Revision history for Tier1ServerConfig


Revision [1124]

Last edited on 2008-02-07 12:45:55 by ChristopherTheodore
Additions:
needs content....
Deletions:
@@==by: Christopher Theodore: Rhodes==@@
@@=====1st ROUGH DRAFT=====@@

>> **This tutorial presumes that:**

~1)You have Bind 9 installed and it is being run in a chroot located at /var/named and that named.conf reside at /var/named/etc/namedb/named.conf,
~1) You have **rndc** working and know how to use it.
~1) Your server is configured as a Tier 0 or //root server//. See the Tier0ServerConfig
~1) You have read the main portions of the [[http://www.isc.org/index.pl?/sw/bind/arm94/index.php BIND 9 Administrator Reference Manual]] and that you comprehend the subtle difference between a "domain" and a "zone".
~1) You have at least one static IP Address
~1) You have a 24/7 DSL internet connection or better.
~1) You have both a mail server and a web server up an running. (this can all be done on a single machine if that is all you have)

>>A **Tier 1 Server** or **Top Level Domain Server**, is any server that is an //authoritative name server// and can provide an IXFR/AXFR for a **Top Level Domain (TLD) Zone**, and it may be configured as either a **Primary Master** (//zone "type master;"//) or a **Secondary Master** (//zone "type slave;"//). This tutorial will be focused on configuring the **Primary Master Zone** for a Top Level Domain on Bind 9.

As a quick note: The term "Tier", while being used to describe a name server, is not a "type of name server", it is referring to a name server that is an //authoritative name server// for a particular "Zone". There is the single Tier 0 zone (or "Root Zone" - ie: **.** ), and then there are a few Tier 1 zones (or "Top Level Domain Zone" - ie **com. org. geek. oss. ukg.** etc...), and then there many Tier 2 zones (or Domain Name Zones - ie: **example.com.**). You will likely notice that Tier 1 Servers are also configured as Secondary Masters for the zone "." (//zone "type slave";//), and that they will also be both Primary Masters and Secondary Masters for any number of Domain Name Zones as well (//both zone "type master;" and "type slave;"//). This would qualify them as being both Tier 0 and Tier 2 servers, or a Tier 0/1/2 Server. For simplicity, we simply call them Tier 1 Servers.

Due to the fact that you will not be able to resolve and test your Top Level Domain or Domain Names until your TLD is added to the root zone file, you will need to configure your server as a Tier 0 Server first. See the Tier0ServerConfig page and then come back to this page.

@@====named.conf====@@

While named.conf has many sections and configuration directives, we will only be focused on the portions relevant to setting up the initial Top Level Domain zone, a few key **options {};** relevent to Tier 1 Servers, and the minimum **Resource Record Set** (RRset) for the TLD's Zone Master File. Hosting of a domain name zone locally, and the delegation of a domain name to a Tier 2 server's domain name zone will also be covered.

We will be using the fictional Top Level Domain zone **.TLD**, **local.TLD.** and **delegated.TLD.** for the domain zones, and the Static IP **12.34.56.78** in the examples below.

Make sure you have the dir **/var/named/etc/namedb/master** and if not create it. Because a TLD zone will have many more records and zone files you will find it useful to also create /var/named/etc/namedb/master/TLD for the many zone records and include files that will be created as more domain names are created on the TLD. Also, all path names in both named.conf and the zone files are relative to the chroot environment.

The the basic set of options and zone entry in named.conf are very simple and if you are not familiar with an option, do see the Bind Manual as they will not be being explained in depth, if at all:
%%(text;;/var/named/namedb/named.conf)
options {
directory "/etc/namedb";
key-directory "/etc/namedb/keys";
pid-file "/var/run/named/pid";
version "BIND 9 - alt-DNS";
listen-on { 10.0.0.1; 12.34.56.78; };
query-source address * port 53;
#listen-on-v6 { none; };
#query-source-v6 address * port 53;
allow-query { any; };
transfer-format many-answers;
multi-master yes;
recursion yes; # you may decide later to disable this.
dump-file "logs/dump.db";
statistics-file "logs/stats.db";
minimal-responses no;
provide-ixfr yes;
request-ixfr yes;
max-cache-size 104857600; # This is in bytes
dnssec-enable yes; # We care about security and use DNSSEC
dnssec-lookaside . trust-anchor dlv.isc.org.;
auth-nxdomain yes;
};

include "logging.conf";

# RNDC
controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; };
include "keys/rndc.key"; # this file also has the admin.TLD. key, used below, in it.

