Softpanorama May the source be with you, but remember the KISS principle ;-)	Home	Switchboard	Unix Administration	Red Hat	TCP/IP Networks	Neoliberalism	Toxic Managers
	(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and bastardization of classic Unix

Solaris DNS Tutorial, part 1/3

Prev Index Next

A Brief History of DNS
DNS Namespace Structure
Types of DNS Servers
Types of DNS Server Answers
DNS Name Resolution Process
DNS Server Configuration
Some Configurations Notes
- Client/Server Common File Setup
- /etc/resolv.conf
Testing DNS Configration
- nslookup
- BIND Debugging Tools
Secondary DNS Server Setup
DNS Security
- Restricting Queries
- Preventing Unauthorized Zone Transfers
Miscellaneous DNS Topics
DNS Resources
- Cuddletech's BIND Cheat Sheet

A Brief History of DNS

In the earlier days of the Internet (before the mid 1980s) application programs translated host names to addresses and host addresses to names by performing a local file lookup. In the UNIX operating system, the file used was (and is) /etc/hosts. To contact a host on the Internet by name, the user needed to populate the local hosts file with the names and addresses of all hosts on the Internet. This was accomplished by transferring the file HOSTS.TXT from the server SRI-NIC using a file transfer utility like FTP. With a small network and hosts database this mechanism was adequate. However with network growth, problems with this mechanism arose.

Early Internet Naming Problems

At the beginning /etc/hosts file was used and syncronized periodically between servers

Example of /etc/net/host

#
# Internet host table -r
#
127.0.0.1 localhost

10.201.13.251 nti251 nti251.andipc.myfirm.com
10.201.29.251 nti251bu nti251bu.andipc.myfirm.com
10.201.13.246 loghost

Use of a local file and file transfer utility to obtain host names and addresses requires the maintenance of a central, monolithic name database. This in turn leads to several problems, the more serious of which are:

Name uniqueness. Once a name like venus, for example, has been taken no other host on the Internet can use this same name.
HOSTS.TXT file maintenance. As the Internet grew, the rate of modifications to the HOSTS.TXT file grew beyond the logistical capacity of the administrative staff at the ICANN to handle. This is a natural consequence of a large, centralized and monolithic database.
Server/network load. Since each system on the Internet needed to have access to its own hosts file, the number of file transfers from the centralized sri-nic host grew with time. Eventually this placed an unacceptable load on the sri-nic server as well as the Internet backbone.

DNS as a solution

The DNS was designed to resolved those problems. At the heart of the DNS solution is a distributed naming database that solves each of the problems described previously as follows:

Name uniqueness The unique naming problem is solved by the creation of domains. In the DNS, a domain is an administrative collection of named resources on the network. These resources typically represent workstations, PCs, routers, and the like, but can actually be representative of anything. Domains are discussed in more detail in the following section.
HOSTS.TXT file maintenance. The DNS specifies host name and address lookups via a distributed name database. This database is implemented in DNS servers where each server is responsible for only a small portion of the entire name database. Obviously, DNS servers would have to know how to contact other appropriate DNS servers to look up naming information outside the knowledge base of the local server.
Server/network load. Server/network load is reduced in the DNS by having DNS servers cache information taken from other DNS servers. Once cached, a local DNS server does not need to query a remote server for the same piece of information for the duration of the information's cached lifetime.

BIND

The most frequently used implementation of the DNS, in the UNIX world, is (Berkeley Internet Name Domain (BIND). It is available from the http://www.isc.org/bind (The latest version of 8 branch is version 8.4.7).

You can download and compile the latest version if you want, however, this may not be supported by Sun.

Note - Solaris version 8 implements BIND version 8.x.x

DNS Namespace Structure

The DNS namespace is composed of a set of hierarchical domains arranged in a manner similar to the branches of an inverted tree. A DNS domain is represented by a branch or leaf in the DNS inverted tree.

A domain:

Is a collection of names maintained by a group of administrators.
Specifies keys that may be used to look up information in the DNS distributed database.
Can be branches or leaves in the DNS tree. Branches represent collections of names in a common domain. Leaves represent individual nodes and are considered a domain unto themselves.
Represents nodes or systems by name in the DNS naming tree, which may or may not be in physical proximity. In other words, a domain can span a large physical area.
Can be broken into subdomains and can delegate authority for those subdomains to another group of administrators.

The top of the DNS tree contains a nameless root domain. This domain is used as a place holder and contains no naming information. The root domain is controlled by the ICANN. Below the root domain are the top-level domains. These top-level domains can be broken into two main categories: organizational and geographical domains. All top-level domains are currently controlled by the ICANN.

Organizational top domain currently include domains such as com, edu, gov, org, arpa, and so on.

DNS Organizational Top-Level Domains

Domain	Description
edu	(Mostly U.S.) educational institutions like universities.
com	Commercial organizations and companies.
org	Non-commercial organizations.
net	Gateways and other administrative hosts on a network.
mil	U.S. military institutions.
gov	U.S. government institutions.
uucp	Obsolete, all site names formerly used as UUCP names without domains have been moved to this domain.
ca	Country domains based of two letter abbreviations
arpa	Used for inverse address lookups

Below the top-level domains are second-level domains. The second level is typically the first place the ICANN delegates authority for the domain to some other local organization.

An organization may decide to break up their second-level domain into lower-level domains. This is generally done on an organizational, political, or as needed basis. Lower levels can be split into even lower levels as needed. All domains are subject to the naming length restrictions set out in the ''Domain Naming Rules''.

There are two types of domain names:

The fully qualified name of a domain (FQDN) is specified by appending all names from the leaf node up to the root of the name tree using a dot as the separator and including a trailing dot. For example, the FQDN of the policy node in the corp domain, within the sun domain, would be policy.corp.sun.com. (including the trailing dot).
Relative domain names (RDN) may also be specified and are analogous to UNIX relative path names. Relative domain names do not end in a dot. For example, policy, policy.corp, and policy.corp.sun.com are all possible RDNs for the policy node in the previous example. Notice the lack of a trailing dot in each case.

Domains can, in general, be nested as deeply as needed and named as desired if the following restrictions are kept in mind:

There is a 255 character limit (including the dots) per FQDN.
There is a 63 character limit per domain label.
Names should only contain alphanumerics, and the dash. All other characters are now officially forbidden.
Naming conventions are decided upon by the domain administrator.

