In addition, the machine(s) with the static IP addresses need to be
running an authoritative DNS server, such as MaraDNS.
What is a domain zone?
A name like www.example.com is part of the
domain zone
example.com. The name www.yahoo.com, as another example, is part of the
domain zone
yahoo.com. www.maradns.org is part of the
domain zone
maradns.org.
Setting up a domain with MaraDNS
Compile and install MaraDNS on the system which
will act as an authoritative DNS server.
After doing this, the mararc file needs to be changed before MaraDNS will function as an authoritative DNS server.
A mararc file which can be used to serve the domain zones that one wishes to have control over needs to only be four lines long:
ipv4_bind_addresses = "10.3.28.79"
chroot_dir = "/etc/maradns"
csv2 = {}
csv2["example.com."] = "db.example.com"
Lets look at these four lines. The first line, ipv4_bind_addresses,
is the IP address (or addresses) this DNS server will have. Since we're
running an authoritative DNS server, it is important that this IP
address be a routable IP address--an IP address that can be accessed
by anyone on the internet. It is also important that any firewall between
this machine and the internet at large is able to connect to UDP port
53 of this machine.
The chroot_dir value is the directory that contains all of the files with information for the domain zones (these files are normally called "zone files" by DNS administrators). Here, we place the zone files in the directory /etc/maradns.
The third line, csv2 = {}, tells MaraDNS that we will be acting as an authoritative DNS server. This line must be placed before telling MaraDNS where any zone files are located.
The fourth line, csv2["example.com."] = "db.example.com" tells MaraDNS that, for the domain zone "example.com.", the zone file is called "db.example.com".
In other words, example.com. is the name of the domain zone that the file db.example.com has data for. Change example.com. to the name of the domain zone you wish to serve, and db.example.com to the filename to be used to serve that domain zone. Important: the domain zone name (e.g. example.com.) requires a trailing dot.
It is possible to server multiple domain zones, of course. For example:
It is also possible to bind MaraDNS to multiple IP addresses, e.g:csv2["example.com."] = "db.example.com" csv2["example.org."] = "db.example.org" csv2["heaven.af.mil."] = "db.heaven.af.mil"
ipv4_bind_addresses = "10.3.28.79, 10.9.87.23"
# This is an example zone file for the imaginary domain example.com. # We have two records which handle the serving of web pages. These # are simple name-to-ip translations. In other words, we have one # record which states "The IP for example.com. is 10.10.10.12" and # another that states "The IP for www.example.com. is 10.10.10.12" example.com. 10.10.10.12 ~ www.example.com. 10.10.10.12 ~ # We also need to set up an IP for the machine that serves email for # example.com. Because of how DNS is designed, we both need # a record which states "The machine which handles mail for # example.com is called mail1.example.com" and a record which states # "The IP address for mail1.example.com is 10.10.10.15": example.com. MX 10 mail1.example.com. ~ mail1.example.com. 10.10.10.15 ~Now, to adapt this file to another zone, we need to simply make the following changes:
example.com. NS ns1.example.com. ~ ns1.example.com. 10.10.10.19 ~ example.com. 10.10.10.19 ~ www.example.com. 10.10.10.19 ~ example.com. MX 10 mail1.example.com. ~ mail1.example.com. 10.10.10.19 ~Translated into English, the above lines say:
A line in a domain zone file contains a single DNS record. The data has multiple fields separated by a whitespace or the | character, and is in this format:
For example:
www.example.com. 10.10.10.10 ~ www.example.com. 10.10.10.11 ~ www.example.com. 10.10.10.12 ~In this example, a query to www.example.com will return a list of three IPs. MaraDNS rotates the records so that the first IP given to a client changes each time a query for www.example.com is made. This can be used as a primitive kind of load balancing.
If one is setting up multiple domain zones, all of which have more or less the same data, it is convenient to have a template domain file which different zones can use without needing to modify the file in question.
