09.12.2021
The DNS (Domain Name System) is a naming system for computers, the service that does that is called DNS server which translates an IP address to human readable address, this process is the backbone of the internet and very important service in your server, so from that point, we will discuss DNS server or specifically Linux DNS server and how to install, configure and maintain it.
The config file /etc/hosts
Without the need to DNS server, It’s reasonable for each system to keep its own copy of a table of the hostnames on the local network with their corresponding IP addresses especially small sites with no internet connection.
In Linux systems, this table is the /etc/hosts file.
So even if you don’t have DNS server or DNS server is unavailable this file can translate IP addresses to names using /etc/hosts file.
Or maybe you have already DNS server but you want to keep this file for some other reasons. For example, a system might need to look up an IP address locally before going out to query the DNS server
That means the system goes for this file first before going to DNS server if it found the domain on it will translate it without going to any DNS servers.
Try to edit /etc/hosts and type the following
127.0.0.1 google.com
Then go to your browser and type google.com and see the results. If you have apache installed on your system and your localhost is running it will show the index page of the localhost instead of google page.
You can translate google.com to any other IP address of any site and see the result to ensure that.
So what this file is doing is translate IP address to names, but this for the same connected network, so what about the outside networks and how to maintain all those records for all systems?
Will everybody manage his own /etc/hosts file and update it himself?
A more robust naming service is DNS Server.
Domain Names
When you visit a website, you type the FQDN (Fully Qualified Domain Name) or domain name like this likegeeks.com or www.google.com
Each text between the dots on the domain starting from the right to the left is the top-level domain component, the second-level domain component, and the third-level domain component.
So the text com is the top-level domain component and google is the second-level domain component and www is the third-level domain component
Actually, when you visit any website the browser silently adds a dot at the end of the domain but not visible to you, so the domain will be like www.google.com. Notice the dot after .com, this dot is called the root domain.
But why this root domain or the dot at the end of the domain?
Because this dot is managed by a bunch of special servers known as the root name servers. At the time of this post, there are 13 root name servers in the world, you can think of them as the brain of the internet, if they go OFF the world will be without the internet.
And why 13?
Because maybe an earthquake in one part of the world might destroy a root server so the others serve until the affected servers come back online.
Those root name servers are named alphabetically, with names like a.root-server.net, b.root-server.net, and so on.
Top Level Domain Names (TLDs)
We’ve seen top level domain component such as com. You can say that the top level domains provide the categorical organization of the DNS namespace.
Top level domains (TLDs) are divided into categories based on geographical or functional aspects.
There are more than 800 top level domains on the web at the time of this post writing.
The top level domains categories are:
- Generic top-level domain like (.org, .com, .net, .gov, .edu and so on).
- Country-code top-level domains like (.us, .ca and so on) corresponding to the country codes for the United States and Canada respectively.
- New branded top-level domains which allow organizations to create any TLDs with up to 64 characters like (.linux, .microsoft, .companyname and so on).
- Infrastructure top-level domains like .arpa domain.
Subdomains
When you visit a website like mail.google.com the mail here is a subdomain of google.com.
Only the name servers for mail.google.com know all the hosts existing beneath it, so google answers if there is mail subdomain or not, the root name servers have no clue about that.
Types of DNS Servers
There are three types of DNS servers
- Primary DNS servers: they are considered authoritative for a particular domain on which the domain’s configuration files reside. A primary name server is simply a DNS server that knows about all hosts and subdomains existing under its domain.
- Secondary DNS server: they work as a backup and load distribution for the primary name servers. Primary servers know of the existence of secondary name servers and send updates to them.
- Caching DNS server: They contain no configuration files for any particular domain. When a client requests a caching server to resolve a name, that server will check its own local cache first. If it cannot find a match, it will ask the primary server. This response is then cached. You can make your system work as a caching server easily.
Setting up a Debian Linux DNS Server
There are many packages on Linux that implement DNS functionality, but we will focus on BIND DNS server. It is used on most DNS server worldwide.
Debian based systems like Ubuntu
apt-get install bind9
Once the installation completed you can start it and enable it to run at boot time.
systemctl start named
systemctl enable named
Configuring BIND9
The service configuration is /etc/named.conf file. There are some statements that BIND uses in that file like:
- options used for global BIND configuration.