Special purpose in-addr.arpa. Domain

Since the DNS is a distributed database, information lookup is performed by providing a key to a DNS server and requesting the value associated with that key. DNS name lookups start with a domain name and search for an unknown IP address. There are applications, however, that request reverse lookups starting with a known IP address.

The in-addr.arpa. domain was created as a mechanism to take an IP address and represent it in domain name form. Given this representation, reverse (address to name) lookups can be performed.

The structure of the in-addr.arpa. domain consists of subdomains named after each successive octet of an IP address in descending levels of the naming tree. The net effect is to allow for the representation of the IP address 128.50.1.64 as 64.1.50.128.in-addr.arpa., for example. (Notice the IP address appears backwards in standard domain name notation.)

Zones of Authority

In addition to dividing the name space into administrative domains, the namespace is also divided into various zones of authority. These zones are superset of domains and can:

Be the portion of the name space for which a server is authoritative (that is, contain information for domains over which the server has naming control)
Consist of at least one domain and all associated data
Can span more then one domains

To get zone one can use dig:

dig axfr zone_name @10.201.13.252

Types of DNS Servers

Domains are controlled and name translations are performed by DNS servers. Although not all types of DNS servers are covered here, the following sections contain some server types and a description of each.

Root Servers
Primary servers
Secondary (Slave) Servers
Caching-Only Servers
Forwarding Servers

Root Servers

Root servers are positioned at the top, or root, of the DNS hierarchy, and maintain data about each of the top-level zones. There are currently (as of June, 2000) 13 root servers. Of these, nine serve the root and top-level domains, while four serve the root domain only.

The root servers are maintained by the ICANN and have been moved to a common domain for consistent naming purposes. The root servers are currently named A.rootservers.net., B.rootservers.net., and so on.

;       This file holds the information on root name servers needed to
;       initialize cache of Internet domain name servers
;       (e.g. reference this file in the "cache  .  <file>"
;       configuration file of BIND domain name servers).
;
;       This file is made available by InterNIC 
;       under anonymous FTP as
;           file                /domain/named.root
;           on server           FTP.INTERNIC.NET
;       -OR-                    RS.INTERNIC.NET
;
;       last update:    Jan 29, 2004
;       related version of root zone:   2004012900
;
;
; formerly NS.INTERNIC.NET
;
.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
;
; formerly NS1.ISI.EDU
;
.                        3600000      NS    B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
;
; formerly C.PSI.NET
;
.                        3600000      NS    C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
;
; formerly TERP.UMD.EDU
;
.                        3600000      NS    D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.      3600000      A     128.8.10.90
;
; formerly NS.NASA.GOV
;
.                        3600000      NS    E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
;
; formerly NS.ISC.ORG
;
.                        3600000      NS    F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
;
; formerly NS.ICANN.DDN.MIL
;
.                        3600000      NS    G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
.                        3600000      NS    H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.      3600000      A     128.63.2.53
;
; formerly ICANN.NORDU.NET
;
.                        3600000      NS    I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
;
; operated by VeriSign, Inc.
;
.                        3600000      NS    J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
;
; operated by RIPE NCC
;
.                        3600000      NS    K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129 
;
; operated by ICANN
;
.                        3600000      NS    L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET.      3600000      A     198.32.64.12
;
; operated by WIDE
;
.                        3600000      NS    M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
; End of File

This file is obtained from:

ftp://ftp.rs.internic.net/domain/named.root

Primary servers

Each domain must have a primary server. Primary servers have the following features:

There is generally only one primary server per domain.
They are the system where all changes are made to the domain.
They are authoritative for all domains they serve. (See the following sections for definitions of authoritative and non-authoritative servers.)
They periodically update and synchronize secondary servers of the domain.
They can specify the delegation of authority for subdomains.
In BIND 8.x.x, they are defined by the type master argument to the zone statement in the configuration file /etc/named.conf.

Secondary (Slave) Servers

Each domain should have at least one secondary server. In fact, the ICANN will not allow a domain to become officially registered as a subdomain of a top-level domain until a site demonstrates two working DNS servers. Secondary servers have the following features:

There is one or more secondary server per domain.
They obtain a copy of the domain information for all domains they serve from the appropriate primary server or another secondary server for the domain.
They are authoritative for all domains they serve. (See the following sections for definitions of authoritative and non-authoritative servers.)
They periodically receive updates from the primary servers of the domain.
They provide load sharing with the primary server and other servers of the domain.
They provide redundancy in case one or more other servers are temporarily unavailable.
They provide more local access to name resolution if placed appropriately.
In BIND 8.x.x, they are defined by the type slave argument to the zone statement in the /etc/named.conf configuration file.

Caching-Only Servers

Keep in mind that all DNS servers cache information for remote domains over which they are non-authoritative. Caching-only servers only cache information for any DNS domain. They are not authoritative for any domain. Caching-only servers provide the following features:

They provide local cache of looked up names.
They have lower administrative overhead.
They are never authoritative for any domain.
They reduce overhead associated with secondary servers performing zone transfers from primary servers.
They allow DNS client access to local cached naming information without the expense of setting up a DNS primary or secondary server.

Note - The setup of caching-only servers is not covered in this module.

Forwarding Servers

Forwarding servers are a variation on a primary or secondary server and act as focal points for all off-site DNS queries. Designating a server as a forwarding server causes all off-site requests to go through that server first. Forwarding servers have the following features:

They are used to centralize off-site requests.
The server being used as a forwarder builds up a rich cache of information.
All off-site queries go through forwarders first.
They reduce the number of redundant off-site requests. l No special setup on forwarders is required.
If forwarders fail to respond to queries, the local server can still contact remote site, DNS servers itself.

Types of DNS Server Answers

Answers returned from DNS servers can be described as authoritative or non-authoritative.

Authoritative Answers. Answers from authoritative DNS servers:

Are sourced from a disk based file.
Are typically correct. Since humans administer the DNS, it is possible for "bad" data to enter the DNS database.
Are "as good as it gets."

Non-Authoritative Answers. Answers from non-authoritative DNS servers:

Are sourced from a server cache.
Are typically correct.
May be incorrect as an authoritative remote domain server due to the updating of its domain data after the non-authoritative was cached.

DNS Name Resolution Process

DNS name resolution is what happens between the person typing the command ftp ftp.sun.com. on the command line and the client machine receiving the appropriate address to use from a DNS server.