# This is used for DNSSEC Lookaside Validation (DVL) and muct be configured - see https://secure.isc.org/index.pl?/ops/dlv/
trusted-keys { dlv.isc.org. "You will need the key located here: https://secure.isc.org/ops/dlv/dlv.isc.org.named.conf"; };


# Tier 0 - Root Zone
zone "." {
type master; # This will be changed to type slave after your TLD is proposed and added to the root.
file "alt.root";
# masters { 66.150.224.233; 58.6.115.46; 58.6.115.45; 216.87.84.214; }; # uncomment when zone type is changed to "slave".
notify no;
};

# Tier 1 - TLD Primary Masters
zone "TLD." {
type master;
file "master/TLD/TLD.db"
allow-update { key admin.TLD.; }
notify yes;
};

# Tier 2 - Domain Primary Masters
zone "local.TLD." {
type master;
file "master/TLD/local.TLD.db";
allow-update { key admin.TLD.; };
notify yes;
};

<..snip..>
%%

Now that we have added some options {}; and the needed zone entries in named.conf, it is time to focus on the content of the zone files "TLD.db" and "local.TLD.db". Note that there is no zone for "delegated.TLD." as domain names that are hosted on other servers don't need a zone configured on your server. There delegation of a domain name will be covered later.

@@====The Top Level Domain Zone File: TLD.db====@@

The first we will look at **TLD.db** from a (non-chroot prespective), which is /var/named/etc/namedb/master/TLD/TLD.db

Note that in all the configuration files and zone files that the paths are relevant to the chroot environment. So from binds prespective, this file is located at: /etc/namedb/master/TLD/TLD.db

It uses the same Zone File Directives as any zone file, but due to the fact that it is going to contain **many** resource records for many domain names, we must take this into consideration before the file is full of 1000's for records. Note the use of the $INCLUDE directive in this file which will be explained below.

%%(text;;/var/named/namedb/master/TLD/TLD.db)
$TTL 3h
TLD. IN SOA ns0.dns.TLD. hostmaster.mail.dns.TLD. ( 2008012512 1800 900 604800 900 )
IN NS ns0.dns.TLD
MX 10 mail.dns.TLD
IN TXT ".TLD - An alt-root TLD - http://www.dns.TLD"

; SYNTAX: $INCLUDE [FILENAME] [ORIGIN] [COMMENT]
$INCLUDE /etc/namedb/master/TLD/dns.TLD.inc dns.TLD. ;contins records used in the SOA
$INCLUDE /etc/namedb/master/TLD/delegated.TLD.inc delegated.TLD. ; used for delegating this to another name servers
%%

As was mentioned above, this is a //minimal// Resource Record set for a TLD. You will more then likely have another MX record and many more NS records as most of the admin of other TLDs in the alt-root are willing to setup Secondary Masters for other TLDs.

Also, while any hostname could have been used in the SOA Record, due to the fact that a uniform naming convention eases web site development, software development, and other coordination, all TLDs (regardless of the Sponsor - OpenNIC or another Orginization) are hopefully using the host name ns0.dns.[TLD] for the Primary Master of the TLD.

