DNS I BIND - Li, Krikiet & Al'Bitts, Pol - 17640

DNS
O'REILLY*
BIND

DNS BIND

-
2008
DNS BIND, 5-
.

.
.
.
.
.
.
., .
DNS BIND, 5- . - . . - .: -, 2008. - 712 .,
.
ISBN-10: 5-93286-105-3
ISBN-13: 978-5-93286-105-9
DNS BIND .
,
,
DNS. BIND 9.3.2
( BIND 9) BIND 8.4.7. BIND 9.3.2
IPv6,
, ENUM, SPF ,
.
: DNS;
; ;
MX- ;
DNS; ; DNS; DNS (DNSSEC)
(TSIG); DNS-;
, ,
; (nslookup dig, );
DNS-.
ISBN-10: 5-93286-105-3
ISBN-13:978-5-93286-105-9
ISBN 0-596-10057-4 ()
-, 2008
Authorized translation of the English edition 2006 O'Reilly Media, Inc. This transla
tion is published and sold by permission of O'Reilly Media, Inc., the owner of all rights
to publish and sell the same.
,
.
, , .
-. 199034, -, 16 , 7,
. (812) 324-5353, www.symbol.ru. N 000054 25.12.98.
-
005-93, 2; 953000 - .
28.01.2008. 70100 /16 . .
44,5 . . 2000 . N

199034, -, 9 , 12.
1
1.
9
22
()
22
23
26
BIND
31
DNS?
32
2. DNS
34
34
41
45
DNS-
DNS
46
51
52
60
3. ?
63
B I N D

4. BIND
63
68
81
82
82
B I N D
95
97
101
104
DNS-
105
DNS-
112
120
121
5. DNS
122
MX-
123
m o v i e . e d u
126
-, ?
126
MX-
128
DNS
131
6.
136
DNS-
136
DNS-
137
DNS-
150
153
158
DNS- W i n d o w s X P
159
7. BIND
DNS-
166
166
177
186
190
log-
191
202
8.
DNS-?
DNS-
224
224
233
DNS-
238
TTL
241
245
249
9.

252
253
253
254
256
in-addr.arpa

267
272
276
279
10.

280
280
D N S :
282
DNS NOTIFY ( )
290
( I X F R )
296
300
R o u n d R o b i n :
304
307
DNS-
311
D N S - :
313
DNS-
314
DNS-
315
316
327
I P v 6
329
330
11.
344
TSIG
345
DNS-
DNS
351
365
DNS
391
12. nslookup dig
422
nslookup?
423
424
425
429
429
433
nslookup
440

dig
445
446
13. BIND
452
452
456

DNS-
( B I N D 8)
457
471
DNS-
( B I N D 9)
472
473
14. DNS BIND

NIS?
474
474
475
478
508
509
TSIG

514
515
15.
DNS-

nslookup
C
DNS-
Perl
Net::DNS
16.
522
522
529
557
561
DNS-
562
565
DNS
568
569
DNS BIND
570
17.
571
C N A M E -
571
M X -
576
577
578
584
R R -
586
ENUM
591

DNS W I N S
596
598
DNS, Windows, Active Directory
600
A. DNS RR-
608
B. BIND
628
C. BIND Linux-
630
D.
635
E. DNS- BIND
640
682

,
( D o m a i n N a m e S y s t e m ) , , ,
. ,
W o r l d W i d e W e b , D N S -
.
, ,

. 3 2 ,
.
,
, ,
.
.
?
.
1 0 -.
1
.
D N S ,
, - ,
. , D N S
,
.
D N S ,
,
, (, ssh),
, f t p , , , -,
Microsoft Internet Explorer.
D N S
.

, .
.
, D N S
. IP- 6 128 , 0 39-.
-
.
, , ,
DNS-.
, ,
DNS- .
D N S ,

.
D N S -
.
, D N S . ,

,
.
, D N S ,
, -
.
,
,
, Usenet.
,
- ,
,
,
.
,
.
- . ,

D N S .
DNS-:
,
. D N S
.
,
,
,
.
.
D N S - , ,
, ;
, .

,

.
, ,
.
, DNS,

B I N D , B e r k e l e y I n t e r n e t N a m e D o m a i n ,
( )
D N S .
B I N D . (
,
; , ) .
, ,
; P e r l
.
, D N S
B I N D , , ,
, ,
D N S B I N D .
BIND - 9.3.2
8 . 4 . 7 , B I N D 8 9 . ,
9 . 3 . 2 8 . 4 . 7
,
U N I X - - ,
,
.
B I N D ,
, ,
, UNIX-.
8.4.7 9.3.2
, ,
B I N D .

D N S - nslookup. nslookup B I N D
9 . 3 . 2 . nslookup

( ) nslookup 9 . 3 . 2 .
,
nslookup;
, ,
.
?
,
B I N D ; :
S P F ( S e n d e r P o l i c y F r a m e w o r k ) - 5.

N O T I F Y ,
(signed dynamic updates), BIND 9
update-policy
- 10.
- 1 0 .
, (condi
tional f o r w a r d i n g ) , - 10.

IPv6 A A A A ip6.arpa 10.
- (transaction signatures,
TSIG) - 1 1 .

D N S - - 1 1 .

- 1 1 .
D N S ,
(DNS Security Extensions DNSSECbis),
, -
11 .
16
DNS .
17 E N U M ,
E.164 URI-.
Unicode (IDN,
Internationalized Domain Names) 17.
, Active Directory
B I N D , - 17.

.
1 2 . 3
6 ,
,
. , 7 1 1 ,
,
D N S - , ,
. , 1 2 1 6
,
,
D N S - . 16
.
:
1
,
, DNS,
.
2 D N S

DNS, DNS,
, D N S - .
, .
3 ?
B I N D ,
, ,
, ,
.
4 BIND
, DNS- B I N D , ,
.
5 D N S
D N S M X ,
,
.

, - ,
.
S e n d e r P o l i c y F r a m e w o r k ,
D N S
.
6
,
(resolver)
B I N D , ,
W i n d o w s .
7 BIND
,
,
, D N S , .
8
,
, ,
.
9
, . ,
( ),
, (!) .
10
,
,
DNS- .
11
DNS- , - ,
DNS, :
D N S S e c u r i t y E x t e n s i o n s ( T r a n s a c t i o n Sig
natures).
12 n s l o o k u p d i g
DNS
DNS-.
13 B I N D
B I N D .
,
B I N D , , ,
, DNS-.
1
14 D N S B I N D

, DNS BIND,
- ,
1799 . - . 1822 .
. . .
, ,
.
1 5
,
BIND DNS-
C P e r l .
( ) ,
DNS- .
16
DNS,
DNS-, , DNS.
17
.
( w i l d c a r d s ) D N S ,
, ,
, ENUM
IDN, Active Directory.
A DNS RR-
,
D N S ,
RR- (resource records).
B BIND

BIND.
C B I N D L i n u x -
B I N D 9 . 3 . 2 Li
nux.
D

.
E DNS- BIND

.

,
DNS-, ,
,
.
, , ,
, .
,
.
1 2 ,
D N S , 3 -
, 4 5 -
, . 6
, DNS-.
7, ,
, . 1 2 14
,
.
6, ,
D N S - , 7,
, . 8
,
, ,
. 9 ,
, ,
,
,
. 10
B I N D 9 . 3 . 2 8 . 4 . 7 . 11
DNS-,
. 12 14
,
;
. 16
.
5,
, 11 1 7 ,
DNS.
DNS 1 2,
15,
BIND.
1 2 DNS,
1 2 , nslookup dig,
1 4 ,
.
1 2 D N S , 5,
, D N S ,
1 2 , nslookup dig;

.
1 2 D N S ,
!
,
U N I X - , T C P / I P ,

Perl.
.
.
U N I X ( ) ,
.

- , ,
F T P :
1
ftp://ftp.uu.net/published/oreilly
nutshell/dnsbind/dns.tar.Z
ftp://ftp.oreilly.com/published/oreilly/nutshell/dnsbind/
:
% zcat dns.tar.Z | tar xf -
System V
:
tar--
% zcat dns.tar.Z | tar xof -
zcat ,
uncompress
tar.

,
http://examples.oreilly.com/dns5.
, ftpmail.

ftpmail,

ftpmail@online.oreilly.com.

;
- h e l p .

, ,
:
O'Reilly Media, Inc.
1005 Gravenstein Highway North
Sebastopol, CA 95472
8 0 0 9 9 8 - 9 9 3 8 ( )
707 829-0515 (/)
707 829-0104 ()
O ' R e i l l y - ,
,
.
:
http://www.oreilly.com/catalog/dns5
,
, , :
bookquestions@oreilly.com
- O ' R e i l l y
, , ,
O'Reilly (O'Reilly Network):
http://www.oreilly.com

, UNIX:

:
if test -x /usr/sbin/named -a -f /etc/named.con
then
/usr/sbin/named
fi
,
, -
,
:
% cat /var/run/named.pid
78
(
, r o o t ) ,
( # ) :
# /usr/sbin/named
, , , ,
U N I X , W i n d o w s , URL-,
,
.
, .

. ,
.
, ,
. ,
,
, .
- O ' R e i l l y .
, ,
. ,

.
, ,
, .
, , ISBN. :
D N S and B I N D , Fifth Edition, by Cricket Liu and Paul A l b i t z . Copyright
2006 O'Reilly Media, Inc., 0-596-10057-4.
, ,
,
(fair use),
permissions@oreilly.com.
Safari Enabled
S a f a r i E n a b l e d , ,
O'Reilly Network Safari Bookshelf
(Safari, O'Reilly.)
S a f a r i , .
,
, ,
,
.

http://safari.oreilly.com.

Millenium Fulcrum
(Project Gutenberg)
1.7 . 1, 2 ,
, 3, 4, 7, 9 - 1 3 ,
.
2.9

5, 6, 8 1 4
1 5 - 1 7 -
(Ken Stone),
- (Jerry McCollom), (Peter Jeffe),
(Hal Stern), (Christopher D u r h a m ) ,
(Bill W i s n e r ) , ( D a v e C u r r y ) ,
( J e f f O k a m o t o ) , ( B r a d K n o w l e s ) , ( K . Ro
b e r t E l z ) , ( P a u l V i x i e )
.
(Eric Pearce), (Jack R e p e n n i n g ) ,
( A n d r e w Cherenson), (Dan Trinkle),
(Bill L e F e b v r e ) ( J o h n S e c h r e s t )
.
( ! ) .

: (Dave Barr),
(Nigel Campbell), , (Mike
Milligan) .
(.:, ,
1992). - . .

: ( B o b H a l l e y ) , (Bar
ry Margolin) .
( K e v i n D u n l a p ) , ( E d w a r d L e w i s )
(Brian W e l l i n g t o n ) , .

: (Joao Damas),
( M a t t L a r s o n ) ( P a u l V i x i e ) ,
( S i l v i a H a g e n ) I P v 6 .

( R i c k N o r d e n s t e n ) ,
,
; ,
,
,
, , .
,
(Regin a K e r s h n e r ) ( P a u l K l o u d a )
.

(Matt Larson), A c m e Razor;

- , . (Wal
t e r B ) , ,
. ,
, ( B a b y G . ) ,
I n f o b l o x
, .
,
,
,
.
.
- , ? - .
- , - , , .
- !
D N S , A R P A n e t .
DNS
, , A R P A n e t ,
.
, ,
. , ,
, DNS.
()

(Department of Defense's A d v a n c e d Research A g e n c y ,
A R P A ) - D A R P A -
ARPAnet,
,
.

.
A R P A n e t
: ,
(
), ,
.
T C P / I P ( T r a n s m i s s i o n C o n t r o l P r o t o c o l / I n t e r n e t Pro
tocol)

A R P A n e t .
B S D U N I X ,
,
. B S D U N I X
. ARPA
net
, A R P A n e t .
, A R P A n e t ,
,
A R P A n e t .
.
A R P A n e t
, T C P / I P .

.
1988 D A R P A ,
.
A R P A n e t .
,
(National Science Foundation) NSFNET.
1 9 9 5
, N S F N E T ;
,
, S B C S p r i n t ,
, MFS UUNET.
.
-PC .

, ,
-
A R P A n e t .
.
-
-.
:
, .
.
, A R P A n e t ,
, T C P / I P - ,
.
T C P / I P ,
, T C P / I P - .
.
- ,
,
.

T C P / I P . , ,
-.
intranet,
, T C P / I P
, ,
, .
, extranet-
- - ,
,
.

A R P A n e t
. ,

A R P A n e t , HOSTS.TXT.
U N I X - , /etc/hosts,

HOSTS.TXT
(
UNIX- ).
HOSTS.TXT
(NIC,
N e t w o r k I n f o r m a t i o n C e n t e r )
( S R I , S t a n f o r d R e s e a r c h I n s i t u t e ) .
, , SRI-NIC.
A R P A n e t , ,
N I C
HOSTS.TXT
S R I - N I C F T P .
HOSTS.TXT
. A R P A n e t
.
A R P A n e t . ,
:

HOSTS.TXT,

SRI-NIC.
1
SRI International
, (); ,
.
A R P A n e t T C P / I P
.
HOSTS.TXT:
S R I - N I C
, , .
, HOSTS.TXT,

. NIC
, ,
.
,
. ,
,
,
A R P A n e t .

. ,
HOSTS.TXT

A R P A n e t ,
.
,
HOSTS.TXT
. , A R P A n e t

HOSTS.TXT.
A R P A n e t ,
HOSTS.TXT.

, ,
.
, .

, .

.
,
.

,
( I n f o r m a t i o n S c i e n c e s I n s t i t u t e ) . 1 9 8 4 R F C
882 883, (Domain
N a m e S y s t e m , D N S ) . R F C -
RFC 1034 1035,
DNS. RFC 1034 1035

,
D N S
, ,
, DNS-, .
1

D N S -
.
,

-.

.
- D N S
, DNS-
(name servers,
- ) . D N S - c
,

(resolvers).
, DNS - ,
.
2
DNS
U N I X (. 1.1). ( )
, ( )
.
,

( , bin). , ,
( " " ) .
(.). U N I X
(/).
.
( ) -
U N I X ,
. RFC (Request for Comments, )

. RFC-
,
.
,
D N S , DNS-, -
. - . .
DNS
Unix
I
. 1.1. DNS
UNIX
, D N S ,
- . ,
,
.
, , .
,

. D N S - ,
, ;
. U N I X
- ,
(
, D N S ;
. 1.2),
( ) .
D N S ,

. , E D U C A U S E
edu (educational,
) ,
berkeley.edu

( . 1.3).
:
, -
. 1.2. DNS
UNIX
. ,
winken ( . 1.3) ,

/usr/nfs/winken.
berkeley.edu
-
. berkeley.edu
edu ,
berkeley.edu.
, edu
, edu,
, , , berkeley.edu.
berkeley.edu
cs.berkeley.edu,

,
berkeley.edu

. cs.berkeley.edu

, berkeley.edu
,
cs.berkeley.edu
( . 1.4).
DNS.
DNS .
. -
. 1.3.
.
,
.
,
( . 1.5).
IP-,
.

, -
.,
. 1.4. edu, berkeley.edu
cs.berkeley.edu
( , )
. . 1.5
mailhub.nv... -
rincon.ba.ca...
? ,
HOSTS.TXT.
,
.
, ,
. 1.5.
DNS,
. 1.6.
, ,
, . ,
,
,
. , ,
hic.com, puella ( . 1 . 6 ) ,
,
hic.com.
BIND
JEEVES
(Paul Mockapetris).
B I N D , Berke
ley Internet
Name Domain,

4.3 BSD U N I X () .
B I N D Internet Sys
tems Consortium.
1
B I N D ,
B I N D
D N S .
U N I X
U N I X . B I N D
Microsoft W i n d o w s NT, W i n d o w s 2000 W i n d o w s Server 2003.
Internet Systems Consortium

BIND http://www.isc.org/sw/bind/.
DNS?
D N S , ,
. D N S
,
. ,
DNS-,
. , ,
, D N S - .
,
:

...
...DNS . D N S
:
, W e b , ,
, DNS.
, ,

.

( - 3 ? ) - ,
. ,

. ,
.
, , ,
.
,
. !
-
TCP/IP...
. D N S , , . -
E t h e r n e t
, T C P / I P
( , ) ,
,
Ethernet-, .
-
D N S ( ,
T C P / I P ) , , .
,
U N I X , D N S .
-
...
. ,
D N S . W i n d o w s
I n t e r n e t N a m e S e r v i c e ( W I N S ) M i c r o s o f t , N e t
w o r k I n f o r m a t i o n S e r v i c e ( N I S ) S u n .
,
,
DNS .
, -
,
.
2
DNS
- , - , , ?
- , , ,
. ,
: , ,
, .
, , D N S ,
.
D N S ,
- .

DNS.
,
.
,
( -
DNS).
- ,
.
.

.
,
. ,
. 2 . 1 , U N I X . -
. U N I X

(/). DNS ( r o o t ) .
, D N S
, .
1 2 7 ( , -
).
1
. 2.1.
DNS

,
63 ,
. ( )
.
-
.
( ) ,
.

, , : www.oreill y . c o m . . ( -
. )

(.).
, , .
, , .

.

,
FQDN (fully qualified domain name).

( ) ,
, / ( ) ,
.
DNS , , ,
. ,

.
,
, .
U N I X :

. hobbes.pa.ca.us

, /usr/bin
( . 2 . 2 ) . hobbes.pa.ca.us hobbes.lg.ca.us
- ,
/bin /usr/bin.
- .
.
, , purdue.edu

purdue.edu
(. 2.3).
/usr
/usr ( . 2 . 4 ) .
.
,
. ,
pa.ca.us ca.us
us ( 2 . 5 ) .
-
.
, ? - - , ?
, , ,
. ,
D N S . - ,
.
, .
,
-
DNS
. 2.2.

UNIX
punfue.edu
. 2.3.
purdue.edu
/usr
/usr
. 2.4. /usr
, - ,
. ,
, ,
- .
: D N S
N I S , N e t w o r k I n f o r m a t i o n S e r v i c e S u n . ,
NIS - ,
, .
N I S ,
: , N I S ,
,
N I S
NIS. NT,
us
..
. 2.5. ,
,
DNS. Active Directory
D N S . 17 .
, , ,
,
.
,
.
.
( ),
. , hp.com
H e w l e t t - P a c k a r d , ,
- Hewlett-Packard.
, ,
.
- hp.com
, ssh-
( . 2.6, , IP-
hp.com).
,
.
1
,
, - .
. ,
la.tyrell.com
tyrell.com,
-
/-/ip.i
. 2.6. ,
,
DNS
. :
,
.
la.tyrell.com
tyrell.com.

com,
tyrell.com.

,
. Usenet
.

:

(
).

. .
( R R s , r e s o u r c e r e c o r d s ) . ,
.
- (
T C P / I P ) , C h a o s n e t ,
,
H e s i o d . ( C h a o s n e t - ,
).
1
-
. ( , -
Chaosnet, Hesiod

- M I T ) . - .
,
, .
,
. ,
.
,
R R - , .
, :
- RR-, R R .
. .
. R R - 4,
A .

, ,
- ( ) - ,
.
,
.
,
,
.
,
, . ,

A Z , (
).

.
,
( ,
, ) .
. .

:
com
, Hewlett-Packard
S u n M i c r o s y s t e m s (sun.com) I B M
(ibm.com).
(hp.com),
edu
,
(berkeley.edu)

(purdue.edu).
gov
, N A S A (nasa.gov)

(nsf.gov).
mil
, (army.mil)
.
(navy.mil)
net
,
, N S F N E T (nsf.net)
U U N E T (uu.net).
1996
net, com,
.
org
,
( E l e c t r o n i c F r o n t i e r F o u n d a t i o n ) (eff.org).

net, 1996 .
int
, NATO
(nato.int).
, arpa
A R P A n e t
. A R P A n e t
, arpa,
.
. arpa
, , .

:
. - , - ,
A R P A n e t - ,
. ,
A R P A n e t
.

( g e n e r i c t o p - l e v e l d o m a i n s , g T L D s ) .
,
.

, ,
,
.
,
.
( ) .

ISO 3 1 6 6 . ISO 3 1 6 6
.
D.
1

2 0 0 0 ,
- Internet Corporation f o r Assigned
Names and Numbers ( I C A N N ) , -
,
.
, com,
net org, , gov mil,
(
) . I C A N N

(sTLDs, sponsored
top-level domains),

-
(unsponsored
gTLDs).

, , - ,

ICANN.
:
aero
; .
biz
.
coop
; .
info
.
museum
; .
name
; .
pro
; .
, 2 0 0 5 , I C A N N
: jobs,
, travel - .
,
cat - - , mobi -
. ISO 3166

gb.
( )
uk. .
, post - .
mobi. I C A N N

http://www.icann.org.

.
, ISO 3 1 6 6 ,
.
, , au, , edu.au com.au. ISO 3 1 6 6
uk
, co.uk, ,
ac.uk - .

.
us.
us 5 0 , (
! ) .
,
.
,
:
.
.
1
, ,
2 0 0 2 , us
, N e u s t a r . us
com net .

,
, , ,
.
:
lithium.cchem.berkeley.edu
, , berkeley.edu - . (
, , ,
, , us :
( ), . .
e d u . ) cchem -
berkeley.edu,
. , lithium ( ) , ,
, ,
.
winnie.corp.hp.com
, . hp.com,
, Hewlett-Packard (,
) . corp, ,
- . winnie - ,
.
fernwood.mpk.ca.us

us. ca.us, , mpk
. ,
- , -
. ( , - , , -.)
daphne.ch.apollo.hp.com
,
,
. apollo.hp.com
- Apollo
C o m p u t e r , hp.com.
( HP
A p o l l o , -
A p o l l o , apollo.com,

apollo.hp.com.)
ch.apollo.hp.com
- A p o l l o (
) . daphne - .
, ,

? .
.

.
, ,
,

- . ,
,
. ,
, ,
, .
-
mil
. 2.7. stanford.edu
. , stanford.edu
,
(. 2.7.)
,
.
, ,
. , A c m e (
)
, -
,
rockaway.acme.
com kalamazoo.acme.com.
,
A c m e ,
acme.com,
- .
1
, .
,

.
DNS-
, ,
DNS-.
DNS-
( )
, ACME Co. - Bugs Bunny

& Roadrunner; . acme.com
,
UNIX-. - . .
. 2.8. edu
. ,

. DNS-
.
, .
,
berkeley.edu
hp.com, ,
. .
edu ( . 2 . 8 ) ,
berkeley.edu,
purdue.edu
nwu.edu.
edu. , , edu,
edu :
berkeley.edu.

berkeley.edu
. , edu?
edu,
, edu.
berkeley.edu,
,
(. 2.9).
cc, cs, ce, me . .
,
berkeley.edu.

DNS-.
,
, ,
. , ca ( ) -
cc.bertefey.edu
ce.bericefey.edu
cs.beitefey.edu
. 2.9. berkeley.edu
me.beitefey.edu
ab.ca, on.ca qc.ca,

, .
ab.ca, on.ca qc.ca
. ca
ca, ab.ca, on.ca qc.ca.
ca ca ( . 2 . 1 0 ) , ,
. 2.10. ca...
, .
ab.ca, on.ca qc.ca ca .
,
. , bc.ca sk.ca (
) ca ,
. ( ,
,
, ca,

. ) ca
, bc.ca sk.ca, ca ( . 2 . 1 1 ) .
qc.ca
. 2.11. ... ca
, , DNS- , , :
, .
, .
,
.
1
. , ,
.
, ,
: !

.
- .
D N S -
(
- ).

,
, .
, DNS-
, D N S - ,
.
DNS-
DNS DNS-:
- (primary master) ,
- ( s e c o n d a r y m a s t e r ) .
-
- .
-
D N S - ,

(master
server).
-
, : -
.
,
.
,

(zone transfer).

-
slave (,
) ,
(
, , M i c r o s o f t D N S )
.
1
, -
.
, ( s l a v e )
. D N S
.

DNS- .
D N S - ,
- .
, . . . - . .

.
,
DNS- -
. ,
, , ,
DNS-.

.

DNS-
. ,
. DNS -
.
, .
,
, ,
, .

, DNS-
, , ,
. .
DNS- .
,

.

.
, ,
D N S -
.
RR-, . RR-
. B I N D

#include
C.
DNS
DNS (resolvers) DNS- . ,
, DNS-, :
DNS-
(RR-
)
BIND - ,
, ssh ftp. -
. D N S : , ,
, , ;
, . ,
, .
D N S
(stub
resolver).
DNS
, ,
D N S - ,
.

DNS-
. ,
DNS-.
,
,
, , .

.
,
,
: D N S - (
, ? ) .
D N S -
,
.
DNS-
DNS- . (
D N S -
. )
, , ,
DNS-,
, . DNS-

, . -
,
, .
, ,
. DNS (
, , ),
.
D N S - .
D N S .
D N S -
.
, (
) ,
.
PSINet, ,
N A S A , , .
1
,
; ,
, .
D N S -
,
.
,
. . 2.12
,
.
D N S - girigiri.gbrmpa.gov.au

DNS- au.
, D N S -
a u , gov.au. D N S - gov.au
D N S - gbrmpa.gov.au.
,
D N S - D N S - gbrmpa.gov.au

.
, , ,
DNS- . ,
,
- , D N S - . 13 DNS-
.
IP-,

.
girigiri.gbnnpa.gov.au

DNS-
DNS-

girigiri.gbrmpa.gw.au
DNS

DNS- gm.au
DNS-
gbrmpa.gov.au

g/rig/ri.gbrmpa.gcv.a
ips

gbrmpa
DNS
. 2.12.
girigiri.gbrmpa.gov.au

. D N S - - ,
, - ,
.
D N S -
?
. ,
- ? :

. :

( ).

D N S - . ,

, -
D N S -
. D N S -
(
) , ,
.
, -
DNS-
.

.
( )
, ,
.
DNS-, .
1
D N S - , ,
,
.
,
D N S - ( ) ,
, D N S - ,
.

, , .
2
D N S - , ,
,
. - ,
,
, . ,
girigiri.gbrmpa.gov.au,
,
, , ,
girigiri.gbrmpa.gov.au,
, ,
.
D N S - gbrmpa.gov.au,
gov.au a u .
,
DNS-
.
D N S -
. DNS berkeley.edu
waxwing.ce.berkeley.edu,
,

D N S - ce.berkeley.edu.
, DNS- BIND
,
; 11.
DNS-, ,
, ,
DNS-. (forwarder).
10.

ce.berkeley.edu,
,
ce.berkeley.edu
( berkeley.edu);

.
D N S , D N S - ,
,
.
waxwing.ce.berkeley.edu

D N S - ce.berkeley.edu
berkeley.edu,
,
.
: D N S - ce.berkeley.edu

( ce.berkeley.edu
berkeley.edu).
, edu
berkeley.edu
waxwing.ce.berkeley.edu.

D N S - berkeley.edu
ce.berkeley.edu

.

D N S -
.

