Revision [1117]
This is an old revision of Tier0ServerConfig made by ChristopherTheodore on 2008-02-04 22:47:20.
This tutorial presumes that:
A Tier 0 Server or root server, is any server that is an authoritative name server and can provide an IXFR/AXFR for the root zone, ".", and can be configured as either a Primary Master (zone "type master;") or a Secondary Master (zone "type slave;"). This tutorial will be focused on configuring the root zone as, 1st) a Primary Master in the legacy DNS, and, 2nd) as both a Primary Master, and then a Secondary Master in the alt-DNS on Bind 9.- You have Bind 9 installed and it is being run in a chroot located at /var/named and that named.conf reside at /var/named/etc/namedb/named.conf,
- You have rndc working and know how to use it.
- Your server is configured as a Tier 2 server or cache server. See the Tier2ServerConfig
- You have read the main portions of the BIND 9 Administrator Reference Manual and that you comprehend the subtle difference between a "domain" and a "zone".
- You have at least one static IP Address
- You have a 24/7 DSL internet connection or better.
- You have both a mail server and a web server up an running. (this can all be done on a single machine if that is all you have)
As a quick note: The term "Tier", while being used to describe a name server, is not a "type of name server", it is referring to a name server that is an authoritative name server for a particular "Zone". There is the single Tier 0 zone (or "Root Zone" - ie: . ), and then there are a few Tier 1 zones (or "Top Level Domain Zone" - ie com. org. geek. oss. ukg. etc...), and then there many Tier 2 zones (or Domain Name Zones - ie: example.com.).
Also note, before one sets up a Tier 0 zone on a server with an alt-root, you should know the basics of how it is done with the legacy root.
While your server will not be included in the legacy named.hint file by ICANN/IANA or have a Resource Record for the "." zone created for it in the root.zone file and will not technically be one of the root servers, it will function much like a root server for the legacy root would. By understanding the basics of how a legacy DNS root server is setup, it will make it easer to understand how we do this in the alt-root.
First, you will need the legacy root.zone file. You can get a current copy of this file from Internic.net at the following location:
Once you have downloaded and gunzip'ed a copy of this file to the working directory of named (/var/named/etc/namedb/root.zone) take a look at it.
You will find that there are both Name Server (NS) records for "." and all the legacy Top Level Domains (both gTLDs and ccTLDs), and also A/AAAA records for all the NS hosts.
As you can see, this is not the named.hint/named.cache file that comes with Bind 9 normally used for the zone "." { type hint; } in named.conf.
Now it is time to edit the root zone "." in /var/named/etc/namedb/named.conf. It is presumed that you already have a working cache server setup and resolving domain names, and in named.conf you should have this:
named.conf
options {
directory "/etc/namedb";
listen-on { 127.0.0.1; 10.0.0.1; 12.34.56.78; }; # use the correct lan IP address and your static IP address[es] here
allow-query { any; };
query-source address * port 53;
transfer-format many-answers;
multi-master yes;
recursion yes; # you may decide to disable this later, leave it alone for now.
provide-ixfr yes;
request-ixfr yes;
};
<... snip ...>
zone "." IN {
type hint;
file "named.hint";
};
<... snip ...>
directory "/etc/namedb";
listen-on { 127.0.0.1; 10.0.0.1; 12.34.56.78; }; # use the correct lan IP address and your static IP address[es] here
allow-query { any; };
query-source address * port 53;
transfer-format many-answers;
multi-master yes;
recursion yes; # you may decide to disable this later, leave it alone for now.
provide-ixfr yes;
request-ixfr yes;
};
<... snip ...>
zone "." IN {
type hint;
file "named.hint";
};
<... snip ...>
Make sure you add the above options if you don't have them, and change the above zone to this:
named.conf
<... snip ...>
zone "." IN {
type master;
file "root.zone";
notify no;
};
<... snip ...>
zone "." IN {
type master;
file "root.zone";
notify no;
};
<... snip ...>
Now restart named, or if you have rndc configured (which you should), simply: rndc reload
You should now be able to:
$ dig @localhost ANY .
$ dig @localhost ANY com.
$ dig @localhost ANY com.
