Revision history for Tier0ServerConfig
Additions:
needs content....
Deletions:
@@=====1st ROUGH DRAFT=====@@
>>**This tutorial presumes that:**
~1)You have Bind 9 installed and it is being run in a chroot located at /var/named and that named.conf reside at /var/named/etc/namedb/named.conf,
~1) You have **rndc** working and know how to use it.
~1) Your server is configured as a Tier 2 server or //cache server//. See the Tier2ServerConfig
~1) You have read the main portions of the [[http://www.isc.org/index.pl?/sw/bind/arm94/index.php BIND 9 Administrator Reference Manual]] and that you comprehend the subtle difference between a "domain" and a "zone".
~1) You have at least one static IP Address
~1) You have a 24/7 DSL internet connection or better.
~1) You have both a mail server and a web server up an running. (this can all be done on a single machine if that is all you have)
>>A **Tier 0 Server** or **root server**, is any server that is an //authoritative name server// and can provide an IXFR/AXFR for the **root zone, "."**, and can be configured as either a **Primary Master** (//zone "type master;"//) or a **Secondary Master** (//zone "type slave;"//). This tutorial will be focused on configuring the //root zone// as, 1st) a **Primary Master** in the legacy DNS, and, 2nd) as both a **Primary Master**, and then a **Secondary Master** in the alt-DNS on Bind 9.
As a quick note: The term "Tier", while being used to describe a name server, is not a "type of name server", it is referring to a name server that is an //authoritative name server// for a particular "Zone". There is the single Tier 0 zone (or "Root Zone" - ie: **.** ), and then there are a few Tier 1 zones (or "Top Level Domain Zone" - ie **com. org. geek. oss. ukg.** etc...), and then there many Tier 2 zones (or Domain Name Zones - ie: **example.com.**).
Also note, before one sets up a Tier 0 zone on a server with an alt-root, you should know the basics of how it is done with the legacy root.
While your server will not be included in the legacy named.hint file by ICANN/IANA or have a Resource Record for the "." zone created for it in the root.zone file and will not //technically// be one of the root servers, it will function much like a root server for the legacy root would. By understanding the basics of how a legacy DNS root server is setup, it will make it easer to understand how we do this in the alt-root.
@@==Legacy Tier 0 Config ==@@
First, you will need the legacy root.zone file. You can get a current copy of this file from Internic.net at the following location:
ftp://rs.internic.net/domain/root.zone.gz
Once you have downloaded and gunzip'ed a copy of this file to the working directory of named (/var/named/etc/namedb/root.zone) take a look at it.
You will find that there are both Name Server (NS) records for "." and all the legacy Top Level Domains (both gTLDs and ccTLDs), and also A/AAAA records for all the NS hosts.
As you can see, this is not the [[ftp://rs.internic.net/domain/named.root named.hint/named.cache]] file that comes with Bind 9 normally used for the zone "." { type hint; } in named.conf.
Now it is time to edit the root zone "." in /var/named/etc/namedb/named.conf. It is presumed that you already have a working cache server setup and resolving domain names, and in named.conf you should have this:
%%(text;;named.conf)
options {
directory "/etc/namedb";
listen-on { 127.0.0.1; 10.0.0.1; 12.34.56.78; }; # use the correct lan IP address and your static IP address[es] here
allow-query { any; };
query-source address * port 53;
transfer-format many-answers;
multi-master yes;
recursion yes; # you may decide to disable this later, leave it alone for now.
provide-ixfr yes;
request-ixfr yes;
};
<... snip ...>
zone "." IN {
type hint;
file "named.hint";
};
<... snip ...>
%%
Make sure you add the above options if you don't have them, and change the above zone to this:
%%(text;;named.conf)
<... snip ...>
zone "." IN {
type master;
file "root.zone";
notify no;
};
<... snip ...>
%%
Now restart named, or if you have rndc configured (which you should), simply: rndc reload
You should now be able to:
$ dig @localhost ANY .
$ dig @localhost ANY com.
You should get output from dig that looks like this:
%%
$ dig @localhost ANY .
; <<>> DiG 9.3.3 <<>> @localhost ANY .
; (2 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54076
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;. IN ANY
;; ANSWER SECTION:
. 86400 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2008012701 1800 900 604800 86400
. 518400 IN NS L.ROOT-SERVERS.NET.
. 518400 IN NS M.ROOT-SERVERS.NET.
. 518400 IN NS A.ROOT-SERVERS.NET.
. 518400 IN NS B.ROOT-SERVERS.NET.
. 518400 IN NS C.ROOT-SERVERS.NET.
. 518400 IN NS D.ROOT-SERVERS.NET.
. 518400 IN NS E.ROOT-SERVERS.NET.
. 518400 IN NS F.ROOT-SERVERS.NET.
. 518400 IN NS G.ROOT-SERVERS.NET.
. 518400 IN NS H.ROOT-SERVERS.NET.
. 518400 IN NS I.ROOT-SERVERS.NET.
. 518400 IN NS J.ROOT-SERVERS.NET.
. 518400 IN NS K.ROOT-SERVERS.NET.
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jan 28 02:36:16 2008
;; MSG SIZE rcvd: 285
$ dig @localhost ANY com.
; <<>> DiG 9.3.3 <<>> @localhost ANY com.
