Sles 11 dns server setup

I was able to perform these steps in my lab and it all works like a champ! I saw so long ago a well-written manual.

Boys from Novell should be learning to write guides. This is the kind of writing that made Cool Solutions cool, and we need more of this. If you have other processes that you feel are not adequately explained in the docs, please cook up another helping. Your email address will not be published. IT Modernization. SAP Solutions. AI and Analytics. Hybrid Cloud Solutions. Nonstop IT. Exit Federal Government.

Partner Program. Find a Partner. Become a Partner. Open Source Projects. SUSE Italia. SUSE Israel. SUSE Luxembourg. SUSE Nederland. When starting the module for the first time, a wizard starts, prompting you to make a few decisions concerning administration of the server. Completing this initial setup produces a basic server configuration. The wizard consists of three steps or dialogs. At the appropriate places in the dialogs, you are given the opportunity to enter the expert configuration mode.

When starting the module for the first time, the Forwarder Settings dialog, shown in Figure For more information about netconfig, see man 8 netconfig. Enter their IP address and click Add. The DNS Zones dialog consists of several parts and is responsible for the management of zone files, described in Section For a new zone, provide a name for it in Name. To add a reverse zone, the name must end in. Finally, select the Type master, slave, or forward.

See Figure Click Edit to configure other settings of an existing zone. To remove a zone, click Delete. You can also activate LDAP support. After starting the module, YaST opens a window displaying several configuration options. Completing it results in a DNS server configuration with the basic functions in place:.

Under Start-Up , define whether the DNS server should be started when the booting the system or manually.

Any changes to zone data written to the LDAP database are picked up by the DNS server as soon as it is restarted or prompted to reload its configuration. If your local DNS server cannot answer a request, it tries to forward the request to a Forwarder , if configured so.

This forwarder may be added manually to the Forwarder List. If the forwarder is not static like in dial-up connections, netconfig handles the configuration. In this section, set basic server options. From the Option menu, select the desired item then specify the value in the corresponding entry field. Include the new entry by selecting Add.

To set what the DNS server should log and how, select Logging. In the latter case, additionally specify a name, the maximum file size in megabytes and the number of logfile versions to store. Further options are available under Additional Logging.

For this reason, it is not a good idea to enable this option for other than debugging purposes. To log the data traffic during a zone transfer from master to slave, enable Log Zone Transfer. Use this dialog to define ACLs access control lists to enforce access restrictions. After providing a distinct name under Name , specify an IP address with or without netmask under Value in the following fashion:. The syntax of the configuration file requires that the address ends with a semicolon and is put into curly braces.

They are described in Section Confirm your choices with Generate. To use a previously created key, leave the Key ID field blank and select the file where it is stored under Filename. After that, confirm with Add. To limit access to the server, select one of the ACLs from the list. When adding a master zone, a reverse zone is also needed. For example, when adding the zone example. By definition, this should be named 1.

The basic dialog, shown in Figure The key must have been defined before the update action starts. To enable zone transfers, select the corresponding ACLs. ACLs must have been defined already. In the Basics dialog, select whether to enable zone transfers. Use the listed ACLs to define who can download zones. The NS Records dialog allows you to define alternative name servers for the zones specified.

Make sure that your own name server is included in the list. To add a record, enter its name under Name Server to Add then confirm with Add. To add a mail server for the current zone to the existing list, enter the corresponding address and priority value. After doing so, confirm by selecting Add. This page allows you to create SOA start of authority records.

For an explanation of the individual options, refer to Example This dialog manages name resolution. In Record Key , enter the hostname then select its type. A-Record represents the main entry. The value for this should be an IP address. CNAME is an alias. These three types resolve to an existing A record.

PTR is for reverse zones. It is the opposite of an A record, for example:. After adding a forward zone, go back to the main menu and select the reverse zone for editing. There in the tab Basics activate the check box Automatically Generate Records From and select your forward zone. That way, all changes to the forward zone are automatically updated in the reverse zone.

If you already have a functioning Internet connection and have entered BIND carries out name resolution via the root name server, a notably slower process. If this works so far, the name server runs as a pure caching-only name server. Only when you configure its own zones it becomes a proper DNS. Depending on the type of Internet connection or the network connection, the name server information can automatically be adapted to the current conditions.

However, do not set up an official domain until one is assigned to you by the responsible institution. Even if you have your own domain and it is managed by the provider, you are better off not using it, because BIND would otherwise not forward requests for this domain. The Web server at the provider, for example, would not be accessible for this domain. To start the name server, enter the command rcnamed start as root. Test the name server immediately on the local system with the host or dig programs, which should return localhost as the default server with the address For the first test, enter host If you get an error message, use rcnamed status to see whether the server is actually running.

