DNS BIND/iX and Syslog/iX

by Wendy Cheng
Commercial Systems Division

DNS BIND, which stands for Berkeley Internet Name BIND/iX Domain, is an implementation of the Domain Name System (DNS) and is the most commonly used of the Domain Name System (DNS). Now, the complete implementation of DNS BIND/iX runs on MPE/iX shell operation system on MPE/iX release 6.0. Initially, DNS BIND/iX was written for UNIX. Now, the latest version of DNS BIND/iX 8.1.1 runs on MPE/iX systems.

Overview of DNS BIND/iX

DNS BIND/iX is a domain name system which consists of a client-server mechanism. The name-servers comprise the server half of the DNS's client-server mechanism. The name-server is the NM program NAMED which maintains information about some part of the DNS called a zone and has capabilities to retrieve information regarding other zones. The clients are resolver routines provided as NMRL libraries. The resolvers are clients that query the name servers, interpret the responses and send the answers to the requester.

DNS BIND/iX makes your domain names visible to the internet as well as handling client requests to resolve domain names within your domain and external domains. Prior to DNS BIND/iX, the HP 3000 users had to rely on other machines or other operating system to host their organization DNS information. Now, you can host it on HP 3000 systems.

The latest version of DNS BIND/iX 8.1.1 is available for MPE/iX release 6.0 with the following features:

DSN Dynamic Updates
DNS Change Notification
Completely new configuration syntax
More efficient zone transfers

The BIND/iX contains the following major utilities and administration tools:

nslookup: The nslookup utility can be used by users to query the name servers interactively
DIG: Domain Information Groper.
named-xfer: The named-xfer utility is used to transfer the zone information and called by name-server internally.
dnsquery: The dnsquery tool can be used to provide you all the DNS detail information.

Overview of Syslog/iX

Syslog is the standard event logging system for Syslog/iX UNIX. Now the Syslog/iX can run on the MPE/iX shell operating system on MPE/iX release 6.0. With the features of Syslog/iX available on MPE/iX systems, the event messages can be logged to files, terminal devices, or even forward to other syslog systems. Syslog/iX can accept data from the local system via an AF_UNIX socket or from any system on the network via an AF_INET UDP socket on port 514. DNS BIND/iX uses Syslog/iX as the event logging subsystem.

Types of Names Servers

DNS BIND/iX provides two types of name-servers: primary masters and secondary masters. A primary master name server gets the data for the zones it is authorized for from files on the host it runs on. A secondary master name server gets its zone data from another name server authorized for the zone. When a secondary name-server starts up, it contacts the name-server it updates from and, if necessary, pulls the zone data over. This is referred to as a zone transfer. With DNS BIND/iX available on MPE/iX systems, you can create the data for your zone and set up a primary master name-server, then you can set up secondary master name-servers that load their data from primary servers. Once they are set up, the secondary servers will periodically query the primary servers to keep the zone data up to date.

Major Files Used for DNS BIND/iX

The following lists the major files required for DNS BIND/iX:

NAMED.CONF: The NAMED.CONF file is a configuration file of the DNS BIND/iX, which contains runtime configuration for the name-server called NAMED. This file resides in /BIND/PUB/etc directory.
Data Files: The files from which primary name-servers load their zone data are called data files or zone files. They are also referred to as db files or database files. The data files contain resource records that describe the zone. The resource records describe all the hosts in the zone.

There are two types of the data files. The files mapping addresses to hostnames are called db.ADDRdb or zone.ADDR, where ADDR is the network address. The files mapping hostnames to addresses called db.DOMAIN or zone.DOMAIN.

Loopback Address Files: A name-server needs one additional db.ADDR or zone.ADDR file to cover the loopback network. The loopback address is a special address that hosts use to direct traffic to themselves. This network is always 127.0.0. and the host number is always 127.0.0.1. Therefore, the name of this file is zone.127.0.0.

Root Cache Data File: Besides your local data files for your zone information, the name servers also needs to know where the name servers for the root domain are. This file is needed to initialize cache of Internet Domain Name Servers. This file is also called hint file.

Configure Masters

The DNS BIND/iX allows users to configure both master zone or slave zone in your configuration file. Here are the sample configuration units for a master zone or slave zone shown below:

Sample Configuration for a Master Zone

zone "43.10.15.IN-Addr.ARPA  {
      type master
      file "db.15.10.43"
}

The file db.15.10.43 will have entries like:

IN    SOA    bindserver.india.hp.com
             104          ;  Serial
             36000        ;  Refresh every 10 hours
             3600         ;  Retry every hour
             360000       ;  Expire after 100 hours
             36000        ;  Minimum ttl is 10 hours

IN    SOA    bindserver.india.hp.com

      IN   PTR     m1.india.hp.com.
      IN   PTR     m2.india.hp.com. 
      IN   PTR     m3.india.hp.com.

There are several key parameters defined in the zone file record:

Serial: The "serial" field is one of the important field defined in the zone file. Every time you make a change to a database file, you must increment its serial number. Only by doing this will secondary servers know they need to reach into your system and pull out new name server data, a procedure is known as a "zone transfer."
Refresh: The refresh field specifies the time interval that must elapse between each poll of the primary by the secondary name server (here 36,000 seconds or 10 hours). If the "serial number" has been updated on the primary server, the secondary name-server assumes its data is stale and requests updated information as a "zone transfer."
Retry: If the secondary fails to reach the primary name-server after the refresh period, it starts trying to connect every retry seconds, here 3600 seconds or 1 hour.
Retry Expire: If the secondary fails to contact the primary name-server for expire seconds, the secondary expires its data. Expiring the data means the secondary stops giving out answers about the data because the data are too old to be useful.
Minimum: The minimum time-to-live value, which specifies how long other servers should cache data from the name-server, here 36,000 seconds or 10 hours.

