Revision [1104]

This is an old revision of Tier0ServerConfig made by ChristopherTheodore on 2008-02-04 20:26:19.

 

aka

This tutorial presumes that:
  1. You have Bind 9 installed and it is being run in a chroot located at /var/named and that named.conf reside at /var/named/etc/namedb/named.conf,
  2. You have rndc working and know how to use it.
  3. Your server is configured as a Tier 2 server or cache server. See the Tier2ServerConfig
  4. You have read the main portions of the BIND 9 Administrator Reference Manual and that you comprehend the subtle difference between a "domain" and a "zone".
  5. You have at least one static IP Address
  6. You have a 24/7 DSL internet connection or better.
  7. You have both a mail server and a web server up an running. (this can all be done on a single machine if that is all you have)

A Tier 0 Server or root server, is any server that is an authoritative name server and can provide an IXFR/AXFR for the root zone, ".", and can be configured as either a Primary Master (zone "type master;") or a Secondary Masters (zone "type slave;"). This tutorial will be focused on configuring the root zone as, 1st) a Primary Master in the legacy DNS, and, 2nd) as both a Primary Master, and then a Secondary Master in the alt-DNS on Bind 9.

As a quick note: The term "Tier", while being used to describe a name server, is not a "type of name server", it is referring to a name server that is an authoritative name server for a particular "Zone". There is the single Tier 0 zone (or "Root Zone" - ie: . ), and then there are a few Tier 1 zones (or "Top Level Domain Zone" - ie com. org. geek. oss. ukg. etc...), and then there many Tier 2 zones (or Domain Name Zones - ie: example.com.).

Also note, before one sets up a Tier 0 zone on a server in the alt-root, you should know the basics of how it is done in the legacy root.

While your server will not be included in the legacy named.hint file by ICANN/IANA or have a Resource Record for the "." zone (root zone or Tier 0 zone) created for it and will not technically be one of the root servers, it will function much like a root server for the legacy root would. By understanding the basics of how a legacy DNS root server is setup, it will make it easer to understand how we do this in the alt-root.


First, you will need the legacy root.zone file. You can get a current copy of this file from Internic.net at the following location: ftp://rs.internic.net/domain/root.zone.gz

Once you have downloaded and gunzip'ed a copy of this file to the working directory of named (/var/named/etc/namedb/root.zone) take a look at it. You will find that there are A/AAAA records and NS records for all the legacy TLDs (both gTLDs and ccTLDs).

As you can see, this is not the named.hint/named.cache file that comes with Bind 9 used for the "type hint;" config for the Tier 0 zone.

Now it is time to edit the zone "." root in /var/named/etc/namedb/named.conf. It is presumed that you already have a working cache server setup and resolving domain names via the legacy DNS and in named.conf you will have an entry that looks like this:

named.conf
<... snip ...>

zone "." IN {
      type hint;
      file "named.hint";
};

<... snip ...>


Simply change above to this:

named.conf
<... snip ...>

zone "." IN {
      type master;
      file "root.zone";
      notify no;
};

<... snip ...>


Now restart named, or if you have rndc configured, simply: rndc reconfig

You should now be able to: dig @localhost ANY . ; dig @localhost ANY com.

You should get output from dig that looks like this:

root# dig @localhost ANY .

; <<>> DiG 9.3.3 <<>> @localhost ANY .
; (2 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54076
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;.                              IN      ANY

;; ANSWER SECTION:
.                       86400   IN      SOA     A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2008012701 1800 900 604800 86400
.                       518400  IN      NS      L.ROOT-SERVERS.NET.
.                       518400  IN      NS      M.ROOT-SERVERS.NET.
.                       518400  IN      NS      A.ROOT-SERVERS.NET.
.                       518400  IN      NS      B.ROOT-SERVERS.NET.
.                       518400  IN      NS      C.ROOT-SERVERS.NET.
.                       518400  IN      NS      D.ROOT-SERVERS.NET.
.                       518400  IN      NS      E.ROOT-SERVERS.NET.
.                       518400  IN      NS      F.ROOT-SERVERS.NET.
.                       518400  IN      NS      G.ROOT-SERVERS.NET.
.                       518400  IN      NS      H.ROOT-SERVERS.NET.
.                       518400  IN      NS      I.ROOT-SERVERS.NET.
.                       518400  IN      NS      J.ROOT-SERVERS.NET.
.                       518400  IN      NS      K.ROOT-SERVERS.NET.

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jan 28 02:36:16 2008
;; MSG SIZE  rcvd: 285


root# dig @localhost ANY com.

