16.3 Configuration with YaST

You can use the DNS module of YaST to configure a DNS server for your local network. When starting the module for the first time, a wizard starts, prompting you to make just a few basic decisions concerning administration of the server. Completing this initial setup produces a very basic server configuration that should be functioning in its essential aspects. The expert mode can be used to deal with more advanced configuration tasks.

16.3.1 Wizard Configuration

The wizard consists of three steps or dialogs. At the appropriate places in the dialogs, you are given the opportunity to enter the expert configuration mode.

  1. When starting the module for the first time, the Forwarder Settings dialog, shown in Figure 16-1, opens. In it, decide whether the PPP daemon should provide a list of forwarders on dial-up via DSL or ISDN (PPP Daemon Sets Forwarders) or whether you want to supply your own list (Set Forwarders Manually).

    Figure 16-1 DNS Server Installation: Forwarder Settings

  2. The DNS Zones dialog consists of several parts and is responsible for the management of zone files, described in Section 16.6, Zone Files. For a new zone, provide a name for it in Zone Name. To add a reverse zone, the name must end in .in-addr.arpa. Finally, select the Zone Type (master or slave). See Figure 16-2. Click Edit Zone to configure other settings of an existing zone. To remove a zone, click Delete Zone.

    Figure 16-2 DNS Server Installation: DNS Zones

  3. In the final dialog, you can open the DNS port in the firewall by clicking Open Port in Firewall. Then decide whether or not the DNS server should be started (On or Off). You can also activate LDAP support. See Figure 16-3.

    Figure 16-3 DNS Server Installation: Finish Wizard

16.3.2 Expert Configuration

After starting the module, YaST opens a window displaying several configuration options. Completing it results in a DNS server configuration with the basic functions in place:

Starting the DNS Server

Under Service Start, define whether the DNS server should be started when the system boots (during booting the system) or manually. To start the DNS server immediately, select Start DNS Server Now. To stop the DNS server, select Stop DNS Server Now. To save the current settings, select Save Settings and Restart DNS Server Now. You can open the DNS port in the firewall with Open Port in Firewall and modify the firewall settings with Firewall Details.

By selecting LDAP Support Active, the zone files are managed by an LDAP database. Any changes to zone data written to the LDAP database are picked up by the DNS server as soon as it is restarted or prompted to reload its configuration.

DNS Server: Basic Options

In this section, set basic server options. From the Option menu, select the desired item then specify the value in the corresponding entry field. Include the new entry by selecting Add.

Logging

To set what the DNS server should log and how, select Logging. Under Log Type, specify where the DNS server should write the log data. Use the systemwide log file /var/log/messages by selecting System Log or specify a different file by selecting File. In the latter case, additionally specify a name, the maximum file size in megabytes and the number of versions of log files to store.

Further options are available under Additional Logging. Enabling Log All DNS Queries causes every query to be logged, in which case the log file could grow extremely large. For this reason, it is not a good idea to enable this option for other than debugging purposes. To log the data traffic during zone updates between DHCP and DNS server, enable Log Zone Updates. To log the data traffic during a zone transfer from master to slave, enable Log Zone Transfer. See Figure 16-4.

Figure 16-4 DNS Server: Logging

Using ACLs

Use this window to define ACLs (access control lists) to enforce access restrictions. After providing a distinct name under Name, specify an IP address (with or without netmask) under Value in the following fashion: 

{ 10.10/16; }

The syntax of the configuration file requires that the address ends with a semicolon and is put into curly braces.

TSIG Keys

The main purpose of TSIGs (transaction signatures) is to secure communications between DHCP and DNS servers. They are described in Section 16.8, Secure Transactions.

To generate a TSIG key, enter a distinctive name in the field labeled Key ID and specify the file where the key should be stored (Filename). Confirm your choices with Add.

To use a previously created key, leave the Key ID field blank and select the file where it is stored under File Name. After that, confirm with Add.

Adding a Slave Zone

To add a slave zone, select DNS Zones, choose the zone type Slave, write the name of the new zone, and click Add.

In the Zone Editor under Master DNS Server IP, specify the master from which the slave should fetch its data. To limit access to the server, select one of the ACLs from the list. See Figure 16-5.

Figure 16-5 DNS Server: Slave Zone Editor

Adding a Master Zone

To add a master zone, select DNS Zones, choose the zone type Master, write the name of the new zone, and click Add.

Editing a Master Zone

To edit a master zone, select DNS Zones, select the master zone from the table, and click Edit. The dialog consists of several pages: Basics (the one opened first), NS Records, MX Records, SOA, and Records.

Zone Editor (NS Records)

This dialog allows you to define alternative name servers for the zones specified. Make sure that your own name server is included in the list. To add a record, enter its name under Name Server to Add then confirm with Add. See Figure 16-6.

Figure 16-6 DNS Server: Zone Editor (NS Records)

Zone Editor (MX Records)

To add a mail server for the current zone to the existing list, enter the corresponding address and priority value. After doing so, confirm by selecting Add. See Figure 16-7.

Figure 16-7 DNS Server: Zone Editor (MX Records)

Zone Editor (SOA)

This page allows you to create SOA (start of authority) records. For an explanation of the individual options, refer to Example 16-6.

Figure 16-8 DNS Server: Zone Editor (SOA)

Zone Editor (Records)

This dialog manages name resolution. In Record Key, enter the hostname then select its type. A-Record represents the main entry. The value for this should be an IP address. CNAME is an alias. Use the types NS and MX for detailed or partial records that expand on the information provided in the NS Records and MX Records tabs. These three types resolve to an existing A record. PTR is for reverse zones. It is the opposite of an A record.