, rather than add a whole new set of functions, it was implemented simply by making the information fit the existing system as closely as possible. A standard Internet Domain Name is a series of names separated by periods, with the most specific designator on the left moving to the most global designator on the right (e.g. WWW.Whitehouse.Gov designates the WWW system in the Whitehouse network under the .Gov domain). An IP address is the reverse: a series of numbers separated by periods with the most global designator on the left moving to the most specific designator to the right (e.g. 198.137.240.91 could be read to designate system 91 in subnet 240 of network 137 in global network 198). When Reverse Arpa was implemented, a new top level domain was created: IN-ADDR.ARPA. Historically this was because the Advanced Research Projects Agency (ARPA) was funding the Internet (which at that time was called ARPA-Net) and the purpose of the reverse lookup was to get the Internet Address, therefore IN-ADDR.ARPA. The top level domain name has remained ever since. To make the IP address fit the Domain Name conventions, the order of the numbers is reversed and added to IN- ADDR.ARPA. Thus, to find the name associated with the IP address 198.137.240.91, the request made to the DNS system would be for 91.240.137.198.IN-ADDR.ARPA. Many people find this confusing, and rightly so. Fortunately this is usually handled by programs and is transparent to users. Reverse lookup is used for many purposes, and is as important to maintain properly as standard DNS records. Many programs, such as the traceroute utility and most WWW Servers, use reverse lookup as part of their standard operation to display names along with IP addresses. This is to make their output more readable. If these programs do a reverse lookup on an IP address that does not have a name, they are often subject to long delays while they wait for the unanswered request to time out. In addition to this, many firewalls and server systems on the Internet require a system that is trying to connect to them to have a valid reverse lookup. This is to discourage hackers from trying to hide their identities. Also, many of the popular FTP libraries will not allow a connection unless the user has a valid reverse lookup to log in their records. These reasons and many others make reverse arpa important. In many ways the reverse arpa DB file is the same as a standard domain name DB file. The following is an example of a typical reverse arpa file: |
@ in soa dns.wlw.com. hostmaster.wlw.com. (
1996090101 ; Serial number yyymmddnn
10800 ; Refresh in 3 hrs
3600 ; retry in 1 hr
604800 ; expire in 7 days
86400 ) ; minimum ttl 1 day
@ in ns dns.wlw.com.
in ns ns1.berkeley.edu.
198 in ptr dns.wlw.com.
200 in ptr mail.wlw.com.
|
|
The first several lines are essentially the same as the standard domain name file. Note, though, that this file uses an @ at the beginning of the SOA line. This is allowed and will expand into the full name for the domain, in this case 146.217.205.IN-ADDR.ARPA. Just as in the standard domain DB file, there are also "in ns" lines identifying the name servers for the domain. The last two lines are slightly different from those found in the standard domain DB file. These identify that the name being looked up (in this case reverse arpa names) point to domain names instead of IP addresses. The "in ptr" stands for Internet Pointer. Note that the first argument on the line does not have a trailing period. It is a name argument, so the domain name is appended to it, giving the result 198.146.217.205.IN-ADDR.ARPA for the first of the two lines. Also note that the last argument on the line is not an IP address, but a fully expanded name that ends in a period. In this file it is doubly important to be careful to properly use trailing periods when setting up and changing the files. When setting up the reverse arpa files for your DNS server, you will normally need to set up one for each Class C address that you are using. If you are using Class B addresses, or a subnet of a class C, then you should contact your Internet Service Provider for assistance in setting up reverse arpa. In addition to the reverse arpa file(s) for your IP addresses, you also need to set up a reverse arpa file for your loopback address. The following is a standard loopback reverse arpa file: |
@ in soa dns.wlw.com. hostmaster.wlw.com. (
1996090101 ; Serial number yyymmddnn
10800 ; Refresh in 3 hrs
3600 ; retry in 1 hr
604800 ; expire in 7 days
86400 ) ; minimum ttl 1 day
@ in ns dns.wlw.com.
