You can use the DNS module of YaST to configure a DNS server for your local network. When starting the module for the first time, a wizard starts, prompting you to make just a few basic decisions concerning administration of the server. Completing this initial setup produces a very basic server configuration that should be functioning in its essential aspects. The expert mode can be used to deal with more advanced configuration tasks, such as setting up ACLs, logging, TSIG keys, and other options.
The wizard consists of three steps or dialogs. At the appropriate places in the dialogs, you are given the opportunity to enter the expert configuration mode.
When starting the module for the first time, the Figure 34.1, “DNS Server Installation: Forwarder Settings”, opens. In it, decide whether the PPP daemon should provide a list of forwarders on dial-up via DSL or ISDN ( ) or whether you want to supply your own list ( ).
dialog, shown in
The Section 34.5, “Zone Files”.
For a new zone, provide a name for it in . To add a reverse zone, the name must end
in .in-addr.arpa
. Finally, select the (master or slave). See Figure 34.2, “DNS Server Installation: DNS Zones”. Click
to configure
other settings of an existing zone. To remove
a zone, click .
In the final dialog, you can open the DNS port in the firewall by clicking Figure 34.3, “DNS Server Installation: Finish Wizard”.
. Then decide whether or not the DNS server should be started ( or ). You can also activate LDAP support. SeeAfter starting the module, YaST opens a window displaying several configuration options. Completing it results in a DNS server configuration with the basic functions in place:
Under
, define whether the DNS server should be started when the system boots (during booting the system) or manually. To start the DNS server immediately, select . To stop the DNS server, select . To save the current settings, select . You can open the DNS port in the firewall with and modify the firewall settings with .By selecting
, the zone files are managed by an LDAP database. Any changes to zone data written to the LDAP database are picked up by the DNS server as soon as it is restarted or prompted to reload its configuration.In this section, set basic server options. From the
menu, select the desired item then specify the value in the corresponding entry field. Include the new entry by selecting .
To set what the DNS server should log
and how, select /var/log/messages
by
selecting or specify a
different file by selecting . In the
latter case, additionally specify the maximum file size in
megabytes and the number of log files to store.
Further options are available under every query to be logged, in which case the log file could grow extremely large. For this reason, it is not a good idea to enable this option for other than debugging purposes. To log the data traffic during zone updates between DHCP and DNS server, enable . To log the data traffic during a zone transfer from master to slave, enable . See Figure 34.4, “DNS Server: Logging”.
. Enabling causesUse this window to define ACLs (access control lists) to enforce access restrictions. After providing a distinct name under
, specify an IP address (with or without netmask) under in the following fashion:{ 10.10/16; }
The syntax of the configuration file requires that the address ends with a semicolon and is put into curly braces.
The main purpose of TSIGs (transaction signatures) is to secure communications between DHCP and DNS servers. They are described in Section 34.7, “Secure Transactions”.
To generate a TSIG key, enter a distinctive name in the field labeled
and specify the file where the key should be stored ( ). Confirm your choices with .To use a previously created key, leave the
field blank and select the file where it is stored under . After that, confirm with .To add a slave zone, select
, choose the zone type , and click . under , specify the master from which the slave should fetch its data. To limit access to the server, select one of the ACLs from the list. SeeTo add a master zone, select
, choose the zone type , write the name of the new zone, and click .To edit a master zone, select
, choose the zone type , select the master zone from the table, and click . The dialog consists of several pages: (the one opened first), , , , and .The basic dialog, shown in Figure 34.6, “DNS Server: Zone Editor (Basic)”, lets you define settings for dynamic DNS and access options for zone transfers to clients and slave name servers. To permit the dynamic update of zones, select as well as the corresponding TSIG key. The key must have been defined before the update action starts. To enable zone transfers, select the corresponding ACLs. ACLs must have been defined already.
This dialog allows you to define alternative name servers for the zones specified. Make sure that your own name server is included in the list. To add a record, enter its name under Figure 34.7, “DNS Server: Zone Editor (NS Records)”.
then confirm with . SeeTo add a mail server for the current zone to the existing list, enter the corresponding address and priority value. After doing so, confirm by selecting Figure 34.8, “DNS Server: Zone Editor (MX Records)”.
. SeeThis page allows you to create SOA (start of authority) records. For an explanation of the individual options, refer to Example 34.6, “File /var/lib/named/world.zone”. Changing SOA records is not supported for dynamic zones managed via LDAP.
This dialog manages name resolution. In
, enter the hostname then select its type. represents the main entry. The value for this should be an IP address. is an alias. Use the types and for detailed or partial records that expand on the information provided in the and tabs. These three types resolve to an existing A record. is for reverse zones. It is the opposite of an A record.