|
|
This chapter describes tasks you must perform before your CDDM or Cisco Server Suite 1000 system can communicate with the DNM service and provide DNS (Domain Name System) services.
This chapter assumes:
This chapter describes the following tasks:
This section describes how to use the SCM to start and stop the DNS server.
To configure the DNS server to start automatically whenever a request is received on the server's port number or to control access to the DNS server, see the Cisco Server Suite Installation and Basic Configuration Guide.
To start the DNS server:
Step 1 Start the SCM.
Step 2 Choose DomainName from the Available Services box.
Step 3 Click on Start.
To stop the DNS server:
Step 1 Start the SCM.
Step 2 Choose DomainName from the Available Services box.
Step 3 Click on Stop.
Although the majority of DNS server management involves changing information about the zones for which the server is authoritative, you must also configure the DNS server to handle queries for data in other zones. You must:
All name servers require access to root name servers to help resolve names that are not within their authority. The CDDM provides a file, bind.ca in the CDDM servers directory, that contains a list of root name servers on the Internet. This root name server file is known as a cache file. Your DNS server can query these root name servers if a DNS resolver asks the server for DNS information that is neither within its authority nor cached in memory.
To specify a cache file in place of the default cache file:
Step 1 Start the SCM.
Step 2 Choose DomainName from the Available Services list.
Step 3 Click on the Config tab.
Step 4 Enter the pathname of the desired cache file in the Cache group's File field.
Unless you plan to obtain or create your own cache file, enter the standard CDDM cache file:
You must specify an absolute pathname.
To create a custom cache file, see the next section, "Creating Custom Cache Files".
Step 5 To save the configuration, choose Save Configuration from the File menu.
Your changes take effect the next time you start the DNS service.
DNS cache files are zone files that describe the root zone ("."), which only advertises name servers for top-level domains such as com, edu, gov, and org. You can download a current copy of the cache file, bind.ca, from the InterNIC via anonymous FTP at the following URL:
ftp://ftp.rs.internic.net/domain/named.root
The cache file is in standard BIND zone file format. It includes records that identify the names (via NS records) and addresses (via glue A records) of the root name servers. A glue record is an "A" record used to glue the DNS tree together. A zone transfer of a root zone includes in the root zone the "A" records for the name servers in a subdomain of the root even though these records really belong in the subdomain. Such records that are returned out of place are called glue records.
If you do not want to edit a cache file manually, you can edit it using the DNM Browser:
Step 1 Start the DNM Browser (see the chapter titled "Managing Zones with the DNM Browser").
Step 2 Copy the existing cache file to the DNM Browser host.
Step 3 Import the cache file with the DNM Browser's Import Zone File function, and specify the root domain (".") in the Domain field.
Step 4 Open the root domain's resource record window.
Step 5 Click on the Authority tab.
Step 6 Add, modify, or remove entries in the Name servers area as needed.
Step 7 To save your changes, click on OK.
 | Caution If your DNS server does not have Internet access or is behind a firewall that blocks DNS packets, it will not be able to contact the root name servers but will still need to know the IP address of a host that can access the root name servers. In this situation, configure a forwarder (see "Specifying Forwarders" on page 4-5). The DNS server can also be configured to send queries to a host "acting" as a root name server. In this situation, you can configure a "fake," or internal, root name server. |
If you do not configure the DNS server to be authoritative for any domains, it can still act as a caching-only name server by querying other name servers to resolve host names to IP addresses. The answers received from the inquiry are cached and used in subsequent name resolver requests without querying the remote name server.
Although the DNS server usually sends queries directly to the name server that contains the answer, you can configure it to redirect these queries to a central name server, called a forwarder, that functions as a second-level cache. The central name server then queries the name server that contains the answer, and caches a copy.
Specify forwarders to:
You can specify multiple forwarders. If the first forwarder does not respond within eight seconds, the DNS server asks each remaining forwarder in sequence until it receives an answer or it exhausts the list. If the DNS server receives no answer to a forwarded query, it sends the query to the domain's advertised name servers as if there were no forwarder present.
To forward queries to other name servers:
Step 1 Start the SCM.
Step 2 Choose DomainName from the Available Services list.
Step 3 Click on the Config tab.
