Configuring the Zone Control File

Listing 27.3 shows a typical small zone's control file, such as the file specified in the zone configuration described in the previous section, "Setting Up a Zone." This file begins with a line that reads $TTL 1W, which sets the default time-to-live (TTL) value at one week. The file continues with two main parts. The first is the start of authority (SOA), which begins the file and defines various features of the domain as a whole. The SOA line begins with the domain name, followed by a dot. The next characters are IN SOA, which define this record type. The record continues with the name of the zone's primary name server ( in this example—again, note the trailing dot). The next entry looks like a computer's hostname, but it's not—it's an e-mail address, with the at sign (@) replaced with a dot. This e-mail address belongs to the person who's responsible for maintaining the zone. Therefore, Listing 27.3 specifies that [email protected] should receive administrative e-mail.

Listing 27.3: Sample Forward Lookup Zone Control File $TTL 1W IN SOA ( 2003092602 ; serial 28800 ; refresh 14400 ; retry 3600000 ; expire 604800 ; defaultjtl )

calvin IN A

donovan IN A

powell IN A IN A bigben IN CNAME


@ IN MX 10 mail IN MX 50

Warning Hostnames in zone control files usually have trailing dots. The trailing dot marks the end of a hostname. If it's omitted, the server appends the domain's name to the hostname. For instance, if the dot were omitted from in the CNAME record in Listing 27.3, systems that tried to contact bigben would be directed to, which is almost certainly incorrect. The domain name itself in the SOA record must also have a trailing dot. Omitting the trailing dot from a domain name or hostname is a prime cause of problems in DNS zone configurations, so check this detail first if something doesn't work as you expect!

The SOA record continues across the next several lines, using parentheses to group together several numeric entries. These entries frequently have comments associated with them describing their function, as in Listing 21.2. The meanings are, in order, a serial number, the refresh period, the retry period, the zone expiration period, and the default time-to-live (TTL) period for individual entries. The serial number is used by slave DNS servers to identify when a record has changed. You should increase this value whenever you change a record. Administrators frequently use a date-based code for the serial number. Listing 27.3's serial number of 2003092602 might indicate the second change on September 26, 2003, for instance. The remaining entries all specify times in seconds. The refresh, retry, and expire values all relate to master/slave zone transfer timings—how frequently the slave should check back with the master for updated files, how long it should wait before checking again if the first attempt fails, and how long it should wait before discarding a zone entirely if the master doesn't respond. The TTL value tells other DNS servers how long they should cache DNS entries. TTL values between a day and a week are common, but you may want to reduce your TTL value some time before making major changes to your domain. None of these values is very important if you're operating a single DNS server for a small private zone.

Entries after the SOA relate to individual computers or network features. These records begin with a machine name. You may omit the domain name, in which case the name specified in the SOA record is appended. If you include the domain name, be sure to include a trailing dot, as was done for in Listing 27.3. An entry name of an at sign (@) specifies the domain name itself. This usage is common in certain types of entries that apply to the domain as a whole.

The record types have names that appear in the individual entries following the IN code. These record types specify the function of the record, and include:

A An address (A) record defines an individual host on the domain. (You can assign an A record to the domain name itself, in which case the domain name is tied to an individual computer and the domain can have component computers as well.) The data following the A code is an IP address.

CNAME A canonical name (CNAME) record lets you set up an alias, in which one hostname points to another computer by name. These entries list a computer by hostname rather than by IP address. Another way of accomplishing a similar goal is to create multiple A entries that point to the same IP address. CNAME configurations are most useful when the target computer's hostname is fixed but when the IP address may change in a way that's not under your control. For instance, if you use an outside web hosting service, you might use a CNAME record to point users at the outside provider's hostname.

PTR A pointer (PTR) record is used in configuring a reverse DNS zone, as described in the next section, "Handling Reverse Lookups." Because it defines a forward lookup zone, Listing 27.3 contains no PTR records.

NS A name server (NS) record points to a domain's name server. In Listing 27.3, the single NS record points to the same system specified as the primary name server in the SOA record. NS records normally begin with an at sign or the domain name. A domain may have multiple NS records if more than one DNS server is authoritative for the domain.

MX A mail exchanger (MX) record points to a domain's mail server. As with NS records, MX records typically begin with at signs or the domain name. Following the MX code is a priority code. Outside mail servers attempt the send mail to servers in the order of this code. For instance, an outside mail server sending mail to, as described in Listing 27.3, will first try to contact If this contact fails, the outside server will try sending mail to Of course, the mail server must be configured to accept mail to the domain. This topic is described in more detail in Chapter 25, "Delivering E-Mail." You specify a server by name in an MX record, either by hostname alone (in which case the SOA's domain name is added) or complete with domain name and trailing dot.

With this information in hand, you should be able to begin crafting your domain's zone file. Use Listing 27.3 as a starting point and make the appropriate substitutions for your system's hostnames, IP addresses, and so on. When you're done, double-check that the /etc/named.conf file points to the correct zone file and then tell named to reload its configuration by typing killall -HUP named as root. You should then be able to resolve hostnames into IP addresses using host or regular networking tools. For instance, you might type the following command and see the specified output:

$ host has address

This command queries the DNS server at, even if your system isn't yet configured to use it by default. If you see an error message, review your configuration files. Be sure you've included all the elements in the SOA record, as well as the preceding $TTL line. Check that the record for the host you're testing exists and is properly formatted. Try testing other hosts; perhaps your entry includes a typo that's not present for other hosts. Try typing hostnames that don't exist, or specify as a DNS server an IP address that you know doesn't run a DNS server to compare the error messages. Perhaps these comparisons will provide a clue about what's wrong. Check log files such as /var/log/messages for error messages relating to the server.

0 0

Post a comment