Библиотека сайта rus-linux.net
| Purchase | Copyright © 2002 Paul Sheer. Click here for copying permissions. | Home |
|
| |
Next: 41. Point-to-Point Protocol Up: rute Previous: 39. smbd Contents
Subsections
- 40.1 Documentation
- 40.2 Configuring
bind- 40.2.1 Example configuration
Local client configuration: /etc/resolv.conf- Top-level config file:
/etc/named.conf - Root name server list:
/var/named/named.ca - Local forward lookups:
/var/named/named.localdomain - Local reverse lookups:
/var/named/named.127.0.0.1 - Authoritative domain file:
/var/named/named.cranzgot.co.za - LAN reverse lookups:
/var/named/named.192.168.2 - Authoritative reverse lookups (1):
/var/named/named.196.28.144 - Authoritative reverse lookups (2):
/var/named/named.160.123.181.44
- 40.2.2 Starting the name server
- 40.2.3 Configuration in detail
- 40.2.1 Example configuration
- 40.3 Round-Robin Load-Sharing
- 40.4 Configuring
namedfor Dialup Use - 40.5 Secondary or Slave DNS Servers
40.
named -- Domain Name Server
In Chapter 27 we dealt with the ``client'' side of DNS. In this chapter we configure the name server that services such requests.
There seems to be a lot of hype that elevates the name server to
something mystical and illusive. In fact, setting up a name server
is a standard and trivial exercise. A name server daemon is also no
heavyweight service: The
named executable is 500 KB and
consumes little CPU.
The package that the name server comes in is called
bind. This chapter assumes a
bind of
approximately
bind-8.2 or later.
bind
stands for Berkeley Internet Name Domain.
The difficulty with setting up a name server is that the configuration files are impossible to construct from the specification without some kind of typing error being made. The solution is quite simple: Never create a name server config file from scratch. Always copy one from an existing working name server. Here we give more example configuration files than explanation. You can copy these examples to create your own name server.
Please note before running
bind that it has security
vulnerabilities. Hence, it may be possible for someone to hack your
machine if you are running an old version. Many people are also skeptical
about even the latest versions of
bind (9.1 at the time of
writing) even though no security holes had been announced for this version.
An alternative is
djbdns, which
is purported to be the ultimate DNS server.
Before you even start working on name server configuration, you should start a new terminal window with the command (Debian alternative in parentheses):
|
tail -f /var/log/messages( tail -f /var/log/syslog ) |
Keep this window throughout the entire setup and testing procedure. From now on, when I refer to messages, I am referring to a message in this window.
40.1 Documentation
The man pages for
named
are
hostname(7),
named-xfer(8),
named(8), and
ndc(8). These
pages reference a document called the
``Name Server Operations Guide for BIND.'' What they actually mean is the
PostScript file
/usr/[share/]doc/bind-<version>/bog/file.psf
(or
/usr/share/doc/bind/bog.ps).
The problem with some of this documentation is that it is still
based on the old (now deprecated)
named.boot
configuration file. There is a script
/usr/doc/bind-<version>/named-bootconf/named-bootconf
(or
/usr/sbin/named-bootconf) that reads a
named.boot
file from stdin and writes a
named.conf file to stdout.
I found it useful to
echo "old config line" |
named-bootconf to see what a new style equivalent would be.
The directory
/usr/[share/]doc/bind[-<version>]/html/contains the most important general information. It is
a complete reference to
bind configuration.
Parallel directories also contain FAQ documents
and various theses on security. A file
style.txt
contains the recommended layout of the configuration files
for consistent spacing and readability. Finally an
rfc/
directory contains the relevant RFCs (see Section 13.6).
40.2 Configuring
bind
There is only one main configuration file for
named:
/etc/named.conf (or
/etc/bind/named.conf on Debian--here
we assume a
/etc/named.conf file for simplicity).
The
named service once used a file
/etc/named.boot, but this has been scrapped. If there
is a
named.boot file in your
/etc directory, then it
is not being used, except possibly by a very old version of
bind.
