Chapter 28

Setting Up a Domain Name Server


CONTENTS


Although Internet Service Providers (ISPs) usually provide Domain Name Service (DNS) to their customers, setting up your own domain name server is beneficial. You can use a local domain name server to cache DNS queries and save bandwidth. In addition, you no longer have to depend on your ISP for DNS. Domain name servers of ISPs sometimes go down, and waiting until someone takes care of the problem can be frustrating. This problem can be solved by setting up your own domain name server.

The purpose of this chapter is to demonstrate how you can set up NT BIND to function as a secondary caching domain name server. The subject of DNS administration, however, cannot be covered in one chapter. DNS administration can become complicated, depending on the structure of your network and your ISP's network. Indeed, entire books have been dedicated to the subject of DNS administration. For additional information about using and configuring the domain name server discussed in this chapter, refer to the book DNS and BIND by O'Reilly Associates. Although this book is based on the UNIX version of BIND, material discussed in it also applies to the Windows NT version of BIND. You might also want to refer to the file BOG.WRI included in the NT BIND distribution file for additional information; this file is in Windows Write format. After you read the following sections, you will be able to install NT BIND on your system and configure it to act as a caching secondary domain name server. Refer to BIND documentation and the book DNS and BIND for information about configuring BIND as a primary domain name server and using it to assign DNS aliases to various computers on your network.

Obtaining BIND for Windows NT

You can obtain a copy of BIND for NT free of charge. To download it, send an e-mail message to the following:

access@drcoffsite.com

In a few minutes, you get an e-mail message containing directions for obtaining NT BIND via FTP. This e-mail message contains the username and password that you should use to access the NT BIND FTP site. After you connect to the FTP site, look for the file INDEX in the root directory. Use this file to determine the latest version of BIND for NT. The latest version is distributed with and without the source code. Unless you are interested in the source code, download the binary distribution file that does not contain the source code.

URL
NT BIND download source:
http://canon.bhs.com/scripts/appctr.idc?udir=DNS

At the time of this writing, the NT BIND distribution file that includes a Setup Wizard does not run on Windows NT 4.0. In the next section, therefore, you learn how to set up NT BIND using a distribution file that does not include the Setup Wizard. Note that both of these versions contain exactly the same program. One uses a GUI setup program; the other does not. Most likely, by the time you read this chapter, the GUI installation program will function with Windows NT 4.0. If it does not, simply download the distribution file that includes a non-GUI installation program. The name of this file should be something similar to ntdns493relbin-nongui.zip.

The following directions and configuration settings apply to both distribution files. If you are using the GUI setup program, directions for installing BIND will be simpler than those that follow. In that case, simply run the Installation Wizard (setup.exe) and answer a few configuration questions.

Installing NT BIND

After you download the NT BIND distribution file, copy it to a temporary directory. Then decompress it using a 32-bit file decompression utility. Be sure to enable the option in the file decompression utility to preserve directory names when decompressing the NT BIND distribution file.

If you download the distribution file containing the GUI installation program, a directory named disk1 is created after the distribution file is decompressed. Log on to this directory, and execute the file setup.exe to install NT BIND. Otherwise, log on to the directory contrib\winnt-dist, created after the distribution file is decompressed, and execute the file install.bat.

The installation program installs NT BIND files by copying them into various directories. Then you see the message The "DomainNameService" service was successfully created on-screen. At this point, if you invoke the Control Panel, you see a DNS Controller icon similar to the one shown in the lower right of Figure 28.1. As you learn shortly, you can execute this icon to stop and start the NT BIND DNS.

Figure 28.1: A new icon is added to the Control Panel by the NT BIND installation program.

Before you can use NT BIND, you need to configure it to run as an NT user. You do so by opening the Services application shown in Figure 28.1. To change the user account of the NT BIND service, scroll down the list of services in the Services dialog box, as shown in Figure 28.2, and select the NT BIND service. Then click the Startup button.

Figure 28.2: The NT BIND installation program registers NT BIND as a Windows NT Service.

In the Service properties dialog box, which appears after you click the Startup button, you can assign a user account to the NT BIND service, as illustrated in Figure 28.3. In the same dialog box, you can configure the NT BIND service to start automatically after the NT server is booted.

Figure 28.3: The Service properties dialog box of NT BIND.