Step 4 For each name server that you want to use for forwarded queries:
(a) Enter the IP address of a server that accepts recursive queries from other servers in the lower field in the Forwarders area.
(b) Click on Add in the Forwarders area.
Step 5 To modify a name server IP address in the Forwarders list:
(a) Select the IP address in the Forwarders list. The IP address appears in the field below the Forwarders list.
(b) Edit the name server's IP address in the field below the Forwarders area.
(c) Click on Modify. The new address replaces the old address.
Step 6 To remove one or more name servers from the Forwarders list:
(a) Select the IP addresses in the Forwarders list.
(b) Click on Delete.
(c) When prompted, confirm the deletions one at a time by clicking on Yes, or all at once by clicking on Yes to All.
Step 7 To prevent the server from sending non-recursive queries to other name servers, enable the Slave Mode checkbox.
Step 8 Choose Save Configuration from the File menu.
Changes take effect after you stop and restart the DNS server.
When you install the CDDM or the Cisco Server Suite 1000, the DNS server is configured with default parameters appropriate for most DNS environments. Table 4-1 shows the defaults.
| Parameter | Description | Default Value |
|---|---|---|
| Bootfile | Name of the file in which the SCM stores DNS server configuration data. | config/bind.conf in the directory in which you installed the software |
| Cachefile | File in which the names of root name servers are stored. | servers/bind.ca in the directory in which you installed the software |
| Debugfile | File in which the DNS server stores debugging messages. | disabled |
| Log-lame-delegation | When enabled, the DNS server logs failed attempts to direct queries to advertised name servers that do not provide authoritative answers. | disabled |
| Port | Port on which the DNS server listens for name service queries. The port on which the DNS server requests and receives zone transfers is specified individually for each zone (see "Specifying Zone Data Sources for Each Zone" on page 4-9). | 53 |
To change these defaults:
Step 1 Start the SCM.
Step 2 Choose DomainName from the Available Services list.
Step 3 Click on the StartUp tab.
Step 4 Click on the Parameters tab.
Step 5 Change the defaults as needed.
Step 6 Choose Save Configuration in the File menu.
Your changes take effect the next time you start NetControl.
Once your DNS server is configured for basic name service (see "Configuring Basic Name Service" on page 4-3), you must make it authoritative for each zone you plan to manage.
To make the DNS server authoritative you must:
Each DNS server can be authoritative for many zones, primary for some, and secondary for others. Traditionally, network administrators configured at least one primary name server and two secondary name servers for each zone. Because the DNM server provides zone transfers normally provided by primary name servers, you must configure all your name servers as secondary name servers for zones managed by the DNM server.
You can use both a DNM server and zone files as zone data sources on the same CDDM system.
To make the DNS server authoritative for a zone:
Step 1 Start the SCM.
Step 2 Choose DomainName from the list of available servers.
Step 3 Click on the Config tab. The DNS server configuration screen appears:
Step 4 Make sure the Cache File field contains the name of a file that lists a set of root name servers (see "Specifying the Root Name Server File" on page 4-3).
Step 5 Look for existing entries for the zone in the Primary and Secondary lists. You can modify existing entries, or delete them and add new ones. For example, if your DNS server is already secondary for yoyodyne.com, you can change the existing entry's Backup File parameter; but to make the DNS server primary, you must delete the secondary entry and add a new primary entry.
Step 6 To remove an existing entry for the zone in the Primary or Secondary Zone lists:
(a) Select the entry you want to delete.
(b) Click on Delete in the corresponding area (Primary or Secondary).
Step 7 If you plan to manage the zone via a local zone file:
(a) If the zone is already listed in the Primary Zone list, scroll to that entry.
(b) To add a new entry, click on Add in the Primary section, then scroll to the new blank entry.
(c) Enter the zone name in the Primary Zone field.
(d) Enter the zone file name, including the directory, in the Primary Source field.
(e) If the Primary Source Directory field is blank, enter the directory containing your zone files.
Step 8 If you plan to manage the zone via a DNM server or via another DNS server:
(a) If the zone is already listed in the Secondary Zone list, scroll to that entry.
(b) To add a new entry, click on Add in the Secondary section, then scroll to the new blank entry.