Here we will show example configurations necessary for typical scenarios of a name server.
40.2.1 Example configuration
The
named.conf file will have in it the line
directory
"/var/named"; (or
directory "/etc/named"; or
directory "/var/cache/bind";).
This directory holds various files containing textual lists of the name to IP address
mappings that
bind will serve.
The following example is a name server for a company that has been
given a range of IP addresses
196.28.144.16/29 (i.e.,
196.28.144.16-
23),
as well as one single IP address (
160.123.181.44). This
example also must support a range of internal IP addresses
(
192.168.2.0-
255) The trick is not to think about
how everything works. If you just copy and edit things in a
consistent fashion, carefully reading the comments,
bind will
work fine. I will now list all necessary files.
Local client configuration:
/etc/resolv.conf
|
domain localdomainnameserver 127.0.0.1 |
Top-level config file:
/etc/named.conf
5 10 15 20 25 30 35 40 45 50 55 |
/* * The ``directory'' line tells named that any further file name's * given are under the /var/named/ directory. */options { directory "/var/named"; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53;}; /* The list of root servers: */zone "." { type hint; file "named.ca";}; /* Forward lookups of the localhost: */zone "localdomain" { type master; file "named.localdomain";}; /* Reverse lookups of the localhost: */zone "1.0.0.127.in-addr.arpa" { type master; file "named.127.0.0.1";}; /* Forward lookups of hosts in my domain: */zone "cranzgot.co.za" { type master; file "named.cranzgot.co.za";}; /* Reverse lookups of local IP numbers: */zone "2.168.192.in-addr.arpa" { type master; file "named.192.168.2";}; /* Reverse lookups of 196.28.144.* Internet IP numbers: */zone "144.28.196.in-addr.arpa" { type master; file "named.196.28.144";}; /* Reverse lookup of 160.123.181.44 only: */zone "44.181.123.160.in-addr.arpa" { type master; file "named.160.123.181.44";}; |
Root name server list:
/var/named/named.ca
5 10 15 20 25 |
; Get the original of this file from ftp://ftp.rs.internic.net/domain/named.root;; formerly ns.internic.net. 3600000 IN NS a.root-servers.net.a.root-servers.net. 3600000 A 198.41.0.4. 3600000 NS b.root-servers.net.b.root-servers.net. 3600000 A 128.9.0.107. 3600000 NS c.root-servers.net.c.root-servers.net. 3600000 A 192.33.4.12. 3600000 NS d.root-servers.net.d.root-servers.net. 3600000 A 128.8.10.90. 3600000 NS e.root-servers.net.e.root-servers.net. 3600000 A 192.203.230.10. 3600000 NS f.root-servers.net.f.root-servers.net. 3600000 A 192.5.5.241. 3600000 NS g.root-servers.net.g.root-servers.net. 3600000 A 192.112.36.4. 3600000 NS h.root-servers.net.h.root-servers.net. 3600000 A 128.63.2.53. 3600000 NS i.root-servers.net.i.root-servers.net. 3600000 A 192.36.148.17. 3600000 NS j.root-servers.net.j.root-servers.net. 3600000 A 198.41.0.10. 3600000 NS k.root-servers.net.k.root-servers.net. 3600000 A 193.0.14.129 . 3600000 NS l.root-servers.net.l.root-servers.net. 3600000 A 198.32.64.12. 3600000 NS m.root-servers.net.m.root-servers.net. 3600000 A 202.12.27.33 |
Local forward lookups:
/var/named/named.localdomain
5 10 |
$TTL 259200@ IN SOA localhost.localdomain. dns-admin.localhost.localdomain. ( 2000012101 ; Serial number 10800 ; Refresh every 3 hours 3600 ; Retry every hour 3600000 ; Expire after 42 days 259200 ) ; Minimum Time to Live (TTL) of 3 days IN NS localhost.localdomain. localhost IN A 127.0.0.1 |
Local reverse lookups:
/var/named/named.127.0.0.1