You should get output from dig that looks like this:
$ dig @localhost ANY . ; <<>> DiG 9.3.3 <<>> @localhost ANY . ; (2 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54076 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;. IN ANY ;; ANSWER SECTION: . 86400 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2008012701 1800 900 604800 86400 . 518400 IN NS L.ROOT-SERVERS.NET. . 518400 IN NS M.ROOT-SERVERS.NET. . 518400 IN NS A.ROOT-SERVERS.NET. . 518400 IN NS B.ROOT-SERVERS.NET. . 518400 IN NS C.ROOT-SERVERS.NET. . 518400 IN NS D.ROOT-SERVERS.NET. . 518400 IN NS E.ROOT-SERVERS.NET. . 518400 IN NS F.ROOT-SERVERS.NET. . 518400 IN NS G.ROOT-SERVERS.NET. . 518400 IN NS H.ROOT-SERVERS.NET. . 518400 IN NS I.ROOT-SERVERS.NET. . 518400 IN NS J.ROOT-SERVERS.NET. . 518400 IN NS K.ROOT-SERVERS.NET. ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Jan 28 02:36:16 2008 ;; MSG SIZE rcvd: 285 $ dig @localhost ANY com. ; <<>> DiG 9.3.3 <<>> @localhost ANY com. ; (2 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63776 ;; flags: qr rd ra; QUERY: 1, ANSWER: 14, AUTHORITY: 13, ADDITIONAL: 0 ;; QUESTION SECTION: ;com. IN ANY ;; ANSWER SECTION: com. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1201513063 1800 900 604800 900 com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. ;; AUTHORITY SECTION: com. 172800 IN NS m.gtld-servers.net. com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. ;; Query time: 777 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Jan 28 02:37:59 2008 ;; MSG SIZE rcvd: 482 root#
And now you have a functioning legacy DNS root server, *kind of*. ;-)
The next step is to transits to an alt-root and setup an alt-DNS root server. There are many ways to do this. For sake of simplicity, and to clarify why it is called the alt-root you need to comprehend that it is because we use an alternative root zone file.
Also, while setting up a TLD is gone into in more detail in the Tier1ServerConfig page you will need to have one setup for this to work, so in the following examples, it is going to be presumed that in addition to the root zone, that you also have a Top Level Domain for ".TEST", and that there is a zone "type master;" in named.conf for "TEST." AND that you have a minimum set of resource records for "TEST." in the TEST. zone file, "var/named/etc/namedb/master/TEST/TEST.db".
Edit named.conf and add the TEST. zone:
/var/named/etc/namedb/named.conf
zone "." IN {
type master;
file "root.zone";
notify no;
};
zone "TEST." IN {
type master;
file "master/TEST/TEST.db";
};
type master;
file "root.zone";
notify no;
};
zone "TEST." IN {
type master;
file "master/TEST/TEST.db";
};
And to make the "TEST." zone work, here is a basic zone file that can be used as is. A more complex example of this file will be explained in the Tier1ServerConfig page, but for now, just grab this and save it as a plain text file in: /var/named/etc/namedb/master/TEST/TEST.db
/var/named/etc/namedb/master/TEST/TEST.db
$TTL 1h
TEST. IN SOA ns0.dns.TEST. hostmaster.mail.dns.TEST. ( 2008000001 1800 900 604800 900 )
IN NS ns0.dns.TEST.
IN TXT ".TEST - Serving as an Example - http://www.dns.TEST"
dns.TEST. A 12.34.56.78 ; .TLD zone Primary Master Static IP address
dns.TEST. MX 10 mail.dns.TEST.
dns.TEST. TXT ".TEST - Serving as an Example - http://www.dns.TEST"
mail.dns.TEST. A 12.34.56.78 ; .TLD zone Primary Master Static IP address
ns0.dns.TEST. A 12.34.56.78 ; .TLD zone Primary Master Static IP address
MX 10 mail.dns.TEST.
TXT ".TEST - Serving as an Example - http://www.dns.TEST"
www.dns.TEST. CNAME ns0.dns.TEST.
TEST. IN SOA ns0.dns.TEST. hostmaster.mail.dns.TEST. ( 2008000001 1800 900 604800 900 )
IN NS ns0.dns.TEST.
