DNS and Linux
The Domain Name System was developed in 1984 for use on the Internet’s TCP/IP backbone. DNS was developed to allow scalable address resolution, meaning the mapping of a domain name to an IP address. Prior to DNS, a single file was used to hold all the information about the machines connected to the Internet, and each machine that acted as a forwarding server had to have this file updated as new machines were added to the network. DNS solved the update problem by providing a distributed database approach. (DNS is responsible for the .com, .net, and other domain name extensions we now take for granted.) If your network is connected to the Internet, you must use DNS either directly or through an ISP. Understanding how DNS works, and how you should configure your Linux systems to work with DNS, is the focus of this article.
Every machine on the Internet has a domain name, composed of the network name, perhaps a subnetwork name, and an identifier for each machine. For example, the machine brutus.develop.tpci.com means the “tpci.com” domain, the subnetwork “develop”, and the machine “brutus”. There can be only one machine on the entire Internet with this name. For each machine there is also an IP address, which is unique over the entire Internet as well. The IP address is used by most network services such as e-mail. You don’t usually bother entering the IP address into your e-mail “To:” fields, though, just a user and a domain name. The mapping between the domain name and the IP address is one task of DNS.
To understand the way DNS resolves domain names, we need to look at how DNS compares to the UNIX filesystem. DNS has a hierarchical structure just like a filesystem. The top level of DNS is called “.”, with a few subdirectories underneath it with the most popular domain extensions (.com, .net, .mil, .org, .edu, .gov and the foreign domains like .uk, .jp, and .dn). The machine name “brutus.develop.tpci.com.” (the trailing period is important here) is called a “fully qualified domain name” of FQDN. For DNS to resolve the FQDN it starts at the root “.” domain and moves down into the .com domain, then looks for a directory under that called “tpci”. From there, another subdirectory exists called “develop” (which may be hidden from DNS depending on how the tpci.com network is structured. Underneath that is a list of all the machines connected to that domain. DNS doesn’t actually keep track of all the individual machine, usually relying on the gateway machine for tpci.com to keep track of everything within the domain.
Along the Internet backbone (or on a network backbone), DNS servers maintain information about the machines and domains that are attached. These machines are called name servers. Name servers each have an area of the Internet or an internal network that they are responsible for. Each area is called a zone. The name server is said to have authority over that zone. Some name servers can have authority over multiple zones. In general there is a correlation between zones and domains, but this is not always true. For example, there are several zones for the .com domains, as there are so many of them. Also, there is far more information about all the .com domains that one of the name servers responsible for a small fraction of the domains needs, so it only keeps track of the domains in its zone. When a name server needs information about a domain outside its zone, it communicates with the name server responsible for that zone.
To complicate the picture, there are two types of name servers: primary masters and secondary masters (sometimes called a slave). A primary master name server has a complete list of all the domains or machines in its zone. A secondary master name server doesn’t have a complete list, relying on a partial list and queries with another machine to fill in what is missing as needed. The information about the zones are stored in “zone data files” also called db files (short for database files). The last part of this picture are resolvers. Resolvers are machines that connect to a name server to query the files for an IP address or a name resolution.
All of the information about a domain is maintained in resource records, or RRs. There are several classes of RRs, as well as several types of RRs within each class. Different RRs are used depending on the type of information to be stored.
One of the most important types of RR for name resolution purposes is called IN-ADDR-ARPA. This maps an IP address to a domain name. The IP address is actually read backwards (from machine to topmost domain) so the IP address 220.127.116.11 is actually stored as 18.104.22.168 in the RR. By reading the IP address from primary domain (205) to subdomain (105) to sub-subdomain (89) to machine (210), read right to left like a UNIX filename, the DNS system can resolve to a machine name.
Configuring a DNS Server
Why would you want a DNS server on your network? The most common reason is to handle the subdomains and machine identification of all incoming requests. You could let the Internet DNS system handle this for you, but that is seldom a good option for larger networks. Setting up your own DNS server for your network is not difficult, but it does require following a few steps to complete the task. Linux machines (as with most UNIX versions) are ideal for DNS server use, and the DNS server can reside on any workstation, including those in use by users or as application servers.
There are five files that need to be created or updated for most DNS purposes. These files are named.hosts (which defines the current domain as well as name to IP address mappings), named.rev (which use IN-ADDR-ARPA for IP address to name mappings), named.local (used for the loopback driver), named.ca (lists root domain servers), and names.boot or named.conf (provides file and database locations). The format for each of the five files follows RR formats, but instead of going through all the details, we’ll present sample files and let you modify them as you need. (If you need more details on resource records, a DNS or TCP/IP book should be able to provide all you need.)
