1 / 18

Bind Cinfiguration Examples

Bind Cinfiguration Examples. A Caching-Only Server Appropriate for a subnet that a wants a local server but don’t want to deal with data files. TO be configured: boot file, cache file Cache file Name : /var/domain/root ; /etc/named.ca

perdy
Download Presentation

Bind Cinfiguration Examples

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Bind Cinfiguration Examples • A Caching-Only Server • Appropriate for a subnet that a wants a local server but don’t want to deal with data files. • TO be configured: boot file, cache file • Cache file • Name : /var/domain/root ; /etc/named.ca • Purpose: hold name server and address records for the root servers.

  2. Sample cache file ; Initial cache data for root domain servers 99999999 IN NS NS.ITERNIC.NET 99999999 IN NS TERP.UMD.EDU 99999999 IN NS NS.NASA.GOV 99999999 IN NS AOS.ARL.ARMY.MIL 99999999 IN NS KAVA.NISC.SRI.COM 99999999 IN NS C.NYSER.NET 99999999 IN NS NIC.NORDU.NET 99999999 IN NS NS.NIC.DDN.MIL ;Prime the cache , hotwire the addresses NS.INTERNIC.NET 99999999 IN A 198.41.0.4 TERP.UMD.EDU 99999999 In A 128.8.10.90 ........................................

  3. Primary server • A primary server for a small company • To configure :boot file , cache file , add some data files • sample /etc/named.boot ; Bind 4.9.3 boot file for xor.com directory /var/domain cache . Root.cache primary xor.com xor.hosts Primary 21.108.192/IN-ADDR.ARPA xor.rev Primary 0.0.127.IN-ADDR.ARPA local.rev /var/domain/xor.host: The domain’s forward data .

  4. Primary server(continued) xor.rev : The reverse mappings. local.rev: The reverse local host zone . A Primary Server for a Large site • The DNS is kept in serveral files • The reverse-mapping zones are organized by subnet number . • Configure files: cahce file , boot file. Forward zone : /var/domain/forward/cs more complex ,may include some host work as a router . Reverse zones : /var/domain/reverse Are uaually sorted by the host digit of the IP address. Reverse mapping for the local host address(127.0.0.1) doesn’t change.

  5. Primary server(continued) • Glue Records It is to help the zones connect together to form a coherent hierarchy. List a subdomain’s server as a glue records in the data for the parent zone. Example: a fraction of colorado.edu zone file ;subdomain information cs IN NS ns.cs.colorado.edu. IN NS piper.cs.colorado.edu. IN NS anchor.cs.colorado.edu. ee IN NS ee-gw.ee.colorado.edu. IN NS ns.cs.clolrado.edu

  6. Primary server(continued) ;glue records ns.cs IN A 128.138.243.151 piper.cs IN A 128.138.204.4 anchor.cs IN A 128.138.243.100 ee-gw.ee IN A 128.138.200.1

  7. Updating Zone Files • When to update: • make a chage to a domain. • What to update: • data files on the promary server. • Steps: • modify data files(including forward and reverse zones). • Increment the serial number in the SOA record for the zone and send a hangup signal to named.

  8. Zone Transfers • What is Zone Transfer • a mechanism it synchronize the DNS servers.It maks all the data for a zone is transferred at once. • Steps • Secondary server notices that its data is out of date. • Secondary server wants to refresh its data. • Secondary server requests a zone transfer from the promary server. • Secondary server makes a backup copy of the zone data on disk. • Primary server send the zone data and the secondary server receives it. • The secondary use the new data only after the transfer is completed Zone transfer uses the TCP on port53 and log information via syslog with the tag “named-xfer”

  9. Security issues • Why need Security issues • DNS is an inherently open system. • How to secure • control Zone transfers through the xfrnets directive in the named.boot file . • Build an access list of hosts and networks to secure zones. • Protect network at a lover level through router access control lists and normal security hygiene on each host.

  10. Testing and Debuggging • Debugging aids for named: • command-line debug. • Signals:tell named to adjust the debugging level or to dump its database or statistics • nslookup or dig :verify name lookups • syslog :report error messages . • levels of message: • crit • err • warning • notice • info

  11. Testing and Debuggging • Debug • Debug levels: indicated by integers from 0 to 11, the higher the number the more verbose the output • Debugging information is written to the file /var/temp/named.run • Signals for named • named listens for the following signals: Signal Function • usr1 increments debug lever by 1 • usr2 terns off debugging • int dumps database to named_dump.db • iot/abrt dumps statistics to named.stats

  12. Testing and Debuggging • Hup reloads boot file and database files • kill kills named, must restart by hand(flushes cache) • winch toggles tracing of incoming queries(bind4.9). • Debugging with nslookup and dig • Nslookup: a user level command that queries the DNS database. • Dig(domain information groper):similar as nslookup, but have a nicer user interface. • Lame delegations • How it results: if the domain is never used or the name servers is changed without updating the parent domain’s glue records. • Lame delegation has bad effects.

  13. Host Management Tools • The task of Host management tools: to manage the DNS database files and other data files over a whole naming domain. • Addhost • includes: addhosted, ineted. • the add host database includes : • Name server data • Invertory data • Responsible person/department.

  14. DNS for systems not on the Internet • For whom • a small company that is not yet on the Internet or an organization that hide its local structure behind a firewall. • Setup • cache file shuld point to local name servers. Not to the root servers of the Internet • need to get a registered domain name and legitimate IP addresses.

  15. Versions of BIND • Versions: • BIND4.9.3. • UTBIND: based onBIND4.8.3, by University of Tornto. • Other various patched version for SUNOS that coexsit with NIS

  16. Specifics for various Operating systems • The difference of BIND for different OS • Configuration files • the release of BIND that is based on • How to intergrate BIND with other sources of administrative data. • Solaris’s BIND: • based on BIND version 4.8.3 • HP-UX’s BiND • based on BIND 4.8.3

  17. Specifics for various Operating systems • IRIX’s BIND: • based on BIND 4.8.3 • SUNOS’s BIND: • based on BIND4.8.1 • OSF/1’s BIND • based on BIND 4.9

  18. Recommended supplemental Reading • Books on Internet topic in the O’Reilly Nutshell series. • Public mailing list for DNS and BIND issues bind-request@uunet.uu.net • “name server oerations Guide for BIND” in UNIX systerm Managers Manual, Usenix Assocaiton, 1994

More Related