Client Resolver Name resolution begins with client-side resolver code. Resolver code is typically built into the operating system and is available to programs using system interface calls and shared libraries.

Client resolver code provides the following features:

It is typically only stubs because it does not cache any information received from the DNS servers.
It queries the local DNS server specified in the /etc/resolv.conf file:
```
search corp.sun.com eng.sun.com sun.com 
nameserver 128.50.1.101
```
It is activated by a reference to DNS in the /etc/nsswitch.conf file hosts entry.

The following sequence of steps is typically used by a DNS client to resolve name to address or address to name requests.

The client system consults the /etc/nsswitch.conf file to determine name resolution order. In this example, the presumed order is local file first, then DNS.
The client system consults the local /etc/inet/host file and does not find an entry.
The client system consults the /etc/resolv.conf file to determine the name resolution search list and the address of the local DNS server.
The client system resolver routines send a recursive DNS query regarding the return address for ftp. internic.net to the local DNS server. (A recursive query says "I will wait for the answer, you do all the work.") At this point, the client will wait until the local server has completed name resolution. This is the nature of stub clients.
The local DNS server consults the contents of its cached information in case this query has been tried recently. If the answer is in local cache, it is returned to the client as a non-authoritative answer.
The local DNS server contacts the appropriate DNS server for the internic.net. domain, if known, or a root server and sends an iterative query. (An iterative query says "Send me the best answer you have, I'll do all the work.") In this example, the assumption is that the answer is not cached and a root server must be contacted.
The root server returns the best information it has. In this case, the only information you can be guaranteed that the root server will have is the names and addresses of all the net. servers. The root server returns these names and addresses along with a time-to-live value specifying how long the local name server can cache this information.
The local DNS server contacts one of the net. servers returned from the previous query, and transmits the same iterative query sent to the root servers earlier.
The net. server contacted returns the best information it has, which is the names and addresses of the internic.net. servers along with a time-to-live value.
The local DNS server contacts one of the internic.net. servers and makes the same query.
The internic.net. servers return the address(es) of the ftp.internic.net. along with a time-to-live value.
The local DNS server returns the requested address to the client system and the ftp command can proceed.

DNS Server Configuration

DNS name servers are configured in the Sun environment by running the in.named process. When configuring a DNS server, you need to supply the server with the following types of information:

Names and addresses of root servers.
The information needed to resolve all domains for which the server is authoritative. This consists of name to address translations.
The information needed to resolve all inverse domains for which the server is authoritative. This consists of address to name translations.
Names and addresses of servers for all domains one level below the domain being served by this server. This is sometimes referred to as parenting or delegating. All of this information is supplied in configuration files referred to by the BIND configuration file /etc/named.conf and loaded into the in.named cache.

BIND Configuration File /etc/named.conf

BIND 8.x.x adds a new configuration file, /etc/named.conf, that replaces the old /etc/named.boot file. The /etc/named.conf file establishes the server as a primary, secondary, or cache-only name server. It also specifies the zones over which the server has authority and which data files it should read to get its initial data.
The /etc/named.conf file contains statements that implement:

Logging specifications
Selectively applied options for a set of zones. An example of the BIND configuration file /etc/named.conf and its relationship to name server data files. /etc/named.conf is displayed below:

options {
   DIRECTORY "/var/named";
};

acl "local" { 192.168.1.0/24; 192.168.2.0/24; 192.168.3.0/24;};

zone "." in {
   type hint;
   file "named.root";
};

zone "zoo.edu" in {
   type master;
   file "zoo.edu.zone";
};
zone "1.50.128.in-addr.arpa" in {
   type master;
   file "zoo.edu.rzone";
};
zone "127.in-addr.arpa" in {
   type master;
   file "loopback-domain-info";
};
/* This is a comment */

The configuration file is read by in.named when the daemon is started by the server's start up script, /etc/init.d/inetsvc. The configuration file directs in.named either to other servers or to local data files for a specified domain.

Structure of `named.conf` file

The named.conf file contains statements and comments. Statements end with a semicolon. Some statements can contain a block of statements. Again, each statement in the block is terminated with a semicolon Table 11-2 lists named. conf statements and their definitions.

acl Defines a named IP address match list used for access control. The address match list designates one or more IP addresses or IP prefixes. The named IP address match list must be defined by an acl statement before it can be used elsewhere. No forward references are allowed. include Inserts an include file at the point where the include statement is encountered. Use include to break up the configuration into more easily managed chunks.
key Specifies a key ID used for authentication and authorization on a particular name server. See the server statement.
logging Specify the information the server logs and the destination of log messages.
options Controls global server configuration options and sets default values for other statements.
server Sets designated configuration options associated with a remote name server. Selectively applies options on a per-server basis, rather than to all servers.
zone Defines a zone. Selectively applies options on a per-zone basis, rather than to all zones.

Resource Records

Records contained in the name server database files are called resource records. Each record contains information pertaining to a particular machine, such as its address, services running on the machine, and contact information. You can edit resource records to customize your configuration. Each line in a file is in resource record format. The general syntax of a resource record is:

[name] [ ttl] class type data

Resource records have the following fields:

Domain Name - This field specifies the domain name for which the resource record is defining information. Since the DNS is a distributed database, this record also defines the possible key values that may be used in DNS queries.
Time to live - This field specifies the time-to-live value that is passed out to remote DNS servers when they query the information specified by this record.
Class - This field specifies the type of network. The examples in this module will use only the "IN" or Internet class.
Record Type - This field specifies the type of information being defined with respect to the domain in field
- A The A record (address record) yields an IP address that corresponds to a host name. There can be multiple IP addresses corresponding to a single host name; there can also be multiple host names, each of which maps to the same IP address.
- CNAME The CNAME (Canonical Name) record is used to define an alias host name.
  MX MX records specify a list of hosts that are configured to receive mail sent to this domain name. (A host can perform MX functions for itself.)
- NS Name server record. Each subdomain that is a separate name server must have at least one corresponding name service (NS) record. Name servers use NS records to find each other.
- PTR PTR record allows special names to point to some other location in the domain. PTR records are used only in reverse (IN-ADDR.ARPA) domains. There must be exactly one PTR record for each Internet address.
- SOA Start of Authority (SOA) record identifies who has authoritative responsibility for this domain.
- AAAA The quad-A (AAAA) record specifies an IPv6 address for a host name.
Record Data - This field defines the appropriate data for this resource record and is dependent on the record type specified in field 4. Some record types specify a single argument in this field, other record types specify multiple arguments in this field.
Notes:
- Depending on the record type and other shortcuts being taken, some fields are optional some of the time. Examples of such fields will be discussed in the following sections.
- DNS configuration files may also contain blank lines and comments. Comments begin with a semicolon.

