Академический Документы
Профессиональный Документы
Культура Документы
2005
DNS
(Domain Name System)
, IP-,
TCP/IP . Berkeley Internet Name Domain (BIND)
named, IP-
( , ). DNS
resolver, DNS
. BIND
, BIND 9 : dig,
nslookup, host, and rndc ( ndc). ,
, ,
DNS .
BIND
BIND 9.3.1.
BIND 9 2000.
BIND 8,
security patches ( 8.4.6), , ,
BIND 9 , .
BIND 4, ,
BIND 4 .
BIND Internet Systems Consortium (ISC; .
). , BIND,
.
BIND 8
BIND 8,
BIND 8 ISC, LPI 202.
Linux-,
man .
,
Linux.
HOWTO Linux Documentation Project (.
). ,
DNS
DNS .
,
.
, ,
, ,
( ,
, ). named
DNS , ,
( , ).
DNS ,
(top-level-domain -- TLD). DNS Wikipedia
(. ) --
.
, (. . 1 ).
DNS
. ,
www.wikipedia.org.
IP
, .
, DNS
(LAN) - (ISP).
- BIND named.
,
, , :
1. DNS
,
gnosis.lan, , bacchus
bacchus.gnosis.lan. ,
search.
DNS . -- ,
0.0.0.0 IP ,
loopback-. , nameserver,
, ( DHCP DNS
). nameserver -. ,
3- (timeout) ,
5 , .
DNS
BIND 9 . -dig, nslookup host -- ,
. ,
DNS resolver.
,
, STDOUT.
dig,
.
IP
,
, "A". , host -t MX
gnosis.cx gnosis.cx.
:
2. host google.com
$ host google.com
google.com has address 72.14.207.99
google.com has address 64.233.187.99
3. host MX gnosis.cx
$ host -t MX gnosis.cx
gnosis.cx mail is handled by 10 mail.gnosis.cx.
nslookup:
4. nslookup , (
)
$ nslookup gnosis.cx
Server:
0.0.0.0
Address:
0.0.0.0#53
Non-authoritative answer:
Name:
gnosis.cx
Address: 64.41.64.172
dig
:
5. dig ,
IN
PTR
;; AUTHORITY SECTION:
187.233.64.in-addr.arpa. 2613
IN SOA
admin.google.com.
2004041601 21600 3600 1038800 86400
;;
;;
;;
;;
ns1.google.com. dns-
BIND 9, , -- rndc,
. ndc,
BIND. rndc
,
. . man
rndc.
BIND
BIND
named DNS :
master, slave caching-only. named
, /etc/bind/named.conf, .
master named
. , ,
, .
DNS -.
slave named , . , , ,
master' slave ,
master, slave caching-only .
slave -
, , slave , -
.
caching-only named .
-
, .
. Caching-only
,
.
/etc/resolv.conf, 1, 0.0.0.0 --
caching-only , 192.168.2.1 -- slave 151.203.0.84 -- master .
, IP
, -IP
, caching-only .
named.conf
,
/etc/bind/named.conf. options,
. zone,
. ,
zone , IP ,
IP , "" .
, , .
named.conf ( BIND)
C .
C- (/* comment */) C++
(// comment), shell (# comment).
.
. /etc/bind/named.conf
:
6. named.conf
include "/etc/bind/named.conf.options";
options:
7. named.conf
options {
directory "/var/bind";
forwarders { 192.168.2.1; 192.168.3.1};
// forward only;
}
, , ,
; , BIND
192.168.2.1 192.168.3.1 . forward
only ( ) ,
, .
zone
named.conf:
8. (Hint zone)
zone "." {
type hint;
file "/etc/bind/db.root";
};
, named master (
):
10.
zone "example.com" {
type master;
file "example.com.hosts"; // file relative to /var/bind
};
// Reverse lookup for 64.41.* IP addresses (backward IP address)
zone "41.64.in-addr.arpa" {
type master;
file "41.64.rev";
};
slave :
11. (slave)
zone "example.com" {
type slave;
file "example.com.hosts"; // file relative to /var/bind
masters { 192.168.2.1; };
};
// Reverse lookup for 64.41.* IP addresses (backward IP address)
zone "41.64.in-addr.arpa" {
type slave;
file "41.64.rev";
masters { 192.168.2.1; };
};
named.conf
file. ,
- , RFC 1033 (Domain
Administrators Operations Guide; . ). :
SOA
Start of authority ( ). , .
NS
Nameserver ( ). .
A
Address (). IP .
PTR
Pointer (). IP .
MX
Mail exchange ( ). .
CNAME
Canonical name ( ). .
TXT
Text (). .
: <name> <time-to-live> IN <type> <data>.
" " (time-to-live) ,
. IN Internet
.
, . , $TTL,
. ,
127.* localhost' :
12.
# cat /etc/bind/db.127
; BIND reverse data file for local loopback interface
;
$TTL
604800
@
IN
SOA
localhost. root.localhost. (
;
@
1.0.0
1
604800
86400
2419200
604800 )
IN
IN
NS
PTR
;
;
;
;
;
Serial
Refresh
Retry
Expire
Negative Cache TTL
localhost.
localhost.
-- $ORIGIN, ,
; $INCLUDE,
; $GENERATE, ,
IP .
DNS
( .rev) --
IP . ,
/var/bind/41.64.rev, :
13. 64.41.*
$TTL 86400
; IP address to hostname
@
IN
SOA
example.com. mail.example.com. (
2001061401 ; Serial
21600
; Refresh
1800
; Retry
604800
; Expire
900 )
; Negative cach TTL
IN
NS
ns1.example.com.
IN
NS
ns2.example.com.
; Define names for 64.41.2.1, 64.41.2.2, etc.
1.2
IN
PTR
foo.example.com.
2.2
IN
PTR
bar.example.com.
3.2
IN
PTR
baz.example.com.
( domain.hosts) --
"A" IP . ,
/var/bind/example.com.hosts, :
14. example.com
$TTL 86400
; Hostname to IP address
@
IN
SOA
example.com. mail.example.com. (
2001061401
; Serial
21600
; Refresh
1800
; Retry
604800
; Expire
900 )
; Negative cach TTL
localhost
foo
www
bar
bar
IN
IN
IN
IN
IN
IN
IN
NS
NS
A
A
CNAME
A
A
ns1.example.com.
ns2.example.com.
127.0.0.1
64.41.2.1
foo.example.com
64.41.2.2
64.41.2.3
DNS
DNS
, BIND chroot jail
. BIND
, BIND .
BIND chroot
"Chroot-BIND HOWTO" (. ).
, BIND
root . "nobody".
BIND "named". , .
, , /chroot/named/,
.
BIND 9 chroot, BIND 8;
Makefile.
DNSSEC
,
BIND,
DNS. DNS Security Extensions (DNSSEC)
DNS, .
DNS UDP , TCP, ,
. ,
DNS ,
. Transactional
Signatures (TSIG) DNS DNSSEC (spoofing)
DNS . BIND 9,
, DNSSEC. , ,
. DNS ,
, -
. , SSH
. :
15. DNSSEC
dnssec-keygen -r /dev/urandom -a HMAC-MD5 -b 128 -n HOST \
primary-secondary.my.dom
# ls Kprimary-secondary.my.dom.*
Kprimary-secondary.my.dom.+157+46713.key
Kprimary-secondary.my.dom.+157+46713.private
, (public)
(private)
. DNSSEC "The Basics of
DNSSEC" O'Reilly Network (. ).