Chinaunix首页 | 论坛 | 博客
  • 博客访问: 442421
  • 博文数量: 112
  • 博客积分: 4451
  • 博客等级: 上校
  • 技术积分: 1063
  • 用 户 组: 普通用户
  • 注册时间: 2009-02-23 10:19
个人简介

更多精品http://shop65927331.taobao.com

文章分类

全部博文(112)

文章存档

2011年(19)

2010年(54)

2009年(39)

分类: LINUX

2009-06-01 22:47:57

<>
Chapter 12 DNS configuration

DNS : Domain name system

Fully Qualified Domain Name ( FQDN )

 

Installing the Software

    Installing the package installs all the files necessary to set up DNS. The installa-tion creates a directory /var/named and places two files, /var/named/named.caand /var/named/named.local here. These files are used for localhost lookups. Two files are created in the /etc directory: /etc/named.conf and /etc/named.boot.Four files are created in /usr/sbin; these files are named, named-boot, named-xfer,and rndc. The file /usr/sbin/named is the name server daemon; named-boot is a Perl script that converts named.boot files to named.conf files; named-xfer is a transfer program for external zone files; and rndc is the name server daemoncontrol program. The rndc program is a shell script that interacts with the named daemon to provide status information, and can also be used to start, stop, or restart the named daemon.

 

  The three types of local domain name servers are master, slave, and caching servers.

  The master contains all the information about the domain and supplies this information when requested. A master server is listed as an authoritative server when it contains the information you are seeking and it can provide that information.

  The slave is intended as a backup in case the master server goes down or is not available. This server contains the same information as the master and provides it when requested if the master server cannot be contacted.

   A caching server does not provide information to outside sources; it is used to provide domain information to other servers and workstations on the local network. The caching server remembers the domains that have been accessed.

 

Examining Server Configuration Files

 

  Five files to set up the named server. Three files are required regardless of the configuration as a master, slave, or caching-only server, and two files are used on the master server.

  The three required files are:

  1> named.conf — found in the /etc directory, this file contains global properties and sources of configuration files.

  2> named.ca — found in /var/named, this file contains the names and addresses of root servers.

  3> named.local — found in /var/named, this file provides information for resolving the loopback address for the localhost.

The two files required for the master domain server are:

  1> zone — this file contains the names and addresses of servers and workstations in the local domain and maps names to IP addresses

  2> reverse zone — this file provides information to map IP addresses to names

 

      A>The named.conf file,include seven configuration statements:

1>options — lists global configurations and defaults

2>include — gets information from another file and includes it

3>acl — specifies IP addresses used in an access control list

4>logging — specifies log file locations and contents

5>server — specifies properties of remote servers

6>zone — specifies information about zones

7>key — specifies security keys used for authentication

options:
  The options contains information about the location of the files used by named. You can use only one options statement, but you can have more than one value for that statement.
The values that can be used in the options statement :
Value             Meaning
allow-query       Accepts queries only from hosts in the address list (by default
                  queries are accepted from any host).
                  Usage: allow-query {“address-list”};.

allow-transfer    Zone transfers are accepted only by hosts in the address list (by
                  default transfers are allowed to all hosts).
                  Usage: allow-transfer {“address list”};.

auth-nxdomain     The server responds as an authoritative server (defaults to yes).
                  Usage: auth-nxdomain “yes or no”; (choose one).

check-names       Host names are checked for compliance with the RFC.
                  Usage: check-names “master or slave or response warn or fail or
                  ignore”; (choose one from each group).

cleaning-interval Specifies the time period before expired resource records are
                  removed by the server (defaults to 60 minutes).
                  Usage: cleaning-interval “number”; (specify number in minutes).

coresize          Specifies largest size for core dump files.
                  Usage: coresize “size”; (specify size in bytes).

datasize          Limits server memory usage.
                  Usage: datasize “size”; (specify size in bytes).

deallocate-on-exit Detects memory leaks (default is no).
                   Usage: deallocate-on-exit “yes or no”; (choose one).

directory          Path of the directory where server configuration files are
                   located.
                   Usage: directory “path to directory”; (specify path).
dump-file          If named receives a SIGINT signal, it dumps the database to the
                   file specified here (defaults to named_dump.db).

fake-iquery        If set to yes, the server sends a fake reply to inverse queries
                   rather than an error (default is no).
                   Usage: fake-iquery “ yes or no”; (choose one).

fetch-glue         If set to yes, the server obtains the glue records for a response
                   (default is yes).
                   Usage: fetch-glue “yes or no”; (choose one).

files              Limits number of concurrently open files (default is unlimited).
                   Usage: files “number”; (specify number).

