129 lines
6.3 KiB
HTML
129 lines
6.3 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
|
|
<HTML>
|
|
<HEAD>
|
|
<META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
|
|
<TITLE>DNS HOWTO : Introduction.</TITLE>
|
|
<LINK HREF="DNS-HOWTO-3.html" REL=next>
|
|
<LINK HREF="DNS-HOWTO-1.html" REL=previous>
|
|
<LINK HREF="DNS-HOWTO.html#toc2" REL=contents>
|
|
</HEAD>
|
|
<BODY>
|
|
<A HREF="DNS-HOWTO-3.html">Next</A>
|
|
<A HREF="DNS-HOWTO-1.html">Previous</A>
|
|
<A HREF="DNS-HOWTO.html#toc2">Contents</A>
|
|
<HR>
|
|
<H2><A NAME="intro"></A> <A NAME="s2">2. Introduction.</A></H2>
|
|
|
|
<P><B>What this is and isn't.</B>
|
|
<P>
|
|
<P>DNS is the Domain Name System. DNS converts machine names to the
|
|
IP addresses that all machines on the net have. It translates (or
|
|
"maps" as the jargon would have it) from name to address and from
|
|
address to name, and some other things. This HOWTO documents how to
|
|
define such mappings using Unix system, with a few things specific to
|
|
Linux.
|
|
<P>
|
|
<P>A mapping is simply an association between two things, in this case
|
|
a machine name, like <CODE>ftp.linux.org</CODE>, and the machine's IP number
|
|
(or address) <CODE>199.249.150.4</CODE>. DNS also contains mappings the other
|
|
way, from the IP number to the machine name; this is called a "reverse
|
|
mapping".
|
|
<P>
|
|
<P>DNS is, to the uninitiated (you ;-), one of the more opaque areas
|
|
of network administration. Fortunately DNS isn't really that hard.
|
|
This HOWTO will try to make a few things clearer. It describes how to
|
|
set up a <EM>simple</EM> DNS name server, starting with a caching only
|
|
server and going on to setting up a primary DNS server for a domain.
|
|
For more complex setups you can check the
|
|
<A HREF="DNS-HOWTO-10.html#qanda">qanda</A> section of this document. If it's not described there
|
|
you will need to <EM>read</EM> the Real Documentation. I'll get back to
|
|
what this Real Documentation consists of in
|
|
<A HREF="DNS-HOWTO-11.html#bigger">the last chapter</A>.
|
|
<P>
|
|
<P>Before you start on this you should configure your machine so that
|
|
you can telnet in and out of it, and successfully make all kinds of
|
|
connections to the net, and you should especially be able to do
|
|
<CODE>telnet 127.0.0.1</CODE> and get your own machine (test it now!). You
|
|
also need good <CODE>/etc/nsswitch.conf</CODE>, <CODE>/etc/resolv.conf</CODE>
|
|
and <CODE>/etc/hosts</CODE> files as a starting point, since I will not
|
|
explain their function here. If you don't already have all this set
|
|
up and working the Networking-HOWTO and/or the
|
|
Networking-Overview-HOWTO explains how to set it up. Read them.
|
|
<P>
|
|
<P>When I say `your machine' I mean the machine you are trying to set
|
|
up DNS on, not any other machine you might have that's involved in
|
|
your networking effort.
|
|
<P>
|
|
<P>I assume you're not behind any kind of firewall that blocks name
|
|
queries. If you are you will need a special configuration --- see the
|
|
section on
|
|
<A HREF="DNS-HOWTO-10.html#qanda">qanda</A>.
|
|
<P>
|
|
<P>Name serving on Unix is done by a program called <CODE>named</CODE>. This
|
|
is a part of the ``BIND'' package which is coordinated by <EM>The
|
|
Internet Software Consortium</EM>. <CODE>Named</CODE> is included in most Linux
|
|
distributions and is usually installed as <CODE>/usr/sbin/named</CODE>,
|
|
usually from a package called <CODE>BIND</CODE>, in upper or lower case
|
|
depending on the whim of the packager.
