The named service executes the DNS (Dynamic Name Service) server daemon. It converts host names to IP addresses and vice versa. There are several different kinds of DNS servers, such as primary server, slave server and cached server etc. Its data is stored in the directory /var/named.
The Domain Name System (DNS) is the hierarchical, distributed database. It stores information for mapping Internet host names to IP addresses and vice versa, mail routing information, and other data used by Internet applications.
The data stored in the DNS is identified by domain names that are organized as a tree according to organizational or administrative boundaries. Each node of the tree, called a domain, is given a label. The domain name of the node is the concatenation of all the labels on the path from the node to the root node. This is represented in written form as a string of labels listed from right to left and separated by dots. A label need only be unique within its parent domain.
For administrative purposes, the name space is partitioned into areas called zones, each starting at a node and extending down to the leaf nodes or to nodes where other zones start. The data for each zone is stored in a name server, which answers queries about the zone using the DNS protocol
Clients look up information in the DNS by calling a resolver library, which sends queries to one or more name servers and interprets the responses. The BIND 9 software distribution contains both a name server and a resolver library. This service is not usually used on a server because most servers are not designated to be DNS servers. An organisation typically only implements a small number of DNS servers. For DNS client use, just configure /etc/resolve.conf – this daemon is not needed for DNS clients.
Service Control
This service is handled by init.d script /etc/init.d/named. Its usage is as follows:
# /sbin/service named Usage: /etc/init.d/named {start|stop|status|restart|condrestart|reload|probe}
Start the service as follows:
# /sbin/service named start Starting named: [ OK ]
Stop the service as follows:
# /sbin/service named stop Stopping named: [ OK ]
Check if the serivce is started or stopped:
# /sbin/service named status
Restart the service like this:
# /sbin/service named restart Stopping named: [ OK ] Starting named: [ OK ]
If the service is started, then restart it; otherwise do nothing.
# /sbin/service named condrestart Stopping named: [ OK ] Starting named: [ OK ]
Reload the service:
# /sbin/service named reload Reloading named: [ OK ]
Probe the service status using /usr/sbin/rndc command
# service named probe start
Query runlevel information for the service:
# /sbin/chkconfig --list named named 0:off 1:off 2:off 3:off 4:off 5:off 6:off
Configuration
The named service is complex to describe in detail here. /etc/named.conf is the configuration file for named. Statements are enclosed in braces and terminated with a semi-colon. Clauses in the statements are also semi-colon terminated. Below is an example named.conf file.
# cat /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // // See the BIND Administrator's Reference Manual (ARM) for details about the // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html options { listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; }; /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; dnssec-enable yes; dnssec-validation yes; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";