Good times. Exciting times. Red Hat moved to the New York Stock Exchange (NYSE) today, and CEO Matthew Szulik rang the opening bell.
A timely move. With power comes an obligation to lead. Few technology companies are listed on the NYSE. We believe open source delivers a better, faster path to innovation. Given the opportunity to broadcast that message, we will. Others making strides in the same spirit will share the spotlight.
If you missed the first part, go get caught up. Then join us for more DNS and hostname goodness. Last time, we got you up and running. This time, see how you can manage all the hostnames in your domain with just a few DNS tricks.
Greetings faithful Fedora readers. And welcome to the first installment of Red Hat Magazine’s new regular column about Fedora. In the past, we’ve had the Fedora Status Report, which was basically a copy and paste of the most useful news items from FedoraNews.org, which is Fedora’s official news site run by Thomas Chung, and a site that I encourage you all to read. It’s on my RSS feed list.
I’ll still be using Fedora News as the basis of this column, but what I’m probably going to do is pick a smaller number of topics and write a little bit more about them.
“Spare change for Habitat? Got any spare change for Habitat?”
A student in pink pajama pants holds out a shiny metal cooking pot.
A girl with a messenger bag over one shoulder slows down, patting her pockets. The panhandler smiles. “All proceeds go to Habitat for Humanity of Wake County. Our goal is $18,000.” A few coins bounce off the bottom of the pan, and the benefactor continues on her way to class.
A dietary staple for millions around the world, peanuts have long required painstaking hand-shelling that has limited their potential as a cash crop for farmers in developing nations. But the Full Belly Project has made peanut shelling as easy as riding a bike by bringing their pedal-powered peanut sheller to tiny villages in remote corners of the world.
It would be impossible to fully describe every topic that was discussed at the 2006 Knowledge Symposium in Delhi, India, but this video is our best attempt. We spent every minute of the conference filming the conversations that happened around us. Packed into eight and half minutes are comments from Jimmy Wales (founder of Wikipedia), Dr. Vandana Shiva (from the Research Foundation for Science, Technology, and Ecology), Eben Moglen (of the Software Freedom Law Foundation)–even representitves from the governments of India and Sri Lanka.
When we talk about intellectual property rights and copyright at Red Hat, we’re usually talking about code–or music. The company ethos hinges on the idea that the free exchange of ideas will improve all things–from the education of children to the robustness of the kernel. Our focus is usually on technology. But not today.
Today we’re going to talk about knitting.
Red Hat’s customer service and support teams receive technical support questions from users all over the world. Red Hat technicians add the questions and answers to Red Hat Knowledgebase on a daily basis. Access to Red Hat Knowledgebase is free. Every month, Red Hat Magazine offers a preview into the Red Hat Knowledgebase by highlighting some of the most recent entries.
In the first part of this series on the Domain Name System (DNS), we set up a caching nameserver that allowed our clients to take advantage of faster network operations by caching frequently requested DNS queries. In this article, we will extend our caching nameserver to a master nameserver that is responsible for managing the authoritative information for our internal client hostnames.
As with our caching-only nameserver, we will see that BIND RPMS packaged by Red Hat® Enterprise Linux® and Fedora ease the process of configuring our master nameserver. Adding authoritative responsibility to the caching-only nameserver only requires us to add two more files and modify the existing named.conf file. For the purpose of this article we will assume the following:
hughes.lan as our internal domain name.
You might notice that we selected a mock top-level domain (sometimes referred as a TLD) named lan. Our internal domain name can be as creative as we wish since the domain is only known inside our home network. The naming convention for a public nameserver is not as relaxed, since we would need to follow certain rules that would allow our nameserver to respond to other nameservers requesting host information from around the world.