.
. ,
, ( ,
) .
,
DNS-,
, ,

. , ,
, D N S -
.
DNS-
( ) , ,
: ,
, DNS- ?
, 13 D N S - .
D N S - ?
?
1
, , IQ
2 % . 1946 .
(Roland Berrill) (Lance Ware),
. - . .
D N S - B I N D ,
(roundtrip
time, R T T ) , D N S . ,
.
D N S - B I N D
. ,
.
,
.
B I N D
,
, , ,
. , D N S - B I N D

,
.
, , ,
D N S - B I N D
D N S - , ,
.

,
, . 2 . 1 3 .
D N S - D N S - ,
.

, ,
.
,
.
DNS- ,
, R T T
D N S - ,
,
.

, -
. -
, ( ,
l o g - ) . .
, U N I X -
DNS-

DNS-,

DNS-, D
DNS
. 2.13.
.rhosts hosts.equiv.

.
.
. DNS
. , ,
, .
, - .
, , ,
.
, .
,
,
,
.

in-addr.arpa.
in-addr.arpa

IP- (dotted octet representation - ,
, - 32- IP-
, 0 255
) . , in-addr.arpa
256 ,
. 2.14.
in-addr.arpa
IP-.
256 ,
.
, R R - ,
,
I P - .
: in-addr.arpa,
. 2 . 1 4 ,
, I P - .
, I P -
, .
, I P - winnie.corp.hp.com
- 15.16.192.152,
in-addr.arpa
152.192.16.15.in-addr.arpa,
winnie.corp.hp.com.
IP-
, I P -
in-addr.arpa.
IP-
. IP-, ,
. ,
,

. , IP-
. 2.15.
winnie . corp. hp. com

152
.192 .16.15
, . . 2 . 1 5 .
, I P - ,

in-addr.arpa . 15.inaddr.arpa,

, 15:
1 5 / 8 .
, .
I P - ( ) ,
^.inaddr.arpa , I P -
1 5 , .

.
. ,
, .
, D N S -
.

. , DNS- ,
, - ,
.
,
,
. B I N D
: ,
,
.
DNS- ,
. D N S -
, - ,
. ,
, -
DNS-
DNS-
berkeley.edu
1)
baobab.cs.ber/ce/ey.edu
FnG
baobab.cs.ber/ce/ey.edu
baobab.cs.bertetey.edu
. 2.16.
DNS-
cs.berkeley.edu
baobab.cs.berkeley.edu
. DNS- , , ,
DNS-,
,
.
, DNS-
eecs.berkeley.edu.
DNS-
eecs.berkeley.edu
berkeley.edu
( I P - eecs.berkeley.edu).
DNS- ,
baobab.cs.berkeley.edu,

DNS-.
berkeley.edu
baobab.cs.berkeley.edu,

- , DNS-
berkeley.edu
(. 2.16). , DNS-
, eecs.berkeley.edu
,
.
,
D N S -
, .
.

, D N S - .

.
. ,
,
(time to live, T T L ) . - ,
DNS- .

D N S - .
, ,
D N S - .
,

. TTL
, ,

.
, D N S -
,
.
, T T L ,
,
. ,
D N S -

DNS-.
- , ,
. ,
, ,
.
3
?
- ? - .
.
- ! - .
: - ...
- , - . -
...
, .
- , ? - .
- ...
- , - . -
...
, D N S ,
. ,
BIND. ,
U N I X .

.
B I N D , ,
, ,
.
,
.
. , B I N D .
BIND
DNS-
B I N D .
- ,
. , DNS--

DNS-.
UNIX- BIND
T C P / I P - ,
, B I N D
. ,
, , -
B I N D , , .
B I N D
U N I X - ,
, . ,
.
B I N D ( B I N D 8.4.7
9.3.2) FTP-
I n t e r n e t S o f t w a r e C o n s o r t i u m ftp.isc.org;

/isc/bind/src/8.4.7/bind-src.tar.gz
/isc/bind9/9.3.2/bind-9.3.2.tar.gz
.
U N I X - - . ISC
U N I X - ,
B I N D , src/INSTALL
(
B I N D 8) R E A D M E ( B I N D 9 ) : L i n u x , U N I X
W i n d o w s . U N I X - (
U N I X ) ( - M P E ? ) ,
BIND
.
, ,

.
B I N D 8 . 4 . 7 9 . 3 . 2 L i n u x C;
.
1
- , ,
B I N D , ,
,
B I N D ? , ?
:

B I N D ,
. BIND 8.4.7 9.1.0
BIND 9 ( 9.1.0)
,
pthreads,
. BIND 9.1.0 pthreads
configure
--disable-threads.
, B I N D 4 . 9 . 8 -
. BIND ,
. DNS-
, BIND 9 . 3 . 2 ,
- B I N D 8 . 4 . 7 ,
.
B I N D 8 9
, , .
B I N D 9 ,
.
D N S - , ,
- ,
,
.
1 1 .
DNS
UPDATE
BIND 8 9
(Dynamic Update), RFC 2 1 3 6 .

,
. ( B I N D
. )
B I N D 9
, B I N D 8.
1 0 .
B I N D 8 ( , 8 . 4 . 7 ) B I N D 9
,
D N S -
.
;
, . ,
B I N D 9 , B I N D 8.

, B I N D 8 9, ,
,
.
Usenet
, B I N D
U N I X - ,
,
B I N D (bind-users@isc.org)
-
U s e n e t (comp.protocols.dns.bind).
,
BIND
,
, BIND.
, B I N D
,
,
http://www.isc.org/index.pl?/ops/lists.
- I S C ,
B I N D (http://www.isc.org/sw/bind),

,
.
1
, , namedroppers.
,
namedroppers, I E T F ,
D N S ,
D N S E X T . , , DNS,
, namedroppers,

BIND.
D N S E X T
http://www.ietf.org/html.charters/dnsextcharter.html.
namedroppers
- namedroppers@ops.ietf.org,

comp.protocols.
dns.std. namedroppers,

namedroppers-request@ops.ietf.org,
subscribe namedroppers.
IP-
, ,
F T P - ,
,
. D N S :

D N S . ,
: ,
, D N S ,
,
.
, .

: .
list-request@domain,
list@domain - . ,
BIND
bind-users-request@isc.org.
,
DNS.
, IP- ,
I P - ( ,
) , ,
D N S - .

nslookup,

.
, , I P - ftp.isc.org,
:
% nslookup ftp.isc.org. 207.69.188.185
nslookup
DNS-,
IP-
2 0 7 . 6 9 . 1 8 8 . 1 8 5 , I P - ftp.isc.org.
:
Server:
Address:
Name:
ns1.mindspring.com
207.69.188.185
ftp.isc.org
Address: 204.152.184.110
I P - ftp.isc.org
FTP-.
(204.152.184.110)
, I P - 2 0 7 . 6 9 . 1 8 8 . 1 8 5
D N S - ? - M i n d spring, DNS-.
- DNS- ( ),
. -
D N S - ( ! ) ,
DNS-, .

, , ,
. DNS-
, D N S ,
DNS- .
,
DNS,
FTP- .
B I N D ,
.

- ,
, ,
, . ,
,
, - .
- ,
.
:
, ,
.
: ,
( , ) ,
.
D N S , .
, DNS
D N S - ( ftp.isc.org),
.

,
: ,
.

D N S ,
.
- ,
( - ) ,
.

.

,
.
, ,
,
,
DNS-.
.
,
.
- ,
, DNS- ,

.
: Public Interest Registry org,
VeriSign -
com n e t . ,
c o m , net o r g ; G o D a d d y . c o m , R e g i s t e r . c o m N e t w o r k S o l u t i o n s . E D U C A U S E
edu.
, .
?
,
,
- , com, net org,
, .

. , -

- ,
,
. ,
.

,
, , .
,
D .
,
(nz), ( a u ) ( u k ) ,
.
, co com ,
. ,
( f r ) ( d k ) , ,
;
- univ-st-etienne.fr,

U N I X - - dkuug.dk.

-,
. U R L -
,
,
http://www.allwhois.com.
-
, ,
, DNS- , nslookup,
. ( ,

, 1 2 . )
, , RR- SOA
( s t a r t o f a u t h o r i t y , ) . S O A -
, ,
. ( S O A -
,
.)
1
, csiro.au,
, , S O A -
csiro.au:
% nslookup - 207.69.188.185
>set type=soa
>csiro.au.
- RR- SOA
- csiro.au
Server:
ns1.mindspring.com
Address:
207.69.188.185#53
csiro.au
origin = zas.csiro.au
mail addr = hostmaster.csiro.au
serial = 2005072001
refresh = 10800
retry
= 3600
expire
= 3600000
minimum ttl = 3600

>exit
mail addr -
csiro.au.

, . @ . ,
hostmaster.csiro.au

hostmaster@csiro.au.
2
whois
whois
. , whois-
- , D N S - , w h o i s -
,
SOA- , .
, SOA-, ,
( ),
, .

DNS - MB MG. MB (mailbox,
) MG (mail group, )
() . MB MG
, , , SOA, .
. ,
whois-, whois-.
whois http://
www. allwhois.com
( . 3 . 1 ) . ,
- ;
whois-.
. 3.1.
www.allwhois.com
, jp. J a p a n ( j p )
http://www.allwhois.com,
,
whois- (. 3.2).
, ,
.
. 3.2. -
whois- jp
- ,
.
.
, dk co.uk
org.uk.
, .

,
. ,
?

,
, .
, ,
us:
K - 1 2 ( ) .
,
us ,
RFC 1480.
k12.<>.us,
<>
- ,
.
.<>.^,
-
^.<>.^.

. ,
org com.
, us,
:

(<>.^),

. ,
, acme.us
acme.co.us.

.
.

, ,
,
, com, net org: ,
, com.

.
-
, ,

- . ,
,
.
, us
. -
, , us
.
.
?
:
biz
.
com
.
info
.
net
,
, .
org
,
.
-
( T h e G i z m o n i c I n s t i t u t e ) ,
, gizmonics.com
.
, ,
gizmonics.com:
% nslookup
Default Server:
Address:
> set type=any

> gizmonics.com.
Server:
ns.unet.umn.edu
128.101.101.101
-
- gizmonics.com
ns.unet.umn.edu
Address:
128.101.101.101
gizmonics.com
nameserver = ns1.11l.net
gizmonics.com
nameserver = ns2.11l.net
! , gizmonics.com
(
? ) . , gizmonic-institute.com
, :
1
% nslookup
Default Server:
Address:
> set type=any

1
ns.unet.umn.edu
128.101.101.101
,
. ,
www.nameboy.com
g i z m o n i c i n s t i t u t e ,
.
> gizmonic-institute.com.
Server:
Address:
gizmonic-institute.com
ns.unet.umn.edu
128.101.101.101
*** ns.unet.umn.edu can't find gizmonic-institute.com.: Non-existent host/

domain
gizmonic-institute.com
,
- .

?
! 1999
c o m , n e t , org edu - N e t w o r k
Solutions, Inc.
, Network Solutions.
ASCII?

, A S C I I ,
.

. ,
, N e s t l e .
?
, .
, , ,
.

, , ,
.

, 17.
, Internet
E x p l o r e r , ,
. ,
,
,
.

, -
.
1
Microsoft , IE 7.0
.
1 9 9 9 I C A N N , ,
( ) ,
com, net org.
com, net
org. I n t e r N I C
( I C A N N )
http://www.internic.net/regist.html.
, ,
,

. ,
, .

, ,
IP- ( , ) .
D N S - ,
, (
) in-addr.arpa,
.
IP- IP-. , 1 5 / 8
I P - 1 5 . 0 . 0 . 0 1 5 . 2 5 5 . 2 5 5 . 2 5 5 .
1 9 9 . 1 0 . 2 5 / 2 4 1 9 9 . 1 0 . 2 5 . 0
199.10.25.255.
I n t e r N I C ( I C A N N )
IP-: IP , ,
, .
I n t e r N I C
- ,
,
. ,
, (
) . ,
, ,
, ( ) ,
. ,
.
RFC
1918 ( 1 0 / 8 , 1 9 2 . 1 6 8 / 1 6 ) .
, .
CIDR
- - ,
, 3 2 -
: A , B
C. A ,
( ) IP- ,
, ,
. ,
A , ,
. B
, -
, C
.
, ,
.
, C,
2 5 4 , ,
B, 6 5 5 3 4 .
- B
. B
.
,
,
(Classless Inter-Doma
in R o u t i n g , C I D R , ) .
, C I D R A , B C. C I D R

(, ) , IP . , ,
,
B,
14 , , ,
18 ( , B )
.
, C I D R
,
. , CIDR , ,
, ,
.
. 1 5 / 8 - A ,
8- 0 0 0 0 1 1 1 1 . B
1 2 8 . 3 2 . 0 . 0 1 2 8 . 3 2 / 1 6 .
1 9 2 . 1 6 8 . 0 . 1 2 8 / 2 5 128 IP-,
192.168.0.128 192.168.0.255.
I n t e r N I C
- , ,
. ? ,
, .
-
( ? )
. IP-
A R I N ( A m e r i c a n Regis
t r y o f I n t e r n e t N u m b e r s ) , http://www.arin.net.

A P N I C ( A s i a P a c i f i c N e t w o r k I n f o r m a t i o n Cen
t e r ) , http://www.apnic.net.

R I P E (http://www.ripe.net).

L A C N I C (Latin A m e r i c a and Caribbean Internet
A d d r e s s e s R e g i s t r y ) , http://www.lacnic.net.

;
, L A C N I C
. ,
.

- whois,
, . U R L whois- :
ARIN
http://www.arin.net/whois
index.html
APNIC
http://www.apnic.net/search/index.html
RIPE
http://www.ripe.net/perl/whois
LACNIC
http://lacnic.net/cgi-bin/lacnic/whois?lg=EN
, ,
in-addr.arpa.

,
( ,
) .
,
- .
.
, , ,
; .

,
o n l i n e - - .
,
, .
DNS-, ,
,
. ,
, DNS-. DNS- . ( ,
, DNS-
. ) 4
D N S - ,
.

, ,
, ,
( ) .
w h o i s - ,
.
, ,
.
whois, w h o i s - .
,
: .

. N e t w o r k S o l u t i o n s ,
c o m , net o r g , $ 3 5
. ( com, net
org, N e t w o r k S o l u t i o n s ,

whois, ,
.)
,
, in-addr.arpa,
IP-,
. ,
1 9 2 . 2 0 1 . 4 4 / 2 4 , 1
IPv6
11.
44.201.192.in-addr.arpa.
,
IP- .
in-addr.arpa
4.

, - .
, ?
, ?
,
in-addr.arpa.
,
- , ,
inaddr.arpa.

in-addr.arpa
- . -
.
- , S O A -
in-addr.arpa, . ,
1 5 3 . 3 5 / 1 6 U U N E T ,
S O A - 35.153.in-addr.arpa

.

-,
in-addr.arpa
.
-
.
, ,
. D N S - ,
.
4
BIND
- , -
, - - .
(,
, .)
- - ,
...
, ,
, - D N S - .
, .
DNS-. -, ,
( ! ) .
, ,
,
.
,
DNS-. - :
( , F T P ftp.rs.internic.net),
( )
. ,
, 1 1 .
,
, D N S -
. , ,
,
.
.
DNS-
, , ,
,
DNS-.

.

( )
.
IP
. - ,
movie.edu.

.

Ethernet-, .
1 9 2 . 2 4 9 . 2 4 9 / 2 4 1 9 2 . 2 5 3 . 2 5 3 / 2 4 .
:
127.0.0.1
localhost
#
192.249.249.2
shrek.movie.edu shrek
192.249.249.3
toystory.movie.edu toystory toys
192.249.249.4
monsters-inc.movie.edu monsters-inc mi
# (
# ),
192.253.253.2
misery.movie.edu misery
192.253.253.3
shining.movie.edu shining
192.253.253.4
carrie.movie.edu carrie
# (wormhole) - ,
#
# ; .
# ,
# , .
192.249.249.1
wormhole.movie.edu wormhole wh wh249
192.253.253.1
wormhole.movie.edu wormhole wh wh253
. 4 . 1 .

DNS- -
. DNS-
.
.
.

(forward mapping),

(reverse mapping).

.
shrek
toystory
monsters-inc
misery
shining
carrie
. 4.1.
: ,
,
db.DOMAIN. movie.edu db.movie.edu.
,
, dbAADDR, A D D R -
.
db.192.249.249
db.192.253.253;
.
( db - , . d a t a b a s e ) .
db.DOMAIN
dbAADDR

. :
db.cache
db.127.0.0.
. D N S -
, .
, DNS-
- B I N D 8 9 named.conf.
D N S
-.

DNS- -
DNS- BIND.

RR- D N S . D N S ,

, .
. ,
, .
, Titanic.movie.edu,
titanic.movie.edu

, .
RR- . RR-
, , ,
-
. R F C - D N S R R -
. (
) ,
. , :
SOA-

NS-
DNS-
.
:
A
.
PTR
.
CNAME
( ).
, -,

. . . .
( ) ,
RR-.
, .
,
.
(;) . , , ,
DNS- .
TTL
,
, BIND . ( ,
, named -v.
B I N D , , , 8 . 2 . )
,
(TTL, time to live) BIND
8.2. TTL
S O A - .
B I N D 8.2 R F C 2 3 0 8 ,
S O A -

.
,
DNS-
,
, ,
,
.
T T L B I N D 8 . 2
? - $TTL. $TTL
,
( $ T T L )
.
T T L
, DNS-
.
,
. - .
,
- D N S - ,
.
B I N D ,
T T L
$TTL. , - ,
:
$TTL 3h
D N S - , B I N D 8 . 2 ,
$ T T L , D N S -
.
SOA-
- SOA- ( R R - S O A ) . S O A - , D N S -

. D N S -
movie.edu
SOA-. SOA-
db.DOMAIN
db.ADDR.

SOA-.
SOA-
db.movie.edu:
movie.edu. IN SOA toystory.movie.edu. al.movie.edu. (

3h
1h
1w
1h )
TTL 1
movie.edu.
.
, , ,
! ( ,
.)
IN I n t e r n e t . -
,
. IN.
. , D N S -
, ;
.
S O A (toystory.movie.edu.)
- DNS movie.edu.
(al.movie.edu.)
-
, ;
, . @ .
root, postmaster
hostmaster
.
,
. ,
,
. B I N D
RR- - R P (responsible person,
) . R P 7.
SOA- .
SOA- DNS- , ,
. ,
.
SOA-
db.192.249.249
db.192.253.253.
SOA-
movie.edu. in-addr.arpa:
249.249.192.inaddr.arpa. 253.
253.192.in-addr.arpa.
NS-
, , -
N S - ( n a m e s e r v e r , D N S - ) . N S -
DNS-, .
NS-
db.movie.edu:
movie.edu.
movie.edu.
IN NS
IN NS
toystory.movie.edu.
wormhole.movie.edu.
, D N S - movie.edu. toystory.movie.edu
wormhole.movie.edu.
, ,
wormhole.movie.edu,
D N S - ,
.

.
D N S - 8.
SOA-, NS-
db.192.249.249
db.192.253.253.
RR-

RR-
db.movie.edu:
;
localhost.movie.edu.
shrek.movie.edu.
IN A
IN A
toystory.movie.edu. IN A
monsters-inc.movie.edu.
127.0.0.1
192.249.249.2
192.249.249.3
IN A
192.249.249.4
misery.movie.edu.
IN A
192.253.253.2
shining.movie.edu.
IN A
192.253.253.3
carrie.movie.edu.
IN A
192.253.253.4
;
wormhole.movie.edu.
IN A
192.249.249.1
wormhole.movie.edu.
IN A
192.253.253.1
;
toys.movie.edu.
IN CNAME toystory.movie.edu.
mi.movie.edu.
IN CNAME monsters-inc.movie.edu.
wh.movie.edu.
IN CNAME wormhole.movie.edu.
wh249.movie.edu.
IN A
192.249.249.1
wh253.movie.edu.
IN A
192.253.253.1
- . A
, R R -
. wormhole.movie.edu

. , ,
, . ,
D N S ; ,
wormhole.movie.edu
.
DNS- , DNS-
.
1 0 .
,

,
.
(round ro
bin); 1 0 .
.
C N A M E - R R - (canonical names,
) .
( - ).
CNAME-
. C N A M E
,
. , DNS- CNAME-,
,
. ,
wh.movie.edu,
C N A M E - ,
wormhole.movie.edu.

wormhole.movie.edu .
,
toys.movie.edu:
R R . , R R -
( , toystory.movie.edu).
, NS-
.
.
,
, wormhole.movie.edu.

ping
.
ping wormhole.movie.edu,
DNS-
. ping .
?
,
wh249.movie.edu
wh253.movie.edu;

.
D N S , ( C N A M E - )
wh249.movie.edu
wh253.movie.edu,
. . ,

wormhole.movie.edu. .
, 1 9 2 . 2 5 3 . 2 5 3 . 1
wormhole.movie.edu,
ping wh253.movie.edu,
.

wh249.movie.edu.
:
, (A)
, C N A M E - , .

wh249.movie.edu wh253.movie.edu.

.
wh249.movie.edu,
,
( ,
.rhosts). ,
,
,
wormhole.movie.edu.
(A)
wh249.movie.edu
wh253.movie.edu,

: C N A M E - ? .
C N A M E - ,
IP-.
, sendmail,
.
Sendmail

;
, ,
, C N A M E - . C N A M E - , sendmail
,
,
sendmail.
sendmail,

,
.rhosts. ,
C N A M E - , ,
, .

I P - , rlogind,
, .
PTR-
.
db.192.249.249
1 9 2 . 2 4 9 . 2 4 9 / 2 4 .
RR- DNS,
P T R - , - (pointer records).
-
. ( , D N S - , ,
. , inaddr.arpa.)
PTR-, 1 9 2 . 2 4 9 . 2 4 9 / 2 4 :
1.249.249.192.in-addr.arpa.
IN PTR wormhole.movie.edu.
2.249.249.192.in-addr.arpa.
IN PTR shrek.movie.edu.
3.249.249.192.in-addr.arpa.
IN PTR toystory.movie.edu.
4.249.249.192.in-addr.arpa.
IN PTR monsters-inc.movie.edu.
,
. - ,
- . , 1 9 2 . 2 4 9 . 2 4 9 . 1 wormhole.movie.edu,
wh249.movie.edu.

P T R - - wormhole.movie.edu

wh249.movie.edu,
, . - ,
wormhole.movie.edu
, .
,
1 9 2 . 2 4 9 . 2 4 9 / 2 4 , wormhole.movie.edu

.
1 9 2 . 2 5 3 . 2 5 3 / 2 4 .

, R R -
, , . ,
.

db.movie.edu:
$TTL 3h
;
3h
; 3
1h
; 1
1w
; 1
1h )
; TTL 1
;
movie.edu.
IN NS
toystory.movie.edu.
movie.edu.
IN NS
wormhole.movie.edu.
;
shrek.movie.edu.
IN A
127.0.0.1
IN A
192.249.249.2
toystory.movie.edu. IN A
192.249.249.3
monsters-inc.movie.edu.
IN A
192.249.249.4
misery.movie.edu.
IN A
192.253.253.2
shining.movie.edu.
IN A
192.253.253.3
carrie.movie.edu.
IN A
192.253.253.4
wormhole.movie.edu.
IN A
192.249.249.1
wormhole.movie.edu.
IN A
192.253.253.1
;
toys.movie.edu.
IN CNAME toystory.movie.edu.
mi.movie.edu.
wh.movie.edu.
IN CNAME wormhole.movie.edu.
;
wh249.movie.edu.
IN A
192.249.249.1
wh253.movie.edu.
IN A
192.253.253.1
db.192.249.249:
$TTL 3h
249.249.192.in-addr.arpa. IN SOA toystory.movie.edu. al.movie.edu. (
1
3h
; 3
1h
; 1
1w
; 1
1h )
; TTL 1
;
IN NS
toystory.movie.edu.
IN NS
wormhole.movie.edu.
; ,
1.249.249.192.in-addr.arpa.
2.249.249.192.in-addr.arpa.
3.249.249.192.in-addr.arpa.
4.249.249.192.in-addr.arpa.
db.192.253.253:
$TTL 3h
1
3h
; 3
1h
; 1
1w
; 1
1h )
; TTL 1
;
IN NS
toystory.movie.edu.
IN NS
wormhole.movie.edu.
; ,
1.253.253.192.in-addr.arpa.
2.253.253.192.in-addr.arpa.
IN PTR misery.movie.edu.
3.253.253.192.in-addr.arpa.
IN PTR shining.movie.edu.
4.253.253.192.in-addr.arpa.
IN PTR carrie.movie.edu.
Loopback-
db.ADDR
loopback- ,
. ()
1 2 7 . 0 . 0 / 2 4 , () - 1 2 7 . 0 . 0 . 1 . ,
db.127.0.0.
,

db.ADDR.

db.127.0.0:
$TTL 3h
1
3h
; 3
1h
; 1
1w
; 1
1h )
; TTL 1
IN NS
toystory.movie.edu.
IN NS
wormhole.movie.edu.
1.0.0.127.in-addr.arpa.
IN PTR localhost.
DNS- ?
. 1 2 7 . 0 . 0 / 2 4 ,
loopback.

, .
, DNS- .
1 2 7 . 0 . 0 . 1 ,
D N S - ,
1 2 7 . 0 . 0 . 1 . ,
DNS-.

, DNS-
DNS- . -
- ftp.rs.internic.net
(198.41.0.6).
FTP-,
db.cache domain .
;
This file holds the information on root name servers needed to
initialize cache of Internet domain name servers
(e.g. reference this file in the "cache
configuration file of BIND domain name servers).
This file is made available by InterNIC
under anonymous FTP as
file
on server
<file>"
/domain/db.cache
FTP.INTERNIC.NET
-OR-
RS.INTERNIC.NET
last update:
Jan 29, 2004
related version of root zone:
2004012900
; formerly NS.INTERNIC.NET
3600000
A.ROOT-SERVERS.NET.
3600000
IN
NS
A.ROOT-SERVERS.NET.
198.41.0.4
; formerly NS1.ISI.EDU
B.ROOT-SERVERS.NET.
3600000
NS
B.ROOT-SERVERS.NET.
3600000
192.228.79.201
3600000
NS
C.ROOT-SERVERS.NET.
3600000
192.33.4.12
; formerly C.PSI.NET
C.ROOT-SERVERS.NET.
; formerly TERP.UMD.EDU
D.ROOT-SERVERS.NET.
3600000
NS
D.ROOT-SERVERS.NET.
3600000
128.8.10.90
; formerly NS.NASA.GOV
E.ROOT-SERVERS.NET.
3600000
NS
E.ROOT-SERVERS.NET.
3600000
192.203.230.10
; formerly NS.ISC.ORG
F.ROOT-SERVERS.NET.
3600000
NS
F.ROOT-SERVERS.NET.
3600000
192.5.5.241
; formerly NS.NIC.DDN.MIL
G.ROOT-SERVERS.NET.
3600000
NS
G.ROOT-SERVERS.NET.
3600000
192.112.36.4
; formerly AOS.ARL.ARMY.MIL
H.ROOT-SERVERS.NET.
3600000
NS
H.ROOT-SERVERS.NET.
3600000
128.63.2.53
; formerly NIC.NORDU.NET
I.ROOT-SERVERS.NET.
3600000
NS
I.ROOT-SERVERS.NET.
3600000
192.36.148.17
; operated by VeriSign, Inc.
J.ROOT-SERVERS.NET.
3600000
NS
J.ROOT-SERVERS.NET.
3600000
192.58.128.30
; operated by RIPE NCC
K. ROOT-SERVERS.NET.
3600000
NS
K.ROOT-SERVERS.NET.
3600000
193.0.14.129
; operated by ICANN
L.ROOT-SERVERS.NET.
3600000
NS
L.ROOT-SERVERS.NET.
3600000
198.32.64.12
3600000
NS
M.ROOT-SERVERS.NET.
3600000
202.12.27.33
; operated by WIDE
M.ROOT-SERVERS.NET.
; End of File
. .
,
.

db.cache.
? ,
.
B I N D ,
, , , ,
. db.cache
bind-users
namedroppers,

3.
, , , .
,
D N S - ? , . DNS- . -
( ) , -
.
,
(root
hints). ,
T T L .
DNS-, DNS-
DNS-, . T T L , D N S -
.
DNS- DNS-
- , , DNS-
- D N S - ,
? , DNS-,
,

D N S - ,
.
3 6 0 0 0 0 0 ?
.
9 9 9 9 9 9 9 9 .
, DNS- ,
. 9 9 9 9 9 9 9 9 -
,
. DNS-

, TTL .
3 6 0 0 0 0 0 ,

BIND-.
BIND
, , DNS, . BIND
.
, DNS.
B I N D ,
R F C - D N S .

