DNS Config

DNS Configuration

DNS makes it possible to refer to IP-based systems (hosts) by human-friendly names (domain name).

Name resolution is the act of determining the IP address(es) of a given hostname. DNS basically

provides

Resolved hostnames to IP addresses (forward lookup)
Resloves IP addresses into hostnames (reverse lookup)
Allows machines to be logically grouped by name domains

There are two servers on LCLSDMZ, providing System Services, including DNS, to clients on controls networks. The servers are only accessible by root, and there are no NFS mounts to any servers. Security updates will follow the same update rules as our LCLSDMZ Taylor'd servers. We have up to 10 days for high security patches to be applied.

The two servers are mccsrv01 as the primary and mccsrv02 as the secondary. For testing, we use lcls-prod01 for the secondary.

DNS Installation

BIND is the most widely used DNS server on the Internet. RHEL uses BIND 9. Install BIND as

below:

yum install bind

The DNS daemon is called "named". Setup DNS daemon: named, as below:

/sbin/chkconfig --add named
/sbin/chkconfig named on
/sbin/chkconfig --list named

DNS Server Configuration

zone files in /var/named

Create/install zone files in /var/named directory. I tar'd up the /var/named directory: ~brobeck/NAMED-2010.tar

[root@mccsrv01 ~]# ls /var/named/*.DB -c1
/var/named/127.DB
/var/named/empty.DB
/var/named/local.DB
/var/named/MCC.DB
/var/named/MCCDEV.DB
/var/named/WWW-MCC.DB

[root@mccsrv01 ~]# ls /var/named/NAMED* -c1
/var/named/NAMED.IN-ADDR_172_27
/var/named/NAMED.IN-ADDR_172_19
/var/named/NAMED.IN-ADDR_172_21
/var/named/NAMED.IN-ADDR_134

/etc/named.config

Edit /etc/named.conf, a configuration file, which is read by named during dameon startup. See Apendix I.

Check /etc/resolv.conf

[root@mccsrv01 ~]# cat /etc/resolv.conf
options timeout:1
domain slac.stanford.edu
search slac.stanford.edu

nameserver 134.79.111.112
nameserver 134.79.111.111

DNS Client configuration

[brobeck@lcls-srv01 ~ ]$ cat /etc/resolv.conf
# Generated by NetworkManager
search slac.stanford.edu
nameserver 134.79.151.12
nameserver 134.79.151.13
nameserver 134.79.151.11

Test

[jingchen@lcls-srv20 ~]$ nslookup lcls-srv01
Server: 134.79.151.12
Address: 134.79.151.12#53

Name: lcls-srv01.slac.stanford.edu
Address: 172.27.8.25

Showing it uses mccsrv01 as DNS for query.

[jingchen@lcls-srv20 ~]$ host lcls-srv01 mccsrv01
Using domain server:
Name: mccsrv01
Address: 134.79.151.12#53
Aliases:

lcls-srv01.slac.stanford.edu has address 172.27.8.25

Apendix I - /etc/named.conf

[root@mccsrv01 ~]# cat /etc/named.conf
// Default named.conf generated by install of bind-9.2.4-30.el4_8.4
options {
directory "/var/named";
pid-file "/var/run/named/named.pid";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/tmp/named-memstats";
managed-keys-directory "/var/named/dynamic";

listen-on { localnets; };
allow-query { any; };
recursion yes;

# allow-recursion { any; };
# check-names response fail;
# listen-on { 127.0.0.1; };
# allow-recursion { localhost; };

sortlist {
{ 134.79.48/22; { 134.79.48/22; }; };
{ 134.79.151/24; { 134.79.151/24; }; };
{ 134.79.176/22; { 134.79.176/22; }; };
{ 134.79.184/22; { 134.79.184/22; }; };
{ 172.19.52/22; { 172.19.52/22; }; };
{ 172.27.244/22; { 172.27.244/22; }; };
{ 172.27.8/22; { 172.27.8/22; 134.79.151/24; 134.79.48/22; 134.79.176/22; }; };
{ 172.27.0/22; { 172.27.0/22; 134.79.151/24; 134.79.48/22; 134.79.176/22; }; };
{ 172.27.128/22; { 172.27.128/22; 134.79.151/24; 134.79.48/22; 134.79.176/22; }; };
{ 172.27.72/22; { 172.27.72/22; 134.79.151/24; 134.79.48/22; 134.79.176/22; }; };
{ 172.27.32/22; { 172.27.32/22; 134.79.151/24; 134.79.48/22; 134.79.176/22; }; };
{ 172.27.40/22; { 172.27.40/22; 134.79.151/24; 134.79.48/22; 134.79.176/22; }; };
};

forward only;
forwarders { 134.79.111.112; 134.79.111.111; };
# forwarders { 134.79.110.72; 134.79.110.9; 134.79.110.8; };

};

//include "/etc/rndc.key";
//
//controls {
// inet 127.0.0.1 allow { localhost; } keys { rndckey; };
//};

zone "." IN {
type hint;
file "domain-name-service.cache";
};

zone "SLAC.Stanford.EDU" IN {
type slave;
file "named.hosts";
masters {
134.79.111.111; // any-ns1
134.79.111.112; // any-ns2
};
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "local.DB";
# file "named.local";
allow-update { none; };
};

zone "79.134.IN-ADDR.ARPA" {
type slave;
file "NAMED.IN-ADDR_134";
masters {
134.79.111.111; // any-ns1
134.79.111.112; // any-ns2
};
};

zone "19.172.IN-ADDR.ARPA" {
type slave;
file "NAMED.IN-ADDR_172_19";
masters {
134.79.111.111; // any-ns1
134.79.111.112; // any-ns2
};
};

zone "27.172.IN-ADDR.ARPA" {
type slave;
file "NAMED.IN-ADDR_172_27";
masters {
134.79.111.111; // any-ns1
134.79.111.112; // any-ns2
};
};

zone "21.172.IN-ADDR.ARPA" {
type slave;
file "NAMED.IN-ADDR_172_21";
masters {
134.79.111.111; // any-ns1
134.79.111.112; // any-ns2
};
};

/*
The following is for our MultiHomed hosts.
We were running into issues because DNS
would return multiple IPs for our Multihomed
hosts. Now SCS will only have one IP address
per nodename with a CNAME for our Multihomed
hosts pointing to our "-LAVC" address.
ex) MCCDEV IN CNAME MCCDEV-LAVC

We will use the *.DB files to distribute IPs
to our multihomed hosts.
*/

//zone "WWW-MCC.SLAC.STANFORD.EDU" {
// type master;
// file "WWW-MCC.DB";
//};

zone "MCCDEV.SLAC.STANFORD.EDU" {
type master;
file "MCCDEV.DB";
};

zone "MCC.SLAC.STANFORD.EDU" {
type master;
file "MCC.DB";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
print-time yes;
print-category yes;
print-severity yes;
};
};

MCC DNS Configuration