Now to define our own domain. We're going to make the domain
freensd.bogus
and define machines in it. I use a totally bogus
domain name to make sure we disturb no-one Out There.
One more thing before we start: Not all characters are allowed in
host names. We're restricted to the characters of the English
alphabet: a-z, and numbers 0-9 and the character '-' (dash). Keep to
those characters (BIND 9 will not bug you if you break this rule, BIND
8 will). Upper and lower-case characters are the same for DNS, so
pat.uio.no
is identical to Pat.UiO.No
.
We've already started this part with this line in named.conf
:
zone "0.0.127.in-addr.arpa" { type master; file "localhost.rev"; };
Please note the lack of `.
' at the end of the domain names in
this file. This says that now we will define the zone
0.0.127.in-addr.arpa
, that we're the master server for it and
that it is stored in a file called localhost.rev
. We've already
set up this file, it reads:
$TTL 3D @ IN SOA ns.freebsd.bogus. hostmaster.freebsd.bogus. ( 1 ; Serial 8H ; Refresh 2H ; Retry 4W ; Expire 1D) ; Minimum TTL NS ns.freebsd.bogus. 1 PTR localhost.
Please note the `.
' at the end of all the full domain names in
this file, in contrast to the named.conf
file above. Some people
like to start each zone file with a $ORIGIN
directive, but
this is superfluous. The origin (where in the DNS hierarchy it
belongs) of a zone file is specified in the zone section of the
named.conf
file; in this case it's 0.0.127.in-addr.arpa
.
This `zone file' contains 3 `resource records' (RRs): A SOA RR. A NS RR and a PTR RR. SOA is short for Start Of Authority. The `@' is a special notation meaning the origin, and since the `domain' column for this file says 0.0.127.in-addr.arpa the first line really means
0.0.127.in-addr.arpa. IN SOA ...
NS is the Name Server RR. There is no '@' at the start of this line; it is implicit since the previous line started with a '@'. Saves some typing that. So the NS line could also be written
0.0.127.in-addr.arpa. IN NS ns.freebsd.bogus
It tells DNS what machine is the name server of the domain
0.0.127.in-addr.arpa
, it is ns.freebsd.bogus
. 'ns' is a
customary name for name-servers, but as with web servers who are
customarily named www.
something. The name may be anything.
And finally the PTR (Domain Name Pointer) record says that the host
at address 1 in the subnet 0.0.127.in-addr.arpa
, i.e., 127.0.0.1
is named localhost
.
The SOA record is the preamble to all zone files, and there
should be exactly one in each zone file, at the top (but after the
$TTL
directive). It describes the zone, where it comes from (a
machine called ns.freebsd.bogus
), who is responsible for its
contents (hostmaster@freebsd.bogus
; you should insert your e-mail
address here), what version of the zone file this is (serial: 1), and
other things having to do with caching and secondary DNS servers. For
the rest of the fields (refresh, retry, expire and minimum) use the
numbers used in this HOWTO and you should be safe. Before the SOA
comes a mandatory line, the $TTL 3D
line. Put it in all your
zone files.
Now restart your named (rndc stop; named
) and use dig
to
examine your handy work. -x
asks for the inverse query:
$ dig -x 127.0.0.1
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30944
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;1.0.0.127.in-addr.arpa. IN PTR
;; ANSWER SECTION:
1.0.0.127.in-addr.arpa. 259200 IN PTR localhost.
;; AUTHORITY SECTION:
0.0.127.in-addr.arpa. 259200 IN NS ns.freebsd.bogus.
;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Dec 23 03:02:39 2001
;; MSG SIZE rcvd: 91
So it manages to get localhost
from 127.0.0.1, good. Now for
our main task, the freebsd.bogus
domain, insert a new 'zone'
section in named.conf
:
zone "freebsd.bogus" { type master; notify no; file "pz/freebsd.bogus"; };
Note again the lack of ending `.
' on the domain name in the
named.conf
file.
