#/etc/resolv.conf
#nameserver 83.64.1.10
#nameserver 83.64.0.10
nameserver 192.168.1.5
Another advantage of setting up a caching nameserver is that you can use it to block ads and objectionable sites by using bogus DNS zones to block specific domains. You do this by overriding the DNS lookup of the sites you want to block. Configuration is simple. First, determine the sites that you want to block. For example, you might want to block all access to doubleclick.net. Create an entry in /etc/named.conf like this:
zone 'doublelick.net' { type master; file 'fakes'; };
Then create a new /var/named/fakes file. This should contain
$TTL 1D
@ IN SOA dns.companyname.com. hostmaster.companyname.com. (
2004081701 8H 2H 4W 1D)
@ IN NS
@ IN A 127.0.0.1
* IN A 127.0.0.1
where 127.0.0.1, where they will not be found. To make the change effective, you have to restart named so that the new configuration information is read. Chapter 11 describes several different ways of restarting the named service; here is one of them:
# kill -HUP `pidof named`
When named is restarted, attempts to resolve all doubleclick.net addresses fail, the ads are neither loaded nor displayed, and your browsing experience is faster.
Your Own Domain Name and Third-Party DNS
It is possible to have your own domain name and provide third-party DNS service for it, meaning that you do not have to configure and administer a DNS nameserver for your self. You can even have a mail address for your domain without having a mail server.
Here is a summary of the major tasks involved in providing a third-party DNS service to your own domain name:
> Register and pay for a unique domain name — Several companies now offer to register these names, so shop around for the most reasonable price and perform some Google background checks on the company before using it.
> Use a third-party DNS provider to provide DNS services — One popular provider is ZoneEdit, which provides detailed steps to use the service. ZoneEdit also provides mail-forwarding services, so mail addressed to [email protected] is forwarded to your regular ISP mail account. ZoneEdit also allows you to use Dynamic DNS, which enables you to run a server on a dynamically assigned IP (from a cable or dialup provider), yet still have DNS servers locate you. ZoneEdit can also provide a startup web page space for you or forward requests to an already established page with a long, complicated address.
> Return to your domain name registrar and tell it what nameservers are authoritative for your domain.
After you have completed the preceding tasks, it takes about three days for the information to propagate around the Internet.
Providing DNS for a Real Domain with BIND
BIND is the de facto standard DNS software suite for UNIX. It contains a nameserver daemon (named) that answers DNS queries, a resolver library that enables programs to make such queries, and some utility programs. BIND is maintained by the
Three major versions of BIND are in common use today: 4, 8, and 9. The use of BIND 4 is now
If you are upgrading from BIND 8 to BIND 9, make sure to read the file /usr/share/doc/bind- 9.5.0/misc/migration for any issues regarding configuration files (which will cause BIND not to run) and use of existing shell scripts. An HTML version of the BIND 9 manual is the Bv9ARM.html file under the /usr/share/doc/bind-9.5.0/arm directory.
In this chapter, we discuss the use of BIND 9, which ships with Fedora. BIND 9 was rewritten from scratch in an attempt to make the code more robust and leave behind the problems inherent in the old code. It is compliant with new DNS standards and represents a substantial improvement in features, performance, and security.
The bind RPM package contains the named daemon and a wealth of BIND documentation. The bind-utils RPM package contains, among other things, the invaluable dig(1) utility. If you choose to compile BIND yourself, you can download the source distribution from the ISC's website and follow the build instructions therein.
You can find build instructions in the Read Me file under the /usr/share/doc/bind-9.5.0 directory, too.
After you install the RPMs, the following directories are of special interest because they contain the file used by BIND and contain the information shown in the listing:
----------
/etc/ The rndc.conf, named.conf configuration files.
/usr/bin/ dig, host, nslookup, nsupdate.
/usr/sbin/ named, rndc, and various support programs.
/usr/share/doc/bind-9.5.0/ BIND documentation.
/usr/share/man/ Manual pages.
/var/named/* Zone files.
----------
If you install from source, the files will be in the locations you specified at configure time, with the default directories under /usr/local/.
The following example uses BIND to configure a nameserver and then expand it as necessary to provide useful DNS service. To accomplish this, you must configure named (the nameserver daemon) and rndc components (a control utility that permits various