forward            If set to first, the servers listed in the forwarders option are
                   queried first, and then the server tries to find the answer itself.
                   If set to only, just the servers in the forwarders list are queried.
                   Usage: forward “first or only”; (choose one).

forwarders         Shows IP addresses of servers to forward queries (default is none).
                   Usage: forwarders “IP addresses of servers”; (specify IP addresses).

host-statistics    If set to yes the server keeps statistics on hosts (default is no).
                   Usage: host-statistics “yes or no”; (choose one).

interface-interval Specifies interval for searching the network for new or removed
                   interfaces (default is 60 minutes).
                   Usage: interface-interval “time”; (specify time in minutes).

listen-on          Specifies port and interfaces on which server listens for queries
                   (default is port 53).
                   Usage: listen-on “port {address list}”; (specify port number and
                   address list).

max-transfer-time-in Specifies time server waits for completion of inbound transfer
                     (default is 120 minutes).
                     Usage: max-transfer-time-in “time”; (specify time in minutes).

memstatistics-file   When deallocate-on-exit is set, specifies the file where memory
                     statistics are written (defaults to named.memstats).
                     Usage: memstatistics-file “path to file”; (specify path and file
                     name).

multiple-cnames      When set to yes, enables multiple CNAME usage (default is no).
                     Usage: multiple-cnames “yes or no”; (choose one).

named-xfer           Specifies path to the named-xfer program.
                     Usage: named-xfer “path to file”; (specify path).

notify               When zone files are updated, this option, when set to yes, sends
                     DNS NOTIFY messages (default is yes).
                     Usage: notify “yes or no”; (choose one).

pid-file             Name of file holding process ID.
                     Usage: pid-file “path to file”; (specify path and file name).

query-source         Specifies port and IP address used to query other servers.
                     Usage: query-source “address port”;(specify IP address and port).

recursion            The server recursively searches for query answers (default is yes).
                     Usage: recursion “ yes or no”; (choose one).

stacksize            The amount of stack memory the server can use.
                     Usage: stacksize “number”; (specify the amount of memory).

statistics-interval  The time interval for logging statistics (default is 60 minutes).
                     Usage: statistics-interval “time”; (specify the time in minutes).

topology             Sets server preference for remote servers.
                     Usage: topology {“address list”};.

transfer-format      When set to one-answer, only one resource record per message
                     is sent. When set to many-answers, as many records as possible
                     are transmitted in each message. (default is one).
                     Usage: transfer-format “one-answer many-answers”; (choose one).

transfers-in         Maximum concurrent inbound zone transfers (default is 10).
                     Usage: transfers-in “number”; (specify the number).

transfers-out        Maximum concurrent outbound transfers.
                     Usage: transfers-out “number”; (specify the number).

transfers-per-ns     Limits inbound transfers from a single server (default is two).
                     Usage: transfers-per-ns “number”; (specify the number).

INCLUDE
The include statement lists the path and name of any files that you want to be included with the named.conf file.

ACL
This option lets you specify a list of IP addresses in an access control list. Only hosts on this list have access to the server.

LOGGING
The logging statement is where you specify your server’s logging options. The logging statement contains two additional items, the channel and the category.
logging {
       channel channel_name {
       (file   path to file
       versions specify number or unlimited
       size specify size in bytes }
If you want to send the information to the syslog, the syntax is:
logging {
        channel channel_name {
        syslog (choose where to send from following choices)
(kern,user,mail,daemon,auth,syslog,lpr,news,uucp,cron,authpriv,ftp,local0 thru local7)
  To discard the information, choose null as the destination.
logging {
        channel channel_name {
        null;)
   The category is where you specify the type of information to log. This value
follows the severity and print parameters and takes the following syntax:
category category name {
channel name; channel name;
};
   You can choose from over 20 categories. These are shown
Category        Type of Information Logged
cname           Information about CNAME references
config          Information about configuration files
db              Information about databases
default         The default if nothing is selected
eventlib        Information about event system debugging
insist          Details about failures from internal consistency checking
lame-servers    Information about lame servers
load            Information about zone loading
maintenance     Information about maintenance
ncache          Information about negative caching
notify          Information about tracing the NOTIFY protocol
os              Information about operating system problems
packet          Dumps of all sent and received packets
panic           Information about faults that shut down the server
parser          Information about processing configuration commands
queries         Information about all received DNS queries
response-checks Information about response-checking results
security        Information about security status of server
statistics      Information about server statistics
update          Information about dynamic updates
xfer-in         Information about inbound zone transfers
xfer-out        Information about outbound zone transfers
 

   Using the categories from the logging statement, you can obtain a large quantity of information about your server. This information can be useful if you are having problems with your DNS. You can enable logging for the area that you think is causing your problem and then read the appropriate log to find any messages that
might indicate an error with your configuration.
 

