<!-- Do *not* edit this file; it was automatically generated by ej2html
Look for a name.ej file with the same name as this filename -->
<!-- Last updated Sat Nov 30 13:52:52 2002 -->
<HTML><HEAD>
<TITLE>Authoritative DNS serving</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
</HEAD><BODY >
<i>This document has been placed in the public domain by Sam
Trenholme</i>
<H1>Using MaraDNS as an authoritative DNS server</H1>
<H2>Requirments</H2>
In order to set up an authoritative DNS server, one needs one or more
<i>static IP addresses</i>.
With most
<i>registries</i>,
two or more
static IP addresses are needed.
<p>
In addition, the machine(s) with the static IP addresses need to be
running an authoritative DNS server, such as MaraDNS.
<H2>What is a domain zone?</H2>
A name like www.example.com is part of the
<A href="glossary.html#zone">
<i>domain zone</i></A>
example.com. The name www.yahoo.com, as another example, is part of the
<A href="glossary.html#zone">
<i>domain zone</i></A>
yahoo.com. www.maradns.org is part of the
<A href="glossary.html#zone">
<i>domain zone</i></A>
maradns.org.
<H2>Setting up a domain with MaraDNS</H2>
<A href=compile.html>Compile and install</A> MaraDNS on the system which
will act as an authoritative DNS server.
<p>
After doing this, the <A href=man.mararc.html><tt>mararc</tt></A> file
needs to be changed before MaraDNS will function as an authoritative DNS
server.
<p>
How to a make a mararc file which can be used to
<A href="glossary.html#serve">
<i>serve</i></A>
the
<A href="glossary.html#zone">
<i>domain zones</i></A>
that one wishes to have control over:
<ul>
<li>Copy over the <A
href=../examples/example_authoritative_mararc.txt>example authoritative
mararc</A> over to <tt>/etc/mararc</tt>
<li>There is a section near the top of the mararc file which looks like
this:
<blockquote>
<tt>
csv1["example.com."] = "db.example.com"
</tt>
</blockquote>
Here, <b>example.com.</b> is the name of the domain zone that the file
<b>db.example.com</b> has data for. Change <b>example.com.</b> to the
name of the domain zone you wish to serve, and <b>db.example.com</b> to
the filename to be used to serve that domain zone. <b>Important</b>: the
domain zone name requires a trailing dot.
<p>
It is possible to server multiple domain zones, of course. For example:
<blockquote>
<pre>
csv1["example.com."] = "db.example.com"
csv1["example.org."] = "db.example.org"
csv1["heaven.af.mil."] = "db.heaven.af.mil."
</pre>
</blockquote>
</ul>
The domain zone files which are pointed to in <tt>/etc/mararc</tt> are, by
default, in the directory <tt>/etc/maradns</tt> (the directory is
determined by the value of chroot_dir in the mararc file).
<H2>Setting up a domain zone file</H2>
Let us suppose that we are setting up a domain for example.com, where we
have the following services:
<UL>
<LI>We are running a web server for example.com and www.example.com on the
IP 10.10.10.12. In other words, people can view web pages on this
machine.
<LI>We have a mail server, or
<A href="glossary.html#mta">
<i>mail transport agent</i></A>
for
example.com with the IP 10.10.10.15. In other words, the machine with the
IP 10.10.10.15 is set up to handle mail addressed to name@example.com,
where "name" is any string proceeding the '@' sign.
<LI>Both 10.10.10.11 and 10.10.10.17 are running MaraDNS in authoritative
mode to serve DNS requests for example.com.
</UL>
The zone file for this setup would be as follows. Note that lines
which start with the <tt>#</tt> symbol are comments, in other words
lines ignored by MaraDNS, allowing one to add human-readable notes
in the file in question.
<pre>
# This is an example zone file for the imaginary domain example.com.
# The following line is here because other DNS servers (but not MaraDNS)
# actually use the information in this record, and is required to be in
# a DNS zone.
Sexample.com.|86400|example.com.|hostmaster@example.com.|19770616|7200|3600|604800|1800
# The following two records, which also need to be in a zone file, tell
# other DNS servers the names of what DNS servers serve example.com:
Nexample.com.|86400|ns1.example.com.
Nexample.com.|86400|ns2.example.com.
# Because of the way DNS is set up, we need to give IPs to the above
# NS records:
Ans1.example.com.|86400|10.10.10.11
Ans2.example.com.|86400|10.10.10.17
# We now have two records which handle the serving of web pages. These
# are simple name-to-ip translations. In other words, we have one
# record which states "The IP for exmaple.com.
Aexample.com.|86400|10.10.10.12
Awww.example.com.|86400|10.10.10.12
# We also need to set up an IP for the machine that serves email for
# example.com. Becuase of how DNS is designed, we both need
# a record which states "The machine which handles mail for
# exmaple.com is called mail1.example.com" and a record which states
# "The IP address for mail1.example.com is 10.10.10.15":
@example.com.|86400|10|mail1.example.com.
Amail1.example.com.|86400|10.10.10.15
</pre>
Now, to adapt this file to another zone, we need to simply make the
following changes:
<ul>
<li>Sustitute the name <b>example.com</b> with the name of the domain
one wishes to administer.
<li>Substitute the IP 10.10.10.11 with the IP of one of the DNS servers
with authoritative information for the domain in question.
<li>Substitute the IP 10.10.10.17 with the other IP.
<li>Substitute the IP 10.10.10.12 with the IP of the machine running the
web server for the domain.
<li>Substitute the IP 10.10.10.15 with the IP of the machine running the
mail server for the domain.
