Chapter 14. Setting up DNS Part 2: The .sam TLD nameserver and the root server

Next, we'll set up the .sam TLD nameserver. This server doesn't actually know the domain name to IP address translation for all domain names, but it knows which servers to ask for each domain name. For the .com TLD, there is a server (actually a redundant set of servers) which knows where to look, so even though it doesn't know the IP address of, say, www.projreality.com, it knows the server which knows the IP address of www.projreality.com, and will point the requester to that server. We will do the same for the .sam TLD.

The .sam TLD nameserver will also be running BIND on Linux, so go ahead and clone ns1-projreality.sam.vdi to a-root-servers-sam.vdi . Create a VM called "a.root-servers.sam" using the cloned hard disk. Set Adapter 1 to the Internal Network "backbone3-a.rs.sam", and then start up the VM.

The first few steps will be similar to what was done in the past. Edit /etc/rc.conf and change the hostname to "a.root-servers.sam". Change the IP address for eth0 to 172.16.55.100, and change the default gateway to 172.16.55.1 . Remove the line for eth1 and remove eth1 from the INTERFACES list. Also, set the gateway to 172.16.55.1.

Next, we'll configure BIND to act as the .sam TLD nameserver. This is actually quite similar to setting up BIND previously, but the zone file will be slightly different. Delete /var/named/projreality.sam, /var/named/172.16.210.rev, /var/named/172.16.211.rev, and /var/named/172.16.212.rev. First, we'll create the zone file. Create /var/named/sam

$ORIGIN	sam.
$TTL	2d

@	IN	SOA	a.root-servers.sam.	hostmaster.root-servers.sam. (
	2010110300	; serial number
	3h		; refresh
	15m		; retry
	1w		; expire
	2d		; minimum TTL
)

@	IN	NS	a.root-servers.sam.

a.root-servers.sam.	IN	A	172.16.55.100

$ORIGIN	nic.sam.
@	IN	NS	ns1
ns1	IN	A	172.16.75.100

$ORIGIN	projreality.sam.
@	IN	NS	ns1
@	IN	NS	ns2
ns1	IN	A	172.16.211.10
ns2	IN	A	172.16.211.11

This zone file has some similarities to the projreality.sam. zone file. It starts with an SOA record, this time for the sam. domain, followed by the NS record and the A record for the nameserver. However, there is another section specifically for projreality.sam. What this section says is, if asked about any domain within projreality.sam., this server will refer the requester over to either ns1.projreality.sam. or ns2.projreality.sam. Since both of those domain names are within projreality.sam., you need a way to get their IP addresses directly, so this server includes the IP addresses of just the nameservers for projreality.sam. - these are called "glue records".

Next, we'll tweak /etc/named.conf. First, change the listen-on line to listen on this server's IP address:

	listen-on { 172.16.55.100; };

We'll keep the sections for the localhost zone, but delete the sections for projreality.sam. and the associated reverse lookups. Then add a section for the sam. TLD:

zone "sam" IN {
	type master;
	file "sam";
	allow-transfer { none; };
};

At this point, reboot the VM so the network changes take effect. BIND should also start on boot. Do a sudo tail /var/log/daemon - if there is a line that contains

zone sam/IN: loaded serial 2010110300

then it loaded the zone file correctly. Issue a

dig @172.16.55.100 www.projreality.sam

You'll notice that it doesn't actually have an answer section. That is because, as mentioned before, the .sam TLD nameserver doesn't know the IP addresses of all servers within the .sam TLD, but knows where to look. Under the AUTHORITY SECTION, you'll see the NS records for the projreality.sam. domain, and in the ADDITIONAL SECTION, you'll see that the IP addresses of projreality.sam.'s nameservers are provided. You could now go and do a dig query to the ns1.projreality.sam. server, and will receive the correct IP address as before.

Finally, repeat the dig command from the customer VM to verify that it is working from there also. Don't forget to start up the appropriate VMs in between first.

Skipping over reverse lookup for now, we'll repeat the above steps to create the root server. All DNS requests will first go to the root server, which will direct the requester depending on the TLD. For now, the only TLD our root server will handle is the .sam TLD.

Clone ns1-projreality-sam.vdi to rns.vdi. Create a VM called "rns" using the cloned hard disk. Set the VirtualBox Adapter 1 to the Internal Network "backbone3-rns", and start up the VM.

Change the hostname to "rns", and change the IP address for eth0 to "172.16.50.100". Delete the line for eth1 and remove eth1 from the INTERFACES list. Also change the default gateway to "172.16.50.1".