SERVER
In the server statement you can set the properties of a remote server.
The valid values are:
1> bogus — Specify yes or no (No is the default and indicates that queries are sent to the remote server.) Yes means that the remote server is not queried.
2> transfer — Specify the number of transfers you want to allow.
3> transfer-format — Specify whether you want one-answer or many-answers.
4> keys — Specify key ID (currently not implemented).
 

ZONES

Each zone statement begins with the word zone followed by the domain name and the data class. The four data classes are in, hs, hesiod, and chaos. the default is in,
 

      B>The named.ca file

named.ca, which contains information about the world’s root name servers. This information changes and needs to be updated periodically.
 

      C>The named.local file
named.local contains information about the local domain.

      D>Zone files
Zone files contain resource records (RR) about IP addresses. A zone file can contain many types of RRs, which are listed in the order in which they generally appear in the zone files,
SOA — START OF AUTHORITY                                                               
Each zone file has only one SOA, and it contains the following data:
@  IN SOA main.tactechnology.com.
 
2000052101 ; Serial
  8h            ;Refresh
  2h            ;Retry
 
1w            ;Expire
  1d)           ;Minimum TTL

NS — NAME SERVERS IN THIS DOMAIN
A — THE IP ADDRESS FOR THE NAME

PTR — POINTER FOR ADDRESS NAME MAPPING

CNAME — CANONICAL NAME

MX RECORD — MAIL EXCHANGE RECORD

TXT — TEXT INFORMATION

WKS — WELL-KNOWN SERVICE

HINFO — HOST INFORMATION
 

      E>The reverse zone file:tac.rev

This file is used to provide information for reverse lookups.

---------------------------------
Configuring a Caching Server
1>check:/etc/named.conf
2>check:/etc/named.ca
3>check:/var/named/named.local  //(usually don’t have to make any changes)
4>check:/etc/nsswitch.conf
5>check:/etc/resolv.conf
6>check:/etc/host.conf
---------------------------------

Configuring a Slave Server
   On the server you want to be the slave, go to the /etc/named.conf file and add two more zones, one for the forward lookup of your server, and one for the reverse lookup. For the forward lookup, you need to add the following. (For this example, the master server is called main.tactechnology.com, and the slave is p200. tactechnology.com.)
For the forward lookup:
zone “tactechnology.com” {
     notify no;
     type slave;
     file “tactech.com”;
     masters { 192.168.1.1; };
};
  For the reverse lookup you add this section:
zone “1.168.192.in-addr.arpa” {
     notify no;
   type slave;
   file “tac.rev”;
   masters { 192.168.1.1; };
};

------------------------------------
Configuring a Master Server
Assuming that you already set up this server as a caching-only server, you just need to add the following lines to /etc/named.conf. (This example uses the names you defined earlier; )
zone “tactechnology.com” {
      notify no;
      type master;
      file “tactech.com”;
};
   For the reverse lookup you add this section:
zone “1.168.192.in-addr.arpa” {
      notify no;
      type master;
      file “tac.rev”;
};
you now need to create the zone files that are referenced by the /etc/named.conf file. First you create the file /var/named/tactech.com by beginning with the Start of Authority section (SOA).
@   IN   SOA    main.tactechnology.com.mail.tactechnology.com. ( /
                  
200005203      ; Serial/
                       8h; Refresh/
                       2h; Retry/
                       
1w; Expire/
                       1d); Minimum TTL/
   Next you add name server and mail exchange information.
NS    main.tactechnology.com./
NS    terry.tactechnology.com./
MX    10 main;Primary Mail Exchanger/
MX    20 p200;Secondary Mail Exchanger/
  Finally, you add information about your localhost, mail, FTP and Web server.You can also add information about every workstation on your network.
  Next you set up the reverse lookup zone file which is called tac.rev. Again, you
need to start with the SOA header as shown:
@  IN   SOA main.tactechnology.com.         mail.tactechnology.com.(
             200005203   ;Serial
             8h          ; Refresh
             2h          ; Retry
             1w          ; Expire
             1d)         ; Minimum TTL
  Next you add the information about your name servers and their IP addresses.
             NS        main.tactechnology.com.
1             PTR       main.tactechnology.com.
2             PTR       p200.tactechnology.com.

-----------------------------------
Using DNS Tools
The three very useful tools available for troubleshooting DNS problems that are included with BIND are
     1> nslookup
     2> host
     3> dig

-------END---------











 

 

阅读(1207) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~