Some hints on DNS config?

Sun Jun 26 15:37:23 UTC 2005

> Date: Sun, 26 Jun 2005 15:04:17 +0100
> From: Kimi Ostro <kimimeister at gmail.com>
> To: bind-users at isc.org
> Subject: Some hints on DNS config?
> Cc: kimimeister at gmail.com
> 
> Hello list,
> 
> I have been playing around with BIND for sometime now and have a
> "nice" caching/forwarder + authorative nameserver setup, hence you can
[...snip...]
> I was reading http://www.isc.org/pubs/tn/isc-tn-2002-2.html and was a
> little stumped on:
> 
> * "Your named.conf file should contain a hint for the root zone, a
> master zone for 0.0.127.IN-ADDR.ARPA, as well as master zones for any
> private..."
> 
> I don't quite get the reasoning behind this?

 zone "0.0.127.in-addr.arpa" in {
        type master;
        file "db.127.0.0";
        notify no;
};

The db.127.0.0 file contains:

$TTL 1W
@ IN  SOA metis.Cadence.COM. root.metis.Cadence.COM. ( 
         2002120212   ; serial
         1H           ; refresh
         15M          ; retry
         1W           ; expire
         1H )         ; minimum

@  IN  NS  metis.cadence.com.

1.0.0.127.IN-ADDR.ARPA.       	IN  PTR   localhost.

The db.127.0.0 file is so that the local loopback interface can be 
correctly resolved while the following definition provides the "salt" 
necessary to get bind running...

 zone "." in {
        type hint;
        file "db.cache";
};

In Bind 9.x, the root zone "hints" are compiled into BIND so the
necessity for the hint zone is not as stringent, but BIND works better
if you tell it what to expect.  The hints file does not need frequent
updating since, as long as ONE server is reachable, Bind will populate
the rest from info received from the reachable server.  (Maybe update
once every two or three years or so...)

You can generate a hints file with dig thusly:

dig ixfr . @f.gtld-servers.net. >db.cache

You should get something like:

; <<>> DiG 2.0 <<>> ixfr . @f.gtld-servers.net. 
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
;; flags: qr rd; Ques: 1, Ans: 0, Auth: 13, Addit: 13
;; QUESTIONS:
;;	., type = A, class = IN

;; AUTHORITY RECORDS:
.	172800	NS	e.root-servers.net.
.	172800	NS	l.root-servers.net.
.	172800	NS	m.root-servers.net.
.	172800	NS	j.root-servers.net.
[...snip 9 records...]

;; ADDITIONAL RECORDS:
e.root-servers.net.	172800	A	192.203.230.10
l.root-servers.net.	172800	A	198.32.64.12
m.root-servers.net.	172800	A	202.12.27.33
j.root-servers.net.	172800	A	192.58.128.30
[...snip 9 records...]

;; FROM: well to SERVER: f.gtld-servers.net.  192.35.51.30
;; WHEN: Sun Jun 26 08:21:17 2005
;; MSG SIZE  sent: 17  rcvd: 436

Regards,
Gregory Hicks

---------------------------------------------------------------------
Gregory Hicks                           | Principal Systems Engineer
Cadence Design Systems                  | Direct:   408.576.3609
555 River Oaks Pkwy M/S 6B1             | Fax:      408.894.3479
San Jose, CA 95134                      | Internet: ghicks at cadence.com

I am perfectly capable of learning from my mistakes.  I will surely
learn a great deal today.

"A democracy is a sheep and two wolves deciding on what to have for
lunch.  Freedom is a well armed sheep contesting the results of the
decision." - Benjamin Franklin

"The best we can hope for concerning the people at large is that they
be properly armed." --Alexander Hamilton