7    Domain Name Service

The Domain Name Service (DNS) is a mechanism for resolving unknown host names and Internet Protocol (IP) addresses that originate from sites on your company's intranet or the Internet. A database lookup service that is part of the DNS daemon searches for the unknown hosts in local and remote hosts databases, which are distributed networkwide by the DNS.

The implementation of DNS in Tru64 UNIX is based on Version 8.1.2 of the Berkeley Internet Name Domain (BIND) service, which is maintained by the Internet Software Consortium.

This chapter describes:

• The DNS environment

• How to configure your system for DNS

• How to manage DNS servers and clients

For introductory information on DNS, see bind_intro(7). For additional information about BIND service, see Appendix H and the BIND Configuration File Guide (provided in HTML format on the Tru64 UNIX Documentation CD-ROM). You can also visit the Internet Software Consortium website at www.isc.org.

For troubleshooting information, see Section 14.6 and Chapter 16 for servers and Section 14.7 for clients.

7.1    DNS Environment

In the DNS environment, systems can have the following roles:

• Master server -- A system that is an authoritative source for information about a zone or zones and that maintains the master copy of the DNS database for the zone or zones.

  This system runs the named daemon, answers requests from clients and other servers, caches information, and distributes the databases to slave servers.

• Slave server -- A system that is an authoritative source for information about a zone or zones, but does not maintain the master copy of the DNS database for the zone or zones. Instead, a slave server loads its database files from the master server when the master server indicates that the files have been updated.

  This system runs the named daemon, provides backup for the master server, answers requests from clients and other servers, and caches information.

• Stub server -- A master server that delegates authority for a specified subzone to a server local to the subzone.

  The stub server does not retain information in its configuration files about the machines in the specified subzone. Instead of searching the master DNS database, it queries the local server for information about machines in the subzone.

  Typically, stub service is implemented so that the administrator of a subzone can change the configuration of the subzone without affecting the configuration file on the master server.

• Caching-only server -- A system that is not authoritative for any zones. This system runs the named daemon and responds to queries from other servers and clients by querying other servers for the information and caching the information it receives. Information is stored until the data expires.

  Typically, a caching-only server has direct access to the Internet and it answers queries exclusively about sites on the Internet.

• Forward-only server -- A system that might be an authoritative source for information about a zone or zones, but is restricted as to how it obtains information about zones for which it is not authoritative.

  This system runs the named daemon and responds to queries from other servers and clients with information from its authoritative date and cache data. If the information is not present, the system forwards queries to a list of systems specified as forwarders in its named.conf file. The queries are forwarded to each forwarder system until the list is exhausted or the query is satisfied. Forward-only servers store the information they receive until the data expires.

  Typically, a forward-only server has restricted access to an intranet or the Internet. By providing a list of specific forwarders to contact, an administrator can prevent a forward-only server from attempting to contact servers that it cannot access.

• Client -- A system that queries a server for host name and address information, interprets responses, and passes information to requesting applications. The client is also called a resolver. A client does not run the named daemon.

Note

Documentation for BIND prior to Version 8.1.1 referred to the master server as a primary server and the slave server as a secondary server. Though the terminology has changed, master and slave servers are still referred to as having primary and secondary authority, respectively, for zones.

DNS runs on each system in your network. You must decide what role each system will play in the DNS environment that you create. For each domain, select one host to be the master server; there can be only one master server for each domain. Select one or more hosts to be slave, stub, and caching-only servers. Configure the rest of the hosts as DNS clients.

Figure 7-1 shows a domain in which there are two servers, one on each subnet, and multiple clients. Server A, the master server, has primary authority for the zone and maintains the database files for the zone. Server B, the slave server, has secondary authority for the zone; it obtains a copy of the zone database from Server A and responds to queries from clients.

Figure 7-1:  Sample Small DNS Configuration

Figure 7-2 shows a domain in which there are three zones: mktg.corp.com, eng.corp.com, and acct.corp.com. Server B is the master server for the mktg.corp.com zone and a slave server for the other two zones. It has primary authority for mktg.corp.com and secondary authority for each of the other two zones. Server C has primary authority for the eng.corp.com zone and secondary authority for each of the other two zones. Server D has primary authority for the acct.corp.com zone and secondary authority for each of the other two zones. Server A is both a router and a caching-only server. As a caching-only server, it caches information it receives from queries out of the parent domain.

In the same example, if the three zones were located in three different cities or countries, you could configure Server A at mktg.corp.com as a stub server for the other two remote zones. That way, all of the resource records for the remote sites would reside on servers (Server C and Server D) local to the eng.corp.com and acct.corp.com domains. The master server, Server A, would retain only the resource records for the name server that is local to each subdomain. Server A would query Server C and Server D for information about the machines in the eng.corp.com and acct.corp.com domains instead of searching its own master DNS database.

Figure 7-2:  Sample Large DNS Configuration

7.2    Planning DNS

Figure 7-3 shows the DNS Setup Worksheet, which you can use to record the information required to configure DNS. If you are viewing this manual online, you can use the print feature of your browser to print a copy of this worksheet. The following sections explain the information you need to record on the worksheet.

Figure 7-3:  DNS Setup Worksheet

Local domain name

For a master server, the domain for which the server has primary authority. For client systems, the parent domain of which your local system is a part. For example, if your system's domain name is cxcxcx.abc.xyz.com, your local domain name is abc.xyz.com.

7.2.1    Server

Host name resolution

The order in which the local /etc/hosts file, DNS database, and NIS database should be queried for host name resolution.

Indicate the order on the worksheet by placing the appropriate number next to each item. The following order is recommended:

1. Local hosts file

2. DNS database

3. NIS database

Zone domain name

The name of the top-level domain in the zone.

Authority

If the server is a master server for the zone (maintains the zone database file), check Primary. If the server is a slave server for the zone (copies the zone database file from the master), check Secondary.

Data file

For a master server, the pathname of the file that contains the master database of zone information.

For a slave server, the pathname of the file that contains a copy of the database of zone information obtained from the master server. This is optional, but useful when the server restarts. Instead of waiting to obtain information from a master server, which might not be available, the slave server can restart using the information in the data file.

Server address

For a slave server, the address of the server that is the master server for the zone domain.

Forwarder name

The host name of a system or systems to which your server forwards queries that it cannot resolve locally. When the server receives a query that it cannot answer from its cache, it sends the query to a forwarder for resolution. If the forwarder cannot answer the query, the server might contact other servers directly. If your system is a Forward-only server, you must include forwarder names; otherwise, forwarders are optional.

7.2.2    Client

Server name

The name of a server to contact for host name resolution. Specify up to three servers.

Internet address

A corresponding IP address for the server or servers.

Host name resolution

The order in which the local /etc/hosts file, DNS database, and NIS database should be queried for host name resolution.

Indicate the order on the worksheet by placing the appropriate number next to each item. The following order is recommended:

1. Local hosts file

2. DNS database

3. NIS database

7.3    Configuring DNS

When you configure DNS, you must first set up the master server. You can configure the other systems in any order.

7.3.1    Configuring a Master Server

Use the SysMan Menu application of the Common Desktop Environment (CDE) Application Manager to configure a DNS master server. To invoke the SysMan Menu application, follow the instructions in Section 1.1.1.

To configure a master server, do the following:

1. Copy into the /etc/namedb/src directory the hosts file that you want to convert to the DNS hosts database.

   To create the a new file from which the hosts database will be created, you can update the master server's local /etc/hosts file (see Section 2.3.7) and copy it into the /etc/namedb/src directory with the same hosts file name. If a system is in your DNS domain and is running DNS but is not included in the master server's hosts database, other systems in the domain cannot obtain the its IP address.

2. From the SysMan Menu, select Networking-->Additional Network Services-->Domain Name Service (DNS(BIND))-->Configure system as a DNS server to display the bindsetup script.

   Alternatively, enter the following command on a command line:

   # /usr/bin/sysman dns_server
   

3. Press the Return key and choose the a option from the Action Menu.

4. Enter c to continue after the script indicates that you must know your default domain name or exit. Enter your domain name.

5. Select the m option from the Configuration Menu to configure the master server (primary authority). The script prompts you to convert the source files in /etc/namedb/src to the appropriate DNS format.

   1. If you choose y for Yes, the script converts the hosts file you created in step 1 and uses the data to create a new /etc/namedb/named.local file. The script also creates a named.ca file that contains the IP address-to-hostname mappings and a named.conf boot file that is used to initialize DNS at startup time. Finally, the script sets your system's host name to the fully qualified DNS host name.

   2. If you choose n for No to convert the DNS database manually, enter the following commands after the script is finished executing:

      # cd /etc/namedb
      # make hosts
      

6. The script prompts you to choose the order in which to resolve host name queries.

   If you enter 1, the system queries the local hosts file, then the DNS database, then the NIS database. If you enter 2, the system queries the DNS database, then the local hosts file, then the NIS database.

   It is best to enter 1 to query the local hosts file first.

   Alternatively, you can enter 3 to use the svcsetup script to customize service order selection. See Section 7.5 and svcsetup(8) for information about modifying the svc.conf file.

7. Select OK to close the dialog box after you are informed that the setup was successful.

You can also modify your server configuration after the initial setup. See the online help for more information.

7.3.2    Configuring a Slave Server

Use the SysMan Menu application of the Common Desktop Environment (CDE) Application Manager to configure a DNS slave server. To invoke the SysMan Menu application, follow the instructions in Section 1.1.1.

To configure a slave server, do the following:

1. From the SysMan Menu, select Networking-->Additional Network Services-->Domain Name Service (DNS(BIND))-->Configure system as a DNS server to display the bindsetup script.

   Alternatively, enter the following command on a command line:

   # /usr/bin/sysman dns_server
   

2. Press the Return key and choose the a option from the Action Menu.

3. Enter c to continue when the script indicates that you must know your default domain name or exit. Enter your domain name.

4. Select the s option from the Configuration Menu to configure a slave server (secondary authority). The script indicates that you must know the name and IP address of the DNS master server for your domain. Enter c to continue.

5. Enter the name of the master server for your domain. If you enter the fully qualified host name, you must include a trailing dot (.). For example, if the fully qualified host name is cxcxcx.abc.xyc.com, enter it as follows:

   cxcxcx.abc.xyc.com.
    
    
   

   The script indicates which system files it is updating and sets the host name to the fully qualified DNS host name.

6. The script prompts you to start the named daemon. If you answer yes, the daemon starts. If you answer no, you can use the following command to start the daemon manually after the script finishes executing:

   # /sbin/init.d/named start
    
    
   

7. The script prompts you to choose the order in which to resolve host name queries.

   If you enter 1, the system queries the local hosts file, then the DNS database, then the NIS database. If you enter 2, the system queries the DNS database, then the local hosts file, then the NIS database.

   It is best to enter 1 to query the local hosts file first.

   Alternatively, you can enter 3 to use the svcsetup script to customize service order selection. See Section 7.5 and svcsetup(8) for information about modifying the svc.conf file.

8. Select OK to close the utility after you are informed that the setup was successful.

You can also modify your server configuration after the initial setup. See the online help for more information.

7.3.3    Configuring a Caching-Only Server

Use theSysMan Menu application of the Common Desktop Environment (CDE) Application Manager to configure a DNS caching-only server. To invoke the SysMan Menu application, follow the instructions in Section 1.1.1.

To configure a caching-only server, do the following:

1. From the SysMan Menu, select Networking-->Additional Network Services-->Domain Name Service (DNS(BIND))-->Configure system as a DNS server to display the bindsetup script.

   Alternatively, enter the following command on a command line:

   # /usr/bin/sysman dns_server
   

2. Press the Return key and choose the a option from the Action Menu.

3. Enter c to continue when the script indicates that you must know your default domain name or exit. Enter your domain name.

4. Select the c option from the Configuration Menu to configure a caching-only server.

   The script indicates which system files it is updating and sets the host name to the fully qualified DNS host name.

5. The script prompts you to start the named daemon. If you answer yes, the daemon starts. If you answer no, you can use the following command to start the daemon manually after the script finishes executing:

   # /sbin/init.d/named start
    
    
   

6. The script prompts you to choose the order in which to resolve host name queries.

   If you enter 1, the system queries the local hosts file, then the DNS database, then the NIS database. If you enter 2, the system queries the DNS database, then the local hosts file, then the NIS database.

   It is best to enter 1 to query the local hosts file first.

   Alternatively, you can enter 3 to use the svcsetup script to customize service order selection. See Section 7.5 and svcsetup(8) for information about modifying the svc.conf file.

7. Select OK to close the utility after you are informed that the setup was successful.

You can also modify your server configuration after the initial setup. See the online help for more information.

7.3.4    Configuring a Forward-Only Server

Use the SysMan Menu application of the Common Desktop Environment (CDE) Application Manager to configure a DNS forward-only server. To invoke the SysMan Menu application, follow the instructions in Section 1.1.1.

To configure a forward-only server, do the following:

1. From the SysMan Menu, select Networking-->Additional Network Services-->Domain Name Service (DNS(BIND))-->Configure system as a DNS server to display the bindsetup script.

   Alternatively, enter the following command on a command line:

   # /usr/bin/sysman dns_server
   

2. Press the Return key and choose the a option from the Action Menu.

3. Enter c to continue when the script indicates that you must know your default domain name or exit. Enter your domain name.

4. Select the f option from the Configuration Menu to configure a forward-only server. The script indicates that you must know the names and IP addresses of the specified DNS servers for your domain. Enter c to continue.

5. Enter the host names and IP addresses of one or more DNS servers in your domain. If they are not listed in the /etc/hosts file, the script gives you the option of adding them.

   If you enter the fully qualified host name, you must include a trailing dot (.). For example, if the fully qualified host name is cxcxcx.abc.xyc.com, enter it as follows:

   cxcxcx.abc.xyc.com.
    
    
   

   Indicate that you are finished entering DNS servers. The script indicates which system files it is updating and sets the host name to the fully qualified DNS host name.

6. The script prompts you to start the named daemon. If you answer yes, the daemon starts. If you answer no, you can use the following command to start the daemon manually after the script finishes executing:

   # /sbin/init.d/named start
    
    
   

7. The script prompts you to choose the order in which to resolve host name queries.

   If you enter 1, the system queries the local hosts file, then the DNS database, then the NIS database. If you enter 2, the system queries the DNS database, then the local hosts file, then the NIS database.

   It is best to enter 1 to query the local hosts file first.

   Alternatively, you can enter 3 to use the svcsetup script to customize service order selection. See Section 7.5 and svcsetup(8) for information about modifying the svc.conf file.

8. Select OK to close the utility after you are informed that the setup was successful.

You can also modify your server configuration after the initial setup. See the online help for more information.

7.3.5    Configuring a Stub Server

Use the SysMan Menu application of the Common Desktop Environment (CDE) Application Manager to configure a DNS stub server. To invoke the SysMan Menu application, follow the instructions in Section 1.1.1.

Note

When configuring stub service, run the SysMan Menu application on the server that will have authority for the subzone, not on the master server. See the definition for a stub server in Section 7.1 for more information.

To configure a stub server, do the following:

1. From the SysMan Menu, select Networking-->Additional Network Services-->Domain Name Service (DNS(BIND))-->Configure system as a DNS server to display the bindsetup script.

   Alternatively, enter the following command on a command line:

   # /usr/bin/sysman dns_server
   

2. Press the Return key and choose the a option from the Action Menu.

3. Enter c to continue when the script indicates that you must know your default domain name or exit. Enter your domain name.

4. Select the t option from the Configuration Menu to configure a stub server. The script indicates that you must know the name and IP address of the DNS master server for your domain. Enter c to continue.

5. Enter the name of the master server for your domain. If you enter the fully qualified host name, you must include a trailing dot (.). For example, if the fully qualified host name is cxcxcx.abc.xyc.com, enter it as follows:

   cxcxcx.abc.xyc.com.
    
    
   

   The script indicates which system files it is updating and sets the host name to the fully qualified DNS host name.

6. The script prompts you to start the named daemon. If you answer yes, the daemon starts. If you answer no, you can use the following command to start the daemon manually after the script finishes executing:

   # /sbin/init.d/named start
    
    
   

7. The script prompts you to choose the order in which to resolve host name queries.

   If you enter 1, the system queries the local hosts file, then the DNS database, then the NIS database. If you enter 2, the system queries the DNS database, then the local hosts file, then the NIS database.