MaraDNS has support for this by using the % symbol. Whenever MaraDNS sees a % in a csv2 zone file, MaraDNS knows to replace the percent symbol with the name of the zone in question. For example, if the file in question is the zone file for example.com, the % is expanded out to "example.com.". If the zone file in question is for maradns.org, the % is expanded out to "maradns.org.". Hence, we could, provided that the zone file is for example.com, have a zone file like this:
# We have two records which handle the serving of web pages. These # are simple name-to-ip translations. % 10.10.10.12 ~ www.% 10.10.10.12 ~ # We also need to set up an IP for the machine that serves email for # our zone. Because of how DNS is designed, we both need # a record which states "The machine which handles mail for # out zone is called mail1.<zone name>" and a record which states # "The IP address for mail1.<zone name> is 10.10.10.15": % MX 10 mail1.example.com. ~ mail1.% 10.10.10.15 ~This zone file would function identically to the first example zone file above.
When a recursive DNS server attempts to find the IP for, say, www.example.com, it firsts asks the root nameservers for this IP. The root name servers send out a reply which says "We do not know that answer to this question, but you may contact the DNS server at 10.1.2.3 for the answer". At this point, the recursive DNS server contacts 10.1.2.3, asking it for the IP for www.example.com. (Actually, the root nameservers give out the .com nameservers, which in turn give out the example.com nameservers, but the principle is the same)
In order that the entire internet community may be aware of a domain, the domain must be registered with the root name servers, so that the root name servers know that IPs of the machines which are authoritative DNS servers for the domain in question. (Again, you're really registering with, say, the .com servers)
The exact policies which one needs to confirm to to register their domain depend on the register in question. To register a domain under the generic domain names (presently .com, .net, .org, and .info) one simply needs to register their name with a register, and follow some guidelines when designing the zone files for their domain.
There are a number of competing registrars which server domain names. One which I have extremely happy with is Net Wizards; domains can be registered at http://domains.netwiz.net/. In order to register a domain, you will need to know the zone servers for your domain. You can either set these up yourself (see below for an example), or use the askmara tutorial to find out the name servers for your domain.
To use the askmara tool, make an askmara query like this:
askmara Nexample.com. 127.0.0.1Replace example.com with the name of the domain to be registered, and 127.0.0.1 with the IP of the DNS server. The output of the query will look something like this:
# Querying the server with the IP 127.0.0.1 # Question: Nexample.com. example.com. +86400 ns synth-ip-0a010203.example.com. ~ example.com. +86400 ns synth-ip-0a040506.example.com. ~ # NS replies: # AR replies: #synth-ip-0a010203.example.com. +86400 a 10.1.2.3 ~ #synth-ip-0a040506.example.com. +86400 a 10.4.5.6 ~The names for the name servers we wish to submit to the registrar are the synth-ip-0a010203.example.com and synth-ip-0a040506.example.com names above. These somewhat long names are the names for the nameservers for the (in the above example) example.com. domain. At the end of the askmara output, you can see the IPs for these name servers; place these IPs in the field where they ask for the IP of the name servers for your domain.
For example, if the registrar's form looks like this:
Domain name: _________________ Nameserver 1 name: ____________________________________ Nameserver 1 IP: ____________________________________ Nameserver 2 name: ____________________________________ Nameserver 2 IP: ____________________________________ Nameserver 3 name: ____________________________________ Nameserver 3 IP: ____________________________________ Nameserver 4 name: ____________________________________ Nameserver 4 IP: ____________________________________Based on the above askmara output, we would fill out the above form thusly:
Domain name: example.com Nameserver 1 name: synth-ip-0a010203.example.com. Nameserver 1 IP: 10.1.2.3 Nameserver 2 name: synth-ip-0a040506.example.com. Nameserver 2 IP: 10.4.5.6 Nameserver 3 name: ____________________________________ Nameserver 3 IP: ____________________________________ Nameserver 4 name: ____________________________________ Nameserver 4 IP: ____________________________________
If you only have one NS server, you may need to get a second one to
register a domain. The procedure for doing this is described in the
following section.
Getting two IPs
As stated near the beginning of this document, many registries require
that one has two IPs to register a domain. If one has a computer with
two or more routable IPs assigned to it, it is simple enough to have
MaraDNS bind to these IPs. Change the variable
ipv4_bind_addresses to include all of the IPs one wishes MaraDNS
to have, like the following example:
ipv4_bind_addresses = "10.1.2.3, 10.5.6.7"Naturally, replace "10.1.2.3" and "10.5.6.7" with the IPs your machine has.
