Revision [1096]

This is an old revision of Tier0ServerConfig made by ChristopherTheodore on 2008-01-28 20:46:44.

 

Tier 0 Configurations

DRAFT


There are 2 kinds of Tier 0 (or root server) configurations. One for the legacy root, and one for the alternative root (alt-root).

Before one sets up a Tier 0 zone on a server in the alt-root, you should know how to set one up in the legacy root.

While your server will not be included in the legacy named.hint file by ICANN/IANA or have a Resource Record for the "." zone (root zone or Tier 0 zone) created for it, it will function much like a root server for the legacy root would. By understanding the basics of how a legacy DNS root server is setup, it will make it easer to understand how we do this in the alt-root.

Legacy Tier 0 Config

First, you will need the legacy root.zone file. You can get a current copy of this file from Internic.net at the following location: ftp://rs.internic.net/domain/root.zone.gz

Once you have downloaded and gunzip'ed a copy of this file to the working directory of named (/var/named/etc/namedb/root.zone) take a look at it. You will find that there are A/AAAA records and NS records for all the legacy TLDs (both gTLDs and ccTLDs).

As you can see, this is not the named.hint/named.cache file that comes with Bind 9 used for the "type hint;" config for the Tier 0 zone.

Now it is time to edit the zone "." root in /var/named/etc/namedb/named.conf. It is presumed that you already have a working cache server setup and resolving domain names via the legacy DNS and in named.conf you will have an entry that looks like this:

named.conf
<... snip ...>

zone "." IN {
      type hint;
      file "named.hint";
};

<... snip ...>


Simply change above to this:

named.conf
<... snip ...>

zone "." IN {
      type master;
      file "root.zone";
      notify no;
};

<... snip ...>


Now restart named, or if you have rndc configured, simply: rndc reconfig

You should now be able to: dig @localhost ANY . ; dig @localhost ANY com.

You should get output from dig that looks like this:

root# dig @localhost ANY .

; <<>> DiG 9.3.3 <<>> @localhost ANY .
; (2 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54076
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;.                              IN      ANY

;; ANSWER SECTION:
.                       86400   IN      SOA     A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2008012701 1800 900 604800 86400
.                       518400  IN      NS      L.ROOT-SERVERS.NET.
.                       518400  IN      NS      M.ROOT-SERVERS.NET.
.                       518400  IN      NS      A.ROOT-SERVERS.NET.
.                       518400  IN      NS      B.ROOT-SERVERS.NET.
.                       518400  IN      NS      C.ROOT-SERVERS.NET.
.                       518400  IN      NS      D.ROOT-SERVERS.NET.
.                       518400  IN      NS      E.ROOT-SERVERS.NET.
.                       518400  IN      NS      F.ROOT-SERVERS.NET.
.                       518400  IN      NS      G.ROOT-SERVERS.NET.
.                       518400  IN      NS      H.ROOT-SERVERS.NET.
.                       518400  IN      NS      I.ROOT-SERVERS.NET.
.                       518400  IN      NS      J.ROOT-SERVERS.NET.
.                       518400  IN      NS      K.ROOT-SERVERS.NET.

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jan 28 02:36:16 2008
;; MSG SIZE  rcvd: 285


root# dig @localhost ANY com.

; <<>> DiG 9.3.3 <<>> @localhost ANY com.
; (2 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63776
;; flags: qr rd ra; QUERY: 1, ANSWER: 14, AUTHORITY: 13, ADDITIONAL: 0

;; QUESTION SECTION:
;com.                           IN      ANY

;; ANSWER SECTION:
com.                    900     IN      SOA     a.gtld-servers.net. nstld.verisign-grs.com. 1201513063 1800 900 604800 900
com.                    172800  IN      NS      a.gtld-servers.net.
com.                    172800  IN      NS      b.gtld-servers.net.
com.                    172800  IN      NS      c.gtld-servers.net.
com.                    172800  IN      NS      d.gtld-servers.net.
com.                    172800  IN      NS      e.gtld-servers.net.
com.                    172800  IN      NS      f.gtld-servers.net.
com.                    172800  IN      NS      g.gtld-servers.net.
com.                    172800  IN      NS      h.gtld-servers.net.
com.                    172800  IN      NS      i.gtld-servers.net.
com.                    172800  IN      NS      j.gtld-servers.net.
com.                    172800  IN      NS      k.gtld-servers.net.
com.                    172800  IN      NS      l.gtld-servers.net.
com.                    172800  IN      NS      m.gtld-servers.net.

