You can use the DNS module of YaST to configure a DNS server for your local network. When starting the module for the first time, a wizard starts, prompting you to make just a few basic decisions concerning administration of the server. Completing this initial setup produces a very basic server configuration that should be functioning in its essential aspects. The expert mode can be used to deal with more advanced configuration tasks.
The wizard consists of three steps or dialogs. At the appropriate places in the dialogs, you are given the opportunity to enter the expert configuration mode.
When starting the module for the first time, the Figure 16-1, opens. In it, decide whether the PPP daemon should provide a list of forwarders on dial-up via DSL or ISDN ( ) or whether you want to supply your own list ( ).
dialog, shown inFigure 16-1 DNS Server Installation: Forwarder Settings
The Section 16.6, Zone Files. For a new zone, provide a name for it in . To add a reverse zone, the name must end in .in-addr.arpa. Finally, select the (master or slave). See Figure 16-2. Click to configure other settings of an existing zone. To remove a zone, click .
dialog consists of several parts and is responsible for the management of zone files, described inFigure 16-2 DNS Server Installation: DNS Zones
In the final dialog, you can open the DNS port in the firewall by clicking Figure 16-3.
. Then decide whether or not the DNS server should be started ( or ). You can also activate LDAP support. SeeFigure 16-3 DNS Server Installation: Finish Wizard
After starting the module, YaST opens a window displaying several configuration options. Completing it results in a DNS server configuration with the basic functions in place:
Under
, define whether the DNS server should be started when the system boots (during booting the system) or manually. To start the DNS server immediately, select . To stop the DNS server, select . To save the current settings, select . You can open the DNS port in the firewall with and modify the firewall settings with .By selecting
, the zone files are managed by an LDAP database. Any changes to zone data written to the LDAP database are picked up by the DNS server as soon as it is restarted or prompted to reload its configuration.In this section, set basic server options. From the
menu, select the desired item then specify the value in the corresponding entry field. Include the new entry by selecting .To set what the DNS server should log and how, select /var/log/messages by selecting or specify a different file by selecting . In the latter case, additionally specify a name, the maximum file size in megabytes and the number of versions of log files to store.
. Under , specify where the DNS server should write the log data. Use the systemwide log fileFurther options are available under every query to be logged, in which case the log file could grow extremely large. For this reason, it is not a good idea to enable this option for other than debugging purposes. To log the data traffic during zone updates between DHCP and DNS server, enable . To log the data traffic during a zone transfer from master to slave, enable . See Figure 16-4.
. Enabling causesFigure 16-4 DNS Server: Logging
Use this window to define ACLs (access control lists) to enforce access restrictions. After providing a distinct name under
, specify an IP address (with or without netmask) under in the following fashion:{ 10.10/16; }
The syntax of the configuration file requires that the address ends with a semicolon and is put into curly braces.
The main purpose of TSIGs (transaction signatures) is to secure communications between DHCP and DNS servers. They are described in Section 16.8, Secure Transactions.
To generate a TSIG key, enter a distinctive name in the field labeled
and specify the file where the key should be stored ( ). Confirm your choices with .To use a previously created key, leave the
field blank and select the file where it is stored under . After that, confirm with .To add a slave zone, select
, choose the zone type , write the name of the new zone, and click .In the Figure 16-5.
under , specify the master from which the slave should fetch its data. To limit access to the server, select one of the ACLs from the list. SeeFigure 16-5 DNS Server: Slave Zone Editor
To add a master zone, select
, choose the zone type , write the name of the new zone, and click .To edit a master zone, select
, select the master zone from the table, and click . The dialog consists of several pages: (the one opened first), , , , and .This dialog allows you to define alternative name servers for the zones specified. Make sure that your own name server is included in the list. To add a record, enter its name under Figure 16-6.
then confirm with . SeeFigure 16-6 DNS Server: Zone Editor (NS Records)
To add a mail server for the current zone to the existing list, enter the corresponding address and priority value. After doing so, confirm by selecting Figure 16-7.
. SeeFigure 16-7 DNS Server: Zone Editor (MX Records)
This page allows you to create SOA (start of authority) records. For an explanation of the individual options, refer to Example 16-6.
Figure 16-8 DNS Server: Zone Editor (SOA)
This dialog manages name resolution. In
, enter the hostname then select its type. represents the main entry. The value for this should be an IP address. is an alias. Use the types and for detailed or partial records that expand on the information provided in the and tabs. These three types resolve to an existing A record. is for reverse zones. It is the opposite of an A record.