BIND: a DNS server: Difference between revisions

From Elvanör's Technical Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 35: Line 35:
* The TTL (first directive on a zone file) represents the Time-To-Live of all records in the zone. You can override the TTL for a specific record. This value is in time units (s for seconds, h for hours, d for days, w for weeks). It should generally be quite high (like 1w) but when a change is planned this should be reduced to 2hours, and then moved back to the normal value.
* The TTL (first directive on a zone file) represents the Time-To-Live of all records in the zone. You can override the TTL for a specific record. This value is in time units (s for seconds, h for hours, d for days, w for weeks). It should generally be quite high (like 1w) but when a change is planned this should be reduced to 2hours, and then moved back to the normal value.
* The TTL is distinct from the other values like Serial, Refresh, Expire etc. I think (not sure yet) that these values are used for the secondary (or caching) DNS server.
* The TTL is distinct from the other values like Serial, Refresh, Expire etc. I think (not sure yet) that these values are used for the secondary (or caching) DNS server.
* The SOA records are at the top of the zone file.
* A comment (inactive line) on the zone file begins with a ";" (semi-colon).
* A comment (inactive line) on the zone file begins with a ";" (semi-colon).


Line 41: Line 42:
* DNS round robin is pretty easy to setup on BIND. Note that the DNS server returns the full array of IPs for a given host; after it is up to the client to make a choice. Consider client behavior '''undefined.''' Some programs such as wget will try a different IP than the first on failure, but this behavior is really client dependent.
* DNS round robin is pretty easy to setup on BIND. Note that the DNS server returns the full array of IPs for a given host; after it is up to the client to make a choice. Consider client behavior '''undefined.''' Some programs such as wget will try a different IP than the first on failure, but this behavior is really client dependent.
* It does not seem possible to setup DNS round robin with CNAMEs.
* It does not seem possible to setup DNS round robin with CNAMEs.
= Limitations =
* If you have a zone file for named, you claim authority for it in full. You cannot have answers only for some given hosts and forward the requests to another DNS server if there is a request for a hostname not present on your zone file.

Revision as of 22:05, 8 December 2009

BIND is an excellent, high quality DNS server. Its configuration is complex though.

Documentation Resources

I've found the official documentation not very useful or clear. The following links are better:

There is also a book by Apress, Pro DNS and BIND, that can be useful.

General DNS facts

  • There is no DNS cache on Linux at the OS level (libc *might* cache stuff).

Basics

  • There is a main configuration file (/etc/bind/named.conf) that references zones for which the DNS daemon assumes responsibility. I think it is important to first understand what types of services a DNS server can perform: primary, secondary, cache, forward.
  • There is a separate file for each such zone, that actually contains the record entries.
  • named-checkzone is a very useful program that will check the syntax of a zone file and detect many errors.

Setup

  • On a DNS server that should be accessible from the public Internet, port 53 must be open, both TCP and UDP.

Configuration

  • Using a * wildcard is possible, although not recommended.
  • NS records establish which servers are authoritative. SOA records define the "start" of authority, eg which servers among all authoritative ones is the master / canonical source of data. This is used mainly for zone transfers, slave servers etc.

Zone File

  • The TTL (first directive on a zone file) represents the Time-To-Live of all records in the zone. You can override the TTL for a specific record. This value is in time units (s for seconds, h for hours, d for days, w for weeks). It should generally be quite high (like 1w) but when a change is planned this should be reduced to 2hours, and then moved back to the normal value.
  • The TTL is distinct from the other values like Serial, Refresh, Expire etc. I think (not sure yet) that these values are used for the secondary (or caching) DNS server.
  • The SOA records are at the top of the zone file.
  • A comment (inactive line) on the zone file begins with a ";" (semi-colon).

DNS Round Robin

  • DNS round robin is pretty easy to setup on BIND. Note that the DNS server returns the full array of IPs for a given host; after it is up to the client to make a choice. Consider client behavior undefined. Some programs such as wget will try a different IP than the first on failure, but this behavior is really client dependent.
  • It does not seem possible to setup DNS round robin with CNAMEs.

Limitations

  • If you have a zone file for named, you claim authority for it in full. You cannot have answers only for some given hosts and forward the requests to another DNS server if there is a request for a hostname not present on your zone file.