Jump to content

LPI Linux Certification/Basic DNS Server Configuration

Add links
From Wikibooks, open books for an open world
< LPI Linux Certification
This page may need to be reviewed for quality.

Detailed Objectives (207.1)

[edit | edit source]

(LPIC-2 Version 4.5)


Weight: 3


Description: Candidates should be able to configure BIND to function as a caching-only DNS server. This objective includes the ability to manage a running server and configuring logging.


Key Knowledge Areas:

  • BIND 9.x configuration files, terms and utilities.
  • Defining the location of the BIND zone files in BIND configuration files.
  • Reloading modified configuration and zone files.
  • Awareness of dnsmasq, djbdns and PowerDNS as alternate name servers.


The following is a partial list of the used files, terms and utilities:

  • /etc/named.conf
  • /var/named/
  • /usr/sbin/rndc
  • kill
  • host
  • dig

Basic BIND 8 configuration

[edit | edit source]

Setting up a caching-only nameserver

[edit | edit source]

To speed up the cumbersome process of DNS queries, DNS servers usually cache answers from other DNS servers – even negative queries (i.e an authoritative server's answer « name does not exist » is also cached by your local DNS)

Configuring BIND as a caching-only nameserver involves setting up only a « . » zone, that is, only tell it about the root nameservers and not specifying any zones, as follows : 

zone « . » in {
type hint;
file « named.cache »;
};

The file named.cache can be generated by using dig @a.root-servers.net

Logging in BIND is controlled by two main concepts : channels and categories A channel specifies where logged data goes : to syslog, to a file, etc... A category specifies what data is logged

Channels allows you to filter messages by priority, like syslog's priorities. They are essentially the same, but two more are available for BIND : debug and dynamic, which affect debug level logging Debug sets a debug level, which will be active after the first trace command is given via ndc; dynamic will increment and decrement debug levels after each trace command is given via ndc

Example of logging configuration: 

logging {
channel my_syslog {
syslog daemon;
severity info;
};
channel my_file {
file « log.msgs »;
severity dynamic;
};
category statistics { my_syslog; my_file; };
category queries { my_file; };
};

To activate logging, after bind is started, issue a command : 

ndc trace

Key terms, files and utilities : /etc/named.conf /usr/sbin/ndc /usr/sbin/named-bootconf Kill

Exercises

[edit | edit source]


Retrieved from "https://en.wikibooks.org/wiki/LPI_Linux_Certification/Basic_DNS_Server_Configuration"