To use the name server of the provider or one already running on your network as the forwarder, enter the corresponding IP address or addresses in the options section under forwarders. The addresses included in Example Adjust these entries to your own setup. The options entry is followed by entries for the zone, localhost , and 0.

In this chapter only the fundamental mechanisms and the relevant network configuration files are covered. It is not a single network protocol, but a family of network protocols that offer various services. The protocols listed in Table RFC stands for Request for Comments.

RFCs are documents that describe various Internet protocols and implementation procedures for the operating system and its applications.

The RFC documents describe the setup of Internet protocols. To expand your knowledge of any of the protocols, refer to the appropriate RFC documents. Transmission Control Protocol: a connection-oriented secure protocol. The data to transmit is first sent by the application as a stream of data and converted into the appropriate format by the operating system.

The data arrives at the respective application on the destination host in the original data stream format it was initially sent. TCP determines whether any data has been lost or jumbled during the transmission. TCP is implemented wherever the data sequence matters.

User Datagram Protocol: a connectionless, insecure protocol. The data to transmit is sent in the form of packets generated by the application. The order in which the data arrives at the recipient is not guaranteed and data loss is possible. UDP is suitable for record-oriented applications.

It features a smaller latency period than TCP. In addition, it provides a special echo mode that can be viewed using the program ping. As shown in Figure The actual network layer is the insecure data transfer via IP Internet protocol. On top of IP, TCP transmission control protocol guarantees, to a certain extent, security of the data transfer.

The IP layer is supported by the underlying hardware-dependent protocol, such as ethernet. The diagram provides one or two examples for each layer. The layers are ordered according to abstraction levels. The lowest layer is very close to the hardware. The uppermost layer, however, is almost a complete abstraction from the hardware. Every layer has its own special function. The special functions of each layer are mostly implicit in their description.

The data link and physical layers represent the physical network used, such as ethernet. Almost all hardware protocols work on a packet-oriented basis. The data to transmit is collected into packets it cannot be sent all at once.

Packets are normally quite smaller, as the network hardware can be a limiting factor. The maximum size of a data packet on an ethernet is about fifteen hundred bytes. If more data is transferred, more data packets need to be sent by the operating system. For the layers to serve their designated functions, additional information regarding each layer must be saved in the data packet. This takes place in the header of the packet. Every layer attaches a small block of data, called the protocol header, to the front of each emerging packet.

The proof sum is located at the end of the packet, not at the beginning. This simplifies things for the network hardware. When an application sends data over the network, the data passes through each layer, all implemented in the Linux kernel except the physical layer. Each layer is responsible for preparing the data so it can be passed to the next layer. The lowest layer is ultimately responsible for sending the data.

The entire procedure is reversed when data is received. Like the layers of an onion, in each layer the protocol headers are removed from the transported data. Finally, the transport layer is responsible for making the data available for use by the applications at the destination.

In this manner, one layer only communicates with the layer directly above or below it. Likewise, it is irrelevant for the data line which kind of data is transmitted, as long as packets are in the correct format. The discussion in this section is limited to IPv4 networks. Every computer on the Internet has a unique bit address. These 32 bits or 4 bytes are normally written as illustrated in the second row in Example In decimal form, the four bytes are written in the decimal number system, separated by periods.

The IP address is assigned to a host or a network interface. It can be used only once throughout the world. There are exceptions to this rule, but these are not relevant to the following passages. The points in IP addresses indicate the hierarchical system. Until the s, IP addresses were strictly categorized in classes. However, this system proved too inflexible and was discontinued.

Now, classless routing CIDR, classless interdomain routing is used. Netmasks are used to define the address range of a subnetwork. If two hosts are in the same subnetwork, they can reach each other directly. If they are not in the same subnetwork, they need the address of a gateway that handles all the traffic for the subnetwork. If the result is identical, both IP addresses are in the same local network.

If there are differences, the remote IP address, and thus the remote interface, can only be reached over a gateway. To understand how the netmask works, look at Example The netmask consists of 32 bits that identify how much of an IP address belongs to the network. All those bits that are 1 mark the corresponding bit in the IP address as belonging to the network. All bits that are 0 mark bits inside the subnetwork. This means that the more bits are 1 , the smaller the subnetwork is.

Because the netmask always consists of several successive 1 bits, it is also possible to just count the number of bits in the netmask. In Example To give another example: all machines connected with the same ethernet cable are usually located in the same subnetwork and are directly accessible.

Even when the subnet is physically divided by switches or bridges, these hosts can still be reached directly. IP addresses outside the local subnet can only be reached if a gateway is configured for the target network.

In the most common case, there is only one gateway that handles all traffic that is external. However, it is also possible to configure several gateways for different subnets. If a gateway has been configured, all external IP packets are sent to the appropriate gateway. This gateway then attempts to forward the packets in the same manner—from host to host—until it reaches the destination host or the packet's TTL time to live expires.

This is the netmask AND any address in the network, as shown in Example This address cannot be assigned to any hosts. The above example therefore results in The address A connection can be set up to your own machine with this address and with all addresses from the complete With IPv6 there is just one loopback address Because IP addresses must be unique all over the world, you cannot just select random addresses.

There are three address domains to use if you want to set up a private IP-based network. These cannot get any connection from the rest of the Internet, because they cannot be transmitted over the Internet. These address domains are specified in RFC and listed in Table As mentioned, an IPv4 address consists of only 32 bits. Also, quite a few IP addresses are lost—they cannot be used due to the way in which networks are organized.

The number of addresses available in your subnet is two to the power of the number of bits, minus two. A subnetwork has, for example, 2, 6, or 14 addresses available.

To connect hosts to the Internet, for example, you need a subnetwork with IP addresses, from which only are usable, because two IP addresses are needed for the structure of the subnetwork itself: the broadcast and the base network address. Combined with the convention to keep private and public address spaces separate, these methods can certainly mitigate the shortage. The problem with them lies in their configuration, which is a chore to set up and a burden to maintain.

To set up a host in an IPv4 network, you need a number of address items, such as the host's own IP address, the subnetmask, the gateway address and maybe a name server address.

All these items need to be known and cannot be derived from somewhere else. With IPv6, both the address shortage and the complicated configuration should be a thing of the past. The following sections tell more about the improvements and benefits brought by IPv6 and about the transition from the old protocol to the new one.

The most important and most visible improvement brought by the new protocol is the enormous expansion of the available address space. An IPv6 address is made up of bit values instead of the traditional 32 bits.

This provides for as many as several quadrillion IP addresses. However, IPv6 addresses are not only different from their predecessors with regard to their length. They also have a different internal structure that may contain more specific information about the systems and the networks to which they belong.

More details about this are found in Section The new host uses its automatic configuration mechanism to derive its own address from the information made available by the neighboring routers, relying on a protocol called the neighbor discovery ND protocol. This method does not require any intervention on the administrator's part and there is no need to maintain a central server for address allocation—an additional advantage over IPv4, where automatic address allocation requires a DHCP server.

Nevertheless if a router is connected to a switch, the router should send periodic advertisments with flags telling the hosts of a network how they should interact with each other. For more information, see RFC and the radvd. IPv6 makes it possible to assign several addresses to one network interface at the same time. This allows users to access several networks easily, something that could be compared with the international roaming services offered by mobile phone companies: when you take your mobile phone abroad, the phone automatically logs in to a foreign service as soon as it enters the corresponding area, so you can be reached under the same number everywhere and are able to place an outgoing call just like in your home area.

With IPv4, network security is an add-on function. IPv6 includes IPsec as one of its core features, allowing systems to communicate over a secure tunnel to avoid eavesdropping by outsiders on the Internet.

Therefore, it is crucial that both protocols are able to coexist not only on the Internet, but also on one system. This is ensured by compatible addresses IPv4 addresses can easily be translated into IPv6 addresses and through the use of a number of tunnels.

See Section Also, systems can rely on a dual stack IP technique to support both protocols at the same time, meaning that they have two network stacks that are completely separate, such that there is no interference between the two protocol versions. With IPv4, some services, such as SMB, need to broadcast their packets to all hosts in the local network. IPv6 allows a much more fine-grained approach by enabling servers to address hosts through multicasting —by addressing a number of hosts as parts of a group which is different from addressing all hosts through broadcasting or each host individually through unicasting.

Which hosts are addressed as a group may depend on the concrete application. There are some predefined groups to address all name servers the all name servers multicast group , for example, or all routers the all routers multicast group.

As mentioned, the current IP protocol is lacking in two important aspects: there is an increasing shortage of IP addresses and configuring the network and maintaining the routing tables is becoming a more complex and burdensome task. IPv6 solves the first problem by expanding the address space to bits. The second one is countered by introducing a hierarchical address structure, combined with sophisticated techniques to allocate network addresses, as well as multihoming the ability to assign several addresses to one device, giving access to several networks.

Addresses of this type are associated with exactly one network interface. Packets with such an address are delivered to only one destination. Accordingly, unicast addresses are used to transfer packets to individual hosts on the local network or the Internet. Addresses of this type relate to a group of network interfaces. Packets with such an address are delivered to all destinations that belong to the group.

