following addition to named.conf sets up a channel called custom, which writes time-stamped messages to a file and sends messages in the listed categories to it:
----------
| logging {
| channel custom {
| file '/tmp/named.log'; # Where to send messages.
| print-time yes; # Print timestamps?
| print-category yes; # Print message category?
| };
| category config { custom; }; # Configuration files
| category notify { custom; }; # NOTIFY messages
| category dnssec { custom; }; # TSIG messages
| category general { custom; }; # Miscellaneous
| category security { custom; }; # Security messages
| category xfer-out { custom; }; # Zone transfers
| category lame-servers { custom; };
| };
----------
Retaining and frequently examining your logs is especially important because syntax errors often cause BIND to reject a zone and not answer queries for it, causing your server to become lame (meaning that it is not authoritative for the zone for which it is supposed to be).
Resolver Configuration
The last step before running BIND is to set up the local resolver software. This involves configuring the /etc/hosts, /etc/resolv.conf, and /etc/nsswitch.conf files.
To avoid gratuitous network traffic, most UNIX resolvers still use a hosts-like text file named /etc/hosts to store the names and addresses of commonly used hosts. Each line in this file contains an IP address and a list of names for the host. Add entries to this file for any hosts you want to be able to resolve independently from DNS. If the entry is found in /etc/hosts, the resolver does not have to contact a DNS server to resolve the name, which reduces network traffic.
/etc/resolv.conf specifies the addresses of preferred nameservers and a list of domains relative to which unqualified names are resolved. You specify a nameserver with a line of the form nameserver 1.2.3.4 (where 1.2.3.4 is the address of the nameserver). You can use multiple nameserver lines (usually up to three). You can use a search line to specify a list of domains to search for unqualified names.
A search line such as search example.com example.net causes the resolver to attempt to resolve the unqualified name xyz, first as xyz.example.com, and then, if that fails, as xyz.example.net. Do not use too many domains in the search list because it slows down resolution.
A hosts: files dns line in /etc/nsswitch.conf causes the resolver to consult /etc/hosts before using the DNS during the course of a name lookup. This allows you to override the DNS by making temporary changes to /etc/hosts, which is especially useful during network testing. (Older resolvers might require an order hosts, bind line in the /etc/host.conf file instead.)
Running the named Nameserver Daemon
Finally! You can now start named with /etc/rc.d/init.d/named start. You should see messages similar to the ones that follow in the syslog (or another location, according to the logging configuration you have set up). One way to do this is to monitor the log file with the tail command; that scrolls the changes in the file down the screen:
# tail -f /var/log/messages
----------
July 9 23:48:33 titan named[2605]: starting BIND 9.2.3 -u named
July 9 23:48:33 titan named[2605]: using 1 CPU
July 9 23:48:33 titan named[2608]: loading configuration from '/etc/named.conf'
July 9 23:48:33 titan named[2608]: no IPv6 interfaces found
July 9 23:48:33 titan named[2608]: listening on IPv4 interface lo, 127.0.0.1#53
July 9 23:48:33 titan named: named startup succeeded
July 9 23:48:33 titan named[2608]: listening on IPv4 interface
eth0, 192.168.2.68#53
July 9 23:48:33 titan named[2608]: command channel listening on 127.0.0.1#953
October 9 23:48:33 titan named[2608]: zone 0.0.127.in-addr.arpa/IN:
loaded serial 1997022700
October 9 23:48:33 titan named[2608]: zone localhost/IN: loaded serial 42
October 9 23:48:33 titan named[2608]: running
----------
You can use rndc to interact with this instance of named. Running rndc without arguments displays a list of available commands, including ones to reload or refresh zones, dump statistics and the database to disk, toggle query logging, and stop the server. Unfortunately, rndc does not yet implement all the commands that were supported by ndc — the control program shipped with earlier versions of BIND.
You should now be able to resolve 1.0.0.127.in-addr.arpa locally (try dig @localhost 1.0.0.127.in-addr.arpa PTR +norec) and other names via recursive resolution. If you cannot accomplish this resolution, something is wrong, and you should read the 'Troubleshooting DNS' section later in this chapter to diagnose and correct your problem before proceeding further. Remember to read the logs!
Providing DNS for a Real Domain
You can expand the minimal nameserver configuration you just created into one that performs useful name service for a real domain. Suppose that your ISP has assigned to you the IP addresses in the 192.0.2.0/29 range (which has six usable addresses: 192.0.2.1-6) and that you want to serve authoritative data for the domain example.com. A friend has agreed to configure her nameserver (192.0.2.96) to be a slave for the domain, as well as a backup mail server. In return, she wants the foo.example.com subdomain delegated to her own nameservers.
