UNIX System Administration Handbook - Evi Nemeth [286]
% dig @f.root-servers.net . ns > root.cache
Mind the dot. If f.root-servers.net is not responding, you can run the query without specifying a particular server:
% dig . ns > root.cache
The output will be similar; however, you will be obtaining the list of root servers from the cache of a local name server, not from an authoritative source. That should be just fine. Even if you have not rebooted or restarted your name server for a year or two, it has been refreshing its root server records periodically as their TTLs expire. When named starts, it reloads the hints from one of the root servers. Ergo, you’ll be fine as long as your hints file contains at least one valid reachable root server.
Here’s what the cache file looks like:
cs.colorado.edu. IN NS anchor.cs.colorado.edu.
cs.colorado.edu. IN NS ns.cs.utah.edu.
; <<>> DiG 8.2 <<>> @f.root-servers.net . ns
; Lots of detailed dig info formatted as comments here...
. 1d1h42m IN NS E.ROOT-SERVERS.NET.
. 1d1h42m IN NS D.ROOT-SERVERS.NET.
. 1d1h42m IN NS A.ROOT-SERVERS.NET.
. 1d1h42m IN NS H.ROOT-SERVERS.NET.
...
E.ROOT-SERVERS.NET. 2d1h42m IN A 192.203.230.10
D.ROOT-SERVERS.NET. 2d1h42m IN A 128.8.10.90
A.ROOT-SERVERS.NET. 2d1h42m IN A 198.41.0.4
H.ROOT-SERVERS.NET. 2d1h42m IN A 128.63.2.53
...
Note the dots that begin the first set of records; they are not fly specks but rather they define the domain (the root) to which the NS records apply. Some versions of dig show the TTL in seconds instead of days, minutes, and seconds.
A current hints file can also be obtained by anonymous FTP from rs.internic.net17
in the file domain/named.root. Comments in this version of the root hints file show the old names of the root servers, which hint at their historic locations. This file is also mirrored at ftp://ftp.nic.mil/domain/named.root.
Localhost configuration
The forward mapping for the name localhost or localhost.domain is done in the forward zone file for the domain. Each server is usually the master for its own reverse localhost domain, however. Here is a sample zone file:
@ IN SOA cs.colorado.edu. hostmaster.cs.colorado.edu. (
1996110801 ; Serial number
3600 ; Refresh
900 ; Retry
3600000 ; Expire
14400 ) ; Minimum
IN NS cs.colorado.edu.
1 IN PTR localhost.cs.colorado.edu.
The reverse mapping for the localhost address (127.0.0.1) never changes, so the timeouts can be large. Note the serial number, which encodes the date; the file was last changed in 1996. Also note that only the master name server is listed for the localhost domain. The meaning of @ here is “0.0.127.in-addr.arpa.”.
Be sure that you reverse-map 127.0.0.1 to “localhost.domain.” not just “localhost.”. The root servers receive many queries for “localhost.” and may end up defining an Internet-wide 0.0.127.in-addr.arpa entry.
Host management tools
DNS database files often span local administrative and political domains. In many cases, tight central control is unfeasible. This situation presents a common administration problem: How do you manage critical (but fragile) data files that many untrained people may need to edit at random times? It would also be nice if the physics department could not change the engineering department’s records, and vice versa.
If a political domain contains several hosts and has an administrative staff, then a subdomain is a good way to distribute control. But for a small department with only a few hosts, a subdomain is not necessary.
This data is a good candidate for an LDAP database that holds organization-wide host data, and for tools that build individual departments’ zone files. We use an ancient, crufty, home-grown tool called addhost, but we intend to change to LDAP as soon as we can assign it as a student project.
addhost is available from ftp.xor.com.
DNS for systems not on the Internet
If you are not part of the Internet but want to use DNS, you can declare