Thursday, December 31, 2009




1. Name-to-IP address mapping
2. Name resolution for DNS clients
3. Caching-only server (Default)
4. Primary DNS server
5. Slave server
6. Replication of DNS database information between servers
7. Dynamic DNS updates
8. Provides numerous client tools: nslookup, dig, host


1. Installation of BIND on the remote system: linuxcbtserv4
•yum -y install bind

2. Setup service to auto-start at boot
•chkconfig --level 35 named on - enables the service in runlevels: 3,5

3. Configure a default, caching-only, named.conf file
•rpm -ql bind - to see samples
• cp /usr/share/doc/bind*/sample/* to /etc/ and /var/named
• Modify /etc/named.conf - disable DDNS_KeyGen sections
• Start the server - service named start

4. Query the server
•dig @localhost

Returns: question, answer, authoritative DNS servers, query time
•nslookup OR nslookup - server -

Note: The server has cached:, evidenced by the decrementing TTL values for the various records associated with the zone

•host - also performs a lookup

Note: /etc/resolv.conf controls the DNS servers that are consulted by lookup tools such as: Web browser, GFTP, LFTP, nslookup, dig, host, etc.
•dig MX - queries the domain for mail exchangers

Note: DNS is organized into an inverted tree, with '.' representing the root of the DNS tree. e.g.
•-. = root
• = top level
•-.linuxgenius = second level
•-mail = third level

Note: A trailing '.' in a DNS query is implied, and may optionally be indicated if desired in any standard Internet application (web browser, FTP client, wget, nslookup, dig, host, etc.)

Primary & Secondary Zones:
1. Ability to service zones
2. Authoritative support for a zone


1. Create internal zone named 'linuxcbt.internal'
•modify /etc/named.conf to include the new zone
zone "linuxcbt.internal"
type master;
#allow-update { key ddns_key; };
file "linuxcbt.internal.db";

• create the corresponding zone file
• restart named
• test resolution of DNS primary zone

Note: Install 'caching-nameserver*' for Caching-only DNS server

2. Create a slave (Secondary) server
•yum -y install bind
•copy sample files from primary server to secondary server
•modify /etc/named.conf and set 'linuxcbt.internal' zone to slave
•start named service - 'service named start'
•chkconfig --level 35 named on
•Update: /var/named/linuxcbt.internal.db to reflect new name server

3. Create a primary zone on the "secondary" server
•create a zone for: linuxcbt.external - in /etc/named.conf
•copy/create 'linuxcbt.external.db' zone file
•setup 'linuxcbtserv4' to be a slave for the zone: linuxcbt.external

4. Start 'named' as a caching-only DNS server (Default)
•service named start
•'dig @' - forces a caching-only lookup query

Forward IPv6 Records:
Implemented primarily as AAAA records:

linuxcbtserv1 IN AAAA 2002:4687:db25:3:202:b3ff:fe98:4108
linuxcbtserv4 IN AAAA 2002:4687:db25:3:20c:29ff:feb5:1692
linuxcbtmedia1 IN AAAA 2002:4687:db25:3:20a:5eff:fe1b:4aad
linuxcbtrouter1 IN AAAA 2002:4687:DB25:3:21A:2FFF:FEE3:F240

Test IPv6 resolution using:
1. ping6 linuxcbtrouter1.linuxcbt.internal
2. dig @ linuxcbtrouter1.linuxcbt.internal

Reverse Zones:
The ability to resolve a name, given an IPv4 or IPv6 address
1. Define an IPv4 reverse zone for the local subnet:
•Define zone name: '' - /etc/named.conf
•Update: /etc/named.conf
•Create zone file in: /var/named
•Update configuration
•Restart named
•test using 'dig -x'

Note: Reverse zones are built from the prefix in IPv4 subnets

IPv6 Reverse Zone:

1. /etc/named.conf entry
zone ""
type master;
file "";

Note: IPv6 reverse zone names are in nibble format, with ALL zeros expanded for the network prefix portion of the address, which is usually 64-bits in length

2. /var/named/zone_file
•Include entries using the last 64-bits or IPv6 host part
•d.a.a.4.b.1.e.f.f.f.e.5.a.0.2.0 IN PTR linuxcbtmedia1.linuxcbt.internal.

Note: When creating reverse IPv6 entries for hosts, do the following:
•reverse the 64-bit portion of the address that corresponds to the host, expanding all zeros
•Create PTR record based on the reverse, nibble-format of the address
Test using dig:
•dig -x 2002:4687:db25:3:20a:5eff:fe1b:4aad

No comments:

Post a Comment