(c) Enter the IP address of the DNM or DNS server that will provide zone transfers for this zone in the Secondary Source field, followed by a slash and the Port on which that DNM or DNS server is running. For example (192.41.228.72/53). The default is port 53. You must specify a zone transfer port other than 53 if your DNS server obtains a zone's data from a DNM server that is configured to perform zone transfers on another port to accommodate a co-resident DNS server. For more information about this topic, see "Specifying the Zone Transfer Port" on page 4-12.
(d) Enter the name of the file to which you want to save zone data after each zone transfer.
Step 9 To save the new configuration, choose Save Configuration from the File menu. Your changes take effect the next time you start the DNS server.
Step 10 To start the DNS server, click on Start. The DNS server loads zone data from files and zone transfers according to the new configuration. When it finishes loading its zone data, it can start answering DNS queries.
Step 11 If you have not already done so, advertise your DNS server for the zone. For details, see "Advertising Your DNS Server" on page 4-13.
Step 12 Test your DNS server with nslookup or a similar utility.
When you configure the Cisco DNS server to be secondary for a zone, the DNS server requests zone transfers on port 53 unless you specify otherwise. You need to specify a zone transfer port other than 53 if your DNS server obtains a zone's data from a DNM server that is configured to perform zone transfers on another port to accommodate a co-resident DNS server (see "Specifying DNM Service Ports" in the chapter titled "Configuring the DNM Service").
You can specify zone transfer ports for each zone in your DNS server's Secondary list. If your DNS server needs to use port 53 for a specific zone (the default), you do not have to specify a zone transfer port.
To specify the zone transfer port for a specific zone:
Step 1 Start the SCM.
Step 2 Choose DomainName from the list of available servers.
Step 3 Choose the Config tab. The DNS server configuration screen appears.
Step 4 Locate the desired entry in the Secondary list.
Step 5 Append a slash (/) and the desired port number to the IP address in the Zone's Source field.
For example, if the Source field contains 192.41.228.72 and the DNM server on 192.41.228.72 is configured to perform zone transfers on port 705, enter 192.41.228.72/705 in the Source field.
Step 6 To save the new configuration, choose Save Configuration from the File menu. Your changes take effect the next time you start the DNS server.
Step 7 To restart the DNS server, first click on Stop and then click on Start. The DNS server loads zone data from files and zone transfers according to the new configuration. When the DNS server finishes loading its zone data, it can start answering DNS queries.
Although you can configure a name server to be authoritative for any domain, in reality it is only useful if other name servers advertise (delegate) it. To advertise a name server:
You must advertise your DNS server in:
If you are managing yoyodyne.com and sales.yoyodyne.com on the same DNM server, the DNM Browser might display your nodes as follows:
In this example, ns3.sales.yoyodyne.com and ns4.sales.yoyodyne.com are authoritative for sales.yoyodyne.com, so both name servers appear in the sales domain.
When you add Name Server records with the DNM Browser, the DNM server automatically delegates authority for the domain to its parent. For example, if you add Name Server records to sales.yoyodyne.com, the DNM Browser automatically adds Name Server and glue IP address records to the yoyodyne.com domain. This lets the host whorfin.yoyodyne.com locate the name servers for sales.yoyodyne.com.
A glue record is an "A" record used to glue the DNS tree together. A zone transfer of a root zone includes in the root zone the "A" records for the name servers in a subdomain of the root even though these records really belong in the subdomain. Such records that are returned out of place are called glue records.
Similarly, to advertise ns1 and ns2 as authoritative name servers for yoyodyne.com, you would add Name Server records as shown in the following figure.
If you add Name Server records as shown above, the DNM server will also add Name Server records to the com domain, for which it is probably not authoritative. In this situation, you must contact the parent domain's administrative contact, and ask to have your domain delegated to your name servers. When you make such a request, you must supply the fully qualified names and IP addresses of your domain's authoritative name servers.
In this example, you would ask the administrator for the com domain to add name server (NS) records for ns1.yoyodyne.com (1.1.1.1) and ns2.yoyodyne.com (1.1.1.2) to the yoyodyne.com domain. If you use the DNM Browser's Export Zone feature, the output file would include the following records:
IN NS ns1.yoyodyne.com
IN NS ns2.yoyodyne.com
ns1 IN A 1.1.1.1
ns2 IN A 1.1.1.3
|
|