Nameservers store information about a domain namespace in files called zone data files. A zone data file contains all the resource records that describe the domain represented in the zone. The resource records further describe all the hosts in the zone. We will need to modify our existing named.conf to reference two zone files for our domain name:
Open /var/named/chroot/etc/named.conf and add the following forward and reverse zone file directives:
# Forward Zone for hughes.lan domain
zone "hughes.lan" IN {
type master;
file "hughes.lan.zone";
};
# Reverse Zone for hughes.lan domain
zone "15.168.192.in-addr.arpa" IN {
type master;
file "192.168.15.zone";
};
Both the forward and reverse zones contain the type master indicating that our nameserver is the master or primary nameserver for the hughes.lan domain. The file keyword indicates which zone file contains the resource records for the corresponding zone. Note that the reverse zone contains a special domain named in-addr-arpa. DNS uses this special domain to support IP to hostname mappings. Reverse lookups are backwards since the name is read from the leaf to the root (imagine a domain name as a tree structure) so the resultant domain name has the topmost element at the right-hand side. For a home network the reverse lookup zones can be considered optional but we will include them for completeness.
Included with the BIND RPMs is a root zone nameservers use when a query is unresolvable by any other configured zones. The root zone directive is named “.”, has a type of hint and references a file named named.ca that contains a list of 13 root name servers located around the world. We will not directly use the root servers since we are forwarding any unresolvable queries to our ISP nameservers.
We need to modify the named.conf global options to allow our internal clients to query the nameserver. Modify the existing global options block to the following:
acl hughes-lan { 192.168.15.0/24; 127.0/8; };
options {
directory "/var/named";
allow-query { hughes-lan; };
forwarders { xxx.xxx.xxx.xxx; xxx.xxx.xxx.xxx; }; # ISP primary/secondary
forward-only; # Rely completely on ISP for cache misses
};
The acl statement above sets up a range of IP addresses we can reference throughout the named.conf file. The allow-query specifies IP addresses of hosts that can query our nameserver. The forwarders statement tells our nameserver to forward any unresolvable queries to our upstream nameservers. The forward-only statement restricts our nameserver to only rely on our ISP nameservers and not contact other nameservers to find information that our ISP can not provide. It’s very rare for a primary and secondary ISP nameserver to be down at the same time but you can comment forward-only if you want your nameserver to try the root nameservers when the upstream ISP nameservers cannot resolve a hostname.
We are now ready to start defining our hostname mappings in the zone files we referenced in the named.conf configuration. Zone files need to be placed in the /var/named/chroot/var/named directory, have 644 permissions with an owner and group of named:
cd /var/named/chroot/var/named touch hughes.lan.zone chown named:named hughes.lan.zone chmod 644 hughes.lan.zone
Let’s take a look at an example zone file for the hughes.lan forward zone and then dive into the various parts:
$TTL 1D
hughes.lan. IN SOA velma.hughes.lan. foo.bar.tld. (
200612060 ; serial
2H ; refresh slaves
5M ; retry
1W ; expire
1M ; Negative TTL
)
@ IN NS velma.hughes.lan.
velma.hughes.lan. IN A 192.168.15.10 ; RHEL server
fred.hughes.lan. IN A 192.168.15.1 ; router
scooby.hughes.lan. IN A 192.168.15.2 ; upstairs WAP
shaggy.hughes.lan. IN A 192.168.15.3 ; downstairs WAP
scooby-dum.hughes.lan. IN A 192.168.15.4 ; Fedora desktop
daphne.hughes.lan. IN A 192.168.15.5 ; network printer
mysterymachine IN A 192.168.15.6 ; mail server
scrappy IN A 192.168.15.7 ; Windows box
; aliases
www IN CNAME velma.hughes.lan. ; WWW server
virtual IN CNAME velma ; virtual WWW tests
mail IN CNAME mysterymachine ; sendmail host
; DHCP Clients
dhcp01.hughes.lan. IN A 192.168.15.100
dhcp02.hughes.lan. IN A 192.168.15.101
dhcp03.hughes.lan. IN A 192.168.15.102
dhcp04.hughes.lan. IN A 192.168.15.103
dhcp05.hughes.lan. IN A 192.168.15.104
@ IN MX 10 mail.hughes.lan.
The very first line in the hughes.lan.zone contains the TTL (Time To Live) value and is set to one day. TTL is used by nameservers to know how long to cache nameserver responses. This value would have more meaning if our nameserver was public and had other external nameservers depending on our domain information. Notice the ‘D’ in the TTL value stands for Day. Bind also uses ‘W’ for weeks, ‘H’ for hours, and ‘M’ for minutes.
The first resource record is the SOA (Start Of Authority) Record which indicates that this nameserver is the best authoritative resource for the hughes.lan domain. The IN stands for Internet Class and is optional. The first hostname after the SOA is the name of our master or primary nameserver. The second name, “foo.bar.tld.”, is the email address for the person in charge of this zone. Notice the ‘@’ is replaced with a ‘.’ and also ends with a ‘.’. The third value is the serial number that indicates the current revision, typically in the YYYYMMDD format with a single digit at the end indicating the revision number for that day. The fourth, fifth, sixth, and seventh values can be ignored for the purposes of this article.
The NS record lists each authoritative nameserver for the current zone. Notice the first ‘@’ character in this line. The ‘@’ character is a short-hand way to reference the domain, hughes.lan, that was referenced in the named.conf configuration file for this zone.
The next block of A records contains our hostname to address mappings. The CNAME records act as aliases to previously defined A records. Notice how fully qualified domains end with a ‘.’. If the ‘.’ is omitted then the domain, hughes.lan, is appended to the hostname. In our example the hostname, scrappy, will become scrappy.hughes.lan
If you want to reference an internal mail server, then add a MX record that specifies a mail exchanger. The MX value “10″ in our example indicates the preference value (number between 0 and 65535) for this mail exchanger’s priority. Clients try the highest priorty exchanger first.
The reverse zone file, 192.168.15.zone, is similar to our forward zone but contains PTR records instead of A records:
$TTL 1D
@ IN SOA velma.hughes.lan. foo.bar.tld. (
200612060 ; serial
2H ; refresh slaves
5M ; retry
1W ; expire
1M ; Negative TTL
)
IN NS velma.hughes.lan.
10 IN PTR velma.hughes.lan.
1 IN PTR fred.hughes.lan.
2 IN PTR scooby.hughes.lan.
3 IN PTR shaggy.hughes.lan.
4 IN PTR scooby-dum.hughes.lan.
5 IN PTR daphne.hughes.lan.
6 IN PTR mysterymachine.hughes.lan.
7 IN PTR scrappy.hughes.lan.
100 IN PTR dhcp01.hughes.lan.
101 IN PTR dhcp02.hughes.lan.
102 IN PTR dhcp03.hughes.lan.
103 IN PTR dhcp04.hughes.lan.
104 IN PTR dhcp05.hughes.lan.
Save your zone files, make sure you have the correct permissions and check the syntax using named-checkzone:
named-checkzone hughes.lan hughes.lan.zone named-checkzone 15.168.192.in-addr.arpa 192.168.15.zone
Correct any syntax errors reported by named-checkzone.
Restart the nameserver:
service named restart
Browse through the tail of the /var/log/messages file and confirm the domain loaded successfully.
Make the following DNS queries (substituting your domain):
dig scooby.hughes.lan
dig -x 192.168.15.2
Your output should be similar to the following:
. . . ;; QUESTION SECTION: ;scooby.hughes.lan. IN A ;; ANSWER SECTION: scooby.hughes.lan. 86400 IN A 192.168.15.2 ;; AUTHORITY SECTION: hughes.lan. 86400 IN NS velma.hughes.lan. ;; ADDITIONAL SECTION: velma.hughes.lan. 86400 IN A 192.168.15.10 . . .
Continue to test each host you added to the zone file and then enjoy your new master nameserver.
The goal of this series of DNS articles was to pick the high-level features DNS can offer to improve the efficiency and management of the home network. In addition to the performance improvement we saw with the caching nameserver, the master nameserver helps manage both static and dynamic clients using human-friendly hostnames instead of IP addresses.
For readers interested in learning more about DNS or expanding the nameservers discussed in this series, checkout the following resources:
/usr/share/doc/bind-9.x.x
