dns-setup.doc

早期freebsd实现

         full domainname to avoid any complications.
   Following this record a NS record with blank domain field makes
   host.dep.secdom.topdom. the primary nameserver for our domain.

   For each host in our domain the datafile has to contain the following
   records:
   * an A record that gives the corresponding ip address
   * a HINFO record that gives the machine type and the operating system
   * a MX record that tells sendmail where to send mail for this host to.

   Since we want to use mail servers in our departments 
   instaed of one big mail server in the computer center we must
   include MX records pointing to those mail servers. Further in order
   to allow mail addressed to 
        user@department.secdom.topdom 
   to be delivered we setup MX records for our subdomains (departments)
   pointing to the correct server.

   There are a few users in various departments that will get their mail
   delivered at the central server hosta in rz.secdom.topdom.
   Since we don't want to include their hosts (i.e. PCs) to the subdomain
   rz.secdom.topdom. we shall make them use
        user@secdom.topdom 
   to be their mail address and put a MX record in our datafile that
   directs mail addressed to user@secdom.topdom to hosta.rz.secdom.topdom.
   
   Note: These users *must* have an account on hosta to get their mail
         delivered otherwise it is send back to the sender with a 
         message "user unknown".


5. Mapping addresses to names:

   Now we have almost finished our setup. There is only one thing left: 
   the mapping of addresses to names. This is done in 
         named.rev
   in /confdir and in 
         named.local
   in the same directory.

   For this mapping a special domain has been created: IN-ADDR.ARPA.
   We have to setup datafiles for the subdomains
        b.a 
   and
        0.0.127
   of this domain.

   Note that we use the dotted notation (a.b.c.d) in reverse order here!
   If a host has the address a.b.c.d we will refer to it here using
   d.c.b.a.IN-ADDR.ARPA. The domain field of the RRs in named.rev
   (and named.local) is of the form d.c.b.a when the origin is 
   IN-ADDR.ARPA for this file.

   named.rev contains the following types of records:
   * a SOA record for b.a.IN-ADDR.ARPA
   * a NS record that makes host.dep.secdom.topdom. the primary 
     nameserver for this domain
   * a PTR record for each host given in named.hosts

   The PTR record looks like
 
   domain IN PTR full-domainname-of-the-host

   with

   domain  Since we defined b.a.IN-ADDR.ARPA the origin for this file
           (in /etc/named.boot) we give here the *last* two bytes of
           the internet address in dotted notation in reverse order. I.e.
           if a host has the internet address a.b.10.2 associated
           with it in named.rev we give 2.10 in the domain field of the 
           corresponding PTR record.
   IN PTR  defines the record to be a "pointer" record of class IN.
   full-domainname-of-the-host
           here we give the full domainname of the host that has been
           given the internet address corresponding to "domain".

   Well, that's somewhat tricky. Let's have an example:
   In named.hosts we have a host with the following A record
   host.dep.secdom.topdom. IN A a.b.c.d
   Now let's create the PTR record for this host in named.rev. In the 
   domain b.a.IN-ADDR.ARPA our host has the domainname d.c so the
   PTR record is
   d.c  IN PTR host.dep.secdom.topdom.


   Now that we have created named.rev only named.local is to be
   created. named.local defines a special local domain 0.0.127.IN-ADDR.ARPA.
   that is associated with the special hostname "localhost". This hostname
   is given the ip address 127.0.0.1. Our named.local may look like
   the following


;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;   named.local for secdom.topdom
;   last change 93/01/27            
;   93/05/27 -- sendmail changes
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; 
;  @(#)named.local 1.1 (fh-nuernberg) 93/01/25
;
$ORIGIN 0.0.127.IN-ADDR.ARPA.
@     IN   SOA    host.dep.secdom.topdom.  dnsadm.host.dep.secdom.topdom. (
                          930817001 ; Serial
                          28800     ; Refresh
                          7200      ; Retry
                          6044800   ; Expire
                          172800 )  ; Minimum
      IN   NS     host.dep.secdom.topdom.
1     IN   PTR    localhost.


   Note: The network 127.0.0 is not a valid network to contain hosts. 
         It is only used for testing. Packets addressed to 127.0.0.1
         should *never* leave the local host.

