Board index Linux DNS

Moderator: chandranjoy


Postby chandranjoy » Wed Mar 10, 2010 5:28 pm

What is DNS?

DNS (Domain Name System)
, is the service which translates between Internet names and Internet addresses.Internet names are the names which we use to refer to hosts on the Internet, such as addresses are the numbers which routers use to move traffic across the Internet, such as

Important DNS Records:


The above given DNS records are mostly used in all DNS Configurations.

BIND includes a utility called rndc which allows you to use command line statements to administer the named daemon, locally, or remotely. The rndc program uses the /etc/rndc.conf file for its configuration options, which can be overridden with command line options. In order to prevent unauthorized users on other systems from controlling BIND on your server, a shared secret key method is used to explicitly grant privileges to particular hosts. In order for rndc to issue commands to any named, even on a local machine, the keys used in /etc/named.conf and /etc/rndc.conf must match.

Run the Bind key generator for rndc.conf

It teminal window enter:

cd /root;/usr/sbin/dnssec-keygen -a hmac-md5 -b 128 -n user rndc

dnssec-keygen -a alg -b bits -n type [options] name
Version: 9.3.2
Required options:
-a algorithm: RSA | RSAMD5 | DH | DSA | RSASHA1 | HMAC-MD5
-b key size, in bits:
RSAMD5: [512..4096]
RSASHA1: [512..4096]
DH: [128..4096]
DSA: [512..1024] and divisible by 64
HMAC-MD5: [1..512]
-n nametype: ZONE | HOST | ENTITY | USER | OTHER
name: owner of the key

this command creates two files with names starting Krndc as like given below.....
-rw------- 1 root root 46 Jul 26 09:27 Krndc.+157+09056.key
-rw------- 1 root root 81 Jul 26 09:27 Krndc.+157+09056.private

In the one with the .private extension you will find something like:
Private-key-format: v1.2
Algorithm: 157 (HMAC_MD5)
Key: Nds78kjheRT8Ovwe==

The last line is what you're interested in as its the authentication key and
should be put into /etc/rndc.conf and /etc/named.conf

It's easy to edit from gnome desktop simply select file manager then change
to /etc directory right click on the rndc.conf file and select edit.

Edit the file /etc/rndc.conf so that it looks something like this :
replace the ip address to your server ip address :
options {
default-key rndc_key;

server localhost {
key rndc_key;

key rndc_key {
algorithm hmac-md5;
secret "Nds78kjheRT8Ovwe==";

Next, edit /etc/named.conf to the following :
[rememeber to replace the ip address to your server ip address]

key rndc_key {
algorithm hmac-md5;
secret "Nds78kjheRT8Ovwe==";

controls {inet port 953 allow {localhost;} keys {rndc_key;} ; };

Once you've done that restart 'named':

/etc/rc.d/init.d/named restart

Yes, Now you have done the RNDC configuration on your Linux Box ... :)
Site Admin
Posts: 283
Joined: Fri Oct 23, 2009 11:19 pm


Postby chandranjoy » Sat Jun 12, 2010 8:05 pm

The DNS System powers the Internet as we know it today and is responsible for converting domain names into IP addresses and for placing them on the correct hosting server. But the DNS system would have been just a theoretical concept, if TTL was not presented.

Table of contents:
* DNS Zone file overview
* Editing the DNS's TTL setting using the 'Custom DNS Records' tool


TTL is an acronym for Time To Live and refers to the capability of the DNS servers to cache DNS records. It represents the amount of time that a DNS record for a certain host remains in the cache memory of a DNS server after the latter has located the host's matching IP address.

By specifying TTL settings for a particular domain's DNS records, webmasters define the frequency of website content updates. The longer the TTL value is, the faster the domain resolution time periods will be. The TTL value can be set from one to several hours, if you are not planning any changes to your domain's DNS records in the meantime. If you need to make such changes, you will have to decrease the TTL value entry to several minutes to avoid any outdated data on your website.

DNS Zone file overview
Low cost DNS hosting with powerful DNS settings controlThe TTL value represents an essential part of the zone file of your domain name. In the basic format of any DNS zone file, the time to live (TTL) field actually comes first in line followed by several other records (Start of Authority - SOA, records). Now, if we pay a little more attention to the SOA section, they might turn out to be also quite easy to understand.

The SOA section begins with the zone's primary domain name (in this example we'll use, after that it specifies the class of the zone, SOA, and then come the following seven specifications:

MNAME - This is the zone's master DNS server (for example

RNAME - This record specifies the email address of the person/authority that is in charge of managing the domain name, such as (here @ is replaced by '.'). Serial number - Now this value has a special purpose. For optimal speed and efficiency, BIND (one of the most widely used DNS servers, designed for Unix-based operating systems) processes zone files into a different format. What happens is, when BIND loads a zone file at startup, it first looks up at its serial number and proceeds with processing the zone file only if its serial number is bigger than the last processed version. Thus, if you make modifications to a zone file, but leave unchanged its serial number, BIND will ignore your updated version. The typical format of a serial number comprises date and unique serial number (YYYYMMDDNN), such as: 2009010801 - for the second edition (01) of the file on January 8, 2009. This format allows 100 modifications to be made to the zone file per day.

Joomla website with free Joomla installation and full dns settings control Refresh - This value is configured to point the period at which the secondary or slave servers should poll the master server to check if the serial number of the zone file has been modified, and consequently - if the zone file needs to be updated.

Retry - A value, typically an hour or less, that specifies the timeframe within which the slave server should repeat the update request, if the master DNS server for the zone has failed to answer its latest query.

- The 'Expire' value outlines the period of time for which the slave server will continue to use the existing data in case of a failure of the master DNS server. After the specified 'Expire' period is over, the data will be considered outdated and will be no longer used. The domain then will stop resolving. That's why this value should be set up long enough to allow for possible master server outages to be fixed.

Negative caching - TTL Negative responses (typically occurring when a requested record does not exist) can be also cached on non-authoritative servers. This field resembles a basic TTL, but especially sets the value for negative TTL responses. Small time periods are recommended (15min to 2h).

The SOA records can be listed in one line (or they may extend over one line) with spaces in between (view the example below).

To make the picture clearer, we would like to present to you the following example of a zone file, which lists the specifications of our domain

An example with the zone file

$TTL 1d has SOA record 1227715796 16384 2048 1048576 2560
1h )
Site Admin
Posts: 283
Joined: Fri Oct 23, 2009 11:19 pm

Return to DNS

Who is online

Users browsing this forum: No registered users and 1 guest