<!-- Do *not* edit this file; it was automatically generated by ej2html Look for a name.ej file with the same name as this filename --> <!-- Last updated Sat Nov 30 13:52:52 2002 --> <HTML><HEAD> <TITLE>Authoritative DNS serving</TITLE> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8"> </HEAD><BODY > <i>This document has been placed in the public domain by Sam Trenholme</i> <H1>Using MaraDNS as an authoritative DNS server</H1> <H2>Requirments</H2> In order to set up an authoritative DNS server, one needs one or more <i>static IP addresses</i>. With most <i>registries</i>, two or more static IP addresses are needed. <p> In addition, the machine(s) with the static IP addresses need to be running an authoritative DNS server, such as MaraDNS. <H2>What is a domain zone?</H2> A name like www.example.com is part of the <A href="glossary.html#zone"> <i>domain zone</i></A> example.com. The name www.yahoo.com, as another example, is part of the <A href="glossary.html#zone"> <i>domain zone</i></A> yahoo.com. www.maradns.org is part of the <A href="glossary.html#zone"> <i>domain zone</i></A> maradns.org. <H2>Setting up a domain with MaraDNS</H2> <A href=compile.html>Compile and install</A> MaraDNS on the system which will act as an authoritative DNS server. <p> After doing this, the <A href=man.mararc.html><tt>mararc</tt></A> file needs to be changed before MaraDNS will function as an authoritative DNS server. <p> How to a make a mararc file which can be used to <A href="glossary.html#serve"> <i>serve</i></A> the <A href="glossary.html#zone"> <i>domain zones</i></A> that one wishes to have control over: <ul> <li>Copy over the <A href=../examples/example_authoritative_mararc.txt>example authoritative mararc</A> over to <tt>/etc/mararc</tt> <li>There is a section near the top of the mararc file which looks like this: <blockquote> <tt> csv1["example.com."] = "db.example.com" </tt> </blockquote> Here, <b>example.com.</b> is the name of the domain zone that the file <b>db.example.com</b> has data for. Change <b>example.com.</b> to the name of the domain zone you wish to serve, and <b>db.example.com</b> to the filename to be used to serve that domain zone. <b>Important</b>: the domain zone name requires a trailing dot. <p> It is possible to server multiple domain zones, of course. For example: <blockquote> <pre> csv1["example.com."] = "db.example.com" csv1["example.org."] = "db.example.org" csv1["heaven.af.mil."] = "db.heaven.af.mil." </pre> </blockquote> </ul> The domain zone files which are pointed to in <tt>/etc/mararc</tt> are, by default, in the directory <tt>/etc/maradns</tt> (the directory is determined by the value of chroot_dir in the mararc file). <H2>Setting up a domain zone file</H2> Let us suppose that we are setting up a domain for example.com, where we have the following services: <UL> <LI>We are running a web server for example.com and www.example.com on the IP 10.10.10.12. In other words, people can view web pages on this machine. <LI>We have a mail server, or <A href="glossary.html#mta"> <i>mail transport agent</i></A> for example.com with the IP 10.10.10.15. In other words, the machine with the IP 10.10.10.15 is set up to handle mail addressed to name@example.com, where "name" is any string proceeding the '@' sign. <LI>Both 10.10.10.11 and 10.10.10.17 are running MaraDNS in authoritative mode to serve DNS requests for example.com. </UL> The zone file for this setup would be as follows. Note that lines which start with the <tt>#</tt> symbol are comments, in other words lines ignored by MaraDNS, allowing one to add human-readable notes in the file in question. <pre> # This is an example zone file for the imaginary domain example.com. # The following line is here because other DNS servers (but not MaraDNS) # actually use the information in this record, and is required to be in # a DNS zone. Sexample.com.|86400|example.com.|hostmaster@example.com.|19770616|7200|3600|604800|1800 # The following two records, which also need to be in a zone file, tell # other DNS servers the names of what DNS servers serve example.com: Nexample.com.|86400|ns1.example.com. Nexample.com.|86400|ns2.example.com. # Because of the way DNS is set up, we need to give IPs to the above # NS records: Ans1.example.com.|86400|10.10.10.11 Ans2.example.com.|86400|10.10.10.17 # We now have two records which handle the serving of web pages. These # are simple name-to-ip translations. In other words, we have one # record which states "The IP for exmaple.com. Aexample.com.|86400|10.10.10.12 Awww.example.com.|86400|10.10.10.12 # We also need to set up an IP for the machine that serves email for # example.com. Becuase of how DNS is designed, we both need # a record which states "The machine which handles mail for # exmaple.com is called mail1.example.com" and a record which states # "The IP address for mail1.example.com is 10.10.10.15": @example.com.|86400|10|mail1.example.com. Amail1.example.com.|86400|10.10.10.15 </pre> Now, to adapt this file to another zone, we need to simply make the following changes: <ul> <li>Sustitute the name <b>example.com</b> with the name of the domain one wishes to administer. <li>Substitute the IP 10.10.10.11 with the IP of one of the DNS servers with authoritative information for the domain in question. <li>Substitute the IP 10.10.10.17 with the other IP. <li>Substitute the IP 10.10.10.12 with the IP of the machine running the web server for the domain. <li>Substitute the IP 10.10.10.15 with the IP of the machine running the mail server for the domain. </ul> <H2>The format of a Domain Zone file</H2> Here are some example lines in a domain zone file, which is an example of someone using the same IP multiple times. For example, if one is using 10.10.10.19 as one of the DNS servers, the mail server, and the web server, one would have records like this: <pre> Nexample.com.|86400|ns1.example.com. Ans1.example.com.|86400|10.10.10.19 Aexample.com.