- logging what can be logged and what is ignored. I recommend you to review Linux syslog server.
- zone define DNS zone.
- include to include another file in named.conf.
From the options statement you can see that the working directory for BIND is /var/named directory. The zone statement allows you to define a DNS zone. Like the domain google.com which has also subdomains like mail.google.com and analytics.google.com and other subdomains. Every one of those three (the domain and subdomains) has a zone defined by the zone statement.
Defining a Primary Zone
We know from the DNS server types that there are primary, secondary and cache DNS servers. Primaries and secondaries are considered equally authoritative in their answers, unlike caching server. To define a primary zone in /etc/named.conf file you can use the following syntax
zone "lxu.io" {
type master;
file lxu.io.db
};
The file that contains the zone information is located in /var/named directory since this is the working directory as we know from the options.
Note that the server software or the hosting panel creates this file with this name automatically for you so if your domain is example.org, you will have a file in /var/named/example.org.db. The type is master which means this is a primary zone.
Defining a Secondary Zone
The same as the primary zone definition with little change.
zone "lxu.io" {
type slave;
masters IP Address list; ;
file lxu.io.db
};
On the secondary zone, the domain is the same as the primary zone and the type slave here means this is a secondary zone, and the masters option to list the IP addresses of the primary nameserver and the file is the path of where the server will keep copies of the primary’s zone files.
Defining a Caching Zone
It is necessary but not required to have a caching zone even if you are running primary or secondary server, so you decrease the queries on the DNS server.
To define a caching zone you need to define three zone sections the first one
zone "." IN {
type hint;
file "root.hint";
};
The first zone entry here is the definition of the root name servers. The type hint**;** specifies that this is a caching zone entry, and the file “root.hints”; specifies the file that will prime the cache with entries pointing to the root servers ( the 13 root name server). You can get the latest root name server from http://www.internic.net/zones/named.root
The second zone defined in the /etc/named.rfc1912.zones file and included in /etc/named.conf via include directive which is already included by default.
zone "localhost" IN {
type master;
file "localhost.db";
};
The third zone defines the reverse lookup for the localhost. This is the reverse entry for resolving the localhost address (127.0.0.1) back to the local hostname
zone "0.0.127.in-addr.arpa" IN {
type master;
file "127.0.0.rev";
};
Putting these three zones on /etc/named.conf will make your system work as a caching DNS server. But what about the content of the files referenced like likegeeks.com.db, localhost.db, and 127.0.0.rev
These files contain the DNS record types for each zone with some options. So what are those DNS record type and how they are written?
DNS Records Types
The database files consist of record types like SOA, NS, A, PTR, MX, CNAME and TXT.
So let’s start with each record type and see how it is written
SOA: Start of Authority Record
The SOA record starts the description of a site’s DNS entries with the following format
example.com. 86400 IN SOA ns1.example.com. mail.example.com. (
2017012604 ;serial
86400 ;refresh, seconds
7200 ;retry, seconds
3600000 ;expire, seconds
86400 ;minimum, seconds
)
Line 1 starts with the domain emxaple.com. and ends with a period. Which is the same as the zone definition in /etc/named.conf file.
Keep in mind that DNS configuration files are extremely picky.
The IN word tells the name server that this is an Internet record.
The SOA word tells the name server this is the Start of Authority record.
The ns1. example.com**.** is the FQDN for the name server for this domain where this file resides.
The mail.host.com. is the e-mail address for the domain administrator. You may notice there is no @ sign and it is replaced with the period, and there is a trailing period.
Line 2 is the serial number which is used to tell the name server when the file has been updated, so if you make a change to the zone data you have to increment this number. The serial number has the format YYYYMMDDxx where xx is starting from 00
Line 3 is the refresh rate in seconds. This value tells the secondary DNS servers how often they should query the primary server to see if the records have been updated or not.
Line 4 is the retry rate in seconds. If the secondary server tries but cannot connect to the primary DNS server to check for updates, the secondary server tries again after the specified number of seconds.
Line 5 is the expire directive. It is intended for secondary servers that have cached the zone data. It tells these servers that if they cannot connect to the primary server for an update, they should discard the value after the specified number of seconds
Line 6 tell caching servers how long they should wait before expiring an entry if they cannot contact the primary DNS server.