; (2 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63776
;; flags: qr rd ra; QUERY: 1, ANSWER: 14, AUTHORITY: 13, ADDITIONAL: 0
;; QUESTION SECTION:
;com. IN ANY
;; ANSWER SECTION:
com. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1201513063 1800 900 604800 900
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
;; AUTHORITY SECTION:
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
;; Query time: 777 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jan 28 02:37:59 2008
;; MSG SIZE rcvd: 482
root#
%%
And now you have a functioning legacy DNS root server, *kind of*. ;-)
@@==alt-root Tier 0 Config ==@@
The next step is to transits to an alt-root and setup an alt-DNS root server. There are many ways to do this. For sake of simplicity, and to clarify why it is called the alt-root you need to comprehend that it is because we use an //alternative root zone file//.
Also, while setting up a TLD is gone into in more detail in the Tier1ServerConfig page you will need to have one setup for this to work, so in the following examples, it is going to be presumed that in addition to the root zone, that you also have a Top Level Domain for ".TEST", and that there is a zone "type master;" in named.conf for "TEST." AND that you have a minimum set of resource records for "TEST." in the TEST. zone file, "var/named/etc/namedb/master/TEST/TEST.db".
Edit named.conf and add the TEST. zone:
%%(text;;/var/named/etc/namedb/named.conf)
zone "." IN {
type master;
file "root.zone";
notify no;
};
zone "TEST." IN {
type master;
file "master/TEST/TEST.db";
};
%%
And to make the "TEST." zone work, here is a basic zone file that can be used //as is//. A more complex example of this file will be explained in the Tier1ServerConfig page, but for now, just grab this and save it as a plain text file in: /var/named/etc/namedb/master/TEST/TEST.db
%%(text;;/var/named/etc/namedb/master/TEST/TEST.db)
$TTL 1h
TEST. IN SOA ns0.dns.TEST. hostmaster.mail.dns.TEST. ( 2008000001 1800 900 604800 900 )
IN NS ns0.dns.TEST.
IN TXT ".TEST - Serving as an Example - http://www.dns.TEST"
dns.TEST. A 12.34.56.78 ; .TLD zone Primary Master Static IP address
dns.TEST. MX 10 mail.dns.TEST.
dns.TEST. TXT ".TEST - Serving as an Example - http://www.dns.TEST"
mail.dns.TEST. A 12.34.56.78 ; .TLD zone Primary Master Static IP address
ns0.dns.TEST. A 12.34.56.78 ; .TLD zone Primary Master Static IP address
MX 10 mail.dns.TEST.
TXT ".TEST - Serving as an Example - http://www.dns.TEST"
www.dns.TEST. CNAME ns0.dns.TEST.
%%
Now, before you restart named, you also need to edit /var/named/etc/namedb/root.zone and make ns0.dns.TEST the Source of Authority SOA. You CAN NOT use ICANN's root-servers because they know nothing about .TEST and will fail to resolve any domain names for the .TEST Top Level Domain. So fire up you favorite editor, and open /var/named/etc/namedb/root.zone.
The ONLY part of this file we are concerned with editing is the SOA and the root zone "." NS records (don't mess with anything else because we want our root server to be able to resolve domain names in the legacy DNS as well as additional TLDs in the alt-DNS - this is how we maintain "Universal Resolvability"):
%%(text;;/var/named/etc/namedb/root.zone)
. IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. (
2008012701 ;serial
1800 ;refresh every 30 min
900 ;retry every 15 min
604800 ;expire after a week
86400 ;minimum of a day
)
$TTL 518400
. NS A.ROOT-SERVERS.NET.
. NS B.ROOT-SERVERS.NET.
. NS C.ROOT-SERVERS.NET.
. NS D.ROOT-SERVERS.NET.
. NS E.ROOT-SERVERS.NET.
. NS F.ROOT-SERVERS.NET.
. NS G.ROOT-SERVERS.NET.
. NS H.ROOT-SERVERS.NET.
. NS I.ROOT-SERVERS.NET.
. NS J.ROOT-SERVERS.NET.
. NS K.ROOT-SERVERS.NET.
. NS L.ROOT-SERVERS.NET.
. NS M.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. A 198.41.0.4
H.ROOT-SERVERS.NET. A 128.63.2.53
C.ROOT-SERVERS.NET. A 192.33.4.12
G.ROOT-SERVERS.NET. A 192.112.36.4
<... snip ...>
%%
We simply delete all the ICANN/IANA ". NS *.ROOT-SERVER.NET" records, and change the above to look like this:
%%
. IN SOA ns0.dns.TEST. hostmaster.mail.dns.TEST. (
2008012702 ; serial
1800 ;refresh every 30 min
900 ;retry every 15 min
604800 ;expire after a week
86400 ;minimum of a day
)
$TTL 1h
. NS ns0.dns.TEST.
ns0.dns.TEST. A 12.34.56.78 ; This should be you Static IP Address
; START OF ICANN RESOURCE RECORDS - LEAVE THE REST OF THE FILE UNCHANGED
A.ROOT-SERVERS.NET. A 198.41.0.4
H.ROOT-SERVERS.NET. A 128.63.2.53
C.ROOT-SERVERS.NET. A 192.33.4.12
G.ROOT-SERVERS.NET. A 192.112.36.4
<... snip ...>
%%
Don't for get to increase the serial number by one and make sure you look very closely at all the details.
Now save the file and restart named.
Additions:
Also note, before one sets up a Tier 0 zone on a server with an alt-root, you should know the basics of how it is done with the legacy root.
Deletions:
Additions:
@@==by: Christopher Theodore: Rhodes==@@
Deletions:
@@====Root Server====@@
Additions:
We simply delete all the ICANN/IANA ". NS *.ROOT-SERVER.NET" records, and change the above to look like this:
; START OF ICANN RESOURCE RECORDS - LEAVE THE REST OF THE FILE UNCHANGED
Don't for get to increase the serial number by one and make sure you look very closely at all the details.