The named.hosts file contains an RR called the Start of Authority (SOA), which indicates the domain name as well as a number of parameters for refreshing and retrying resolution attempts. Following the SOA RR is a Name Server (NS) RR which identified the name server for the network and subnetworks. Following the NS RR are several Address (A) RRs which define machine names and their IP addresses. These are used for name to IP address mapping. This is the named.hosts file from my Linux DNS server (I’ve changed the actual IP addresses for security reasons):
|; named.hosts files||; Start Of Authority RR||tpci.com. IN SOA merlin.tpci.com||root.merlin.tpci.com (||2 ; Serial number||7200 ; Refresh (2 hrs)||3600 ; Retry (1 hr)||151200 ; Expire (1 week)||86400 ); min TTL||;||; Name Service RRs||tpci.com IN NS merlin.tpci.com||develop.tpci.com IN NS goofy.develop.tpci.com||;||; Address RRs||artemis IN A 22.214.171.124||merlin IN A 126.96.36.199||windsor IN A 188.8.131.52||reverie IN A 184.108.40.206||bigcat IN A 220.127.116.11||pepper IN A 18.104.22.168
The named.rev file uses IN-ADDR-ARPA to resolve IP address to name mappings. The named.rev file uses a similar layout to the named.hosts file (it contains SOA and NS enries) but the Address RRs are replaced by Pointer (PTR) RRs. Here’s the named.rev file for my network:
|; named.rev files||; Start Of Authority RR||23.143.in-addr.arpa IN SOA merlin.tpci.com||root.merlin.tpci.com (||2 ; Serial number||7200 ; Refresh (2 hrs)||3600 ; Retry (1 hr)||151200 ; Expire (1 week)||86400 ); min TTL||;||; Name Service RRs||23.143.in-addr.arpa IN NS merlin.tpci.com||100.23.143.in-addr.arpa IN NS goofy.develop.tpci.com||;||; Address RRs||22.214.171.124.in-addr.arpa IN PTR merlin||126.96.36.199.in-addr.arpa IN PTR windsor||188.8.131.52.in-addr.arpa IN PTR reverie||184.108.40.206.in-addr.arpa IN PTR bigcat||220.127.116.11.in-addr.arpa IN PTR pepper
The named.local file is used for the loopback driver (which always has the IP address 127.0.0.l) and should be installed on each Linux machine that uses TCP/IP. The named.local file indicates the IN-ADDR-ARPA address of the loopback, and looks like this:
|; named.local files||; Start Of Authority RR||0.0.127.in-addr.arpa IN SOA merlin.tpci.com||root.merlin.tpci.com (||2 ; Serial number||7200 ; Refresh (2 hrs)||3600 ; Retry (1 hr)||151200 ; Expire (1 week)||86400 ); min TTL||;||; Name Service RR||0.0.127.in-addr.arpa IN NS merlin.tpci.com||;||; Address RR||18.104.22.168.in-addr.arpa IN PTR localhost|
|; named.ca||; servers for the root domain||;||. 99999999 IN NS ns.nic.ddn.mil.||99999999 IN NS ns.nasa.gov.||99999999 IN NS ns.internic.net||; servers by address||;||ns.nic.ddn.mil 99999999 IN A 22.214.171.124||ns.nasa.gov 99999999 IN A 126.96.36.199||ns.internic.net 99999999 IN A 188.8.131.52|
The final file on your DNS server is the named.boot file. It is used when the DNS daemon is loaded and specifies the primary and secondary name servers on the network. A named boot file looks like this:
|; named.boot||directory /usr/lib/named||primary tpci.com named.hosts||primary 25.143.in-addr.arpa named.rev||primary 0.0.127.in-addr.arpa named.local||cache named.ca|
Setting up DNS on your Linux servers takes a bit of time while you type all the information into these files. As you can image, if you have a couple of hundred machines on your network, you need to enter the information in both the named.hosts and named.rev files, which can take a while. Once done, through, you can maintain the files quite easily. There are some utilities available that will do a lot of the DNS setup work for you.
Running DNS on your local network will make the network function better, as it does not have to resort to name servers outside the network, and allows more flexibility for name to IP address mapping than an /etc/hosts file on each machine.