UNIX System Administration Handbook - Evi Nemeth [248]
Exhibit B illustrates the design recommended in the previous paragraphs. It shows a two-level forwarding hierarchy, which is overkill for small sites. Adjust the balance between servers that handle outgoing queries and servers that handle incoming queries so that neither group is too loaded. Also note the use of the off-site slave server, which is highly recommended if you can get an ISP or local university to fill this role.
Exhibit B DNS server architecture
Resolver testing
On some systems, all you have to do to start using DNS is add a nameserver line to /etc/resolv.conf. On others, you must explicitly tell the system to use DNS instead of the /etc/hosts file or NIS in the system switch file (often called /etc/nsswitch.conf). Comments about using BIND on each of our example systems begin on page 481. For a more general discussion of prioritizing sources of administrative data, see page 523.
After configuring /etc/resolv.conf (and assuming that your local network connection is up and running correctly), you should be able to refer to other machines by name rather than by IP address. If you try to reach another local machine and the command just hangs, try referring to the machine by its address. If that works, then your DNS configuration is the problem. Verify that the name server IP addresses in /etc/resolv.conf are correct and that the servers you point to allow queries from your network (see page 422).
Impact on the rest of the system
The change from static host tables to DNS creates some potential dependencies in booting and configuration that you need to protect against.
As a host boots, references to hostnames in the /etc/rc* or init.d startup files might be unresolvable if they are encountered before the network is up. The commands in the startup files will unsuccessfully try to contact DNS. Thanks to the resolver’s robustness, they will try multiple times on multiple servers, increasing their timeout period with each attempt. A couple of minutes later, the command needing the hostname will finally fail.
To fix the problem, use only literal IP addresses in the early stages of the boot process. Or, if your system supports the simultaneous use of both DNS and /etc/hosts by way of a switch file, you can install a hosts file that contains the server addresses needed at boot time. Be sure the hosts file is checked before DNS so you don’t have to wait for DNS to time out.
Now that your host is using DNS, fully qualified domain names are required in several places. One is the /etc/exports file, which controls NFS file sharing on some systems. The clauses that list the hosts allowed to mount a filesystem must contain the fully qualified names of those hosts. On some systems, each exports line is limited to 1,024 characters; when hostnames change from anchor to anchor.cs.colorado.edu, this limit comes awfully early.
See Chapter 17 for more information about NFS.
16.9 BIND SERVER CONFIGURATION
In this section, we assume that your political chores have been completed. That is, we assume that you have a domain name (possibly a subdomain), have coordinated with the DNS administrator of the parent domain, and have been delegated your address space in the in-addr.arpa reverse tree. You have chosen your master name server and a couple of secondaries, and you have installed BIND.
Hardware requirements
BIND is a memory hog. Its database is kept in memory, so as the cache grows, so does the named process. Some of the new features of BIND 9 are also CPU intensive, most notably DNSSEC and IPv6. To help reduce this burden, BIND 9 is multithreaded and can make full use of multiprocessor systems. BIND 9 also contains configuration options that control named’s use of resources.
The best way to determine if a name server machine has enough memory