; START OF ICANN RESOURCE RECORDS - LEAVE THE REST OF THE FILE UNCHANGED
Don't for get to increase the serial number by one and make sure you look very closely at all the details.
Deletions:
; START OF ICANN RESOURCE RECORDS - DON'T CHANGE THESE OR THE REST OF THE FILE
Don't for get to increase the serial number by one.
Additions:
And to make the "TEST." zone work, here is a basic zone file that can be used //as is//. A more complex example of this file will be explained in the Tier1ServerConfig page, but for now, just grab this and save it as a plain text file in: /var/named/etc/namedb/master/TEST/TEST.db
Deletions:
Additions:
While your server will not be included in the legacy named.hint file by ICANN/IANA or have a Resource Record for the "." zone created for it in the root.zone file and will not //technically// be one of the root servers, it will function much like a root server for the legacy root would. By understanding the basics of how a legacy DNS root server is setup, it will make it easer to understand how we do this in the alt-root.
First, you will need the legacy root.zone file. You can get a current copy of this file from Internic.net at the following location:
ftp://rs.internic.net/domain/root.zone.gz
Once you have downloaded and gunzip'ed a copy of this file to the working directory of named (/var/named/etc/namedb/root.zone) take a look at it.
You will find that there are both Name Server (NS) records for "." and all the legacy Top Level Domains (both gTLDs and ccTLDs), and also A/AAAA records for all the NS hosts.
As you can see, this is not the [[ftp://rs.internic.net/domain/named.root named.hint/named.cache]] file that comes with Bind 9 normally used for the zone "." { type hint; } in named.conf.
Now it is time to edit the root zone "." in /var/named/etc/namedb/named.conf. It is presumed that you already have a working cache server setup and resolving domain names, and in named.conf you should have this:
recursion yes; # you may decide to disable this later, leave it alone for now.
You should now be able to:
$ dig @localhost ANY .
$ dig @localhost ANY com.
$ dig @localhost ANY .
$ dig @localhost ANY com.
The next step is to transits to an alt-root and setup an alt-DNS root server. There are many ways to do this. For sake of simplicity, and to clarify why it is called the alt-root you need to comprehend that it is because we use an //alternative root zone file//.
Also, while setting up a TLD is gone into in more detail in the Tier1ServerConfig page you will need to have one setup for this to work, so in the following examples, it is going to be presumed that in addition to the root zone, that you also have a Top Level Domain for ".TEST", and that there is a zone "type master;" in named.conf for "TEST." AND that you have a minimum set of resource records for "TEST." in the TEST. zone file, "var/named/etc/namedb/master/TEST/TEST.db".
Edit named.conf and add the TEST. zone:
And to make the "TEST." zone work, here is a basic zone file that can be used //as is//. A more complex example of this file will be explained in the Tier1ServerSetup but for now, just grab this and save it as a plain text file in: /var/named/etc/namedb/master/TEST/TEST.db
Now, before you restart named, you also need to edit /var/named/etc/namedb/root.zone and make ns0.dns.TEST the Source of Authority SOA. You CAN NOT use ICANN's root-servers because they know nothing about .TEST and will fail to resolve any domain names for the .TEST Top Level Domain. So fire up you favorite editor, and open /var/named/etc/namedb/root.zone.
The ONLY part of this file we are concerned with editing is the SOA and the root zone "." NS records (don't mess with anything else because we want our root server to be able to resolve domain names in the legacy DNS as well as additional TLDs in the alt-DNS - this is how we maintain "Universal Resolvability"):
We simply delete all the ". NS *.ROOT-SERVER.NET" records, and change the above to:
ns0.dns.TEST. A 12.34.56.78 ; This should be you Static IP Address
First, you will need the legacy root.zone file. You can get a current copy of this file from Internic.net at the following location:
ftp://rs.internic.net/domain/root.zone.gz
Once you have downloaded and gunzip'ed a copy of this file to the working directory of named (/var/named/etc/namedb/root.zone) take a look at it.
You will find that there are both Name Server (NS) records for "." and all the legacy Top Level Domains (both gTLDs and ccTLDs), and also A/AAAA records for all the NS hosts.
As you can see, this is not the [[ftp://rs.internic.net/domain/named.root named.hint/named.cache]] file that comes with Bind 9 normally used for the zone "." { type hint; } in named.conf.
Now it is time to edit the root zone "." in /var/named/etc/namedb/named.conf. It is presumed that you already have a working cache server setup and resolving domain names, and in named.conf you should have this:
recursion yes; # you may decide to disable this later, leave it alone for now.
You should now be able to:
$ dig @localhost ANY .
$ dig @localhost ANY com.
$ dig @localhost ANY .
$ dig @localhost ANY com.
The next step is to transits to an alt-root and setup an alt-DNS root server. There are many ways to do this. For sake of simplicity, and to clarify why it is called the alt-root you need to comprehend that it is because we use an //alternative root zone file//.
Also, while setting up a TLD is gone into in more detail in the Tier1ServerConfig page you will need to have one setup for this to work, so in the following examples, it is going to be presumed that in addition to the root zone, that you also have a Top Level Domain for ".TEST", and that there is a zone "type master;" in named.conf for "TEST." AND that you have a minimum set of resource records for "TEST." in the TEST. zone file, "var/named/etc/namedb/master/TEST/TEST.db".
