My Home Network Step by Step

Giving Names to Computers (DNS setup)

The Domain Name System (DNS)

In the Windows PC world this is just a name you set in "System Properties" when you look for net shared resources, you see those names, and you use those names to move files between shared folders and use remote printers.

In the Linux and Unix realm there is much more. Each computer may have a lot of running services (time service, web, file transfer, backup, remote connections and more ...), a computer is often use by a remote connection and you need a real name for each computer, as you need a network number for it (IP number).

As we ave seen elsewhere, computer numbers are network addresses (IP addresses), usually expressed in a dotted notation, as:, the first part of the address represents a network, the last part a computer.

Humans use names to refer to things, net software uses IP numbers, so there is the need to translate names to number to use remote computers and services running on them.

The old (very old) way to do this was put names and numbers in a configuration file (/etc/hosts) on each computer. The net software looks into this file to find numbers. But you need to copy this file on all your computers, and to update all the copies of this file each time you add a computer or change a name. This is a long job, so DNS was invented as soon as the net began to grow (1983-84), and the first DNS servers where written.

The DNS server. is a computer program which maintain a database with numbers and names, it listens to the net for name queries, and returns the IP number corresponding to a name or the name corresponding to a number.

Computer names are written in the well known dotted notation, i.e. some simple names, divided by dots (as The names reflect a hierarchical structure: eu is the main domain for the Europe, managed by EURid ( helldragon is my domain name, managed by my provider (on behalf of myself), www is a computer name.

The database with all the numbers and names is named DNS and is a distributed database; each organization mantains its part of the database, on it's computers, each with its DNS server. The DNS servers of the main domains ( i.e. .eu) are named "root servers", and contain only the names and numbers of the nameservers for their sub-domains.

The name search is done in a hierarchical way too, in a top-down way: when your network software looks for, it goes to the .eu server, which doesn't contain numbers of computers in the helldragon domain, but returns the address of the nameserver holding the helldragon domain, so your computer can ask the helldragon nameserver for the number of the computer named www.

A name server can be "recursive": you ask it and it goes to the root nameservers and all the subdomains, then give you the final answer.

A name server holding the main informations for a domain is said to be "authoritative" for that domain, there are also "secondary" name servers, which contain copies of the database, and "cache-only" nameservers, which don't contain a real database, but remember the preceding queries holding them in a memory area called "cache"; in this way, when you ask again, the answer is ready for you. A name server can be configured also with forwarders: it forwards requests to other name servers (forwarders), and only if they don't give an answer, make the search by himself.

Cache is important: all the nameservers have a cache; in the top-down scheme all the queries begin from the root name servers, they would be overloaded; but if you ask a cache nameserver, making recursive queries, you have a ready answer without going to the root domains. Using caches and recursive nameservers, the queries are done a bit top-down, a bit bottom-up,root servers are saved and you have a fast answer. Some applications, as IE, mantain also their cache of IP numbers and names.

The DNS system is crucial component for a working internet, it's managed by the "Internet Corporation for Assigned Names and Numbers", ( and is somewhat controlled by the US government; companies registering domain names must be accredited by the ICANN, and pay an annual fee.
Through the "Internet Assigned Numbers Authority" (IANA ICANN manage the root servers (with the top level domain names) and the IP number distribution. There is also a top level domain for each country, managed by each country in an autonomous way.

To find names and number in internet the DNS must be unique, but some people didn't like the management of the DNS and organized their own DNS; see for example: ORSN ( , which manage a set of alternative root servers (in sync with ICANN DNS), OPENNIC (, ( , "Cesidian root" ( or ( which add new top level domains.

The alternative DNS and root domains hadn't much success, this is a good thing: having different name systems would make many sites unrachable and the internet more complicated.

DNS Configuration

But let's return to our problem: giving names to the computers of our LAN.

This problem is solved by running a private name server on one of ours computers; all our computer will be configured to make queries to this nameserver, which will be authoritative for our private domain, and will forward all other queries to the name servers of our provider, which, we hope, will have a big cache. Our private nameserver can maintain a cache too.

I'll name my private domain as "miodominio" and want to name my computer with IP number as nessie.miodominio, shenron.miodominio will be the computer Normally your names will not be visible out of your LAN, your nameserver will be on an hidden computer, in your private network, nobody from the net can see it.

Each Linux distribution comes with the program bind, as a nameserver. This program is maintained by The Internet Software Consortium ( ) and is used by the most of DNS servers.
Sometimes it is installed by default, configured as a cache-only name server, and you have only to adjust the configuration.
Otherwise use the package manager of your distribution and install it. With debian it's easy, as root, I type in a terminal window:

apt-get install bind9

Here I'll describe only the essential needed to have a working system, but, if you want all the details of the configuration, you can read the DNS how to (; there are also some books on DNS, as:
"The Concise Guide to DNS and BIND" by Nicolai Langfeldt, published by Que;
"DNS and BIND" by Cricket Liu and P. Albitz, published by O'Reilly;<

The file: named.conf

In Linux Debian the main configuration file is /etc/bind/named.conf, in other distributions you can find a file: /etc/named.conf ; as usual: all Linuxes are a bit different ...

Let's see the important parts of this file:

acl "clienti_autorizzati" { 127/8 ; ; };
with this statement I define an access lists, which will be used below, you really needn't this.

At the beginning of the file we have a number of options, defining the DNS server behavior, there are many possible options, documented in the bind manual; in my named.conf file I have the followings:

options {
         directory "/var/cache/bind";
         forward first ;                
         forwarders {
this says that all temporary files go to /var/cache/bind, that, before a search, the forwarders are to be queried, and gives the IP number of the forwarders (here the DNS servers of my network provider).
       recursion yes;        
       allow-recursion { clienti_autorizzati; }; 
This makes possible recursive search on behalf of authorized clients, I do this hoping that the DNS server will obtain a bigger cache.