|86400|10.10.10.19 Awww.example.com.|86400|10.10.10.19 @example.com.|86400|10|mail1.example.com. Amail1.example.com.|86400|10.10.10.19 </pre> Translated in english, the above lines say: <ul> <li>One name server for example.com, which other DNS servers should remember for one day (86400 seconds), is called ns1.example.com. <li>The IP for ns1.example.com, which other DNS server should remember for one day, is 10.10.10.19 <li>The IP for example.com (in other words, the machine a web browser should hit if one selects http://example.com/), which other DNS servers should remember for one day, is 10.10.10.19 <li>The IP for www.example.com, which other DNS servers should remember for one day, is 10.10.10.19 <li>The name of the machine which processes incoming mail, which other name servers should remember for one day, which has a priority of ten (lower priority numbers are more important), is called mail1.example.com. <li>The IP for mail1.example.com, which other name servers should remeber for one day, is 10.10.10.19 </ul> <p> A line in a domain zone file contains a single <i>DNS record</i>. The data has multiple fields separated by a <TT>|</TT> character, and is in this format: <UL> <LI>The first character of a DNS record tells MaraDNS what kind of DNS record this is. A list of DNS records which MaraDNS supports is described <A href=recordtypes.html>here</A>. <LI>The next portion of the DNS record, up until a <TT>|</TT> (pipe) character (the field separator), is the DNS node that this record is attached to. <LI>The next field of the DNS record is how long, in seconds, other DNS servers should cache (remember) this DNS record. Again, this field is terminated by a <TT>|</TT>. <LI>The subsequent fields describe the DNS record in question. The format for this data depends on the record type being used, and is described <A href=recordtypes.html>here</A>. </UL> The reason to use different names for different functions is to minimize the number of problems one will encounter, should one need to change their IPs at a later time. <H2>The % character shortcut</H2> <p> If one is setting up multiple domain zones, all of which have more or less the same data, it is convenient to have a template domain file which different zones can use without needing to modify the file in question. <p> MaraDNS has support for this by using the <tt>%</tt> symbol. Whenever MaraDNS sees a <tt>%</tt> in a csv1 zone file, MaraDNS knows to replace the percent symbol with the name of the zone in question. For example, if the file in question is the zone file for example.com, the % is exanded out to "example.com.". If the zone file in question is for maradns.org, the % is expanded out to "maradns.org.". Hence, we could, provided that the zone file is for example.com, have a zone file like this: <pre> # The following line is here because other DNS servers (but not MaraDNS) # actually use the information in this record, and is required to be in # a DNS zone. S%|86400|%|hostmaster@%|19770616|7200|3600|604800|1800 # The following two records, which also need to be in a zone file, tell # other DNS servers the names of what DNS servers serve example.com: N%|86400|ns1.% N%|86400|ns2.% # Because of the way DNS is set up, we need to give IPs to the above # NS records: Ans1.%|86400|10.10.10.11 Ans2.%|86400|10.10.10.17 # We now have two records which handle the serving of web pages. These # are simple name-to-ip translations. A%|86400|10.10.10.12 Awww.%|86400|10.10.10.12 # We also need to set up an IP for the machine that serves email for # out zone. Becuase of how DNS is designed, we both need # a record which states "The machine which handles mail for # out zone is called mail1.<zone name>" and a record which states # "The IP address for mail1.<zone name> is 10.10.10.15": @%|86400|10|mail1.example.com. Amail1.%|86400|10.10.10.15 </pre> This zone file would function identically to the first example zone file above. <H2>Getting connected to the root name servers</H2> An authoritative DNS server will not effectively serve a domain unless the root name servers are aware that a given DNS server serves a given domain name. <p> When a recursive DNS server attempts to find the IP for, say, www.example.com, it firsts asks the root nameservers for this IP. The root name servers send out a reply which says "We do not know that answer to this question, but you can contact the DNS server at 10.1.2.3 for the answer". At this point, the recursive DNS server contacts 10.1.2.3, asking it for the IP for www.example.com. <p> In order that the entire internet community may be aware of a domain, the domain must be registered with the root name servers, so that the root name servers know that IPs of the machines which are authoritative DNS servers for the domain in question. <p> The exact policies which one needs to confirm to to register their domain depend on the register in question. To register a domain under the generic domain names (presently .com, .net, .org, and .info) one simply needs to register their name with a register, and follow some guidelines when designing the zone files for their domain. <p> There are a number of competing registrars which server domain names. One which I have extremely happy with is Net Wizards; domains can be reigstered at <A href=http://domains.netwiz.net/>http://domains.netwiz.net/</A>. In order to register a domain, make sure that: <ul> <li>The zone file in question has NS records for the zone in question, and that those NS records point to the IPs which are authoritative DNS servers for the zone in question (the example zone files above do this). <li>That the "name server" name field is filled out with a name for the name server in question; that the name server has an IP which agrees with the IP one puts in the "name server IP" field. <li>Due to limitaitons in the database which the root name servers use, a single IP, unfortunatly, can not have more than one name. </ul> </BODY></HTML>