tinydns data file: quick configuration guide
Pedro Venda
Lisbon, 22 January, 2006
This document is a very brief hands-on description of the tinydns data file syntax. It features a table with all (or nearly all) kinds of configuration lines and an example domain written in 3 equivalent but different ways.
Index
- 1. Copyright, acknowledgements, updates and feedback
- 2. What, Why and to Whom?
- 3. General configuration notes
- 4. Data file syntax table
- 5. Example data files for one domain configuration
- 6. References
1. Copyright, acknowledgements, updates and feedback
- Copyright and license information
Copyright (C) 2006 by Pedro Venda
I'm a linux user since 1998 and I've been a professional system administrator for two years in a previous job. Today I'm an information security consultant and, in my free time at home, a system administrator.
This work is licensed under the Creative Commons Attribution-ShareAlike License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
- Document updates
The most recent version of this document can be found on my website http://www.pjvenda.org under the "IT articles" section. It can be browsed online or downloaded in several formats: [dvi] and [pdf]. [not yet available.]
Revision History
- v1.0 - 22 January, 2006 - original html version
- Feedback-
Corrections, suggestions, questions are always welcome. Feel free to ask questions and point out errors or misleading information.
I can be reached at pjvenda at pjvenda org or at other e-mails listed on my website http://www.pjvenda.org.
2. What, Why and to Whom?
- What is tinydns?
tinydns is part of djbdns: Dr. Daniel Bernstein's collection of Domain Name System tools. But don't take it from me; check out djbdns's overview page http://cr.yp.to/djbdns/blurb/overview.html at his website.
Dr. D. J. Bernstein (djb) is well known for his internet software (djbdns and qmail are just two well known examples) with an oustanding design elegance partly for being unix oriented tools.
The focus on djb's tools is security. Security was the main reason or one of the main reasons that led him to write new SMTP (qmail) and DNS (djbdns) server tools. There's a public security guarantee in which djb offers money to the first person to publicly report a verifiable security hole in the lastest versions of the tools. So far it seems none of the prizes have been collected.
The djbdns's website is located at http://cr.yp.to/djbdns.html and the respective security guarantee is at http://cr.yp.to/djbdns/guarantee.html. - Why I've written this short guide?
There's a short story behind the answer to this question.
I needed to do some complex mail relay reconfigurations and needed to try things out. A Gentoo Linux installation on a virtual machine was the perfect testbench. After that, I needed a DNS domain and of course at least one DNS server. ISC Bind would take forever to compile (Gentoo Linux - virtual machine, remember?) and it is not that intuitive to install. I didn't have much time, so I began thinking about alternatives.
That's when I remembered the Dr. Daniel Bernstein's well known tools and his DNS server. I thought: surely tinydns is smaller and simpler to install configure and put to work than bind. I was right.
Soon after, my private domain had a fully functional DNS service and I found myself impressed with the very clean and simple design of tinydns. First I replaced my home network's DNS service by djbdns (tinydns + dnscache) and then I decided to write this guide because:- My home network's DNS service is now powered by djbdns
This is my public statement for encouraging others to try out djbdns. I firmly believe this software fits very well into the UNIX model and that its architecture, simplicity and security improves service quality. - A short configuration table is good for quick reference in future uses
Publishing this document may proove useful for other people.
The tinydns data file has a simple and very practical syntax for script parsing, but for human reading, I'm not so sure... It becomes less legible because there is a general similarity between different configuration lines. This contrasts with their different meanings defined by one single character: the first one.
This document aims at being a quick reference guide of the tinydns data file configuration syntax.This guide does not, in any way, intend to replace official documentation. It may contain errors (which I'll promptly correct upon reader's reports), and I will not be held responsible for any damage directly or indirectly caused.
- My home network's DNS service is now powered by djbdns
- Who benefits from this document?
The intended audience for this guide are general unix system administrators, people looking for a good DNS service based on an unix operating system or for anyone else curious about tinydns.
3. General configuration notes
This is NOT the main part of the document, but if you don't know tinydns well, it is important to read these notes at least once before diving into the configuration lines. Near the configuration syntax descriptions are links for these notes where needed. data.cdb is the data file tinydns uses internally in runtime. This file however is converted explicitly from a text file called data.
In this text file, each line starts with a special "code" character that defines the purpose and syntax of the rest of the line, generally representing a dns record. Each record is made up of one or several fields delimited by commas. Some fields are optional and may be left blank. Commas delimiting empty fields or spaces and tabs at the end of the lines can be ommited.
Common fields in several types of records are defined next:
- fqdn
- Fully qualified domain name. Something like example.net or host.example.net.
- x
- Host name. If x has a dot in it, it'll be treated literally, as hostname x - for example x could be mail.example.net.
Otherwise, it will be treated as x.RR.fqdn where RR could be ns, mx, etc. depending on the record type - for example if x is just mail in an MX record, tinydns interprets it as mail.mx.example.net. - ip
- Valid ip address written as a.b.c.d. For example 192.168.45.5 is a valid ip address.
- ttl
- Time To Live. Number of seconds the line's dns record may be cached; this field may be left blank: tinydns figures out sensible values for ttl.