4 8. ,
8 9. B I N D 4 ,
.
, .

: C-, C++- :
/* C */
// C++
#
, ,
.
,

. options:
options {
directory "/var/named";
//

options, ,
,
directory.
DNS
zone .
zone,
(in - ) . master ,
.
:
zone "movie.edu" in {
type master;
file "db.movie";
};
, R R - , D N S .
in zone .
zone in ,
.
,
:
zone "." in {
type hint;
file "db.cache";
};
, ,

(hints) D N S - .
1
BIND 9 hints,
zone
named.conf. , ,
, .
B I N D /etc/
named.conf.

/var/named.

, .
,
, ,
, ,
DNS-.
/etc/named.conf:
// BIND
options {
//
};
type master;
file "db.movie.edu";
};
zone "249.249.192.in-addr.arpa" in {
type master;
file "db.192.249.249";
};
type master;
file "db.192.253.253";
};
type master;
file "db.127.0.0";
};
zone "." in {
type hint;
file "db.cache";
};
, ,
D N S . -
, . ,
, ,
. ,
B I N D , .

zone .

.

(origin)
.
, ,
, ,
.

, shrek.movie.edu
db.movie.edu

:
shrek.movie.edu.
IN A
192.249.249.2
:
shrek
IN A
192.249.249.2
db.192.24.249
2.249.249.192.in-addr.arpa.
249.249.192.in-addr.arpa

, :
2
, ,
. ,
. :
shrek.movie.edu
IN A
192.249.249.2
shrek.movie.edu.movie.edu,
.
@

,
@ . SOA- . :
@ IN SOA toystory.movie.edu. al.movie.edu. (

3
3h
1
1h
1
1w
TTL 1
1h )

R R - ( )
, -
.
.
:
wormhole
IN A
192.249.249.1
IN A
192.253.253.1
wormhole.
, RR-
.

, ,
, .

db.movie.edu:
$TTL 3h
; , ,
; : movie.edu

1
3h
; 3
1h
; 1
1w
; 1
1h )
; TTL 1
( '@')
IN NS
toystory.movie.edu.
IN NS
wormhole.movie.edu.

localhost
shrek
IN A
IN A
toystory IN A
monsters-inc
127.0.0.1
192.249.249.2
192.249.249.3
IN A
192.249.249.4
misery
IN A
192.253.253.2
shining
IN A
192.253.253.3
carrie
IN A
192.253.253.4
wormhole
IN A
192.249.249.1
IN A
192.253.253.1
toys
IN CNAME toystory
mi
IN CNAME monsters-inc
wh
IN CNAME wormhole
;
wh249
IN A
192.249.249.1
wh253
IN A
192.253.253.1
db.192.249.249:
$TTL 3h
; , ,
; : 249.249.192.in-addr.arpa

1
3h
; 3
1h
; 1
1w
; 1
1h )
; TTL 1
; ( '@')
IN NS
toystory.movie.edu.
IN NS
wormhole.movie.edu.
; ,
1
db.192.253.253:
$TTL 3h
; , ,
; : 253.253.192.in-addr.arpa

1
3h
; 3
1h
; 1
1w
; 1
1h )
; TTL 1
; ( '@')
IN NS
toystory.movie.edu.
IN NS
wormhole.movie.edu.
; ,
1
IN PTR misery.movie.edu.
IN PTR shining.movie.edu.
IN PTR carrie.movie.edu.
db.127.0.0:
$TTL 3h
3h
; 3
1h
; 1
1w
; 1
1h )
; TTL 1
IN NS
toystory.movie.edu.
IN NS
wormhole.movie.edu.
IN PTR localhost.
, db.movie.edu
movie.edu S O A N S
:
@ IN SOA toystory al (
IN NS
toystory
IN NS
wormhole
3h
; 3
1h
; 1
1w
; 1
1h )
; TTL 1
,
. db.movie.edu
, S O A N S
.

DNS- 4.9.4 (
) ,
. 4 . 9 . 4 B I N D -
R F C 9 5 2 .
.
, ,
, .
, RR- . :
<>
<>
<>
<>
toystory
IN
192.249.249.3
( A ) M X - ( 5 D N S ) .
S O A NS.
C N A M E - ,
, .
.
.
:
ID4
IN A 192.249.249.10
postmanring2x
IN A 192.249.249.11
:
fx-gateway
IN A 192.249.249.12
, ,
ASCII-.
R R -
( S O A - ) , ,
, ,

. , :
<ASCII->.<---->
key_grip@movie.edu

S O A - . ,
@ . :
movie.edu. IN SOA toystory.movie.edu. key_grip.movie.edu. (
3h
1h
1w
1h )

3
1
1
TTL 1

BIND
, ,
.
(
?),

.
:
options {
check-names master warn;
};
l o g - syslog, , .

:
options {
check-names master ignore;
};
,
( ) ,
slave primary:
options {
check-names slave ignore;
};
, , :
options {
check-names response ignore;
};
BIND :
options {
check-names master fail;
check-names slave warn;
check-names response ignore;
};
.
,
, , options:
type master;
check-names fail;
};
options (check-names master fail),

(check-names
fail).
, zone
(, ).
,
-?
, P e r l : h2n. h2n

. h2n
. ,
,
- . /etc/
hosts h2n
.
h2n,
,
/etc/hosts,
.
,
:
% h2n -d movie.edu -s toystory -s shrek \
-n 192.249.249 -n 192.253.253 \
-u al.movie.edu
( B I N D 4,
.)
-v4
-d -n
. ,
. -s
DNS- ,
NS-. -u (user, )
SOA-.
h2n 7,
, D N S .
BIND 9
B I N D 9, ,
DNS-:
named-checkconf
named-checkzone.
/usr/local/sbin.
, named-checkconf

, named-checkzone
named-checkconf,

/etc/named.conf:
% named-checkconf
, named-checkconf
/etc/named.conf:14: zone '.': missing 'file' entry
, .
named-checkzone
% named-checkzone movie.edu db.movie

zone movie.edu/IN: loaded serial 4
OK
, , - 4.
DNS-
, , DNS .
. DNS-,
, syslog.
DNS-
,
l o g - syslog.
, D N S - .
B I N D 9 named-checkconf
named-checkzone,

, s y s l o g .
DNS-
,
D N S - B I N D nslookup.

named ,
, , .
BSD DNS-
/etc, /usr/sbin. named
/usr/etc/in.named
/usr/sbin/in.named.

,
/usr/sbin.
,
(root).
, root.
DNS- ,
. ,
.
D N S - .
toystory.movie.edu:
# /usr/sbin/named
, /etc/named.conf. ,
D N S - , , - c :
# /usr/sbin/named -c conf-file
log- syslog
, DNS-, -
l o g - syslog . ,
syslog,
syslog.conf
syslog
syslogd (
syslog).
log daemon ( ) named. ,
syslog,
,
daemon
/etc/syslog.conf:
% grep daemon /etc/syslog.conf
*.err;kern.debug;daemon,auth.notice
/var/adm/messages
s y s l o g - D N S - l o g - ,
/var/adm/messages,
syslog
, LOG_NOTICE
. LOG_INFO,
. ,
, 7,
syslog .
DNS- log- :
% grep named /var/adm/messages
Jan 10 20:48:32 toystory named[3221]: starting BIND 9.3.2 -c named.boot
,
, .

. ,
:
shrek
IN
192.249.249.2
syslog-:
Jan 10 20:48:32 toystory named[3221]: db.movie.edu:24: Unknown RR type:
192.249.249.2
z o n e
named.conf:
zne "movie.edu" in {
/etc/
:
Mar 22 20:14:21 toystory named[1477]: /etc/named.conf:10:
unknown option 'zne'
B I N D , ,
R F C 9 5 2 , syslog
:
Jul 24 20:56:26 toystory named[1496]: db.movie.edu:33: a_b.movie.edu: bad
owner name
, ,
syslog, ,
. ,
; ,
.
A DNS
R R - , ,
R R - . ,
, ndc
( B I N D 8 ) rndc ( B I N D 9 ) :
# ndc reload
. ndc rndc D N S -
7.
1
nslookup

.
nslookup.
nslookup 1 2 ,
,
DNS-.

nslookup,

.
carrie

carrie.movie.edu - movie.edu

.
BIND 9 rndc,
.
7. ndc .
:
hostname(1)

/etc/resolv.conf. ,
/etc/resolv.conf.

. ,

hostname(1).
/etc/resolv.conf
,
( movie.edu

):
domain movie.edu
hostname(1)
.
hostname(1)
toystory.movie.edu.
.
toystory

nslookup R R -
DNS-. (A)
, DNS-,
resolv.conf.
( D N S - resolv.conf,
DNS- DNS-.)
nslookup,
nslookup - .

.
nslookup
carrie:
% nslookup carrie
Server: toystory.movie.edu
Address:
192.249.249.3
Name:
carrie.movie.edu
Address:
192.253.253.4
,
DNS- .
, ,
:
*** toystory.movie.edu can't find carrie: Non-existent domain
, carrie (
) ,
(hostname(1)),
DNS (
syslog).

nslookup
,
P T R - . nslookup
carrie:
% nslookup 192.253.253.4
Address:
192.249.249.3
Name:
carrie.movie.edu
Address:
192.253.253.4
, DNS-
in-addr.arpa
( ).
, ,
, .

- DNS-
, ftp.uu.net,
,
. ,
. nslookup D N S , ,
.
% nslookup ftp.rs.internic.net.
Address:
Name:
192.249.249.3
ftp.rs.internic.net
Addresses: 198.41.0.6
, ,
DNS- DNS- ,
, .

( syslog
l o g - ) ,
D N S - .
.
,
! DNS .
DNS-.

, .
, D N S -
.
DNS-
.
. IP-
DNS- .
DNS-
NS- .
nslookup,
-type=ns,
NS.
. , hp.com,
, D N S
com.
% nslookup -type=ns com.
Address: 192.249.249.3#53
Non-authoritative answer:
com
nameserver = i.gtld-servers.net
com
nameserver = j.gtld-servers.net
com
nameserver = k.gtld-servers.net
com
nameserver = l.gtld-servers.net
com
nameserver = m.gtld-servers.net
com
nameserver = a.gtld-servers.net
com
nameserver = b.gtld-servers.net
com
nameserver = c.gtld-servers.net
com
nameserver = d.gtld-servers.net
com
nameserver = e.gtld-servers.net
com
nameserver = f.gtld-servers.net
com
nameserver = g.gtld-servers.net
com
nameserver = h.gtld-servers.net
a.gtld-servers.net
internet address = 192.5.6.30
a.gtld-servers.net
AAAA IPv6 address = 2001:503:a83e::2:30
b.gtld-servers.net
b.gtld-servers.net
AAAA IPv6 address = 2001:503:231d::2:30
c.gtld-servers.net
d.gtld-servers.net
e.gtld-servers.net
f.gtld-servers.net
g.gtld-servers.net
h.gtld-servers.net
i.gtld-servers.net
j.gtld-servers.net
k.gtld-servers.net
l.gtld-servers.net
m.gtld-servers.net
D N S
N S - . nslookup
-type=ns,
-norecurse,
. , -
,
. ( , , NS-
, , . )
D N S , ,
nslookup.

com,
b.gtld-servers.net,
N S - hp.com.
% nslookup -type=ns -norecurse hp.com. b.gtld-servers.net.
Server:
b.gtld-servers.net
Address:
192.33.14.30#53
hp.com
nameserver = am1.hp.com
hp.com
nameserver = am3.hp.com
hp.com
nameserver = ap1.hp.com
hp.com
nameserver = eu1.hp.com
hp.com
hp.com
am1.hp.com
internet address = 15.227.128.
am3.hp.com
ap1.hp.com
eu1.hp.com
eu2.hp.com
eu3.hp.com
hp.com,
, .

ftp.rs.internic.net
, , ,
. D N S
N S - ,
DNS- .
,

, .
- F T P
.
. ,
, ,
, , ,
,
. ,

.

, DNS-
,
( /etc/
resolv.conf).
,
, D N S - . ,

,
/etc/named.conf.

:
1
% grep named /etc/*rc*
, System V:
% grep named /etc/rc*/S*
,
,
,

ifconfig:
if test -x /usr/sbin/named -a -f /etc/named.conf
then
echo "Starting named"
/usr/sbin/named
fi
, D N S - ,

(routed gated), ,
DNS-
/etc/hosts.
,
. (hostname(1))
.
, :
hostname toystory
:
hostname toystory.movie.edu
DNS-
DNS-.
( )
D N S - . D N S - -
, ,
,
. DNS-
.
D N S - , Linux : grep named /etc/rc.d/*/S*.
. .
. DNS . , ,
,
,
.
D N S - ,
? named.conf

. N S - . ( , D N S
: , D N S -
. )
D N S - ?
, .
DNS- .
, D N S - .

.
D N S -
D N S - , .
DNS-
,
, -
.
DNS-; DNS-
. ,
,
. -
S O A - , .
( B I N D 8 9
, . )
D N S - :
db.cache db.127.0.0
,
, .
, DNS-
,
0.0.127.in-addr.arpa,

, .
DNS-,
,
( , /var/named)
/etc/named.conf, db.cache
db.127.0.0:
# rcp /etc/named.conf host:/etc
# rcp db.cache db.127.0.0
host:db-file-directory
/etc/named.conf

D N S - . master
slave, 0.0.127.in-addr.arpa,

masters, I P - ,
DNS .
:
type master;
};
:
type slave;
file "bak.movie.edu";
masters { 192.249.249.3; };
};
DNS-,
movie.edu
,
DNS- IP- 192.249.249.3. DNS
bak.movie.edu.
DNS-
wormhole.movie.edu.
,
toystory.movie.edu
( )
:
options {
};
type master;
};
type master;
file "db.192.249.249";
};
type master;
file "db.192.253.253";
};
type master;
file "db.127.0.0";
};
zone "." in {
type hint;
file "db.cache";
};
/etc/named.conf,
db.cache db.127.0.0
wormhole.movie.edu,
,

:
options {
};
type slave;
masters { 192.249.249.3; };
};
type slave;
file "bak.192.249.249";
masters { 192.249.249.3; };
};
type slave;
file "bak.192.253.253";
masters { 192.249.249.3; };
};
type master;
file "db.127.0.0";
};
zone "." in {
type hint;
file "db.cache";
};
D N S - ,
wormhole.movie.edu, movie.edu,
253.253.192.inaddr.arpa
, D N S -
1 9 2 . 2 4 9 . 2 4 9 . 3 (toystory.movie.edu).

/var/named.
,
. (bak),

. , ,
, .
.
DNS-.
l o g - syslog - ,
. ,
:
# /usr/sbin/named
, D N S - ,
. ,
. ,
wormhole.movie.edu,

var/named bak.movie.edu,
bak.192.249.249
bak.192.253.253.
,
.
D N S - ,
,
.
nslookup , D N S - ,
. D N S -
,
, DNS-
, hostname(1)

.

D N S -

. ,
D N S - ,
- D N S ,
.
,
.
? , DNS-- .

DNS- ,
.
,
.
D N S - ,
.
, file
.
DNS- , .
, -
,
, .
SOA
S O A - ?
1
3h
; 3
1h
; 1
1w
; 1
1h )
; TTL 1
, .
.
, .
,
2 0 0 5 0 1 2 3 0 1 . ^ , - , , - , N N -
. ,

. :
,
.
D N S -
,
.
DNS- ,
, ,
.
.
, . ,

.
7.

, :
(refresh)
D N S - ,

. ,
, ,
S O A - .
, , .
, ,
. -
, D N S ,
.
, DNS-
( D N S - ) ,
, 24 .
(retry)

( , ,
) ,
, .
,
, .
(expire)
D N S -
,
. ,
,
,
. , ,
, .
- ,
( ) ,
.
,
;
.
TTL
T T L - (time to live).
DNS-,
.
BIND , 8.2, SOA - (
)
.
, ,
, SOA-.
- BIND , ,
. (
, , 60 8 4 0 0 .)
( B I N D 4 . 8 . 3 )
,
S O A - ,
T T L , . ,
3 h , 180m
d, - w.
2h60m.
S O A - .
, D N S ,
.
, ,
. RFC 1537
DNS- :
TTL
24
2
30
4
, .
BIND, 4.8.3,
. B I N D

. ,
, DNS-
,
. BIND ,
1 5 - , .
, , DNS-
... B I N D 8 9 !
, B I N D 8 9
.
-
B I N D 8 9, D N S

.

. 10.
-
DNS-
? : IP-
-.
IP-, :
type slave;
masters { 192.249.249.3; 192.249.249.4; };
};
B I N D 9.3
I P - - ,
. I P - .
:
masters "movie-masters" {
192.249.249.3;
192.249.249.4;
};
type slave;
masters { movie-masters; };
};
- ,
. BIND 8.1.2 DNS-
-
, .
DNS-
. B I N D 8 . 2
- D N S
,
. ,
( )
.

I P - , D N S ,
. ,
, , ,
, IP-
, D N S - ,
- . ,
- D N S ,
D N S - - D N S .

, D N S - ,
. ?
. , , - zone
.
. (, , DNS-

0.0.127.in-addr.arpa.)
, .

DNS-
DNS DNS-. - .

. D N S -
, .
, DNS- ,
,

.
?
,
/etc/hosts

DNS-,
DNS-. ,
- :

DNS-. ,
DNS-.
.
5
DNS
,
. :
- ? ?
:
- ?
,
,
, .
, ,
. , , ,
, :
D N S .
, ,
.
D N S
. ,
HOSTS.TXT
(
/etc/hosts),

I P - .

.
D N S
.
, . ,
, ,
, .
, D N S
. -
-
.
,

- . ,

. ,
, .
,

.
MX-

DNS RR-: MX-.
MX-
: M D - (mail d e s t i n a t i o n ) M F - (mail f o r w a r d e r ) . M D ,
, ; M F -
,
, .
DNS A R P A n e t ,
.
M D - , M F -
, ,
, - .
- ( M D M F )
DNS- .
(
),
.
,
.

- M X . M X -
.
MX-
TTL.
M X -
(mail exchanger)
, ,
,
( , ) .

,
, X . 4 0 0 .
,
S T M P ( S i m p l e M a i l T r a n s f e r P r o t o c o l ,
- ) .

.
,
M X , ,
:
(preference
value).
- (
0 6 5 5 3 5 ) ,
. , M X - :
peets.mpk.ca.us.
IN
MX
10 relay.hp.com.
relay.hp.com

peets.mpk.ca.us
10.

,
. ,
,
: ?

plange.puntacana.dr.
IN
MX
1 listo.puntacana.dr.
IN
MX
2 hep.puntacana.dr.
:
IN
MX
50
IN
MX
100 hep.puntacana.dr.
listo.puntacana.dr.

, ,
. ,

. ,
,
0.

( ) ,
. ,

.
,
.

, ,
.
, , MX-
oreilly.com.
IN
MX
oreilly.com.
IN
MX
10 ruby.oreilly.com.
oreilly.com.
IN
MX
10 opal.oreilly.com.
oreilly.com:
ora.oreilly.com.
M X -
oreilly.com
:
1.
ora.oreilly.com.
2. ruby.oreilly.com
opal.oreilly.com.
3. 10 ( ,
2 ) .
,
oreilly.com
.
ora.oreilly.com
ruby.oreilly.com
opal.oreilly.com.
, oreilly.com
- ;
O'Reilly. O'Re
illy
, .
e - m a i l , oreilly.com,
- ruby.oreilly.com
amber.oreilly.com
-
.
, ,
ora.oreilly.com

O'Reilly,
, ,
,
POP I M A P .
, M X -
, A - ?
?
, sendmail

.
sendmail :
M X - , A - ,
. 8
sendmail,
,
M X - .
, , ,

.
,

, -
M X - .

, sendmail,
MX- . ,
DNS- - -
, sendmail A - . ,

DNS- . MX- , ,
,
,
, DNS-
MX- .
, , IP-
( ,
) .
, I P - ,
,
.
movie.edu
movie.edu
,
postmanrings2x.movie.edu.
postmanrings2x
S M T P I M A P
movie.edu.
, ,
movie.edu,

, MX-
db.movie.edu:
movie.edu.
IN
MX
10 postmanrings2x.movie.edu.
- SMTP-
;
,
.
, postmanrings2x
,
M X -
movie.edu:
movie.edu.
IN
MX
20 smtp.isp.net.
-, ?
, ,
, -
. . ,
- . M X , ,
,
, ,
.
, -, .
, , - , - -, - .
( ,
, . . ) ?
:
los-gatos.ca.us.
IN
MX
1 san-jose.ca.us.
los-gatos.ca.us.
IN
MX
2 san-francisco.ca.us.
los-gatos.ca.us.
IN
MX
3 oakland.ca.us.
M X - -
, (
), (),
( ).
,
;
(
) -
.
: - ,
, -
, . ,
-
, -.
,
- -.
, ?
:
- ,
- ,
. (
, ,
.)
,
.

? , ,

.
, ,

. ,
- . ,

.
, ,
, .
.
, ,

.
, .
MX-
M X - ,
- , .
,
, ,
.
1
, ,
. ,
nuts@oreilly.com
,
. ,
ora.oreilly.com
. ! M X oreilly.com?
oreilly.com.
IN
MX
oreilly.com.
IN
MX
ora.oreilly.com.
oreilly.com.
IN
MX

ruby.oreilly.com,
. RFC 2821,
.
ruby.oreilly.com

ora.reilly.com,
,
. ? ruby.oreilly.com

,
opal.oreilly.com
ruby.oreilly.com.
,
. ruby.oreilly.com
,
. ruby.oreilly.com

opal.oreilly.com,
opal.oreilly.com

ruby.oreilly.com,
,
.
,
M X -
, .
MX-
, .
,
M X - , M X - ,
(

) . ,
,
.
. ,
- ( ) ,
, . ,
- (
).
- , .
, - , ,
, (
) .
- - .
-
. ,
,
.
:

MX-. (
C N A M E - ) . ,
M X - ,
;
.

,
,
.
sendmail:
554 MX list for movie.edu points back to
relay.isp.com
554 <root@movie.edu>... Local configuration error
I r e f u s e t o talk t o m y s e l f (
) ,
sendmail.
:
MX-.
: ,
,
.

, .
oreilly.com,
ruby.oreilly.com

. M X :
oreilly.com.
IN
MX
oreilly.com.
IN
MX
ora.oreilly.com.
oreilly.com.
IN
MX
,
ruby.oreilly.com

10 ( ) :
oreilly.com.
IN
MX
oreilly.com.
IN
MX
ora.oreilly.com.
oreilly.com.
IN
MX
:
oreilly.com.
IN
MX
0 ora.oreilly.com.
ora.oreilly.com
, ruby.oreilly.com
, .
, ,
(
M X - ) M X -
?
IP-
.
. , D N S
, (
) ,
. -
M X - ,
.
, , acme.com,
M X - , , acme.com,
-:
acme.com.
IN
MX
10 mail.isp.net.
,
,
. mail.isp.net ,
acme.com
, ,
,
, . M X - acme.com

,
,
:
1
554 MX list for acme.com points back to mail.isp.net

554 <root@acme.com>... Local configuration error
sendmail w
w .
sendmail.cf

:
Cw acme.com
, , ,
, 10. ,
M X - ,
,
.
1 100.
DNS

DNS M X ,

D N S
. , , , mail.isp.net
.
.
R R .
,
, D N S .
(Sender Policy Framework)

SPF (Sender Policy Framework,
) , - , ,
, -, ,
. SPF , , D N S , -
,
. - S P F
MX-: MX-
, , ,
, S P F
,
.
1
. ,
O'Reilly Media ,
oreilly.com
S M T P -
, smtp1.oreilly.com
smtp2.oreilly.com.

D N S , T X T - oreilly.com ( oreilly.com
).
TXT-:
oreilly.com.
IN
TXT
"v=spf1 +a:smtp1.oreilly.com +a:smtp2.oreilly.com -all"
v=spf1 ,
T X T - S P F .
, T X T
,
, ,

S P F . S P F ,
, S P F ,
v=spfl .
, ,
oreilly.com,
IP-,
smtp1.oreilly.com
smtp2.oreilly.com.
+ ,

c I P - . ,
, :
, SPF Reverse M X (
M X ) (Hadmut Danisch).
. , ,
.
. , ,
.
. , , ,

.
. .
+ (),
+ . ,
- a l l ,

oreilly.com.
,
. M X - oreilly.com
smtp1.oreilly.com
smtp2.oreilly.com,

T X T - :
oreilly.com.
IN
TXT
"v=spf1 +mx -all"
,
a mx, .
, +mx , +mx:oreilly.com
.
,
SPF T X T :
a
,
, - .
mx
,
, - .
ip4
(4)- ,
, - .
CIDR (, 1 9 2 . 1 6 8 . 0 . 0 / 2 4 ) .
,
.
ip6
6 - ,
, - .
IPv6 RFC 3 5 1 3 .
ptr
, P T R - ,
. P T R
, ( T X T ) ,
. , +ptr:oreilly.com
, ,
, ,

oreilly.com.
, S P F redirect,
S P F
. , oreilly.com
,
ca.oreilly.com
ma.oreilly.com

, oreilly.com.
T X T - oreilly.com,
T X T - :
ca.oreilly.com.
IN
TXT
"v=spf1
redirect=oreilly.com"
ma.oreilly.com.
IN
TXT
"v=spf1
redirect=oreilly.com"
,
ca.oreilly.com
ma.oreilly.com
, S P F - oreilly.com.
,
S P F ,
TXT-.
include ,

S P F . , oreilly.com

isp.net
oreilly.com,
T X T - oreilly.com
:
oreilly.com.
IN
TXT
"v=spf1 +mx include:isp.net -all"
, include
,
redirect .
. ?all ~all
S P F ,

.
, ,
, , .
.
S P F ,
T X T ,
2 5 5 .
T X T ,
v=spf1. .
. ,
, SPF,
SPF.
. (
SPF- , ?)
, S P F ,
.
6

, ,
:
,
. ,
.
, D N S - ,
,
. , DNS-
, ,
. ,
U N I X , Mic
r o s o f t W i n d o w s 2 0 0 0 , W i n d o w s 2 0 0 3 W i n d o w s X P (
) , .
DNS-
D N S - 2 D N S ,
.
D N S -
.
D N S - ,
. D N S - 4,

. DNS- -
,
.
, :
DNS B I N D 8.4.6 .
;
, D N S ,
,
. , ,
, ,
BIND 8.4.6 , 4.8.3
4 . 9 ,
.
.
DNS-
D N S - ?
:
, ( ) ,
( ) . U N I X -
,
DNS.
, ,
Sun (NIS),
.
1
D N S -
/etc/resolv.conf
(
/usr/etc/resolv.conf ;
-
(resolver),
, 4 5).
, resolv.conf:
doma
in, search, nameserver,
sortlist options.
DNS-. U N I X
; .

- ,
D N S - .
, . ,
toystory.movie.edu

, ,
movie.edu.
,
. , :
relay bernie
NIS Yellow Pages ( ), Y P ,

, ,
Yellow Pages .
.rhosts relay
. , bernie
,
relay. , hosts.equiv
hosts.lpd,
.

; ,
. . ,
. ,
(hostname)
asylum.sf.ca.us

sf.ca.us,
dogbert - , ,
, , ,
.
1

domain resolv.conf.
domain
,
.
domain ,
, .
domain ,
.
.
. :
domain colospgs.co.us
BIND ( , BIND 4.8.3)

,
,
,
.
- LOCALDOMAIN.
L O C A L D O M A I N ,

. ,
,
.
,
. L O C A L D O M A I N

.
?
,
, cc.
,
- ,
. ,
, , ruserok()
,
hosts.equiv
,

hostname.
,
(hostnames),

domain.
hostname
-
, D N S - resolv.conf.
LOCALDOMAIN
.

-
resolv.conf
- .
,
.
,
( , )
.
U N I X ,
( , telnet, ftp, rlogin, rsh),
.
B I N D 4 . 8 . 3 B I N D 4 . 9
, .
,
4 . 8 . 3 , , B I N D
8.4.7 , , 4.9.
1
B I N D ,
, . ,
:
2
% telnet ftp.ora.com.
ISC
BIND 8 9,
, BIND 4.9.
,
. ,
,
, . ,
.
,
.
U N I X MS-DOS.
,
,
( ) .
BIND 4.9
B I N D 4 . 9
. ,
:
domain cv.hp.com
cv.hp.com.
, ,
; .
,
, .
, .
( ) ,
,
.
?
B I N D , ,
, ,

. ,
, ,
.
, B I N D 4 . 9
:
% telnet pronto.cv.hp.com
pronto.cv.hp.com,

, .
pronto.cv.hp.com,
pronto.cv.hp.com.cv.hp.com.
% telnet asap
,
asap.cv.hp.com,
( a s a p ) ,
asap.
, ,
,
. asap -
asap,
.
asap.cv.hp.com
BIND 4.8.3
B I N D 4 . 8 . 3
,
. ,
BIND 4.8.3 :
domain cv.hp.com
cv.hp.com,

, hp.com, , com,
.
, , ,
.
1
% telnet pronto.cv.hp.com

to.cv.hp.com.
pronto.cv.hp.com.cv.hp.com
pron-
% telnet asap

asap.cv.hp.com
asap.hp.com,
( a s a p ) .
,
asap,
search
, ?
DNS
-
. search.
search
domain,
,
. search
, .

.
2
, BIND
, - ,
(, , )
. , com
edu foo .
, foo.com foo.edu
,
.
DNS- BIND 9 .
, search domain
.
resolv.conf,
, .
,
search corp.hp.com paloalto.hp.com hp.com

corp.hp.com,
paloalto.hp.com,

hp.com.
,
corp.hp.com
paloalto.hp.com.

, BIND 4 . 8 . 3 , :
search corp.hp.com

.
( 4.9
,
. ) ,

D N S - (
DNS-).
domain c DNS-
BIND 4.8.3 4.9
,
,
, , .

search
, . , BIND
4.9, 8 9 domain nsr.hp.com search
nsr.hp.com hp.com .
nameserver
4 DNS-:
DNS-. ,
D N S ,
D N S - ? ,
D N S - ( ,
) ? D N S -
?
, . D N S - ,
,
nslookup toystory.movie.edu
wormhole.movie.edu D N S - . -

. B I N D Operations Guide
DNS-.
nameserver
( - , )
IP- , . ,
nameserver 15.32.17.2
DNS-,
I P - 1 5 . 3 2 . 1 7 . 2 , D N S -
. , , D N S - , nameserver

D N S - . ,
,
DNS-.

,
DNS-. ,
D N S - -
, ,
,
.
,
D N S - , I P -
, . , 0 . 0 . 0 . 0 ,
T C P / I P
. , IP-
. ,
, l o o p b a c k - - 127.0.0.1.
D N S - , ,
? ?
?
(- ) DNS- nameserver.

D N S - ,
.
,
DNS-
1 5 . 3 2 . 1 7 . 2 , - DNS-
1 5 . 3 2 . 1 7 . 4 . , D N S D N S - .
nameserver
loopback-!
T C P / I P ,
, ,
BIND , DNS- .

, DNS-
,
DNS-
127.0.0.1. DNS- ,
.
DNS-
D N S -
.
,
DNS-, .
, , D N S -
; , ,
. ,
:
1
I C M P -
(port
unreac
hable), , D N S -
DNS-.
I C M P -
(host
unreachable)

(network unreachable),

, I P - .
,
. D N S - ,
, ,
, . D N S ,
,
DNS- .
2
,
nameserver resolv.conf,
nameserver -
.
DNS
: -
,
,
,
.
,
. ,
,
.

( ) ,
. ,
,
.
,

/etc/hosts.
1
DNS-
DNS- ,
. :
DNS- ,
DNS-.
,
D N S - .
, ; ,
, (unconnected),
D N S - ,
I C M P - .
D N S - ,
, .

D N S - , resolv.conf.
- 10 ,
D N S -
.
. (
)
D N S - .
B I N D 8 . 2 . 1 ISC D N S - ,
,
D N S - , resolv.conf.
,
D N S - .
, , . 6 . 1 ,
,
DNS-.
6.1.
BIND
4.9 8.2
DNS-
5 c
() 5
() 5
10 c
() 5
() 3
BIND 8.2.1 .
6.1.
BIND
4.9 8.2
DNS-
2
20 c
() 10
() 6
40 c
() 20
() 13
75 c
80 c
81 c
B I N D 8 . 2
. 6 . 2 .
6.2.
BIND
8.2.1
DNS-
5 c
() 5
() 5
10 c
() 5
() 3
15 c
20 c
24 c
, DNS-,
.
,
,
. DNS-,
( 1 0
- )
.
? ,
.
, ,
.
DNS-
,
, .
, ?
.
:
% telnet tootsie
tootsie: Host name lookup failure
, 75
, .
sortlist
sortlist B I N D 4.9
, -
, .

. NFS-
; : 100- Ethernet- 1 2 8 . 3 2 . 1 / 2 4 Ethernet 1 2 8 . 3 2 . 4 2 / 2 4 . D N S -
, , IP- NFS- (
, ) .
,
, resolv.conf
sortlist, 1 2 8 . 3 2 . 4 2 / 2 4 ,
, :
sortlist
128.32.42.0/255.255.255.0
.
,
:
sortlist 128.32.0.0
, 1 2 8 . 3 2 / 1 6 . (

IP-.)
, ( ) ,
:
sortlist 128.32.42.0/255.255.255.0
15.0.0.0
DNS-
sortlist,

.
options
options B I N D 4 . 9 ,
DNS-. R E S _ D E B U G .
options debug
R E S _ D E B U G ,
, ,
D E B U G . ( ,
,
. ) ,
,
,
.
- ndots,
-,
.
,
, ndots:1.
, .
,
, ,
. , mit.edu,
:
% ftp prep.ai
mit.edu, prep.ai.
mit.edu, ndots ,
D N S -
a i . :
options ndots:2
B I N D 8.2
: attempts,
timeout, rotate no-check-names.
attempts
, DNS-
, resolv.conf,
.
, - -
DNS-,
, 8 . 2 . 1 :
options attempts:4
- 5.
timeout
. - .
,
:
options timeout:2
- 3 0 .

DNS-,
resolv.conf.
rotate D N S - ,
resolv.conf,
.
, DNS- ,
.
D N S -
, D N S - .

:
options rotate
DNS . , -
D N S - ,
. .
,
,
, .
, ping,
ping
, ,
resolv.conf,
, .
ping ,
D N S - .
, ,
sendmail,

.
.
, D N S - sendmail ,
.
, no-check-names

, .
, , : ,
. ,
,
.
1
,
resolv.conf
:
options attempts:4 timeout:2 ndots:2
B I N D 4.9 ( , )

resolv.conf.
,
,
.
4.9
B I N D 4.9,
.
DNS-, ,
BIND 4.9.4.
, .
,
U N I X - ,
. ,
.
,
, search (
, 4 . 8 . 3 ) ,
search , ,
: resolv.conf

domain, search,

domain
search.
domain, search,
.
domain, search .
DNS-
, resolv.conf,
.
D N S - , -
DNS- .

, movie.edu,

, D N S - .
, , ,
- movie.edu.

P i x a r
, , , pixar.com

. search
search movie.edu
pixar.com
movie.edu

pixar.com
,
movie.edu.
1 9 2 . 2 4 9 . 2 4 9 / 2 4 ,
D N S - - wormhole.movie.edu
(192.249.249.1)
toystory.movie.edu
( 1 9 2 . 2 4 9 . 2 4 9 . 3 ) .
D N S - . ( D N S -
, , DNS- .)
, ,
wormhole.movie.edu
.
nameserver
resolv.conf
:
, ,
, toystory.movie.edu
(192.249.249.3) DNS-.
, -
wormhole.movie.edu, -
(,
toystory.movie.edu ) .
resolv.conf
search movie.edu
pixar.com

DNS-
, DNS-
wormhole.movie.edu.
,
,
.
, ,
,
. ,
S E R V F A I L ,
movie.edu
.
,
. D N S -
( ,
,
, ) .
.

,
, . ,
N S - ,
.
named.conf

D N S - .
DNS-

postmanrings2x.movie.edu
. postmanrings2x.movie.edu
movie.edu.
-
D N S - ,
, ,
DNS- .
D N S - -
:
resolv.conf
DNS- . (hostname)

, .
, DNS- , resolv.conf
.

DNS-. DNS B I N D ,
, , .
,
,
DNS- .
DNS-,
D N S - resolv.conf
(IP-
0 . 0 . 0 . 0 - ) ,
. ,
l o o p b a c k - , , T C P / I P -
, .
,
, .
1 9 2 . 2 4 9 . 2 4 9 / 2 4 ,
toystory.movie.edu
wormhole.movie.edu
-
D N S - ( ) .
,
,
D N S - .
, DNS- , .

resolv.conf:
1
domain movie.edu
nameserver 0.0.0.0
options timeout:2
, .
,
.

, D N S , ,
.
?
?
,
.
, D N S .
.

, telnet, ftp, rlogin rsh
,
. , movie.edu
(
movie.edu ,
movie.edu),
:
% telnet misery
:
% telnet misery.movie.edu
:
% telnet misery.movie.edu.
.
. ,
: DNS- IP-
, Telnet, FTP
- ,
-
, , . .:
% ftp tootsie
ftp: connect to address 192.249.249.244: Connection timed out
Trying 192.253.253.244.. .
Connected to tootsie.movie.edu.
220 tootsie.movie.edu FTP server (Version 16.2 Fri Apr 26
18:20:43 GMT 1991) ready.
Name (tootsie: guest):
, sortlist resolv.conf
.
N F S . mount
,
/etc/fstab
( /etc/checklist).
, /etc/exports
/etc/netgroup,
-
. /etc/exports
,
NFS- NFS-.
netgroup ,
exports .
, N F S D N S
exports netgroup - N F S
R P C ( R e m o t e P r o c e d u r e Call).
, ,
S u n R P C (hostname).
, ,
- , .

, ( ,
sendmail),
, . sendmail
, .
D N S - , sendmail
,
,

.
sendmail

A N Y ,
. sendmail , D N S : ,
. DNS-,
, CNAME- (),
sendmail
, ,

( ,
). DNS , sendmail
,
, . D N S -
, M X - ,
:
, sendmail
, M X - , .

, sendmail
,
,
.
,
.
,
M X - .
1
MX-,
; 17 .
S M T P - sendmail

-
SMTP.
1
sendmail
$w
hostname
sendmail.

, ,
sendmail
,
resolv.conf.
sendmail $w
$ w , , $ = w ,
.
, $=w
sendmail
.
sendmail
,
, , .
sendmail ,
(
w w, 5 ) ,
,
, .
$=w. ,
M X - sendmail
, $=w. ,
M X - , ,
$=w, ,
.
.
sendmail: D N S -
sendmail ( 8 ) ,
I sendmail.cf.
I
sendmail

- . /etc/hosts
.
, ,
- ,
.
D N S
, , , .
I sendmail
, .
sendmail
:
CNAME- .
CNAME CNAME-.
, .
I OI
mail.cf.
send-
.rhosts, hosts.equiv
D N S
,
. ,
, .
, lpd.allow wormhole.movie.edu

:
wormhole
toystory
monsters-inc
shrek
mash
twins
mash twins comedy.movie.edu,

lpd; lpd.allow
mash.movie.edu
twins.movie.edu.

,
lpd:
wormhole
toystory
monsters-inc
shrek
mash.comedy.movie.edu
twins.comedy.movie.edu
,
:
hosts.equiv
.rhosts
XO.hosts
sendmail.cf

- ,
, .
Perl,
:
#!/usr/bin/perl -ap
# - (- . rhosts,
# X0.hosts)
s/$F[0]/$d/ if ($d)=gethostbyname $F[0];

.rhosts,
hosts.equiv
sendmail.cf
D N S ,
,
. ,

DNS.

D N S - ,
. ,
, telnet doofy rlogin
doofy
,
.
doofy - doofy.maroon.com.

, , .
, B I N D
.
HOSTALIASES ,
. ,
doofy, H O S T A L I A S E S
/etc/host.aliases
( )
:
doofy
doofy.maroon.com
:
, ,
.
, .
, telnet doofy rlogin
doofy,
D N S - doofy.maroon.com
doofy D N S - .
:
Trying. ..
Connected to doofy.maroon.com.
Escape character is ' " ] ' .
IRIX System V.3 (sgi)
login:

/etc/hosts,
HOSTALIASES .

/etc/hosts.
, ,
,
telnet, .
,
, HOSTALIASES.
, ,
.

HOSTALIASES .

DNS-, ,
.
nsswitch.conf,
.
irs.conf
netsvc.conf.
,
.
nsswitch.conf
nsswitch.conf
,
.
, ,
. D N S - - hosts.
hosts : dns, nis, nisplus files
( /etc/hosts).

, ,
. ,
hosts:
dns files
DNS (
D N S - ) , /etc/hosts.

,
(
D N S /etc/hosts).
,

.
:
UNAVAIL
( D N S - resolv.conf D N S - ) .
NOTFOUND
,
( D N S ,
).
TRYAGAIN
,
( ,
).
SUCCESS
.
:
continue
( )
return ( ) . SUCCESS
return, continue.
,
N X D O M A I N ( ) ,
/etc/hosts
DNS:
hosts:
dns [NOTFOUND=return] files
DNS- Windows XP
DNS-, W i n d o w s X P ,
Windows- (Windows 2000
W i n d o w s Server 2000) . DNS W i n d o w s .
, Start, Control
Panel,
Network
and Internet
Connections
Network
Connec
tions. , . 6 . 1 .
Local
Area Connection
Properties.

, . 6 . 2 .
Internet
Protocol
, . 6.3.
(TCP/IP)
Obtain DNS server address automatically,
D N S - ,
D H C P - . Use the following
DNS server
addresses
. 6.1. Windows XP:
. 6.2. Windows XP:
Local Area
Connection
DNS-,
DNS server Alternate
DNS
server.
Preferred

Advanced...
DNS , . 6 . 4 .
D N S - , ,
,
DNS server addresses,
in or
der of use:. , ,
DNS-, .
D N S - , , ,
.
W i n d o w s X P
, W i n d o w s N T 4.0 SP4: Microsoft - .
W i n d o w s Primary DNS
Secondary DNS. ,
-
. , DNS Domain
Name System ( ), domain name server (
).
. 6.3. Windows
XP
DNS Server Search Or

der. ,

.
, ,
-
IP-, D H C P .
,
.
15 .
( W i n d o w s 2000
D N S
http://www.microsoft.com/windows2000/docs/w2kdns.doc.)

D N S - , W i n d o w s X P
(
)
DNS-.
D N S - ,
, .
D N S - ,
.
. 6.4.
Windows
XP
Append primary
and connection
specific DNS
suffixes
(primary) DNS
, ,
. D N S
DNS suffix
for
this connection
, D C H P .
DNS (Control
P a n e l ) : System ( ) ,
Computer
Name,
Change...
More... , . 6 . 5 .
DNS
Primary
DNS suffix of this computer.
,
Active Directory,
AD-.
Append parent
suffixes
of the primary
DNS
suffix
( . . 6 . 4 )
B I N D 4 . 8 . 3 ,
D N S . fx.movie.edu

fx.movie.edu
movie.edu.
, DNS, -
DNS Suffix and NetBIOS Computer Name

Primary D N S suffix of this computer:
boulder.acmebw.co
Change primary D N S suffix when domain membership changes

NetBIOS computer name:
JWALTERB
This name is used for interoperability with older computers and services.
^^^^J^^^
. 6.5.
Cancel
DNS-
Windows
XP
, (
M i c r o s o f t ) ,
.
Append
these DNS suffixes
(in order)

,
. DNS-,
, ,
.
, .
Register
this connection's
addresses
in DNS ,

(A) ,
, P T R - , ,
. Use this connection's
suffix in DNS registration
, -
, , DNS
.
,
W i n d o w s I P - ,
D H C P - . ( D H C P - D H C P
PTR- IP-
. ) -
W I N S ( W i n d o w s Internet Name Service, W i n d o w s -
) - M i c r o s o f t N e t B I O S ,
.
W i n d o w s ,

,
W I N S . 17.

, , , 17.

D N S - W i n d o w s X P
, . ,
( TTL)
2 4 . ,
, 2 4
.
:
MaxCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNSCache\Parameters
: REG_DWORD
: 86,400 (= 24 )
DNS- W i n d o w s X P
- 15 .
:
MaxNegativeCacheTtl
: REG_DWORD
: 900 (= 15 )
,
0.
ipconfig
/displaydns.
, ipconfig /flushdns.

Windows X P , :
C:\> net stop dnscache
, .
, Ser
vices ( Administrative
Tools)
D N S Client Disabled Startup
type.

D N S - B I N D .
,
I P -
, :
IP- ,
DNS- , .
,
DNS-, DNS .
, -
:
www.movie.edu.
IN
192.253.253.101
www.movie.edu.
IN
192.249.249.101
( 1 9 2 . 2 4 9 . 2 4 9 . 3 )
.
, 1 9 2 . 2 4 9 . 2 4 9 . 1 0 1 , toystory .
,
round robin, DNS-.
round robin D N S -
(
,
, ) . DNS.
:
PrioritizeRecordData
: REG_DWORD
: 0 - 1
: 1 ( )
7
BIND
- , - , , ,
.
- ! -
.
- , , ,
, !
,
!
,
D N S - . D N S - ,
, .
,
l o g - syslog, , B I N D .

.
D N S - .
-
D N S . 14.
DNS-
D N S - named
U N I X . D N S -
,
,
.
,
(,
) , .
B I N D 8 . 2 ISC D N S -
. U N I X T C P - ,
D N S - .

. ISC
, - ,
DNS- , .
DNS-
ndc ( B I N D 8 ) rndc ( B I N D 9 ) .
B I N D 8 . 2 ndc
,
- ( , reload) ( , HUP).
ndc .
ndc controls (BIND 8)

ndc, ,
DNS-, ,
U N I X - . /var/run/ndc,
. root,
. D N S - B I N D 8 . 2
U N I X - .

controls.
, /etc/ndc,
- named,
,
:
controls {
UNIX "/etc/ndc" perm 0660 owner 0 group 53;
// 53 - "named"
};
, ,
( 0).
, ,
chmod(1).

.
ISC - -
UNIX- ,
D N S - .
ndc D N S -
TCP-, - .
ndc - c ,
D N S - , , ,
, . :
# ndc -c 127.0.0.1/953
T C P -

controls:
controls {
inet 127.0.0.1 port 953 allow { localhost; };
};
D N S - B I N D 8
- T C P - . DNS- B I N D 9
9 5 3 ,
. DNS-
l o o p b a c k -
.
, ,
, DNS-.
( ) ,
D N S -
:
controls {
inet * port 953 allow { localnets; };
};
ndc - .
DNS-
, , :
# ndc reload
,
:
# ndc
Type
help
-or-
/h
if you need help.
ndc>
/h ,
ndc ( D N S - ) . n d c , :
ndc> /h
/h(elp)
ndc>
this text
/e(xit)
leave this program
/t(race)
toggle tracing (protocol and system events)
/d(ebug)
toggle debugging (internal program events)
/q(uiet)
toggle quietude (prompts and results)
/s(ilent)
toggle silence (suppresses nonfatal errors)
/d ndc
( , , D N S - ) .
D N S - ,
debug.
, /e ( / /q)
ndc. , .
help ,
DNS-:
ndc> help
getpid
status
stop
exec
reload [zone] ...
reconfig [-noexpired] (just sees new/gone zones)
dumpdb
stats
trace [level]
notrace
querylog
qrylog
help
quit
ndc>
, ,
: start restart. ,
ndc , D N S - ,
n d c . D N S - start
, ( ,
) . D N S - re
start, ,
. ndc
start
restart.
:
getpid
DNS-.
status
DNS-, , ,
, ,
.
start
D N S - . D N S - na
med ,
start. : start -c
/usr/local/etc/named.conf.
stop
D N S -
.
restart
DNS-.
start, named.
exec
D N S - .
restart,
exec na
med; D N S - .
reload
D N S - .
DNS
. reload
;
.
reconfig
[-noexpired]
DNS-
.
DNS-,
, .
-noexpired
D N S -
, .
, D N S -
,
.
dumpdb
DNS-
med_dump.db
- DNS-.
na-
stats
D N S - named.stats,
/usr/tmp ( B I N D 4 )
DNS- (BIND 8).
trace
[level]
named.run,
DNS-.
-
(level). ,
, 13.
notrace
.
querylog
( qrylog
log-
syslog. L O G _ I N F O .
named Q R Y L O G (
Q R Y L O G ).
quit
.
rndc controls (BIND 9)

B I N D 9 controls

.
- inet.
( B I N D 9 . 3 . 2 U N I X -
, ISC U N I X -
B I N D 9 . )
B I N D 9 ,
9 5 3 .
keys:
controls {
inet * allow { any; } keys { "rndc-key"; };
};
,
rndc
D N S - . keys
, DNS- log-
:
Jan 13 18:22:03 terminator named[13964]: type 'inet' control channel
has no 'keys' clause; control channel will be disabled
, keys,
key:
key "rndc-key" {
algorithm hmac-md5;
secret "Zm9vCg==";
};
key named.conf, , named.conf

(), -
, ,
named.conf
:
include "/etc/rndc.key";
H M A C - M D 5 ,
M D 5 -
-.
Base 6 4 named rndc.
B I N D ,
mmencode
dnssec-keygen.
. 1 1 .
1
, foobarbaz
Base 6 4 ,

mmencode:
% mmencode
foobarbaz
Zm9vYmFyYmF6
rndc, rndc.conf
rndc.
rndc.conf
/etc.
rndc.conf:
options {
default-server localhost;
default-key "rndc-key";
};
key "rndc-key" {
algorithm hmac-md5;
secret "Zm9vCg==";
};

named.conf.
options D N S - ,
(
) , ,
DNS- (
) .
key named.conf,
. rndc.conf,

named.conf.
HMAC-MD5
RFC 2085 2104.
, ( , )
rndc.conf named.conf, ,
,
DNS-.
B I N D rndc-confgen,
. :
# rndc-confgen > /etc/rndc.conf

/etc/rndc.conf:
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "4XErjUEy/qgnDuBvHohPtQ==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf,
# adjusting the allow list as needed:
#
# key "rndc-key" {
#
algorithm hmac-md5;
#
secret "4XErjUEy/qgnDuBvHohPtQ==";
# };
#
# controls {
#
inet 127.0.0.1 port 953
#
allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
,
/etc/named.conf.

/etc/named.conf
( # ) .
,
/etc/named.conf
. ,
, controls 1 2 7 . 0 . 0 . 1 .
, .
rndc
rndc D N S - ,
.
key named.conf
rndc.conf.
DNS--
de
fault-server
options rndc.conf,
-
, , default-key.

rndc :
% rndc reload
,
.
key,
server:
server localhost {
key "rndc-key";
};
server wormhole.movie.edu {
key "wormhole-key";
};
rndc,
-s D N S - , :
# rndc -s wormhole.movie.edu
reload
D N S - ,
, -y
rndc:
# rndc -s wormhole.movie.edu -y rndc-wormhole reload
, D N S -
( 9 5 3 ) ,
-p :
# rndc -s toystory.movie.edu -p 54 reload
rndc
B I N D 9 . 0 . 0 rndc
reload.
B I N D 9 . 3 . 2 ndc
. .
reload
, n d c .
refresh
zone
( SOA-
).
retransfer
zone
freeze
zone
.
10.
thaw
zone
.
10.
reconfig
,
ndc.
stats
,
ndc.
querylog
,
ndc.
dumpdb
, ndc.
-cache,
,
, -zones,

-all.
stop
,
ndc.
halt
, stop,
.
trace
,
ndc.
notrace
,
ndc.
flush
.
flushname
name
,
.
status
,
ndc.
recursing

named.recursing

.

DNS-
, , B I N D ,
8.2, . ,
D N S - ,
ndc. ndc
( B I N D 4.9 8 . 1 . 2 ) ,
, ndc
.
B I N D 9, rndc ,
,

.
BIND 8
ndc
BIND 9
rndc
HUP
ndc reload
rndc reload
INT
ndc dumpdb
rndc dumpdb
ILL
ndc stats
rndc stats
USR1
ndc trace
rndc trace
USR2
ndc
rndc
notrace
querylog
notrace
WINCH

ndc querylog
rndc
TERM
ndc stop
rndc stop
ndc
:
# ndc querylog
, .
ndc named
W I N C H .
ndc :
named
. DNS- BIND
PID-,
-
p s .
PID-
- /var/run/named.pid.
PID-
/etc/named.pid.
,
named.pid,

named. D N S - - ,
PID-,
HUP
:
# kill -HUP 'cat /var/run/named.pid'
PID-,

p s . B S D -
:
% ps -ax | grep named
SYS V:
% ps -ef | grep named
ps , na
med , D N S - B I N D
.
named,
L i n u x , ps
. ps
, pstree,
, . ,
- ,
DNS-.