Next we'll create the zone file for the root. First, delete the zone files for projreality.sam, then create /var/named/root:

$ORIGIN	.
$TTL	2d

@	IN	SOA	rns.	hostmaster.rns. (
	2010110300	; serial number
	3h		; refresh
	15m		; retry
	1w		; expire
	2d		; minimum TTL
)

@	IN	NS	rns.

rns.	IN	A	172.16.50.100

$ORIGIN	sam.
@			IN	NS	a.root-servers.sam.
a.root-servers.sam.	IN	A	172.16.55.100

Next, we'll tweak /etc/named.conf First, we'll update the listen-on option to listen on the server's IP address:

	listen-on { 172.16.50.100; };

Next, delete the sections for projreality.sam., and add the section for the root:

zone "." IN {
	type master;
	file "root";
	allow-transfer { none; };
};

That's it for the config. Reboot the VM. Check in /var/log/daemon that BIND loaded the zone file, then go to the customer VM and issue

dig @172.16.50.100 www.projreality.sam

If the response directs you over to a.root-servers.sam (i.e. the TLD server for the .sam TLD), then the root server is set up correctly!

Next, we need to have a path from the root server to projreality.sam's server for the reverse lookup. This works a bit differently from regular lookups. In the real world, blocks of IP addresses get assigned to different organizations. Many of these are ISPs, which then further assign subsections of their assigned address blocks to their customers. In our internet, the organization that assigns the 172.16.0.0/16 block of addresses will have their server at ns1.nic.sam .

Create the file /var/named/root.rev

$ORIGIN	in-addr.arpa.
$TTL	2d

@	IN	SOA	rns.	hostmaster@rns. (
	2010110300	; serial number
	3h		; refresh
	15m		; retry
	1w		; expire
	2d		; minimum TTL
)

@	IN	NS	rns.

$ORIGIN	16.172.in-addr.arpa.
@		IN	NS	ns1.nic.sam.

This file refers all reverse lookup requests in the 172.16.0.0/16 block to ns1.nic.sam.

Add this zone after the root zone in /etc/named.conf:

zone "in-addr.arpa" IN {
	type master;
	file "root.rev";
	allow-transfer { none; };
};

First, clone ns1-projreality-sam.vdi to ns1-nic-sam.vdi, and create a VM called "ns1.nic.sam" using the hard disk. Set Adapter1 to the Internal Network "backbone2-ns1.nic.sam", and go ahead and start up the VM.

The usual stuff next - set the hostname to "ns1.nic.sam", the IP address for eth0 to 172.16.75.100 (delete references to eth1), and the default gateway to 172.16.75.1

Next, edit /var/named/nic.sam. This will be the forward lookup zone file, which is pretty simple since there's only one server:

$ORIGIN	nic.sam.
$TTL	2d

@	IN	SOA	ns1	hostmaster (
	2010110300	; serial number
	3h		; refresh
	15m		; retry
	1w		; expire
	2d		; minimum TTL
)

@	IN	NS	ns1

ns1	IN	A	172.16.75.100

Next, create /var/named/172.16.rev, which is the zone file for all addresses in the 172.16.0.0/16 block:

$ORIGIN	16.172.in-addr.arpa.
$TTL	2d

@	IN	SOA	ns1.nic.sam.	hostmaster.nic.sam. (
	2010110300	; serial number
	3h		; refresh
	15m		; retry
	1w		; expire
	2d		; minimum TTL
)

@	IN	NS	ns1.nic.sam.

75	IN	NS	ns1.nic.sam.

210	IN	NS	ns1.projreality.sam.
211	IN	NS	ns1.projreality.sam.
212	IN	NS	ns1.projreality.sam.

Also, create /var/named/172.16.75.rev for nic.sam.'s own reverse lookup:

$ORIGIN	75.16.172.in-addr.arpa.
$TTL	2d

@	IN	SOA	ns1.nic.sam.	hostmaster.nic.sam. (
	2010110300	; serial number
	3h		; refresh
	15m		; retry
	1w		; expire
	2d		; minimum TTL
)

@	IN	NS	ns1.nic.sam.

100	IN	PTR	ns1.nic.sam.

Delete the files relating to projreality.sam in /var/named

Finally, edit /etc/named.conf. First, have the server listen on its IP address 172.16.75.100, and delete the sections relating to projreality.sam Add the zone files created above:

zone "nic.sam" IN {
	type master;
	file "nic.sam";
	allow-transfer { none; };
};

zone "75.16.172.in-addr.arpa" IN {
	type master;
	file "172.16.75.rev";
	allow-transfer { none; };
};

zone "16.172.in-addr.arpa" IN {
	type master;
	file "172.16.rev";
	allow-transfer { none; };
};

Go ahead and reboot the VM. To verify correct operation, do a dig @172.16.75.100 ns1.nic.sam, dig @172.16.75.100 -x 172.16.75.100, and also dig @172.16.75.100 -x 172.16.211.1

The second command should refer you over to ns1.projreality.sam

That's all for the setup for reverse lookup for now. That was rather less straightforward than the forward lookup.