In addition to the "ns0" sub-domain, there is also expected to be:

~1) a mail server accepting mail at mail.dns.[TLD] for hostmaster@mail.dns.[TLD] and abuse@mail.dns.[TLD], and;
~1) a web server at www.dns.[TLD] with the TLDs Charter and WHOIS information published at http://www.dns.[TLD]/charter.html

==The $INCLUDE FILE: dns.TLD.inc==

Now, the first of the 2 files included with the $INCLUDE Directives holds the Resource Records for the hostnames in the TLD's SOA, NS, and MX records. This file works very much like using the Directive: **$ORIGIN dns.TLD.** would, it is as if the records in this file were in the TLD.db file following an **$ORIGIN dns.TLD.** Directive.

With that in mind, the use of "**@**" in this file will be interpreted as "**dns.TLD.**" and domain names that are not fully terminated (that do not end with a "."), will have "**dns.TLD.**" appended to them. For example, "mail" will be interpreted as "mail.dns.[TLD]."

Time to look at the contents of the **dns.TLD.inc** //include file//:
%%(text;;/var/named/namedb/master/TLD/dns.TLD.inc)
@ IN A 12.34.56.78
@ MX 10 12.34.56.78
ns0 IN A 12.34.56.78
mail IN A 12.34.56.78
www CNAME @
%%

Obviously if you have more then one static IP you would add ns1 and ns2 records or use an A Record for the www. Again, this is the minimal set of records needed to setup the Tier 1 zone.

==delegated.TLD.inc==

....


Revision [1116]

Edited on 2008-02-04 22:45:07 by ChristopherTheodore
Deletions:
@@==aka==@@
@@====Top Level Domain Server====@@


Revision [1114]

Edited on 2008-02-04 22:44:04 by ChristopherTheodore
Additions:
@@==by: Christopher Theodore: Rhodes==@@


Revision [1109]

Edited on 2008-02-04 21:29:12 by ChristopherTheodore
Additions:
>>A **Tier 1 Server** or **Top Level Domain Server**, is any server that is an //authoritative name server// and can provide an IXFR/AXFR for a **Top Level Domain (TLD) Zone**, and it may be configured as either a **Primary Master** (//zone "type master;"//) or a **Secondary Master** (//zone "type slave;"//). This tutorial will be focused on configuring the **Primary Master Zone** for a Top Level Domain on Bind 9.
Deletions:
>>A **Tier 1 Server**, which is any server that is an //authoritative name server// for a **Top Level Domain (TLD) Zone**, and can be configured as either the **Primary Master** (//zone "type master;"//) or one of many **Secondary Masters** (//zone "type slave;"//). This tutorial will be focused on configuring the **Primary Master Zone** for a Top Level Domain on Bind 9.


Revision [1108]

Edited on 2008-02-04 21:26:58 by ChristopherTheodore
Additions:
>> **This tutorial presumes that:**


Revision [1107]

Edited on 2008-02-04 21:25:55 by ChristopherTheodore
Additions:
@@==aka==@@
@@====Top Level Domain Server====@@
Deletions:
>>**This tutorial presumes that:**


Revision [1103]

