So I decided that it'd be nice to have local DNS. After all, I've gotten tired of having to use IPs to access our local web server, which is public and has public DNS. No problem. Well, unfortunately, I left my DNS/BIND book at work. But that's what the web is for. In moments, I had a caching DNS server set up on my linux box with a simple modification to the /etc/named.conf file. Aside: I recommend highly using RCS or the like to manage all system files. I don't know how many times I've wanted to go back and see something I did in the past and it got blown away - a prime example is IPs - and I hate host files that look like this: 192.168.1.17 myhost #199.26.158.200 myhost old network #38.24.141.117 myhost even older network They're a pain in the ass to read. But anyways, all I needed to do to set up a caching name server was add the following section to the options: forwarders { 204.60.0.2; 204.60.0.3; }; Since I have SNET DSL, and those are the SNET nameservers copied from my resolv.conf. Step one, check. Now the named.conf file looks like this: // Start of named.conf // options { directory "/var/named"; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; forwarders { 204.60.0.2; 204.60.0.3; }; }; There's more, but that's all that's relevant so far. Now, in order to actually USE this fine new definition, we need to modify the resolv.conf file and point at the local machine: search pslashg.org nameserver 192.168.1.172 nameserver 204.60.0.2 nameserver 204.60.0.3 First we need to stop and start the foolish thing: bonehead# /etc/init.d/named stop Stopping named: [ OK ] bonehead# /etc/init.d/named start Starting named: [ OK ] Now my local machine is first in the list. And for the moment of truth: bonehead# nslookup www.redhat.com Note: nslookup is deprecated and may be removed from future releases. Consider using the `dig' or `host' programs instead. Run nslookup with the `-sil[ent]' option to prevent this message from appearing. Server: 192.168.1.172 Address: 192.168.1.172#53 Non-authoritative answer: Name: www.redhat.com Address: 66.187.232.50 5 minutes, and I've got a caching DNS server. Yeah, I know. Big freakin' deal. But hey, got to start somewhere. So with my confidence buoyed by this easy task, I figure no problem to set up what I really want, DNS for my local network. I started with the man page for named - pretty clearly that was a mistake. But after a bit of poking around I came across a simple tutorial for setting up a second zone in named. First I added the section to the named.conf file. That was the easy part: zone "pslashg.org" IN { type master; file "pslashg.org.zone"; allow-update { none; }; }; The "pslashg.org" will be used in the zone file as the domain, and it will be configured in the zone file "pslashg.org.zone". Now to build a zone file. Apparently the default location for the zone files is in /var/named. So I copied the localhost one over as a start, since it's hard to fathom making one of these beasts from scratch. The Red Hat manual on BIND was reasonable in this respect: http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/ch-bind.html The section there on zone files was fairly clear. My copy didn't work at first, but when I removed the mysterious D1 on each line, it seemed to work out okay. Here's what I started with, the localhost.zone file: $TTL 86400 $ORIGIN localhost. @ 1D IN SOA @ root ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum 1D IN NS @ 1D IN A 127.0.0.1 While what I ended up with was this. Most notably, it seems that the $ORIGIN directive broke things. $TTL 86400 @ IN SOA bonehead.pslashg.org vool.pslashg.org ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum NS bonehead.pslashg.org IN A 192.168.1.243 bonehead IN A 192.168.1.172 Which seemed to work out okay. At first I got some weirdo nslookup errors: bonehead# nslookup bonehead.pslashg.org Server: 192.168.1.172 Address: 192.168.1.172#53 ** server can't find bonehead.pslashg.org: SERVFAIL ... but once I put in the NS entry for the name server, it seemed to be a lot happier. There was a comment in the manual about a trailing . after hostnames, but it worked as it was. More on that later. Okay, so it was time to add the remainder of the hosts. And how about a couple aliases and an MX record for mail: $TTL 86400 @ IN SOA bonehead.pslashg.org vool.pslashg.org ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum NS bonehead.pslashg.org MX 10 mail.pslashg.org IN A 192.168.1.243 localhost IN A 127.0.0.1 hoser IN A 192.168.1.70 ribhus IN A 192.168.1.101 feh IN A 192.168.1.165 monster IN A 192.168.1.166 pinhead IN A 192.168.1.167 laptop IN A 192.168.1.169 loser IN A 192.168.1.170 dingbat IN A 192.168.1.171 bonehead IN A 192.168.1.172 tivo IN A 192.168.1.180 geddy IN A 192.168.1.243 router IN A 192.168.1.254 ftp IN CNAME geddy mail IN CNAME geddy www IN CNAME geddy The first IN entry, without a host name, is what the base domain pslashg.org will resolve to. The aliases will also resolve to the same IP: ftp.pslashg.org, mail.pslashg.org, www.pslashg.org. Okay. So it's working, great. Now it was just a matter of configuring the other servers. So I change the resolv.conf on another machine to include the DNS IP, but hey! % nslookup bonehead.pslashg.org *** Can't find server name for address 192.168.1.172: Non-existent host/domain Server: ns1.snet.net Address: 204.60.0.2 Non-authoritative answer: Name: geddy.pslashg.org Address: 64.252.15.243 Aliases: bonehead.pslashg.org Well that's bizarre. Perhaps it can't reach the server? Well, an strace showed that it seemed to be reaching the socket. And I could telnet to port 53. After a bit more poking around in Google, I found an email commenting that nslookup gets quite upset when a DNS server doesn't know its own name. Aha! I needed a PTR record. But no, it can't be added to the pslashg.org zone file. After more searching, I found I needed to add another zone for reverse lookups. And it seems that there's a special naming convention, though I'm not sure what the practical effect was. So, time for another zone in the named.conf file: zone "1.168.192.in-addr.arpa" IN { type master; file "192.168.1"; allow-update { none; }; }; and a file named "192.168.1" in the /var/named directory: $TTL 86400 @ IN SOA bonehead.pslashg.org. vool.pslashg.org. ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum NS bonehead.pslashg.org 70 PTR hoser.pslashg.org 101 PTR ribhus.pslashg.org 165 PTR feh.pslashg.org 166 PTR monster.pslashg.org 167 PTR pinhead.pslashg.org 169 PTR laptop.pslashg.org 170 PTR loser.pslashg.org 171 PTR dingbat.pslashg.org 172 PTR bonehead.pslashg.org 180 PTR tivo.pslashg.org 243 PTR geddy.pslashg.org 254 PTR router.pslashg.org Okay. We've got our reverse lookups, the DNS lookup works, but what the hell's with the server name? % nslookup bonehead Server: bonehead.pslashg.org.1.168.192.in-addr.arpa Address: 192.168.1.172 Name: bonehead.pslashg.org Address: 192.168.1.172 Well, remember the trailing period? That's where it comes in. A trailing period specifies a fully qualified host name, while the lack of one will append the zone (as defined in the named.conf file). So without the trailing ., 192.168.1.172 is looked up as bonehead.pslashg.org but then the 1.168.192.in-addr.arpa is appended, so that it ends up as the monstrosity bonehead.pslashg.org.1.168.192.in-addr.arpa. Thankfully, putting the periods at the end fixes it: $TTL 86400 @ IN SOA bonehead.pslashg.org. vool.pslashg.org. ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum NS bonehead.pslashg.org. 70 PTR hoser.pslashg.org. 101 PTR ribhus.pslashg.org. 165 PTR feh.pslashg.org. 166 PTR monster.pslashg.org. 167 PTR pinhead.pslashg.org. 169 PTR laptop.pslashg.org. 170 PTR loser.pslashg.org. 171 PTR dingbat.pslashg.org. 172 PTR bonehead.pslashg.org. 180 PTR tivo.pslashg.org. 243 PTR geddy.pslashg.org. 254 PTR router.pslashg.org. And voila (or WALAH, as I saw recently :) we have working local DNS. % nslookup bonehead Server: bonehead.pslashg.org Address: 192.168.1.172 Name: bonehead.pslashg.org Address: 192.168.1.172 Some other notes: you probably don't have named started up as part of your boot sequence. On many current distributions, this involves linking the named startup script into the proper rc.d directories: # cd /etc/rc.d # ln -s /etc/init.d/named rc2.d/S59named # ln -s /etc/init.d/named rc3.d/S59named # ln -s /etc/init.d/named rc5.d/S59named ... or something similar. And be sure corresponding K59named links are created so it can be shut down as well. IN SUMMARY 1. Configure named as a caching server by adding a forwarders { ... } section to the named.conf file in the options { ... } section. 2. Add a zone entry to the named.conf file defining your domain name and the name of the zone file zone "your.domain" IN { type master; file "your.domain.zone"; allow-update { none; }; }; 3. Create the zone file, being sure to include the NS record, the default IN record, and any individual host IN records. 4. Create a second zone for reverse IP lookups. If your network is 1.2.3.X, it would be: zone "1.2.3.in-addr.arpa" IN { type master; file "1.2.3"; allow-update { none; }; }; 5. Create that zone file as well. This one will be a mess of PTR entries. Be sure to include the NS entry and to terminate host names with periods. Final versions of all of the files: ================================================================================ /etc/named.conf ================================================================================ // generated by named-bootconf.pl options { directory "/var/named"; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; forwarders { 204.60.0.2; 204.60.0.3; }; }; acl local-hosts { localnets; }; // // a caching only nameserver config // controls { inet 127.0.0.1 allow { localhost; } keys { rndckey; }; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "pslashg.org" IN { type master; file "pslashg.org.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; zone "1.168.192.in-addr.arpa" IN { type master; file "192.168.1"; allow-update { none; }; }; include "/etc/rndc.key"; ================================================================================ /var/named/pslashg.org.zone ================================================================================ $TTL 86400 @ IN SOA bonehead.pslashg.org vool.pslashg.org ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum NS bonehead.pslashg.org MX 10 mail.pslashg.org IN A 192.168.1.243 localhost IN A 127.0.0.1 hoser IN A 192.168.1.70 ribhus IN A 192.168.1.101 feh IN A 192.168.1.165 monster IN A 192.168.1.166 pinhead IN A 192.168.1.167 laptop IN A 192.168.1.169 loser IN A 192.168.1.170 dingbat IN A 192.168.1.171 bonehead IN A 192.168.1.172 tivo IN A 192.168.1.180 geddy IN A 192.168.1.243 router IN A 192.168.1.254 ftp IN CNAME geddy mail IN CNAME geddy www IN CNAME geddy ================================================================================ ================================================================================ /var/named/192.168.1 ================================================================================ $TTL 86400 @ IN SOA bonehead.pslashg.org. vool.pslashg.org. ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum NS bonehead.pslashg.org. 70 PTR hoser.pslashg.org. 101 PTR ribhus.pslashg.org. 165 PTR feh.pslashg.org. 166 PTR monster.pslashg.org. 167 PTR pinhead.pslashg.org. 169 PTR laptop.pslashg.org. 170 PTR loser.pslashg.org. 171 PTR dingbat.pslashg.org. 172 PTR bonehead.pslashg.org. 180 PTR tivo.pslashg.org. 243 PTR geddy.pslashg.org. 254 PTR router.pslashg.org. ================================================================================