Red Hat Enterprise Linux & Fedora Edition (DVD): The Complete Reference

You configure a DNS server using a configuration file, several zone files, and a cache file. The part of a network for which the name server is responsible is called a zone. A zone is not the same as a domain, because in a large domain you could have several zones, each with its own name server. You could also have one name server service several zones. In this case, each zone has its own zone file.

DNS Zones

The zone files hold resource records that provide hostname and IP address associations for computers on the network for which the DNS server is responsible. Zone files exist for the server's network and the local machine. Zone entries are defined in the named.conf file. Here, you place zone entries for your master, slave, and forward DNS servers. The most commonly used zone types are described here:

• Master zone   This is the primary zone file for the network supported by the DNS server. It holds the mappings from domain names to IP addresses for all the hosts on that network.

• Slave zone   These are references to other DNS servers for your network. Your network can have a master DNS server and several slave DNS servers to help carry the workload. A slave DNS server automatically copies its configuration files, including all zone files, from the master DNS server. Any changes to the master configuration files trigger an automatic download of these files to the slave servers. In effect, you only have to manage the configuration files for the master DNS server, as they are automatically copied to the slave servers.

• Forward zone   The forward zone lists name servers outside your network that should be searched if your network's name server fails to resolve an address.

• IN-ADDR.ARPA zone   DNS can also provide reverse resolutions, where an IP address is used to determine the associated domain name address. Such lookups are provided by IN-ADDR.ARPA zone files. Each master zone file usually has a corresponding IN-ADDR.ARPA zone file to provide reverse resolution for that zone. For each master zone entry, a corresponding reverse mapping zone entry named IN-ADDR.ARPA also exists, as well as one for the localhost. This entry performs reverse mapping from an IP address to its domain name. The name of the zone entry uses the domain IP address, which is the IP address with segments listed starting from the host, instead of the network. So for the IP address 192.168.0.4, where 4 is the host address, the corresponding domain IP address is 4.0.168.192, listing the segments in reverse order. The reverse mapping for the localhost is 1.0.0.127.

• IP6.ARPA zone   This is the IPv6 equivalent of the IN-ADDR.ARPA zone, providing reverse resolution for that zone. The IP6.ARPA zone uses bit labels that are easier to write, requiring no reverse calculation on the part of the DNS administrator.

• IP6.INT zone   This is the older form of the IPv6 IP6.ARPA zone, which is the equivalent of the IPv4 IN-ADDR.ARPA zone, providing reverse resolution for a zone. IP6.INT is meant to be used with the older AAAA IPv6 address records. IP6.INT uses a nibble format to specify a reverse zone. In this format, a hexadecimal IPv6 address is segmented into each of its 32 hexadecimal numbers and listed in reverse order, each separated by a period.

• Hint zone   A hint zone specifies the root name servers and is denoted by a period (.). A DNS server is normally connected to a larger network, such as the Internet, which has its own DNS servers. DNS servers are connected this way hierarchically, with each server having its root servers to which it can send resolution queries. The root servers are designated in the hint zone.

  Note

  On Red Hat, you can use redhat-config-bind, the Red Hat BIND Configuration Tool, to configure a DNS server for a simple local network (see Chapter 5). redhat-config-bind (accessible from the Server Settings window or menu) provides a GNOME interface for setting up the master, slave, forward, and IN-ADDR.ARPA zones you would need for a server. Be aware, though, that it will overwrite your /etc/named.conf file. redhat-config-bind can be accessed from the Server Settings menu.

DNS Server Types

There are several kinds of DNS servers, each designed to perform a different type of task under the Domain Name Service. The basic kind of DNS server is the master server. Each network must have at least one master server that is responsible for resolving names on the network. Large networks may need several DNS servers. Some of these can be slave servers that can be updated directly from a master server. Others may be alternative master servers that hosts in a network can use. Both are commonly referred to as secondary servers. For DNS requests a DNS server cannot resolve, the request can be forwarded to specific DNS servers outside the network, such as on the Internet. DNS servers in a network can be set up to perform this task and are referred to as forwarder servers. To help bear the workload, local DNS servers can be set up within a network that operate as caching servers. Such a server merely collects DNS lookups from previous requests it sent to the main DNS server. Any repeated requests can then be answered by the caching server.

A server that can answer DNS queries for a given zone with authority is known as an authoritative server. An authoritative server holds the DNS configuration records for hosts in a zone that will associate each host's DNS name with an IP address. For example, a master server is an authoritative server. So are slave and stealth servers (see the list that follows). A caching server is not authoritative. It only holds whatever associations it picked up from other servers and cannot guarantee that the associations are valid.

• Master server   This is the primary DNS server for a zone.

• Slave server   A DNS server that receives zone information from the master server.

• Forwarder server   A server that forwards unresolved DNS requests to outside DNS servers. Can be used to keep other servers on a local network hidden from the Internet.

• Caching only server   Caches DNS information it receives from DNS servers and uses it to resolve local requests.

• Stealth server   A DNS server for a zone not listed as a name server by the master DNS server.