AfNOG
2003 Kampala, Uganda
Track
1 Scalable Internet Services
In
the previous exercise we setup a caching-only name server. In this exercise we
will setup an authoritative primary/master name server.
1. Edit the /etc/namedb/named.conf file and change the directive recursion from yes to no and delete the
line that has the allow-query directive. It should look like the entry below
after your edits.
options {
directory
"/etc/namedb";
recursion
no;
};
2. Restart the name daemon and test to see if your server is still
resolving recursively.
# ndc restart
# dig @81.199.110.# isc.org ns
Question: Is
your named server resolving recursively? _______________
What could be
the reason?
Answer:____________________________________________________
3. Change directory to /etc/namedb
# cd /etc/namedb
4. Create the primary and secondary zone file directories.
# mkdir m
# mkdir s
5. Create the zone file for your domain <domain-name>.afnogws.gh.
# vi m/<domain-name>.db
Add the following lines to
the <domain-name>.db file.
$TTL 1d
@ IN SOA
pc#.t1.ws.afnog.org.
root.<domain-name>.afnogws.gh.
(
2003061000 ;serial YYYYMMDDnn
6h ;refresh
1h ;retry
2w ;expire
1h ;nttl
)
@ IN NS pc#.t1.ws.afnog.org.
IN A 81.199.110.#
www IN A 81.199.110.#
Note: Replace all instances of <domain-name> with your master/primary zone on the worksheet or one that you have selected to use, and # with your pc number.
6. Edit the /etc/namedb/named.conf file and make the following entry at the end of the file.
zone "<domain-name>.afnogws.gh"
{
type master;
file
"m/<domain-name>.db";
};
Note: Replace <domain-name> with your master/primary zone on the worksheet or one that you have selected to use.
7. Reload the zone files.
# ndc reload
8. Check if named is running by issuing the following command.
# ps aux | grep named
9. Check the version of BIND you are running.
# /usr/sbin/named -v
10.
Test if your server is able to resolve the domain
<domain-name>.afnogws.gh.
# dig @127.0.0.1 www.<domain-name>.afnogws.gh a
# dig @81.199.110.100 www.<domain-name>.afnogws.gh a
Answer:______________________________________________________
Question: Was the 81.199.110.100 server able to resolve your domain in
the second command?
Answer:______________________________________________________
Question: Why was the 81.199.110.100 server unable to resolve your
domain?
Answer:______________________________________________________
Ask
a friend to setup a slave/secondary name server for your domain (Refer to your
worksheet). Remember in real life you
should look for a secondary name server on a different network (see RFC-2182).
This
takes us to the next exercise where you will be setting up a secondary name
server for a friend. ;o)
Fill out the
following for your friend who is going to setup a secondary/slave name server
for your domain.
Domain Name :
Primary Name Servers FQDN :
Primary Name Servers IP Address :
Secondary Name Servers FQDN :
Secondary Name Servers IP Address:
..
Request For Secondary Name
Server
You
friend will have to fill this section for you
AfNOG
2003 Kampala, Uganda
Track
1 Scalable Internet Services
In this exercise you will setup
secondary name services on your computer for the computer next to you. Please
refer to the worksheet given to you.
Talk to the person sitting next to you
to provide secondary name services for your domain based on the worksheet
provided.
Do
the following on your own computer.
Edit the /etc/namedb/m/<domain-name>.db (where <domain-name>.db is the zone
file you created in the previous exercise) and make an entry in there for a
secondary name server.
The entries will look something like:
<
After
your SOA record
>
IN NS pc#.t1.ws.afnog.org.
IN NS pc##.t1.ws.afnog.org.
IN A 81.199.110.#
;
; Address (A) records go
in this section.
;
pc#.t1.ws.afnog.org. IN A 81.199.110.#
pc##.t1.ws.afnog.org. IN A 81.199.110.##
NOTE: DO NOT FORGET to increase the
serial number in the zone file (usually by 1).
Do
the following on your computer for your friend, and your friend should be doing
the same for you.
1. Edit the /etc/namedb/named.conf file and make the following entry.
zone
"<friends-domain-name>.afnogws.gh" {
type slave;
file
"s/<friends-domain-name>.db";
masters
{
81.199.110.##;
};
};
Replace
<friends-domain-name>
with the domain name of your friend. Please refer the worksheet.
Replace
## in the IP address with the IP address of the computer next to you.
2. Reload the zone files.
# ndc reload
3. Check the log file /var/log/messages to ensure that your
named server started without any errors.
4.
Check if the <friends-domain-name>.db file exists in
the /etc/namedb/s directory.
If it does exist, it means the secondary server has transferred the zone file
from the primary name server. This file is created by the named daemon.
# ls al /etc/namedb/s
5.
If it does not exist you will have to debug the problem to
figure out what the problem could be. Your main debugging tool here will be the
log file /var/log/messages.
6.
Once you get the <friends-domain-name>.db file in the
/etc/namedb/s directory, Test if your server is resolving the domain.
# dig @127.0.0.1 <friends-domain-name>.afnogws.gh ns
Where
<friends-domain-name> is the domain for which you are running secondary
name services.
7.
Test if the secondary your friend setup for you works.
# dig @81.199.110.## <domain-name>.afnogws.gh ns +norec
NOTE: You have just successfully setup a secondary name server
for your friend. Ensure that the secondary name server for your domain is also
working. If you test it and it is working, Congratulations!!!
you are now ready to go to the hostmaster for delegation of your domain.
8.
Please fill the domain name request form below and submit it
to the hostmaster.
Domain Name :
Primary Name Servers FQDN :
Primary Name Servers IP Address :
Secondary Name Servers FQDN :
Secondary Name Servers IP Address:
Domain Name Request Form
9.
Once you get acknowledgement from the hostmaster about the
delegation of your domain name, test it using dig.
# dig @81.199.110.100 <domain-name>.afnogws.gh ns +norec
Check
if the name servers in the answer section are the same as that you submitted to
the hostmaster.
10.
Test recursively that data is consistent amongst all the
name servers starting with:
# dig @a.root-servers.net
<domain-name>.afnogws.gh ns +norec
YOU
KNOW THE REST OF THE STORY