- :
,
, .
.
-
?
, ,
- h2n.
, -
,
. , ,
.
.
,
, .
, -
,
- .

,
. ,
,
. ,

.

D N S - ,
, .
db.DOMAIN.
,
,
, .
A (), C N A M E () M X
( )
db.DOMAIN.
cujo R R
db.movie.edu:
cujo IN
192.253.253.5 ; - cujo
IN MX
10 cujo
; cujo,
IN MX
20 toystory
;
;
P T R -
dbADDR,
. cujo 1 9 2 . 2 5 3 . 2 5 3 / 2 4 ; PTR-
db.192.253.253:
5
IN PTR cujo.movie.edu.
D N S ,
:
# rndc reload
B I N D 9.1
, ,
:
# rndc reload movie.edu
DNS , DNS
, S O A - . B I N D 8 9
,
15
, . ,
db/
dbAJIPEC
RR-, -
.
.
SOA
.

. D N S -
.
. ,
SOA-:
movie.edu. IN SOA toystory.movie.edu. al.robocop.movie.edu. (

100
3h
1h
1w
1h )
; TTL
SOA- :
movie.edu. IN SOA toystory.movie.edu. al.robocop.movie.edu. (
101
3h
1h
1w
1h )
; TTL

D N S - .
-
. ,
,
, ,
.
,
, ...
DNS- .
,
!
h2n ,
, -
.

. :

. - ,
. ,
. , 15 2 0 0 5 .
, 20050115.
,
. ,
.
15 2005 - 2 0 0 5 0 1 1 5 0 0 .
2 0 0 5 0 1 1 5 0 1 .
.
,
.
h2n -y
.
32-
.

,

? ,
BIND, ,
4.8.1 , ,
4.9 .
, B I N D :
DNS- .
( ) .
: - ,
.
DNS .
, D N S - ,
named rndc stop.
( , rm
bak.movie.edu
bak.192.249.249
bak.192.253.253)
.
,
,
. DNS- . - ,

.
DNS- B I N D ,
, 4 . 8 . 1 (
4 . 8 . 1 ) , , B I N D 8 . 2 ,
- .
, D N S -
. ,

, -

.
, .
.
(
4 . 9 )
, .
D N S - 3 2 - 0
4 2 9 4 9 6 7 2 9 5 .
,
. .
(2 1 4 7 4 8 3 6 4 7 )
, , - .
. ,
5. 6 (5 + 2 1 4 7 4 8 3 6 4 7 )
5, (5 + 2 1 4 7 4 8 3 6 4 9 )
4 - . ,
4 294 967 295 -
4. , (5 + 2 1 4 7 4 8 3 6 4 8 ) ,

5
. .
. , 2 5 0 0 0 , 1.
. -,
(25 000 +
2 1 4 7 4 8 3 647 = 2 1 4 7 508 6 4 7 ) . ,
4 2 9 4 9 6 7 2 9 5 ( 3 2 - ) ,

4 2 9 4 9 6 7 2 9 6 .
,
. - ,
( 1 ) , ,
( 2 1 4 7 5 0 8 6 4 7 ) . ,
,
!

DNS-
,
.
, ?
, .
,
. D N S . -
, D N S -
.
SOA, NS, A , CNAM E , P T R M X .
DNS, DNS- ,
. DNS .
T X T
P ;
. (
) RR- A.

T X T - T e X T (). TXT-
, 2 5 5 .
T X T - ; ,
:
cujo
IN
TXT
"Location: machine room dog house"
BIND T X T - ,
T X T - :
cujo
IN
TXT
"Location:" "machine room dog house"

R P (Responsible Person, ). RP-
,
,
. , , ,
.
,
.
:
,
.
, S O A - : @
. ,
T X T - . , T X T -
( , )
. ,
( . ) .
RP- TXT-:
shrek
hotline
IN
RP
root.movie.edu.
IN
RP
snewman.movie.edu.
hotline.movie.edu.
IN
TXT
"Movie U. Network Hotline, (415) 555-4111"
rb.movie.edu.
sn
IN
TXT
"Sommer Newman, (415) 555-9612"
, T X T - root.movie.edu
snewman.movie.edu
,
, .

4 B I N D ,
.
P e r l
, h2n.
:
-
, h2n ! ,
,
P T R - , .
, .
1
h2n? /etc/hosts
h2n .

. , ,
h2n. h2n ,
.
cron. h2n,

.
- , h2n
. (h2n
. )
: movie.edu
db.movie,
1 9 2 . 2 4 9 . 2 4 9 / 2 4 -
db.192.249.249.

-d -n:
-d
.
-n
.
-n .
.
h2n -d
- n ; , h2n,
.
. , movie.edu,
, :
% h2n -d movie.edu -n 192.249.249 -n 192.253.253
:
-s
D N S - N S - . - n ,
-s ,
DNS-
. DNS- 8 9 NOT I F Y - , .
, h2n.
-h
, M N A M E S O A - .
DNS,
N O T I F Y .
, h2n.
-u
,
. - root
, h2n.
-o
SOA-, ,
, .
- 10800:3600:604800:86400.
-f
h2n ,
. ,
.
-v 4\8
B I N D 4 8;
8.
B I N D 9 B I N D 8 , D N S BIND 9
-v8.
-y
.
:
% h2n -f opts
opts:
-d movie.edu
-n 192.249.249
-n 192.253.253
-s toystory.movie.edu
-s wormhole
-u al
-h toystory
-o 10800:3600:604800:86400
-v 8
-y
,
( , toystory.movie.edu)

( , toystory).
h2n
, -d. (
, h2n
. )
h2n.

.
, R R -
/etc/hosts,

. ,
. h2n ,
.
h2n :
.
spcl.DOMAIN,
DOMAIN
-
. h2n
:
$INCLUDE spcl.DOMAIN
db.DOMAIN.
( $INCLUDE
.) ,
movie.edu
M X - spcl.movie,

movie.edu,

. , h2n :
$INCLUDE spcl.movie
db.movie.

4,
DNS-,
DNS-.
. D N S - , -
.
-. 4 , -
F T P - ftp.rs.internic.net.
, .
dig,
B I N D 1 2 ,
DNS-, :
% dig @a.root-servers.net
ns > db.cache

,
-
. .
.
, , in-addr.arpa.
,
. D N S -
. -
ls .
. B I N D ,
.
B I N D include,

.
.
( B I N D )
: $ORIGIN $INCLUDE. $ORIGIN
,
$ I N C L U D E
. R R - ,
D N S . ,
,
.
1

. DNS-
( ,
) ,
. - DNS
, - .

:
- , $TTL,
BIND 8.2 .
options { directory "/var/named"; };

//
//
//
zone "." {
type hint;
file "db.cache";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "db.127.0.0";
};
//
//
DNS-
//
zone "movie.edu" {
type master;
file "primary/db.movie.edu";
};
type master;
file "primary/db.192.249.249";
};
type master;
};
//
// DNS-
//
zone "ora.com" {
type slave;
file "slave/bak.ora.com";
masters { 198.112.208.25; };
};
type slave;
file "slave/bak.198.112.208";
masters { 198.112.208.25; };
};
,
: , ,
p r i m a r y - , , secondary-.
:
//
//
//
zone "." {
type hint;
file "db.cache";
};
type master;
file "db.127.0.0";
};
include
"named.conf.primary";
include "named.conf.slave";
named.conf.primary:
//
//
DNS-
//
zone "movie.edu" {
type master;
file "primary/db.movie.edu";
};
type master;
};
type master;
};
named.conf.slave:
//
// DNS-
//
zone "ora.com" {
type slave;
file "slave/bak.ora.com";
masters { 198.112.208.25; };
};
type slave;
file "slave/bak.198.112.208";
masters { 198.112.208.25; };
};
, ,
primary prima
ry - directory,
,
primary/
.
secondary.

, . B I N D
. DNS-
,

DNS-.

BIND
zone named.conf.

- , ,
.

$ORIGIN. $ORIGIN
. ( ,
! ) ,
, , ,
. ( , movie.edu) , $ O R I G I N

. :
SORIGIN classics.movie.edu.
maltese
IN
192.253.253.100
casablanca
IN
192.253.253.101
$ORIGIN comedy.movie.edu.
mash
IN
192.253.253.200
twins
IN
192.253.253.201
9.

,
.

$INCLUDE:
$ORIGIN classics.movie.edu.
$INCLUDE db.classics.movie.edu
$ORIGIN comedy.movie.edu.
$INCLUDE db.comedy.movie.edu
,
:
$INCLUDE db.classics.movie.edu
classics.movie.edu.
$INCLUDE db.comedy.movie.edu
comedy.movie.edu.

. ,
comedy.movie.edu

db.comedy.movie.edu.
db.comedy.movie.edu

, db.comedy.movie.edu
$ORIGIN.

B I N D
: named.pid,
named-xfer,
named_dump.db
named.stats.
-
,
.
, DNS- (named.pid, named_dump.db
named.stats),

, ,
. ,
, ,
.
named.pid
/var/run/named.pid
/etc/named.pid.
. !
- ? , 10
DNS-
.

named.pid:
options { pid-file "server1.pid"; };
named-xfer
/usr/sbin/named-xfer
/etc/
named-xfer.
, , , named-xfer
DNS- . ,
,
B I N D
. bind

named-xfer:
options { named-xfer "/home/rudy/named/named-xfer";
};
B I N D 9 named-xfer
,
named-xfer
B I N D .
D N S - named_dump.db

( ) .
, :
options { dump-file "/home/rudy/named/named_dump.db";
};
D N S -
named.stats
.
:
options { statistics-file "/home/rudy/named/named.stats"; };
log-
BIND log- (),

syslog.
:
,
.
log- ,
.

log-.
log- :
.
, : log syslog, , named
. ,
log-. BIND
log-
, . , ,
B I N D ,
, update.
.

. , ( . 7.1) ,
, ,
l o g - syslog.
.
, :
critical
error
warning
. 7.1.
notice
info
debug
[level]
dynamic
(critical, error, warning, notice info) -

, syslog. (debug dyna
mic) B I N D .
debug - D N S - ,
. 1.
,
DNS- (, d e b u g 3 ,
trace DNS-
).
dynamic
,
. ( , trace
DNS-,
. trace,
1 3.) info, ,
.
,
, , syslog.
:
,
syslog, log- syslog,
log-.
,
. syslog
s y s l o g - daemon;

info . ,
,
syslog. logging:
logging {
channel my_syslog {
syslog daemon;
// syslog,
// debug dynamic;
// syslog: info.
severity info;
};
channel my_file {
file "/tmp/log.msgs";
// dynamic - .
severity dynamic;
};
, DNS-,
. ,
. 7.1: , ,
syslog , . ca
tegory
logging,

:
logging {
channel my_syslog {
syslog daemon;
severity info;
};
channel my_file {
severity dynamic;
};
category xfer-out { my_syslog; my_file; };
category queries { my_file; };
};
logging D N S - ,
.
log.msgs , , D N S :
# rndc trace
DNS- ,
log.msgs. D N S - -
, named.run.

.
, .

named.run?
, :
default.
,
BIND ,
default.

default
, (
null):
logging {
channel my_syslog {
syslog daemon;
severity info;
};
channel my_file {
severity dynamic;
category default { null; };

category xfer-out { my_syslog; my_file; };
category queries { my_file; };
};
, (
) .
log.msgs, named.run
, . !
.
. , DNS- syslog , .
?
default
syslog, (named.run).
default
null, syslog.
:
category default { my_syslog; };
s y s l o g - l o g - syslog,
s y s l o g - .
, -
l o g - , .
, ,
. .
logging
logging.
, ,
:
logging {
[ channel channel_name {
( file path_name
[ versions ( number | unlimited ) ]
[ size size_spec ]
| syslog ( kern | user | mail
| daemon | auth | syslog
news | uucp | cron | authpriv | ftp |

localO
| local1
| local2
| local3 |
local4
| local5 | local6
| local7 )
| stderr
| null );
[ severity ( critical
info
| error | warning
| notice |
| debug [ level ] | dynamic ); ]
[ print-category yes_or_no; ]
[ print-severity yes_or_no; ]
[ print-time yes_or_no; ]
| lpr |
}; ]
[ category category_name {
channel_name; [ channel_name; ... ]
}; ]
};
,
D N S - .
, :
channel default_syslog {
syslog daemon;
// syslog- daemon
severity info;
// info
};
channel default_debug {
file "named.run";
// named.run
severity dynamic;
//
};
channel default_stderr {
stderr;
// to stderr
//
// BIND 9, BIND 8
// default_stderr.
severity info;
// info
};
channel null {
null;
// ,
};
eventlib,
default,
panic,
packet
D N S -
:
logging {
category default { default_syslog; default_debug; };
category panic { default_syslog; default_stderr; };
category packet { default_debug; };
category eventlib { default_debug; };
};
BIND 9
:
logging {
category default {
default_syslog;
default_debug;
};
logging
, default
syslog, (
named.run).
, s y s l o g -
info syslog,
syslog-

named.run.

, syslog
.

, .
,
, ,
.
, BIND
file, file.0, file.1 file.2.
D N S - file.1 file.2, file.0 file.1,
file file.0, file.
99 .
,
D N S - .

, .
, .

versions size:
logging{
channel my_file {
file "log.msgs" versions 3 size 10k;
severity dynamic;
};
};
(
). K k
, M m - , G g - .
,
debug dynamic.
info,
syslog-.
syslog-
syslog,
s y s l o g - : kern, user, mail,
daemon,
auth, syslog, lpr, news, uucp, cron, authpriv, ftp, localO, locall, local2, lo
cals, local4, locale, local6 local7.
daemon,
.
, syslog
log- localO
daemon:
sys-
logging {
channel my_syslog {
syslog local0;
// syslog- local0
severity info;
// info
};
};
stderr
default_stderr,
,
stderr D N S - . B I N D 8
stderr. B I N D 9.
null
null,
, .

log- BIND
.
,
.
,
:
01-Feb-1998 13:19:18.889 config: debug 1: source = db.127.0.0
config,
bug l.
- de
,
:
logging {
channel my_file {
file "log.msgs";
severity debug;
print-category yes;
print-severity yes;
print-time yes;
,
syslog, syslog
.

B I N D 8 9 , ! ,
, . ,
. ,
, D N S -
log- ,
, . ,
, .
BIND 8
default
-
, , default.

default .
,
. ,
,
default,
,
.
default
:
cname
C N A M E ( , ... has C N A M E and o t h e r d a t a ) .
config
.
db
.
eventlib
;
. :
insist
, .
lame-servers
.
load
, .
maintenance
(, ).
ncache
, .
notify
.
os
, .
packet
;
.
:
panic
, .
panic , ,
. :
parser
.
queries
.
response-checks
,
. .
security
/ .
statistics
.
update
, .
update-security
. ( 8 . 4 . 0
,
.)
xfer-in
, DNS-.
xfer-out
, DNS-.
BIND 9
default
B I N D 8, default
, . B I N D 9
default
B I N D ,
.
BIND 9
general.
general
general B I N D ,
.
client
.
config
.
database
, B I N D ,
.
dnssec
DNSSEC-.
lame-servers
(
B I N D 9 . 1 . 0 ;

resolver).
network
.
notify
.
queries
( BIND 9.1.0).
resolver
,
DNS-.
security
/ .
update
, .
update-security
. .
B I N D 8. B I N D
9.3.0.
xfer-in
, DNS-.
xfer-out
, DNS-.

log-
: DNS-
, ,
, .
, .
B I N D 8:
logging {
};
B I N D 9:
logging {
};
,
default_debug.
,
,
.
logging
B I N D 8, :
logging {
channel my_file {
file "log.msgs";
severity dynamic;
print-category yes;
print-severity yes;
};
category default
{ default_syslog; my_file; };
category panic
{ default_syslog; my_file; };
category packet
{ my_file; };
category eventlib { my_file; };

category queries
{ my_file; };
};
( logging
eventlib.)
B I N D 9 panic,
packet
,
my_file.

,
logging:
queries. ,
queries.
DNS- .
log.msgs ( B I N D 9
,
) :
queries: info: XX /192.253.253.4/foo.movie.edu/A
default: debug 1: req: nlookup(foo.movie.edu) id 4 type=1 class=1
default: debug 1: req: found 'foo.movie.edu' as 'foo.movie.edu' (cname=0)
default: debug 1: ns_req: answer -> [192.253.253.4].2338 fd=20 id=4 size=87
, ,
DNS- .

- , .
,
. , ,
.
-
- .
( ) - , ,
,
.

:
l o g - syslog D N S - B I N D
.
DNS-.
syslog-
,
named
l o g - syslog.
. ,
l o g - syslog,
.
named l o g -
L O G _ N O T I C E .
(DNS- BIND 8):
Jan 10 20:48:32 toystory named[3221]: starting. named 8.2.3 Tue May 16
09:39:40
MDT 2000
cricket@huskymo.boulder.acmebw.com:/usr/local/src/bind-8.2.3/src/
bin/named
BIND 9 :
Jul 27 16:18:41 toystory named[7045]: starting BIND 9.3.2
, D N S - named
,
B I N D , ( B I N D 8 ) . ,
.
, , B I N D
.
reload D N S - B I N D 8
L O G _ N O T I C E :
Jan 10 20:50:16 toystory named[3221]: reloading nameserver
D N S - B I N D 9:
Jul 27 16:27:45 toystory named[7047]: loading configuration from
'/etc/named.conf'
, named
( reload)
. .
, ,

- .
,
DNS-:
Jan 10 20:50:20 toystory named[3221]: cannot set resource limits on
this system
: DNS- ,
getrlimit()
setrlimit(),
coresize,
datasize,
stacksize
files.
,
; B I N D .
,
. ( ,
- getrlimit()
setrlimit())
-
BIND
LOG_INFO.
HAVE_GETRUSAGE.
D N S -
( ) ,
-
:
Jan 10 20:50:31 toystory named[3221]: fcntl(dfd, F_DUPFD, 20): Too
many open files
Jan 10 20:50:31 toystory named[3221]: fcntl(sfd, F_DUPFD, 20): Too
many open files
, BIND .
B I N D :
( U D P
T C P ) .
,
, B I N D
, .
, B I N D
:
, .
: ,
D N S - B I N D ,
, B I N D .
B I N D
( ) ,
listen-on B I N D
. listen-on
10.
getrlimit()
setrlimit(),
D N S -
files. files
1 0 .

,
named ulimit.
DNS-
LOG_INFO:
Jan 10 21:49:50 toystory named[3221]: master zone "movie.edu" (IN)
Loaded (serial 2005011000)
,
( I N ) S O A - .
D N S - B I N D 8
LOG_INFO:
Feb 18 14:09:02 toystory named[3565]:

CPU=13.01u/3.26s
USAGE 824681342 824600158
CHILDCPU=9.99u/12.71s
Feb 18 14:09:02 toystory named[3565]: NSTATS 824681342 824600158

A=4 PTR=2
Feb 18 14:09:02 toystory named[3565]: XSTATS 824681342 824600158
RQ=6 RR=2 RIQ=0 RNXD=0 RFwdQ=0 RFwdR=0 RDupQ=0 RDupR=0
RFail=0 RFErr=0 RErr=0 RTCP=0 RAXFR=0 RLame=0 Ropts=0
SSysQ=2 SAns=6 SFwdQ=0 SFwdR=0 SDupQ=5 SFail=0 SFErr=0
SErr=0 RNotNsQ=6 SNaAns=2 SNXD=1
( B I N D 9 l o g - . )
- .
, ,
DNS-. (, DNS-
. ) C P U ,
(13,01
) (3,26 ).
. N S T A T S
, DNS-, .
X S T A T S .
N S T A T S X S T A T S
.
B I N D , ,
R F C 9 5 2 , l o g - syslog
:
Jul 24 20:56:26 toystory named[1496]: ID_4.movie.edu IN
bad owner name (check-names)
L O G _ E R R O R .
4.
syslog,
:
L O G _ E R R O R ,
Jan 10 20:48:38 toystory2 named[3221]: toystory2 has CNAME

and other data (invalid)
, :
ts2
IN
ts2
IN
CNAME toystory2
MX
toystory2
IN
192.249.249.10
toystory2
IN
MX
10 toystory2
10 toystory2
M X - ts2
. ts2 - toystory2,

. ,
D N S - C N A M E - ,

. , M X - ts2 D N S -
CNAME-, M X -
toystory2.

C N A M E t s 2 , M X - ts2 ;
. , R R -
,
.
, DNS-
B I N D 8 - D N S
:
Jan 10 20:52:42 wormhole named[2813]: zoneref: Masters for
secondary zone "movie.edu" unreachable
D N S - B I N D 9:
Jul 27 16:50:55 toystory named[7174]: transfer of 'movie.edu/IN'
from 192.249.249.3#53: failed to connect: timed out
LOG_NOTICE BIND 8 L O G _ E R R O R
B I N D 9
. , B I N D
, l o g - syslog.
,
- . DNS-
SOA-.
(
) , .

. ,
. DNS- , ,
( touch,
U N I X - ) .
,
D N S - ls -l
/usr/local/named/
db*. ,
. ,
DNS-,
1 4 .
syslog-
L O G _ I N F O ,
D N S -

nslookup:
Mar 7 07:30:04 toystory named[3977]: client 192.249.249.1#1076:
transfer of 'movie.edu/IN':AXFR started
, ,
allow-transfer
( 1 1 ) ,
,
started denied:
Jul 27 16:59:26 toystory named[7174]: client 192.249.249.1#1386:

zone transfer 'movie.edu/AXFR/IN' denied
syslog
LOG_INFO:
Jan 10 20:52:42 wormhole named[2813]: Malformed response from 192.1.1.1
, -
DNS- .
, ( 1 9 2 . 1 . 1 . 1 ) ,
(wormhole).

. D N S
, .
, ,
(,
) ,
. -
-, (,
, ) .
, -
() UDP-.
UDP- ,
.
BIND 8
, :
Jun 13 08:02:03 toystory named[2657]: db.movie.edu:28: data "foo.bar.edu"
outside zone "movie.edu" (ignored)
named
BIND 9 :
Jul 27 17:07:01 toystory named[7174]: dns_master_load:

db.movie.edu:28: ignoring out-of-zone data
,
:
shrek
IN A
192.249.249.2
toystory
IN A
192.249.249.3
; DNS-
foo.bar.edu.
IN A
10.0.7.13
bar.edu
movie.edu.
s y s l o g - L O G _ W A R N I N G .
,
R R - . B I N D 8
:
Jun 13 08:21:04 toystory named[2699]: "movie.edu IN NS" points to a

CNAME (mi.movie.edu)
B I N D 9 -
9.3.0.
RR-:
@
IN NS toystory.movie.edu.
IN NS mi.movie.edu.
toystory.movie.edu.
IN A 192.249.249.3
monsters-inc.movie.edu. IN A 192.249.249.4
mi.movie.edu.
NS-
monsters-inc.movie.edu, mi.movie.edu.
l o g -
DNS-.
syslog- log-
. DNS- BIND 8
LOG_INFO.
, D N S - , ,
:
Jun 11 11:40:54 toystory named[131]: Response from unexpected source
([204.138.114.3].53)
D N S - D N S - ,
D N S - .
: DNS-
D N S -
( , D N S ) , , ,
DNS-. ,
P T R - , I P -
, .
PTR- DNS-,
r - B S D - ( , rlogin)
.
, , ,
, DNS-
I P - D N S -
, .
DNS- IP-,
DNS- DNS-,
I P - . ,
B I N D , B I N D
, I P - ,
. LOG_INFO.
syslog:
Jun 10 07:57:28 toystory named[131]: No root name servers for class 226
: 1,
( I N ) ; 3, C h a o s ( C H ) ; 4 , H e s i o d ( H S ) . 2 2 6 ?
D N S - - -
, 2 2 6 . ?
. -
,
. , , ,
.
D N S U D P - . syslog LOG_INFO.
, D N S -
- :
Jun
7 20:14:26 wormhole named[29618]: Zone "253.253.192.in-addr.arpa"

(class 1) SOA serial# (3345) rcvd from
[192.249.249.10]
is < ours (563319491)
, 253.253.192.in-addr.arpa
. ,
D N S - !
, ,
.

, -
DNS-,
D N S - .
,
. syslog
L O G _ N O T I C E .
, DNS- B I N D 8 9, , , (
) , l o g - D N S - ,
, ,
. DNS- BIND 8 :
Jun 7 19:35:14 toystory named[3221]: WARNING: new serial number < old
(zp->z_serial < serial)
D N S - B I N D 9:
Jun 7 19:36:41 toystory named[9832]: dns_zone_load: zone movie.edu/IN: zone
serial has gone backwards
- LOG_NOTICE.
, ,
l o g - syslog
DNS-.
B I N D 8 ,
, :
Aug 21 00:59:06 toystory named[12620]: Lame server on 'foo.movie.edu'
(in 'MOVIE.EDU'?): [10.0.7. 125] .53 'NS.HOLLYWOOD.LA.CA.US':
learnt
(A=10.47.3.62,NS=10.47.3.62)
BIND 9 :
Jan 15 10:20:16 toystory named[14205]: lame server on 'foo.movie.edu' (in
'movie.EDU'?): 10.0.7.125#53
, !
. DNS-
DNS-
, D N S -
. D N S - edu movie.edu 1 0 . 0 . 7 . 1 2 5 , D N S - , ,
movie.edu.
,
movie.edu,

. syslog L O G _ I N F O .
:
logging { category queries { default_syslog;
}; };
LOG_INFO log-
, DNS-:
syslog

XX /192.253.253.2/carrie.movie.edu/A
XX /192.253.253.2/4.253.253. 192.in-addr.arpa/PTR
BIND 9 :
Jan 13 18:32:25 toystory named[13976]: client 192.253.253.2#1702:
query: carrie.movie.edu IN A +
Jan 13 18:32:42 toystory named[13976]: client 192.253.253.2#1702:
query: 4.253.253.192.in-addr.arpa IN PTR +
IP- , ,
. BIND 8.2.1
X X + , X X .
B I N D 9 + ( ) ,
- - (). BIND 8.4.3 ,
B I N D 9.3.0
EDNS0 , TSIG-,
E S. ( E D N S 0 10, TSIG - 11.)

. (

querylog.)
BIND 8.1.2
syslog-:
May 19 11:06:08 named[21160]: bind(dfd=20, [10.0.0.1].53):

Address already in use
May 19 11:06:08 named[21160]: deleting interface
[10.0.0.1].53
May 19 11:06:08 named[21160]: bind(dfd=20, [127.0.0.1].53):

Address already in use
May 19 11:06:08 named[21160]: deleting interface
[127.0.0.1].53
May 19 11:06:08 named[21160]: not listening on any interfaces

May 19 11:06:08 named[21160]: Forwarding source address
is [0.0.0.0].1835
May 19 11:06:08 named[21161]: Ready to answer queries.
DNS- BIND 9 :
Jul 27 17:15:58 toystory named[7357]: listening on IPv4 interface lo,
127.0.0.1#53
Jul 27 17:15:58 toystory named[7357]: binding TCP socket: address in use
Jul 27 17:15:58 toystory named[7357]: listening on IPv4 interface eth0,
206.168.194.122#53
Jul 27 17:15:58 toystory named[7357]: listening on IPv4 interface eth1,
206.168.194.123#53
Jul 27 17:15:58 toystory named[7357]: couldn't add command channel
0.0.0.0#953: address in use
: DNS- ,
D N S - , .
, DNS- ,
.
BIND

, DNS-,
, , .
, DNS-,
. DNS-
,
, .

, D N S .
DNS-,
(. 7.2), ,
. , FTP-, DNS-. DNS-

, ,
D N S - .
, , .
,
, .
: , DNS-
D N S - ,
. -
DNS-
DNS-
DNS- f

1 DNS-
;
1
DNS- 1
-

I 2 DNS-
I DNS- 2
,
DNS-

:
1
3 DNS-
DNS- 3
^

4 DNS-
DNS- 1 _

DNS- 1
2

DNS- 2
4

DNS- 4
3
( )
. 7.2. ,
, D N S -
.
DNS- BIND -
, .
DNS- -,
, .
D N S - 1 - ,
DNS-,
. DNS-
1,
. :
- DNS-
DNS- -
DNS- - DNS- 1
DNS- 1 - DNS-
DNS- - DNS- 2
DNS- 2 - DNS-
DNS- - DNS- 3
DNS- 3 - DNS-

DNS-:
1 -
DNS-
2 -
DNS-
2 A-
D N S -
, DNS-.
D N S -
D N S - (
DNS-,
DNS- , ) ,
.
BIND 8
D N S - ,
,
. DNS-
B I N D 8 , ndc:
# ndc stats
, named.stats
DNS-.
, D N S - , ,
S T A T S , , ,
. BIND 4.9.3
. DNS- B I N D 8
, R n o t N s Q ,
. DNS- B I N D 9
9.1.0
, .
+++ Statistics Dump +++ (800708260) Wed May 17 03:57:40 1995
746683
time since boot (secs)
392768
time since reset (secs)
14
Unknown query types
268459
A queries
3044
NS queries
5680
CNAME queries
11364
SOA queries
1008934
PTR queries
44
HINFO queries
680367
MX queries
2369
TXT queries
40
NSAP queries
27
AXFR queries
8336
ANY queries
++ Name Server Statistics ++

(Legend)
RQ
RR
RIQ
RNXD
RFwdR RDupQ RDupR RFail

RErr
RFwdQ
RFErr
RTCP
RAXFR RLame
ROpts
SSysQ SAns
SFwdQ SFwdR
SDupQ
SFail SFErr SErr
RNotNsQ SNaAns
SNXD
(Global)
1992938 112600 0 19144 63462 60527 194 347 3420 0
14886 1927930 63462 60527 107169
5 2235 27 35289 0
10025 119 0 1785426 805592
35863
[15.255.72.20]
485 0 0 0 0
0 0 0 0 0
0 0 0 0 0
0 485 0 0 0
0 0 0 0 485
[15.255.152.2]
441 137 0 1 2 108 0 0 0 0
[15.255.152.4]
0 0 0 0 0
13 439 85 7 84
0 0 0 0 431
770 89 0 1 4
...
69 0 0 0 0
0 0 0 0 0
14 766 68 5 7
0 0 0 0 755
< >
DNS- BIND 8
IP- (Global),
host-statistics
options,
:
options {
host-statistics yes;
};

,
,
DNS-.
.
+++ Statistics Dump +++ (800708260) Wed May 17 03:57:40 1995
. ( 8 0 0 7 0 8 2 6 0 )
, U N I X ,
1970 . , BIND
: May 17, 1 9 9 5 , 3:57:40 a.m.
746683
DNS-.
, 8 6 4 0 0 ( 6 0 x 6 0 x 2 4 ,
) . 8,5 .
392768
D N S -
.
, -
D N S . D N S -
,
.
, ,
DNS - .
14
Unknown query types
D N S - 14 . ,
DNS, DNS-.
268459
A queries
2 6 8 4 5 9 , .
, .
3044
NS queries
3044 NS-. DNS-

NS- DNS- .
N S - dig
nslookup.
5680
CNAME queries
sendmail C N A M E -
(
) . sendmail

A N Y ( ) .
C N A M E - dig
nslookup.
11364
SOA queries
S O A - D N S -
.
, A X F R - ,
. A X F R - ,
, DNS-
.
1008934
PTR queries
PTR-
. I P - : inetd,
rlogind,
rshd,
.
44
HINFO queries
,
HINFO- .
680367
MX queries
sendmail
MX-
.
2369
TXT queries
,
.
, - , Harvest,
,
.
40
NSAP queries
NSAP - ,
OSI N e t w o r k S e r v i c e A c c e s s
Point.
27
AXFR queries
DNS- A X F R - ,
.
8336
ANY queries
A N Y
.
sendmail.
sendmail
C N A M E ,
M X , ,
A N Y , R R - DNS-.
.
, D N S -
, , -
. , ,
, .
, , ,
.
, ,
. ,
bstat .
:
hpcvsop.cv.hp.com
485 queries received
485 responses sent to this name server
485 queries answered from our cache
relay.hp.com
137 responses
received
1 negative response
received
2 queries for data not in our cache or authoritative data

108 responses from this name server passed to the querier
13 system queries sent to this name server
85 queries sent to this name server
7 responses from other name servers sent to this name server
84 duplicate queries sent to this name server
hp.com
89 responses
received
1 negative response
received
4 queries for data not in our cache or authoritative data

69 responses from this name server passed to the querier
14 system queries sent to this name server
68 queries sent to this name server
5 responses from other name servers sent to this name server
7 duplicate queries sent to this name server
IP-
.
- . ,
.
,
- DNS- 1 5 . 2 5 5 . 1 5 2 . 2 (relay.hp.com).

( , RQ)
, relay.
RQ 441
R Q - , relay.
, relay
, DNS-.
RR 137
R R - , relay.
, D N S - .
R Q ,
. R Q - , relay; R R , relay D N S - ( D N S -
relay).
RIQ 0
R I Q - , relay.

,
P T R - . nslookup

, R I Q
.
RNXD 1
R N X D - n o s u c h d o m a i n ( ) ,
relay.
RFwdQ 2
R F w d Q - , re
lay ( R Q ) .
, D N S -
( resolv.conf)

DNS-.
RFwdR 108
R F w d R - relay
( R R ) ,
.
RDupQ 0
R D u p Q - , relay.
,
DNS-.
RDupR 0
R D u p R - , relay.
, D N S -
,
.
RFail 0
R F a i l - S E R V F A I L - , relay.
S E R V F A I L DNS-.
S E R V F A I L , D N S -
. ,
,
S E R V F A I L .

,
DNS-.
RFErr 0
R F E r r - F O R M E R R - , relay.
F O R M E R R .
RErr 0
RErr - ( SERVFAIL F O R M E R R ) .
RTCP 0
R T C P - , relay T C P . ( U D P . )
RAXFR 0
R A X F R - .
, relay
,
DNS-.
RLame 0
RLame - .
, ,
D N S - I P - , D N S -
.
ROpts 0
ROpts - IP-.
SSysQ 13
SSysQ - ,
relay.
,
D N S - .
DNS-,
DNS-.
DNS- ,
, N S - . relay
DNS-, .
SAns 439
S A n s - , relay. D N S - 4 3 9 4 4 1 ( R Q ) , relay.
, ,
...
SFwdQ 85
S F w d Q - , (
) relay ,
DNS-.
SFwdR 7
S F w d R - - D N S - ,
( ) relay.
SDupQ 84
S D u p Q - , re
lay. , .
, DNS- . , relay
,
,
DNS-.
SFail 0
SFail - S E R V F A I L - ,
relay.
SFErr 0
SFErr - FORMERR-,
relay.
SErr 0
S E r r - sendto(),
relay.
RNotNsQ 0
R N o t N s Q - ,
D N S - - 5 3 . B I N D 8 D N S 53. , -
, . DNS- BIND 8
, ,
,
D N S - .
B I N D 8 R N o t N s Q .
SNaAns 431
S N a A n s - , re
lay. 4 3 9 ( S A n s ) , relay, 4 3 1
.
SNXD 0
S N X D - no such d o m a i n ,
relay.
BIND 9
B I N D 9 . 1 . 0 - B I N D 9,
. BIND 9
rndc:
% rndc stats
DNS- ( BIND 8)
named.stats
.
B I N D 8.
D N S - B I N D 9:
+++ Statistics Dump +++ (979436130)
success 9
referral 0
nxrrset 0
nxdomain 1
recursion 1
failure 1
Statistics Dump
(979436130)
+++ Statistics Dump +++ (979584113)

success 651
referral 10
nxrrset 11
nxdomain 17
recursion 296
failure 217
Statistics Dump
(979584113)
D N S - (
+ + + Statistics D u m p + + + --- Statistics
D u m p - - - ) stats.
( 9 7 9 4 3 6 1 3 0 ) , ,
, U N I X . ,
B I N D .
date . -
, 9 7 9 5 8 4 1 1 3 U N I X (
1 1970 ) , :
% date -d '1970-01-01 979584113 sec'
Mon Jan 15 18:41:53 MST 2001
.
success 651
, D N S - , . .
, .
referral 10
, D N S - .
nxrrset 11
, D N S - ,

.
nxdomain 17
, D N S - ,
, , .
recursion 296
,
.
failure 217
, ,
nxrrset
nxdomain.
, ,
B I N D 8, B I N D 9 , ,
.
BIND
DNS-? ,
? , D N S - ,
. ,

,
.
D N S - ,
, (, , ) , .

, D N S - .
D N S - .
, B I N D 4 . 9 . 3 , 1 9 9 2 9 3 8 7 4 6 6 8 3 -
, 2,7 , . ,
,
, ,
. - , ,
DNS-, .
.
1
, DNS-,
BIND, .
8

- ? , ,
.
- , , - . , ,
...
- ? -
.
- , , , -
DNS-?
4 B I N D D N S - .
- ,
.
, .
,
. ?
.
, :

D N S - .
.
, .
-,
, D N S - -
.
D N S -
, .
, ,
,
.
DNS- -
- ,
.
, DNS-
.
. , , ,
, .
, DNS- ,
, D N S - .
, - ,
, - -
, D N S -
.
(. 8.1),
.
. 8.1.
, ,
D N S - - . d,
a , b, c e, .
- g, ,
. , ,
f - , .
D N S -
.
, d g.
DNS-?
DNS-,
,
D N S - ( ,
, ).
, .
, : ,
, (BIND - ) ,
DNS-.
, DNS- .
D N S -
,
.
,
( ) ,
DNS-
. DNS-
() .
, -
D N S . - D N S
,
. , DNS-,

.
, ,
D N S -
,
, DNS-.
D N S - ,
.
, ,
,
DNS-.
,
- D N S ,
,
DNS-.
,
DNS-, - , .
B I N D ,
, - B I N D 9.3.2 9.3
T C P / I P (
4 . 3 / 4 . 4 B S D U N I X ; ) .
B I N D 9 . 2 9 . 3 ( ,
) , , ,

.
B I N D 9, B I N D
, 8.2 8.3,
- ,
.
, , - DNS-.
,
U N I X
. D N S -
, .
( ! )

nslookup
named.conf
UNIX . , U N I X
B I N D ,
. D N S -
, B I N D 9,
, B I N D 9,
DNS-.
, , DNS- ,
, , -
.

,
, D N S - ,
, DNS-,
.
, ,
,
D N S - , , D N S -
.
D N S - ?
- , ,
, .
,
(RPC), ,
.
DNS- .
, X W i n d o w
DNS- ( ).
( )
: , DNS- ?
? !
, ,
D N S - , . named
D N S - ,
. named

,
( t h r a s h , ) , .

, D N S -
.
,
D N S - , - , named
. D N S -
,
.

, top .
1
,
, .
: 5 % ,
, , 1 0 % ,
DNS-.
,
top
DNS-:
top - , ;

.
UNIX Linux. ,
top
http://www.UNIXtop.org.
last pid: 14299; load averages: 0.11, 0.12, 0.12
18:19:08
68 processes: 64 sleeping, 3 running, 1 stopped

Cpu states: 11.3% usr, 0.0% nice, 15.3% sys, 73.4% idle, 0.0% intr, 0.0% ker
Memory: Real: 8208K/13168K act/tot Virtual: 16432K/30736K act/tot Free: 4224K
PID USERNAME PRI NICE
89 root
SIZE
RES STATE
TIME
WCPU
2968K 2652K sleep
5:01
0.00%
CPU COMMAND
0.00% named
, . top
( ) D N S - :
load averages: 0.30, 0.46, 0.44
system: relay 16:12:20
39 processes: 38 sleeping, 1 waiting

Cpu states: 4.4% user, 0.0% nice, 5.4% system, 90.2% idle, 0.0% unk5, 0.0%
unk6, 0.0% unk7, 0.0% unk8
Memory: 31126K (28606K) real, 33090K (28812K) virtual, 54344K free Screen #1/ 3
PID USERNAME PRI NICE
21910 root
SIZE
RES
2624K
2616K sleep 146:21
STATE
TIME
WCPU
CPU
COMMAND
0.00% 1.42% /etc/named
,
, - ,
( , D N S - ) .
:
FreeBSD, ,
, ,
U N I X ,
.
, D N S - ,
,
DNS-
. , D N S -
( ,
BIND 8) :
options {
statistics-interval 60;
};
D N S - B I N D 9
statistics-in
terval, rndc crontab,
D N S - B I N D 9
:
0 * * * *
/usr/local/sbin/rndc stats
. ,
- ,
, .
,
,
, - . , -
,
, .
syslog
D N S - B I N D 8:
Aug 1 11:00:49 toystory named[103]: NSTATS 965152849 959476930 A=8 NS=1

SOA=356966 PTR=2 TXT=32 IXFR=9 AXFR=204
Aug 1 11:00:49 toystory named[103]: XSTATS 965152849 959476930 RR=3243 RNXD=0
RFwdR=0 RDupR=0 RFail=20 RFErr=0 RErr=11 RAXFR=204 RLame=0 ROpts=0 SSysQ=3356
SAns=391191 SFwdQ=0 SDupQ=1236 SErr=0
RQ=458031
RIQ=25 RFwdQ=0 RDupQ=0 RTCP=101316
SFwdR=0 SFail=0 SFErr=0 SNaAns=34482 SNXD=0 RUQ=0 RURQ=0 RUXFR=10 RUUpd=34451
Aug 1 12:00:49 toystory named[103]: NSTATS 965156449 959476930 A=8 NS=1
SOA=357195 PTR=2 TXT=32 IXFR=9 AXFR=204
Aug 1 12:00:49 toystory named[103]: XSTATS 965156449 959476930 RR=3253 RNXD=0
RFwdR=0 RDupR=0 RFail=20 RFErr=0 RErr=11 RAXFR=204 RLame=0 ROpts=0 SSysQ=3360
SAns=391444 SFwdQ=0 SDupQ=1244 SErr=0
RQ=458332
RIQ=25 RFwdQ=0 RDupQ=0 RTCP=101388
SFwdR=0 SFail=0 SFErr=0 SNaAns=34506 SNXD=0 RUQ=0 RURQ=0 RUXFR=10 RUUpd=34475
RQ (
) . , ,
RQ : 4 5 8 3 3 2 - 4 5 8 0 3 1 = 3 0 1 .
,
, , D N S -
.
DNS ,
.

D N S ,
.
DNS-
, (RQ)
( S A n s ) 8 0 0 ( 1 0 0 -
D N S ) 3 6 0 0 (
) . ,
D N S .
1

. N S F N E T ( 1 9 9 5 )
, DNS 5%
,
BIND, ' (Marco d'Itri) bindgraph,
DNS
http://www.dns.net/dnsrd/tools.html.
( ) . ,
N S F N E T , ,
D N S - .
,
D N S - ,
.
1
, , DNS- . ?
- , , D N S -

. ,
.
D N S - B I N D 8, , D N S DNS-
. D N S -
,

D N S - . B I N D 8 . 2
,
host-statistics

options:
2
options {
host-statistics yes;
};
:
+++ Statistics Dump +++ (829373099) Fri Apr 12 23:24:59 1996
970779
471621
Unknown query types
185108
6
A queries
NS queries
69213
669
PTR queries
MX queries
2361
ANY queries
++ Name Server Statistics ++

(Legend)
RQ
RR
RIQ
RNXD
RFwdQ
RFwdR
RDupQ
RDupR
RFail
RFErr
RErr
RTCP
RAXFR
RLame
ROpts
SSysQ
SAns
SFwdQ
SFwdR
SDupQ
SFail
SFErr
SErr
RNotNsQ
SNaAns
,
,
,
NSFNET.
, BIND 9 host-statistics
.
SNXD
(Global)
257357 20718 0 8509 19677
19939 1494 21 0 0
824 236196 19677 19939 7643
0 7 0 1 0
33 0 0 256064 49269
155030
[15.17.232.4]
8736 0 0 0 717
24 0 0 0 0
0 0 0 8736 2141
0 0 0 0 0
0 8019 0 717 0
5722
[15.17.232.5]
115 0 0 0 8
0 21 0 0 0
0 0 0 0 0
0 86 0 1 0
0 0 0 115 0
[15.17.232.8]
66215 0 0 0 6910
15 0 0 66215 33697
148 633 0 0 0
0 5 0 0 0
0 58671 0 6695 0
6541
[15.17.232.16]
31848 0 0 0 3593
209 74 0 0 0
0 0 0 31848 8695
15359
0 0 0 0 0
0 28185 0 3563 0
[15.17.232.20]
272 0 0 0 0
0 0 0 0 0
0 0 0 0 0
0 272 0 0 0
0 0 0 272 7
[15.17.232.21]
316 0 0 0 52
14 3 0 0 0
0 0 0 0 0
0 261 0 51 0
0 0 0 316 30
30
[15.17.232.24]
853 0 0 0 65
1 3 0 0 0
0 2 0 0 0
0 783 0 64 0
0 0 0 853 125
1 0 0 0 0
0 0 0 0 0
0 577 0 47 0
0 0 0 624 2
337
[15.17.232.33]
624 0 0 0 47
217
[15.17.232.94]
127640 0 0 0 1751
0 0 0 127640 106
14 449 0 0 0
0 0 0 0 0
0 125440 0 1602 0
124661
[15.17.232.95]
846 0 0 0 38
1 0 0 0 0
0 0 0 0 0
0 809 0 37 0
0 0 0 846 79
81
Name Server Statistics

Statistics Dump
(829373099) Fri Apr 12 23:24:59 1996
Global I P , .
, ,
R Q , .

1 5 . 1 7 . 2 3 2 . 8 , 1 5 . 1 7 . 2 3 2 . 1 6 1 5 . 1 7 . 2 3 2 . 9 4 , 8 8 %
.
DNS- B I N D 9, ,
DNS-
, - DNS-. (
13.)
I P - , , D N S .
, ,
.

, , , D N S .
, DNS-.
,
.
D N S ,
DNS- . ,
, ,
. ,
:
,
- . D N S - .

. D N S - .
.
D N S - .
D N S - , .
,
. D N S -
, .
, ,
. DNS- .
DNS-
DNS-
, - .
, , 4;
D N S - ,
.
DNS-, .
D N S - ,
, D N S

DNS-.
:
- DNS.
DNS-
,
.
D N S - , .
DNS-.

- DNS
, /etc/
named.conf
.
, ,
.
rdist rsync.
distfile

:
1
dup-p rimary:
# named.conf
/etc/named.conf
install
-> wormhole
# /var/named ( )
#
/var/named -> wormhole
install
:
dup-primary:
primaries =
( wormhole carrie )
/etc/named.conf
install
-> {$primaries}
/var/named -> {$primaries}

install
, rdist D N S - , special :
special /var/named/* "rndc reload" ;
special /etc/named.conf "rndc reload" ;
rdist
.
DNS-
. DNS-
,
D N S - , . D N S -
rsync - ,
.

http://rsync.samba.org.
, rdist
.
, .
: DNS-, ,
.
. IP- - DNS
IP-
.

named.conf:
// DNS- wormhole,
//
zone "movie.edu" {
type slave;
masters { 192.249.249.1; };
};

,
D N S .
,
- ,
DNS-
. , DNS-
,
-
D N S .
,
D N S - .
, D N S , .

N O T I F Y .

.
N O T I F Y 10 .

D N S - , .
wormhole diehard,
monsters-inc
wormhole,

D N S .

.
DNS-,

D N S - , , , -
D N S - . D N S -
, 0.0.127.in-addr.arpa.
, D N S -
, - , ,
, ,
-
. , ,

db.127.0.0.
named.conf
D N S -
:
options {
//
};
type master;
file "db.127.0.0";
};
zone "." {
type hint;
file "db.cache";
};
DNS-, ,
, ,
. ,

DNS- .
D N S -
.
D N S -
? ,
, , D N S -
.
D N S - , ,
D N S - ? .
db.cache -
. , , DNS-
D N S - D N S -
:
.
DNS-, ,
, .
DNS- ,
. ,
D N S - ,
.
, ,
. ,
, D N S - .
DNS-
DNS-
: D N S - ,
.

( ,
) . , movie.edu / 2 4
( C) 2 0 in-addr.arpa.

DNS- 21- (
in-addr.arpa
movie.edu),

movie.edu
in-addr.arpa,

. , DNS- : movie.edu
inaddr.arpa.
, DNS-.
zardoz.movie.edu
IP-
1 9 2 . 2 4 9 . 2 4 9 . 9 1 9 2 . 2 5 3 . 2 5 3 . 9 . named.conf zardoz D N S - :
options {
};
zone "movie.edu" {
type slave;
masters { 192.249.249.3; };
};
type slave;
masters { 192.249.249.3; };
file "bak.192.249.249";
};
type slave;
masters { 192.249.249.3; };
file "bak.192.253.253";
};
type master;
file "db.127.0.0";
};
zone "." {
type hint;
file "db.cache";
};
movie.edu
in-addr.arpa.
named.conf
DNS-
2 1 zone.
DNS-? DNS- , named.conf
. D N S - , inaddr.arpa,
in-addr.arpa

.
.

.
movie.edu
in-addr.arpa.
?
, DNS-, ,
: 1 9 2 . 2 4 9 . 2 4 9 / 2 4 1 9 2 . 2 5 3 . 2 5 3 / 2 4 .
, ,
.
in-addr.arpa,
.
DNS-
D N S , :
D N S - ?
, . D N S - ,
DNS-.
, D N S - , ,
.
.
DNS-
( , resolv.conf)
. D N S -
D N S - ,
. ,
, D N S ,
DNS- . . 8.2.
,
,
DNS- :
DNS-,
UDP, .
10 N S - ;
( )
DNS-
DNS-
ft*
^1
DNS-
. 8.2.
i
// W j S? S?
DNS-
11
I
jj
I DNS-
DNS-
.
D N S - - ,
, .
1
DNS-
, ,
, DNS-
.
. ,
D N S - zardoz.

,
edu in-addr.arpa.
(
, 3.)
,
( ) ,
- .
. , rootservers.net,
UDP-
.
,
( ), DNS-
. DNS-
, -() .
,
,

DNS- ( )
. .
InterN I C , N e t w o r k M o d i f i c a t i o n http://www.arin.net/library/templates/netmod.txt

.
, ,
in-addr.arpa, :
!
DNS- zardoz.movie.edu (
249.249.192.in-addr.arpa 253.253.192.in-addr.arpa)
NS- DNS- in-addr.arpa.

:
253.253.192.in-addr.arpa. 86400 IN NS toystory.movie.edu.
253.253.192.in-addr.arpa. 86400 IN NS wormhole.movie.edu.
253.253.192.in-addr.arpa. 86400 IN NS zardoz.movie.edu.
249.249.192.in-addr.arpa. 86400 IN NS toystory.movie.edu.
249.249.192.in-addr.arpa. 86400 IN NS wormhole.movie.edu.
249.249.192.in-addr.arpa. 86400 IN NS zardoz.movie.edu.
!
Albert LeDomaine
al@movie.edu
, TTL
N S - . , D N S -
,
DNS-.
,
. ,

TTL.
-
D N S - - ,
D N S - in-addr.arpa.

movie.edu,
DNS-,
toystory.movie.edu
wormhole.movie.edu,

, DNS-
movie.edu.
D N S -
? ,
in-addr.arpa.

D N S - ,
;
, D N S -
.
DNS-:
.
, , D N S , , ,
,
DNS-.
, DNS-
. D N S -
,
,
. DNS-
DNS-,
. D N S -
, .

D N S - (
) ,
! .
,
D N S - , ,

(lame
delegation).
1
TTL
D N S ,

. , TTL RR- -
, D N S -
. TTL
RR- 3600
,
. ,

DNS-.
: ,
. ,
,
, .
TTL, , TTL
,
D N S - . T T L
, DNS-
DNS-, , .
, D N S -
.

TTL .
- -
T T L .
, ,
.
movie.edu,
,
.
D N S - , T T L
, $ T T L - DNS-
, B I N D 8.2 - S O A - .
movie.edu
. D N S - ,
,
.
. ,
? TTL,
D N S -
. ,
DNS- ,
.
TTL? ,
T T L ,
. DNS- B I N D 4
T T L .
TTL, 30 , .
- TTL $ T T L
db.movie.edu.
R R - , D N S -
. TTL
, ,
, .
, DNS-
, D N S -
.
- TTL .
T T L ,
(IN).
, -
: m ( ) , h (), d () w () -
, $TTL.
TTL
db.movie.edu:
cujo
1h IN
192.253.253.5
; , TTL = 1
DNS-, ,
T T L , - D N S : - D N S
T T L 1 ,
. D N S - T T L
,
. TTL
, , DNS-
,
. DNS- , .
.
, B I N D T T L
R R - , , .
, DNS-, ,
. ,
,
.
,
,
. -
ftp- ( ),
.

TTL , .
, T T L
. T T L

:
,
. , ,
.
, T T L 1 2 ,
- 3 , T T L
1 5 ,
T T L
. , DNS-
N O T I F Y ,
, .
SOA-

- D N S .
SOA-.
,
(refresh)
,
.
(retry)
,

.
(expire)
,

. , D N S - B I N D 8 . 2
TTL
. DNS-
S O A - T T L .
, , D N S -
, .
(1h)
( -o
h2n).
, - 15 .
,
.
, D N S - ,
, D N S -
.
: D N S -
SOA- ,
, .
DNS-

( ) -
D N S .
1
,
B I N D 8 9 N O T I F Y ,
. D N S - B I N D 4,
, .
, BIND 8 ,
,
.
B I N D ,
.
BIND ( 4.9)
( B I N D 8 ) ( B I N D 9 )
,
.
-
,
.
, ;
, ,
,
. B I N D 8 ,
,
, . (BIND 9
. ) ,
B I N D 8,
.
,
TTL . TTL
. , TTL.
,
.

,
. ,
,
. ,
. -
,
.
D N S , .
, DNS:
DNS-,
, . .
D N S .
,
, D N S .
, .

.

.
,
. ,
- .
, ,
.

.
, D N S - -
.
, , ,
, ,
, ! ,
, ,
.

,
, . U N I X

( ) :
/usr/sbin/ifconfig lanO inet 'hostname' netmask 255.255.128.0 up
/usr/sbin/route add default site-router 1
( 'hostname'
, site-router
-
) ,
I P - ,
.
, route .
ifconfig ,
I P - /etc/hosts,
/etc/hosts

.
, route,
,
IP.
route, D N S -
.
DNS-
, route .
DNS-,
, . ,

resolv.conf.
D N S - B I N D ,
resolv.conf
DNS- ( DNS-
,
D N S - ) .
,
. ,
:
ICMP- (port unreac

hable).
I C M P - ( n e t w o r k unreac
hable).
U D P ( ,
) .
1
D N S - , resolv.conf,
, . D N S -
. 75
,
. ICMP-
, D N S -
, D N S - .
DNS-
,
D N S - , , .
D N S -
, route .
,
D N S - . resolv.conf

D N S - , B I N D

, ifconfig
. D N S - ,
,
.
.
D N S - ,
,
.
6 ,
, .

, -
IP-
( /etc/
defaultrouter).

.
resolv.conf
, DNS-
.
, ,
/etc/hosts
( ,
) . ,
D N S - ,
, .
/etc/hosts,

.
B I N D , ,
/etc/
hosts , D N S ,
!
, /etc/
hosts, /etc/hosts ,
.
, -
; .
/etc/hosts
:
, . /etc/
hosts - rsync.
,
, D N S - ?
sendmail,
N F S . D N S sendmail

,
N F S .
- DNS-
. ,
.
, ,
( U P S , U n i n
terruptible Power System) .
, ,
, D N S - .

,
.
, .
, , IP-
D N S ,
.
,

DNS-.
,
.

, ,
. ,
,
. .
(
) .
,
.
( )
DNS- .
DNS- , DNS-
,
.
,
.
,

/etc/hosts.

resolv.conf
resolv.bak,
DNS- (
) /etc/hosts.
, .
D N S - ,
,
. named.conf

type zone slave master,
masters.
DNS ,
,
.
( )
( )

D N S -
. D N S -
D N S - . : D N S -
,
.
D N S -
, D N S - ,
.

,
DNS. - DNS- , ,
. - ,
D N S - .
, ;
DNS-. , db.root .
db.root
. , movie.edu , toystory db.root :
$TTL 1d
. IN SOA toystory.movie.edu. al.movie.edu. (
1
3h
1h
1w
1h )
; TTL
IN NS toystory.movie.edu.
; toystory
; DNS-
; movie.edu
; in-addr.arpa
movie.edu. IN NS toystory.movie.edu.
IN NS wormhole.movie.edu.
249.249.192.in-addr.arpa. IN NS toystory.movie.edu.
253.253.192.in-addr.arpa. IN NS toystory.movie.edu.
toystory.movie.edu.
IN A 192.249.249.3
wormhole.movie.edu.
IN A 192.249.249.1
IN A 192.253.253.1

med.conf
toystory:
na-
//
// zone . {
//
type hint;
//
file "db.cache";
//
};
zone "." {
type master;
file "db. root";
};
db.cache (
) ,
D N S - (
,
, ) .

.
99999999
IN
NS
toystory.movie.edu.
db.cache:
toystory.movie.edu.
99999999
IN
192.249.249.3

movie.edu
. ,
zone named.conf,
zone
toystory,

DNS-.
, ?

, ,
, . ,
,
, ,
- , ,
.
,
,
.
.
; .

, .
-
.
,

. ,
,
,
.
- ,

. DNS-
,
DNS- , .
,
,
.

.

, ,

. - , ,
, ,
:
-
D N S - .
, , , :
?
?
, : .
.
, ,
.
,
, ? DNS
.
.
.
-
,
, .
,
D N S - ,
.
,

.

.

D N S - ,
. DNS-
DNS- .
,
, ,
, ,
. , , , ,
,
.
,
.
- .
,

, .
,
:

. 50 ,

( ) ,
.
-

DNS.
,

.
, IP-
,
.
,
,
,
( ,
, ,
) ,
, .

, , . -
;
. ,
.
.

. , ,
.
,
.
, ,
, .
, .
, ,
.
:
.

.
,

,
. ,
,
.
,
. , , ,
-
( P o u g h k e e p s i e ) ( W a u k e g a n ) , ,
, , ,
.
.
, , ,
. I t a l y ( )
it (IT),

?
.
: ,
.
- !

.
net ,
,
, . com,
com. ,
com
S u n s u n , H P 9 0 0 0 - hp (
) . ,
sun.com hp.com,
, com,

.
1
:
, ,
. ,
. ,
...
,
,
. ? .
,
.
,
. ,
, , ;
,
.
-
, .

, , .
? RR-,
. , movie.edu
brazil,
. , ,
sendmail. ,
6 DNS-.
brazil personnel.movie.edu,

db.movie.edu.

db.movie.edu:
brazil.personnel
IN
192.253.253.10
IN
MX
10 brazil.personnel.movie.edu.
IN
MX
employeedb.personnel
IN
CNAME
brazil.personnel.movie.edu.
db.personnel
IN
CNAME
brazil.personnel.movie.edu.

db.personnel.movie.edu
.
,
personnel.movie.edu
;
telnet db .
, $ORIGIN

personnel.movie.edu.

db.movie.edu:
$ORIGIN personnel.movie.edu.
brazil
IN A
192.253.253.10
IN MX
10 brazil.personnel.movie.edu.
IN MX
employeedb IN CNAME brazil.personnel.movie.edu.

db
IN CNAME brazil.personnel.movie.edu.
,
db.movie.edu
$INCLUDE
( ) .
, S O A - personnel.movie.edu
? , S O A - movie.edu
movie.edu.

personnel.movie.edu,
movie.edu.

, - .
,
.
movie.edu
. fx.movie.edu
- ,
, . fx.movie.edu
,
. bladerunner
outland, ,
DNS- (
bladerunner
D N S ) . -
DNS- -
D N S - fx.movie.edu,
, , .
,
.
vie.edu
mo-
- 192.253.254/24 network.
/etc/hosts:
192.253.254.1 movie-gw.movie.edu movie-gw

# fx:
192.253.254.2 bladerunner.fx.movie.edu bladerunner br
# fx:
192.253.254.3 outland.fx.movie.edu
outland
192.253.254.4 starwars.fx.movie.edu
starwars
192.253.254.5 empire.fx.movie.edu empire

192.253.254.6 jedi.fx.movie.edu jedi
,

fx.movie.edu.
db.fx.movie.edu:
$TTL 1d
@
IN
SOA
bladerunner.fx.movie.edu. hostmaster.fx.movie.edu. (
1
3h
1h
1w
1h )
; TTL
IN
NS
bladerunner
IN
NS
outland
; MX- fx.movie.edu
IN
MX
10 starwars
IN
MX
100 wormhole.movie.edu.
; starwars bladerunner
; wormhole - movie.edu
bladerunner
br
outland
starwars
IN
192.253.254.2
IN
MX
10 starwars
IN
MX
IN
CNAME
bladerunner
IN
192.253.254.3
IN
MX
10 starwars
IN
MX
IN
192.253.254.4
IN
MX
10 starwars
IN
MX
empire
jedi
IN
192.253.254.5
IN
MX
10 starwars
IN
MX
IN
192.253.254.6
IN
MX
10 starwars
IN
MX
db.192.253.254:
$TTL 1d
@
IN
SOA
1
3h
1h
1w
1h )
; TTL
IN
NS
bladerunner.fx.movie.edu.
IN
NS
outland.fx.movie.edu.
movie-gw.movie.edu.
IN
PTR
IN
PTR
IN
PTR
IN
PTR
starwars.fx.movie.edu.
IN
PTR
empire.fx.movie.edu.
IN
PTR
jedi.fx.movie.edu.
, P T R -
1.254.253.192.in-addr.arpa
movie-gw.movie.edu.
.
movie.edu

fx.movie.edu;
,
P T R - 254.253.192.in-addr.arpa

,
.
named.conf
DNS:
options {
zone "0.0.127. in-addr.arpa" {

type master;
file "db.127.0.0";
};
zone "fx.movie.edu" {
type master;
file "db.fx.movie.edu";
};
type master;
file "db.192.253.254";
zone "." {
type hint;
file "db.cache";
};
, h2n,
:
% h2n -v 8 -d fx.movie.edu -n 192.253.254 -s bladerunner -s outland \

-u hostmaster.fx.movie.edu -m 10:starwars -m 100:wormhole.movie.edu
.
db.fx.movie.edu,
db.192.253.254
named.conf.
DNS-
bladerunner.
,
resolv.conf.
hostname
bladerunner

, bladerunner.fx.movie.edu,

. ,
, D N S - .
named bladerunner

l o g - syslog . named ,
l o g - syslog ,
, nslookup

fx.movie.edu
:
Default Server:
Address:
bladerunner.fx.movie.edu
192.253.254.2
> jedi
Server:
Address:
Name:
Address:
192.253.254.2
jedi.fx.movie.edu
192.253.254.6
> set type=mx

> empire
Server:
Address:
192.253.254.2
empire.fx.movie.edu
preference = 10,
mail exchanger = starwars.fx.movie.edu
empire.fx.movie.edu
preference = 100,
mail exchanger = wormhole.movie.edu
fx.movie.edu
nameserver
names
= outland.fx.movie.edu
fx.movie.edu
names
nameserver
= bladerunner.fx.movie.edu
starwars.fx.movie.edu
wormhole.movie.edu
wormhole.movie.edu
outland.fx.movie.edu

> ls -d fx.movie.edu
[bladerunner.fx.movie.edu]
$ORIGIN fx.movie.edu.
1D IN SOA
bladerunner
bladerunner hostmaster (
1
3H
1H
1W
1H )
1D IN NS
bladerunner
1D IN NS
outland
1D IN MX
10 starwars
1D IN MX
1D IN A
192.253.254.2
1D IN MX
10 starwars
1D IN MX
br
1D IN CNAME
bladerunner
empire
1D IN A
192.253.254.5
1D IN MX
10 starwars
1D IN MX
jedi
outland
starwars
1D IN A
192.253.254.6
1D IN MX
10 starwars
1D IN MX
1D IN A
192.253.254.3
1D IN MX
10 starwars
1D IN MX
1D IN A
192.253.254.4
1D IN MX
10 starwars
1D IN MX
1D IN SOA
bladerunner hostmaster (
1
3H
1H
1W
1H )
> set type=ptr

> 192.253.254.3
Server:
Address:
192.253.254.2
3.254.253.192.in-addr.arpa
name = outland.fx.movie.edu
> ls -d 254.253.192.in-addr.arpa.
[bladerunner.fx.movie.edu]
$ORIGIN 254.253.192.in-addr.arpa.
@
1D IN SOA
1
3H
1
2
3
4
5
6
1H
1W
1H )
1D IN NS
1D IN NS
1D IN PTR
1D IN PTR
1D IN PTR
1D IN PTR
1D IN PTR
1D IN PTR
1D IN SOA
movie-gw.movie.edu.
starwars.fx.movie.edu.
jedi.fx.movie.edu.
1
3H
1H
1W
1H )
> exit
,

fx.movie.edu.
DNS- fx.movie.edu
D N S - fx.movie.edu

: named.conf,
db.127.0.0 db.cache bladerunner,
named.conf
db.127.0.0
, 4
BIND.

named.conf:
options {
};
type slave;
masters { 192.253.254.2; };
file "bak.fx.movie.edu";
};
type slave;
masters { 192.253.254.2; };
file "bak.192.253.254";
};
zone "." {
type hint;
file "db.cache";
};
bladerunner,
outland
solv.conf,
hostname

reoutland.fx.movie.edu.
named l o g - syslog
. ,

fx.movie.edu.
DNS- movie.edu
fx.movie.edu
DNS-
fx.movie.edu,
bladerunner
outland.
NS-
db.movie.edu.

fx
db.movie.edu:
86400
IN
NS
86400
IN
NS
RFC 1034 ,
NS- ( ,
outland.fx.movie.edu)

DNS-. DNS, ,
,
, ( C N A M E ) .
, RFC-
, -
.
. , ?

fx.movie.edu?
D N S - movie.edu

D N S - , fx.movie.edu?
, N S - db.movie.edu
D N S fx.movie.edu.
- IP-
.
? D N S - fx.movie.edu.

- ?
: D N S - fx.movie.edu

movie.edu.
,
, movie.edu,
,
fx.movie.edu.
, DNS-
fx.movie.edu fx.movie.edu,
,

(glue records),
.
- ,
DNS-.
,
vie.edu :
fx
86400
IN
NS
86400
IN
NS
86400
IN
192.253.254.2
86400
IN
192.253.254.3
db.mo-
. DNS-
B I N D 8 9 ,
, l o g - syslog
, . ,
N S - movie.edu,
D N S - , ns1.isp.net, ,
db.movie.edu
D N S
movie.edu,
syslog:
Aug
9 14:23:41 toystory named[19626]: dns_master_load:
db.movie.edu:55: ignoring out-of-zone data
, .
bladerunner
- ,
I P - -
.
,
movie.edu fx.movie.edu.
,
plan9.movie.edu
(,
)
fx.movie.edu,
movie.edu,

. :
plan9
IN
CNAME
plan9.fx.movie.edu.
movie.edu

plan9,
plan9.movie.edu.
, .
plan9 movie.edu,
db.movie.edu.
,
p9.fx.movie.edu
plan9.fx.movie.edu

fx.movie.edu db.fx.movie.edu.

, DNS- ,
.
in-addr.arpa
2 5 4 . 2 5 3 . 1 9 2 . i n - a d d r . a r p a !
, fx.movie.edu,
.
-, ,
.
,
3 ? .
, 254.253.192.in-addr.arpa
192.in-addr.arpa.
,
. in-addr.arpa

253.192.in-addr.arpa
,
1 9 2 . 2 5 3 . 2 5 3 / 2 4 1 9 2 . 2 5 3 . 2 5 4 / 2 4
, 1 9 2 . 2 5 3 / 1 6 C I D R - .

.
, 192.in-addr.arpa,

nslookup whois, 3.

nslookup:
% nslookup
Default Server:
Address:
toystory.movie.edu
0.0.0.0#53
> set type=soa

> 192.in-addr.arpa.
Server:
toystory.movie.edu
Address:
0.0.0.0#53
192.in-addr. arpa
origin = chia.arin.net
mail addr = bind.arin.net
serial = 2005112714
refresh = 1800
retry = 900
expire = 691200
minimum = 10800
Authoritative answers can be found from:
192.in-addr.arpa
nameserver = chia.arin.net.
192.in-addr.arpa
nameserver = dill.arin.net.
192.in-addr.arpa
nameserver = basil.arin.net.
192.in-addr.arpa
nameserver = henna.arin.net.
192.in-addr.arpa
nameserver = indigo.arin.net.
192.in-addr.arpa
nameserver = epazote.arin.net.
192.in-addr.arpa
nameserver = figwort.arin.net.
chia.arin.net
has AAAA address 2001:440:2000:1::21
basil.arin.net
henna.arin.net
indigo.arin.net internet address = 192.31.80.32
, 192.in-addr.arpa

A R I N (American Registry of Internet N u m b e r s ; , ,
- 3.)

http://www.arin.net/library/net-end/
user.txt, .
DNS- movie.edu
,
, D N S - movie.edu 1 9 2 . 2 5 3 . 2 5 4 / 2 4 .
D N S - , fx.movie.edu,

. D N S fx.movie.edu
movie.edu
-
,
.
D N S - movie.edu
bladerunner. bladerunner

D N S fx.movie.edu.
DNS-,
,
. D N S -
,
.
1
: named.conf
bladerunner ,
named,
movie.edu
IP-
D N S movie.edu,

toystory.movie.edu.

named.conf:
options {
};
zone "0.0.127. in-addr.arpa" {
type master;
file "db.127.0.0";
};
type master;
,
. DNS-
( ),
( ).
type master;
file "db.192.253.254";
};
zone "movie.edu" {
type slave;
masters { 192.249.249.3; };
};
zone "." {
type hint;
file "db.cache";
};
in-addr.arpa

. in-addr.arpa
, .
, , ,
.
.

/ 2 4 (
C) - ,
. -, Altered State,
B , 1 7 2 . 2 0 / 1 6 .
IP-, 2 5 5 . 2 5 5 . 2 5 5 . 0 .
altered.edu,
fx.altered.edu
(,
) , makeup.altered.edu
foley.altered.edu.

( Spesial Effects - 1 7 2 . 2 0 . 2 / 2 4 , Makeup 1 7 2 . 2 0 . 1 5 / 2 4 , Foley - 1 7 2 . 2 0 . 2 5 / 2 4 ) ,

in-addr.arpa.
in-addr.arpa

.
db.172.20
Altered State
NS-:
2
86400
IN
NS
gump.fx.altered.edu.
86400
IN
NS
toystory.fx.altered.edu.
15
86400
IN
NS
prettywoman.makeup.altered.edu.
15
86400
IN
NS
priscilla.makeup.altered.edu.
25
86400
IN
NS
blowup.foley.altered.edu.
25
86400
IN
NS
muppetmovie.foley.altered.edu.
, , DNS .
: Altered State

, 20.172.inaddr.arpa.
NS- ,
. ,
D N S - , ,
.

,
, / 2 4 ( )?
.
:
in-addr.arpa
in-addr.arpa

. .
A (/8) B (/16)
/ 8 ( A ) - 1 5 / 8 ,
2 5 5 . 2 5 5 . 2 4 8 . 0 (13- 11-
, 8 1 9 2 2048 ) . , ,
1 5 . 1 . 2 0 0 . 0 1 5 . 1 . 2 0 0 . 0 1 5 . 1 . 2 0 7 . 2 5 5 .
, db.15,
15.in-addr.arpa,

:
86400
IN
NS
ns-1.cns.hp.com.
86400
IN
NS
ns-2.cns.hp.com.
86400
IN
NS
ns-1.cns.hp.com.
86400
IN
NS
ns-2.cns.hp.com.
86400
IN
NS
ns-1.cns.hp.com.
86400
IN
NS
ns-2.cns.hp.com.
86400
IN
NS
ns-1.cns.hp.com.
86400
IN
NS
ns-2.cns.hp.com.
86400
IN
NS
ns-1.cns.hp.com.
86400
IN
NS
ns-2.cns.hp.com.
86400
IN
NS
ns-1.cns.hp.com.
86400
IN
NS
ns-2.cns.hp.com.
86400
IN
NS
ns-1.cns.hp.com.
86400
IN
NS
ns-2.cns.hp.com.
86400
IN
NS
ns-1.cns.hp.com.
86400
IN
NS
ns-2.cns.hp.com.
!
, 8.2 BIND
$ G E N E R A T E . $ G E N E R A T E
RR-, .
, 16 N S -
$ G E N E R A T E :
1
$GENERATE 200-207 $.1.15.in-addr.arpa.

$GENERATE 200-207 $.1.15.in-addr.arpa.
86400
86400
IN
IN
NS
NS
ns-1.cns.hp.com.
ns-2.cns.hp.com.
: D N S -
$ G E N E R A T E , ( $ )
, .
C (/24)
/ 2 4 ( C), 1 9 2 . 2 5 3 . 2 5 4 / 2 4 ,
2 5 5 . 2 5 5 .
2 5 5 . 1 9 2 . in-addr.arpa
192.253.254.
0/26, 192.253.254.64/26, 192.253.254.128/26 192.253.254.192/26.
,

.
.
1
: 254.253.192.in-addr.arpa

, .

W e b m i n (http://www.webmin.com/),
2
:
.
, / 8 ,
. NS- IP-
db.192.253.254.
:
1.254.253.192.in-addr.arpa.
1.254.253.192.in-addr.arpa.
86400
86400
IN
IN
NS
NS
ns1.foo.com.
ns2.foo.com.
2.254.253.192.in-addr.arpa.
86400
IN
NS
ns1.foo.com.
2.254.253.192.in-addr.arpa.
86400
IN
NS
ns2.foo.com.
BIND 8
(IN).
65.254.253.192.in-addr.arpa.
86400
IN
NS
relay.bar.com.
65.254.253.192.in-addr.arpa.
86400
IN
NS
gw.bar.com.
66.254.253.192.in-addr.arpa.
86400
IN
NS
relay.bar.com.
66.254.253.192.in-addr.arpa.
86400
IN
NS
gw.bar.com.
129.254.253.192.in-addr.arpa.
86400
IN
NS
mail.baz.com.
129.254.253.192.in-addr.arpa.
86400
IN
NS
www.baz.com.
130.254.253.192.in-addr.arpa.
86400
IN
NS
mail.baz.com.
130.254.253.192.in-addr.arpa.
86400
IN
NS
www.baz.com.
254.254.253.192.in-addr.arpa.
$GENERATE:
$GENERATE 0-63 $.254.253.192.in-addr.arpa.
86400
IN
NS
ns1.foo.com.
86400
IN
NS
ns2.foo.com.
86400
IN
NS
relay.bar.com.
86400
IN
NS
gw.bar.com.
86400
IN
NS
mail.baz.com.
86400
IN
NS
www.baz.com.
, , named.conf
:
zone "1.254.253.192.in-addr.arpa" {
type master;
file "db.192.253.254.1";
};
zone "2.254.253.192.in-addr.arpa" {
type master;
file "db.192.253.254.2";
};
db.192.253.254.1
- - PTR-:
$TTL 1d
@
IN
SOA
ns1.foo.com.
root.ns1.foo.com.
3h
1h
1w
1h
; TTL
IN
NS
ns1.foo.com.
IN
NS
ns2.foo.com.
IN
PTR
thereitis.foo.com.
ns1.foo.com
, PTR-
,
IP-. , PTR-
1.254.253.
192.in-addr.arpa,
D N S - 254.253.192.in-addr.arpa
ns1.foo.com
ns2.foo.com,

, , PTR-.
3
, ,

I P - . , / 2 4 , C N A M E ; C N A M E -
, ,
, DNS-.
, 0-63, 64-127,
128-191
192-255, ,
.
PTR- .
1
db.192.253.254:
1. 254.253.192. in-addr.arpa.
2.254.253.192.in-addr.arpa.
IN
IN
CNAME
CNAME
1.0-63. 254.253.192. in-addr.arpa.

2.0-63.254.253.192.in-addr.arpa.
0-63.254.253.192.in-addr.arpa.
86400
IN
NS
ns1.foo.com.
0-63.254.253.192.in-addr.arpa.
86400
IN
NS
ns2.foo.com.
65.254.253.192.in-addr.arpa. IN
CNAME 65.64-127.254.253.192.in-addr.arpa.
66.254.253.192.in-addr.arpa. IN
CNAME 66.64-127.254.253.192.in-addr.arpa.
64-127.254.253.192.in-addr.arpa.
86400
IN
NS
relay.bar.com.
64-127.254.253.192.in-addr.arpa.
86400
IN
NS
gw.bar.com.
129.254.253.192.in-addr.arpa.
IN
CNAME
129.128-191.254.253.192.in-addr.
IN
CNAME
130.128-191.254.253.192.in-addr.
arpa.
130.254.253.192.in-addr.arpa.
arpa.
128-191.254.253.192.in-addr.arpa.
86400
IN
NS
mail.baz.com.
128-191.254.253.192.in-addr.arpa.
86400
IN
NS
www.baz.com.
$ G E N E R A T E :

comp.protocols.tcp-ip.domains
(Glen Herrmansfeldt) .
RFC 2 3 1 7 .
$GENERATE 1-63 $ IN CNAME $.0-63.254.253.192.in-addr.arpa.

0-63.254.253.192.in-addr.arpa.
86400
IN
NS
ns1.foo.com.
0-63.254.253.192.in-addr.arpa.
86400
IN
NS
ns2.foo.com.
$GENERATE 65-127 $ IN CNAME $.64-127.254.253.192.in-addr.arpa.

64-127.254.253.192.in-addr.arpa.
86400
IN
NS
relay.bar.com.
64-127.254.253.192.in-addr.arpa.
86400
IN
NS
gw.bar.com.
0-63.254.253.192.in-addr.arpa
0-63) P T R -
1 9 2 . 2 5 3 . 2 5 4 . 1 1 9 2 . 2 5 3 . 2 5 4 . 6 3 .

(db.192.253.254.
IP-
db.192.253.254.0-63:
$TTL 1d
@
IN
SOA
ns1.foo.com.
root.ns1.foo.com.
3h
1h
1w
1h )
; TTL
IN
NS
ns1.foo.com.
IN
NS
ns2.foo.com.
IN
PTR
thereitis.foo.com.
IN
PTR
setter.foo.com.
IN
PTR
mouse.foo.com.
,
. DNS-
P T R - 1.254.253.192.in-addr.arpa.
DNS-
D N S - 254.253.192.in-addr.arpa,
CNAME-, ,
1.254.253.192.in-addr.arpa 1.0-63.
PTR-
. NS-,
DNS-,
0-63.254.253.192.in-addr.arpa ns1.foo.com
ns2.foo.com.
DNS-
P T R - 1.0-63.254.253.192.in-addr.arpa
DNS ns1.foo.com
ns2.foo.com
.

, DNS-
fx.movie.edu,

host. ?
host? host U N I X -

http:www.weird.com/~woods/projects/host.html.
host, :
% zcat host.tar.Z | tar -xvf -
:
% make
host .
NS- , DNS- - . ,
host D N S - ,
SOA- . ,
D N S - , ,
D N S - S O A - . D N S -
, host
aa - a u t h o r i t a t i v e a n s w e r ( ) .
D N S -
. DNS .
host .
?
,
DNS-.
DNS , NS- , D N S - ,
.
, NS-
, . ,
N S -
, .
host

, , , ,
host, .
: host N S -
DNS- , .
NS-
fx.movie.edu D N S -
movie.edu:
% host -t ns fx.movie.edu. toystory.movie.edu.
, NS- :
fx.movie.edu
name server
fx.movie.edu
name server
host,
. , NS-,
fx.movie.edu, .
host S O A -
S O A - . ,
:
% host -C fx.movie.edu.
D N S fx.movie.edu S O A - fx.movie.edu

:
Nameserver bladerunner.fx.movie.edu:
fx.movie.edu SOA bladerunner.fx.movie.edu. hostmaster.fx.movie.edu. 1
10800 3600 608400 3600
Nameserver outland.fx.movie.edu:
10800 3600 608400 3600
- , outland
, :
10800 3600 608400 3600
nxdomain.com has no SOA record
, D N S - outland ,
fx.movie.edu.
:
10800 3600 608400 3600
;; connection timed out; no servers could be reached
connection
timed out (
) , host
outland , .
, fx.movie.edu nslookup
dig ,
host .
1

,
, DNS-.
DNS- 8 ,
.
, .
, ,

. ,
, 1 9 2 . 2 5 4 . 2 0 / 2 4 .

