3.27 Setting Up a Root Name Server
3.27.1 Problem
You want to set up your own root name
server.
3.27.2 Solution
Create a data file for the root zone.
The data file needs an SOA record for the root zone and NS records
for all of your root name servers. For example:
$TTL 86400
. IN SOA ns1.corp.example. hostmaster.corp.example. (
2002042600 1h 15m 30d 1h )
IN NS ns1.corp.example.
IN NS ns2.corp.example.
You'll probably also
need to add delegation to the zones at the
"top" of your namespace. For
example, if most of your internal domain names end in
corp.example, you'd add NS
records delegating corp.example to the right
name servers:
corp.example. IN NS ns3.corp.example.
corp.example. IN NS ns4.corp.example.
All of these name servers will require
glue A records, too:
ns1.corp.example. IN A 10.0.0.1
ns2.corp.example. IN A 10.1.0.1
ns3.corp.example. IN A 10.2.0.1
ns4.corp.example. IN A 10.3.0.1
Don't forget to
delegate the reverse-mapping zones that correspond to your networks:
10.in-addr.arpa. IN NS ns3.corp.example.
10.in-addr.arpa. IN NS ns4.corp.example.
Then add a new zone
statement to the name server's
named.conf file to tell it to load the root
zone's data file:
zone "." {
type master;
file "db.root";
};
You can create slave root name
servers, too, by adding a zone statement like
this to their named.conf files:
zone "." {
type slave;
masters { 10.0.0.1; };
file "bak.root";
};
Finally,
you should replace the root hints file on your non-root name servers
with one that lists your new, internal roots:
. IN NS ns1.corp.example.
IN NS ns2.corp.example.
ns1.corp.example. IN A 10.0.0.1
ns2.corp.example. IN A 10.1.0.1
3.27.3 Discussion
Moving to a DNS architecture that uses internal root name servers is
a big decision, with implications far beyond what I can cover here.
For example, with an internal root architecture, you
can't resolve Internet domain names. Make sure you
know what you're doing.
3.27.4 See Also
"DNS and Internet Firewalls" in
Chapter 11 of DNS and
BIND.
|