1 in ptr localhost.
|
|
One final consideration in setting up your reverse arpa files: You normally register your Domain Name with the InterNIC, and the InterNIC takes care of pointing the top level domain DNS servers at your domain level server. With reverse arpa, however, you need to coordinate with your IP provider to get the reverse arpa properly set up. In a typical setup, you might be getting a single class C group of 256 IP addresses from your Internet Service Provider (ISP). In this case the ISP must properly delegate the reverse arpa to you for hosting. If instead you are using a "provider independent" set of IP addresses directly from the InterNIC, then you would have to arrange reverse arpa delegation through the InterNIC. In addition to the DNS configuration files, there may be other files needed to tell your specific software how to start and execute the DNS server. On a Unix system it is often necessary to configure HOSTNAME, hosts, and resolv.conf files so that the machine running the DNS server can operate on the network to setup, start, and find it’s own DNS server. On a Windows NT system it is necessary to properly set up the TCP/IP configuration in the Control Panel | Network applet and to properly set up the Services database so that the system can enable TCP/IP and start the DNS service. Once you have the configuration files properly set up and in the correct directories, the only things left to do are to start your DNS server software, and to test and exercise it. Under Unix there are a number of well-developed testing tools for the DNS system. Under Windows NT some of these tools are available, and more may be available by the time you read this. It is important to note that whether or not your server is on Unix or NT, the testing tools of either should work to test your server.
Setting Up a "named" DNS Server on a Linux systemThe following is a brief example of the files necessary to configure a DNS server on a Linux system. This example is based on a generic Slackware install of Linux 1.3 or 2.0. The assumptions used in this example are as follows:
This example assumes that the files were created on 9/1/96, on the DNS system, and that the DNS E-Mail contact is Hostmaster@WLW.Com. When you set up your own DNS configuration files, you will need to change the specifics of these assumptions for your own setup. In particular:
The files for the example configuration are as follows: The Boot Configuration file is: /etc/named.boot |
; ; boot file for name server ; directory /etc cache . root.cache primary wlw.com db.wlw.com primary 146.217.205.IN-ADDR.ARPA db.205.217.146 primary 0.0.127.IN-ADDR.ARPA db.127.0.0 The primary domain name DB file is: /etc/db.wlw.com wlw.com. in soa dns.wlw.com. hostmaster.wlw.com. (
1996090101 ; Serial number yyymmddnn
10800 ; Refresh in 3 hrs
3600 ; retry in 1 hr
604800 ; expire in 7 days
86400 ) ; minimum ttl 1 day
@ in ns dns.wlw.com.
in ns ns1.berkeley.edu.
in mx 10 mail.wlw.com.
in mx 20 mail.att.net.
dns in a 205.217.146.198
in mx 10 mail.wlw.com.
in mx 20 mail.att.net.
localhost in a 127.0.0.1
mail in a 205.217.146.200
www in cname dns.wlw.com.
The reverse arpa file is: /etc/db.205.217.146 @ in soa dns.wlw.com. hostmaster.wlw.com. (
1996090101 ; Serial number yyymmddnn
10800 ; Refresh in 3 hrs
3600 ; retry in 1 hr
604800 ; expire in 7 days
86400 ) ; minimum ttl 1 day
@ in ns dns.wlw.com.
in ns ns1.berkeley.edu.
198 in ptr dns.wlw.com.
200 in ptr mail.wlw.com.
The reverse arpa for the loopback is: /etc/db.127.0.0 @ in soa dns.wlw.com. hostmaster.wlw.com. (
1996090101 ; Serial number yyymmddnn
10800 ; Refresh in 3 hrs
3600 ; retry in 1 hr
604800 ; expire in 7 days
86400 ) ; minimum ttl 1 day
@ in ns dns.wlw.com.
1 in ptr localhost.
The Host Name file is: /etc/HOSTNAME dns.wlw.com The Hosts file is: /etc/hosts 127.0.0.1 localhost 205.217.146.198 dns.wlw.com www.wlw.com 205.217.146.200 mail.wlw.com The Resolver Configuration file is: /etc/resolv.conf domain wlw.com nameserver 205.217.146.198 |
|
In the file /etc/rc.d/rc.inet2 look for the following lines and make sure that they are present and not commented out: # Start the NAMED/BIND name server.
if [ -f ${NET}/named ]
then
echo -n " named"
${NET}/named
fi
To test the configuration log to the /etc directory and enter the command "/usr/sbin/named" and note any error messages. This should start the named program that will execute in the background as a DNS server. Then use the program nslookup to query the server. Invoke nslookup by entering the command "nslookup" and note any error messages. The nslookup program should identify the name and IP address of the default server it is using, which should be the DNS server you have set up and are testing, and then it should display a command prompt ">". If you are testing the server from another system, use the nslookup command "server" to change servers (e.g. to set the server to DNS.WLW.COM use the command: server dns.wlw.com or server 205.217.146.198). From the nslookup command prompt enter the command "dns". This will query the selected server for the IP address of the system named dns. On a system with the example configuration files, the result of this would be: > dns Server: dns.wlw.com Address: 205.217.146.198 Name: dns.wlw.com Address: 205.217.146.198 Aliases: www.wlw.com > This tells you that the DNS server is responding properly and has the database properly loaded. Next enter the command "www.whitehouse.gov". This will cause the server to query out into the Internet DNS system for the IP address of WWW.Whitehouse.Gov. The result should be something similar to: |
> www.whitehouse.gov
Server: dns.wlw.com
Address: 205.217.146.198
Non-authoritative answer:
Name: www.whitehouse.gov
Addresses: 198.137.240.92, 198.137.240.91
>
|
|
This tells you that the server is able to contact the rest of the Internet and resolve names by communicating with other DNS servers. To check your Reverse Arpa, enter the nslookup command "set q=any" to display all information that is given as a result of a query. Then enter the nslookup command "198.146.217.205.IN-ADDR.ARPA". On a system with the example configuration files, the result of this would be: |
> set q=any > 198.146.217.205.IN-ADDR.ARPA Server: dns.wlw.com Address: 205.217.146.198 198.146.217.205.IN-ADDR.ARPA name = dns.wlw.com 146.217.205.IN-ADDR.ARPA nameserver = dns.wlw.com 146.217.205.IN-ADDR.ARPA nameserver = ns1.berkeley.edu ns1.berkeley.edu internet address = 128.32.136.9 > |
|
This tells you that the reverse arpa setup is functioning properly and is resolving PTR lookups. To exit from the nslookup program use the command "exit" or enter a Control-D.
The following is a brief example of the files necessary to configure a DNS server on a Windows NT system. This example is based on a system using Windows NT Workstation 3.51 with Service Pack 5 installed. The DNS software is available free for download at FTP://Internet.Microsoft.Com/dnsbeta. I have set the software up and tested it on NT 3.51 Workstation and Server, as well as on NT 4.0 Workstation and Server. NT 4.0 Server comes with a version of the same software and has a Setup Utility that runs as part of the standard server network setup. The assumptions used in this example are as follows:
When you set up your own DNS configuration files, you will need to change the specifics of these assumptions for your own setup. In particular:
The files for the example configuration are as follows: The Boot Configuration file is: %SystemRoot%\System32\dns\boot. |
; ; boot file for name server ; cache . cache.dns primary wlw.com wlw.dns primary 146.217.205.IN-ADDR.ARPA 205.dns The primary domain name DB file is: %SystemRoot%\System32\dns\wlw.dns wlw.com. in soa dns.wlw.com. hostmaster.wlw.com. (
1996090101 ; Serial number yyymmddnn
10800 ; Refresh in 3 hrs
3600 ; retry in 1 hr
604800 ; expire in 7 days
86400 ) ; minimum ttl 1 day
@ in ns dns.wlw.com.
in ns ns1.berkeley.edu.
in mx 10 mail.wlw.com.
in mx 20 mail.att.net.
dns in a 205.217.146.198
in mx 10 mail.wlw.com.
in mx 20 mail.att.net.
localhost in a 127.0.0.1
mail in a 205.217.146.200
www in cname dns.wlw.com.
The reverse arpa file is: %SystemRoot%\System32\dns\205.dns @ in soa dns.wlw.com. hostmaster.wlw.com. (
1996090101 ; Serial number yyymmddnn
10800 ; Refresh in 3 hrs
3600 ; retry in 1 hr
604800 ; expire in 7 days
86400 ) ; minimum ttl 1 day
@ in ns dns.wlw.com.
in ns ns1.berkeley.edu.
198 in ptr dns.wlw.com.
200 in ptr mail.wlw.com.