After the options we have a description of the name zones managed by this name server.

zone "." {
        type hint;
        file "/etc/bind/db.root";
this says that the db.root file contains the IP numbers of the root name servers, the servers from which the recursive searches start.

      zone "miodominio" {
             type master;
             file "/etc/bind/db.miodominio"; 
             allow-transfer {     
This defines my DNS zone, my nameserver is authoritative for the zone: miodominio, it is the main (or master) server for the zone, the IP numbers and names are in the file db.miodominio
With the allow-transfer instruction you can limit the computers which can ask to copy the zone database to your DNS. I have a secondary name server with IP:, this computer is allowed to copy the database.
"notify no" make your DNS silent, it will tell something only if asked to.

zone "" {
              type master;
              file "/etc/bind/db.192.168.1"; 
              allow-transfer {     
This is a fictious zone, used to translate numbers to names, we are the master server for this zone too.

Then we have other zones, corresponding to your loopback address, (i.e. as the computer sees himself); for these zones you can keep the defaults:

zone "localhost" {
           type master;
           file "/etc/bind/db.local";
zone "" {
           type master;
          file "/etc/bind/db.127";

The Zone Files

My numbers and names are kept in the file: db.miodominio, this is a "zone" file, the DNS database; we can have different information in this file, other than numbers and names; the term "record" is used for these informations, we have a SOA record, an A record etc.: the main records are:

SOA  : means the starting of a name domain, and give some options
NS:   give the name servers of the domain  
A :  an IP number 
MX : the computer which relay mail for this domain
CNAME : an alias for a computer name
PTR : a pointer to another record    
TXT : a textual comment 

Here an excerpt of my db.miodominio file:

$TTL        86400
@  IN  SOA  nessie.miodominio. root.nessie.miodominio. (
               2002101220     ; Serial: numero version number (date)
               604800         ; Refresh period : each week
               86400          ; Retry period   : once a day
               2419200        ; Expire
               86400 )        ; Cache TTL: time to live in the caches
        IN      NS      nessie.miodominio.
        IN      NS      shenron.miodominio.
        IN      MX   10   nessie.miodominio. 
        IN      MX   20   shenron.miodominio.     
nessie  IN      A 
        IN      HINFO  "PC" "Linux"       
        IN      TXT    " Il vecchio drago di casa" 
        IN      TXT    " Il Drago del Lago " 
        IN      TXT    " AMD K6 200  "
        IN      TXT    ""
;                services for my domain, on nessie
master  IN      CNAME    nessie
www     IN      CNAME    nessie 
mail    IN      CNAME    nessie 


The SOA record give some data for your zone: nessie.miodominio is the master name server, the mail for the management of this zone is to be send to the user root; then there are numbers telling how long secondary DNS can save your data in their database without updating them.

TTL is the "time to leave" of your zone, after 86400 seconds (24 hours) your zone data are thrown away from the cache of the name servers, and the queries are to repeated. If you seldom make changes to your configuration you can give an higher value.

The NS records with tell the name of the nameservers of your zone, here I have a master name server: nessie, and a secondary one (shenron), which maintains a copy of the master's data. In an home network you don't really need many nameservers, one may be enough, but real domains have a master nameserver and 2-3 secondaries in case the master nameserver where unavailable.

MX tells to which computer the mail for the domain must be sent, here mail is sent to nessie, if nessie is not found, to shenron.

Then you have detailed data for each computer. For nessie you have the address:, an information on the hardware (HINFO), and some comments (TXT records)

A computer can have also aliases (record CNAME); here we tell than nessie can also be called as master, www or mail. In this way a service can be redirected: looking for www.miodominio means going the the web server on nessie. This is the kind of redirection which is used for google services.

That's nearly all; to find names of a given IP number there is a "reverse" zone, which essentially contains PTR records, which are "pointers" to the main records in your zone: the file: db.192.168.1 contain:

@   IN   SOA  nessie.miodominio. root.nessie.miodominio. (
              1         ; Serial
              604800    ; Refresh
              86400     ; Retry
              2419200   ; Expire
              604800 )  ; Negative Cache TTL
@       IN      NS      nessie.miodominio.
        IN      NS      shevron.miodominio.
1       IN      PTR     nessie.miodominio.
2       IN      PTR     shevron.miodominio.
3       IN      PTR     grisou.miodominio.
This means that if you search for you have to refer to the computer: nessie.miodominio, if you search for you have to refer to shevron.miodominio and so on.

Starting our DNS

Yes, it's easy. Try to prepare your files, then use the program: named-checkconf, to test your configuration file and the program: named-checkzone, to test the zone files i.e. run someting as:

named-checkzone miodominio miodominio.db 

To make your DNS reload it's configuration files and database use:

rndc reload 
the programs host or dig make queries, test your nameserver with these programs.
host nessie 
sould give:
nessie.dragons has address

Finally you have to instruct all your computers to ask to your nameserver; usually this is done by putting the nameserver addresses in the file: /etc/resolv.conf. This file contains the addresses of the nameservers and the domains which are searched for names given whitout a full domain suffix:

 search miodominio 

There is also the file: /etc/nsswitch.conf which should contain a line as:

hosts:    files  dns 
which instructs your computer to look first in the /etc/hosts file, then to ask the nameservers. If you put:
 hosts:  dns files
The dns server are queried first.

Really, if you have few computers, you can use the old way: a file /etc/hosts with name and numbers on each computer, without struggling with DNS management. Windows has a file equivalent to /etc/hosts, it is named lmhost, and can be found in: Windows\System32\Drivers\Etc.