5 10 |
$TTL 259200@ IN SOA localhost. dns-admin.localhost. ( 2000012101 ; Serial number 10800 ; Refresh every 3 hours 3600 ; Retry every hour 3600000 ; Expire after 42 days 259200 ) ; Minimum Time to Live (TTL) of 3 days IN NS localhost. IN PTR localhost. |
Authoritative domain file:
/var/named/named.cranzgot.co.za
5 10 15 20 25 30 35 40 45 |
$TTL 259200@ IN SOA ns1.cranzgot.co.za. dns-admin.ns1.cranzgot.co.za. ( 2000012101 ; Serial number 10800 ; Refresh every 3 hours 3600 ; Retry every hour 3600000 ; Expire after 42 days 259200 ) ; Minimum Time to Live (TTL) of 3 days IN NS ns1.cranzgot.co.za. IN NS ns2.cranzgot.co.za. IN A 160.123.181.44 IN MX 10 mail1.cranzgot.co.za. IN MX 20 mail2.cranzgot.co.za. ; We will use the first IP address for the name server itself:ns1 IN A 196.28.144.16 ; our backup name server is faaar away:ns2 IN A 146.143.21.88 ; FTP server:ftp IN A 196.28.144.17 ; Aliases:www IN CNAME cranzgot.co.za.mail1 IN CNAME ns1.cranzgot.co.za.mail2 IN CNAME ns2.cranzgot.co.za.gopher IN CNAME ftp.cranzgot.co.za.pop IN CNAME mail1.cranzgot.co.za.proxy IN CNAME ftp.cranzgot.co.za. ; Reserved for future web servers:unused18 IN A 196.28.144.18unused19 IN A 196.28.144.19unused20 IN A 196.28.144.20unused21 IN A 196.28.144.21unused22 IN A 196.28.144.22unused23 IN A 196.28.144.23 ; local LAN:pc1 IN A 192.168.2.1pc2 IN A 192.168.2.2pc3 IN A 192.168.2.3pc4 IN A 192.168.2.4; and so on... to 192.168.2.255 |
LAN reverse lookups:
/var/named/named.192.168.2
5 10 15 |
$TTL 259200@ IN SOA ns1.cranzgot.co.za. dns-admin.ns1.cranzgot.co.za. ( 2000012101 ; Serial number 10800 ; Refresh every 3 hours 3600 ; Retry every hour 3600000 ; Expire after 42 days 259200 ) ; Minimum Time to Live (TTL) of 3 days IN NS ns1.cranzgot.co.za. 1 IN PTR pc1.cranzgot.co.za.2 IN PTR pc2.cranzgot.co.za.3 IN PTR pc3.cranzgot.co.za.4 IN PTR pc4.cranzgot.co.za.; and so on... to 255 |
Authoritative reverse lookups (1):
/var/named/named.196.28.144
5 10 15 20 25 30 35 40 |
$TTL 259200@ IN SOA ns1.cranzgot.co.za. dns-admin.ns1.cranzgot.co.za. ( 2000012101 ; Serial number 10800 ; Refresh every 3 hours 3600 ; Retry every hour 3600000 ; Expire after 42 days 259200 ) ; Minimum Time to Live (TTL) of 3 days IN NS dns.big-isp.net. 0 IN NS dns.big-isp.net.1 IN NS dns.big-isp.net.2 IN NS dns.big-isp.net.3 IN NS dns.big-isp.net.4 IN NS dns.big-isp.net.5 IN NS dns.big-isp.net.6 IN NS dns.big-isp.net.7 IN NS dns.big-isp.net.8 IN NS dns.big-isp.net.9 IN NS dns.big-isp.net.10 IN NS dns.big-isp.net.11 IN NS dns.big-isp.net.12 IN NS dns.big-isp.net.13 IN NS dns.big-isp.net.14 IN NS dns.big-isp.net.15 IN NS dns.big-isp.net. 16 IN PTR ns1.cranzgot.co.za.17 IN PTR ftp.cranzgot.co.za.18 IN PTR unused18.cranzgot.co.za.19 IN PTR unused19.cranzgot.co.za.20 IN PTR unused20.cranzgot.co.za.21 IN PTR unused21.cranzgot.co.za.22 IN PTR unused22.cranzgot.co.za.23 IN PTR unused23.cranzgot.co.za. 24 IN NS dns.big-isp.net.25 IN NS dns.big-isp.net.26 IN NS dns.big-isp.net.; and so on... up to 255 |
Authoritative reverse lookups (2):
/var/named/named.160.123.181.44
5 10 |
$TTL 259200@ IN SOA ns1.cranzgot.co.za. dns-admin.ns1.cranzgot.co.za. ( 2000012101 ; Serial number 10800 ; Refresh every 3 hours 3600 ; Retry every hour 3600000 ; Expire after 42 days 259200 ) ; Minimum Time to Live (TTL) of 3 days IN NS ns1.cranzgot.co.za. IN NS ns2.cranzgot.co.za. IN PTR cranzgot.co.za. |
40.2.2 Starting the name server
If you have created a configuration similar to that above, you
can then run the
bind package initialization commands.