Edited on 2008-02-04 18:22:35 by ChristopherTheodore
Additions:
~1) Your server is configured as a Tier 0 or //root server//. See the Tier0ServerConfig
Due to the fact that you will not be able to resolve and test your Top Level Domain or Domain Names until your TLD is added to the root zone file, you will need to configure your server as a Tier 0 Server first. See the Tier0ServerConfig page and then come back to this page.
@@====named.conf====@@
dnssec-enable yes; # We care about security and use DNSSEC
include "logging.conf";
include "keys/rndc.key"; # this file also has the admin.TLD. key, used below, in it.
# This is used for DNSSEC Lookaside Validation (DVL) and muct be configured - see https://secure.isc.org/index.pl?/ops/dlv/
type master; # This will be changed to type slave after your TLD is proposed and added to the root.
file "alt.root";
# masters { 66.150.224.233; 58.6.115.46; 58.6.115.45; 216.87.84.214; }; # uncomment when zone type is changed to "slave".
notify no;
@@====The Top Level Domain Zone File: TLD.db====@@
Note that in all the configuration files and zone files that the paths are relevant to the chroot environment. So from binds prespective, this file is located at: /etc/namedb/master/TLD/TLD.db
It uses the same Zone File Directives as any zone file, but due to the fact that it is going to contain **many** resource records for many domain names, we must take this into consideration before the file is full of 1000's for records. Note the use of the $INCLUDE directive in this file which will be explained below.
As was mentioned above, this is a //minimal// Resource Record set for a TLD. You will more then likely have another MX record and many more NS records as most of the admin of other TLDs in the alt-root are willing to setup Secondary Masters for other TLDs.
Also, while any hostname could have been used in the SOA Record, due to the fact that a uniform naming convention eases web site development, software development, and other coordination, all TLDs (regardless of the Sponsor - OpenNIC or another Orginization) are hopefully using the host name ns0.dns.[TLD] for the Primary Master of the TLD.
~1) a web server at www.dns.[TLD] with the TLDs Charter and WHOIS information published at http://www.dns.[TLD]/charter.html
==The $INCLUDE FILE: dns.TLD.inc==
Now, the first of the 2 files included with the $INCLUDE Directives holds the Resource Records for the hostnames in the TLD's SOA, NS, and MX records. This file works very much like using the Directive: **$ORIGIN dns.TLD.** would, it is as if the records in this file were in the TLD.db file following an **$ORIGIN dns.TLD.** Directive.
With that in mind, the use of "**@**" in this file will be interpreted as "**dns.TLD.**" and domain names that are not fully terminated (that do not end with a "."), will have "**dns.TLD.**" appended to them. For example, "mail" will be interpreted as "mail.dns.[TLD]."
==delegated.TLD.inc==
....
Deletions:
~1) Your server is already using the alt-root (see and apply the Tier2ServerConfig) and that you can resolve domain names in both the legacy root and the alt-root.
include "blackhole.inc"; # includes a separate file with the blackhole { list; };
dnssec-enable yes; # We care DNSSEC
include "logging.conf"; # includes a separate file with the logging { config; };
include "keys/rndc.key"; # this file also has the admin.TLD. key in
# This is used for DNSSEC Lookaside Validation (DVL) - see https://secure.isc.org/index.pl?/ops/dlv/
type slave;
file "named.root";
masters { 66.150.224.233; 58.6.115.46; 58.6.115.45; 216.87.84.214; }; # dig ANY root.opennic.glue for a current list
notify yes;
It uses the same Zone File Directives as any zone file, but due to the fact that it is going to contain **many** resource records for many domain names, we must take this into consideration before the file is full of 1000's for records. Note the use of the $INCLUDE directive in this file.
As was mentioned above, this is a //minimal// Resource Record set for a TLD. You will more then likely have another MX record and many more NS records as most of the admin of other TLDs in the alt-root are willing to setup Secondary Masters for all the TLDs.
Also, while any hostname could have been used in the SOA Record, due to the fact that a uniform naming convention eases web site development, software development, and other coordination, all TLDs (regardless of the Sponsor - OpenNIC or another Orginization) are hopefully using ns0.dns.[TLD] for the Primary Master of the TLD.
~1) a web server at www.dns.TLD with the TLDs Charter and WHOIS information published at http://www.dns.TLD/charter.html
Now, the first of the 2 files included with the $INCLUDE Directives holds the Resource Records for the hostnames in the TLD's SOA, NS, and MX records. This file works the same way using the Directive: **$ORIGIN dns.TLD.** would if the records were in the TLD.db file following an **$ORIGIN dns.TLD.** Directive.
So the use of "**@**" in this file will be interpreted as "**dns.TLD.**" and names that do not end with a "." will have "**dns.TLD.**" appended to them.