;; AUTHORITY SECTION:
com.                    172800  IN      NS      m.gtld-servers.net.
com.                    172800  IN      NS      a.gtld-servers.net.
com.                    172800  IN      NS      b.gtld-servers.net.
com.                    172800  IN      NS      c.gtld-servers.net.
com.                    172800  IN      NS      d.gtld-servers.net.
com.                    172800  IN      NS      e.gtld-servers.net.
com.                    172800  IN      NS      f.gtld-servers.net.
com.                    172800  IN      NS      g.gtld-servers.net.
com.                    172800  IN      NS      h.gtld-servers.net.
com.                    172800  IN      NS      i.gtld-servers.net.
com.                    172800  IN      NS      j.gtld-servers.net.
com.                    172800  IN      NS      k.gtld-servers.net.
com.                    172800  IN      NS      l.gtld-servers.net.

;; Query time: 777 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jan 28 02:37:59 2008
;; MSG SIZE  rcvd: 482

root#

And now you have a legacy DNS root server... and yes. It really is this simple.

alt-root Tier 0 Config

So now it is time to look at an alt-root Tier 0 zone configuration. There are many ways to do this. For sake of simplicity, and to clarify why it is called the alt-root you need to comprehend that it is because we use an alternative root zone file.

named.conf will have the same basic zone "." and will be "type master;" or "type slave;":

named.conf
<... snip ...>

zone "." IN {
      type master;
      file "alt.root";
      notify no;
};

<... snip ...>

OR
named.conf
<... snip ...>

zone "." IN {
      type slave;
      file "alt.root";
      masters { [IP Address]; [IP Address]; [IP Address]; };
};

<... snip ...>


For the moment, keep zone "." set to "type master;" and cp root.zone to alt.root

Next, we are going to edit the copy of the root.zone so fire up you favorite editor and open the copy.

The ONLY part of this file we are concerned with is the SOA and the root zone NS records (don't mess with anything else):

. IN    SOA     A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. (
	                              2008012701 ;serial
	                              1800 ;refresh every 30 min
	                              900 ;retry every 15 min
	                              604800 ;expire after a week
	                              86400 ;minimum of a day
	                              )
$TTL 518400
. NS A.ROOT-SERVERS.NET.
. NS H.ROOT-SERVERS.NET.
. NS C.ROOT-SERVERS.NET.
. NS G.ROOT-SERVERS.NET.
. NS F.ROOT-SERVERS.NET.
. NS B.ROOT-SERVERS.NET.
. NS J.ROOT-SERVERS.NET.
. NS K.ROOT-SERVERS.NET.
. NS L.ROOT-SERVERS.NET.
. NS M.ROOT-SERVERS.NET.
. NS I.ROOT-SERVERS.NET.
. NS E.ROOT-SERVERS.NET.
. NS D.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. A 198.41.0.4
H.ROOT-SERVERS.NET. A 128.63.2.53
C.ROOT-SERVERS.NET. A 192.33.4.12
G.ROOT-SERVERS.NET. A 192.112.36.4
F.ROOT-SERVERS.NET. A 192.5.5.241
B.ROOT-SERVERS.NET. A 192.228.79.201
J.ROOT-SERVERS.NET. A 192.58.128.30
K.ROOT-SERVERS.NET. A 193.0.14.129
L.ROOT-SERVERS.NET. A 199.7.83.42
M.ROOT-SERVERS.NET. A 202.12.27.33
I.ROOT-SERVERS.NET. A 192.36.148.17
E.ROOT-SERVERS.NET. A 192.203.230.10
D.ROOT-SERVERS.NET. A 128.8.10.90


There are no comments on this page.
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki