LPI Linux Certification/Basic DNS Server Configuration

From Wikibooks, open books for an open world
Jump to navigation Jump to search

Detailed Objective[edit]

Weight: 2

Candidates should be able to configure BIND to function as a caching-only DNS server. This objective includes the ability to convert older BIND configuration files to newer format, managing a running server and configuring logging.

  • Key knowledge area(s):
    • BIND 8.x and 9.x configuration files, terms and utilities
    • Defining the location of the BIND zone files in BIND configuration files
    • Reloading modified configuration and zone files
  • The following is a partial list of the used files, terms and utilities:
    • /etc/named.conf
    • /usr/sbin/ndc
    • /usr/sbin/rndc
    • /usr/sbin/named-bootconf
    • kill

Basic BIND 8 configuration[edit]

Setting up a caching-only nameserver[edit]

To speed up the cumbersome process of DNS queries, DNS servers usually cache answers from other DNS servers – even negative queries (i.e an authoritative server's answer « name does not exist » is also cached by your local DNS)

Configuring BIND as a caching-only nameserver involves setting up only a « . » zone, that is, only tell it about the root nameservers and not specifying any zones, as follows :

zone « . » in {
type hint;
file « named.cache »;

The file named.cache can be generated by using dig @a.root-servers.net

Logging in BIND is controlled by two main concepts : channels and categories A channel specifies where logged data goes : to syslog, to a file, etc... A category specifies what data is logged

Channels allows you to filter messages by priority, like syslog's priorities. They are essentially the same, but two more are available for BIND : debug and dynamic, which affect debug level logging Debug sets a debug level, which will be active after the first trace command is given via ndc; dynamic will increment and decrement debug levels after each trace command is given via ndc

Example of logging configuration:

logging {
channel my_syslog {
syslog daemon;
severity info;
channel my_file {
file « log.msgs »;
severity dynamic;
category statistics { my_syslog; my_file; };
category queries { my_file; };

To activate logging, after bind is started, issue a command :

ndc trace

Key terms, files and utilities : /etc/named.conf /usr/sbin/ndc /usr/sbin/named-bootconf Kill