Edit named.conf and add the TEST. zone:
And to make the "TEST." zone work, here is a basic zone file that can be used //as is//. A more complex example of this file will be explained in the Tier1ServerSetup but for now, just grab this and save it as a plain text file in: /var/named/etc/namedb/master/TEST/TEST.db
Now, before you restart named, you also need to edit /var/named/etc/namedb/root.zone and make ns0.dns.TEST the Source of Authority SOA. You CAN NOT use ICANN's root-servers because they know nothing about .TEST and will fail to resolve any domain names for the .TEST Top Level Domain. So fire up you favorite editor, and open /var/named/etc/namedb/root.zone.
The ONLY part of this file we are concerned with editing is the SOA and the root zone "." NS records (don't mess with anything else because we want our root server to be able to resolve domain names in the legacy DNS as well as additional TLDs in the alt-DNS - this is how we maintain "Universal Resolvability"):
We simply delete all the ". NS *.ROOT-SERVER.NET" records, and change the above to:
ns0.dns.TEST. A 12.34.56.78 ; This should be you Static IP Address
Deletions:
First, you will need the legacy root.zone file. You can get a current copy of this file from Internic.net at the following location: ftp://rs.internic.net/domain/root.zone.gz
Once you have downloaded and gunzip'ed a copy of this file to the working directory of named (/var/named/etc/namedb/root.zone) take a look at it. You will find that there are A/AAAA records and NS records for all the legacy TLDs (both gTLDs and ccTLDs).
As you can see, this is not the [[ftp://rs.internic.net/domain/named.root named.hint/named.cache]] file that comes with Bind 9 used for the "type hint;" config for the Tier 0 zone.
Now it is time to edit the zone "." root in /var/named/etc/namedb/named.conf. It is presumed that you already have a working cache server setup and resolving domain names and in named.conf you will have an entry that looks like this:
pid-file "/var/run/named/pid";
version "BIND - alt-DNS";
recursion yes; # you may decide later to disable this, leave it alone for now.
You should now be able to: dig @localhost ANY . ; dig @localhost ANY com.
root# dig @localhost ANY .
root# dig @localhost ANY com.
The next step to transist to an alt-root and setup an alt-DNS root server. There are many ways to do this. For sake of simplicity, and to clarify why it is called the alt-root you need to comprehend that it is because we use an alternative root zone file.
While the setting up a TLD is gone into in more detail in the Tier1ServerSetup page we need to have one setup for this to work, so in the following examples, it is going to be presumed that in addition to the root zone, that you also have a Top Level Domain for ".TEST", and that there is a zone "type master;" in named.conf for "TEST." AND that you have a minimum set of resource records for "TEST." in the zone file, "var/named/etc/namedb/master/TEST/TEST.db".
To make the "TEST." zone work here is a basic file that can be used as is. A more complex example of this file will be explained in the Tier1ServerSetup but for now just grab this and save it as a plain text file: /var/named/etc/namedb/master/TEST/TEST.db
Now, before you restart named, you need to edit root.zone and make ns0.dns.TEST the Source of Authority SOA. You can not use ICANNS root-servers because they know nothing about .TEST and will fail to resolve any domain names for the .TEST Top Level Domain. So fire up you favorite editor, and open /var/named/etc/namedb/root.zone.
The ONLY part of this file we are concerned with editing is the SOA and the root zone "." NS records (don't mess with anything else because we want our root server to be able to resolve domain names in the legacy root as well as additional TLDs for the alt-root - this is how we maintain "Universal Resolvability"):
We simply change the above to:
ns0.dns.TEST. A 12.34.56.78
Additions:
>>A **Tier 0 Server** or **root server**, is any server that is an //authoritative name server// and can provide an IXFR/AXFR for the **root zone, "."**, and can be configured as either a **Primary Master** (//zone "type master;"//) or a **Secondary Master** (//zone "type slave;"//). This tutorial will be focused on configuring the //root zone// as, 1st) a **Primary Master** in the legacy DNS, and, 2nd) as both a **Primary Master**, and then a **Secondary Master** in the alt-DNS on Bind 9.
Deletions:
Additions:
@@====Root Server====@@
Deletions:
Additions:
Now it is time to edit the zone "." root in /var/named/etc/namedb/named.conf. It is presumed that you already have a working cache server setup and resolving domain names and in named.conf you will have an entry that looks like this:
options {
directory "/etc/namedb";
pid-file "/var/run/named/pid";
version "BIND - alt-DNS";
listen-on { 127.0.0.1; 10.0.0.1; 12.34.56.78; }; # use the correct lan IP address and your static IP address[es] here
allow-query { any; };
query-source address * port 53;
transfer-format many-answers;
multi-master yes;
recursion yes; # you may decide later to disable this, leave it alone for now.
provide-ixfr yes;
request-ixfr yes;
Make sure you add the above options if you don't have them, and change the above zone to this:
Now restart named, or if you have rndc configured (which you should), simply: rndc reload
And now you have a functioning legacy DNS root server, *kind of*. ;-)
The next step to transist to an alt-root and setup an alt-DNS root server. There are many ways to do this. For sake of simplicity, and to clarify why it is called the alt-root you need to comprehend that it is because we use an alternative root zone file.
While the setting up a TLD is gone into in more detail in the Tier1ServerSetup page we need to have one setup for this to work, so in the following examples, it is going to be presumed that in addition to the root zone, that you also have a Top Level Domain for ".TEST", and that there is a zone "type master;" in named.conf for "TEST." AND that you have a minimum set of resource records for "TEST." in the zone file, "var/named/etc/namedb/master/TEST/TEST.db".
