≡ Menu

dns server

I would like to see the Time-to-live (TTL) value for a 'AAAA' and A record for domains. How do I see Time-to-live (TTL) for a DNS record under Unix or Linux operating systems using command line options?
[click to continue…]

BIND: Stop Recursion DNS Under Linux / UNIX

Q. How do I stop recursion (recursive query) under BIND 9 DNS server?
[click to continue…]

Q. I've nameserver like ns1.example.com and ns2.example.com. I'd like to provide Vanity DNS for each domain such as ns1.yourdomain.com and ns2.yourdomain.com. Basically, my users should able to call my dns server as their own servers. This will create the illusion that my user run their own name servers. How do I setup vanity DNS using BIND 9 under UNIX / Linux?
[click to continue…]

Q. How do I verify that my ISP or my own recursive resolvers are free from DNS cache poisoning bug that is promised full disclosure of the flaw by Dan on August 7 at the Black Hat conference? How do I test my dns server for DNS cache pollution or DNS Cache Poisoning bug?
[click to continue…]

Linux / UNIX set the DNS from the command line

Q. I just got Linux installed on my system. I'm able to connect to internet via IP address only. I'm not able to find out information about setting up new DNS sever ip under Linux. How do I configure primary and secondary DNS via terminal / shell prompt?

A. Under Linux / UNIX / BSD operating system, you need to edit the /etc/resolv.conf file and add the line:

[click to continue…]

Q. How do I turn on DNS server logging so that I can see all the queries on my CentOS 4.0 server?

A. You can use rndc command which controls the operation of a name server. It supersedes the ndc utility that was provided in old BIND releases. If rndc is invoked with no command line options or arguments, it prints a short summary of the supported commands and the available options and their arguments.

rndc communicates with the name server over a TCP connection, sending commands authenticated with digital signatures. In the current versions of rndc and named named the only supported authentication algorithm is HMAC-MD5, which uses a shared secret on each end of the connection. This provides TSIG-style authentication for the command request and the name server\u2019s response. All commands sent over the channel must be signed by a key_id known to the server.

Task: Turn on logging

Type the following command as root to toggle query logging:
# rndc querylog

Task: View bind sever query log

Once this is done, you can view all logged queries usimg /var/log/messages file. To view those queries, type:
# tail -f /var/log/messages

Task: Turn off logging

Type the following command as root to toggle query logging:
# rndc querylog

How do I setup round robin DNS?

Round robin DNS is a technique in which load balancing is performed by a DNS server instead of a strictly dedicated machine. A DNS record has more than one value IP address.

When a request is made to the DNS server which serves this record, the answer it gives alternates for each request. For instance, if you had a three webserver that you wished to distribute requests between, you could setup your DNS zone as follows:

Open your zone file using vi text editor and add/modify www entry as follows:
# vi zone.cyberciti.biz
Append/modfiy www entry:

www   IN   A   68.142.234.44
          IN   A   68.142.234.45
          IN   A   68.142.234.46
         IN   A   68.142.234.47

Save and restart BIND9. If you run nslookup for cyberciti.biz:

# nslookup cyberciti.biz

Output:

Address: 68.142.234.47
Name:   cyberciti.biz
Address: 68.142.234.44
Name:   cyberciti.biz
Address: 68.142.234.45
Name:   cyberciti.biz
Address: 68.142.234.46

One more time:
# nslookup cyberciti.biz
Output:

Name:   cyberciti.biz
Address: 68.142.234.46
Name:   cyberciti.biz
Address: 68.142.234.45
Name:   cyberciti.biz
Address: 68.142.234.44
Name:   cyberciti.biz
Address: 68.142.234.47

When a query is made to the DNS server it will first give the IP of 68.142.234.44 for the www host. The next time a request is made for the IP of www, it will serve 68.142.234.45 and so on.

The order in which IP addresses from the list are returned is the basis of the round robin name. While this is a form of load balancing, it should be noted that if one of the hosts becomes unavailable, the DNS server does not know this, and will still continue to give out the IP of the downed server.