Following is list of steps when configuring Solaris 10 system as a DNS Cache server. (Hostname and IP addresses just for an illustration. Its not real but db.cache file. Its hold real ROOT.SERVERS information)
1. Update Solaris 10 DNS patch.
Patch-ID# 119783-08: SunOS 5.10; bind patch (Note: current patch release: 119783-10)
2. Create and check following configuration files
- Check for /etc/hosts file
- Create and edit DNS configuration file; /etc/named.conf
- Create domain run directory; e.g. /var/opt/named
root@prambanan: mkdir /var/opt
root@prambanan: mkdir /var/opt/named
- Obtain a copy of root name (root hints) file; /var/opt/named/db.cache
- Create and edit reverse zone file; /var/opt/named/db.local
- Create and edit local zone configuration file; /var/opt/named/candi.hosts
root@prambaban: # cat /etc/hostsroot@prambanan: mkdir /var/opt/named
- Obtain a copy of root name (root hints) file; /var/opt/named/db.cache
- Create and edit reverse zone file; /var/opt/named/db.local
- Create and edit local zone configuration file; /var/opt/named/candi.hosts
#
127.0.0.1 localhost
123.152.163.70 prambanan prambanan.candi.com loghost
#
snip
root@prambaban: # cat /etc/named.conf
acl acl_post {
111.123.171.0/24;
111.124.153.64/28;
};
acl acl_precu {
124.111.44.0/22;
120.112.8.0/21;
};
options {
directory "/var/opt/named/";
recursion yes;
allow-recursion {
acl_post;acl_precu;
};
recursive-clients 300000;
forwarders {
124.123.111.222 port 53;
124.124.112.123 port 53;
};
forward first;
};
zone "." {
type hint;
file "db.cache";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "db.local";
};
zone "candi.com" {
type slave;
file "candi.hosts";
masters {
111.222.123.124;
};
};
root@prambaban: # cat /var/opt/named/db.cache
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache .
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.root
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: Feb 04, 2008
; related version of root zone: 2008020400
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803f:235
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; operated by VeriSign, Inc.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30
;
; operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
;
; operated by ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
;
; operated by WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
; End of File
root@prambanan: # cat /var/opt/named/db.local
@ttl 3600
0.0.127.in-addr.arpa. IN SOA prambanan.candi.com. ogut.candi.com. (
2008112300;
10800;
3600;
604800;
86400 );
IN NS prambaban.candi.com.
1 IN PTR localhost.
root@prambanan: # cat /var/opt/named/borobudur.hosts
$ORIGIN .
$TTL 3600 ; 1 hour
candi.com IN SOA borobudur.candi.com. ogut.candi.com. (
20080805 ; serial
3600 ; refresh (1 hour)
600 ; retry (10 minutes)
86400 ; expire (1 day)
3600 ; minimum (1 hour)
)
NS prambanan.candi.com.
NS mendut.candi.com.
NS borobudur.candi.com.
A 120.152.171.183
MX 10 lorojonggrang.candi.com.
TXT "PT. Candi Nusantara"
TXT "Jakarta"
TXT "Jl. Raden Widjaya 101"
$ORIGIN candi.com.
prambaban A 123.152.163.70
mendut A 123.153.132.99
muntilan A 123.155.6.157
lorojongrang A 123.155.6.150
muntilanmail NAME muntilan
jawa A 124.155.19.18
sumatera A 123.112.161.211
kalimantan MX 10 lorojonggrang
sulawesi A 123.112.152.213
MX 10 lorojonggrang
3. Start the DNS Server
root@prambanan: # svcadm enable /network/dns/server
4. Check /var/adm/messages file for a successful named (BIND) startup
root@prambanan: # tail /var/adm/messages
Jun 12 10:25:30 prambanan named [1916]: [ID 767358 daemon.notice] starting BIND 9.3..5-P1
Jun 12 10:25:30 prambanan named [1916]: [ID 767358 daemon.notice] command channel istening on 127.0.0.1#953
After up and running for long time, the cached may be huge, and may need to refresh. Use procedure below when refreshing the cache or restarting BIND:
root@prambanan: # svcadm disable /network/dns/server
root@prambanan: # svcadm enable /network/dns/server
No comments:
Post a Comment