%%(text;;/var/named/etc/namedb/named.conf)
zone "TEST." IN {
file "master/TEST/TEST.db";
To make the "TEST." zone work here is a basic file that can be used as is. A more complex example of this file will be explained in the Tier1ServerSetup but for now just grab this and save it as a plain text file: /var/named/etc/namedb/master/TEST/TEST.db
%%(text;;/var/named/etc/namedb/master/TEST/TEST.db)
$TTL 1h
TEST. IN SOA ns0.dns.TEST. hostmaster.mail.dns.TEST. ( 2008000001 1800 900 604800 900 )
IN NS ns0.dns.TEST.
IN TXT ".TEST - Serving as an Example - http://www.dns.TEST"
dns.TEST. A 12.34.56.78 ; .TLD zone Primary Master Static IP address
dns.TEST. MX 10 mail.dns.TEST.
dns.TEST. TXT ".TEST - Serving as an Example - http://www.dns.TEST"
mail.dns.TEST. A 12.34.56.78 ; .TLD zone Primary Master Static IP address
ns0.dns.TEST. A 12.34.56.78 ; .TLD zone Primary Master Static IP address
MX 10 mail.dns.TEST.
TXT ".TEST - Serving as an Example - http://www.dns.TEST"
www.dns.TEST. CNAME ns0.dns.TEST.
Now, before you restart named, you need to edit root.zone and make ns0.dns.TEST the Source of Authority SOA. You can not use ICANNS root-servers because they know nothing about .TEST and will fail to resolve any domain names for the .TEST Top Level Domain. So fire up you favorite editor, and open /var/named/etc/namedb/root.zone.
The ONLY part of this file we are concerned with editing is the SOA and the root zone "." NS records (don't mess with anything else because we want our root server to be able to resolve domain names in the legacy root as well as additional TLDs for the alt-root - this is how we maintain "Universal Resolvability"):
%%(text;;/var/named/etc/namedb/root.zone)
A.ROOT-SERVERS.NET. A 198.41.0.4
H.ROOT-SERVERS.NET. A 128.63.2.53
C.ROOT-SERVERS.NET. A 192.33.4.12
G.ROOT-SERVERS.NET. A 192.112.36.4
. IN SOA ns0.dns.TEST. hostmaster.mail.dns.TEST. (
2008012702 ; serial
. NS ns0.dns.TEST.
ns0.dns.TEST. A 12.34.56.78
; START OF ICANN RESOURCE RECORDS - DON'T CHANGE THESE OR THE REST OF THE FILE
A.ROOT-SERVERS.NET. A 198.41.0.4
H.ROOT-SERVERS.NET. A 128.63.2.53
C.ROOT-SERVERS.NET. A 192.33.4.12
G.ROOT-SERVERS.NET. A 192.112.36.4
Don't for get to increase the serial number by one.
Now save the file and restart named.
options {
directory "/etc/namedb";
pid-file "/var/run/named/pid";
version "BIND - alt-DNS";
listen-on { 127.0.0.1; 10.0.0.1; 12.34.56.78; }; # use the correct lan IP address and your static IP address[es] here
allow-query { any; };
query-source address * port 53;
transfer-format many-answers;
multi-master yes;
recursion yes; # you may decide later to disable this, leave it alone for now.
provide-ixfr yes;
request-ixfr yes;
Make sure you add the above options if you don't have them, and change the above zone to this:
Now restart named, or if you have rndc configured (which you should), simply: rndc reload
And now you have a functioning legacy DNS root server, *kind of*. ;-)
The next step to transist to an alt-root and setup an alt-DNS root server. There are many ways to do this. For sake of simplicity, and to clarify why it is called the alt-root you need to comprehend that it is because we use an alternative root zone file.
While the setting up a TLD is gone into in more detail in the Tier1ServerSetup page we need to have one setup for this to work, so in the following examples, it is going to be presumed that in addition to the root zone, that you also have a Top Level Domain for ".TEST", and that there is a zone "type master;" in named.conf for "TEST." AND that you have a minimum set of resource records for "TEST." in the zone file, "var/named/etc/namedb/master/TEST/TEST.db".
%%(text;;/var/named/etc/namedb/named.conf)
zone "TEST." IN {
file "master/TEST/TEST.db";
To make the "TEST." zone work here is a basic file that can be used as is. A more complex example of this file will be explained in the Tier1ServerSetup but for now just grab this and save it as a plain text file: /var/named/etc/namedb/master/TEST/TEST.db
%%(text;;/var/named/etc/namedb/master/TEST/TEST.db)
$TTL 1h
TEST. IN SOA ns0.dns.TEST. hostmaster.mail.dns.TEST. ( 2008000001 1800 900 604800 900 )
IN NS ns0.dns.TEST.
IN TXT ".TEST - Serving as an Example - http://www.dns.TEST"
dns.TEST. A 12.34.56.78 ; .TLD zone Primary Master Static IP address
dns.TEST. MX 10 mail.dns.TEST.
dns.TEST. TXT ".TEST - Serving as an Example - http://www.dns.TEST"
mail.dns.TEST. A 12.34.56.78 ; .TLD zone Primary Master Static IP address
ns0.dns.TEST. A 12.34.56.78 ; .TLD zone Primary Master Static IP address
MX 10 mail.dns.TEST.
TXT ".TEST - Serving as an Example - http://www.dns.TEST"
www.dns.TEST. CNAME ns0.dns.TEST.
Now, before you restart named, you need to edit root.zone and make ns0.dns.TEST the Source of Authority SOA. You can not use ICANNS root-servers because they know nothing about .TEST and will fail to resolve any domain names for the .TEST Top Level Domain. So fire up you favorite editor, and open /var/named/etc/namedb/root.zone.