Revision [1102]

Edited on 2008-02-04 15:32:46 by ChristopherTheodore
Additions:
@@=====1st ROUGH DRAFT=====@@
>>**This tutorial presumes that:**
~1)You have Bind 9 installed and it is being run in a chroot located at /var/named and that named.conf reside at /var/named/etc/namedb/named.conf,
~1) You have **rndc** working and know how to use it.
~1) Your server is already using the alt-root (see and apply the Tier2ServerConfig) and that you can resolve domain names in both the legacy root and the alt-root.
~1) You have read the main portions of the [[http://www.isc.org/index.pl?/sw/bind/arm94/index.php BIND 9 Administrator Reference Manual]] and that you comprehend the subtle difference between a "domain" and a "zone".
~1) You have at least one static IP Address
~1) You have a 24/7 DSL internet connection or better.
~1) You have both a mail server and a web server up an running. (this can all be done on a single machine if that is all you have)
>>A **Tier 1 Server**, which is any server that is an //authoritative name server// for a **Top Level Domain (TLD) Zone**, and can be configured as either the **Primary Master** (//zone "type master;"//) or one of many **Secondary Masters** (//zone "type slave;"//). This tutorial will be focused on configuring the **Primary Master Zone** for a Top Level Domain on Bind 9.
As a quick note: The term "Tier", while being used to describe a name server, is not a "type of name server", it is referring to a name server that is an //authoritative name server// for a particular "Zone". There is the single Tier 0 zone (or "Root Zone" - ie: **.** ), and then there are a few Tier 1 zones (or "Top Level Domain Zone" - ie **com. org. geek. oss. ukg.** etc...), and then there many Tier 2 zones (or Domain Name Zones - ie: **example.com.**). You will likely notice that Tier 1 Servers are also configured as Secondary Masters for the zone "." (//zone "type slave";//), and that they will also be both Primary Masters and Secondary Masters for any number of Domain Name Zones as well (//both zone "type master;" and "type slave;"//). This would qualify them as being both Tier 0 and Tier 2 servers, or a Tier 0/1/2 Server. For simplicity, we simply call them Tier 1 Servers.
While named.conf has many sections and configuration directives, we will only be focused on the portions relevant to setting up the initial Top Level Domain zone, a few key **options {};** relevent to Tier 1 Servers, and the minimum **Resource Record Set** (RRset) for the TLD's Zone Master File. Hosting of a domain name zone locally, and the delegation of a domain name to a Tier 2 server's domain name zone will also be covered.
We will be using the fictional Top Level Domain zone **.TLD**, **local.TLD.** and **delegated.TLD.** for the domain zones, and the Static IP **12.34.56.78** in the examples below.
Make sure you have the dir **/var/named/etc/namedb/master** and if not create it. Because a TLD zone will have many more records and zone files you will find it useful to also create /var/named/etc/namedb/master/TLD for the many zone records and include files that will be created as more domain names are created on the TLD. Also, all path names in both named.conf and the zone files are relative to the chroot environment.
The the basic set of options and zone entry in named.conf are very simple and if you are not familiar with an option, do see the Bind Manual as they will not be being explained in depth, if at all:
%%(text;;/var/named/namedb/named.conf)
options {
directory "/etc/namedb";
key-directory "/etc/namedb/keys";
pid-file "/var/run/named/pid";
version "BIND 9 - alt-DNS";
listen-on { 10.0.0.1; 12.34.56.78; };
query-source address * port 53;
#listen-on-v6 { none; };
#query-source-v6 address * port 53;
allow-query { any; };
transfer-format many-answers;
multi-master yes;
recursion yes; # you may decide later to disable this.
dump-file "logs/dump.db";
statistics-file "logs/stats.db";
minimal-responses no;
provide-ixfr yes;
request-ixfr yes;
include "blackhole.inc"; # includes a separate file with the blackhole { list; };
max-cache-size 104857600; # This is in bytes
dnssec-enable yes; # We care DNSSEC
dnssec-lookaside . trust-anchor dlv.isc.org.;
auth-nxdomain yes;
};
include "logging.conf"; # includes a separate file with the logging { config; };
# RNDC
controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; };
include "keys/rndc.key"; # this file also has the admin.TLD. key in
# This is used for DNSSEC Lookaside Validation (DVL) - see https://secure.isc.org/index.pl?/ops/dlv/
trusted-keys { dlv.isc.org. "You will need the key located here: https://secure.isc.org/ops/dlv/dlv.isc.org.named.conf"; };
# Tier 0 - Root Zone
zone "." {
type slave;
file "named.root";
masters { 66.150.224.233; 58.6.115.46; 58.6.115.45; 216.87.84.214; }; # dig ANY root.opennic.glue for a current list
notify yes;
};
# Tier 1 - TLD Primary Masters
zone "TLD." {
type master;
file "master/TLD/TLD.db"
allow-update { key admin.TLD.; }
notify yes;
};
# Tier 2 - Domain Primary Masters
zone "local.TLD." {
type master;
file "master/TLD/local.TLD.db";
allow-update { key admin.TLD.; };
};
<..snip..>
%%
Now that we have added some options {}; and the needed zone entries in named.conf, it is time to focus on the content of the zone files "TLD.db" and "local.TLD.db". Note that there is no zone for "delegated.TLD." as domain names that are hosted on other servers don't need a zone configured on your server. There delegation of a domain name will be covered later.
The first we will look at **TLD.db** from a (non-chroot prespective), which is /var/named/etc/namedb/master/TLD/TLD.db
It uses the same Zone File Directives as any zone file, but due to the fact that it is going to contain **many** resource records for many domain names, we must take this into consideration before the file is full of 1000's for records. Note the use of the $INCLUDE directive in this file.
%%(text;;/var/named/namedb/master/TLD/TLD.db)
$TTL 3h
TLD. IN SOA ns0.dns.TLD. hostmaster.mail.dns.TLD. ( 2008012512 1800 900 604800 900 )
IN NS ns0.dns.TLD
MX 10 mail.dns.TLD
IN TXT ".TLD - An alt-root TLD - http://www.dns.TLD"
; SYNTAX: $INCLUDE [FILENAME] [ORIGIN] [COMMENT]
$INCLUDE /etc/namedb/master/TLD/dns.TLD.inc dns.TLD. ;contins records used in the SOA
$INCLUDE /etc/namedb/master/TLD/delegated.TLD.inc delegated.TLD. ; used for delegating this to another name servers
%%
As was mentioned above, this is a //minimal// Resource Record set for a TLD. You will more then likely have another MX record and many more NS records as most of the admin of other TLDs in the alt-root are willing to setup Secondary Masters for all the TLDs.