In the freebsd.bogus
zone file we'll put some totally bogus
data:
; ; Zone file for freebsd.bogus ; ; The full zone file ; $TTL 3D @ IN SOA ns.freebsd.bogus. hostmaster.freebsd.bogus. ( 199802151 ; serial, todays date + todays serial # 8H ; refresh, seconds 2H ; retry, seconds 4W ; expire, seconds 1D ) ; minimum, seconds ; NS ns ; Inet Address of name server MX 10 mail.freebsd.bogus ; Primary Mail Exchanger MX 20 mail.friend.bogus. ; Secondary Mail Exchanger ; localhost A 127.0.0.1 ns A 192.168.196.2 mail A 192.168.196.4
Two things must be noted about the SOA record. ns.freebsd.bogus
must be a actual machine with a A record. It is not legal to
have a CNAME record for the machine mentioned in the SOA record. Its
name need not be `ns', it could be any legal host name. Next,
hostmaster.freebsd.bogus
should be read as hostmaster@freebsd.bogus.
This should be a mail alias, or a mailbox, where the person(s)
maintaining DNS should read mail frequently. Any mail regarding the
domain will be sent to the address listed here. The name need not be
`hostmaster', it can be your normal e-mail address, but the e-mail
address `hostmaster' is often expected to work as well.
There is one new RR type in this file, the MX, or Mail eXchanger
RR. It tells mail systems where to send mail that is addressed to
someone@freebsd.bogus
, namely to mail.freebsd.bogus
or
mail.friend.bogus
. The number before each machine name is that
MX RR's priority. The RR with the lowest number (10) is the one mail
should be sent to if possible. If that fails the mail can be sent to
one with a higher number, a secondary mail handler, i.e.,
mail.friend.bogus
which has priority 20 here.
Reload named by running rndc reload
. Examine the results
with dig
:
$ dig any freebsd.bogus
; <<>> DiG 9.1.3 <<>> any freebsd.bogus
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55239
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;freebsd.bogus. IN ANY
;; ANSWER SECTION:
freebsd.bogus. 259200 IN SOA ns.freebsd.bogus. \
hostmaster.freebsd.bogus. 199802151 28800 7200 2419200 86400
freebsd.bogus. 259200 IN NS ns.freebsd.bogus.
freebsd.bogus. 259200 IN MX 20 mail.friend.bogus.
freebsd.bogus. 259200 IN MX 10 mail.freebsd.bogus.freebsd.bogus.
;; AUTHORITY SECTION:
freebsd.bogus. 259200 IN NS ns.freebsd.bogus.
;; ADDITIONAL SECTION:
ns.freebsd.bogus. 259200 IN A 192.168.196.2
;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Dec 23 03:06:45 2001
;; MSG SIZE rcvd: 184
Upon careful examination you will discover a bug. The line
freebsd.bogus. 259200 IN MX 10 mail.freebsd.bogus.freebsd.bogus.
is all wrong. It should be
freebsd.bogus. 259200 IN MX 10 mail.freebsd.bogus.
I deliberately made a mistake so you could learn from it :-) Looking in the zone file we find this line:
MX 10 mail.freebsd.bogus ; Primary Mail Exchanger
It is missing a period. Or has a 'freebsd.bogus' too many. If a
machine name does not end in a period in a zone file the origin is
added to its end causing the double freebsd.bogus.freebsd.bogus
. So
either
MX 10 mail.freebsd.bogus. ; Primary Mail Exchanger
or
MX 10 mail ; Primary Mail Exchanger
is correct. I prefer the latter form, it's less to type. There are
some BIND experts that disagree, and some that agree with this. In a
zone file the domain should either be written out and ended with a
`.
' or it should not be included at all, in which case it
defaults to the origin.
I must stress that in the named.conf file there should not be
`.
's after the domain names. You have no idea how many times a
`.
' too many or few have fouled up things and confused the h*ll
out of people.