The ONLY part of this file we are concerned with editing is the SOA and the root zone "." NS records (don't mess with anything else because we want our root server to be able to resolve domain names in the legacy root as well as additional TLDs for the alt-root - this is how we maintain "Universal Resolvability"):
%%(text;;/var/named/etc/namedb/root.zone)
A.ROOT-SERVERS.NET. A 198.41.0.4
H.ROOT-SERVERS.NET. A 128.63.2.53
C.ROOT-SERVERS.NET. A 192.33.4.12
G.ROOT-SERVERS.NET. A 192.112.36.4
. IN SOA ns0.dns.TEST. hostmaster.mail.dns.TEST. (
2008012702 ; serial
. NS ns0.dns.TEST.
ns0.dns.TEST. A 12.34.56.78
; START OF ICANN RESOURCE RECORDS - DON'T CHANGE THESE OR THE REST OF THE FILE
A.ROOT-SERVERS.NET. A 198.41.0.4
H.ROOT-SERVERS.NET. A 128.63.2.53
C.ROOT-SERVERS.NET. A 192.33.4.12
G.ROOT-SERVERS.NET. A 192.112.36.4
Don't for get to increase the serial number by one.
Now save the file and restart named.
Deletions:
Simply change above to this:
Now restart named, or if you have rndc configured, simply: rndc reconfig
And now you have a legacy DNS root server... and yes. It really is this simple.
So now it is time to look at an alt-root Tier 0 zone configuration. There are many ways to do this. For sake of simplicity, and to clarify why it is called the alt-root you need to comprehend that it is because we use an alternative root zone file.
In the following examples, it is going to be presumed that in addition to the root zone, that you also have a Top Level Domain for ".TLD", and that there is a zone "type master;" in named.conf for .TLD AND that you have a minimum set of resource records for .TLD in the zone file, i.e.:
zone "TLD." IN {
file "master/TLD.db";
%%(text;;/var/named/etc/namedb/master/TLD.db)
$TTL 1d
TLD. IN SOA ns0.dns.TLD. hostmaster.mail.dns.TLD. ( 2008012512 1800 900 604800 900 )
IN NS ns0.dns.TLD.
IN TXT ".TLD - Serving as an Example - http://www.dns.TLD"
dns.TLD. A xxx.xxx.xxx.xxx ; .TLD zone Primary Master Static IP address
dns.TLD. MX 10 mail.dns.ukg.
dns.TLD. TXT ".TLD - Serving as an Example - http://www.dns.TLD"
mail.dns.TLD. A xxx.xxx.xxx.xxx ; .TLD zone Primary Master Static IP address
ns0.dns.TLD. A xxx.xxx.xxx.xxx ; .TLD zone Primary Master Static IP address
MX 10 mail.dns.ukg.
TXT ".TLD - Serving as an Example - http://www.dns.TLD"
www.dns.TLD. CNAME ns0.dns.TLD.
Now, we are going to edit root.zone and make ns0.dns.TLD the Source of Authority SOA, so fire up you favorite editor, and open root.zone.
The ONLY part of this file we are concerned with editing is the SOA and the root zone "." NS records (don't mess with anything else):
. IN SOA ns0.dns.TLD. hostmaster.mail.dns.TLD. (
. NS ns0.dns.TLD.
ns0.dns.TLD. A xxx.xxx.xxx.xxx
Additions:
@@=====Tier 0 Server Configuration=====@@
@@====Root Server Configuration====@@
@@=====1st ROUGH DRAFT=====@@
>>**This tutorial presumes that:**
~1)You have Bind 9 installed and it is being run in a chroot located at /var/named and that named.conf reside at /var/named/etc/namedb/named.conf,
~1) You have **rndc** working and know how to use it.
~1) Your server is configured as a Tier 2 server or //cache server//. See the Tier2ServerConfig
~1) You have read the main portions of the [[http://www.isc.org/index.pl?/sw/bind/arm94/index.php BIND 9 Administrator Reference Manual]] and that you comprehend the subtle difference between a "domain" and a "zone".
~1) You have at least one static IP Address
~1) You have a 24/7 DSL internet connection or better.
~1) You have both a mail server and a web server up an running. (this can all be done on a single machine if that is all you have)
>>A **Tier 0 Server** or **root server**, is any server that is an //authoritative name server// and can provide an IXFR/AXFR for the **root zone, "."**, and can be configured as either a **Primary Master** (//zone "type master;"//) or a **Secondary Masters** (//zone "type slave;"//). This tutorial will be focused on configuring the //root zone// as, 1st) a **Primary Master** in the legacy DNS, and, 2nd) as both a **Primary Master**, and then a **Secondary Master** in the alt-DNS on Bind 9.
As a quick note: The term "Tier", while being used to describe a name server, is not a "type of name server", it is referring to a name server that is an //authoritative name server// for a particular "Zone". There is the single Tier 0 zone (or "Root Zone" - ie: **.** ), and then there are a few Tier 1 zones (or "Top Level Domain Zone" - ie **com. org. geek. oss. ukg.** etc...), and then there many Tier 2 zones (or Domain Name Zones - ie: **example.com.**).
Also note, before one sets up a Tier 0 zone on a server in the alt-root, you should know the basics of how it is done in the legacy root.
While your server will not be included in the legacy named.hint file by ICANN/IANA or have a Resource Record for the "." zone (root zone or Tier 0 zone) created for it and will not //technically// be one of the root servers, it will function much like a root server for the legacy root would. By understanding the basics of how a legacy DNS root server is setup, it will make it easer to understand how we do this in the alt-root.
@@====Root Server Configuration====@@
@@=====1st ROUGH DRAFT=====@@
>>**This tutorial presumes that:**
~1)You have Bind 9 installed and it is being run in a chroot located at /var/named and that named.conf reside at /var/named/etc/namedb/named.conf,
~1) You have **rndc** working and know how to use it.
~1) Your server is configured as a Tier 2 server or //cache server//. See the Tier2ServerConfig
~1) You have read the main portions of the [[http://www.isc.org/index.pl?/sw/bind/arm94/index.php BIND 9 Administrator Reference Manual]] and that you comprehend the subtle difference between a "domain" and a "zone".
~1) You have at least one static IP Address
~1) You have a 24/7 DSL internet connection or better.
~1) You have both a mail server and a web server up an running. (this can all be done on a single machine if that is all you have)
>>A **Tier 0 Server** or **root server**, is any server that is an //authoritative name server// and can provide an IXFR/AXFR for the **root zone, "."**, and can be configured as either a **Primary Master** (//zone "type master;"//) or a **Secondary Masters** (//zone "type slave;"//). This tutorial will be focused on configuring the //root zone// as, 1st) a **Primary Master** in the legacy DNS, and, 2nd) as both a **Primary Master**, and then a **Secondary Master** in the alt-DNS on Bind 9.
As a quick note: The term "Tier", while being used to describe a name server, is not a "type of name server", it is referring to a name server that is an //authoritative name server// for a particular "Zone". There is the single Tier 0 zone (or "Root Zone" - ie: **.** ), and then there are a few Tier 1 zones (or "Top Level Domain Zone" - ie **com. org. geek. oss. ukg.** etc...), and then there many Tier 2 zones (or Domain Name Zones - ie: **example.com.**).
Also note, before one sets up a Tier 0 zone on a server in the alt-root, you should know the basics of how it is done in the legacy root.
While your server will not be included in the legacy named.hint file by ICANN/IANA or have a Resource Record for the "." zone (root zone or Tier 0 zone) created for it and will not //technically// be one of the root servers, it will function much like a root server for the legacy root would. By understanding the basics of how a legacy DNS root server is setup, it will make it easer to understand how we do this in the alt-root.
Deletions:
@@====Root Server Setup====@@
@@===''DRAFT''===@@
So you want to run an alt-root Root Server?
There are 2 kinds of Tier 0 (or root server) configurations. One for the legacy root, and one for the alternative root (alt-root). And there are 2 kinds of alt-root setups for the root zone, as a Primary Master (zone "type master;") or as a Secondary Master (zone "type slave;")
Before one sets up a Tier 0 zone on a server in the alt-root, you should know the basics of how it is done in the legacy root.
While your server will not be included in the legacy named.hint file by ICANN/IANA or have a Resource Record for the "." zone (root zone or Tier 0 zone) created for it, it will function much like a root server for the legacy root would. By understanding the basics of how a legacy DNS root server is setup, it will make it easer to understand how we do this in the alt-root.
Additions:
@@=====Tier 0 Configuration=====@@
@@==aka==@@
@@====Root Server Setup====@@
So you want to run an alt-root Root Server?
There are 2 kinds of Tier 0 (or root server) configurations. One for the legacy root, and one for the alternative root (alt-root). And there are 2 kinds of alt-root setups for the root zone, as a Primary Master (zone "type master;") or as a Secondary Master (zone "type slave;")
Before one sets up a Tier 0 zone on a server in the alt-root, you should know the basics of how it is done in the legacy root.
In the following examples, it is going to be presumed that in addition to the root zone, that you also have a Top Level Domain for ".TLD", and that there is a zone "type master;" in named.conf for .TLD AND that you have a minimum set of resource records for .TLD in the zone file, i.e.:
zone "TLD." IN {
file "master/TLD.db";
%%(text;;/var/named/etc/namedb/master/TLD.db)
$TTL 1d
TLD. IN SOA ns0.dns.TLD. hostmaster.mail.dns.TLD. ( 2008012512 1800 900 604800 900 )
IN NS ns0.dns.TLD.
IN TXT ".TLD - Serving as an Example - http://www.dns.TLD"
dns.TLD. A xxx.xxx.xxx.xxx ; .TLD zone Primary Master Static IP address
dns.TLD. MX 10 mail.dns.ukg.
dns.TLD. TXT ".TLD - Serving as an Example - http://www.dns.TLD"
mail.dns.TLD. A xxx.xxx.xxx.xxx ; .TLD zone Primary Master Static IP address
ns0.dns.TLD. A xxx.xxx.xxx.xxx ; .TLD zone Primary Master Static IP address
MX 10 mail.dns.ukg.
TXT ".TLD - Serving as an Example - http://www.dns.TLD"
www.dns.TLD. CNAME ns0.dns.TLD.
Now, we are going to edit root.zone and make ns0.dns.TLD the Source of Authority SOA, so fire up you favorite editor, and open root.zone.
The ONLY part of this file we are concerned with editing is the SOA and the root zone "." NS records (don't mess with anything else):
. NS A.ROOT-SERVERS.NET.
. NS B.ROOT-SERVERS.NET.
. NS C.ROOT-SERVERS.NET.
. NS D.ROOT-SERVERS.NET.
. NS E.ROOT-SERVERS.NET.
. NS F.ROOT-SERVERS.NET.
. NS G.ROOT-SERVERS.NET.
. NS H.ROOT-SERVERS.NET.