/var/named/named.root File

The named.root file specifies name-to-address mapping of root servers (and it is to your benefit, generally, to specify as many root servers as possible in this file).

The information in this file is described as "hints" to the name daemon process as the name daemon process attempts to contact the servers listed until one of them responds. The responding root server returns a list of root servers. The name daemon uses the list returned from the root server and not the servers specified in this file until the time-tolive expires (hence "hints").

Accordingly, it is not imperative that this file be precisely up to date, but it should be checked every few months because root servers do change from time to time.

Some features of this file are:

It provides "hints" as to the identity of root servers.
The actual root servers used are the result of querying the servers listed in the "hints" file.

After the cached root server information time-to-live expires, the hints are used again to contact root servers to refresh the cache.

The following is an excerpt taken from a named.root file available at ftp://ftp.rs.internic.net/domain/named.root:

; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS .NET. 3600000 A 192.33.4.12 ...
...
; housed in Japan, operated by WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 ; End of File

Where:

In the first record:
- The dot (.) in the first field pertains to the root domain.
- The time-to-live field is 3600000 seconds. If this field is left blank, the default time-to-live is specified in the SOA resource record.
- The class IN stands for Internet.
- The record type NS, indicates a name server is being defined for the root domain.
- The fifth field of the first record (the data field) is the FQDN (note the trailing dot) of a root name server.
In the second record:
- The first (domain) field contains the FQDN of the root server defined in the previous record.
- The time-to-live field is 3600000 seconds. If this field is left blank, the default time-to-live is specified in the SOA resource record.
- The record type, A, contains an IP address.
- For A records, the fifth data field contains the IP address of the domain specified in the first field.
The NS and A type records are combined to define the name and address of a single root server. Additional pairs of records would be specified in this file as appropriate.

/var/named/domain-info File

This file contains the mappings of names to IP addresses for all systems in the domain being served by this name server. In addition, this file must specify an SOA record and NS records for all name servers for this domain. For example:

; Information for the "forward" domain zoo.edu.
;
@ IN SOA horse.zoo.edu. hostmaster.zoo.edu. (
1 ; Serial number
43200 ; Refresh timer - 12 hours 3600 ; Retry timer - 1 hour
;
Define name
servers for this IN NS IN NS IN NS
604800 ; Expire timer - 1 week 86400 ; Time to live - 1 day )
domain.horse.zoo.edu. ; primary pea.veggie.edu. ; secondary tuna.fish.edu. ; secondary

; Glue records - needed for secondaries residing in other domains.
pea.veggie.edu. IN A 128.50.2.1
tuna.fish.edu. IN A 128.50.3.1

; Define name to address mappings for this domain.
lion IN A 128.50.1.250
lion-router IN A 128.50.2.250 # this is a router for rockway
rhino IN A 128. 50 .1.3
mule IN A 128. 50 .1.2
horse IN A 128. 50 .1.1
; CNAME aliases.
nti-router IN CNAME lion-router

; Loopback domain definition (required).

localhost IN A 127.0.0.1

The SOA record

The SOA record is mandatory and has the following items of note:

An at sign (@) in the domain field - A shortcut for the domain being served (zoo . edu. in this case). The actual value for the @ comes from the second field of the appropriate record in the named. conf file. The @ also serves to define the default origin - that domain appended to any domain name in the configuration file that is not fully qualified.
Data field argument 1 - Name of the primary master server for this domain in FQDN format.
Data field argument 2 - Email address that can be used to report on problems with the domain. The current standards specify this address should be hostmaster@domain. Note the @ is replaced with a dot in the SOA record since the @ has special meaning in this file.
Data field argument 3 - Serial number used by secondary master servers to see if they need to perform a zone transfer, re-acquiring a fresh copy of zone data. Anytime you make changes to this file you must remember to update the serial number in such a manner that it gets larger. Consult DNS & BIND for serial number strategies. (It is always safe to start at one and add one with each change.)
Data field argument 4 - The refresh timer is a time interval, in seconds, after which the secondary master servers should check to see if the serial number has changed and, hence, a new zone transfer needs to occur.
Data field argument 5 - The retry timer is a time interval, in seconds, after which the secondary master servers would check back if a normal refresh failed. This timer is typically set to a smaller value than the refresh timer.
Data field argument 6 - The expire timer is a time interval, in seconds, after which, if a secondary is unable to contact the primary server or another secondary server, the entire zone data should be discarded. The secondaries that have lost contact with the rest of the name servers for a zone do not continue to give out potentially out-of-date information indefinitely.
Data field argument 7 - The minimum timer is the default time-to-live value given out in normal query replies to servers from remote domains. If the time-to-live value is omitted in the second field of subsequent resource records, this value is used instead.
An NS record should be defined for all name servers in this domain that you want the world to know about. For any of these name servers that reside in other domains, you must also define "glue" address records.
The remainder of the file contains address records for each host in the domain.
Host one has two address records because it is a router.
In the second address record for host one, you can omit the name in field 1. With DNS hosts, you can have one name with many addresses. This is in contrast to the operation of the UNIX /etc/inet/hosts file in which each host interface has a different name.
Most of the host names are not fully qualified. Those that are not, have the domain name origin (the value of the @ in the SOA record by default) appended to them. This shorthand can save a lot of typing and improve the readability and maintainability of the file.
The CNAME record is used to define host aliases or nicknames for hosts. The CNAME in this instance is somewhat analogous to the hosts file fragment 128.50.1.2 mule www.
The localhost entry is required for proper functioning of the name server.

/var/named/inverse-domain-info File

This file contains mappings for address to name translation. Address to name translation is important and is used by such varying utilities as NFS, web servers, BIND, and the Berkeley r-command series, to name a few.

Information for the "inverse" domain 1.50.128.in-addr.arpa.

@ IN SOA horse.zoo.edu. hostmaster.zoo.edu. (
1 ; Serial number
43200 ; Refresh timer - 12 hours 3600 ; Retry timer - 1 hour 604800 ; Expire timer - 1 week 86400 ; Minimum timer - 1 day )
; Define name servers for this domain.
IN NS horse.zoo.edu.; primary
IN NS pea. veggie. edu.; secondary IN NS tuna.fish.edu.; secondary
; Define address to name mappings for this domain.
250.1.250.128.in-addr.arpa IN PTR lion.zoo.edu.
3 IN PTR rhino.zoo.edu.
2 IN PTR mule.zoo.edu.
1 IN PTR horse.zoo.edu.