   It is best to enter 1 to query the local hosts file first.

   Alternatively, you can enter 3 to use the svcsetup script to customize service order selection. See Section 7.5 and svcsetup(8) for information about modifying the svc.conf file.

8. Select OK to close the utility after you are informed that the setup was successful.

You can also modify your server configuration after the initial setup. See the online help for more information.

7.3.6    Configuring a DNS Client

Use the SysMan Menu application of the Common Desktop Environment (CDE) Application Manager to configure DNS on clients. To invoke the SysMan Menu application, follow the instructions in Section 1.1.1.

To configure a DNS client, do the following:

1. From the SysMan Menu, select Networking-->Additional Network Services-->Domain Name Service (DNS(BIND))-->Configure system as a DNS client to display the Configure DNS Client dialog box.

   Alternatively, enter the following command on a command line:

   # /usr/bin/sysman dns_client
   

2. Enter the domain name in the Local Domain field.

3. Select Add to add a name server.

4. Enter the host name and the IP address for the name server.

   The addresses are recorded in the /etc/resolv.conf file, where the resolver uses them to determine the IP addresses of name servers it should query.

5. Select OK to add the host name to the list of name servers. If the specified host is not listed in the /etc/hosts file, the script prompts you to add it to that file. Select Yes or No.

   To add other name servers, repeat steps 3 through 5. You can specify up to three name servers.

6. Indicate the order in which to resolve host name queries in the Host Name Resolution Order field. Open the pull-down menu and choose from the list of options. Administrators usually use either the DNS Database, Local Host File, NIS option or the Local Host File, DNS Database, NIS option; the latter is recommended. Your choice is recorded in the /etc/svc.conf file.

   Alternatively, you can run the svcsetup script to customize service order selection. See Section 7.5 and svcsetup(8) for information about modifying the svc.conf file.

7. Configure your system to search alternate domains for address resolution by doing the following:

   1. Select Domains Searched to display the associated dialog box.

   2. Select Add to display the Add/Modify dialog box.

   3. Enter the name of a domain to search. Your local domain is searched by default; you do not need to enter it.

   4. Select OK to accept the entry. Repeat steps 7b through 7d, if necessary. You can specify up to six domains.

   5. Select OK to accept the list of domains to be searched.

8. Select OK to accept the configuration. The script prompts you to change the host name of the system.

9. Select Yes or No as appropriate. If you choose Yes to change the host name, you are prompted to add localhost to the access control list. Select Yes to allow graphical user interfaces to be displayed properly on your newly renamed system.

10. Select OK to close the Configure DNS Client dialog box.

You can also modify your client configuration after the initial setup. See the online help for more information.

7.4    Deconfiguring DNS

Use the SysMan Menu application of the Common Desktop Environment (CDE) Application Manager to deconfigure DNS servers and clients. To invoke the SysMan Menu application, follow the instructions in Section 1.1.1.

When you deconfigure DNS, the service stops and the DNS server and client configuration information is deleted from the system. This action cannot be undone. To restore DNS, you must configure it again using the SysMan Menu.

To deconfigure DNS, do the following:

1. From the SysMan Menu, select Networking-->Additional Network Services-->Domain Name Service (DNS(BIND))-->Deconfigure DNS on this system to display the Deconfigure DNS dialog box.

   Alternatively, enter the following command on a command line:

   # /usr/bin/sysman dns_deconfigure
   

2. Select Yes to deconfigure DNS on the system.

3. Select OK to close the Deconfigure DNS dialog box.

7.5    Modifying the svc.conf File with svcsetup

You can modify the /etc/svc.conf file without running the DNS Configuration application. To do this, you invoke the svcsetup script using the following command:

# /usr/sbin/svcsetup

Once invoked, use the following steps to edit the /etc/svc.conf file:

1. Press the Return key following the informational messages to continue.

2. Press the Return key to choose the m option from the Configuration Menu.

3. Choose option 2 from the Change Menu. Option 2 corresponds to the hosts database.

4. Enter the number that corresponds to the order in which you want the services running on your system queried for hosts data.

   Listing local first means that the local /etc/hosts file is searched first for the requested information. If the information is not found locally, then DNS servers, NIS servers, or both, are queried, depending on which options you choose.