The actions available are (alternative commands in parentheses):
5 |
/etc/rc.d/init.d/named start( /etc/init.d/named start )( /etc/init.d/bind start )/etc/rc.d/init.d/named stop/etc/rc.d/init.d/named restart/etc/rc.d/init.d/named status |
You should get messages like:
5 10 15 |
Jul 8 15:45:23 ns1 named[17656]: starting. named 8.2.2-P5 Sat Aug 5 13:21:24 EDT 2000 ^IJul 8 15:45:23 ns1 named[17656]: hint zone "" (IN) loaded (serial 0)Jul 8 15:45:23 ns1 named[17656]: master zone "localhost" (IN) loaded (serial 2000012101)Jul 8 15:45:23 ns1 named[17656]: master zone "1.0.0.127.in-addr.arpa" (IN) loaded (serial Jul 8 15:45:23 ns1 named[17656]: master zone "cranzgot.co.za" (IN) loaded (serial 20000121Jul 8 15:45:23 ns1 named[17656]: master zone "myisp.co.za" (IN) loaded (serial 2000012101)Jul 8 15:45:23 ns1 named[17656]: master zone "2.168.192.in-addr.arpa" (IN) loaded (serial Jul 8 15:45:23 ns1 named[17656]: master zone "144.28.196.in-addr.arpa" (IN) loaded (serialJul 8 15:45:23 ns1 named[17656]: master zone "44.181.123.160.in-addr.arpa" (IN) loaded (seJul 8 15:45:23 ns1 named[17656]: listening on [127.0.0.1].53 (lo)Jul 8 15:45:23 ns1 named[17656]: listening on [196.28.144.16].53 (eth0)Jul 8 15:45:23 ns1 named[17656]: Forwarding source address is [0.0.0.0].1041Jul 8 15:45:23 ns1 named: named startup succeededJul 8 15:45:23 ns1 named[17657]: group = 25Jul 8 15:45:23 ns1 named[17657]: user = namedJul 8 15:45:23 ns1 named[17657]: Ready to answer queries. |
If you have made typing errors, or named files incorrectly,
you will get appropriate error messages. Novice
administrators are wont to edit
named configuration files
and restart
named without checking
/var/log/messages (or
/var/log/syslog)
for errors. NEVER do this.
40.2.3 Configuration in detail
If there are no apparent errors in your config files, you can now more closely examine the contents of the files.
40.2.3.1 Top-level
named.conf
The top-level configuration file
/etc/named.conf
has an obvious C style format. Comments are designated
by
/* */ or
//.
The
options section in our case specifies only one
parameter: the directory for locating any files. The file
options.html under the
bind documentation directories
has a complete list of options. Some of these are esoteric,
but a few have common uses.
The lines
zone "." {...
will be present in all name server configurations. They tell
named that the whole Internet is governed by the
file
named.ca.
named.ca in turn contains the
list of root name servers.
