The Domain Name Service

The named.conf file

So far, we have two files, one for each zone for which our name server is authoritative. In a large system, there could be many more. What we need now is to tell the name server which files to use. That’s the main purpose of named.conf. There’s already a skeleton in /etc/namedb/named.conf. With the comments removed, it looks like:

options {
  directory "/etc/namedb"; 
  forwarders {
    127.0.0.1;
};

zone "." {
  type hint;
  file "named.root";
};

zone "0.0.127.IN-ADDR.ARPA" {
  type master;
  file "localhost.rev";
};

zone "domain.com" {
  type slave;
  file "s/domain.com.bak";
  masters {
    192.168.1.1;
  };
};

zone "0.168.192.in-addr.arpa" { 
  type slave;
  file "s/0.168.192.in-addr.arpa.bak";
  masters {
    192.168.1.1;
  };
};

Each entry consists of a keyword followed by text in braces ({}). These entries have the following significance:

The directory entry tells named where to look for the configuration files.

The first zone is the top-level domain, .. It’s hint: it tells named to look in the file named.root in its configuration directory. named.root contains the IP addresses of the 13 top-level name servers.

We've seen the entry for 0.0.127.IN-ADDR.ARPA already on page 367: it’s the reverse lookup for the localhost address.

The hint entry specifies the name of the file describing the root servers (domain.).

The zone entries for domain.com and 0.168.192.in-addr.arpa define slave name servers. A slave name server addresses all queries to one of the specified master name servers. In earlier versions of DNS, a slave name server was called a secondary name server, and the master name server was called a primary name server. This is still current usage outside BIND, but you should expect this to change.

This file already contains most of the information we need. The only things we need to add are the information about the names of our zones and the location of the description file:

zone "example.org" {
  type master; 
  file "db.example.org";
};

zone "37.147.223.in-addr.arpa" {
  type master;
  file "example-reverse";
};

When we've done that, we can start the name server with ndc, the named control program^{3In Release 9 of named it will change its name to rndc}:

# ndc start
new pid is 86183

If it’s already running, we can restart it:

# ndc reload
Reload initiated. 

Starting or restarting the name server doesn’t mean it will work, of course. If you make a mistake in your configuration files, it may not work at all. Otherwise it might start, but refuse to load specific zones. named logs messages with syslog, and if you are using the standard syslog configuration, the messages will be written to the console and to the file /var/log/messages. After starting named, you should check what it said. named produces a number of messages, including:

Mar 18 15:01:57  freebie named[69751]:  starting (/etc/namedb/named.conf).named
8.3.4-REL Wed Dec 18 13:38:28 CST 2002 grog@freebie.example.org:/usr/obj/src/FreeBSD/5-S TABLE-FREEBIE/src/usr.sbin/named
Mar 18 15:01:57  freebie named[69751]:  hint zone ""
(IN) loaded (serial 0)
Mar 18 15:01:57  freebie named[69751]:  master zone "example de.org"
(IN) loaded (serial 2003031801)
Mar 18 15:01:57  freebie named[69751]:  Zone "0.0.127.in-addr.arpa"
(file localhost.reverse): No default TTL ($TTL <value>) set, using SOA minimum instead
Mar 18 15:01:57  freebie named[69751]:  master zone "0.0.127.in-addr.arpa"
(IN) loaded (serial 97091501)
Mar 18 15:01:57  freebie named[69751]:  listening on [223.147.37.1].53 (rl0)
Mar 18 15:01:57  freebie named[69751]:  listening on [127.0.0.1].53 (lo0)
Mar 18 15:01:57  freebie named[69752]:  Ready to answer queries. 

Note the warning output for 0.0.127.in-addr.apathies is obviously an old-style zone file, as the serial number also suggests. It doesn’t have a $TTL entry, so named defaults to the old-style behavior and uses the last field (which used to be called "minimum") of the SOA record instead. This warning is not very serious, but you probably want a longer default TTL than you do for caching failed lookups, which is what the field is used for now.

What you don’t want to see are error messages like:

May 10    14:26:37 freebie named[1361]:    db. example. org: Line 28: Unknown type: System. 
May 10    14:26:37 freebie named[1361]:    db. example. org:28: Database error (System)
May 10    14:26:37 freebie named[1361]:    master zone "example. org" (IN) rejected due to
errors    (serial 1997010902)

As the last message states, this error has caused the zone to be rejected. Funny: if you look at line 28 of /etc/namedb/db.example.org, it looks straightforward enough:

#System information
freebie  IN HINFO  "Pentium/133"     "FreeBSD 3.0-OURRENT (4.4BSD)"
presto   IN HINFO  "Pentium II/233"  "FreeBSD 2.2.5 (4.4BSD)"

The problem here is that named doesn’t use the standard UNIX convention for comments: the comment character is a scodeicolon (;), not a hash mark (#).

Most other configuration errors should be self-explanatory. On page 379 we'll look at messages that named produces during normal operation.