   Note

   For better performance, the first service that your system queries for all databases should be local, regardless of what services you are running.

   Choose option 3, 4, 5, or 6 to configure the svc.conf file so that DNS serves hosts information.

   The svcsetup script indicates that it is updating the /etc/svc.conf file. When svcsetup is finished updating the file, the script notifies you and the system prompt (#) is displayed.

7.6    Updating DNS Data Files on the Master Server

Occasionally you might need to update the DNS data files; for example, you might need to add a host to the data files. To add a new host, follow these steps:

1. Edit the /etc/namedb/src/hosts file to add the new host.

2. Change to the /etc/namedb directory and enter one of the following commands:

   # make hosts
   # make all
   

After you edit the hosts file and enter the make command, the DNS conversion scripts (which are in the /etc/namedb/bin directory) do the following for you:

1. Create the new hosts databases: named.local and named.ca.

2. Place the new databases in the /etc/namedb directory.

3. Send a signal to the named daemon to reload all databases that have changed.

Note

If you have manually entered mail exchanger (MX) records in the named.local file, these records are lost. You will have to edit the named.local file and add the MX records.

The DNS database conversion scripts also increment the serial number field of the start of authority (SOA) entry in the database file and inform the slave servers that it is time to refresh their data.

The process is the same for all of the valid files in the master server's /etc/namedb/src directory. Scripts are provided to create the named.local and named.ca databases.

7.7    Obtaining Host Name and IP Address Information

There are several ways that you can obtain information about host names, IP addresses, and user information from a system using DNS. The following sections provide an introduction to two commands: nslookup and whois.

7.7.1    The nslookup Command

You can use the nslookup command to noninteractively and interactively query DNS for information about hosts on local and remote domains. You can also find information about DNS resource records such as mail exchanger (MX), name server (NS), and so forth.

For a noninteractive query, use the following syntax:

nslookup hostname

The output is the server name and address and the host name and address.

For an interactive query, use the following syntax:

nslookup

The output is the default server name and address and the nslookup prompt, a greater than sign (>).

For example, to obtain information about MX, you need to query nslookup interactively, supplying a valid domain name. The following example shows how to find the mail recipient for the domain corp.com:

# nslookup
Default Server:  localhost
Address:  127.0.0.1
 
> set querytype=mx
> corp.com
Server:  localhost
Address:  127.0.0.1
findmx.corp.com      preference = 100, mail exchanger = gateway.corp.com
gateway.corp.com     inet address = 128.54.54.79
> [Ctrl/D]
# 

A good way to learn how to use the nslookup command is to experiment with it. To obtain a list of the interactive nslookup command options, enter a question mark (?) at the nslookup prompt. For further information, see nslookup(1).

For a detailed description of the many different types of DNS resource records, see Appendix H.

7.7.2    NIC whois Service

The Network Information Center (NIC) whois service allows you to access the following information about a domain:

• The name of the domain

• The name and address of the organization responsible for the domain

• The domain's administrative, technical, and zone contacts

• The host names and network addresses of sites providing DNS for the domain

• The registered users in the domain

For example, to use the NIC whois service to obtain information about a domain named compaq.com, use the whois command and specify the domain name as follows:

# whois compaq.com
Registrant:
Compaq Computer Corporation (COMPAQ-DOM)
   P.O. Box 692000
   Houston, TX 77269
 
   Domain Name: COMPAQ.COM

.
.
.
The InterNIC Registration Services database contains ONLY
non-military and non-US Government Domains and contacts.
Other associated whois servers:
   American Registry for Internet Numbers - whois.arin.net
   European IP Address Allocations        - whois.ripe.net
   Asia Pacific IP Address Allocations    - whois.apnic.net
   US Military                            - whois.nic.mil
   US Government                          - whois.nic.gov

To query other whois servers, use the -h option:

# whois -h whois.nic.gov whitehouse.gov
 Whitehouse Public Access (WHITEHOUSE-DOM)
   725 17th Street NW Room NEOB 4208
   Washington, DC 20503
 
   Domain Name: WHITEHOUSE.GOV
   Status: ACTIVE
   Domain Type: Federal

.
.
.