|
|
The reverse arpa database for the loopback is automatically generated by the DNS server software. To test the configuration copy the following files into the %SystemRoot%\System32 directory:
Next log to the %SystemRoot%\System32\dns directory and enter the command "dnssetup" and note any error messages. This should set up the registry with the correct entries for the dns server. Then enter the command "net start dns" and note any error messages. If you get error messages at this point, examine the Event Log for more information. In particular, an Error 13 tells you that there is an error in one of your configuration files, and messages in your event log should identify the problem. Once the server is running you can use the program nslookup to query the server. Invoke nslookup by entering the command "nslookup" and note any error messages. The nslookup program should identify the name and IP address of the default server it is using, which should be the DNS server you have set up and are testing, and then it should display a command prompt ">". If you are testing the server from another system, or if the current system is pointing to another DNS server as it’s primary, use the nslookup command "server" to change servers (e.g. to set the server to DNS.WLW.COM use the command: server dns.wlw.com or server 205.217.146.198). From the nslookup command prompt enter the command "dns". This will query the selected server for the IP address of the system named dns. On a system with the example configuration files, the result of this would be: |
> dns Server: dns.wlw.com Address: 205.217.146.198 Name: dns.wlw.com Address: 205.217.146.198 Aliases: www.wlw.com > |
|
This tells you that the DNS server is responding properly and has the database properly loaded. Next enter the command "www.whitehouse.gov". This will cause the server to query out into the Internet DNS system for the IP address of WWW.Whitehouse.Gov. The result should be something similar to: |
> www.whitehouse.gov
Server: dns.wlw.com
Address: 205.217.146.198
Non-authoritative answer:
Name: www.whitehouse.gov
Addresses: 198.137.240.92, 198.137.240.91
>
|
|
This tells you that the server is able to contact the rest of the Internet and resolve names by communicating with other DNS servers. To check your Reverse Arpa, enter the nslookup command "set q=any" to display all information that is given as a result of a query. Then enter the nslookup command "198.146.217.205.IN-ADDR.ARPA". On a system with the example configuration files, the result of this would be: |
> set q=any > 198.146.217.205.IN-ADDR.ARPA Server: dns.wlw.com Address: 205.217.146.198 198.146.217.205.IN-ADDR.ARPA name = dns.wlw.com 146.217.205.IN-ADDR.ARPA nameserver = dns.wlw.com 146.217.205.IN-ADDR.ARPA nameserver = ns1.berkeley.edu ns1.berkeley.edu internet address = 128.32.136.9 > |
|
This tells you that the reverse arpa setup is functioning properly and is resolving PTR lookups. To exit from the nslookup program use the command "exit". Once you have tested the DNS server and are satisfied that it is running correctly, go into the Control Panel | Services applet and select the Domain Name Server service and click on the Startup button. Change the Startup Type from Manual to Automatic, click on OK, then click on Close. This sets the DNS service to automatically start when the system is booted.
The following is a brief example of the procedure to configure MS Domain Name Server on a Windows NT 4.0 Server system. This example is based on a system using Windows NT Server 4.0 system with Service Pack 3 and the DNS-Fix Hot Fix applied. The MS DNS software comes on the WinNT 4.0 Server CD, and both Service Pack #3 and the DNS-Fix Hot Fix are available for free on the Microsoft FTP site at FTP://FTP.Microsoft.Com/bussys/winnt/winnt-public/fixes/usa/nt40/. I have set the software up and tested it on numerous WinNT 4.0 Server systems. The assumptions used in this example are as follows:
When you set up your own DNS configuration, you will need to change the specifics of these assumptions for your own setup. In particular:
Begin by adding the MS DNS service to the NT Server system that will be hosting the service. Log onto the NT Server system using an ID that has Administrative privileges. Go to Control Panel, Network, select the Services tab, and click on Add. From the Network Services list select Microsoft DNS Server and click OK. The program may prompt you to place the NT 4.0 Server CD into your CD ROM drive. When it has completed loading the service, exit from the Network applet and re-boot your computer system. When the system has finished re-booting, log on using an ID that has Administrative privileges. Go to the Control Panel, Services applet and verify that the Microsoft DNS Service has started. If it did not start, go to the Event Viewer and look for error messages to see why the service did not start. To configure the DNS service, go to Start, Programs, Administrative Tools (Common), and select DNS Manager. This should bring up the Domain Name Service Manager window. Initially this should be empty except for a single entry showing Server List. Select the server to administer by going to DNS, New Server, and entering the IP address or Domain Name of the server to be administered, in this example DNS.WLW.Com. This should cause the program to connect to the DNS service that you just created. Highlight the server and double-click, this should bring up another level showing Cache. The first zone you should create is the Reverse Arpa zone for the network. Hightlight the server name and select DNS, New zone. Select Primary Zone and click on Next. Enter the reverse arpa zone name, 146.217.205.in-addr.arpa, in the Zone Name field. Note that this is the most significant 3 parts of the Network Address in reverse