DNS

From Noah.org
Jump to: navigation, search


Edit zone and reverse file for bind9 with automatic serial increment

This is primitive, but gets the job done and is pretty safe, not counting some race conditions and lack of exception cleanup in the case something tragically goes wrong.

#!/bin/sh

# This edits both the primary zone and the reverse zone in Vim, then
# after you exit Vim the serial numbers will be incremented and the
# bind9 services will be restarted. The diff between the previous and
# new versions will be printed at the end. Note that the previous versions of
# the zone files are preserved with a date-timestamp appended to the filename.
#
# -- Noah Spurrier
#

DTS=$(date "+%Y%m%d-%H%M%S")
cp /etc/bind/db.example.com /etc/bind/db.example.com-${DTS}
cp /etc/bind/db.10 /etc/bind/db.10-${DTS}
vim -O /etc/bind/db.example.com /etc/bind/db.10
awk  '/.*; Serial/{print "                     "$1+1"         ; Serial";next }{print $0}' /etc/bind/db.example.com > /etc/bind/db.example.com.new
awk  '/.*; Serial/{print "                     "$1+1"         ; Serial";next }{print $0}' /etc/bind/db.10 > /etc/bind/db.10.new
mv /etc/bind/db.example.com.new /etc/bind/db.example.com
mv /etc/bind/db.10.new /etc/bind/db.10
/etc/init.d/bind9 restart
echo "# diff /etc/bind/db.example.com-${DTS} /etc/bind/db.example.com"
diff /etc/bind/db.example.com-${DTS} /etc/bind/db.example.com
echo "# diff /etc/bind/db.10-${DTS} /etc/bind/db.10"
diff /etc/bind/db.10-${DTS} /etc/bind/db.10

dump list of DNS Root servers

This command will find and print the root servers:

dig +nocmd +noall +additional . NS

That will dump the current root nameservers list. It should look like this:

j.root-servers.net.     248608  IN      A       192.58.128.30
j.root-servers.net.     249824  IN      AAAA    2001:503:c27::2:30
f.root-servers.net.     248802  IN      A       192.5.5.241
f.root-servers.net.     248809  IN      AAAA    2001:500:2f::f
g.root-servers.net.     249452  IN      A       192.112.36.4
b.root-servers.net.     249421  IN      A       192.228.79.201
d.root-servers.net.     250022  IN      A       128.8.10.90
h.root-servers.net.     248802  IN      A       128.63.2.53
h.root-servers.net.     249104  IN      AAAA    2001:500:1::803f:235
m.root-servers.net.     248488  IN      A       202.12.27.33
m.root-servers.net.     248702  IN      AAAA    2001:dc3::35
a.root-servers.net.     248277  IN      A       198.41.0.4
a.root-servers.net.     248283  IN      AAAA    2001:503:ba3e::2:30
c.root-servers.net.     359941  IN      A       192.33.4.12

You can also download it from here named.root

Testing

I use DNSdoctor

Newbies guide to CNAME versus A records

In general, avoid using CNAME records. Always use A records.

It is common to get A records and CNAME records mixed-up when learning DNS. A does not stand for alias; A stands for Address. It maps a name to an IP address. CNAME might sound like you are defining a canonical name, but it is the other way around. It maps an alias name to a canonical name. So really, the CNAME record is the type of record used to define an alias, but you don't use it even that way. If you want to have different names point to the same IP address you simply define multiple A records that map different names to the same address. So what kind of aliases to CNAME records define? They define pointers to hosts managed on different DNS servers. A CNAME record is like a link out of out of the current directory. If you don't need to link different DNS zones then don't worry about CNAME records. If a CNAME record appears for a host in a zone file then you must not have any other types of records for that host.

resolv.conf

I add some public nameservers to the end of my resolv.conf on my home machines. These are not the fastest or most reliable nameservers, but they keep my machine going if my ISP DNS goes down. I use OpenDNS and I also add 4.2.2.2 because it's easy to remember and it's open. PortForward maintains a list of public DNS servers.

On Ubuntu and Debian you may find that changes to resolv.conf disappear from time-to-time. This is because you are not supposed to manually edit the resolv.conf file anymore. See Resolv.conf for more information.

nameserver 8.8.8.8
nameserver 208.67.222.222
nameserver 208.67.220.220
nameserver 4.2.2.1
nameserver 4.2.2.2
nameserver 4.2.2.3
nameserver 4.2.2.4
nameserver 4.2.2.5
nameserver 4.2.2.6
nameserver 198.6.1.1
nameserver 199.166.24.253
nameserver 199.166.27.253
nameserver 199.166.28.10
nameserver 199.166.29.3
nameserver 199.166.31.3
nameserver 195.117.6.25
nameserver 204.57.55.100