Previous

Linux Wireless Access Point HOWTO

Next

Chapter 6. Configuring DNS


6.1 Overview of NAMED

The Access Point can be configured to serve DNS requests and allocate domain names to clients. This is achieved by configuring BIND, the NAMED daemon. We need to construct a configuration file for this daemon /etc/named.conf and accompanying zone files for our wireless network. A complete guide to configuring DNS can be found in the DNS-HOWTO and the named.conf manpage.

If you didn't install BIND during the initial Redhat installation in Chapter 3 you will need to download and install it now.

In this example we use the network 10.1.2.0/24 and the domain simon.akld.nzwireless.org. You should replace these values with the ones allocated to you by your wireless administrator.


6.2 Generating an RNDC key

The rndc tool is used to managed the named daemon. We need to generate a keyfile called /etc/rndc.key which is referenced both by /etc/rndc.conf and /etc/named.conf To do this we use the following command;

[root@accesspoint root]# rndc-confgen -a -c /etc/rndc.key


6.3 Example NAMED configuration file

As in the previous chapter, I have chosen here to provide an example configuration file that you can tailor to your network, using the embedded comments as a guide. All lines that begin with "//" are comments.

As before, we pretend here that 10.1.2.0/255.255.255.0 is the network assigned to us by our wireless administrator. You will need to substitute this and other values in the example configuration file to reflect the actual network assigned to you.

// Example named.conf file
//
// Set default directory.
// Allow queries from the entire wireless network.
// Both of the IP addresses given in the section "forwarders" should be set to the DNS
// servers of your ISP.
// Set preference for DNS responses from the wireless network.

options {
      directory "/var/named";
      allow-query { 10.0.0.0/8; localhost; };
      allow-recursion { 10.0.0.0/8; localhost; };
      forward first;
      forwarders {
           0.0.0.0;
           1.1.1.1;
      };
      topology {
           10/8;
      };
  };

// Enable RNDC connections from this host.
controls {
      inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};

// This is the root servers zone file, already present on this system.
zone "." {
      type hint;
      file "named.ca";
};

// This is the localhost zone file, already present on the system.
zone "localhost" IN {
      type master;
      file "localhost.zone";
      allow-update { none; };
};

// This is the reverse zone file for localhost, already present on the system.
zone "0.0.127.in-addr.arpa" {
      type master;
      file "named.local";
      allow-update { none; };
};

// This is the zone file for our wireless domain. Edit this entry to reflect your domain.
zone "simon.akld.nzwireless.org" {
      allow-transfer { 10.0.0.0/8; localhost; };
      allow-query { any; };
      allow-update { none; };
      type master;
      file "simon.akld.nzwireless.org";
};

// This is the reverse zone file for our wireless domain. Edit it to reflect the IP network
// assigned to you. (note - in reverse! network 10.1.2.0 becomes 2.1.10.in-addr.arpa)
zone "2.1.10.in-addr.arpa" {
      allow-transfer { 10.0.0.0/8; localhost; };
      allow-query { any; };
      allow-update { none; };
      type master;
      file "2.1.10.in-addr.arpa";
};

// A key file needs to be referenced for use by rndc.
include "/etc/rndc.key";



6.4 Example ZONE files

Next we need to build the zone files. These files contain the actual DNS information concerning machines on our wireless network. Three of the zone files mentioned in named.conf are the defaults, already present on the system in the directory /var/named. They are localhost.zone, named.ca and named.local

Because these files are already in place we only need to add the two /var/named/2.1.10.in-addr.arpa and /var/named/simon.akld.nzwireless.org

Note that if you have requested more than one subnet from your wireless group (e.g. for the machines on your wired network) you will need to create an extra reverse zone file for each one and make corresponding entries in /etc/named.conf

Here are two example zone files, a forward and a reverse. In these files comments are indicated by lines that begin with a ";" Note that you will need to modify both of these files to reflect the domain and subnet allocated to you by your wireless administrator.

These zone files only provide records for your nameserver, Access Point and the DHCP clients via NS records, A records and PTR records. Add records for other systems as required, for instance if you have systems with static addresses attached to your wireless network.

