Revision [1100]
This is an old revision of Tier0ServerConfig made by ChristopherTheodore on 2008-01-31 22:42:07.
So you want to run an alt-root Root Server?
There are 2 kinds of Tier 0 (or root server) configurations. One for the legacy root, and one for the alternative root (alt-root). And there are 2 kinds of alt-root setups for the root zone, as a Primary Master (zone "type master;") or as a Secondary Master (zone "type slave;")
Before one sets up a Tier 0 zone on a server in the alt-root, you should know the basics of how it is done in the legacy root.
While your server will not be included in the legacy named.hint file by ICANN/IANA or have a Resource Record for the "." zone (root zone or Tier 0 zone) created for it, it will function much like a root server for the legacy root would. By understanding the basics of how a legacy DNS root server is setup, it will make it easer to understand how we do this in the alt-root.
First, you will need the legacy root.zone file. You can get a current copy of this file from Internic.net at the following location: ftp://rs.internic.net/domain/root.zone.gz
Once you have downloaded and gunzip'ed a copy of this file to the working directory of named (/var/named/etc/namedb/root.zone) take a look at it. You will find that there are A/AAAA records and NS records for all the legacy TLDs (both gTLDs and ccTLDs).
As you can see, this is not the named.hint/named.cache file that comes with Bind 9 used for the "type hint;" config for the Tier 0 zone.
Now it is time to edit the zone "." root in /var/named/etc/namedb/named.conf. It is presumed that you already have a working cache server setup and resolving domain names via the legacy DNS and in named.conf you will have an entry that looks like this:
named.conf
<... snip ...>
zone "." IN {
type hint;
file "named.hint";
};
<... snip ...>
zone "." IN {
type hint;
file "named.hint";
};
<... snip ...>
Simply change above to this:
named.conf
<... snip ...>
zone "." IN {
type master;
file "root.zone";
notify no;
};
<... snip ...>
zone "." IN {
type master;
file "root.zone";
notify no;
};
<... snip ...>
Now restart named, or if you have rndc configured, simply: rndc reconfig
You should now be able to: dig @localhost ANY . ; dig @localhost ANY com.
You should get output from dig that looks like this:
root# dig @localhost ANY . ; <<>> DiG 9.3.3 <<>> @localhost ANY . ; (2 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54076 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;. IN ANY ;; ANSWER SECTION: . 86400 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2008012701 1800 900 604800 86400 . 518400 IN NS L.ROOT-SERVERS.NET. . 518400 IN NS M.ROOT-SERVERS.NET. . 518400 IN NS A.ROOT-SERVERS.NET. . 518400 IN NS B.ROOT-SERVERS.NET. . 518400 IN NS C.ROOT-SERVERS.NET. . 518400 IN NS D.ROOT-SERVERS.NET. . 518400 IN NS E.ROOT-SERVERS.NET. . 518400 IN NS F.ROOT-SERVERS.NET. . 518400 IN NS G.ROOT-SERVERS.NET. . 518400 IN NS H.ROOT-SERVERS.NET. . 518400 IN NS I.ROOT-SERVERS.NET. . 518400 IN NS J.ROOT-SERVERS.NET. . 518400 IN NS K.ROOT-SERVERS.NET. ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Jan 28 02:36:16 2008 ;; MSG SIZE rcvd: 285 root# dig @localhost ANY com. ; <<>> DiG 9.3.3 <<>> @localhost ANY com. ; (2 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63776 ;; flags: qr rd ra; QUERY: 1, ANSWER: 14, AUTHORITY: 13, ADDITIONAL: 0 ;; QUESTION SECTION: ;com. IN ANY ;; ANSWER SECTION: com. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1201513063 1800 900 604800 900 com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. ;; AUTHORITY SECTION: com. 172800 IN NS m.gtld-servers.net. com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. ;; Query time: 777 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Jan 28 02:37:59 2008 ;; MSG SIZE rcvd: 482 root#
And now you have a legacy DNS root server... and yes. It really is this simple.