Some items of note are:

The SOA record is as it was in the forward domain file. The @ in this case refers to the inverse domain, however.
The address to name mappings are defined with the PTR record type.
The first domain field contains the number used to complete the fourth octet of the IP address portion of the inverse inaddr. arpa domain.
The first field is always a domain field. Since the domain name here does not end with a dot, it will be completed with the value of the @.
The argument field of the PTR record should contain the FQDN of the name of the host being pointed at. This, in effect, completes the reverse address to name mapping.

/var/named/loopback-domain-info File

This file is used to specify the inverse loopback domain address to name translation. The contents are hard coded and this file is required on all DNS servers.

; Information for the loopback domain 127.in-addr.arpa.
@
IN SOA horse.zoo.edu. hostmaster.zoo.edu.
(
20060725 ; Serial number
43200 ; Refresh timer - 12 hours
3600 ; Retry timer - 1 hour
604800 ; Expire timer - 1 week
86400 ; Minimum timer - 1 day
)

Define name servers for this domain.

IN NS horse.zoo.edu.
; Define appropriate mappings for this domain. 1.0.0 IN PTR localhost.zoo.edu.

Some items of note are:

The @ can be used when the domain name is the same as the origin.
The only items you change from domain to domain in the SOA record are the hostname (first) argument and the email address used to report problems.
On the NS line, specify the name of the system being configured.
All other lines can be used as shown in this example.

Some Configurations Notes

Recall that one of the items a DNS server needs to know is the name and addresses of servers for all domains one level below. You must inform your parent domain of the names and addresses of all newly configured subdomains. This is a critical part of establishing the proper parenting relationship between upper- and lower-level domains. Although this will not be done in the lab, bare in mind that every domain setup requires notifying the parent domain of the names and addresses of all name servers in the subdomain.

Client/Server Common File Setup

The nsswitch.conf and resolv.conf files are required by all DNS clients and servers.

/etc/nsswitch.conf

The nsswitch.conf file specifies to the resolver library routines that the DNS is to be used in resolving host names and addresses. Modify the ns switch. conf file by editing the hosts line so that the keyword dns appears somewhere in the list of name services. Place this keyword last as local name services are usually consulted first.

A resulting appropriately configured file would contain a line that looks like:
hosts: files dns

/etc/resolv.conf

This file is used to specify to the resolver library routines the domain search list to apply to any names that are not specified in the FQDN form and to specify the IP addresses of DNS servers to query.
; resolv.conf file for DNS clients of the zoo.edu.domain.

search zoo.edu
nameserver 128.50.1.1 ; Primary Master Server for zoo
nameserver 128.50.2.1 ; Secondary Master Server for zoo

Some items of note are:

The search keyword specifies domain names to append to names that were not specified in the FQDN format as well as in what order to append them.

The nameserver keyword specifies DNS servers to query using IP address. (Do not specify host names!) Up to three nameserver keywords can be used to increase your chances of finding a responsive server. In general, the more responsive servers should be listed first. If this system is a name server itself, the loopback address might be used.

Testing DNS Configration

Once all of your configuration files have been entered, you will want to test your DNS domain information.

The primary test tool that comes bundled with BIND is the nslookup utility. In general, nslookup is used to do the following:

Send queries and display replies for any of the valid resource record types
Query the DNS server of choice
Debug almost any domain that is not protected by a firewall

In general, you will not be able to test every record in your domain files. Test representative samples, and test a few servers in other domains to ensure that you have correctly identified the root servers.

nslookup

A typical debug session might look something like the following:
Note - Much of the output has been omitted for clarity.

# nslookup

Default Server: horse.zoo.edu Address: 128.50.1.1

The server listed as the default server should be the first listed server in the /etc/resolv. conf file. This server can later be changed using the nslookup server directive.
> ls
Server: horse.zoo.edu Address: 128.50.1.1 Name: lion.zoo.edu
Address: 128.50.1.250 >
nslookup uses a greater-than (>) prompt. The name of the server being queried is always displayed first (and will be omitted from future examples) followed by the query and the reply.
In this example, the address (the default query) of the domain lion.zoo . edu. was requested.
> set type=ns
> zoo.edu.
...
zoo.edu. nameserver = horse.zoo.edu
horse.zoo.edu internet address = 128.50.1.1
In this example, all of the name servers for the domain are listed.

set type=ptr
128.50.1.1
...
1.1.50.128.in-addr.arpa name = horse.zoo.edu
In this example, the inverse address lookup is tested. Notice that n sl ookup allows you to enter the IP address in regular forward notation without the trailing in-addr. arpa. domain name.
server tuna.fish.edu.
Default Server: tuna.fish.edu. Address: 128.50.3.1
>
In this example, the DNS server was changed from the
horse.zoo.edu. to the tuna.fish.edu. server.
General testing might proceed as follows:

Test several name-to-IP address translations within your domain.

Test several IP-address (PTR record) translations within your domain.

Test name-to-address and address-to-name translations in other domains.

List name servers for your own and a few remote domains. l List SOA records for your own and a few remote domains.
If any of your tests have errors or has no response, it is time to debug.

BIND Debugging Tools

The main debug tool you have with BIND is having the name daemon dump its database to an ASCII file.

pkill -INT in.named This signal causes the name daemon to take a snapshot of its in-memory cached data and write this information to the file /var/named/named_dump.db in ASCII (resource record) format. (Notice that the name daemon process stores its process ID number in the file /etc/named. pid at start-up. You can use this with the shell command substitution shown previously to send signals to the name daemon without having to know its process number or use the ps command to determine its process number.) Use the - INT argument to debug non-authoritative lookups.

pkill -USR1 in.named This signal causes the name daemon to increase its debug level (disabled by default) by one. Each successive increase generates more debug output. You can examine the resulting output in the /var/named/named. run file. A discussion of this file is beyond the scope of this course and is discussed in DNS & BIND. The -USR argument is used to debug authoritative lookups.

pkill -USR2 in.named This signal causes the name daemon to return to debug level 0-no debug output.

pkill -HUP in.named This signal causes the name daemon to reread all of its configuration files. If you are having problems getting the name daemon to behave, it is sometimes wise to kill and restart the name daemon process rather than use the HUP signal.