;
; Example zone file for simon.akld.nzwireless.org
;
; Change "oob.wildstar.net" to your own email address e.g. "someone.yahoo.com"
;
$TTL 3D
@        IN      SOA     ns.simon.akld.nzwireless.org. oob.wildstar.net. (
                      199802151     ; serial, todays date + todays serial #
                      8H     ; refresh, seconds
                      2H     ; retry, seconds
                      4W   ; expire, seconds
                      1D )    ; minimum, seconds
;
                       NS    accesspoint    ; Inet Address of name server
;
localhost        A        127.0.0.1
accesspoint    A        10.1.2.1
ns                   A        10.1.2.1
                      TXT        "Simons Wireless Gateway"
dhcp-01         A         10.1.2.10
dhcp-02         A         10.1.2.11
dhcp-03         A         10.1.2.12
dhcp-04         A         10.1.2.13
dhcp-05         A         10.1.2.14
dhcp-06         A         10.1.2.15
dhcp-07         A         10.1.2.16
dhcp-08         A         10.1.2.17
dhcp-09         A         10.1.2.18
dhcp-10         A         10.1.2.19
dhcp-11         A         10.1.2.20


;Example zone file for 10.1.2.0
;
; Change "oob.wildstar.net." to your own email address e.g. "something.yahoo.com."
;
$TTL 3D
@        IN       SOA     ns.simon.akld.nzwireless.org. oob.wildstar.net. (
                      199802151     ; Serial
                      8H     ; Refresh
                      2H     ; Retry
                     4W     ; Expire
                     1D)     ; Minimum TTL
;
                      NS          accesspoint.simon.akld.nzwireless.org.
1                   PTR         accesspoint.simon.akld.nzwireless.org.
10                 PTR         dhcp-01.simon.akld.nzwireless.org.
11                 PTR         dhcp-02.simon.akld.nzwireless.org.
12                 PTR         dhcp-03.simon.akld.nzwireless.org.
13                 PTR         dhcp-04.simon.akld.nzwireless.org.
14                 PTR         dhcp-05.simon.akld.nzwireless.org.
15                 PTR         dhcp-06.simon.akld.nzwireless.org.
16                 PTR         dhcp-07.simon.akld.nzwireless.org.
17                 PTR         dhcp-08.simon.akld.nzwireless.org.
18                 PTR         dhcp-09.simon.akld.nzwireless.org.
19                 PTR         dhcp-10.simon.akld.nzwireless.org.
20                 PTR         dhcp-11.simon.akld.nzwireless.org.



6.5 Configuring the Access Point to use local DNS

Next, we add an entry to the file /etc/resolv.conf to direct our Access Point to the local name server and tell it that it is part of our domain with the following command;

[root@accesspoint root] cat <<END_ENTRY > /etc/resolv.conf
nameserver 127.0.0.1
search simon.akld.nzwireless.org
END_ENTRY

Note that you will need to change the value simon.akld.nzwireless.org to your own domain.


6.6 Testing DNS

If we have configured DNS correctly, we should be able to start up our nameserver and run queries against it that produce the correct results. First, start up the name server and make sure it comes up with an ok message. If it doesn't, any error messages will give us a hint to what has gone wrong. Note that not all errors are fatal.

[root@accesspoint root]# service named start

Next we will run a couple of queries against the name server to make sure that it is producing the correct results. In order to do this we use the dig utility, though we could also have used nslookup. Note that you will need to modify these queries to match your domain.

First we check the forward zone with dig;

[root@accesspoint root]# dig dhcp-01.simon.akld.nzwireless.org

Which should produce output similar to this;

; <<>> DiG 9.2.1 <<>> dhcp-01.simon.akld.nzwireless.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63169
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;dhcp-01.simon.akld.nzwireless.org. IN A

;; ANSWER SECTION:
dhcp-01.simon.akld.nzwireless.org. 259200 IN A 10.10.10.10

;; AUTHORITY SECTION:
simon.akld.nzwireless.org. 259200 IN NS accesspoint.simon.akld.nzwireless.org.

;; ADDITIONAL SECTION:
accesspoint.simon.akld.nzwireless.org. 259200 IN A 10.10.10.1

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Jan 6 00:51:50 1980
;; MSG SIZE rcvd: 110

Next we check the reverse zone, again using dig.

[root@accesspoint root]# dig -x 10.1.2.10

Which should produce output similar to this;

; <<>> DiG 9.2.1 <<>> -x 10.1.2.10
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42239
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;10.2.1.10.in-addr.arpa. IN PTR

;; ANSWER SECTION:
10.2.1.10.in-addr.arpa. 259200 IN PTR dhcp-01.akld.nzwireless.org.

;; AUTHORITY SECTION:
2.1.10.in-addr.arpa. 259200 IN NS accesspoint.akld.nzwireless.org.

;; ADDITIONAL SECTION:
accesspoint.simon.akld.nzwireless.org. 259200 IN A 10.1.2.1

;; Query time: 5 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Jan 6 01:00:31 1980
;; MSG SIZE rcvd: 132

If either of these quieries doesn't produce the desired results, the output from dig should give us hints to what has gone wrong.


6.7 Enabling DNS from startup

As we did with DHCPD, we need to turn on NAMED from boot using the setup utility. We add NAMED to our list of services that should start at boot time by adding an asterix beside the NAMED entry in the System services menu of setup as described in section 3.3


Previous Home Next