The lines
zone "localdomain" {...
are common.
They specify that forward lookups for host
.localdomain
are contained in the file
/var/named/named.localdomain.
This file gives a correct result for any lookup for
localhost.
Many applications query the name server for this name and
a fastidious configuration ought to return it correctly.
Note that such a lookup works together with
resolv.conf--it
has a line
search localdomain so that a query for
localhost gives the same result as a query for
localhost.localdomain.
The lines
zone "1.0.0.127.in-addr.arpa" {...
resolve reverse lookups for the IP address
127.0.0.1 (stored
in the file
named.127.0.0.1). Note that
1.0.0.127 is
127.0.0.1 written backwards. In fact, reverse lookups
are just forward lookups under the domain
.in-addr.arpa.
Many applications reverse lookup any received connection to check
its authenticity, even from
localhost, so you may want
to have these lines present to prevent such applications failing
or blocking.
The rest of the file is the configuration specific to our domain.
The lines
zone "cranzgot.co.za" {...
say that information for
forward lookups is located in the file
named.cranzgot.co.za.
The lines
zone "1.168.192.in-addr.arpa" {...
say that
information for reverse lookups on the IP address range
192.168.1.0-
255 is located in the file
named.192.168.1.
The lines
zone "44.182.124.160.in-addr.arpa" {...
says that
information for reverse lookups on the IP address
160.124.182.44 is located in the file
named.160.124.182.44.
40.2.3.2 Domain
SOA records
Each of the other
named. files has a similar format. They begin with
$TTL line and then an
@ IN SOA.
TTL stands for
Time To Live, the default expiration time for all subsequent entries.
This line not only prevents a
No default TTL set... warning message,
but really tells the rest of the Internet how long to cache an entry. If
you plan on moving your site soon or often, set this to a smaller
value.
SOA stands for Start of Authority. The host name on the second
line specifies the authority for that domain, and the adjacent
<user>.<hostname> specifies the email address
of the responsible person.
The next few lines contain timeout specifications for cached
data and data propagation across the net. These are reasonable
defaults, but if you would like to tune these values, consult
the relevant documentation listed on page ![[*]](crossref.png)
.
The values are all in seconds.
The serial number for the file (i.e.,
2000012101) is
used to tell when a change has been made and hence that new
data should be propagated to other servers. When updating the
file in any way, you must increment this serial number.
The format is conventionally YYYYMMDDxx--exactly ten digits.
xx begins with, say,
01 and is incremented with each change
made during a day.
It is absolutely essential that the serial number be updated whenever a file is edited. If not, the changes will not be reflected through the rest of the Internet.
40.2.3.3 Dotted and non-dotted host names
If a host name ends in a
. then the dot signifies
a fully qualified host name. If it does not end in a
.
then the absence of a dot signifies that the domain should be
appended to the host name. This feature is purely to make files
more elegant.
For instance, the line
|
ftp IN A 196.28.144.17 |
could just as well be written
|
ftp.cranzgot.co.za. IN A 196.28.144.17 |
Always be careful to properly end qualified host names with a dot,
since failing to do so causes
named to append a further
domain.
40.2.3.4 Empty host names
If a host name is omitted from the start of the line, then the domain is substituted. The purpose of this notation is also for elegance. For example,
|
IN NS ns1.cranzgot.co.za. |
is the same as
|
cranzgot.co.za. IN NS ns1.cranzgot.co.za. |
40.2.3.5
NS,
MX,
PTR,
A, and
CNAME records
Each DNS record appears on a single line, associating some host name / domain or IP address with some other host name or IP address. Hence, it is easy to construct a file that makes the Internet think anything you want it to about your organization.
The most basic types of record are the
A and
PTR
records. They simply associate a host name with an IP number,
or an IP number with a host name, respectively. You should not
have more than one host associated to a particular IP number.