You can edit the resulting file with your text editor and examine it for problems. Here is a list of typical problems you might have and how to discover them during debugging.

Misspelled /etc/resolv.conf file name. When this is the case, the nslookup command will not give you a prompt. Any time you type nslookup and do not get a prompt, check the spelling of this file name.
Missing trailing dot in a domain name. Depending on where you missed a trailing dot (perhaps the most common error of all in the configuration files), the symptoms can vary. A missing trailing dot at the end of an FQDN will result in the name being stored internally with the domain part of the name doubled.
Check the named_dump.db file created by the pkill - INT command and look for doubled domain names for all resource records that refuse to work properly in nslookup.
Incorrectly specified IP addresses for name servers in the /etc/resolv.conf file.
When this happens the nslookup utility will not give you a prompt. Double-check the spelling of the nameserver keyword and the entering of IP addresses in the /etc/resolv. conf file.
Incorrect entry of either the forward or inverse entries for the loopback domain. This is another problem that will cause nslookup to not give you a prompt. Add this to your list of items to check when nslookup "hangs."

Secondary DNS Server Setup

The contents of the /etc/named.conf file is simpler than that of the primary server. If a server is to provide both roles, a primary server for some domains and a secondary server for other domains, the /etc/named.conf file must contain keywords appropriate to both of these functions.

When you add a secondary server, it is important to coordinate with the primary server. The primary server should have an NS record for the secondary server in all files describing all domains for which the secondary will be serving. .

Testing and Debugging

You should test and debug secondary servers essentially the same as primary servers (using nslookup and pkill -INT to dump the name server's database when necessary).

DNS Security

DNS by its nature makes networks connected to the Internet vulnerable to unauthorized access. Up to BIND version 4.9, domain administrators had no way to control look-up data on their name servers. Solaris version 7 reduces the vulnerability of your network by implementing BIND version 8.x.x.

BIND version 8.x.x features are established in the configuration file /etc/named.conf. This configuration file specifies the type of server it is running on and the zones that it serves as a master, slave, or stub. It also defines security, logging, and a finer granularity of options applied to zones.

Restricting Queries

The BIND version 8.x.x allow-query statement enables you to establish an IP address-based access list on queries. This list can apply to a zone, or to any queries received by the server. The access list determines which systems are allowed to send queries to the server.

Restricting All Queries
Used as an argument to the options statements, allow-query imposes a restricted access list across the Internet. For example:

options { allow-query { 128.50.1.3/24; 128.50.2.2/24; } ; };

In this case, only systems with IP address 128.50.1.3 and 128.50.2.2 would have access to the name server.
Restricting Queries in a Particular Zone Used as an argument to the zone statement, allow-query imposes a restricted access list to a particular zone. For example:

zone "central.sun.com" {
type slave;
file "db.central";
masters { 128.50.1.1; } ; allow-query { "zoo.edu"; } ;

In this case, only subnet zoo.edu would have access to the name server.

Preventing Unauthorized Zone Transfers

Another important security issue is ensuring that only authorized slave name servers can transfer zones from your name server. The BIND version 8.x.x allow-transfer statement allows you to establish an IP address-based access list on zone transfers.

Authorizing Zone Transfer. Used as an argument to the zone statement, allow-transfer imposes a restricted access list to a particular slave server for zone transfers. For example:

zone "central.sun.com" {
type master;
file "db.central";
allow-transfer { 128.50.1.2; } ;

In this case, only slave server 128.50.1.2 could perform zone transfers. Block All Transfers
The BIND default access list for zone transfers is any host. If you want to block all transfers from your name server specify the allow-transfer host as "none".

For example:

zone "central.sun.com" {
type master;
file "db.central";
allow-transfer { none; } ;
Authorizing Global Zone Transfer. BIND will also let you establish a global access list on zone transfers. This applies to any zones that do not have their own, explicit access list defined as zone statements. The option allow-transfer limits zone transfers to only the enumerated address. For example:

options {
allow-transfer { 128.50.1.3/24;} ;

In this case, only slave server 128.50.1.3 could perform zone transfers across the Internet.

Miscellaneous DNS Topics

Following are other DNS subjects to consider:

$ Directives

$ORIGIN domain.name.
The $ORIGIN directive resets the current origin, which is set to the value of the @ at the beginning of the SOA record by default. Recall the current origin is appended to any domain name on any resource record not ending in a dot.
You sometimes use $ORIGIN when defining many records that refer to systems in another domain and when using $ORIGIN would save keystrokes.
$ORIGIN can be used as many times in a file as desired.
The $INCLUDE directive is used to include the text of the file specified by path-to-file at the current point in the configuration file.
Included text occurs as if you had typed it in the file yourself at exactly the same place as the $ORIGIN with the exception that any origin set in the original file with a $ORIGIN directive does not carry over to the records from the included file.
You can use $ INCLUDE as many times in a file as you desire.

h2n. h2n is a Perl script that largely automates the initial setup and subsequent maintenance of DNS zones. h2n takes command-line options, reads the /etc/inet/hosts-like file and several other configuration files, and generates all of the required DNS configuration files. Updating a domain consists of editing the original /etc/inet/hosts-like file and rerunning h2n. Serial numbers are also automatically updated to keep secondary servers updating correctly. You can find h2n on the Internet by using your favorite search engine. The script that you download assumes that you have Perl loaded and running on your DNS server.
DIG. DIG is a DNS debugging tool created by the developer of DNS that allows more in-depth control over debugging than the nslookup utility that comes with BIND.

