Preventing Vexation and Woe: DNS Fundamentals, Part 1 - Page 2
LAN Cache
Another option is to use a single cache for the entire LAN. Install dnscache on a computer with a static IP and then configure the other computer's resolvers to point to it, replacing any existing nameserver entries:
nameserver 192.168.1.110
This is called an external cache because other hosts are allowed to access it. dnscache comes with built-in authentication, so you must specify which hosts are allowed access. Never ever expose your DNS cache to the world at large. Ever. It's a big security hole.
FQDN
Host names are a continual source of confusion. Fully-qualified domain names (FQDNs) are always needed for DNS to work correctly. The Internet domain hierarchy is in a tree format, with the first-level domains at the top. FQDNs are read right-to-left. For example, in server1.bratgrrl.com,
- com is the first-level domain (like .org, .net, .gov, .info, and so forth),
- bratgrrl is the second-level domain name, and
- server1 is the specific machine hostname.
Setting the hostname on a Linux PC is easy. In /etc/hostname, give the machine a hostname only, such as server1, and in /etc/hosts, give the FQDN mapped to the IP address, then the hostname:
192.168.1.110 server1.bratgrrl.com server1
Use the hostname and the dnsdomainname commands to test that it was done correctly:
$ hostname
server1
$ dnsdomainname
bratgrrl.com
Red Hat does this slightly differently; it uses /etc/sysconfig/network. Other Linuxes may vary as well, so check your documentation. The various Windows versions vary somewhat, too; start at the Network and Dial-Up Connections control panel. Just because it's easy doesn't mean you should do it; changing hostnames will affect a variety of network functions.
There are two types of domains: Internet-connected and private. The first- and second-level names only matter for Internet-connected domains -- for running Web, mail, and FTP servers, and such. For these you have to purchase unique names in an approved format from a domain name registrar. For a strictly local domain on a private LAN, you can name your hosts anything you like: server.here.andnow, this.weird.name.because.ican, etc.
In Part 2 we'll take a look at running a DNS server, security considerations, and mixed networks. Please see Resources for excellent companion articles.
Resources
Internet Assigned Numbers Authority
Tinydns: Kiss Your Bind Good-Bye
Kiss Your BIND Good-bye: In-Depth Configuration with Tinydns
djbdns home page
Stroud's CWSApps, search here for a variety of Windows DNS and proxy software
man resolver, man hosts
» See All Articles by Columnist Carla Shroder