So now it is time to look at an alt-root Tier 0 zone configuration. There are many ways to do this. For sake of simplicity, and to clarify why it is called the alt-root you need to comprehend that it is because we use an alternative root zone file.
In the following examples, it is going to be presumed that in addition to the root zone, that you also have a Top Level Domain for ".TLD", and that there is a zone "type master;" in named.conf for .TLD AND that you have a minimum set of resource records for .TLD in the zone file, i.e.:
named.conf
zone "." IN {
type master;
file "root.zone";
notify no;
};
zone "TLD." IN {
type master;
file "master/TLD.db";
};
type master;
file "root.zone";
notify no;
};
zone "TLD." IN {
type master;
file "master/TLD.db";
};
/var/named/etc/namedb/master/TLD.db
$TTL 1d
TLD. IN SOA ns0.dns.TLD. hostmaster.mail.dns.TLD. ( 2008012512 1800 900 604800 900 )
IN NS ns0.dns.TLD.
IN TXT ".TLD - Serving as an Example - http://www.dns.TLD"
dns.TLD. A xxx.xxx.xxx.xxx ; .TLD zone Primary Master Static IP address
dns.TLD. MX 10 mail.dns.ukg.
dns.TLD. TXT ".TLD - Serving as an Example - http://www.dns.TLD"
mail.dns.TLD. A xxx.xxx.xxx.xxx ; .TLD zone Primary Master Static IP address
ns0.dns.TLD. A xxx.xxx.xxx.xxx ; .TLD zone Primary Master Static IP address
MX 10 mail.dns.ukg.
TXT ".TLD - Serving as an Example - http://www.dns.TLD"
www.dns.TLD. CNAME ns0.dns.TLD.
TLD. IN SOA ns0.dns.TLD. hostmaster.mail.dns.TLD. ( 2008012512 1800 900 604800 900 )
IN NS ns0.dns.TLD.
IN TXT ".TLD - Serving as an Example - http://www.dns.TLD"
dns.TLD. A xxx.xxx.xxx.xxx ; .TLD zone Primary Master Static IP address
dns.TLD. MX 10 mail.dns.ukg.
dns.TLD. TXT ".TLD - Serving as an Example - http://www.dns.TLD"
mail.dns.TLD. A xxx.xxx.xxx.xxx ; .TLD zone Primary Master Static IP address
ns0.dns.TLD. A xxx.xxx.xxx.xxx ; .TLD zone Primary Master Static IP address
MX 10 mail.dns.ukg.
TXT ".TLD - Serving as an Example - http://www.dns.TLD"
www.dns.TLD. CNAME ns0.dns.TLD.
Now, we are going to edit root.zone and make ns0.dns.TLD the Source of Authority SOA, so fire up you favorite editor, and open root.zone.
The ONLY part of this file we are concerned with editing is the SOA and the root zone "." NS records (don't mess with anything else):
. IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. ( 2008012701 ;serial 1800 ;refresh every 30 min 900 ;retry every 15 min 604800 ;expire after a week 86400 ;minimum of a day ) $TTL 518400 . NS A.ROOT-SERVERS.NET. . NS B.ROOT-SERVERS.NET. . NS C.ROOT-SERVERS.NET. . NS D.ROOT-SERVERS.NET. . NS E.ROOT-SERVERS.NET. . NS F.ROOT-SERVERS.NET. . NS G.ROOT-SERVERS.NET. . NS H.ROOT-SERVERS.NET. . NS I.ROOT-SERVERS.NET. . NS J.ROOT-SERVERS.NET. . NS K.ROOT-SERVERS.NET. . NS L.ROOT-SERVERS.NET. . NS M.ROOT-SERVERS.NET. <... snip ...>
We simply change the above to:
. IN SOA ns0.dns.TLD. hostmaster.mail.dns.TLD. ( 2008012701 ;serial 1800 ;refresh every 30 min 900 ;retry every 15 min 604800 ;expire after a week 86400 ;minimum of a day ) $TTL 518400 . NS ns0.dns.TLD. ns0.dns.TLD. A xxx.xxx.xxx.xxx <... snip ...>