DNS Resources

The following is a list of resources you can use when configuring DNS:

info.bind newsgroup This newsgroup contains discussions about DNS and BIND and announcements of various kinds from the BIND developers and the ICANN. It is a good newsgroup to browse from time to time.
www.internic.net. The web site of the INTERNIC contains information about how to register a domain, the official list of root servers, and various DNS procedures and policies. It is the originating repository for all RFCs.
RFCs. There are many of RFCs on or related to DNS. The following list identifies a few of the more significant ones:
- RFC 1032 - Domain Administrators Guide
- RFC 1033 - Domain Administrators Operations Guide
- RFC 1034 - Domain Names - Concepts and Facilities
- RFC 1536 - Common DNS Implementation Errors and Suggested Fixes
- RFC 1713 - Tools for DNS Debugging
- RFC 1886 - DNS Extensions to Support IP Version 6
- RFC 1912 - Common DNS Operational and Configuration Errors
- RFC 2136 - Dynamic Updates in the Domain Name System (DNS UPDATE)

Cuddletech's BIND Cheat Sheet

Source can be found at: http://www.isc.org/products/BIND/

Files of interest:
	-/etc/named.conf	BINDs central configuration file
	-/var/named		Directory containing maps
	 -db.cache		Root Server Referance
	 -db.<domain>		Host Listings, Aliases, etc.
	 -db.XX.XX.XX		Reverse Maps
	 -db.127.0.0		Local Domain Reverse Map


*********************************************************************************
DB Files:
---------

 You'll have several DB files.  The first is the name-to-address
mapping.  Typically this file is named "db.<domain>".  The second
DB file you'll have is the address-to-name mapping, typically
contained in a file named "db.xx.xx.xx" (eg: db.10.1.0).  These
maps are also commonly called "reverse maps".  While there is 
generally only one name-to-address map, there should be one
reverse map per network.  The last map will be the loopback
map, named "db.127.0.0", which obviously is also a reverse map.

 Note that the headers are: zone, class, type, nameserver, admin mail.
This is important.  The address here "ns.cuddletech.com." is 
the name of the primary master for "this data".  The second is
the email address for the DNS admin, with a "." in place of an "@".
The mail address is not used by the daemon and is only for human
consumption.

DB File Record Types:
	SOA	Indicates authority for this zone data
	NS 	List a name server for this zone
	MX	Mail Exchanger
	A	Name-to-Address mapping
	PTR	Address-to-Name mapping
	CNAME	Canonical name (aliases)
	IN	INternet Class (optional)
	RP	Responsable Person
	TXT	Text Field

Example of name-to-address map	   	    (File: db.cuddletech)
-----------------------------------------------------------------
cuddletech.com. IN SOA ns.cuddletech.com. root.ns.cuddletech.com. (
                                4        ; Serial
                                10800    ; Refresh
                                3600     ; Retry
                                604800   ; Expire
                                86400 )   ; Minimum TTL

; Name Servers

cuddletech.com.                 IN NS   ns.cuddletech.com.

; Host Addresses

localhost.cuddletech.com.       IN A    127.0.0.1
ns.cuddletech.com.              IN A    10.0.0.1
pris.cuddletech.com.            IN A    10.0.0.2
deckard.cuddletech.com.         IN A    10.0.0.3

; Aliases....

nexus.cuddletech.com.           IN CNAME ns.cuddletech.com.
nexus6.cuddletech.com.          IN CNAME ns.cuddletech.com.
intraweb.cuddletech.com.        IN CNAME deckard.cuddletech.com.
-----------------------------------------------------------------


Example of address-to-name (reverse) map        (File: db.10.0.0)
-----------------------------------------------------------------
0.0.10.in-addr.arpa. IN SOA ns.cuddletech.com. root.ns.cuddletech.com. (
                                4        ; Serial
                                10800    ; Refresh
                                3600     ; Retry
                                604800   ; Expire
                                86400 )   ; Minimum TTL

; Name Servers

0.0.10.in-addr.arpa.    IN NS   ns.cuddletech.com.

; Canonical Names

1.0.0.10.in-addr.arpa.  IN PTR  ns.cuddletch.com.
2.0.0.10.in-addr.arpa.  IN PTR  pris.cuddletech.com.
3.0.0.10.in-addr.arpa.  IN PTR  deckard.cuddletech.com.
-----------------------------------------------------------------


Example of loopback map			       (File: db.127.0.0)	
-----------------------------------------------------------------
0.0.127.in-addr.arpa. IN SOA ns.cuddletch.com. root.ns.cuddletech.com. (
                                4        ; Serial
                                10800    ; Refresh
                                3600     ; Retry
                                604800   ; Expire
                                86400 )   ; Minimum TTL

0.0.127.in-addr.arpa.           IN NS   ns.cuddletech.com.

1.0.0.127.in-addr.arpa.         IN PTR  localhost.
-----------------------------------------------------------------

NOTE: Here are some tricks...
 - You can add a "@" before your SOA entry and shorten things a bit,
   excluding the zone name, and modifing entries like this:
   The record: ns.cuddletech.com.              IN A    10.0.0.1
   Becomes:    ns		 	       IN A    10.0.0.1
   Or this: 0.0.10.in-addr.arpa.    IN NS   ns.cuddletech.com.
   Becomes: 			    IN NS   ns.cuddletech.com.
   Or this: 2.0.0.10.in-addr.arpa.  IN PTR  pris.cuddletch.com.
   Becomes: 2			    IN PRT  pris.cuddletch.com.
   And this: intraweb.cuddletech.com.        IN CNAME deckard.cuddletech.com.
   Becomes:  intraweb			     IN CNAME deckard 
  
 - You can omit the class in all records, the "IN". INternet Class is assumed.
 - Leaving the record name blank implies the last record name, repeated.  In
   our previous examples, @ was being interpreted as the zone name, and in
   our example we listed the NS entry as having no entry name.  That's because
   @ would be expanded to "0.0.10.in-addr.arpa.", and the first record is
   our NS entries, who's records would be named "0.0.10.in-addr.arpa."...
   a repeat.  This is why they can be omitted.  This same principle is avalible 
   throughout the db files.
 - The MX type, is for mail routing.  Use this to point to your MTA.  Syntax is:
	(domain)	     (priority)        (MTA)	
	cuddletech.com.	IN MX	1	mailhub.cuddletech.com.	
 - The RP and TXT types work together.  Their syntax is:
	(host) 		(email addr)		(record)
	ns	IN RP	root.cuddletech.com. system.cuddletech.com.
	system	IN TXT 	"This is an administrative system"
	
*********************************************************************************
The Root Cache DB File:

 The special map thats the same everywhere (almost) is the
root cache db (typically named: db.cache).  This file is
obtained from interNIC's ftp server, and contains the data
needed to access/reference the root servers.
 The map can be obtained at:
ftp://FTP.RS.INTERNIC.NET/domain/named.root


*********************************************************************************
The BIND Configuration File:

 The BIND configuration file is named /etc/named.conf.  If it's named
/etc/named.boot your on a system loaded with BIND 4.x.  Some systems
will an "in" between the zone and "{", this denotes class, INternet 
class.  The "in" (in all cases) is assumed and can be removed.  Note
that the MINIMUM number of zones anyone will have is FOUR.