Multicast addresses are mainly used by certain network services to communicate with certain groups of hosts in a well-directed manner. Addresses of this type are related to a group of interfaces. Packets with such an address are delivered to the member of the group that is closest to the sender, according to the principles of the underlying routing protocol.

Anycast addresses are used to make it easier for hosts to find out about servers offering certain services in the given network area. All servers of the same type have the same anycast address. Whenever a host requests a service, it receives a reply from the server with the closest location, as determined by the routing protocol. If this server should fail for some reason, the protocol automatically selects the second closest server, then the third one, and so forth.

An IPv6 address is made up of eight four-digit fields, each representing 16 bits, written in hexadecimal notation. They are separated by colons :. Any leading zero bytes within a given field may be dropped, but zeros within the field or at its end may not. Another convention is that more than four consecutive zero bytes may be collapsed into a double colon.

However, only one such :: is allowed per address. This kind of shorthand notation is shown in Example Each part of an IPv6 address has a defined function. The first bytes form the prefix and specify the type of address. The center part is the network portion of the address, but it may be unused. The end of the address forms the host part. With IPv6, the netmask is defined by indicating the length of the prefix after a slash at the end of the address.

An address, as shown in Example In other words, the 64 means that the netmask is filled with 64 1-bit values from the left. Just like with IPv4, the IP address is combined with AND with the values from the netmask to determine whether the host is located in the same subnetwork or in another one.

IPv6 knows about several predefined types of prefixes. Some of these are shown in Table These are used to maintain compatibility with IPv4. Their use still requires a router able to translate IPv6 packets into IPv4 packets.

Several special addresses, such as the one for the loopback device, have this prefix as well. Aggregatable global unicast addresses. As is the case with IPv4, an interface can be assigned to form part of a certain subnetwork.

Link-local addresses. Addresses with this prefix should not be routed and should therefore only be reachable from within the same subnetwork.

Site-local addresses. These may be routed, but only within the network of the organization to which they belong. In effect, they are the IPv6 equivalent of the current private network address space, such as The first part which also contains one of the prefixes mentioned above is used to route packets through the public Internet.

It includes information about the company or institution that provides the Internet access. The second part contains routing information about the subnetwork to which to deliver the packet. The third part identifies the interface to which to deliver the packet. This also allows for the MAC to form part of the address.

Given that the MAC is a globally unique, fixed identifier coded into the device by the hardware maker, the configuration procedure is substantially simplified. In fact, the first 64 address bits are consolidated to form the EUI token, with the last 48 bits taken from the MAC, and the remaining 24 bits containing special information about the token type.

On top of this basic structure, IPv6 distinguishes between five different types of unicast addresses:. This address is used by the host as its source address when the interface is initialized for the first time—when the address cannot yet be determined by other means.

The IPv6 address is formed by the IPv4 address and a prefix consisting of 96 zero bits. This type of compatibility address is used for tunneling see Section This type of address can only be used in the local subnetwork.

Packets with a source or target address of this type should not be routed to the Internet or other subnetworks. Addresses of this type are used during automatic configuration to communicate with other hosts belonging to the same subnetwork.

Packets with this type of address may be routed to other subnetworks, but not to the wider Internet—they must remain inside the organization's own network. Such addresses are used for intranets and are an equivalent of the private address space defined by IPv4. Again, the rest is filled with zero bytes. As a completely new feature introduced with IPv6, each network interface normally gets several IP addresses, with the advantage that several networks can be accessed through the same interface.

One of these networks can be configured completely automatically using the MAC and a known prefix with the result that all hosts on the local network can be reached as soon as IPv6 is enabled using the link-local address. The only variable parts of the address are those specifying the site topology and the public topology , depending on the actual network in which the host is currently operating.

For a host to go back and forth between different networks, it needs at least two addresses. One of them, the home address , not only contains the interface ID but also an identifier of the home network to which it normally belongs and the corresponding prefix.

The home address is a static address and, as such, it does not normally change. Still, all packets destined to the mobile host can be delivered to it, regardless of whether it operates in the home network or somewhere outside. This is made possible by the completely new features introduced with IPv6, such as stateless autoconfiguration and neighbor discovery. In addition to its home address, a mobile host gets one or more additional addresses that belong to the foreign networks where it is roaming.

These are called care-of addresses. The home network has a facility that forwards any packets destined to the host when it is roaming outside. In an IPv6 environment, this task is performed by the home agent , which takes all packets destined to the home address and relays them through a tunnel. On the other hand, those packets destined to the care-of address are directly transferred to the mobile host without any special detours.