NS: Name Server Records
The NS record is used for specifying which name servers maintain records for this zone. You can write NS records like this
IN NS ns1.example.com.
IN NS ns2.example.com.
It is not required to have 2 NS records but it is preferred to have backup name servers.
A and AAAA: Address Records
The A record is used to provide a mapping from hostname to IP address
support IN A 192.168.1.5
If you have a host at support.example.com on address 192.168.1.5, you can type like the above example. Note here we write the host without a period.
PTR: Pointer Records
The PTR record is for performing reverse name resolution, allowing someone to specify an IP address and determine the corresponding hostname. This is the opposite of what A record does.
192.168.1.5 IN PTR support.example.com.
Here we type the full host name with the trailing period.
MX: Mail Exchange Records
The MX record tells other sites about your zone’s mail server
example.com. IN MX 10 mail
The domain ends with a period of course, the number 10 is the importance of the mail server if you have multiple mail servers, where the lower number is the less important.
CNAME: Canonical Name Records
CNAME records allow you to create aliases for host names.
This is useful when you want to provide an easy-to-remember name.
Suppose a site has a web server with a hostname of whatever-bignameis.example.com and since the system is a web server, a CNAME record, or alias, of www can be created for the host.
So you can create CNAME record to make the name www.example.com
whatever-bignameis IN A 192.168.1.5
www IN CNAME whatever-bignameis
The first line to tell the DNS server about the location of the alias, the second line creates the alias that points to www.
TXT Records
You can put any information on TXT records like your contact information if you want or any other information you want the people to know when they query your DNS server.
You can write TXT records like this
example.com. IN TXT "YOUR INFO GOES HERE"
Also, the RP record was created as an explicit container for a host’s contact information
example.com. IN RP mail.example.com.
example.com.
DNS TTL Value
In /etc/named.conf on the top there is $TTL entry.
This entry tells BIND what the time to live value for each individual record.
It takes a value in seconds like 14400 seconds (4 hours), so the DNS servers will cache your zone up to four hours then will query your DNS server again.
You can lower the value but the default value is fair. Unless you know what you are doing.
Catching Configuration Errors
When you write your zone files, maybe you forget a period or space or any other error.
You can diagnose your Linux DNS server errors from the log. The BIND service through errors on /var/log/messages, you can use tail command to view real-time error log using -f option.
tail -f /var/log/messages
So when you write a zone file or modify /etc/named.config and restart your service and shows an error you can easily identify the error from the log.
Host Command
After you have successfully added or modified your records, you can use host command to see if your host if resolved correctly.
Host command allows you to resolve hostnames into IP addresses.
host example.com
Also, you can perform reverse lookups
host 192.168.1.5
You can check this post about host and dig command Linux network command
Whois Command
The whois command is used for determining ownership of a domain.
Also, the owner’s e-mail addresses, and contact phone numbers.
whois example.com
The rndc Command
The rndc tool can be used to manage the name server securely because all communication with the server is authenticated with digital signatures.
This tool is used for controlling the name server and also debugging problems.
You can check the status of the Linux DNS server like this:
rndc status
Also, if you make a change to any of the zone files, you can reload the service without restart the named service.
rndc reload example.com
Here we reload the example.com zone file.
You can reload all zone like this:
rndc reload
Or maybe you add new zones or change the configuration of the service, you can reload the configuration like this:
rndc reconfig
Linux DNS resolver
We’ve seen how Linux DNS server works and how to configure it. The other part is, of course, the client who is contacting the DNS server, the host that’s contacting the DNS server to resolve a hostname into an IP address.
On Linux, the resolver handles the client side of the DNS. To configure the resolver, you can check the configuration file /etc/resolv.conf
On Debian based distros you can check /etc/resolvconf/resolv.conf.d/ directory.
The /etc/resolv.conf file contains the information necessary for the client to know what its local DNS server is.
The first indicates the default search domain, and the second indicates the IP address of the host’s name server.
The nameserver lines tell the resolver which nameserver to use, you can use your own DNS server once your BIND service running.
Working with Linux DNS server is pretty easy. I hope you find the post useful and easy.