NT BIND is now installed. However, before you can use it, you must configure it. To configure NT BIND, you edit the file named.boot in the I:\WINDOWS (assuming NT is installed in I:\WINDOWS) directory. You have to edit named.boot depending on your network configuration. Consult the BIND documentation, or contact your ISP for information about editing this file. A thorough overview of BIND configuration settings is beyond the scope of this book because configuration settings in the named.boot file depend on the way your network is set up. The original contents of named.boot are as follow:

ORIGINAL NAMED:
directory C:\\var\\named

primary 0.0.127.IN-ADDR.ARPA db.127.0.0
secondary       bethesda.mcs.us.pw.com 155.201.100.10 db.bethesda
secondary       100.201.155.IN-ADDR.ARPA 155.201.100.10 db.155.201.100
secondary       101.201.155.IN-ADDR.ARPA 155.201.100.10 db.155.201.101
cache           . db.cache

To configure NT BIND to function as a secondary caching DNS, change the directory (defined by the directory C:\\var\\named line) setting to the directory created by NT BIND. Then modify the named.boot file as shown in the following listing. The first secondary line configures NT BIND to do secondary DNS servicing for umd.edu and to get DNS information from 128.8.76.2 (ns2.umd.edu), which is the primary domain name server. This information then is stored in the file named.zoneinfo. The second secondary line does the reverse: It configures NT BIND to take an IP address and give the hostname address.

directory I:\\var\\named

primary 0.0.127.IN-ADDR.ARPA db.127.0.0
secondary      umd.edu      128.8.76.2       named.zoneinfo
secondary 8.128.in-add.arpa 128.8.76.2 named.inaddr
cache           . db.cache

After you configure the NT BIND configuration file, execute the DNS Controller icon in the Control Panel (refer to Figure 28.1). The Domain Name Server dialog box then appears, as shown in Figure 28.4. Click on the Start Server button to start the NT BIND service. Refer to NT BIND documentation for additional information about using this dialog box to configure NT BIND.

Figure 28.4: The Domain Name Server dialog box.

After you start the NT BIND service, follow these directions to verify that NT BIND is installed correctly:

  1. Type nslookup at the Windows NT command prompt.
  2. The nslookup prompt then appears on-screen. (The nslookup prompt is just a greater-than sign (>).)
  3. At the nslookup prompt, type server your.server.com, where your.server.com is the friendly name (Internet address) of your NT machine.At the nslookup prompt, type the name of an Internet server. Then nslookup responds with a message similar to the following:
> www.microsoft.com
Server:  wonderland.dial.umd.edu
Address:  128.8.18.13

Name:    www.microsoft.com
Addresses:  198.105.232.5, 198.105.232.6, 198.105.232.4

Internet Resources for Additional Help

Consult the following Internet resources for additional information about setting up and using NT BIND. Be sure to subscribe to the NT BIND mailing list if you have any questions about using NT BIND. If you are interested in configuring NT BIND to function as a primary domain name server, you will find information in the NT BIND configuration Web page useful.

NT BIND Mailing List

A mailing list has been set up to discuss various issues related to installing and using NT BIND. Forward suggestions, discussion questions, problems encountered, and suggestions for improvements to the NT BIND mailing list. To join the NT BIND mailing list, send an e-mail message to the following:

listserv@drcoffsite.com

When you send the e-mail message, be sure to include the following in the body of the message. Be sure to replace <your name> with your real name.

subscribe bindnt <your name>

NT BIND Configuration Web Page

Visit the NT BIND configuration Web page for information about setting up and configuring NT BIND. It includes a step-by-step guide for setting up and configuring NT BIND to function as a primary domain name server. You also can find several sample DNS configuration files at the following Web page.

URL
NT BIND configuration Web page:
http://www.telemark.net/~randallg/ntdns.htm

Summary

NT BIND is a freeware domain name server that you can set up either as a primary or secondary domain name server. Because its configuration files are compatible with those of the UNIX version of BIND, UNIX BIND documentation also applies to NT BIND. In this chapter, you learned how you can set up NT BIND to function as a secondary domain name server. Refer to NT BIND documentation and Internet resources given at the end of this chapter to learn how you can configure NT BIND to function as a primary domain name server.

What's Next?

The next chapter discusses issues related to setting up a telnet server on your NT server. By reading that chapter, you will learn issues that you need to address when you set up a telnet server. The chapter begins with an introduction to how telnet servers work and how you can benefit from setting up such a server.

Because telnet uses clear-text usernames and passwords, you have to address a number of security issues when setting up a telnet server. In the section titled "Addressing Security Concerns," you learn how to avoid unauthorized access to your NT system via intercepted usernames and passwords. You do so by setting up a Perl script to implement one-time passwords. To make sure an intercepted username and password is not used by an unauthorized person, the moment a user is authorized to log on, the Perl script changes the user's password. The section on security also discusses ways of further securing your server by restricting days and times in which users can connect to your server via telnet. After you read the next chapter, you will be able to set up a telnet server on your NT system without compromising its security.