Both protocols will coexist for some time to come. The coexistence on one system is guaranteed where there is a dual stack implementation of both protocols.

That still leaves the question of how an IPv6 enabled host should communicate with an IPv4 host and how IPv6 packets should be transported by the current networks, which are predominantly IPv4 based. The best solutions offer tunneling and compatibility addresses see Section IPv6 hosts that are more or less isolated in the worldwide IPv4 network can communicate through tunnels: IPv6 packets are encapsulated as IPv4 packets to move them across an IPv4 network.

Such a connection between two IPv4 hosts is called a tunnel. To achieve this, packets must include the IPv6 destination address or the corresponding prefix as well as the IPv4 address of the remote host at the receiving end of the tunnel. A basic tunnel can be configured manually according to an agreement between the hosts' administrators.

This is also called static tunneling. However, the configuration and maintenance of static tunnels is often too labor-intensive to use them for daily communication needs. Therefore, IPv6 provides for three different methods of dynamic tunneling :. IPv6 packets are automatically encapsulated as IPv4 packets and sent over an IPv4 network capable of multicasting. This makes it possible to determine the receiving end of the IPv4 tunnel automatically. However, this method does not scale very well and is also hampered by the fact that IP multicasting is far from widespread on the Internet.

Therefore, it only provides a solution for smaller corporate or institutional networks where multicasting can be enabled. The specifications for this method are laid down in RFC However, a number of problems have been reported regarding the communication between those isolated IPv6 hosts and the Internet.

The method is described in RFC This method relies on special servers that provide dedicated tunnels for IPv6 hosts.

It is described in RFC To configure IPv6, you normally do not need to make any changes on the individual workstations. IPv6 is enabled by default. You can disable it during installation in the network configuration step described in Section 6.

If you want to enable it temporarily until the next reboot, enter modprobe -i ipv6 as root. It is basically impossible to unload the ipv6 module once loaded.

Because of the autoconfiguration concept of IPv6, the network card is assigned an address in the link-local network. Normally, no routing table management takes place on a workstation.

The network routers can be queried by the workstation, using the router advertisement protocol , for what prefix and gateways should be implemented. The radvd program can be used to set up an IPv6 router.

This program informs the workstations which prefix to use for the IPv6 addresses and which routers. The above overview does not cover the topic of IPv6 comprehensively. For a more in-depth look at the new protocol, refer to the following online documentation and books:. In Linux, this conversion is usually carried out by a special type of software known as bind. The machine that takes care of this conversion is called a name server. The names make up a hierarchical system in which each name component is separated by a period.

The name hierarchy is, however, independent of the IP address hierarchy described above. Consider a complete name, such as jupiter. A full name, referred to as a fully qualified domain name FQDN , consists of a hostname and a domain name example. The latter also includes the top level domain or TLD com. TLD assignment has become quite confusing for historical reasons. Traditionally, three-letter domain names are used in the USA.

In the rest of the world, the two-letter ISO national codes are the standard. In addition to that, longer TLDs were introduced in that represent certain spheres of activity for example,. This quickly proved to be impractical in the face of the rapidly growing number of computers connected to the Internet. For this reason, a decentralized database was developed to store the hostnames in a widely distributed manner. This database, similar to the name server, does not have the data pertaining to all hosts in the Internet readily available, but can dispatch requests to other name servers.

The top of the hierarchy is occupied by root name servers. Each root name server knows about the name servers responsible for a given top level domain. DNS can do more than just resolve hostnames. The name server also knows which host is receiving e-mails for an entire domain—the mail exchanger MX.

For your machine to resolve an IP address, it must know about at least one name server and its IP address. Easily specify such a name server with the help of YaST. If you have a modem dial-up connection, you may not need to configure a name server manually at all. The dial-up protocol provides the name server address as the connection is made. The protocol whois is closely related to DNS. With this program, quickly find out who is responsible for any given domain. If you already use the.

For more information, see the host. There are many supported networking types on Linux. Most of them use different device names and the configuration files are spread over several locations in the file system.

For a detailed overview of the aspects of manual network configuration, see Section If NetworkManager is not active, only the first interface with link up with a network cable connected is automatically configured.

Additional hardware can be configured any time on the installed system. The following sections describe the network configuration for all types of network connections supported by SUSE Linux Enterprise Server. After detection, manually configure the interface. For more information, see Section The Overview tab contains information about installed network interfaces and configurations. Any properly detected network card is listed with its name.

You can manually configure new cards, remove or change their configuration in this dialog. If you want to manually configure a card that was not automatically detected, see Section