Example of BIND's config file		  (file: /etc/named.conf)	
-----------------------------------------------------------------
options {
        directory "/var/named";
};

zone "." {
        type hint;
        file "db.cache";
};

zone "0.0.127.in-addr.arpa" {
        type master;
        file "db.127.0.0";
};

zone "0.0.10.in-addr.arpa" {
        type master;
        file "db.10.0.0";
};

zone "cuddletech.com" {
        type master;
        file "db.cuddletech";
};
-----------------------------------------------------------------


*********************************************************************************
Setting up a SLAVE Server:

 Slave servers are even easier.  If BIND is already installed
 on the server, here are the steps:

 1) Copy "named.conf" from the master server to the slave.

 2) Create a directory for the databases, according the
	the config files "directory" directive.
 
 3) Copy the local-reverse map (db.127.0.0) and the root cache (db.cache)
	files into the slaves database directory.

 4) Edit "named.conf", changing the map names from "type master;", to
	"type slave;", for all zones with the exceptions of the root
	cache and the local-reverse map. 

 5) Still editing "named.conf", add a "masters" directive to all the
	slave zones, in the form: "masters { XX.XX.XX.XX; };"

 6) Start the server like normal.


Example of a Slave BIND config file       (file: /etc/named.conf)
-----------------------------------------------------------------
options {
        directory "/var/named";
};

zone "." {
        type hint;
        file "db.cache";
};

zone "0.0.127.in-addr.arpa" {
        type master;
        file "db.127.0.0";
};

zone "0.0.10.in-addr.arpa" {
        type slave;
        file "db.10.0.0";
	masters { 10.0.0.1; };
};

zone "cuddletech.com" {
        type slave;
        file "db.cuddletech";
	masters { 10.0.0.1; };
};
-----------------------------------------------------------------

*********************************************************************************
BIND Signal Handling:						 (process: named)

	Signal		Action
	------		-------------------------------------------------------------
	HUP		Reload the name server.  Master reloads. Slaves pull new maps.
	INT		Dump the internal database to <directory>/named_dump.db
	ILL		Append name server stats to named.stats in name servers cwd
	USR1		Append debuging info to named.run in name servers cwd
	USR2		Turn off debugging.
	WINCH		Toggle logging all queries to syslog
	TERM		Exit and save dynamic zones to files.

*********************************************************************************
Building BIND from Source

 This is a simple process.  Grab the source from ftp.isc.org/isc/bind/src/cur/bind-8/
Then unpack, change into that directory and:
 1) make stdlinks
 2) make clean
 3) make depend
 4) make
 5) make install

*********************************************************************************
The complete, and thorough Resource Record (RR) syntax reference:

- A address
	(owner) (class) (ttl) A (address)
	Example: localhost.cuddletech.com. IN A 127.0.0.1
	Where: address is a 32bit address
- CNAME canonical name
 	(owner) (class) (ttl) CNAME (canonical-dname)
	Example: yummy IN CNAME icecream.cuddletech.com.
	Where: owner is the alias, and cname is the real name
- HINFO host information
	(owner) (class) (ttl) HINFO (cpu) (os)
	Example: system.cuddletech.com. IN HINFO Sun4500 Solaris
	Where: cpu is a string specifing the cpu and os is a string
		specifying the os.
- MB mailbox domain name - experimental
	(owner) (class) (ttl) MB (mbox-dname)
	Example: root.cuddletech.com. IN MB ns.cuddletech.com.
	Where: mbox is a domain-name which specifies a host with the
		specified mailbox.
- MD mail destination - obsolete
	Replaced with MX
- MF mail forwarder - obsolete
	Replaced with MX
- MG mail group member - experimental
	(owner) (class) (ttl) MG (mgroup-dname)
	Example: admin.cuddletech.com. IN MG root.cuddletech.com
					IN MG oracle.cuddletech.com
	Where: owner is the address, and mgroup is the "subscribers"	
- MX mail exchanger
	(owner) (class) (ttl) MX (preference) (exchange-dname)
	Example: cuddletech.com. IN MX 0 mts.cuddletech.com.
	Where: owner is the domain, preference is the order in	
		which mx records should be used, and exchange
		is the name of the mail server.
- NS name server
	(owner) (class) (ttl) NS (name-server-dname)
	Example: cuddletech.com. IN NS ns.cuddletech.com.
	Where: dname is the dns server, and owner is the domain
- PTR pointer
	(owner) (class) (ttl) PTR (dname)
	Example: 1.100.164.192.in-addr.arpa. IN PTR system.cuddletech.com.
	Where: dname is the dns name, and owner is the reversed address
- SOA start of authority
	(owner) (class) (ttl) SOA (source-dname) (mbox) "("
		serial refresh retry expire minimum ")"
	Example: cuddletech.com. IN SOA ns.cuddletech.com. root.ns.cuddletech.com (
			1; 10800; 3600; 604800; 86400 )
	Where: owner is the name of the zone, source-dname is the name 
		of the primary name server, and where mbox is the mailbox
		responsible for this domain
- TXT text
	(owner) (class) (ttl) TXT (text-string)
	Example: newsys.cuddletech.com. IN TXT "Location: Under the Desk"
	Where: owner is the owner is the system and txt-string
		is the description
- WKS well-known service
	(owner) (class) (ttl) WKS (address) (protocol) (service-list)
	Example: server.cuddletech.com. IN WKS 10.0.0.5 TCP ( telnet ssh ftp domain ) 
	Where: owner is the machine name, address is a 32bit address, protical
		is the protical name, and service list is the services to direct.


--------------------
Useful Links:
The DNS Resource Directory: http://www.dns.net/dnsrd/
DNS Boss Config App: http://www.dnsboss.com/
DNS Documentation: http://www.isc.org/products/BIND/bind8.html
Interesting Tools: http://www.domtools.com/

########################DAS ENDE####################################################
########Created for & by: [email protected]#######################################
###################################################################\(^_^)/##########

Etc

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers : Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda : SE quotes : Language Design and Programming Quotes : Random IT-related quotes : Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce : Bernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 : Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds : Larry Wall : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS : Programming Languages History : PL/1 : Simula 67 : C : History of GCC development : Scripting Languages : Perl history : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month : How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D

Copyright © 1996-2021 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to to buy a cup of coffee for authors of this site

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: March, 12, 2019