- timestamp
- External TAI64 timestamp printed as 16 lowercase hex characters. Depending on the value of ttl, this timestamp has one of two possible meanings:
- ttl is ommited or non-zero: timestamp is starting time for the line's information
- ttl is 0: timestamp is the ending time for the line's information
- lo
- Client location. This is the location identifier for clients. It must be a sequence of one or two lettres. Clients are only in one location.
- ipprefix
- Ip prefix for client locations. A client with ip 192.168.45.12 and another with 192.168.45.36 would match an ip prefix of 192.168.45. Longer prefixes override shorter ones; 192.168 overrides 192.
4. Data file syntax table
This section is the juice of the whole article. It resumes most types (if not all) of DNS records and other configuration lines
| Code | Syntax | Function(s) |
|---|---|---|
| # | #comment | Comment line
|
| % | %lo:ipprefix | Client location range
|
| . | .fqdn:ip:x:ttl:timestamp:lo | SOA, NS and A records
|
| & | &fqdn:ip:x:ttl:timestamp:lo | NS and A records
|
| = | =fqdn:ip:ttl:timestamp:lo | A and PTR records
An NS record should exist somewhere for some prefix of fqdn and another (or the same) for d.c.b.a.in-addr.arpa. |
| + | +fqdn:ip:ttl:timestamp:lo | A record
An NS record should exist somewhere for some prefix of fqdn and another (or the same) for d.c.b.a.in-addr.arpa. |
| @ | @fqdn:ip:x:dist:ttl:timestamp:lo | MX record
|
| - | -fqdn:ip:ttl:timestamp:lo | Temporarily disabled record
|
| ' | 'fqdn:s:ttl:timestamp:lo | TXT record
|
| ^ | ^fqdn:p:ttl:timestamp:lo | PTR record
|
| C | Cfqdn:p:ttl:timestamp:lo | CNAME record
|
| Z | Zfqdn:mname:rname:ser:ref:ret:exp:min:ttl:timestamp:lo | SOA record
|
| : | :fqdn:n:rdata:ttl:timestamp:lo | Generic record
|
5. Example data files for one domain configuration
Let's assume the following settings and hosts for the example domain:
|
|
||||||||||||||||||||||||||||||||||
The above information defines a simple domain with respective nameservers and mail exchangers. The following configuration files are two examples of tinydns configuration files implementing the domain above.
Both configuration files generate equivalent tinydns settings (apart from one small detail: the hostmaster email address) differing only on the text representation of those settings: one being denser than the other.
Compact; small and tidy
example-compact.txt# compact tinydns data file .45.168.192.in-addr.arpa:192.168.45.1:ns.example.net::: &45.168.192.in-addr.arpa:192.168.45.2:ns2.example.net::: @45.168.192.in-addr.arpa:192.168.45.1:relay.example.net:10 @45.168.192.in-addr.arpa:192.168.45.2:relay2.example.net:20 # A, NS and SOA records for example.net; hostmaster mail address # is the implicit default hostmaster@example.net .example.net:192.168.45.1:ns.example.net:: &example.net:192.168.45.2:ns2.example.net::: @example.net:192.168.45.1:relay.example.net:10 @example.net:192.168.45.2:relay2.example.net:20 ^1.45.168.192.in-addr.arpa:ns.example.net::: ^2.45.168.192.in-addr.arpa:ns2.example.net::: =gateway.example.net:192.168.45.254::: Cnscache.example.net:gateway.example.net::: # SUB DOMAIN DELEGATION &dmz.example.net:192.168.90.1:ns.dmz.example.net:::
Verbose; easy to read and interpret
example-verbose.txt# verbose tinydns data file # # REVERSE ZONE # # (reverse) dns servers: primary and secondary Z45.168.192.in-addr.arpa:ns.example.net:hostmaster.example.net:::::::: # NS records &45.168.192.in-addr.arpa::ns.example.net::: &45.168.192.in-addr.arpa::ns2.example.net::: # MX handlers @45.168.192.in-addr.arpa::relay.example.net:10 @45.168.192.in-addr.arpa::relay2.example.net:20 # # FORWARD ZONE: # # SOA record: primary nameserver is ns.example.net and hostmaster # mail address is hostmaster@example.net # (the 'Z' configuration line is the only one that # allows specifying the hostmaster mail address) Zexample.net:ns.example.net:hostmaster.example.net:::::::: # NS records: primary and secondary nameservers &example.net::ns.example.net::: &example.net::ns2.example.net::: # MX records: relay.example.net, distance = 10 # relay2.example.net, distance = 20 @example.net::relay.example.net:10 @example.net::relay2.example.net:20 # A records: ns.example.net, ns2.example.net =ns.example.net:192.168.45.1::: =ns2.example.net:192.168.45.2::: # PTR records: relays are in the same hosts as dns servers +relay.example.net:192.168.45.1::: +relay2.example.net:192.168.45.2::: # more A records: gateway.example.net =gateway.example.net:192.168.45.254::: # CNAME record: nscache.example.net is alias to gateway.example.net Cnscache.example.net:gateway.example.net::: # # SUB DOMAIN DELEGATION # # NS record &dmz.example.net::ns.dmz.example.net::: # A/PTR record for nameserver =ns.dmz.example.net:192.168.90.1:::
6. References
- Official tinydns-data documentation
- Domain name system parameters
- DNS Resource Records
- How to run a DNS server
This work is licensed under a Creative Commons Attribution 2.5 License.
