Fedora™ Unleashed, 2008 edition

};
----------

The options section is where to specify the directory in which named should look for zone files (as named in other sections of the file). You learn about using other options in later examples in this chapter.

Next, we instruct named to accept commands from an authenticated rndc. We include the key file, /etc/rndc.key, and the controls section saying that rndc connects from localhost and uses the specified key. (You can specify more than one IP address in the allow list or use an access control list as described in the 'Managing DNS Security' section, later in this chapter.)

The . zone tells named about the root nameservers with names and addresses in the root.hints file. This information determines which root nameserver is initially consulted, although this decision is frequently revised based on the server's response time. Although the hints file can be obtained via FTP, the recommended, network-friendly way to keep it synchronized is to use dig. We ask a root nameserver (it doesn't matter which one) for the NS records of . and use the dig output directly:

----------
| # dig @j.root-servers.net. ns > /var/named/root.hints
| # cat /var/named/root.hints
| ; <<>> DiG 8.2 <<>> @j.root-servers.net . ns
| ; (1 server found)
| ;; res options: init recurs defnam dnsrch
| ;; got answer:
| ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
| ;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
| ;; QUERY SECTION:
| ;; ., type = NS, class = IN
|
| ;; ANSWER SECTION:
| .                        6D IN NS H.ROOT-SERVERS.NET.
| .                        6D IN NS C.ROOT-SERVERS.NET.
| .                        6D IN NS G.ROOT-SERVERS.NET.
| .                        6D IN NS F.ROOT-SERVERS.NET.
| .                        6D IN NS B.ROOT-SERVERS.NET.
| .                        6D IN NS J.ROOT-SERVERS.NET.
| .                        6D IN NS K.ROOT-SERVERS.NET.
| .                        6D IN NS L.ROOT-SERVERS.NET.
| .                        6D IN NS M.ROOT-SERVERS.NET.
| .                        6D IN NS I.ROOT-SERVERS.NET.
| .                        6D IN NS E.ROOT-SERVERS.NET.
| .                        6D IN NS D.ROOT-SERVERS.NET.
| .                        6D IN NS A.ROOT-SERVERS.NET.
|
| ;; ADDITIONAL SECTION:
| H.ROOT-SERVERS.NET. 5w6d16h IN A  128.63.2.53
| C.ROOT-SERVERS.NET. 5w6d16h IN A  192.33.4.12
| G.ROOT-SERVERS.NET. 5w6d16h IN A  192.112.36.4
| F.ROOT-SERVERS.NET. 5w6d16h IN A  192.5.5.241
| B.ROOT-SERVERS.NET. 5w6d16h IN A  128.9.0.107
| J.ROOT-SERVERS.NET. 5w6d16h IN A  198.41.0.10
| K.ROOT-SERVERS.NET. 5w6d16h IN A  193.0.14.129
| L.ROOT-SERVERS.NET. 5w6d16h IN A  198.32.64.12
| M.ROOT-SERVERS.NET. 5w6d16h IN A  202.12.27.33
| I.ROOT-SERVERS.NET. 5w6d16h IN A  192.36.148.17
| E.ROOT-SERVERS.NET. 5w6d16h IN A  192.203.230.10
| D.ROOT-SERVERS.NET. 5w6d16h IN A  128.8.10.90
| A.ROOT-SERVERS.NET. 5w6d16h IN A  198.41.0.4
|
| ;; Total query time: 4489 msec
| ;; FROM: lustre to SERVER: j.root-servers.net 198.41.0.10
| ;; WHEN: Mon Sep 10 04:18:26 2001
| ;; MSG SIZE sent: 17 rcvd: 436
----------

The Zone File

The zone 0.0.127.in-addr.arpa section in named.conf says that we are a master nameserver for that zone and that the zone data is in the file 127.0.0. Before examining the first real zone file in detail, look at the general format of a RR specification:

name TTL class type data

Here, name is the DNS name with which this record is associated. In a zone file, names ending with a . are fully qualified, whereas others are relative to the name of the zone. In the zone example.com, foo refers to the fully qualified name foo.example.com. The special name @ is a short form for the name of the zone itself. If the name is omitted, the last specified name is used again.

The TTL (Time To Live) field is a number that specifies the time for which the record can be cached. This is explained in greater detail in the discussion of the SOA record in the next section. If this field is omitted, the default TTL for the zone is assumed. TTL values are usually in seconds, but you can append an m for minutes, h for hours, or d for days.

BIND supports different record classes, but for all practical purposes, the only important class is IN, for Internet. If no class is explicitly specified, a default value of IN is assumed; to save a little typing, we do not mention the class in any of the zone files we write here.

The type field is mandatory and names the RR in use, such as A, NS, MX, or SOA. (We use only a few of the existing RRs here. Consult the DNS standards for a complete list.)

The data field (or fields) contains data specific to this type of record. The appropriate syntax will be introduced as we examine the use of each RR in turn.

Here is the zone file for the 0.0.127.in-addr.arpa zone:

----------
| $TTL 2D
| @ SOA localhost. hostmaster.example.com. (
|        2001090101 ; Serial
|        24h        ; Refresh
|        2h         ; Retry
|        3600000    ; Expire (1000h)
|        1h)        ; Minimum TTL
|   NS localhost.
| PTR localhost.
----------

The $TTL directive that should begin every zone file sets the default minimum time to live for the zone to two days. This is discussed further in the next section.