Private DNS newbie question.

Kevin Darcy kcd at daimlerchrysler.com
Tue Oct 7 21:41:39 UTC 2003 

Ken wrote:

>I am trying to setup a small DNS on a private network - strictly for
>learning.  I have a single small PC dedicated to the DNS job and it has
>RH-9. My problem is that there is very little info available such a
>private DNS - it is all for real Internet DNS's.
>
>I have tried several examples from the 'net, and copied one verbatium from
>the RH9 Bible.  All of them give the same error from the DNS machine or
>any others on the network...
>
>;; connection timed out; no servers could be reached
>
>/etc/init.d/named starts ok and doesn't post any errors in the message
>log.
>named-checkconf and named-checkzone run ok. resolv.conf follows their
>examples.
>I can ping anything from any direction.
>
>Since even the very minimal examples give the same time out message no
>matter what I do,  I am beginning to think that I have something more
>basic that is wrong - like I didn't load something on the install of
>Linux.
>
>Is there something that should be running besides /etc/init.d/named
>daemon?
>
>Does anyone have some very simple named, zone and resolv scripts that I
>can use to test and build on?
>
If you're going to run DNS on a completely isolated network, then you 
need a customized root zone. For that matter, that's *all* you need. You 
could put everything into that root zone if you want, but that won't 
teach you about delegation, referrals, etc.. It might be a good start, 
though, just to get you up and running.

A minimal /etc/named.conf might consist of:

options {
        directory "/some/path/name";
};

zone "." {
        type master;
        file "root";
};

controls { };

A minimal root zone file might consist of:

$TTL 1d
.      soa     . root. (
                1 86400 3600 3600000 3600 )
       ns  .
       a 1.2.3.4

Initially, it'll only be able to resolve the root name (which means you 
won't be able to test it with nslookup, since nslookup absurdly insists 
on being able to reverse-resolve the address of the nameserver too, in 
addition to what you actually asked it to look up). You can customize 
from there...

                                                                         
                              - Kevin

More information about the bind-users mailing list