Also, while any hostname could have been used in the SOA Record, due to the fact that a uniform naming convention eases web site development, software development, and other coordination, all TLDs (regardless of the Sponsor - OpenNIC or another Orginization) are hopefully using ns0.dns.[TLD] for the Primary Master of the TLD.
In addition to the "ns0" sub-domain, there is also expected to be:
~1) a mail server accepting mail at mail.dns.[TLD] for hostmaster@mail.dns.[TLD] and abuse@mail.dns.[TLD], and;
~1) a web server at www.dns.TLD with the TLDs Charter and WHOIS information published at http://www.dns.TLD/charter.html
Now, the first of the 2 files included with the $INCLUDE Directives holds the Resource Records for the hostnames in the TLD's SOA, NS, and MX records. This file works the same way using the Directive: **$ORIGIN dns.TLD.** would if the records were in the TLD.db file following an **$ORIGIN dns.TLD.** Directive.
So the use of "**@**" in this file will be interpreted as "**dns.TLD.**" and names that do not end with a "." will have "**dns.TLD.**" appended to them.
Time to look at the contents of the **dns.TLD.inc** //include file//:
%%(text;;/var/named/namedb/master/TLD/dns.TLD.inc)
@ IN A 12.34.56.78
@ MX 10 12.34.56.78
ns0 IN A 12.34.56.78
mail IN A 12.34.56.78
www CNAME @
%%
Obviously if you have more then one static IP you would add ns1 and ns2 records or use an A Record for the www. Again, this is the minimal set of records needed to setup the Tier 1 zone.
Deletions:
Need content here...


Revision [506]

The oldest known version of this page was created on 2007-07-20 01:23:51 by BrianKoontz
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki