May the source be with you, but remember the KISS principle ;-)
Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and  bastardization of classic Unix

Solaris DNS Tutorial, part 1/3

Prev Index Next

A Brief History of DNS

In the earlier days of the Internet (before the mid 1980s) application programs translated host names to addresses and host addresses to names by performing a local file lookup. In the UNIX operating system, the file used was (and is) /etc/hosts. To contact a host on the Internet by name, the user needed to populate the local hosts file with the names and addresses of all hosts on the Internet. This was accomplished by transferring the file HOSTS.TXT from the server SRI-NIC using a file transfer utility like FTP. With a small network and hosts database this mechanism was adequate. However with network growth, problems with this mechanism arose.

Early Internet Naming Problems

At the beginning /etc/hosts file was used and syncronized periodically between servers

Example of /etc/net/host

# Internet host table -r
# localhost nti251 nti251bu loghost

Use of a local file and file transfer utility to obtain host names and addresses requires the maintenance of a central, monolithic name database. This in turn leads to several problems, the more serious of which are:

DNS as a solution

The DNS was designed to resolved those problems. At the heart of the DNS solution is a distributed naming database that solves each of the problems described previously as follows:


The most frequently used implementation of the DNS, in the UNIX world, is (Berkeley Internet Name Domain (BIND). It is available from the  (The latest version of 8 branch is version 8.4.7).

You can download and compile the latest version if you want, however, this may not be supported by Sun.

Note - Solaris version 8 implements BIND version 8.x.x

DNS Namespace Structure

The DNS namespace is composed of a set of hierarchical domains arranged in a manner similar to the branches of an inverted tree. A DNS domain is represented by a branch or leaf in the DNS inverted tree.

A domain:

The top of the DNS tree contains a nameless root domain. This domain is used as a place holder and contains no naming information. The root domain is controlled by the ICANN.  Below the root domain are the top-level domains. These top-level domains can be broken into two main categories: organizational and geographical domains. All top-level domains are currently controlled by the ICANN.

Organizational top domain currently include domains such as com, edu, gov, org, arpa, and so on.

DNS Organizational Top-Level Domains 

Domain Description

(Mostly U.S.) educational institutions like universities.


Commercial organizations and companies.


Non-commercial organizations.


Gateways and other administrative hosts on a network.


U.S. military institutions.


U.S. government institutions.


Obsolete, all site names formerly used as UUCP names without domains have been moved to this domain.

ca Country domains based of two letter abbreviations
arpa  Used for inverse address lookups

Below the top-level domains are second-level domains. The second level is typically the first place the ICANN delegates authority for the domain to some other local organization.

An organization may decide to break up their second-level domain into lower-level domains. This is generally done on an organizational, political, or as needed basis. Lower levels can be split into even lower levels as needed. All domains are subject to the naming length restrictions set out in the ''Domain Naming Rules''.

There are two types of domain names:

Domains can, in general, be nested as deeply as needed and named as desired if the following restrictions are kept in mind:

Special purpose Domain

Since the DNS is a distributed database, information lookup is performed by providing a key to a DNS server and requesting the value associated with that key. DNS name lookups start with a domain name and search for an unknown IP address. There are applications, however, that request reverse lookups starting with a known IP address.

The domain was created as a mechanism to take an IP address and represent it in domain name form. Given this representation, reverse (address to name) lookups can be performed.

The structure of the domain consists of subdomains named after each successive octet of an IP address in descending levels of the naming tree. The net effect is to allow for the representation of the IP address as, for example. (Notice the IP address appears backwards in standard domain name notation.)

Zones of Authority

In addition to dividing the name space into administrative domains, the namespace is also divided into various zones of authority. These zones are superset of domains and can:

To get zone one can use dig:

dig axfr zone_name @

Types of DNS Servers

Domains are controlled and name translations are performed by DNS servers. Although not all types of DNS servers are covered here, the following sections contain some server types and a description of each.


Root Servers

Root servers are positioned at the top, or root, of the DNS hierarchy, and maintain data about each of the top-level zones. There are currently (as of June, 2000) 13 root servers. Of these, nine serve the root and top-level domains, while four serve the root domain only.

The root servers are maintained by the ICANN and have been moved to a common domain for consistent naming purposes. The root servers are currently named,, and so on.

;       This file holds the information on root name servers needed to
;       initialize cache of Internet domain name servers
;       (e.g. reference this file in the "cache  .  <file>"
;       configuration file of BIND domain name servers).
;       This file is made available by InterNIC 
;       under anonymous FTP as
;           file                /domain/named.root
;           on server           FTP.INTERNIC.NET
;       -OR-                    RS.INTERNIC.NET
;       last update:    Jan 29, 2004
;       related version of root zone:   2004012900
; formerly NS.INTERNIC.NET
.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A
; formerly NS1.ISI.EDU
.                        3600000      NS    B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.      3600000      A
; formerly C.PSI.NET
.                        3600000      NS    C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.      3600000      A
; formerly TERP.UMD.EDU
.                        3600000      NS    D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.      3600000      A
; formerly NS.NASA.GOV
.                        3600000      NS    E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.      3600000      A
; formerly NS.ISC.ORG
.                        3600000      NS    F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.      3600000      A
; formerly NS.ICANN.DDN.MIL
.                        3600000      NS    G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.      3600000      A
; formerly AOS.ARL.ARMY.MIL
.                        3600000      NS    H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.      3600000      A
; formerly ICANN.NORDU.NET
.                        3600000      NS    I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.      3600000      A
; operated by VeriSign, Inc.
.                        3600000      NS    J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.      3600000      A
; operated by RIPE NCC
.                        3600000      NS    K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.      3600000      A 
; operated by ICANN
.                        3600000      NS    L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET.      3600000      A
; operated by WIDE
.                        3600000      NS    M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.      3600000      A
; End of File

This file is obtained from:

Primary servers

Each domain must have a primary server. Primary servers have the following features:

Secondary (Slave) Servers

Each domain should have at least one secondary server. In fact, the ICANN will not allow a domain to become officially registered as a subdomain of a top-level domain until a site demonstrates two working DNS servers. Secondary servers have the following features:

Caching-Only Servers

Keep in mind that all DNS servers cache information for remote domains over which they are non-authoritative. Caching-only servers only cache information for any DNS domain. They are not authoritative for any domain. Caching-only servers provide the following features: Note - The setup of caching-only servers is not covered in this module.

Forwarding Servers

Forwarding servers are a variation on a primary or secondary server and act as focal points for all off-site DNS queries. Designating a server as a forwarding server causes all off-site requests to go through that server first. Forwarding servers have the following features:

Types of DNS Server Answers

Answers returned from DNS servers can be described as authoritative or non-authoritative.

Authoritative Answers. Answers from authoritative DNS servers:

Non-Authoritative Answers. Answers from non-authoritative DNS servers:

DNS Name Resolution Process

DNS name resolution is what happens between the person typing the command ftp on the command line and the client machine receiving the appropriate address to use from a DNS server.

Client Resolver Name resolution begins with client-side resolver code. Resolver code is typically built into the operating system and is available to programs using system interface calls and shared libraries.

Client resolver code provides the following features:

The following sequence of steps is typically used by a DNS client to resolve name to address or address to name requests.

  1. The client system consults the /etc/nsswitch.conf file to determine name resolution order. In this example, the presumed order is local file first, then DNS.
  2. The client system consults the local /etc/inet/host file and does not find an entry.
  3. The client system consults the /etc/resolv.conf file to determine the name resolution search list and the address of the local DNS server.
  4. The client system resolver routines send a recursive DNS query regarding the return address for ftp. to the local DNS server. (A recursive query says "I will wait for the answer, you do all the work.") At this point, the client will wait until the local server has completed name resolution. This is the nature of stub clients.
  5. The local DNS server consults the contents of its cached information in case this query has been tried recently. If the answer is in local cache, it is returned to the client as a non-authoritative answer.
  6. The local DNS server contacts the appropriate DNS server for the domain, if known, or a root server and sends an iterative query. (An iterative query says "Send me the best answer you have, I'll do all the work.") In this example, the assumption is that the answer is not cached and a root server must be contacted.

  7. The root server returns the best information it has. In this case, the only information you can be guaranteed that the root server will have is the names and addresses of all the net. servers. The root server returns these names and addresses along with a time-to-live value specifying how long the local name server can cache this information.
  8. The local DNS server contacts one of the net. servers returned from the previous query, and transmits the same iterative query sent to the root servers earlier.
  9. The net. server contacted returns the best information it has, which is the names and addresses of the servers along with a time-to-live value.
  10. The local DNS server contacts one of the servers and makes the same query.
  11. The servers return the address(es) of the along with a time-to-live value.
  12. The local DNS server returns the requested address to the client system and the ftp command can proceed.

DNS Server Configuration

DNS name servers are configured in the Sun environment by running the in.named process. When configuring a DNS server, you need to supply the server with the following types of information:

BIND Configuration File  /etc/named.conf

BIND 8.x.x adds a new configuration file, /etc/named.conf, that replaces the old  /etc/named.boot file. The /etc/named.conf file establishes the server as a primary, secondary, or cache-only name server. It also specifies the zones over which the server has authority and which data files it should read to get its initial data.
The /etc/named.conf file contains statements that implement:

The configuration file is read by in.named when the daemon is started by the server's start up script, /etc/init.d/inetsvc. The configuration file directs in.named either to other servers or to local data files for a specified domain.

Structure of named.conf file

The named.conf file contains statements and comments. Statements end with a semicolon. Some statements can contain a block of statements. Again, each statement in the block is terminated with a semicolon Table 11-2 lists named. conf statements and their definitions.

Resource Records

Records contained in the name server database files are called resource records. Each record contains information pertaining to a particular machine, such as its address, services running on the machine, and contact information. You can edit resource records to customize your configuration. Each line in a file is in resource record format. The general syntax of a resource record is:

[name] [ ttl] class type data

Resource records have the following fields:

/var/named/named.root File

The named.root file specifies name-to-address mapping of root servers (and it is to your benefit, generally, to specify as many root servers as possible in this file).

The information in this file is described as "hints" to the name daemon process as the name daemon process attempts to contact the servers listed until one of them responds. The responding root server returns a list of root servers. The name daemon uses the list returned from the root server and not the servers specified in this file until the time-tolive expires (hence "hints").

Accordingly, it is not imperative that this file be precisely up to date, but it should be checked every few months because root servers do change from time to time.

Some features of this file are:

After the cached root server information time-to-live expires, the hints are used again to contact root servers to refresh the cache.

The following is an excerpt taken from a named.root file available at

  • ; formerly NS.INTERNIC.NET
    . 3600000 IN NS A.ROOT-SERVERS.NET.
    A.ROOT-SERVERS.NET. 3600000 A
    ; formerly NS1.ISI.EDU
    . 3600000 NS B.ROOT-SERVERS.NET.
    B.ROOT-SERVERS.NET. 3600000 A
    ; formerly C.PSI.NET
    . 3600000 NS C.ROOT-SERVERS.NET.
    C.ROOT-SERVERS .NET. 3600000 A ...
    ; housed in Japan, operated by WIDE
    . 3600000 NS M.ROOT-SERVERS.NET.
    M.ROOT-SERVERS.NET. 3600000 A ; End of File


    /var/named/domain-info File

    This file contains the mappings of names to IP addresses for all systems in the domain being served by this name server. In addition, this file must specify an SOA record and NS records for all name servers for this domain. For example:
  • ; Information for the "forward" domain
    @ IN SOA (
    1 ; Serial number
    43200 ; Refresh timer - 12 hours 3600 ; Retry timer - 1 hour
    Define name
    servers for this IN NS IN NS IN NS
    604800 ; Expire timer - 1 week 86400 ; Time to live - 1 day ) ; primary ; secondary ; secondary

  • ; Glue records - needed for secondaries residing in other domains. IN A IN A

  • ; Define name to address mappings for this domain.
    lion IN A
    lion-router IN A # this is a router for rockway
    rhino IN A 128. 50 .1.3
    mule IN A 128. 50 .1.2
    horse IN A 128. 50 .1.1
    ; CNAME aliases.
    nti-router IN CNAME lion-router

    ; Loopback domain definition (required).

    localhost IN A

    The SOA record

    The SOA record is mandatory and has the following items of note:

    /var/named/inverse-domain-info File

    This file contains mappings for address to name translation. Address to name translation is important and is used by such varying utilities as NFS, web servers, BIND, and the Berkeley r-command series, to name a few.

    Information for the "inverse" domain

    @ IN SOA (
    1 ; Serial number
    43200 ; Refresh timer - 12 hours 3600 ; Retry timer - 1 hour 604800 ; Expire timer - 1 week 86400 ; Minimum timer - 1 day )
    ; Define name servers for this domain.
    IN NS; primary
    IN NS pea. veggie. edu.; secondary IN NS; secondary
    ; Define address to name mappings for this domain. IN PTR
    3 IN PTR
    2 IN PTR
    1 IN PTR

    Some items of note are:

    /var/named/loopback-domain-info File

    This file is used to specify the inverse loopback domain address to name translation. The contents are hard coded and this file is required on all DNS servers.

    ; Information for the loopback domain
    IN SOA
    20060725 ; Serial number
    43200 ; Refresh timer - 12 hours
    3600 ; Retry timer - 1 hour
    604800 ; Expire timer - 1 week
    86400 ; Minimum timer - 1 day

    Define name servers for this domain.

    IN NS
    ; Define appropriate mappings for this domain. 1.0.0 IN PTR
  • Some items of note are:

    Some Configurations Notes

    Recall that one of the items a DNS server needs to know is the name and addresses of servers for all domains one level below. You must inform your parent domain of the names and addresses of all newly configured subdomains. This is a critical part of establishing the proper parenting relationship between upper- and lower-level domains. Although this will not be done in the lab, bare in mind that every domain setup requires notifying the parent domain of the names and addresses of all name servers in the subdomain.

    Client/Server Common File Setup

    The nsswitch.conf and resolv.conf files are required by all DNS clients and servers.


    The nsswitch.conf file specifies to the resolver library routines that the DNS is to be used in resolving host names and addresses. Modify the ns switch. conf file by editing the hosts line so that the keyword dns appears somewhere in the list of name services. Place this keyword last as local name services are usually consulted first.

    A resulting appropriately configured file would contain a line that looks like:
    hosts: files dns


    This file is used to specify to the resolver library routines the domain search list to apply to any names that are not specified in the FQDN form and to specify the IP addresses of DNS servers to query.
    ; resolv.conf file for DNS clients of the

    nameserver ; Primary Master Server for zoo
    nameserver ; Secondary Master Server for zoo

    Some items of note are:

  • The search keyword specifies domain names to append to names that were not specified in the FQDN format as well as in what order to append them.

  • The nameserver keyword specifies DNS servers to query using IP address. (Do not specify host names!) Up to three nameserver keywords can be used to increase your chances of finding a responsive server. In general, the more responsive servers should be listed first. If this system is a name server itself, the loopback address might be used.

    Testing DNS Configration

    Once all of your configuration files have been entered, you will want to test your DNS domain information.

    The primary test tool that comes bundled with BIND is the nslookup utility. In general, nslookup is used to do the following:

  • In general, you will not be able to test every record in your domain files. Test representative samples, and test a few servers in other domains to ensure that you have correctly identified the root servers.


    A typical debug session might look something like the following:
    Note - Much of the output has been omitted for clarity.

    # nslookup

    Default Server: Address:

    The server listed as the default server should be the first listed server in the /etc/resolv. conf file. This server can later be changed using the nslookup server directive.
    > ls
    Server: Address: Name:
    Address: >
    nslookup uses a greater-than (>) prompt. The name of the server being queried is always displayed first (and will be omitted from future examples) followed by the query and the reply.
    In this example, the address (the default query) of the domain lion.zoo . edu. was requested.
    > set type=ns
    ... nameserver = internet address =
    In this example, all of the name servers for the domain are listed.

    set type=ptr
    ... name =
    In this example, the inverse address lookup is tested. Notice that n sl ookup allows you to enter the IP address in regular forward notation without the trailing in-addr. arpa. domain name.
    Default Server: Address:
    In this example, the DNS server was changed from the to the server.
    General testing might proceed as follows:

  • Test several name-to-IP address translations within your domain.
  • Test several IP-address (PTR record) translations within your domain.
  • Test name-to-address and address-to-name translations in other domains.
  • List name servers for your own and a few remote domains. l List SOA records for your own and a few remote domains.
    If any of your tests have errors or has no response, it is time to debug.

    BIND Debugging Tools

    The main debug tool you have with BIND is having the name daemon dump its database to an ASCII file.

    pkill -INT in.named  This signal causes the name daemon to take a snapshot of its in-memory cached data and write this information to the file /var/named/named_dump.db in ASCII (resource record) format. (Notice that the name daemon process stores its process ID number in the file /etc/named. pid at start-up. You can use this with the shell command substitution shown previously to send signals to the name daemon without having to know its process number or use the ps command to determine its process number.) Use the - INT argument to debug non-authoritative lookups.

    pkill -USR1 in.named  This signal causes the name daemon to increase its debug level (disabled by default) by one. Each successive increase generates more debug output. You can examine the resulting output in the /var/named/named. run file. A discussion of this file is beyond the scope of this course and is discussed in DNS & BIND. The -USR argument is used to debug authoritative lookups.

    pkill -USR2 in.named This signal causes the name daemon to return to debug level 0-no debug output.

    pkill -HUP in.named This signal causes the name daemon to reread all of its configuration files. If you are having problems getting the name daemon to behave, it is sometimes wise to kill and restart the name daemon process rather than use the HUP signal.

    You can edit the resulting file with your text editor and examine it for problems. Here is a list of typical problems you might have and how to discover them during debugging.

    Secondary DNS Server Setup

    The contents of the /etc/named.conf file is simpler than that of the primary server. If a server is to provide both roles, a primary server for some domains and a secondary server for other domains, the /etc/named.conf file must contain keywords appropriate to both of these functions.

    When you add a secondary server, it is important to coordinate with the primary server. The primary server should have an NS record for the secondary server in all files describing all domains for which the secondary will be serving. .

    Testing and Debugging

    You should test and debug secondary servers essentially the same as primary servers (using nslookup and pkill -INT to dump the name server's database when necessary).

    DNS Security

    DNS by its nature makes networks connected to the Internet vulnerable to unauthorized access. Up to BIND version 4.9, domain administrators had no way to control look-up data on their name servers. Solaris version 7 reduces the vulnerability of your network by implementing BIND version 8.x.x.

    BIND version 8.x.x features are established in the configuration file /etc/named.conf. This configuration file specifies the type of server it is running on and the zones that it serves as a master, slave, or stub. It also defines security, logging, and a finer granularity of options applied to zones.

    Restricting Queries

    The BIND version 8.x.x allow-query statement enables you to establish an IP address-based access list on queries. This list can apply to a zone, or to any queries received by the server. The access list determines which systems are allowed to send queries to the server.

    Preventing Unauthorized Zone Transfers

    Another important security issue is ensuring that only authorized slave name servers can transfer zones from your name server. The BIND version 8.x.x allow-transfer statement allows you to establish an IP address-based access list on zone transfers.

    Miscellaneous DNS Topics

    Following are other DNS subjects to consider:

    DNS Resources

    The following is a list of resources you can use when configuring DNS:

    Cuddletech's BIND Cheat Sheet

    Source can be found at:
    Files of interest:
    	-/etc/named.conf	BINDs central configuration file
    	-/var/named		Directory containing maps
    	 -db.cache		Root Server Referance
    	 -db.<domain>		Host Listings, Aliases, etc.
    	 -db.XX.XX.XX		Reverse Maps
    	 -db.127.0.0		Local Domain Reverse Map
    DB Files:
     You'll have several DB files.  The first is the name-to-address
    mapping.  Typically this file is named "db.<domain>".  The second
    DB file you'll have is the address-to-name mapping, typically
    contained in a file named "db.xx.xx.xx" (eg: db.10.1.0).  These
    maps are also commonly called "reverse maps".  While there is 
    generally only one name-to-address map, there should be one
    reverse map per network.  The last map will be the loopback
    map, named "db.127.0.0", which obviously is also a reverse map.
     Note that the headers are: zone, class, type, nameserver, admin mail.
    This is important.  The address here "" is 
    the name of the primary master for "this data".  The second is
    the email address for the DNS admin, with a "." in place of an "@".
    The mail address is not used by the daemon and is only for human
    DB File Record Types:
    	SOA	Indicates authority for this zone data
    	NS 	List a name server for this zone
    	MX	Mail Exchanger
    	A	Name-to-Address mapping
    	PTR	Address-to-Name mapping
    	CNAME	Canonical name (aliases)
    	IN	INternet Class (optional)
    	RP	Responsable Person
    	TXT	Text Field
    Example of name-to-address map	   	    (File: db.cuddletech)
    ----------------------------------------------------------------- IN SOA (
                                    4        ; Serial
                                    10800    ; Refresh
                                    3600     ; Retry
                                    604800   ; Expire
                                    86400 )   ; Minimum TTL
    ; Name Servers                 IN NS
    ; Host Addresses       IN A              IN A            IN A         IN A
    ; Aliases....           IN CNAME          IN CNAME        IN CNAME
    Example of address-to-name (reverse) map        (File: db.10.0.0)
    ----------------------------------------------------------------- IN SOA (
                                    4        ; Serial
                                    10800    ; Refresh
                                    3600     ; Retry
                                    604800   ; Expire
                                    86400 )   ; Minimum TTL
    ; Name Servers    IN NS
    ; Canonical Names  IN PTR  IN PTR  IN PTR
    Example of loopback map			       (File: db.127.0.0)	
    ----------------------------------------------------------------- IN SOA (
                                    4        ; Serial
                                    10800    ; Refresh
                                    3600     ; Retry
                                    604800   ; Expire
                                    86400 )   ; Minimum TTL           IN NS         IN PTR  localhost.
    NOTE: Here are some tricks...
     - You can add a "@" before your SOA entry and shorten things a bit,
       excluding the zone name, and modifing entries like this:
       The record:              IN A
       Becomes:    ns		 	       IN A
       Or this:    IN NS
       Becomes: 			    IN NS
       Or this:  IN PTR
       Becomes: 2			    IN PRT
       And this:        IN CNAME
       Becomes:  intraweb			     IN CNAME deckard 
     - You can omit the class in all records, the "IN". INternet Class is assumed.
     - Leaving the record name blank implies the last record name, repeated.  In
       our previous examples, @ was being interpreted as the zone name, and in
       our example we listed the NS entry as having no entry name.  That's because
       @ would be expanded to "", and the first record is
       our NS entries, who's records would be named ""...
       a repeat.  This is why they can be omitted.  This same principle is avalible 
       throughout the db files.
     - The MX type, is for mail routing.  Use this to point to your MTA.  Syntax is:
    	(domain)	     (priority)        (MTA)	IN MX	1	
     - The RP and TXT types work together.  Their syntax is:
    	(host) 		(email addr)		(record)
    	ns	IN RP
    	system	IN TXT 	"This is an administrative system"
    The Root Cache DB File:
     The special map thats the same everywhere (almost) is the
    root cache db (typically named: db.cache).  This file is
    obtained from interNIC's ftp server, and contains the data
    needed to access/reference the root servers.
     The map can be obtained at:
    The BIND Configuration File:
     The BIND configuration file is named /etc/named.conf.  If it's named
    /etc/named.boot your on a system loaded with BIND 4.x.  Some systems
    will an "in" between the zone and "{", this denotes class, INternet 
    class.  The "in" (in all cases) is assumed and can be removed.  Note
    that the MINIMUM number of zones anyone will have is FOUR.
    Example of BIND's config file		  (file: /etc/named.conf)	
    options {
            directory "/var/named";
    zone "." {
            type hint;
            file "db.cache";
    zone "" {
            type master;
            file "db.127.0.0";
    zone "" {
            type master;
            file "db.10.0.0";
    zone "" {
            type master;
            file "db.cuddletech";
    Setting up a SLAVE Server:
     Slave servers are even easier.  If BIND is already installed
     on the server, here are the steps:
     1) Copy "named.conf" from the master server to the slave.
     2) Create a directory for the databases, according the
    	the config files "directory" directive.
     3) Copy the local-reverse map (db.127.0.0) and the root cache (db.cache)
    	files into the slaves database directory.
     4) Edit "named.conf", changing the map names from "type master;", to
    	"type slave;", for all zones with the exceptions of the root
    	cache and the local-reverse map. 
     5) Still editing "named.conf", add a "masters" directive to all the
    	slave zones, in the form: "masters { XX.XX.XX.XX; };"
     6) Start the server like normal.
    Example of a Slave BIND config file       (file: /etc/named.conf)
    options {
            directory "/var/named";
    zone "." {
            type hint;
            file "db.cache";
    zone "" {
            type master;
            file "db.127.0.0";
    zone "" {
            type slave;
            file "db.10.0.0";
    	masters {; };
    zone "" {
            type slave;
            file "db.cuddletech";
    	masters {; };
    BIND Signal Handling:						 (process: named)
    	Signal		Action
    	------		-------------------------------------------------------------
    	HUP		Reload the name server.  Master reloads. Slaves pull new maps.
    	INT		Dump the internal database to <directory>/named_dump.db
    	ILL		Append name server stats to named.stats in name servers cwd
    	USR1		Append debuging info to in name servers cwd
    	USR2		Turn off debugging.
    	WINCH		Toggle logging all queries to syslog
    	TERM		Exit and save dynamic zones to files.
    Building BIND from Source
     This is a simple process.  Grab the source from
    Then unpack, change into that directory and:
     1) make stdlinks
     2) make clean
     3) make depend
     4) make
     5) make install
    The complete, and thorough Resource Record (RR) syntax reference:
    - A address
    	(owner) (class) (ttl) A (address)
    	Example: IN A
    	Where: address is a 32bit address
    - CNAME canonical name
     	(owner) (class) (ttl) CNAME (canonical-dname)
    	Example: yummy IN CNAME
    	Where: owner is the alias, and cname is the real name
    - HINFO host information
    	(owner) (class) (ttl) HINFO (cpu) (os)
    	Example: IN HINFO Sun4500 Solaris
    	Where: cpu is a string specifing the cpu and os is a string
    		specifying the os.
    - MB mailbox domain name - experimental
    	(owner) (class) (ttl) MB (mbox-dname)
    	Example: IN MB
    	Where: mbox is a domain-name which specifies a host with the
    		specified mailbox.
    - MD mail destination - obsolete
    	Replaced with MX
    - MF mail forwarder - obsolete
    	Replaced with MX
    - MG mail group member - experimental
    	(owner) (class) (ttl) MG (mgroup-dname)
    	Example: IN MG
    					IN MG
    	Where: owner is the address, and mgroup is the "subscribers"	
    - MX mail exchanger
    	(owner) (class) (ttl) MX (preference) (exchange-dname)
    	Example: IN MX 0
    	Where: owner is the domain, preference is the order in	
    		which mx records should be used, and exchange
    		is the name of the mail server.
    - NS name server
    	(owner) (class) (ttl) NS (name-server-dname)
    	Example: IN NS
    	Where: dname is the dns server, and owner is the domain
    - PTR pointer
    	(owner) (class) (ttl) PTR (dname)
    	Example: IN PTR
    	Where: dname is the dns name, and owner is the reversed address
    - SOA start of authority
    	(owner) (class) (ttl) SOA (source-dname) (mbox) "("
    		serial refresh retry expire minimum ")"
    	Example: IN SOA (
    			1; 10800; 3600; 604800; 86400 )
    	Where: owner is the name of the zone, source-dname is the name 
    		of the primary name server, and where mbox is the mailbox
    		responsible for this domain
    - TXT text
    	(owner) (class) (ttl) TXT (text-string)
    	Example: IN TXT "Location: Under the Desk"
    	Where: owner is the owner is the system and txt-string
    		is the description
    - WKS well-known service
    	(owner) (class) (ttl) WKS (address) (protocol) (service-list)
    	Example: IN WKS TCP ( telnet ssh ftp domain ) 
    	Where: owner is the machine name, address is a 32bit address, protical
    		is the protical name, and service list is the services to direct.
    Useful Links:
    The DNS Resource Directory:
    DNS Boss Config App:
    DNS Documentation:
    Interesting Tools:
    ########################DAS ENDE####################################################
    ########Created for & by: [email protected]#######################################



    Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy


    War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes


    Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law


    Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

    Classic books:

    The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Haterís Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

    Most popular humor pages:

    Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

    The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D

    Copyright © 1996-2021 by Softpanorama Society. was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

    FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

    This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

    You can use PayPal to to buy a cup of coffee for authors of this site


    The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

    Last modified: March, 12, 2019