Exercise 1

Overview

  1. Using dig
  2. Installing BIND
  3. Testing and starting named
  4. Using rndc

Using dig

dig for NXDOMAIN

Try using the command:
$ dig www.pacnog.bluesky.as
Check the header, answer and authority sections of the response. In particular, look for the NXDOMAIN status flag.
Does an A record for this domain name exist? Check the ANSWER section.

What happens if you try:
$ ping www.pacnog.bluesky.as

dig for NOERROR with RR

Try using the command:
$ dig noc.pacnog.bluesky.as
Check the header, answer and authority sections of the response. In particular, look for the NOERROR status flag.
Does an A record for this domain name exist? Check the ANSWER section.

What happens if you try:
$ ping noc.pacnog.bluesky.as

dig for NOERROR with 0 RR

$ dig noc.pacnog.bluesky.as txt
Check the header, answer and authority sections of the response. In particular, look for the NOERROR status flag.
Does TXT record for this domain name exist? Check the ANSWER section.

Installing BIND

Check to see if the BIND software is installed on your system. The daemon is called named (pronounced name-dee).

There are several ways to do this:
If the BIND software is not installed then use the Ubuntu package system to install it:

$ apt-get install bind9

When you're happy the software is installed check the version:

$ named -v
Expect to see a result like:
BIND 9.6.1-P2

Testing and starting named

Make sure that the named daemon is not running.

Find the process ID (PID) of the process and then we'll kill the process. e.g
$ sudo ps ax | grep named
2362 ?        Ssl    0:00 /usr/sbin/named -u bind
2623 pts/0    R+     0:00 grep named
$ sudo kill 2362
$ sudo ps ax | grep named
2639 pts/0    R+     0:00 grep named
Now we'll set up the program that controls  named. It's called rndc (for remote name daemon controller) using a program called rndc-confgen. This generates the shared keys that encrypt the connection between named and rndc when we run it. Be patient when it runs - it takes a little while.
$ sudo rndc-confgen -a
Now we'll start the daemon using:
$ sudo /etc/init.d/bind9 start
You should see a message like:
 * Starting domain name service... bind9
   ...done.

You won't have to do this every time the system starts of course. named will normally be started at boot time.

Using rndc

You can control almost all the functions using rndc. The command summary is shown below:
$ rndc
Usage: rndc [-c config] [-s server] [-p port]
[-k key-file ] [-y key] [-V] command

command is one of the following:

reload Reload configuration file and zones.
reload zone [class [view]]
Reload a single zone.
refresh zone [class [view]]
Schedule immediate maintenance for a zone.
retransfer zone [class [view]]
Retransfer a single zone without checking serial number.
freeze Suspend updates to all dynamic zones.
freeze zone [class [view]]
Suspend updates to a dynamic zone.
thaw Enable updates to all dynamic zones and reload them.
thaw zone [class [view]]
Enable updates to a frozen dynamic zone and reload it.
notify zone [class [view]]
Resend NOTIFY messages for the zone.
reconfig Reload configuration file and new zones only.
stats Write server statistics to the statistics file.
querylog Toggle query logging.
dumpdb [-all|-cache|-zones] [view ...]
Dump cache(s) to the dump file (named_dump.db).
stop Save pending updates to master files and stop the server.
stop -p Save pending updates to master files and stop the server
reporting process id.
halt Stop the server without saving pending updates.
halt -p Stop the server without saving pending updates reporting
process id.
trace Increment debugging level by one.
trace level Change the debugging level.
notrace Set debugging level to 0.
flush Flushes all of the server's caches.
flush [view] Flushes the server's cache for a view.
flushname name [view]
Flush the given name from the server's cache(s)
status Display status of the server.
recursing Dump the queries that are currently recursing (named.recursing)
validation newstate [view]
Enable / disable DNSSEC validation.
*restart Restart the server.

* == not yet implemented
Version: 9.6.1-P2

What do these commands do?

Try them and see. If you stop the daemon start it up again.

$ rndc stop
$ rndc status 
$ rndc stats 
$ rndc reload
$ rndc trace
$ rndc flush
$ rndc