; <<>> DiG 9.3.3 <<>> @localhost ANY com.
; (2 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63776
;; flags: qr rd ra; QUERY: 1, ANSWER: 14, AUTHORITY: 13, ADDITIONAL: 0

;; QUESTION SECTION:
;com.                           IN      ANY

;; ANSWER SECTION:
com.                    900     IN      SOA     a.gtld-servers.net. nstld.verisign-grs.com. 1201513063 1800 900 604800 900
com.                    172800  IN      NS      a.gtld-servers.net.
com.                    172800  IN      NS      b.gtld-servers.net.
com.                    172800  IN      NS      c.gtld-servers.net.
com.                    172800  IN      NS      d.gtld-servers.net.
com.                    172800  IN      NS      e.gtld-servers.net.
com.                    172800  IN      NS      f.gtld-servers.net.
com.                    172800  IN      NS      g.gtld-servers.net.
com.                    172800  IN      NS      h.gtld-servers.net.
com.                    172800  IN      NS      i.gtld-servers.net.
com.                    172800  IN      NS      j.gtld-servers.net.
com.                    172800  IN      NS      k.gtld-servers.net.
com.                    172800  IN      NS      l.gtld-servers.net.
com.                    172800  IN      NS      m.gtld-servers.net.

;; AUTHORITY SECTION:
com.                    172800  IN      NS      m.gtld-servers.net.
com.                    172800  IN      NS      a.gtld-servers.net.
com.                    172800  IN      NS      b.gtld-servers.net.
com.                    172800  IN      NS      c.gtld-servers.net.
com.                    172800  IN      NS      d.gtld-servers.net.
com.                    172800  IN      NS      e.gtld-servers.net.
com.                    172800  IN      NS      f.gtld-servers.net.
com.                    172800  IN      NS      g.gtld-servers.net.
com.                    172800  IN      NS      h.gtld-servers.net.
com.                    172800  IN      NS      i.gtld-servers.net.
com.                    172800  IN      NS      j.gtld-servers.net.
com.                    172800  IN      NS      k.gtld-servers.net.
com.                    172800  IN      NS      l.gtld-servers.net.

;; Query time: 777 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jan 28 02:37:59 2008
;; MSG SIZE  rcvd: 482

root#

And now you have a legacy DNS root server... and yes. It really is this simple.




So now it is time to look at an alt-root Tier 0 zone configuration. There are many ways to do this. For sake of simplicity, and to clarify why it is called the alt-root you need to comprehend that it is because we use an alternative root zone file.

In the following examples, it is going to be presumed that in addition to the root zone, that you also have a Top Level Domain for ".TLD", and that there is a zone "type master;" in named.conf for .TLD AND that you have a minimum set of resource records for .TLD in the zone file, i.e.:

named.conf
zone "." IN {
      type master;
      file "root.zone";
      notify no;
};

zone "TLD." IN {
      type master;
      file "master/TLD.db";
};


/var/named/etc/namedb/master/TLD.db
$TTL 1d
TLD.                    IN SOA  ns0.dns.TLD. hostmaster.mail.dns.TLD. ( 2008012512 1800 900 604800 900 )
                          IN NS   ns0.dns.TLD.
                          IN TXT  ".TLD - Serving as an Example - http://www.dns.TLD"

dns.TLD.              A         xxx.xxx.xxx.xxx  ; .TLD zone Primary Master Static IP address
dns.TLD.              MX 10   mail.dns.ukg.
dns.TLD.              TXT      ".TLD - Serving as an Example - http://www.dns.TLD"

mail.dns.TLD.       A         xxx.xxx.xxx.xxx  ; .TLD zone Primary Master Static IP address
ns0.dns.TLD.        A         xxx.xxx.xxx.xxx  ; .TLD zone Primary Master Static IP address
                         MX 10   mail.dns.ukg.
                         TXT      ".TLD - Serving as an Example - http://www.dns.TLD"
www.dns.TLD.      CNAME  ns0.dns.TLD.


Now, we are going to edit root.zone and make ns0.dns.TLD the Source of Authority SOA, so fire up you favorite editor, and open root.zone.

The ONLY part of this file we are concerned with editing is the SOA and the root zone "." NS records (don't mess with anything else):

. IN    SOA     A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. (
	                              2008012701 ;serial
	                              1800 ;refresh every 30 min
	                              900 ;retry every 15 min
	                              604800 ;expire after a week
	                              86400 ;minimum of a day
	                              )
$TTL 518400
.      NS      A.ROOT-SERVERS.NET.
.      NS      B.ROOT-SERVERS.NET.
.      NS      C.ROOT-SERVERS.NET.
.      NS      D.ROOT-SERVERS.NET.
.      NS      E.ROOT-SERVERS.NET.
.      NS      F.ROOT-SERVERS.NET.
.      NS      G.ROOT-SERVERS.NET.
.      NS      H.ROOT-SERVERS.NET.
.      NS      I.ROOT-SERVERS.NET.
.      NS      J.ROOT-SERVERS.NET.
.      NS      K.ROOT-SERVERS.NET.
.      NS      L.ROOT-SERVERS.NET.
.      NS      M.ROOT-SERVERS.NET.
<... snip ...>


We simply change the above to:

. IN    SOA     ns0.dns.TLD. hostmaster.mail.dns.TLD. (
	                              2008012701 ;serial
	                              1800 ;refresh every 30 min
	                              900 ;retry every 15 min
	                              604800 ;expire after a week
	                              86400 ;minimum of a day
	                              )
$TTL 518400
.                   NS      ns0.dns.TLD.
ns0.dns.TLD.   A        xxx.xxx.xxx.xxx



<... snip ...>
There are no comments on this page.
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki