DNS server config

Hello all -

I am trying to learn about network admin configurations and upkeep/etc., and
so I've begun with setting up my own DNS server (reading TCP/IP Network
Administration, O'Reilly). I have a couple of questions, though.
(surprise) If I make up my own TLD (one that is not currently in use),
will that be transferred to the root servers as a new TLD? Will it mess
things up with the root servers or any other NS? I originally made the
TLD .mg and when I ran named, I also ran tcpdump after it and there was a
whole lot of activity between all the different root servers and my box.
So I killed the named process, found out that .mg is a real TLD and then
changed it to something else (4 letters) that is not used. Now when I run
named, there is not all of that traffic. But I still wonder if it is legal
to to this.

Also, there is a bit of a delay when pinging a new host. The delay is
longer than before when I used my ISP's NS as my primary server. Is this
because the ISP had many of the hostnames cached already? I thought it
would be normal for my box to query the root server for the TLD, then query
the TLD for the authority of that subdomain, then query that subdomain for
the actual host address (sort of). There seems to be a lot of querying and
back-and-forth from looking at the ethereal sniffed packets. After I've
had the server up for a bit, will it go faster, or do I perhaps have it
configured wrong? (in which case I can provied relevant sections)

Sorry if this is not very complete, my wife and I are late for a meeting
with some friends. My main concern is whether I will be screwing with the
DNS info around the net because I'm using a made-up TLD. And if I can
prevent my box from distributing this information. Or else, how do you run
your own name server if all you have is one IP from your ISP and you're
using RFC 1918 addresses, just trying to learn instead of registering a
real domain?


Thanks for any help (and not too much laughing )
-jab3

On Tue, 21 Sep 2004 18:49:21 -0400, jab3 <(E-Mail Removed)> wrote:
> Hello all -
>
> I am trying to learn about network admin configurations and upkeep/etc., and
> so I've begun with setting up my own DNS server (reading TCP/IP Network
> Administration, O'Reilly). I have a couple of questions, though.
> (surprise) If I make up my own TLD (one that is not currently in use),
> will that be transferred to the root servers as a new TLD? Will it mess
> things up with the root servers or any other NS? I originally made the
> TLD .mg and when I ran named, I also ran tcpdump after it and there was a
> whole lot of activity between all the different root servers and my box.
> So I killed the named process, found out that .mg is a real TLD and then
> changed it to something else (4 letters) that is not used. Now when I run
> named, there is not all of that traffic. But I still wonder if it is legal
> to to this.

You certainly should not use a 2 letter TLD, unless authorized, because
those are country codes (do a web search for "iso country codes"). You
also should not use .local for a TLD because that is now reserved for
multicast or something.

The zone listings for any domains in your named.conf that are not
registered with an official registrar should specifically include:

notify no;

Or that should be in your main named.conf options {}; section if not an
authoritive server for a public domain. I have that in my main options,
and then if I want to play around with local primary/secondary servers,
the master server would have something like this (bind9) to notify the
secondary:

zone "my-local" in {
type master;
file "pz/my-local.zone";
notify explicit;
also notify { ip_of_secondary; };
};

> Also, there is a bit of a delay when pinging a new host. The delay is
> longer than before when I used my ISP's NS as my primary server. Is this
> because the ISP had many of the hostnames cached already? I thought it
> would be normal for my box to query the root server for the TLD, then query
> the TLD for the authority of that subdomain, then query that subdomain for
> the actual host address (sort of). There seems to be a lot of querying and
> back-and-forth from looking at the ethereal sniffed packets. After I've
> had the server up for a bit, will it go faster, or do I perhaps have it
> configured wrong? (in which case I can provied relevant sections)

When I first got SBC DSL in 2002, their DNS seemed to be overloaded and
sluggish, so my own DNS seemed much faster, certainly for anything from
its local cache. So instead of a long delay before web pages would start
to load, they snap into place. Note that some domains may have broken
DNS, which may show up in your system log as "lame" servers.

For local private IPs you should have both forward and reverse zones,
because security concious systems will attempt to resolve a name for any
connecting client IP. And if the IP does not resolve to a name, the
attempt to resolve can cause DNS timeout delays.

> Sorry if this is not very complete, my wife and I are late for a meeting
> with some friends. My main concern is whether I will be screwing with the
> DNS info around the net because I'm using a made-up TLD. And if I can
> prevent my box from distributing this information. Or else, how do you run
> your own name server if all you have is one IP from your ISP and you're
> using RFC 1918 addresses, just trying to learn instead of registering a
> real domain?

Just make sure that any made up TLD could not possibly be real, and use
notify no; so it will not even try to pass that on to root servers.

David Efflandt finally wrote on Tue September 21 2004 09:48 pm:

> On Tue, 21 Sep 2004 18:49:21 -0400, jab3 <(E-Mail Removed)> wrote:
>> Hello all -
>>
>> I am trying to learn about network admin configurations and upkeep/etc.,
>> and so I've begun with setting up my own DNS server (reading TCP/IP
>> ...
> You certainly should not use a 2 letter TLD, unless authorized, because
> those are country codes (do a web search for "iso country codes"). You
> also should not use .local for a TLD because that is now reserved for
> multicast or something.
>

I don't think the one I chose will be a TLD - it's four letters at least.
But I will definitely disable the notification and not let it out.

> The zone listings for any domains in your named.conf that are not
> registered with an official registrar should specifically include:
>
> notify no;
>

Ah, that's just what I was hoping for. I may have even run across it in one
the books/files I read. But, thanks for the tip - that should be perfect.


> For local private IPs you should have both forward and reverse zones,
> because security concious systems will attempt to resolve a name for any
> connecting client IP. And if the IP does not resolve to a name, the
> attempt to resolve can cause DNS timeout delays.
>

I do have both the forward-mapping and reverse zone files, which seem to be
working. But after I put no notify in the main options and try named
again, I'll play a bit more with setting up a secondary server.


Thanks again for your help -
jab3