Although Internet Service Providers (ISPs) usually provide Domain Name Service (DNS) to their customers, setting up your own domain name server is beneficial. You can use a local domain name server to cache DNS queries and save bandwidth. In addition, you no longer have to depend on your ISP for DNS. Domain name servers of ISPs sometimes go down, and waiting until someone takes care of the problem can be frustrating. This problem can be solved by setting up your own domain name server.
The purpose of this chapter is to demonstrate how you can set up NT BIND to function as a secondary caching domain name server. The subject of DNS administration, however, cannot be covered in one chapter. DNS administration can become complicated, depending on the structure of your network and your ISP's network. Indeed, entire books have been dedicated to the subject of DNS administration. For additional information about using and configuring the domain name server discussed in this chapter, refer to the book DNS and BIND by O'Reilly Associates. Although this book is based on the UNIX version of BIND, material discussed in it also applies to the Windows NT version of BIND. You might also want to refer to the file BOG.WRI included in the NT BIND distribution file for additional information; this file is in Windows Write format. After you read the following sections, you will be able to install NT BIND on your system and configure it to act as a caching secondary domain name server. Refer to BIND documentation and the book DNS and BIND for information about configuring BIND as a primary domain name server and using it to assign DNS aliases to various computers on your network.
You can obtain a copy of BIND for NT free of charge. To download it, send an e-mail message to the following:
access@drcoffsite.com
In a few minutes, you get an e-mail message containing directions
for obtaining NT BIND via FTP. This e-mail message contains the
username and password that you should use to access the NT BIND
FTP site. After you connect to the FTP site, look for the file
INDEX in the root directory. Use this file to determine the latest
version of BIND for NT. The latest version is distributed with
and without the source code. Unless you are interested in the
source code, download the binary distribution file that does not
contain the source code.
URL |
NT BIND download source: http://canon.bhs.com/scripts/appctr.idc?udir=DNS |
At the time of this writing, the NT BIND distribution file that includes a Setup Wizard does not run on Windows NT 4.0. In the next section, therefore, you learn how to set up NT BIND using a distribution file that does not include the Setup Wizard. Note that both of these versions contain exactly the same program. One uses a GUI setup program; the other does not. Most likely, by the time you read this chapter, the GUI installation program will function with Windows NT 4.0. If it does not, simply download the distribution file that includes a non-GUI installation program. The name of this file should be something similar to ntdns493relbin-nongui.zip.
The following directions and configuration settings apply to both distribution files. If you are using the GUI setup program, directions for installing BIND will be simpler than those that follow. In that case, simply run the Installation Wizard (setup.exe) and answer a few configuration questions.
After you download the NT BIND distribution file, copy it to a temporary directory. Then decompress it using a 32-bit file decompression utility. Be sure to enable the option in the file decompression utility to preserve directory names when decompressing the NT BIND distribution file.
If you download the distribution file containing the GUI installation program, a directory named disk1 is created after the distribution file is decompressed. Log on to this directory, and execute the file setup.exe to install NT BIND. Otherwise, log on to the directory contrib\winnt-dist, created after the distribution file is decompressed, and execute the file install.bat.
The installation program installs NT BIND files by copying them into various directories. Then you see the message The "DomainNameService" service was successfully created on-screen. At this point, if you invoke the Control Panel, you see a DNS Controller icon similar to the one shown in the lower right of Figure 28.1. As you learn shortly, you can execute this icon to stop and start the NT BIND DNS.
Figure 28.1: A new icon is added to the Control Panel by the NT BIND installation program.
Before you can use NT BIND, you need to configure it to run as an NT user. You do so by opening the Services application shown in Figure 28.1. To change the user account of the NT BIND service, scroll down the list of services in the Services dialog box, as shown in Figure 28.2, and select the NT BIND service. Then click the Startup button.
Figure 28.2: The NT BIND installation program registers NT BIND as a Windows NT Service.
In the Service properties dialog box, which appears after you click the Startup button, you can assign a user account to the NT BIND service, as illustrated in Figure 28.3. In the same dialog box, you can configure the NT BIND service to start automatically after the NT server is booted.
Figure 28.3: The Service properties dialog box of NT BIND.
NT BIND is now installed. However, before you can use it, you must configure it. To configure NT BIND, you edit the file named.boot in the I:\WINDOWS (assuming NT is installed in I:\WINDOWS) directory. You have to edit named.boot depending on your network configuration. Consult the BIND documentation, or contact your ISP for information about editing this file. A thorough overview of BIND configuration settings is beyond the scope of this book because configuration settings in the named.boot file depend on the way your network is set up. The original contents of named.boot are as follow:
ORIGINAL NAMED: directory C:\\var\\named primary 0.0.127.IN-ADDR.ARPA db.127.0.0 secondary bethesda.mcs.us.pw.com 155.201.100.10 db.bethesda secondary 100.201.155.IN-ADDR.ARPA 155.201.100.10 db.155.201.100 secondary 101.201.155.IN-ADDR.ARPA 155.201.100.10 db.155.201.101 cache . db.cache
To configure NT BIND to function as a secondary caching DNS, change the directory (defined by the directory C:\\var\\named line) setting to the directory created by NT BIND. Then modify the named.boot file as shown in the following listing. The first secondary line configures NT BIND to do secondary DNS servicing for umd.edu and to get DNS information from 128.8.76.2 (ns2.umd.edu), which is the primary domain name server. This information then is stored in the file named.zoneinfo. The second secondary line does the reverse: It configures NT BIND to take an IP address and give the hostname address.
directory I:\\var\\named primary 0.0.127.IN-ADDR.ARPA db.127.0.0 secondary umd.edu 128.8.76.2 named.zoneinfo secondary 8.128.in-add.arpa 128.8.76.2 named.inaddr cache . db.cache
After you configure the NT BIND configuration file, execute the DNS Controller icon in the Control Panel (refer to Figure 28.1). The Domain Name Server dialog box then appears, as shown in Figure 28.4. Click on the Start Server button to start the NT BIND service. Refer to NT BIND documentation for additional information about using this dialog box to configure NT BIND.
Figure 28.4: The Domain Name Server dialog box.
After you start the NT BIND service, follow these directions to verify that NT BIND is installed correctly:
> www.microsoft.com Server: wonderland.dial.umd.edu Address: 128.8.18.13 Name: www.microsoft.com Addresses: 198.105.232.5, 198.105.232.6, 198.105.232.4
Consult the following Internet resources for additional information about setting up and using NT BIND. Be sure to subscribe to the NT BIND mailing list if you have any questions about using NT BIND. If you are interested in configuring NT BIND to function as a primary domain name server, you will find information in the NT BIND configuration Web page useful.
A mailing list has been set up to discuss various issues related to installing and using NT BIND. Forward suggestions, discussion questions, problems encountered, and suggestions for improvements to the NT BIND mailing list. To join the NT BIND mailing list, send an e-mail message to the following:
listserv@drcoffsite.com
When you send the e-mail message, be sure to include the following in the body of the message. Be sure to replace <your name> with your real name.
subscribe bindnt <your name>
Visit the NT BIND configuration Web page for information about
setting up and configuring NT BIND. It includes a step-by-step
guide for setting up and configuring NT BIND to function as a
primary domain name server. You also can find several sample DNS
configuration files at the following Web page.
URL |
NT BIND configuration Web page: http://www.telemark.net/~randallg/ntdns.htm |
NT BIND is a freeware domain name server that you can set up either as a primary or secondary domain name server. Because its configuration files are compatible with those of the UNIX version of BIND, UNIX BIND documentation also applies to NT BIND. In this chapter, you learned how you can set up NT BIND to function as a secondary domain name server. Refer to NT BIND documentation and Internet resources given at the end of this chapter to learn how you can configure NT BIND to function as a primary domain name server.
The next chapter discusses issues related to setting up a telnet server on your NT server. By reading that chapter, you will learn issues that you need to address when you set up a telnet server. The chapter begins with an introduction to how telnet servers work and how you can benefit from setting up such a server.
Because telnet uses clear-text usernames and passwords, you have to address a number of security issues when setting up a telnet server. In the section titled "Addressing Security Concerns," you learn how to avoid unauthorized access to your NT system via intercepted usernames and passwords. You do so by setting up a Perl script to implement one-time passwords. To make sure an intercepted username and password is not used by an unauthorized person, the moment a user is authorized to log on, the Perl script changes the user's password. The section on security also discusses ways of further securing your server by restricting days and times in which users can connect to your server via telnet. After you read the next chapter, you will be able to set up a telnet server on your NT system without compromising its security.