If you have but a single IP, it is necessary to find someone who will
provide secondary DNS service for your domain, and set up MaraDNS to
be a zoneserver. Information on how
to do this is provided in the DNS master
document.
Names internal to a network
Sometimes one will have a number of computers in an office, or other small
network, with a number
of different names. It is desirable to use DNS to give these office
machines IP addresses. Let us suppose that we have a company with
computers named "Mascota", "Paloma", and "Vela". If we want to have
computers in the office be accessible with just the name (such as
just "Vela"), we set up what is known as a default domain
suffix. Let us suppose that the company in question is a company
that sells examples of hard work. Hence, the company is called
"example.com". We then give our computers the names "mascota.example.com",
"paloma.example.com", and "vela.example.com". We then tell computers
in the office that, when given a name without a suffix, to append the
"example.com" suffix when looking for host names.
It is possible to do this in MaraDNS 1.3 in two different ways.
One way is to set up MaraDNS' recursive resolver to use a custom nameserver for a subset of the DNS space. For example, the recursor can be told to go to "192.168.0.7" to look up all names that end in ".office". More information about this is in the recursive DNS document.
The other method takes advantage of the fact that MaraDNS first looks up authoritative names before performing recursion. For example, if www.google.com is defined in a MaraDNS zone file, MaraDNS will use the value in the zone file instead of contacting nameservers on the internet to get the IP for www.google.com.
On UNIX, BSD, and Linux machines in an office, this is done by adding a line like this to the file /etc/resolv.conf:
search example.com
In Windows XP, go to Control Panel -> Network Connections -> Local Area Connection (or whatever connection the computer uses to get on the LAN) -> Properties -> Internet Protocol (TCP/IP) (this is under "The connection uses the following items" and you may have to scroll down to see it) -> Advanced -> DNS -> "Append these DNS suffixes (in order)" -> Add and type in "example.com" (or whatever) as the Domain suffix.
Once this is done, create a zone for example.com. Since we're just giving three computers IPs, the zone file for example.com is added to the mararc file with this line:
csv2["example.com."] = "db.example.com"We then place, in the directory pointed to by chroot_dir in the mararc file, the file db.example.com, which looks like this:
mascota.% 10.1.2.3 ~ paloma.% 10.5.6.7 ~ vela.% 10.9.8.4 ~See above for an explanation of what the % symbol does.
The above three lines, which is a complete csv2 zone file, is a shorthand for the following:
# The SOA record. If a zone doesn't have a SOA record, MaraDNS will
# synthesize an appropriate one for a given zone. This is information
# about who is in charge of the example.com zone; basically the zone
# name "example.com.", SOA "It's a Start of Authority record",
# "example.com." (this is the name of the machine in charge of
# example.com), "hostmaster@example.com." (the email address of the
# person in charge of example.com.)
example.com. SOA example.com. hostmaster@example.com. ~
# The following numbers, part of the SOA record, give some technical
# information about transferring information about this zone to other
# DNS servers. If you use rsync to share zone files, these numbers
# do not need to be worried about.
1 7200 3600 604800 1800 ~
# NS records. If a zone doesn't have NS record, MaraDNS will, again
# synthesize appropriate NS records for a given zone. This is a list
# of all of the DNS servers that have the example.com zone file.
example.com. NS ns1.example.com. ~
example.com. NS ns2.example.com. ~
# The NS records above need IPs. Note that "A" (this is an IP) is
# optional
ns1.example.com. A 10.1.2.3 ~
ns2.example.com. A 10.4.5.6 ~
# Now that we have the SOA and NS records taken care of (again, MaraDNS
# will automatically take care of these records if they are not in a
# zone), we can add the records for the zone in question
# mascota.example.com. has the IP address 10.1.2.3
mascota.example.com. A 10.1.2.3 ~
# mascota.example.com. has the IP address 10.5.6.7
paloma.example.com. A 10.5.6.7 ~
# mascota.example.com. has the IP address 10.9.8.4
vela.example.com. A 10.9.8.4 ~
Information on setting up a recursive server so that these names are private
network-specific hostnames is available in the
private hostname section of the
recursive server document.