type master;
file "named.zero";
allow-update { none; };
};
include "/etc/rndc.key";
The options section sets up the basic file and directory locations for the server. controls limits which machines can control named (in this case, only programs running on the localhost, and only if they have the correct security key); and the include line at the end accesses that encryption key from another file and causes named to act as though it's included in this file.
The rest of this file consists of zone sections. The first zone section is for the entire Internet and refers to the file /var/named/named.ca , which contains the names and addresses of the master domain name servers, called the root servers . The extension .ca stands for cache.
If you have the package bind-chroot installed, then prepend the directory /var/named/chroot/ to pathnames throughout this chapter. For example, /var/named would become /var/named/chroot/var/named, and /etc/named.conf would become /var/named/chroot/etc/named.conf.
bind-chroot is a package intended to increase the security of the nameserver. It is considered obsolete, since SELinux now provides similar protection.
The remaining zone sections are used to resolve standard requests, such as the address of localhost and localhost.localdomain (always 127.0.0.1), and the reverse of those requests.
To create a new zone, add it to the end of this file (you can copy an existing zone entry and then modify it):
zone " fedorabook.com " IN {
type master;
file " fedorabook.com.db ";
allow-update { none; };
};
This specifies the name of the zone (exactly the same as the name of the domain) and the file in which this zone's information can be found. You can enter any filename you want, but names based on the domain and ending with .db or hosts such as fedorabook.com.db or fedorabookhosts are traditional.
Next, create the file for the zone. This is a standard text file with a very exact syntax.
The file starts with the default TTL for the zone:
$TTL 3D
The value here represents three days. You can use any combination of numbers suffixed with W , D , H , M , or S (representing units of weeks, days, hours, minutes, and seconds) concatenated together, or you can specify the time in seconds; some examples are shown in Table 7-5.
Table 7-5. named time values
| Entry | Description | Equivalent number of seconds |
|---|---|---|
| 3D | 3 days | 259,200 |
| 1D12H 36H | 1 day and 12 hours (or 36 hours) | 129,600 |
| 2W | 2 weeks | 1,209,600 |
| 1D10M | 1 day and 10 minutes | 87,000 |
The zone file then contains the Start of Authority (SOA) resource record:
@ SOA ns1 chris.global.proximity.on.ca. (2007201702,3D,1H,3D,1H)
The @ sign means "this zone", and SOA is the record type. The values are the authoritative master nameserver ( ns1 ), followed by the administrative email contact, with the @ converted to a period (therefore, usernames containing periods cannot be used for administrative contacts).
All hostnames and domain names in a zone file will have the name of the zone added to the end of them unless they end with a period. Thus, in this example, bluesky (with no period) would be interpreted as bluesky.fedorabook.com, as would bluesky.fedorabook.com with no period: bluesky.fedorabook.com.fedorabook.com.
The values in parentheses at the end of the record are the serial number and the time values for this record. It's helpful (and common practice) to split this information across several lines and add comments to label which time value is which:
@ SOA ns1 chris.global.proximity.on.ca. (
2007201702 ; serial number
3D ; refresh
1H ; retry
3D ; expire
1H ) ; minimum
Notice that comments start with a semicolon. The time values used here are the same ones configured using the graphical tool.
The rest of the zone file contains resource records. We need NS records to indicate the nameservers for this domain:
IN NS bluesky
IN NS darkday
The first field is blank; the line must be indented at least one space. The next field value, IN , specifies that these records are related to the Internet (TCP/IP address family). NS indicates the record type (nameserver), and the last field is the hostname of the nameserver.
We also need A records to indicate the IP address of each computer:
bluesky IN A 216.183.93.224
darkday IN A 216.183.93.225
The first field in each record is the hostname, followed by the address family ( IN ) and the record type ( A ), and then the IP address.
Next we have MX records for mail exchangers:
IN MX 10 bluesky
IN MX 20 global.proximity.on.ca.
These have a blank first field, followed by the address family ( IN ) and record type ( MX ), followed by the mail server priority (lower numbers are higher priority), and then the mail server hostname.
Note that global.proximity.on.ca is outside of this zone, so the hostname is written as a fully qualified domain name (FQDN) ending with a period.
We also need some aliases for common hostnames:
mail IN CNAME bluesky
ftp IN CNAME darkday
www IN CNAME bluesky
ww IN CNAME bluesky
wwww IN CNAME bluesky