Configuring DNS Server Master Zones

As mentioned earlier, DNS comes in three flavors:

  • Master (also called primary)
  • Slave (also called secondary)
  • Caching-only

We discussed creating a caching-only server earlier in the chapter. Caching-only servers cannot answer queries, but can only pass those queries on to other servers with master or slave zones that are authoritative over the domain in question. However, all DNS servers should be configured to perform caching functions.

Now let’s turn our attention to adding DNS server master zones. A DNS server master zone can answer queries about its domain without querying other servers, because its data resides on the local hard disk. A DNS server master zone is considered to have the most up-to-date records for all the hosts in that domain.

Adding Local Domain Resolution

Earlier in the chapter you created a caching-only DNS residing on the hypothetical host mainserv at address in domain domain.cxm. Assume that this same subnet has host mydesk at It’s an easy task to add local domain resolution, using master zones. Here is the basic procedure:

  1. Add master zone domain.cxm to named.conf, pointing to zone data file named.domain.cxm.
  2. Add master zone to named.conf, pointing to zone data file named.192.168.100.
  3. Create zone data file named.domain.cxm, resolving both hosts, sendmail and www.
  4. Create reverse zone data file named.192.168.100, resolving both IP addresses.
  5. Restart named.
  6. Test and troubleshoot.

Add Zone domain.cxm to named.conf

Add the following code to /etc/named.conf:

zone "domain.cxm" {               #DNS for all host this domain
  type master;                   #file on this host
  file "named.domain.cxm";       #dns file for domain

This says to refer any name or FQDN in domain domain.cxm to the data in named.domain.cxm, which, due to the type master;statement, is input to the DNS server, not output from it and not an intermediate file. Note that the text to the right of the pound signs (#) are comments. Next, create file named.domain.cxm.

Add Master Zone to named.conf

Add the following code to /etc/named.conf:

zone "" {    #DNS for all IP's in subnet
        type master;                #file on this host
        file "named.192.168.100";   #DNS file for this subnet

The preceding says to refer any IP address in the 192.168.100 subnet to the data in named.192.168.100, which resides in /var/namedas specified by directory clause in the options statement of /etc/named.conf. See Listing 14.1 in the section DNS Server Configuration Files earlier in this chapter.

Create Zone Data File named.domain.cxm

Create the following /var/named/named.domain.cxm:

@       IN      SOA     mainserv.domain.cxm. hostmaster.domain.cxm.  (
                                      2000072001 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum

                     IN    NS           mainserv
                     IN    MX 10        mainserv

mainserv             IN    A  
mydesk               IN    A  
www                  IN    CNAME        mainserv

Nameserver mainserv.domain.cxm has authority over zone @, which, via the zone call in named.conf, is set to domain.cxm. The information between the parentheses contains timing details explained earlier in this chapter. A single nameserver (NS) for @(domain.cxm) is at mainserv. mainserv handles the mail (MX) for domain.cxm. The mainserv and mydesk hosts in domain.cxm have addresses and, respectively. Alias www refers to mainserv, which by a previous line is set to192.168.100.1.

The IN NS and IN MX statements have no name identifier in column 1. An IN item lacking a name identifier defaults to the name identifier of the last statement possessing an identifier, which in this case is the top line.

The preceding zone data file is built for simplicity. Real-life servers have an ns IN A type line so they can call the nameserver ns in all files. That way, if the nameserver is changed from mainserv to mydesk, the only required change in any file is thens IN A line. Real-life zones also have at least two IN NS lines, so if one nameserver goes down, the other one picks up the slack.

Note that syntax is important, especially because zone data file syntax is different from boot file syntax. All name identifiers must be in column 1. All periods (.) are vital because a name ending in a period is considered absolute, while a name not ending in a period is considered relative to the @ symbol, which is substituted by the domain from the named.conf zone record.

Create Reverse Zone Data File named.192.168.100

Create the following named.192.168.100:

@     IN      SOA    mainserv.domain.cxm. hostmaster.domain.cxm. (
                                      2000072001 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum
      IN      NS      mainserv.domain.cxm.

1     IN      PTR     mainserv.domain.cxm.
2     IN      PTR     mydesk.domain.cxm.

In the preceding, the @ at the start stands for what was called from /etc/named.conf, in this case The 1 and 2 in the name field at the bottom are prepended to that, so the full reverse domains are, which resolves to mainserv.domain.cxm, and, which resolves to mydesk.domain.cxm.

Restart named, and then Test and Troubleshoot

Restart with this command:

   # /etc/rc.d/init.d/named restart

It could take a few minutes for this command to finish.

Once it finishes, test it. First, try accessing the machine with telnet and make sure you get the login: prompt within a second or two. If telnet hangs, investigate your reverse DNS zones and reverse DNS zone data files.

Next, try running the following commands:


Do each ping from each server. If any IP ping fails, there’s a network connectivity problem that must be solved before you attempt to activate DNS. Once connectivity is proved, do the following:

ping mainserv
ping mydesk
ping mainserv.domain.cxm.
ping mydesk.domain.cxm.
ping www.domain.cxm.

If the preceding ping commands succeed, it confirms a working DNS. If not, troubleshoot (covered later in this section). The following nslookup commands add further confirmation if they succeed, don’t hang, and deliver the right IP address:

nslookup mainserv
nslookup mydesk
nslookup mainserv.domain.cxm.
nslookup mydesk.domain.cxm.
nslookup www.domain.cxm.

Each command should quickly deliver the expected results. If you have sendmail up and running, test the IN MX statements with email operations.

Troubleshooting is essentially the process of elimination. Try to determine whether it’s the forward or reverse lookup that is giving you problems. Try to narrow it down to a single domain, server, or IP. Use ping to make sure you have network connectivity.

Adding Virtual Domain Resolution

Not all IP addresses denote actual hardware. Some are alias addresses intended to represent Web sites. These Web sites are sometimes granted individual alias IP addresses. Here are the steps to add a virtual domain (in the existing subnet):

  1. Create the zone in named.conf.
  2. Create a new zone data file.
  3. Add an IN PTR line to the existing reverse DNS file for the subnet.
  4. Restart named.

In the following example, add domain vdomain.cxm at IP address This IP address is created by the following command:

   # /sbin/ifconfig eth0:0 netmask

This IP is made into a virtual host Web site in /etc/httpd/conf/httpd.conf, so all it needs is a domain name. Assuming you want to give the name vdomain.cxm, add the following zone to named.conf:

zone "vdomain.cxm" {              #DNS for virtual domain
  type master;                   #file is on this host
  file "named.vdomain.cxm";      #dns file for domain

As you can see, the zone data file is named.vdomain.cxm. Create that file as follows:

@       IN      SOA     mainserv.domain.cxm. hostmaster.domain.cxm.  (
                                      2000072001 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum

                     IN    NS           mainserv.domain.cxm.

@                    IN    A  
www                  IN    CNAME        @

Read the preceding as follows: mainserv.domain.cxm has authority over @ (vdomain.cxm). The nameserver for @ ismainserv.domain.cxm, and vdomain.cxm (@) has the address, as does http://www.vdomain.cxm.

The reason both vdomain.cxm and http://www.vdomain.cxm are resolved is so they can be accessed as http://vdomain.cxm orhttp://www.vdomain.cxm.

Now add the reverse DNS for the virtual domain with this line in named.192.168.100:

001 101     IN   PTR       vdomain.cxm.

Once again, test your work with nslookup and any other DNS diagnostic tools you might be using.