</ul>
<H2>The format of a Domain Zone file</H2>
Here are some example lines in a domain zone file, which is an example of
someone using the same IP multiple times. For example, if one is using
10.10.10.19 as one of the DNS servers, the mail server, and the web
server, one would have records like this:
<pre>
Nexample.com.|86400|ns1.example.com.
Ans1.example.com.|86400|10.10.10.19
Aexample.com.|86400|10.10.10.19
Awww.example.com.|86400|10.10.10.19
@example.com.|86400|10|mail1.example.com.
Amail1.example.com.|86400|10.10.10.19
</pre>
Translated in english, the above lines say:
<ul>
<li>One name server for example.com, which other DNS servers should
remember for one day (86400 seconds), is called ns1.example.com.
<li>The IP for ns1.example.com, which other DNS server should remember for
one day, is 10.10.10.19
<li>The IP for example.com (in other words, the machine a web browser
should hit if one selects http://example.com/), which other DNS servers
should remember for one day, is 10.10.10.19
<li>The IP for www.example.com, which other DNS servers should remember
for one day, is 10.10.10.19
<li>The name of the machine which processes incoming mail, which other
name servers should remember for one day, which has a priority of ten
(lower priority numbers are more important), is called mail1.example.com.
<li>The IP for mail1.example.com, which other name servers should remeber
for one day, is 10.10.10.19
</ul>
<p>
A line in a domain zone file contains a single <i>DNS record</i>. The
data has multiple fields separated by a <TT>|</TT> character, and is in
this format:
<UL>
<LI>The first character of a DNS record tells MaraDNS what kind of DNS
record this is. A list of DNS records which MaraDNS supports is described
<A href=recordtypes.html>here</A>.
<LI>The next portion of the DNS record, up until a <TT>|</TT> (pipe)
character (the field separator), is the DNS node that this record is
attached to.
<LI>The next field of the DNS record is how long, in seconds, other DNS
servers should cache (remember) this DNS record. Again, this field is
terminated by a <TT>|</TT>.
<LI>The subsequent fields describe the DNS record in question. The format
for this data depends on the record type being used, and is described <A
href=recordtypes.html>here</A>.
</UL>
The reason to use different names for different functions is to minimize
the number of problems one will encounter, should one need to change their
IPs at a later time.
<H2>The % character shortcut</H2>
<p>
If one is setting up multiple domain zones, all of which have more or less
the same data, it is convenient to have a template domain file which
different zones can use without needing to modify the file in question.
<p>
MaraDNS has support for this by using the <tt>%</tt> symbol. Whenever
MaraDNS sees a <tt>%</tt> in a csv1 zone file, MaraDNS knows to replace
the percent symbol with the name of the zone in question. For example, if
the file in question is the zone file for example.com, the % is exanded
out to "example.com.". If the zone file in question is for maradns.org,
the % is expanded out to "maradns.org.". Hence, we could, provided that
the zone file is for example.com, have a zone file like this:
<pre>
# The following line is here because other DNS servers (but not MaraDNS)
# actually use the information in this record, and is required to be in
# a DNS zone.
S%|86400|%|hostmaster@%|19770616|7200|3600|604800|1800
# The following two records, which also need to be in a zone file, tell
# other DNS servers the names of what DNS servers serve example.com:
N%|86400|ns1.%
N%|86400|ns2.%
# Because of the way DNS is set up, we need to give IPs to the above
# NS records:
Ans1.%|86400|10.10.10.11
Ans2.%|86400|10.10.10.17
# We now have two records which handle the serving of web pages. These
# are simple name-to-ip translations.
A%|86400|10.10.10.12
Awww.%|86400|10.10.10.12
# We also need to set up an IP for the machine that serves email for
# out zone. Becuase of how DNS is designed, we both need
# a record which states "The machine which handles mail for
# out zone is called mail1.<zone name>" and a record which states
# "The IP address for mail1.<zone name> is 10.10.10.15":
@%|86400|10|mail1.example.com.
Amail1.%|86400|10.10.10.15
</pre>
This zone file would function identically to the first example zone file
above.
<H2>Getting connected to the root name servers</H2>
An authoritative DNS server will not effectively serve a domain unless the
root name servers are aware that a given DNS server serves a given domain
name.
<p>
When a recursive DNS server attempts to find the IP for, say,
www.example.com, it firsts asks the root nameservers for this IP. The
root name servers send out a reply which says "We do not know that answer
to this question, but you can contact the DNS server at 10.1.2.3 for the
answer". At this point, the recursive DNS server contacts 10.1.2.3,
asking it for the IP for www.example.com.
<p>
In order that the entire internet community may be aware of a domain, the
domain must be registered with the root name servers, so that the root
name servers know that IPs of the machines which are authoritative DNS
servers for the domain in question.
<p>
The exact policies which one needs to confirm to to register their domain
depend on the register in question. To register a domain under the
generic domain names (presently .com, .net, .org, and .info) one simply
needs to register their name with a register, and follow some guidelines
when designing the zone files for their domain.
<p>
There are a number of competing registrars which server domain names. One
which I have extremely happy with is Net Wizards; domains can be
reigstered at <A
href=http://domains.netwiz.net/>http://domains.netwiz.net/</A>. In order
to register a domain, make sure that:
<ul>
<li>The zone file in question has NS records for the zone in question, and
that those NS records point to the IPs which are authoritative DNS
servers for the zone in question (the example zone files above do
this).
<li>That the "name server" name field is filled out with a name for the
name server in question; that the name server has an IP which agrees
with the IP one puts in the "name server IP" field.
<li>Due to limitaitons in the database which the root name servers use,
a single IP, unfortunatly, can not have more than one name.
</ul>
</BODY></HTML>