order. Use the Tab key to tab past the Zone File field and accept the default name (146.217.205.in-addr.arpa.dns), and click on Next. Click on Finish and the program should create the reverse arpa zone for you with the proper basic records automatically generated. The next step is to highlight the server (DNS.WLW.Com) and once again select DNS and New Zone. Select Primary Zone and click on Next. Enter the domain name, WWW.WLW.Com, in the Zone Name field and use the Tab key to tab past the Zone File field and accept the default name (WLW.Com.dns), and click on Next. Click on Finish and the program should create the zone file for you with the proper basic records automatically generated. To add the host record for DNS.WLW.Com, highlight the WLW.Com zone and select DNS, New Host. Enter DNS in the Host Name field, 204.217.146.198 in the Host IP Address field, check the Create Associated PTR Record box, and click on Add Host. This should add the DNS A record to the WLW.Com database, and add the 198 PTR record to the reverse arpa database. To add the host record for MAIL.WLW.Com, highlight the WLW.Com zone and select DNS, New Host. Enter MAIL in the Host Name field, 204.217.146.200 in the Host IP Address field, check the Create Associated PTR Record box, and click on Add Host. This should add the MAIL A record to the WLW.Com database, and add the 200 PTR record to the reverse arpa database. To add the alias record for WWW that will point to DNS.WLW.Com, highlight the WLW.Com zone and select DNS, New Record. Select CNAME Record in the Record Type box, enter WWW in the Alias Name field, enter DNS in the Fort Host DNS Name field, 204.217.146.198 in the Host IP Address field, and click on OK. This should add the WWW CNAME record to the WLW.Com database. To configure the database so that mail for users on the WLW.Com system is sent to the SMTP server at MAIL.WLW.Com, highlight the WLW.Com zone and select DNS and New Record. Select MX Record in the Record Type box, leave the Host Name field blank, enter MAIL.WLW.Com in the Mail Exchange Server DNS Name field, enter 10 in the Preference Number, and click on OK. This should add an MX record to the WLW.Com database for Mail.WLW.Com To configure the database so that mail for users on the WLW.Com system can be relayed through the SMTP server at Mail.ATT.Net if Mail.WLW.Com is temporarily unavailable, highlight the WLW.Com zone and select DNS and New Record. Select MX Record in the Record Type box, leave the Host Name field blank, enter Mail.ATT.Net in the Mail Exchange Server DNS Name field, enter 20 in the Preference Number, and click on OK. This should add the MX record to the WLW.Com database for Mail.ATT.Net. To configure the database to show that there is a secondary DNS server for the zone on NS1.Berkeley.Edu, highlight the WLW.Com zone and select DNS and New Record. Select NS Record in the Record Type box, enter NS1.Berkeley.Edu in the Name Server DNS Name field, and click on OK. This should add the NS record to the WLW.Com database for NS1.Berkeley.Edu. Once the server is running you can use the program nslookup from the NT Command Prompt to query the server and verify that it is functioning properly. Invoke nslookup by entering the command "nslookup" and note any error messages. The nslookup program should identify the name and IP address of the default server it is using, which should be the DNS server you have set up and are testing, and then it should display a command prompt ">". If you are testing the server from another system, or if the current system is pointing to another DNS server as it’s primary, use the nslookup command "server" to change servers (e.g. to set the server to DNS.WLW.COM use the command: server dns.wlw.com or server 205.217.146.198). From the nslookup command prompt enter the command "dns". This will query the selected server for the IP address of the system named dns. On a system configured as shown in the above example the result of this would be: |
> dns Server: dns.wlw.com Address: 205.217.146.198 Name: dns.wlw.com Address: 205.217.146.198 Aliases: www.wlw.com > |
|
This tells you that the DNS server is responding properly and has the database properly loaded. Next enter the command "www.whitehouse.gov". This will cause the server to query out into the Internet DNS system for the IP address of WWW.Whitehouse.Gov. The result should be something similar to: |
> www.whitehouse.gov
Server: dns.wlw.com
Address: 205.217.146.198
Non-authoritative answer:
Name: www.whitehouse.gov
Addresses: 198.137.240.92, 198.137.240.91
>
|
|
This tells you that the server is able to contact the rest of the Internet and resolve names by communicating with other DNS servers. To check your Reverse Arpa, enter the nslookup command "set q=any" to display all information that is given as a result of a query. Then enter the nslookup command "198.146.217.205.IN-ADDR.ARPA". On a system with the example configuration files, the result of this would be: |
> set q=any > 198.146.217.205.IN-ADDR.ARPA Server: dns.wlw.com Address: 205.217.146.198 198.146.217.205.IN-ADDR.ARPA name = dns.wlw.com 146.217.205.IN-ADDR.ARPA nameserver = dns.wlw.com 146.217.205.IN-ADDR.ARPA nameserver = ns1.berkeley.edu ns1.berkeley.edu internet address = 128.32.136.9 > |
|
This tells you that the reverse arpa setup is functioning properly and is resolving PTR lookups. To exit from the nslookup program use the command "exit".
SummaryThis is just an overview of setting up a DNS server, but should give the average user or administrator a good functional plan for installing a basic server. For a more detailed description of the DNS system, refer to the book "DNS and Bind" by Paul Albitz and Cricket Liu, published by O’Reilly & Associates. This book is the definitive documentation of the DNS system.
 Order it NOW! |