IN TXT ".TEST - Serving as an Example - http://www.dns.TEST"
dns.TEST. A 12.34.56.78 ; .TLD zone Primary Master Static IP address
dns.TEST. MX 10 mail.dns.TEST.
dns.TEST. TXT ".TEST - Serving as an Example - http://www.dns.TEST"
mail.dns.TEST. A 12.34.56.78 ; .TLD zone Primary Master Static IP address
ns0.dns.TEST. A 12.34.56.78 ; .TLD zone Primary Master Static IP address
MX 10 mail.dns.TEST.
TXT ".TEST - Serving as an Example - http://www.dns.TEST"
www.dns.TEST. CNAME ns0.dns.TEST.
Now, before you restart named, you also need to edit /var/named/etc/namedb/root.zone and make ns0.dns.TEST the Source of Authority SOA. You CAN NOT use ICANN's root-servers because they know nothing about .TEST and will fail to resolve any domain names for the .TEST Top Level Domain. So fire up you favorite editor, and open /var/named/etc/namedb/root.zone.
The ONLY part of this file we are concerned with editing is the SOA and the root zone "." NS records (don't mess with anything else because we want our root server to be able to resolve domain names in the legacy DNS as well as additional TLDs in the alt-DNS - this is how we maintain "Universal Resolvability"):
/var/named/etc/namedb/root.zone
. IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. (
2008012701 ;serial
1800 ;refresh every 30 min
900 ;retry every 15 min
604800 ;expire after a week
86400 ;minimum of a day
)
$TTL 518400
. NS A.ROOT-SERVERS.NET.
. NS B.ROOT-SERVERS.NET.
. NS C.ROOT-SERVERS.NET.
. NS D.ROOT-SERVERS.NET.
. NS E.ROOT-SERVERS.NET.
. NS F.ROOT-SERVERS.NET.
. NS G.ROOT-SERVERS.NET.
. NS H.ROOT-SERVERS.NET.
. NS I.ROOT-SERVERS.NET.
. NS J.ROOT-SERVERS.NET.
. NS K.ROOT-SERVERS.NET.
. NS L.ROOT-SERVERS.NET.
. NS M.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. A 198.41.0.4
H.ROOT-SERVERS.NET. A 128.63.2.53
C.ROOT-SERVERS.NET. A 192.33.4.12
G.ROOT-SERVERS.NET. A 192.112.36.4
<... snip ...>
2008012701 ;serial
1800 ;refresh every 30 min
900 ;retry every 15 min
604800 ;expire after a week
86400 ;minimum of a day
)
$TTL 518400
. NS A.ROOT-SERVERS.NET.
. NS B.ROOT-SERVERS.NET.
. NS C.ROOT-SERVERS.NET.
. NS D.ROOT-SERVERS.NET.
. NS E.ROOT-SERVERS.NET.
. NS F.ROOT-SERVERS.NET.
. NS G.ROOT-SERVERS.NET.
. NS H.ROOT-SERVERS.NET.
. NS I.ROOT-SERVERS.NET.
. NS J.ROOT-SERVERS.NET.
. NS K.ROOT-SERVERS.NET.
. NS L.ROOT-SERVERS.NET.
. NS M.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. A 198.41.0.4
H.ROOT-SERVERS.NET. A 128.63.2.53
C.ROOT-SERVERS.NET. A 192.33.4.12
G.ROOT-SERVERS.NET. A 192.112.36.4
<... snip ...>
We simply delete all the ICANN/IANA ". NS *.ROOT-SERVER.NET" records, and change the above to look like this:
. IN SOA ns0.dns.TEST. hostmaster.mail.dns.TEST. ( 2008012702 ; serial 1800 ;refresh every 30 min 900 ;retry every 15 min 604800 ;expire after a week 86400 ;minimum of a day ) $TTL 1h . NS ns0.dns.TEST. ns0.dns.TEST. A 12.34.56.78 ; This should be you Static IP Address ; START OF ICANN RESOURCE RECORDS - LEAVE THE REST OF THE FILE UNCHANGED A.ROOT-SERVERS.NET. A 198.41.0.4 H.ROOT-SERVERS.NET. A 128.63.2.53 C.ROOT-SERVERS.NET. A 192.33.4.12 G.ROOT-SERVERS.NET. A 192.112.36.4 <... snip ...>
Don't for get to increase the serial number by one and make sure you look very closely at all the details.
Now save the file and restart named.