    Setting up a primary nameserver for an internet host
    ====================================================

! When our host gets connected to the Internet (after serveral organizational 
! work done) we have to change our configuration slightly. There are two
! places we have to make changes at:

1. We have to alter /etc/named.boot to let our host find the real
   internet root nameservers. We have no longer to fake a root nameserver.
   The line 
   primary  .  root.cache
   should be replaced by
   cache   . root.cache

2. We have to take the official root.cache file now. This file 
   may have the following contents:



;
;       This file holds the information on root name servers needed to
;       initialize cache of Internet domain name servers 
;       (e.g. reference this file in the "cache  .  <file>"
;       configuration file of BIND domain name servers).
;
;       This file is made available by InterNIC registration services
;       under anonymous FTP as
;           file                /domain/named.root
;           on server           FTP.RS.INTERNIC.NET
;       -OR- under Gopher at RS.INTERNIC.NET
;           under menu          InterNIC Registration Services (NSI)
;              submenu          InterNIC Registration Archives
;           file                named.root
;
;       last update:    April 21, 1993
;       related version of root zone:   930421
;
.                        99999999 IN  NS    NS.INTERNIC.NET.
NS.INTERNIC.NET.         99999999     A     198.41.0.4
.                        99999999     NS    KAVA.NISC.SRI.COM.
KAVA.NISC.SRI.COM.       99999999     A     192.33.33.24
.                        99999999     NS    C.NYSER.NET.
C.NYSER.NET.             99999999     A     192.33.4.12
.                        99999999     NS    TERP.UMD.EDU.
TERP.UMD.EDU.            99999999     A     128.8.10.90
.                        99999999     NS    NS.NASA.GOV.
NS.NASA.GOV.             99999999     A     128.102.16.10
                         99999999     A     192.52.195.10
.                        99999999     NS    NS.NIC.DDN.MIL.
NS.NIC.DDN.MIL.          99999999     A     192.112.36.4
.                        99999999     NS    AOS.ARL.ARMY.MIL.
AOS.ARL.ARMY.MIL.        99999999     A     128.63.4.82
                         99999999     A     192.5.25.82
.                        99999999     NS    NIC.NORDU.NET.
NIC.NORDU.NET.           99999999     A     192.36.148.17
; End of File

! Here I replaced the copy of the root.cache file!


! There is some administrative work we have to do (if we haven't done
! it yet). We have to inform the administrators of our parent domain 
! about the nameserver(s) we have installed. We have to tell them
! 1. the full domain names of our primary and at least one secondary
!    nameserver for our zone
! 2. the internet addresses of these servers.
!
! We have to name at least to servers for our zone that are physically
! (i.e electricity) independent. The reason for this is that one of
! the nameservers for a zone should be available at least. 
! So we have to get someone external to run a secondary server for 
! our zone.

Well that's all.


Setting up a secondary nameserver
=================================

! Well, for a secondary nameserver we have to make three files.
! The type of nameserver (primary/secondary) is determined on a zone
! basis. The same machine can be a primary for one zone and a 
! secondary for another zone. Which type of nameserver we run for
! which zone we have to give in the file /etc/named.boot. 

! Here we assume a server which is secondary for our zone and 
! primary only for the zone 0.0.127.IN-ADDR.ARPA which is for
! the host running the server only.


1. /etc/named.boot may look like the following:


;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;   Nameserver bootfile for secdom.topdom       
;   last change 93/05/27
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;
;  @(#)named.boot.master 1.11 of 93/01/25             
;
; bootfile for secondary master server fh-nuernberg
;
directory /usr/name.dir 
;
; type        domain           source host/file      backup file
;
;cache         .                root.cache
secondary     secdom.topdom      a.b.c.d           named.bak 
secondary     b.a.IN-ADDR.ARPA  a.b.c.d            rev.bak
primary       0.0.127.IN-ADDR.ARPA  named.local
;
;

! In the above file I deleted the line with the domain statement.


2. named.local will be exactly analogous to the one described when 
   "Setting up a primary master nameserver for a non-internet host (5.)"

3. root.cache is the same as described when "Setting up a primary nameserver
   for an internet host (3.)"

Note: Here I assume we have a internet connection.

If we don't have a connection to the internet and we have previously
configured an internal root nameserver as described at the beginning
of this document we may use the following root.cache file for our
secondary that points to our "fake" root server:


;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; temporary root.cache file for a 
;secondary without internet connection
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;
. 99999999 IN NS host.dep.secdom.topdom
host.dep.secdom.topdom. IN A a.b.c.d


4. Get named started with the appropriate startup file.