|
|
<P>
|
|
<P>If you have a named you can probably use it; if you don't have one
|
|
you can get a binary off a Linux ftp site, or get the latest and
|
|
greatest source from
|
|
<A HREF="ftp://ftp.isc.org/isc/bind9/">ftp://ftp.isc.org/isc/bind9/</A>. This
|
|
HOWTO is about BIND version 9. The old versions of the HOWTO, about
|
|
BIND 4 and 8, is still available at
|
|
<A HREF="http://langfeldt.net/DNS-HOWTO/">http://langfeldt.net/DNS-HOWTO/</A> in case you use BIND 4 or 8
|
|
(incidentally, you will find this HOWTO there too). If the named man
|
|
page talks about (at the very end, in the FILES section)
|
|
<CODE>named.conf</CODE> you have BIND 8; if it talks about <CODE>named.boot</CODE> you
|
|
have BIND 4. If you have 4 and are security conscious you really
|
|
ought to upgrade to the latest version of BIND 8. Now.
|
|
<P>
|
|
<P>DNS is a net-wide database. Take care about what you put into it.
|
|
If you put junk into it, you, and others, will get junk out of it.
|
|
Keep your DNS tidy and consistent and you will get good service from
|
|
it. Learn to use it, admin it, debug it and you will be another good
|
|
admin keeping the net from falling to its knees by mismanagement.
|
|
<P>
|
|
<P><B>Tip:</B> Make backup copies of all the files I instruct you to
|
|
change if you already have them, so that if after going through this
|
|
nothing works you can get it back to your old, working state.
|
|
<P>
|
|
<H2><A NAME="ss2.1">2.1 Other nameserver implementations.</A>
|
|
</H2>
|
|
|
|
<P>This section was written by Joost van Baal.
|
|
<P>
|
|
<P>Various packages exist for getting a DNS server on your box. There
|
|
is the BIND package (
|
|
<A HREF="http://www.isc.org/products/BIND/">http://www.isc.org/products/BIND/</A>);
|
|
the implementation this HOWTO is about. It's the most popular
|
|
nameserver around and it's used on the vast majority of name serving
|
|
machines on the Internet, around and being deployed since the 1980's.
|
|
It's available under a BSD license. Since it's the most popular
|
|
package, loads of documentation and knowledge about BIND is around.
|
|
However, there have been security problems with BIND.
|
|
<P>
|
|
<P>Then there is djbdns (
|
|
<A HREF="http://djbdns.org/">http://djbdns.org/</A>), a relatively
|
|
new DNS package written by Daniel J. Bernstein, who also wrote qmail.
|
|
It's a very modular suite: various small programs take care of the
|
|
different jobs a nameserver is supposed to handle. It's designed with
|
|
security in mind. It uses a simpler zone-file format, and is
|
|
generally easier to configure. However, since it's less well known,
|
|
your local guru might not be able to help you with this.
|
|
Unfortunately, this software is not Open Source. The author's
|
|
advertisement is on
|
|
<A HREF="http://cr.yp.to/djbdns/ad.html">http://cr.yp.to/djbdns/ad.html</A>.
|
|
<P>
|
|
<P>Whether DJBs software is really an improvement over the older
|
|
alternatives is a subject of much debate. A discussion (or is it a
|
|
flame-war?) of BIND vs djbdns, joined by ISC people, is on
|
|
<A HREF="http://www.isc.org/ml-archives/bind-users/2000/08/msg01075.html">http://www.isc.org/ml-archives/bind-users/2000/08/msg01075.html</A><P>
|
|
<HR>
|
|
<A HREF="DNS-HOWTO-3.html">Next</A>
|
|
<A HREF="DNS-HOWTO-1.html">Previous</A>
|
|
<A HREF="DNS-HOWTO.html#toc2">Contents</A>
|
|
</BODY>
|
|
</HTML>
|