The
CNAME record says that a host is just an alias
to another host. So have
|
ns1 IN A 196.28.144.1mail1 IN CNAME ns1.cranzgot.co.za. |
rather than
|
ns1 IN A 196.28.144.1mail1 IN A 196.28.144.1 |
Finally,
NS and
MX records
|
<domain> IN NS <nameserver><domain> IN MX <mailserver> |
just state that domain
<domain> has a name server or mail server
<nameserver> or
<mailserver>, respectively. MTAs can now
locate your mail server as being responsible for email addresses of the
form user
@cranzgot.co.za.
40.2.3.6 Reverse lookups configuration
The file
/var/named/named.196.28.144 contains reverse
lookup data on all 255 IP addresses under
196.28.144..
It is, however, our ISP (called
big-isp.net) that is responsible
for this address range, possibly having bought all 65536 addresses under
196.28.. The Internet is going to query
big-isp.net when
trying to do a reverse lookup for
196.28.144.?.
The problem here is that there
are many companies comprising the
196.28.144.?
range, each with their own name server, so no single name server
can be authoritative for the whole domain
144.28.196.in-addr.arpa.
This is the reason for lines in
/var/named/named.196.28.144 like
|
5 IN NS dns.big-isp.net. |
IP address
196.28.144.5
is not our responsibility, and hence we refer any such query to a more
authoritative name server. On the ISP side, the name server
dns.big-isp.net
must have a file
/var/named/named.196.28.144 that contains something
like:
5 10 15 20 25 30 35 40 45 |
$TTL 259200@ IN SOA dns.dns.big-isp.net. dns-admin.dns.big-isp.net. ( 2000012101 ; Serial number 10800 ; Refresh every 3 hours 3600 ; Retry every hour 3600000 ; Expire after 42 days 259200 ) ; Minimum Time to Live (TTL) of 3 days IN NS dns.big-isp.net. 0 IN NS ns1.dali.co.za.1 IN NS ns1.dali.co.za.2 IN NS ns1.dali.co.za.3 IN NS ns1.dali.co.za.4 IN NS ns1.dali.co.za.5 IN NS ns1.dali.co.za.6 IN NS ns1.dali.co.za.7 IN NS ns1.dali.co.za. 8 IN NS ns1.picasso.co.za.9 IN NS ns1.picasso.co.za.10 IN NS ns1.picasso.co.za.11 IN NS ns1.picasso.co.za.12 IN NS ns1.picasso.co.za.13 IN NS ns1.picasso.co.za.14 IN NS ns1.picasso.co.za.15 IN NS ns1.picasso.co.za. 16 IN NS ns1.cranzgot.co.za.17 IN NS ns1.cranzgot.co.za.18 IN NS ns1.cranzgot.co.za.19 IN NS ns1.cranzgot.co.za.20 IN NS ns1.cranzgot.co.za.21 IN NS ns1.cranzgot.co.za.22 IN NS ns1.cranzgot.co.za.23 IN NS ns1.cranzgot.co.za. 24 IN NS ns1.matisse.co.za.25 IN NS ns1.matisse.co.za.26 IN NS ns1.matisse.co.za.27 IN NS ns1.matisse.co.za.28 IN NS ns1.matisse.co.za.29 IN NS ns1.matisse.co.za.30 IN NS ns1.matisse.co.za.31 IN NS ns1.matisse.co.za.; and so on... up to 255 |
Here, Matisse, Dali, and Picasso are other companies that have
bought small IP address blocks from
big-isp. Each of
these lines will redirect queries to the appropriate name server.
40.3 Round-Robin Load-Sharing
If you have more than one
A record for a particular machine,
then
named will return multiple IP addresses upon a lookup.
Load sharing between several web servers is now possible--the
record ordering is randomized with each new lookup and your
web browser will only choose the first listed IP address.
For instance,
host cnn.com returns several IP addresses.
Their zone file configuration might look like
5 |
cnn.com. IN A 207.25.71.5cnn.com. IN A 207.25.71.6cnn.com. IN A 207.25.71.29cnn.com. IN A 207.25.71.30 |
40.4 Configuring
named for Dialup Use
If you have a dialup connection, the name server should be
configured as what is called a caching-only name server.
