Help to make a new DNS server
Kevin Darcy
kcd at daimlerchrysler.com
Thu Nov 4 01:56:27 UTC 2004
Yena wrote:
>Hi, i would like to setup a DNS Server.
>Please, i need some help to check mi step:
>
>1) I have registered my domain:
> example.cxm
>
>2) I have installed Bind 9.2.1 on a RedHat 9 Server.
>
BIND 9.2.1 is old. You should be running something more up-to-date.
>I have created my zone file in /var/named/pz:
>-------------------------------------------------------------
>$TTL 60
>@ IN SOA ns1.example.cxm. info.example.cxm. (
> 2001122007;
> 6H;
> 2H;
> 1W;
> 1H );
> NS ns1.example.cxm.
> NS ns2.example.cxm.
> MX 5 mail.example.cxm.
>
>localhost A 127.0.0.1
>example.cxm. A xxx.xxx.xxx.xxx
>mail A xxx.xxx.xxx.xxx
>www A xxx.xxx.xxx.xxx
>ns1 A xxx.xxx.xxx.xxx
>ns2 A xxx.xxx.xxx.yyy
>-------------------------------------------------------------
>
>and i have add in named.conf:
>zone "example.cxm" { type master; file "pz/example.cxm"; };
>
>3) I have add in my registrant pannel the 2 new DNS:
> ns1.example.cxm
> ns2.example.cxm
>
>Is it all correct?
>
A TTL of 60 seconds for data which generally doesn't change very often
(SOA, NS, MX, the "localhost" A record) is pretty extreme. If you need
that degree of volatility for certain A records, then limit the
60-second TTL to just those records, and put everything else higher (at
least an hour). Remember that low TTLs not only overwork your
nameserver, but every nameserver that talks to yours. So it's rather
anti-social to set them so low without a good reason.
As a matter of style, I would stick with fully-qualified owner names
(the ones on the lefthand side) or non-fully-qualified owner names
consistently within your zone file. Your zone file is inconsistent in
this respect because "example.cxm." is fully-qualified, but no other
owner name is. I'd move that record above the "localhost" line, where
you can just use whitespace as the owner name (which means it "inherits"
the previous non-whitespace owner name, i.e. "@", i.e. the name of the
zone, namely "example.cxm.").
Speaking of "localhost", are you sure you need that? I usually don't
bother with it, with no ill effects. Reportedly some apps need it, but
you could always monitor your query logs, and if nothing is querying
that name, just rip that clutter out of your zone file...
As for the "registrant pannel", I'll take your word for it that this is
the correct way to create a delegation with your registrar. Each
registrar is free to provide their own delegation-request mechanisms, so
it's hard to generalize on whether a given method is right or wrong.
>Have i to set or do something else?
>Have i to set also the PTR record?
>
Officially, no. However, if you want to send mail be aware that many
mail server setups these days do reverse lookups as an anti-spam
measure, so without a PTR record for your outbound mail server(s), you
may run into difficulties.
- Kevin
More information about the bind-users
mailing list