[ALUG] Hostname and DNS Configurations

Andreas Tauscher ta at geuka.net
Tue Nov 22 13:07:58 EAT 2016 

On 18.11.2016 10:37, Hamisi Jabe via Linux wrote:
> Dear All,
> 
> I need to clerify from you experts on the below mis interpretation in my
> mind about dns server and hostname.
> 
> 
> Lets take for example i have a domain example.com and i have pointed the
> domain to a host called host1.example.com and host2.example.com as its
> dns servers,
> 
> My point is:-
> 
> On the Hosts host1 and host2 dns zones configuration for example.com, do
> we create zones for host1.example.com and host2.example.com first then
> zone for example.com or!!!!

You don't create separate zones. host1 and host2 are within this zone
example.com.
You create/change it on the master which is usual the same like listed
in the SOA record (but must not be). When your master/slave
configuration is correct the master notifies all slaves about the change
and they initiate a transfer.
On the slave in named.conf.local:

zone "example.com" {
	type slave;
	file "example.com";
	masters { $IP_of_master; };
        allow-notify { $IP_of_master; };
	allow-query { any; };
};

On the Master:

zone "example.com" {
	type master;
	file "example.com";
	allow-transfer { $IP_of_slave; };
	allow-query { any; };
};

> Which is the best practice here

You must create a glue record for host1 and host2 in the parent zone
otherwise your zone will not be resolvable.
DNS is a *strict* hierarchical system.
Maybe your registrar did this automatically. You can verify this with dig:
$ dig -tNS com
You get the list of the NS for .com now you send a query to one of this
servers:
$ dig -tNS example.com @a.gtld-servers.net
If you get now as result your host1.example.com and host2.example.com
the glue records are there. If not your registrar has to create them.

It is not best practise to have all nameservers within the same domain.
Best practice is having them in different TLDs. And best in TLDs
administrated by different NICs. Also having them in different networks.

> See example below if its correct for forward zone file.

> **************************************************************************
$ORIGIN .
> $TTL 604800  
       ^^^^^^ much to high. 3600=1 hour is fine

 example.com IN SOA host1.example.com. root.example.com. (
#                   ^^^^^ The parent zone example.com is not
authorative!  And root at example.com must be a valid, reachable mail address!
> 
>                             20160831 ; Serial
>                             10m ; Refresh
# Set this to ~28800 = 8 hours refresh
>                             10m ; Retry
# 7200 = 2 hours retry
>                             4w ; Expire
# 1 week expire
>                             10m ) ; Negative Cache TTL
> 
         IN         NS           host1.example.com.
         IN         NS           host2.example.com.
# Both NS must be in the zone file. And the names have to be identical
# with the records in the parent zone. This names have to be the
# identical with the names you get from "whois example.com"

         IN         A             196.249.X.X
         IN         MX     0   host1.example.com.

> ***************************************************************************

The zone files must to be *identical* on all servers.

More information about the Linux mailing list