. NS I.ROOT-SERVERS.NET.
. NS J.ROOT-SERVERS.NET.
. NS K.ROOT-SERVERS.NET.
. NS L.ROOT-SERVERS.NET.
. NS M.ROOT-SERVERS.NET.
We simply change the above to:
. IN SOA ns0.dns.TLD. hostmaster.mail.dns.TLD. (
. NS ns0.dns.TLD.
ns0.dns.TLD. A xxx.xxx.xxx.xxx
@@==aka==@@
@@====Root Server Setup====@@
So you want to run an alt-root Root Server?
There are 2 kinds of Tier 0 (or root server) configurations. One for the legacy root, and one for the alternative root (alt-root). And there are 2 kinds of alt-root setups for the root zone, as a Primary Master (zone "type master;") or as a Secondary Master (zone "type slave;")
Before one sets up a Tier 0 zone on a server in the alt-root, you should know the basics of how it is done in the legacy root.
In the following examples, it is going to be presumed that in addition to the root zone, that you also have a Top Level Domain for ".TLD", and that there is a zone "type master;" in named.conf for .TLD AND that you have a minimum set of resource records for .TLD in the zone file, i.e.:
zone "TLD." IN {
file "master/TLD.db";
%%(text;;/var/named/etc/namedb/master/TLD.db)
$TTL 1d
TLD. IN SOA ns0.dns.TLD. hostmaster.mail.dns.TLD. ( 2008012512 1800 900 604800 900 )
IN NS ns0.dns.TLD.
IN TXT ".TLD - Serving as an Example - http://www.dns.TLD"
dns.TLD. A xxx.xxx.xxx.xxx ; .TLD zone Primary Master Static IP address
dns.TLD. MX 10 mail.dns.ukg.
dns.TLD. TXT ".TLD - Serving as an Example - http://www.dns.TLD"
mail.dns.TLD. A xxx.xxx.xxx.xxx ; .TLD zone Primary Master Static IP address
ns0.dns.TLD. A xxx.xxx.xxx.xxx ; .TLD zone Primary Master Static IP address
MX 10 mail.dns.ukg.
TXT ".TLD - Serving as an Example - http://www.dns.TLD"
www.dns.TLD. CNAME ns0.dns.TLD.
Now, we are going to edit root.zone and make ns0.dns.TLD the Source of Authority SOA, so fire up you favorite editor, and open root.zone.
The ONLY part of this file we are concerned with editing is the SOA and the root zone "." NS records (don't mess with anything else):
. NS A.ROOT-SERVERS.NET.
. NS B.ROOT-SERVERS.NET.
. NS C.ROOT-SERVERS.NET.
. NS D.ROOT-SERVERS.NET.
. NS E.ROOT-SERVERS.NET.
. NS F.ROOT-SERVERS.NET.
. NS G.ROOT-SERVERS.NET.
. NS H.ROOT-SERVERS.NET.
. NS I.ROOT-SERVERS.NET.
. NS J.ROOT-SERVERS.NET.
. NS K.ROOT-SERVERS.NET.
. NS L.ROOT-SERVERS.NET.
. NS M.ROOT-SERVERS.NET.
We simply change the above to:
. IN SOA ns0.dns.TLD. hostmaster.mail.dns.TLD. (
. NS ns0.dns.TLD.
ns0.dns.TLD. A xxx.xxx.xxx.xxx
Deletions:
There are 2 kinds of Tier 0 (or root server) configurations. One for the legacy root, and one for the alternative root (alt-root).
Before one sets up a Tier 0 zone on a server in the alt-root, you should know how to set one up in the legacy root.
named.conf will have the same basic zone "." and will be "type master;" or "type slave;":
file "alt.root";
OR
type slave;
file "alt.root";
masters { [IP Address]; [IP Address]; [IP Address]; };
For the moment, keep zone "." set to "type master;" and cp root.zone to alt.root
Next, we are going to edit the copy of the root.zone so fire up you favorite editor and open the copy.
The ONLY part of this file we are concerned with is the SOA and the root zone NS records (don't mess with anything else):
. NS A.ROOT-SERVERS.NET.
. NS H.ROOT-SERVERS.NET.
. NS C.ROOT-SERVERS.NET.
. NS G.ROOT-SERVERS.NET.
. NS F.ROOT-SERVERS.NET.
. NS B.ROOT-SERVERS.NET.
. NS J.ROOT-SERVERS.NET.
. NS K.ROOT-SERVERS.NET.
. NS L.ROOT-SERVERS.NET.
. NS M.ROOT-SERVERS.NET.
. NS I.ROOT-SERVERS.NET.
. NS E.ROOT-SERVERS.NET.
. NS D.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. A 198.41.0.4
H.ROOT-SERVERS.NET. A 128.63.2.53
C.ROOT-SERVERS.NET. A 192.33.4.12
G.ROOT-SERVERS.NET. A 192.112.36.4
F.ROOT-SERVERS.NET. A 192.5.5.241
B.ROOT-SERVERS.NET. A 192.228.79.201
J.ROOT-SERVERS.NET. A 192.58.128.30
K.ROOT-SERVERS.NET. A 193.0.14.129
L.ROOT-SERVERS.NET. A 199.7.83.42
M.ROOT-SERVERS.NET. A 202.12.27.33
I.ROOT-SERVERS.NET. A 192.36.148.17
E.ROOT-SERVERS.NET. A 192.203.230.10
D.ROOT-SERVERS.NET. A 128.8.10.90
Additions:
@@=====Tier 0 Configurations=====@@