So having made my point here is the new zone file, with some extra information in it as well:
; ; Zone file for freebsd.bogus ; ; The full zone file ; $TTL 3D @ IN SOA ns.freebsd.bogus. hostmaster.freebsd.bogus. ( 199802151 ; serial, todays date + todays serial # 8H ; refresh, seconds 2H ; retry, seconds 4W ; expire, seconds 1D ) ; minimum, seconds ; TXT "FreeBSD.Bogus, your DNS consultants" NS ns ; Inet Address of name server NS ns.friend.bogus. MX 10 mail ; Primary Mail Exchanger MX 20 mail.friend.bogus. ; Secondary Mail Exchanger localhost A 127.0.0.1 gw A 192.168.196.1 TXT "The router" ns A 192.168.196.2 MX 10 mail MX 20 mail.friend.bogus. www CNAME ns donald A 192.168.196.3 MX 10 mail MX 20 mail.friend.bogus. TXT "DEK" mail A 192.168.196.4 MX 10 mail MX 20 mail.friend.bogus. ftp A 192.168.196.5 MX 10 mail MX 20 mail.friend.bogus.
CNAME (Canonical NAME) is a way to give each machine several names. So www is an alias for ns. CNAME record usage is a bit controversial. But it's safe to follow the rule that a MX, CNAME or SOA record should never refer to a CNAME record, they should only refer to something with an A record, so it is inadvisable to have
foobar CNAME www ; NO!
but correct to have
foobar CNAME ns ; Yes!
Load the new database by running rndc reload
, which causes
named to read its files again.
$ dig freebsd.bogus axfr
; <<>> DiG 9.1.3 <<>> freebsd.bogus axfr
;; global options: printcmd
freebsd.bogus. 259200 IN SOA ns.freebsd.bogus. hostmaster.freebsd.bogus. 199802151 28800 7200 2419200 86400
freebsd.bogus. 259200 IN NS ns.freebsd.bogus.
freebsd.bogus. 259200 IN MX 10 mail.freebsd.bogus.
freebsd.bogus. 259200 IN MX 20 mail.friend.bogus.
donald.freebsd.bogus. 259200 IN A 192.168.196.3
donald.freebsd.bogus. 259200 IN MX 10 mail.freebsd.bogus.
donald.freebsd.bogus. 259200 IN MX 20 mail.friend.bogus.
donald.freebsd.bogus. 259200 IN TXT "DEK"
ftp.freebsd.bogus. 259200 IN A 192.168.196.5
ftp.freebsd.bogus. 259200 IN MX 10 mail.freebsd.bogus.
ftp.freebsd.bogus. 259200 IN MX 20 mail.friend.bogus.
gw.freebsd.bogus. 259200 IN A 192.168.196.1
gw.freebsd.bogus. 259200 IN TXT "The router"
localhost.freebsd.bogus. 259200 IN A 127.0.0.1
mail.freebsd.bogus. 259200 IN A 192.168.196.4
mail.freebsd.bogus. 259200 IN MX 10 mail.freebsd.bogus.
mail.freebsd.bogus. 259200 IN MX 20 mail.friend.bogus.
ns.freebsd.bogus. 259200 IN MX 10 mail.freebsd.bogus.
ns.freebsd.bogus. 259200 IN MX 20 mail.friend.bogus.
ns.freebsd.bogus. 259200 IN A 192.168.196.2
www.freebsd.bogus. 259200 IN CNAME ns.freebsd.bogus.
freebsd.bogus. 259200 IN SOA ns.freebsd.bogus. hostmaster.freebsd.bogus. 199802151 28800 7200 2419200 86400
;; Query time: 41 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Dec 23 03:12:31 2001
;; XFR size: 23 records
That's good. As you see it looks a bit like the zone file itself.
Let's check what it says for www
alone:
$ dig www.freebsd.bogus
; <<>> DiG 9.1.3 <<>> www.freebsd.bogus
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16633
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;www.freebsd.bogus. IN A
;; ANSWER SECTION:
www.freebsd.bogus. 259200 IN CNAME ns.freebsd.bogus.
ns.freebsd.bogus. 259200 IN A 192.168.196.2
;; AUTHORITY SECTION:
freebsd.bogus. 259200 IN NS ns.freebsd.bogus.
;; Query time: 5 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Dec 23 03:14:14 2001
;; MSG SIZE rcvd: 80
In other words, the real name of www.freebsd.bogus
is
ns.freebsd.bogus
, and it gives you some of the information it has
about ns as well, enough to connect to it if you were a program.
Now we're halfway.