DekGenius.com
I l@ve RuBoard Previous Section Next Section

6.2 Sample Resolver Configurations

So much for theory—let's now go over what resolv.conf files look like on real hosts. Resolver configuration needs vary depending on whether or not a host runs a local name server, so we'll cover both cases: hosts with local name servers and hosts with remote name servers.

6.2.1 Resolver Only

We, as the administrators of movie.edu, have just been asked to configure a professor's new standalone workstation, which doesn't run a name server. Deciding which domain the workstation belongs in is easy—there's only movie.edu to choose from. However, she is working with researchers at Pixar on new shading algorithms, so perhaps it'd be wise to put pixar.com in her workstation's search list. The search directive:

search movie.edu pixar.com

makes movie.edu her workstation's local domain name and searches pixar.com for names not found in movie.edu.

The new workstation is on the 192.249.249/24 network, so the closest name servers are wormhole.movie.edu (192.249.249.1) and terminator.movie.edu (192.249.249.3). As a rule, you should configure hosts to use the closest name server available first. (The closest possible name server is a name server on the local host; the next closest is a name server on the same subnet or network.) In this case, both name servers are equally close, but we know that wormhole.movie.edu is bigger (it's a faster host, with more capacity). So the first nameserver directive in resolv.conf should be:

nameserver 192.249.249.1

Since this particular professor is known to get awfully vocal when she has problems with her computer, we'll also add terminator.movie.edu (192.249.249.3) as a backup name server. That way, if wormhole.movie.edu is down for any reason, the professor's workstation can still get name service (assuming terminator.movie.edu and the rest of the network are up).

The resolv.conf file ends up looking like this:

search movie.edu pixar.com
nameserver 192.249.249.1
nameserver 192.249.249.3

6.2.2 Local Name Server

Next, we have to configure the university mail hub, postmanrings2x.movie.edu, to use domain name service. postmanrings2x.movie.edu is shared by all groups in movie.edu. We've recently configured a name server on the host to help cut down the load on the other name servers, so we should make sure the resolver queries the name server on the local host first.

The simplest resolver configuration for this case is no configuration at all: don't create a resolv.conf file, and let the resolver default to using the local name server. The hostname should be set to the full domain name of the host so that the resolver can determine the local domain name.

If we decide we need a backup name server—a prudent decision—we can use resolv.conf. Whether or not we configure a backup name server depends largely on the reliability of the local name server. A good implementation of the BIND name server will keep running for longer than some operating systems, so there may be no need for a backup. If the local name server has a history of problems, though—say it hangs occasionally and stops responding to queries—it'd be a good idea to add a backup name server.

To add a backup name server, just list the local name server first in resolv.conf (at the host's IP address or the zero address, 0.0.0.0—either will do), then one or two backup name servers. Remember not to use the loopback address unless you know your system's TCP/IP stack doesn't have the problem we mentioned earlier.

Since we'd rather be safe than sorry, we're going to add two backup name servers. postmanrings2x.movie.edu is on the 192.249.249/24 network, too, so terminator.movie.edu and wormhole.movie.edu are its closest name servers (besides its own). We'll reverse the order in which they're queried from the previous resolver-only example to help balance the load between the two. And because we'd rather not wait the full five seconds for the resolver to try the second name server, we'll lower the timeout to two seconds. The resolv.conf file ends up looking like this:

domain movie.edu
nameserver 0.0.0.0
nameserver 192.249.249.3
nameserver 192.249.249.1

options timeout:2
    I l@ve RuBoard Previous Section Next Section