Help to make a new DNS server

Kevin Darcy kcd at daimlerchrysler.com
Thu Nov 4 01:56:27 UTC 2004 

Yena wrote:

>Hi, i would like to setup a DNS Server.
>Please, i need some help to check mi step:
>
>1) I have registered my domain:
>    example.cxm
>
>2) I have installed Bind 9.2.1 on a RedHat 9 Server.
>
BIND 9.2.1 is old. You should be running something more up-to-date.

>I have created my zone file in /var/named/pz:
>-------------------------------------------------------------
>$TTL 60
>@               IN      SOA     ns1.example.cxm. info.example.cxm. (
>                                2001122007;
>                                6H;
>                                2H;
>                                1W;
>                                1H );
>                        NS      ns1.example.cxm.
>                        NS      ns2.example.cxm.
>                        MX      5       mail.example.cxm.
>
>localhost               A       127.0.0.1
>example.cxm.        A       xxx.xxx.xxx.xxx
>mail                      A       xxx.xxx.xxx.xxx
>www                    A       xxx.xxx.xxx.xxx
>ns1                      A       xxx.xxx.xxx.xxx
>ns2                      A       xxx.xxx.xxx.yyy
>-------------------------------------------------------------
>
>and i have add in named.conf:
>zone "example.cxm" { type master; file "pz/example.cxm"; };
>
>3) I have add in my registrant pannel the 2 new DNS:
>    ns1.example.cxm
>    ns2.example.cxm
>
>Is it all correct? 
>

A TTL of 60 seconds for data which generally doesn't change very often 
(SOA, NS, MX, the "localhost" A record) is pretty extreme. If you need 
that degree of volatility for certain A records, then limit the 
60-second TTL to just those records, and put everything else higher (at 
least an hour). Remember that low TTLs not only overwork your 
nameserver, but every nameserver that talks to yours. So it's rather 
anti-social to set them so low without a good reason.

As a matter of style, I would stick with fully-qualified owner names 
(the ones on the lefthand side) or non-fully-qualified owner names 
consistently within your zone file. Your zone file is inconsistent in 
this respect because "example.cxm." is fully-qualified, but no other 
owner name is. I'd move that record above the "localhost" line, where 
you can just use whitespace as the owner name (which means it "inherits" 
the previous non-whitespace owner name, i.e. "@", i.e. the name of the 
zone, namely "example.cxm.").

Speaking of "localhost", are you sure you need that? I usually don't 
bother with it, with no ill effects. Reportedly some apps need it, but 
you could always monitor your query logs, and if nothing is querying 
that name, just rip that clutter out of your zone file...

As for the "registrant pannel", I'll take your word for it that this is 
the correct way to create a delegation with your registrar. Each 
registrar is free to provide their own delegation-request mechanisms, so 
it's hard to generalize on whether a given method is right or wrong.

>Have i to set or do something else?
>Have i to set also the PTR record?
>
Officially, no. However, if you want to send mail be aware that many 
mail server setups these days do reverse lookups as an anti-spam 
measure, so without a PTR record for your outbound mail server(s), you 
may run into difficulties.

                                                                         
                                             - Kevin

More information about the bind-users mailing list