Of course, there is no such thing as a caching-only
name server--the term just means that the
name. files have
only a few essential records in them. The point of a caching
server is to prevent spurious DNS lookups that may eat modem
bandwidth or cause a dial-on-demand server to initiate a
dialout. It also prevents applications blocking, waiting for a
DNS lookup. (Typical examples are
sendmail, which
blocks for a couple of minutes when a machine is turned on
without the network plugged in; and
netscape 4, which tries to look up the IP address of
news.<localdomain>.)
40.4.1 Example caching name server
For a caching name server, the
/etc/name.conf file
should look as follows. Replace
<nameserver> with the IP address of the name server
your ISP has given you. Your local machine name is assumed to
be
cericon.priv.ate. (The following listings are minus
superfluous comments and newlines for brevity):
5 10 |
options { forwarders { <nameserver>; }; directory "/var/named";}; zone "." { type hint; file "named.ca"; };zone "localdomain" { type master; file "named.localdomain"; };zone "1.0.0.127.in-addr.arpa" { type master; file "named.127.0.0.1";};zone "priv.ate" { type master; file "named.priv.ate"; };zone "168.192.in-addr.arpa" { type master; file "named.192.168"; }; |
The
/var/named/named.priv.ate file should look like:
5 |
$TTL 259200@ IN SOA cericon.priv.ate. root.cericon.priv.ate. ( 2000012101 10800 3600 3600000 259200 ) IN NS cericon.priv.ate.cericon IN A 192.168.1.1news IN A 192.168.1.2 |
The
/var/named/named.192.168 file should look like:
5 |
$TTL 259200@ IN SOA localhost. root.localhost. ( 2000012101 10800 3600 3600000 259200 ) IN NS localhost.1.1 IN PTR cericon.priv.ate. |
The remaining files are the same as before. In addition to the above, your host name has to be configured as in Chapter 27.
40.4.2 Dynamic IP addresses
The one contingency of dialup machines is that IP addresses are
often dynamically assigned, so your
192.168. addresses
aren't going to apply. Probably one way to get around this is to
dial in a few times to get a feel for what IP addresses you are
likely to get. Assuming you know that your ISP always gives you
196.26.x
.x, you can have a reverse
lookup file
named.196.26 with nothing in it. This will
just cause reverse lookups to fail instead of blocking.
Such a ``hack'' is probably unnecessary. It is best to identify the particular application that is causing a spurious dialout or causing a block, and then apply your creativity to the particular case.
40.5 Secondary or Slave DNS Servers
named can operate as a backup server to another
server, also called a slave or secondary server.
Like the caching-only server there, is no such thing
as a secondary server. It's just the same
named
running with reduced capacity.
Let's say we would like
ns2.cranzgot.co.za to be a secondary
to
ns1.cranzgot.co.za. The
named.conf file would
look as follows:
5 10 15 20 25 30 35 40 45 50 |
options { directory "/var/named";}; zone "." { type hint; file "named.ca";}; zone "localdomain" { type master; file "named.localdomain";}; zone "1.0.0.127.in-addr.arpa" { type master; file "named.127.0.0.1";}; zone "cranzgot.co.za" { type slave; file "named.cranzgot.co.za"; masters { 196.28.144.16; };}; zone "2.168.192.in-addr.arpa" { type slave; file "named.192.168.2"; masters { 196.28.144.16; };}; zone "144.28.196.in-addr.arpa" { type slave; file "named.196.28.144"; masters { 196.28.144.16; };}; zone "44.181.123.160.in-addr.arpa" { type slave; file "named.160.123.181.44"; masters { 196.28.144.16; };}; |
When an entry has a ``
master'' in it, you must supply
the appropriate file.
When an entry has a ``
slave'' in it,
named will
automatically download the file from
196.28.144.16 (i.e.,
ns1.cranzgot.co.za) the first time a lookup is required
from that domain.
And that's DNS!
Next: 41. Point-to-Point Protocol Up: rute Previous: 39. smbd Contents