The Guru College

Home Network – DNS Server

I am now running a pair of DNS servers in my home network. Like the NTP service I’m running, these are active on both of my OpenSolaris nodes. The processor I ran to generate my db.* and named.* files is h2n, which was written initially by Cricket Liu for O’Reilley’s DNS and Bind. In short, it converts your (correctly formatted) /etc/hosts file into almost everything you need to run a bind nameserver.

Most people use BIND8 or BIND9 – it’s huge, and is constantly being updated for security-related problems. I had thought about using something else, like djbdns, written from the ground up with security and simplicity in mind, by Daniel Bernstien. He’s so serious about security, that if you find a security related bug in his nameserver software, he’ll mail you a check for $1000 USD. While that is tempting, part of this exercise is to get familiar with the tools I will be using at work and in future projects, and at the moment, that is BIND.

You will need one thing from an external source, other than the h2n scripts – the root hints file, which you will save and rename to /var/named/db.cache . This gives your DNS server the ability to perform external lookups.

As mentioned earlier, you will need to update your /etc/hosts file to the ‘correct’ format:

ip_address fqdn aliases #comments

For me, this starts as follows:

`I am now running a pair of DNS servers in my home network. Like the NTP service I'm running, these are active on both of my OpenSolaris nodes. The processor I ran to generate my db.\* and named.\* files is [h2n][1], which was written initially by [Cricket Liu][2] for [O'Reilley's][3] [DNS and Bind][4]. In short, it converts your (correctly formatted)/etc/hosts` file into almost everything you need to run a bind nameserver.

Most people use BIND8 or BIND9 – it’s huge, and is constantly being updated for security-related problems. I had thought about using something else, like djbdns, written from the ground up with security and simplicity in mind, by Daniel Bernstien. He’s so serious about security, that if you find a security related bug in his nameserver software, he’ll mail you a check for $1000 USD. While that is tempting, part of this exercise is to get familiar with the tools I will be using at work and in future projects, and at the moment, that is BIND.

You will need one thing from an external source, other than the h2n scripts – the root hints file, which you will save and rename to /var/named/db.cache . This gives your DNS server the ability to perform external lookups.

As mentioned earlier, you will need to update your /etc/hosts file to the ‘correct’ format:

ip_address fqdn aliases #comments

For me, this starts as follows:

``

I’ve cut off 10 or 15 lines from the end of this hosts file. As I do intend to use this hosts file as a fallback, I’ve kept the short hostnames, even though they aren’t needed for h2n. If you have a short hosts file, like mine, this will take you a few minutes. If you have been maintaining hosts files for years, this could be a long process, though it’s much better than manually writing out the forward and reverse lookup zones by hand, though. (Though, to be throughly pedantic, you should write out the files if you’ve never done it before. It will make you understand BIND a lot better.)

The comment ‘#[no mx]’ above does what it looks like it should do – it tells h2n not to assign this entry an MX record. I plan to run my own internal mail system for notifications and system alerts, and everything should wind up on the OpenSolaris boxes – not on the printer, my wife’s laptop, etc. If you don’t know what a Mail eXchange (MX) record is, please Google for it. For that matter, if you don’t know the difference between an A record, a CNAME and an ALIAS, also do some more reading. I’m not going to explain those here.

Kidney Stone Update | Home | $0.57 monopod