Sample Configuration Unit for a Slave Zone

zone "41.10.15.IN-ADDR.ARPA" {
     type slave; 
     file "db.15.10.41"; 
     masters {
              15.70.188.45;
     };

}

The IP address of the server that is primary for that domain is specified in the masters { } section of the configuration unit. There could be more than one master for a given zone.

When the name-server comes up, looking at this configuration, it makes a connection with the name-server running on 15.70.188.45 and does a zone transfer, if it is required. It makes a local copy of this file too.

Configuration Migration

The configuration file in BIND/iX 8.1.1 version is called "named.conf" which has a completely new syntax. The configuration file in BIND 4.x version was called "named.boot."

The migration utility "named-bootconf.pl" is available with DNS BIND/iX and can be used to convert 4.x of named.boot file to 8.1.1 version of named.conf file. The utility "named-bootconf.pl" resides in /BIND/PUB/bin directory.

How to Run Syslog/iX

The following describes the important steps to start Syslog/iX:

Log on to the system as MGR.SYSLOG.
Create, examine and adjust the Syslog configuration file syslog.conf. The syslog.conf file resides in /SYSLOG/PUB directory.
You stream the following job to start Syslog/iX:
STREAM JSYSLOGD.PUB.SYSLOG
You can stop Syslog/iX by issuing the command : ABORTJOB

How to Run DNS BIND/iX

The following describes the major steps to start DNS BIND/iX:

Log on to system as MGR.BIND.
Create, examine and customize the configuration file named.conf for your own system environment. The named.conf file resides in /BIND/PUB/etc directory.
You need to stream the following job to start DNS BIND/iX:
STREAM JNAMED.PUB.BIND
Add your server's IP address as the first name-server entry in /etc/resolv.conf for all MPE and HPUX hosts that you wish to use this server for resolution queries. On MPE hosts, make sure that there is a symbolic link to make RESLVCNF.NET.SYS link to /etc/resolv.cnf.
You can stop DNS BIND/iX by issuing the command :ABORTJOB.

Sample Configuration File for SysDiag/iX

When you want to use Syslog/iX, you should examine File for SysDiag/iX and adjust the syslog configuration file syslog.conf.

The syslog.conf file resides in /SYSLOG/PUB directory.

The following is the sample configuration file for Syslog/iX that you can find in the system:

## 
## :TELL @.@ 
## *.emerg 
## 
## Write to the :console 
## 
*.alert 
## 
## :TELL @.SYSLOG 
## 
*.crit @.SYSLOG 
## 
## :TELL MANAGER.SYS 
## *.err MANAGER.SYS 
## 
## Forward to syslogd on another host via UDP 
## 
*.warning @some.host.running.syslogd 
## 
*.info 
## 
## Write to a file 
## 
*.debug /tmp/syslog.log

The error messages coming from a program are classified into critical informative and alert types of messages. The syslog configuration file tells the syslog daemon how to post these messages. They could be sent to the console or to a log file, or to another machine.

Test Your Name Server

The nslookup utility can be used interactively, using nslookup much like other programs, such as ftp. That is, if you invoke this program without command-line arguments, it displays a prompt and waits for your command:

> server mpe3000

Default Name Server: mpe3000.cup.hp.com Address: 15.13.199.80

By default, nslookup performs queries based on host names you submit; just enter a host name after the prompt:

> romeo 
Server: mpe3000.cup.hp.com 
Address: 15.13.199.80

Name: romeo.cup.hp.com 
Address: 15.13.194.242

> 15.12.194.242 
Server: mpe3000.cup.hp.com 
Address: 15.13.199.80

Name: romeo.cup.hp.com 
Address: 15.12.194.242

You can check the resource records information about name server:

> set type=ns 
> mpeworld 
Name Server: mpeworld.cup.hp.com 
Address: 15.13.199.80

origin = dns.cup.hp.com 
mail addr = dns-admin.dns.cup.hp.com 
serial = 96092255 
refresh = 10800 (3 hours) 
retry = 3600 (1 hour) expire = 604800 (7 days) 
minimum ttl = 86400 (1 day)

Debugging Levels for Troubleshooting

Debugging levels 1 through 14 can be specified when Troubleshooting the DNS BIND/iX server is started. The level of detail can be controlled in the JNAMED.PUB.BIND file. The higher the debugging value, the more detail will be logged about the activities of the server.

The following describes how you can set up the debugging level in the JNAMED.PUB.BIND:

JNAMED.PUB.BIND: 
 !job jnamed,mgr.bind;outclass=,2 
 !run named;info="-f /BIND/PUB/etc/named.conf" 
 !eo

The parameter "-d <level>" can be specified in the info string of the run command.

Example

!run named;info=" -d 4 -f /BIND/PUB/etc/named.conf" 
It will set the debugging level 4.

The logging and trace messages can be seen in the spool files.

Example

:showjob

JOBNUM   STATE   IPRI   JIN   JLIST   JOB NAME 
#J2      EXEC           10S    LP     FTPMON,FTP.SYS 
#j3       EXEC            10S     LP     JINETD,MANAGER.SYS

#17      EXEC           10S    LP     JNAMED,MGR.BIND 
#S44     EXEC           20     20     MGR.BIND 
 
:showout job=#j17

:print Oxxx.out.hpspool

Documentation

Documentation for the DNS BIND/iX and Syslog/iX is available in the Configuring and Managing MPE/iX Internet Services that is shipped with the MPE/iX FOS.

More DNS BIND/iX Resources

Additional information is available in this book and on these websites:

DNS & BIND is a book which was written by Paul Albitz and Cricket Lui and published by O'Reilly & Associates, Inc.
http://www.isc.org
http://www.academ.com/nanog/oct1997/bind8/index.html