. , alien.fx.movie.edu,

DNS- .
fx.movie.edu
(
)
( ) :
!
alien.fx.movie.edu (192.254.20.3)
DNS- fx.movie.edu. ,
. NS-, , .
,
Arty Segue
ajs@fx.movie.edu
cut here
fx.movie.edu.
86400
IN
NS
fx.movie.edu.
86400
IN
NS
fx.movie.edu.
86400
IN
NS
alien.fx.movie.edu.
86400
IN
86400
IN
192.253.254.2
192.253.254.3
alien.fx.movie.edu.
86400
IN
192.254.20.3
- movie.edu
- :
NS- A-
db.movie.edu.
, h2n
DNS-?
spcl.movie,
h2n
$ I N C L U D E db.movie.
fx.movie.edu
-
hostmaster@arin.net
(
192.in-addr.arpa),

D N S - alien.fx.movie.edu,

DNS- B I N D ,

. BIND 8 9
-,
D N S -
, .
DNS-, ,
SOA- NS- ,
. DNS- NS-
, SOA-
. ,
DNS- ,
N S - ( S O A ,
) , D N S - ,
- ,
.
D N S - movie.edu
named.conf:
type stub;
masters { 192.253.254.2; };
file "stub.fx.movie.edu";
};
, , B I N D 9,
D N S - movie.edu,
,
fx.movie.edu.
B I N D 9
fx.movie.edu
,
. D N S - movie.edu
-
, .

-
fx.movie.edu . -
.
,
movie.edu.
,
N S F
.
, .

movie.edu.
C N A M E -
( plan9.movie.edu),

. ,
!
, , CNAME- , .
h2n, CNAME-
.

.
telnet ftp ( - ) ,
,
fx.movie.edu:
% telnet plan9
Trying...
Connected to plan9.fx.movie.edu.
HP-UX plan9.fx.movie.edu A.09.05 C 9000/735 (ttyu1)
login:
, ,

.
fx.movie.edu,

sendmail,
sendmail

. sendmail

D N S - , .
movie.edu
fx.movie.edu.
sendmail,

,
.
w w
sendmail.cf;
-,
? 5 D N S .
? h2n,
fx.movie.edu
(192.253.
2 5 4 / 2 4 1 9 2 . 2 5 4 . 2 0 / 2 4 ) ( /etc/hosts)

. ,
fx.movie.edu, movie.edu

fx.movie.edu.

/etc/hosts:
192.253.254.1 movie-gw.movie.edu movie-gw

# fx:
192.253.254.2 bladerunner.fx.movie.edu bladerunner br
# fx:
192.253.254.3 outland.fx.movie.edu
outland
192.253.254.4 starwars.fx.movie.edu
starwars
192.253.254.5 empire.fx.movie.edu empire

192.253.254.6 jedi.fx.movie.edu jedi
192.254.20.3
alien.fx.movie.edu alien
- c h2n
. h2n ,
,
( -d). ,
:
% h2n -d movie.edu -n 192.253.254 -n 192.254.20 \
-c fx.movie.edu -f options
( options
, movie.edu),

movie.edu
fx.movie.edu.

, , ,
. ,
.
, , -
.
,
.
,
, ,

.
, , .rhosts . .
-
D N S ,

.
, CNAME-
-
. ,

, : ,
.
h2n ,
-c, ,
. -e
h2n (e exclude)
,
,
. ,
C N A M E fx.movie.edu,

( 1 9 2 . 2 5 3 . 2 5 4 / 2 4 ) :
movie-gw.movie.edu
% h2n -d movie.edu -n 192.253.254 -n 192.254.20 \

-e fx.movie.edu -f options

, .
:
, .
,
, .
, ,
CNAME-.
C N A M E -
.
-
.
, ,
D N S - .
.
10

-... , .
- , , , ? .
- , , .
- , ?
D N S - B I N D 8 . 4 . 7 9 . 3 . 2
.
,
( N O T I F Y )
. :
D N S - ,
,
.
,
DNS-.

D N S . (
,
.)
,
(address match list).
B I N D 8 9 (
, )
.
- ( ? ) ,
IP-.
IP-, IP-
( ) . I P -
:
1
, 1 5 . 0 . 0 . 0 2 5 5 . 0 . 0 . 0 ( )
1 5 / 8 . 15
A . , IP- 1 9 2 . 1 6 8 . 1 . 1 9 2 1 9 2 . 1 6 8 . 1 . 2 5 5
1 9 2 . 1 6 8 . 1 . 1 9 2 / 2 6 ( 1 9 2 . 1 6 8 . 1 . 1 9 2
2 5 5 . 2 5 5 . 2 5 5 . 1 9 2 , 2 6 ) .
, :
15/8;
192.168.1.192/26;
- ,
.
,
named.conf
acl ( access control
list).
acl :
acl name { address_match_list; };
(name)
. , acl,
( a c c e s s c o n t r o l l i s t ) ,
,
, ,
.
,

acl. .
, 1 5 / 8 : H P - N E T .
1 9 2 . 1 6 8 . 1 . 1 9 2 / 2 6 internal:
acl "HP-NET" { 15/8; };
acl "internal" { 192.168.1.192/26; };

.
,
named.conf
.
ACL- ,
, BIND
. , BIND 9 BIND 8.3.0
IPv6- IPv6- , .
,
.

:
none
. I P - .
any
IP-.
localhost
I P - ( , D N S ).
localnets
,
(
).
DNS:
T C P / I P
.
DHCP IP-.
-
D H C P ,
. , D N S
. , D N S D y n a m i c U p d a t e (
DNS), RFC 2136.
B I N D 8 9
, R F C 2 1 3 6 .
RR- ,
DNS- .
DNS- NS-.
D N S - ,
, D N S - - ,
- .
. DNS- , , ,
. ,
DNS- ;
D N S -
( ).
DNS-
,
.
,
.
RR-, RRset- ( RR-, ,
, www.movie.edu)

, .

,
. , :
armageddon.fx.movie.edu.
300
IN
192.253.253.15
, armageddon.fx.movie.edu
armageddon.fx.movie.edu
.
:
DNS- BIND 9.1.0,
DNS-
,
DNS- , .
, DNS-
MNAME SOA. ,
, M N A M E
,
DNS- .
,
D H C P ,
,

.
D N S - , ns_update(),

,
.

nsupdate,
BIND.
nsupdate
. (
) ,
nsupdate.
,
, , .
nsupdate
prereq
yxrrset
domain
name type
[rdata]

. R R s e t - type,
(domain name). rdata,

.
prereq
nxrrset
domain
name
type

. R R s e t - type
domain
name.
prereq
yxdomain
domain
name
.
prereq
nxdomain
domain
name
.
update
delete
domain
name [type]
[rdata]
,
type, R R s e t - ,
rdata - , do
main name, type rdata.
update
add domain
name ttl [class]
type
rdata
. ,
T T L , type rdata,
-
IN.
, :
% nsupdate
> prereq nxdomain mib.fx.movie.edu.
> update add mib.fx.movie.edu. 300 A 192.253.253.16
>send

mib.fx.movie.edu,
, .
, nsupdate
B I N D 8 ( 8 . 4 . 5 )
,
, send. , ?
, M X - mib.fx.
movie.edu,
, , :
% nsupdate
> prereq yxrrset mib.fx.movie.edu. MX
> update delete mib.fx.movie.edu. MX
> update add mib.fx.movie.edu. 600 MX 10 mib.fx.movie.edu.
> update add mib.fx.movie.edu. 600 MX 50 postmanrings2x.movie.edu.
> send
, DNS,
, ,
, .
: ,
,
, ,
.
:
( ,
SOA- NS-), .

D N S -
, ,
,
D N S - . . D N S -
.
D N S - B I N D 8
1 0 0 ,
.
DNS-
:
. D N S -
, NOTIFY- ( )
DNS- ,
.
DNS- BIND 9
.

, .

DNS-
. , DNS-

.
DNS- BIND
8 9 .
, , ,
. D N S -
(
). DNS- BIND 8 log1
, .
, . (
, .) DNS-
B I N D 9 log-,
,
. (DNS- B I N D 8 ,
, .)
DNS- BIND 8 log-
.log . D N S -
B I N D 9 .jnl. ,
,
- .
DNS- BIND 8 log-
( , D N S -
) ,
DNS-. DNS- BIND 9 log- .
log- , log-
DNS-.
- , log- B I N D 8
:
;BIND LOG V8
[DYNAMIC_UPDATE] id 8761 from [192.249.249.3].1148 at 971389102 (named pid 17602):
zone:
origin movie.edu class IN serial 2000010957
update: {add} almostfamous.movie.edu. 600 IN A 192.249.249.215
l o g - B I N D 9. ,
, , .

,
, , ,
. DNS- BIND 8 BIND 9
,
.
, allow-update
updatepolicy zone ,
.
allow-update
.

.
:
type master;
allow-update { 192.253.253.100;
}; // DHCP-
};
, allow-update,
: (
SOA) .
TSIG-
D N S - B I N D 9 . 1 . 0
, :
IP-? DNS-
D N S - , ,

, . .
1
, - , ,
. allow-update-forwarding

.
,
I P - . , zone
,
Special Effects:
type slave;
allow-update-forwarding
{ 192.253.254/24; };
};

(TSIG, transaction signatures). TSIG
1 1 , ,
TSIG-
.
, .
,
.
.
DNS- B I N D 8.2
TSIG-:
zone "fx.movie.edu"
type master;
allow-update { key dhcp-server.fx.movie.edu.;
}; //
// ,
BIND 9.1.0 ,
, IP-.
// TSIG- DHCP-
};

fx.movie.edu,
T S I G - dhcp-server.fx.movie.edu.

,
TSIG- IP-.
B I N D 9 , allow-update,
, T S I G - .
zone,
update-policy.
update-policy
,
, ,
. DNS- ,
DNS-
.
, ,
,
.
update-policy:
(grant | deny) identity
nametype
string
[types]
grant deny :
. identity
, .
nametype
:
name
,
, string.
subdomain
,
, string (
). (,
.)
wildcard
,
, , string.
self
,
, identity ( string!),
,
. nametype
self,
string .
( ) , name
.
, string - ,
nametype.
wildcard
nametype, string - .
types
(
), NSEC. ( A N Y
, N S E C . ) types ,
, SOA, NS, RRSIG NSEC.
update-policy:

( , ).
, mummy.fx.movie.edu

mummy.fx.movie.edu, ,
mummy.fx.movie.edu
,
, :
type master;
update-policy { grant mummy.fx.movie.edu. self mummy.fx.movie.edu.; };
};
:
type master;
update-policy { grant mummy.fx.movie.edu. self mummy.fx.movie.edu. A; };
};
-
, , :
type master;
update-policy { grant *.fx.movie.edu. self fx.movie.edu. A; };
};
DHCP-
dhcp-server.fx.movie.edu
A , T X T P T R ,
fx.movie.edu,
:
type master;
update-policy {
grant dhcp-server.fx.movie.edu. wildcard *.fx.movie.edu. A TXT PTR;

grant dhcp-server.fx.movie.edu. subdomain fx.movie.edu.
grant dhcp-server.fx.movie.edu. wildcard *.fx.movie.edu.
, , ,
dhcp-server.fx.movie.edu
,
fx.movie.edu
(, NS- ). DHCP-
,
, .
:
, S R V - ,
, ,
matrix.fx.movie.edu
S R V , A C N A M E ,
A c t i v e D i r e c t o r y ( _udp.fx.movie.edu,
_tcp.fx.movie.edu, _sites.fx.movie.edu
_msdcs.fx.movie.edu).
type master;
update-policy {
grant matrix.fx.movie.edu. subdomain _udp.fx.movie.edu. SRV CNAME A;
grant matrix.fx.movie.edu. subdomain _tcp.fx.movie.edu. SRV CNAME A;
grant matrix.fx.movie.edu. subdomain _sites.fx.movie.edu. SRV CNAME A;
grant matrix.fx.movie.edu. subdomain _msdcs.fx.movie.edu. SRV CNAME A;
deny *.fx.movie.edu. self *.fx.movie.edu. SRV;
grant *.fx.movie.edu. self *.fx.movie.edu. ANY;
};
};
update-policy

, S R V - ,
.

T S I G - ,
,
nsupdate - , 1 1 .
DNS NOTIFY ( )
DNS- BIND
D N S - - , ,
.
. S O A -
.

,
D N S - .

. , D N S ,
? , D N S - ,
; ,
. D N S -

, ,
DNS-
.
1
RFC 1996 ,
DNS-
. ,
D N S N O T I F Y , D N S - B I N D 8 9.
DNS NOTIFY : DNS , ,
DNS-,
.
N S - ,
DNS- M N A M E SOA-
.
DNS- ? DNS
, DNS-- ,
.

.
,
.
N O T I F Y -
DNS-. QUERY. NOTIFY-, ,
, NOTIFY (!).
NOTIFY SOA-
: SOA- ,
, .
DNS- NOTI
FY .
, BIND
, NO
TIFY.
N O T I F Y -
DNS-, ,
NOTIFY-.
- , ,
. DNS-
, :
SOA- , , DNS-
. ,
.
,
? , -
N O T I F Y - , ,
DNS- ,
D o S ( d e n i a l - o f - s e r v i c e , ) .
RFC 1996 -
- N O T I F Y
.
: D N S - D N S ,
, .
B I N D 8 . 2 . 3 , B I N D 9,
B I N D 8. D N S -
B I N D 8 N O T I F Y - ,
.
. D N S - movie.edu
toystory.movie.edu,
wormhole.movie.edu zardoz.movie.edu
- DNS- (. 10.1).
movie.edu
DNS--
wormhole.movie.edu
. 10.1. movie.edu,
zardoz.movie.edu
movie.edu
toystory.movie.edu

NOTIFY-
wormhole.movie.edu
zardoz.movie.edu.

toystory.movie.edu,
.
, movie.edu,
,
, . wormhole.movie.edu
zardoz.movie.edu
DNS- BIND 8.2.3
B I N D 9,
NOTIFY- ,
D N S - zardoz.movie.edu
( movie.edu)

, N O T I F Y - ,
.
DNS- BIND NOTIFY log syslog.
l o g -
toystory.movie.edu

movie.edu:
Oct 14 22:56:34 toystory named[18764]: Sent NOTIFY for "movie.edu IN SOA
2000010958" (movie.edu); 2 NS, 2 A
Oct 14 22:56:34 toystory named[18764]: Received NOTIFY answer (AA) from
192.249.249.1 for "movie.edu IN SOA"
Oct 14 22:56:34 toystory named[18764]: Received NOTIFY answer (AA) from
192.249.249.9 for "movie.edu IN SOA"
N O T I F Y - ,
toystory.movie.edu
( 2 N S ) , ,
movie.edu
2 0 0 0 0 1 0 9 5 8 .
D N S - .
B I N D 9 :
Oct 14 22:56:34 toystory named[18764]: zone movie.edu/IN: sending notifies
(serial 2000010958)
.
a DNS- -
b, b - . b
(. 1 0 . 2 ) .
a b c , .
b ,
, . NOTIFY-
a, a D N S - -
( b ) . b D N S -
B I N D 8 . 2 . 3 B I N D 9
c,
b N O T I F Y c,
c , b.
DNS--
DNS-
. 10.2.
c B I N D 8 . 2 . 3 B I N D 9,
c N O T I F Y - b ,
, , .
,
c NOTIFY- b,
masters
DNS- c
. c
N O T I F Y - ,
.
B I N D 4 ( ,
NOTIFY) Not Implemented (NOTIMP,
) . , M i c r o s o f t D N S
DNS NOTIFY.
D N S N O T I F Y B I N D 8 9,
notify:
options {
notify no;
};
NOTIFY .
, ,
fx.movie.edu
B I N D 4, N O T I F Y . zone:
type master;
notify no;
};
NOTIFY-
D N S - fx.movie.edu.
N O T I F Y
, . ,
B I N D 8, B I N D 9 NO
TIFY .
BIND 8 9 NOTIFY- D N S - , N S - .
,
DNS- ( 8 ) , ,
.
D N S - B I N D 8,
NOTIFY-.
N O T I F Y - ,
also-notify
zone:
type slave;
notify yes;
also-notify { 15.255.152.4;
}; // BIND 8,
//
// DNS-
};
B I N D 8 . 2 . 2 also-notify

options.
N O T I F Y (

also-notify).
B I N D 8 . 3 . 2 9 . 1 . 0 notify
explicit,
N O T I F Y - D N S - , ,
also-notify.
,
DNS- NOTIFY-
1 9 2 . 2 4 9 . 2 4 9 . 2 0 :
options {
also-notify { 192.249.249.20; };
notify explicit;
};
, allow-notify

D N S - N O T I F Y ,
:
options {
allow-notify { 192.249.249.17; }; // 192.249.249.17
// NOTIFY-
};
options allow-notify

.
zone allow-notify
,
allow-notify,
.
(IXFR)
, NOTIFY,
,
,
DNS- . ?
, . ,
.
: ,
, A c
tive Directory D H C P .
,
,
. ( A c t i v e Directory
17 . )
, DNS- ,
, N O T I F Y - D N S - .
,
, , ,
. ,
, .

! D N S -
, ,
(,
).
(incremental zone transfer I X F R )
, D N S -
, ,
.

.
- I X F R A X F R
( ),
S O A -
. D N S -
, ,
,
DNS-. ,
.
.
IXFR
? ! I X F R
, . - ,
BIND 8.2.3. DNS- B I N D 9
I X F R ,
BIND 8.2.3.
, I X F R ,
,
.
,
, - ,
, I X F R .
D N S - ,
,
. ,
I X F R ,
.
IXFR
BIND 9.3.0 IXFR-
. ,
( )
. ,
,
. (
,
.)
,
ixfr-fromdifferences.
options zone.
:
options {
ixfr-from-differences yes;
};
DNS

rndc
freeze:
% rndc freeze zone [class [view]]
, rndc thaw,

:
% rndc thaw zone [class [view]]
,
.
IXFR
D N S - B I N D 8 I X F R ,
.
, I X F R
. ,
I X F R , D N S -

. I X F R -
.ixfr.
DNS- BIND 9
I X F R -
. D N S - ,

, . D N S - B I N D 9
A X F R - ,
, ,
.
IXFR BIND 8
I X F R B I N D 8 . - ,
D N S - maintain-ixfr-base
options, I X F R - - , D N S -
,
DNS-, IXFR-:
options {
maintain-ixfr-base yes;
};
, I X F R -
.

support-ixfr:
server 192.249.249.3 {
support-ixfr yes;
,
I X F R - DNS--.
, ixfr-base
zone:
zone "movie.edu" {
type master;
ixfr-base "ixfr.movie.edu";
};
, DNS- I X F R -
:
1
options {
maintain-ixfr-base yes;
max-ixfr-log-size 1M;
// IXFR- 1
};
I X F R - 100
, . 100

.
,
many-answers.

.
IXFR BIND 9
I X F R D N S - B I N D 9 ,
:
.
( ,

) ,
provide-ixfr
server,
yes:
server 192.249.249.1 {
provide-ixfr no;
};
provide-ixfr

options, D N S - ,
provide-ixfr
server.
BIND 8.2.3 (
1 M ) - .
DNS- BIND 9
many-answers
,

transfer-format.
request-ixfr,

options server. I X F R - IXFR- DNS--
D N S -
:
options {
request-ixfr no;
};
server 192.249.249.3 {
request-ixfr yes;
// toystory IXFR
};
9.3.0 BIND 9

max-journal-size.

- ,

.
DNS- . BIND
, : forwarders
().

.
,
DNS-, DNS-

. (
1 1 , .)

, DNS-
. ,
,
.
,
,
.
D N S - , -
-
, .

DNS-, .
,
DNS-, , DNS- :
. , D N S -

,
.
.
, DNS-

, ,
. DNS-

.
forwarders
BIND 8 9 DNS movie.edu.
wormhole.movie.edu
toystory.movie.edu
.
forwarders
D N S - ,
, :
options {
forwarders { 192.249.249.1; 192.249.249.3; };
};

,
.
.
, DNS- A B,
B - C (, , A ) .
,
:
,
.
DNS-
DNS- ,
D N S - ,
. , D N S -
forward-only.
DNS- forward-only DNS-, .
- ,

, D N S -
. DNS-,
:
options {
forwarders { 192.249.249.1; 192.249.249.3; };

forward only;
};
forward-only
forwarders.
for
ward-only. DNS- B I N D ,
8 . 2 . 3 , f o r w a r d - o n l y , ,
I P - . :
options {
forwarders { 192.249.249.1; 192.249.249.3;
192.249.249.1; 192.249.249.3; };
forward only;
};
D N S -

.
D N S -

.
, forward-only
, forward-first,
.
, ,
DNS , ,
,
. -
:
,
.

:
,
D N S - , .
,
. ,

, - .
B I N D 8 . 2 - ,
DNS-
. (
BIND 9 9.1.0.) , DNS
pixar.com
DNS- Pixar:
zone "pixar.com" {
type forward;
forwarders { 138.72.10.20; 138.72.30.28; };
};
DNS-
, DNS-
D N S - pixar.com,

c o m ? ,
Pixar DNS- , ,

pixar.com.
zone,
,
. , ,
foo.bar.pixar.com,
pixar.com,

, pixar.com
(
pixar.com
- ).
,
.
, .
, D N S - ,
options,
.
zone,
forward.
forwar
ders - , - .
,
options, :
options {
forwarders { 192.249.249.3; 192.249.249.1; };
};
zone "movie.edu" {
type slave;
masters { 192.249.249.3; };
forwarders {};
};
- ,
? D N S -
?
,
,
.

DNS- BIND 8.2.3
, B I N D 9 . 3 . 0
. D N S -

; DNS-

,
.
,
, .
B I N D
, ,
. B I N D
, ,
DNS-.
movie.edu,
fx.movie.edu.
DNS-
matrix.fx.movie.edu
DNS-
1 9 2 . 2 4 9 . 2 4 9 . 3 1 9 2 . 2 4 9 . 2 4 9 . 1 .
N S - movie.edu,

DNS-
fx.movie.edu.

, 1 1 .
B I N D 9 (views) - ,
, .
DNS-
. , DNS-
, ,
(
).
, B I N D 9
, ,
. ,
view, :
view "internal" {
};
,
. ,
, ,

B I N D ( i n t e r n a l ,
) . view options,
.
, ,
match-clients
view,
.
match-clients,
.
, fx.movie.edu,
S p e c i a l E f f e c t s .
, :
view "internal" {
match-clients { 192.253.254/24; };
};
,
acl:
acl "fx-subnet" { 192.253.254/24; };

view "internal" {
match-clients { "fx-subnet"; };
};
, A C L - ,
acl view.
, ,
match-destina
tions view, , match-clients,

. match-destinations
DNS-,
IP-: , DNS- , ,
. match-clients
match-destinations

, .
match-recursive-only,

.
view? ,
acl.
zone, D N S - server,
T S I G key.
options,
:
acl "fx-subnet" { 192.253.254/24; };
view "internal" {
recursion yes;
//
// ( , options)
};
, ,

( , options)

match-clients.
, view
B I N D 9 (
) , doc/misc/options
BIND.
named.conf
,
:
options {
};
acl "fx-subnet" { 192.253.254/24; };
view "internal" {
//
type master;
};
type master;
file "db.192.253.254";
};
};
view "external" {
// ,
match-clients { any; };
//
recursion no;
//
type master;
file "db.fx.movie.edu.external";
//
};
type master;
file "db.192.253.254.external";
//
};
};
,
fx.movie.edu

.
, .
view ,
I P - ,
. external
i n t e r n a l , i n t e r n a l ,
.
( ,
) : view,
zone .
Round Robin:
DNS-, BIND 4.9,
, ,
B I N D .
(Bryan Beecher) B I N D 4 . 8 . 3 , ,
, .
, DNS-
. ,
foo.bar.baz
IP-, 1 9 2 . 1 6 8 . 1 . 1 , 1 9 2 . 1 6 8 . 1 . 2
192.168.1.3, DNS-
:
192.168.1.1 192.168.1.2 192.168.1.3
:
192.168.1.2 192.168.1.3 192.168.1.1
:
192.168.1.3 192.168.1.1
192.168.1.2

.
,
,
F T P - , - , ,
.
:
, DNS-
IP-.
BIND 8 9
,
. D N S -
,
A-. ( , DNS-
,
. ) :
1
foo.bar.baz.
60
IN
192.168.1.1
foo.bar.baz.
60
IN
192.168.1.2
foo.bar.baz.
60
IN
192.168.1.3
DNS- 8 9 ,

4 . 8 . 3 . B I N D
round
robin.
,
. , D N S - ,
, . DNS-
.
, ,
, D N S -

, .
1 9 2 . 1 6 8 . 1 . 3 4 8 6 D X 3 3 ,
Linux, H P 9 0 0 0 ; L i n u x -
.
, B I N D
.
CNAME-
D N S - B I N D 4

CNAME- ( ):
foo1.bar.baz.
60
IN
192.168.1.1
foo2.bar.baz.
60
IN
192.168.1.2
foo3.bar.baz.
60
IN
192.168.1.3
foo.bar.baz.
60
IN
CNAME
foo1.bar.baz.
foo.bar.baz.
60
IN
CNAME
foo2.bar.baz.
foo.bar.baz.
60
IN
CNAME
foo3.bar.baz.
, ,
, C N A M E - .
D N S - B I N D 4 ( -
BIND 9 PTR- . BIND 9

.
) CNAME-
round
robin.
foo.bar.baz
, DNS- BIND 8
.
, CNAME-
:
options {
multiple-cnames yes;
};
, ,
D N S - B I N D 9 C N A M E -
9.1.0. BIND 9.1.0
, C N A M E -
multiple-cnames.
, :
CNAME-
D N S , R F C 2 1 8 1 .
.
rrset-order
, D N S -
round robin. ,
- . D N S -
. ,
.
DNS- BIND 8.2 , BIND 9.3.0
ro
und robin . ,

www.movie.edu,
rrset-order:
options {
rrset-order {
class IN type A name "www.movie.edu" order fixed;
};
};
, , TTL
www.movie.edu,
D N S - ,
, .
, -
foo1.bar.baz, foo2.bar.baz foo3.bar.baz
foo.bar.baz.
class, type name ,

.
I N , - A N Y , - *; ,
. :
options {
rrset-order {
order random;
};
};
,
DNS-.
:
options {
rrset-order {
type A name "*.movie.edu" order cyclic;
};
};
rrset-order,
.
.
rrset-order
( - , ! )
:
fixed

.
random
.
cyclic

(round
robin).
, B I N D 9 . 3 . 2
fixed.
1
:
options {
rrset-order {
class IN type ANY name "*" order cyclic;
};
};
,
DNSSEC, 1 1 .
, rrset-order

,
DNS-.
S R V - , 17.
DNS-
ro
u n d r o b i n , - . ,
,

. rrsetorder .
, ,
,
. ,
,
, . 10
( A R P A n e t )
. ,

,
.
DNS-,
6,
sortlist, : ,
. DNS ,

- , .
D N S - ,
.

B I N D ,
, : D N S . - -
- B I N D 8 . 2 . B I N D 9 . 1 . 0 - B I N D 9,
.
options

sortlist.
sortlist

. sortlist .
,
.
, IP . ,
, ,
, . ? :
options {
sortlist {
{ 192.249.249/24; };
};
};
1 9 2 . 2 4 9 . 2 4 9 / 2 4 , .
1 9 2 . 2 4 9 . 2 4 9 . 1 0 1 ,
1 9 2 . 2 4 9 . 2 4 9 . 8 7 1 9 2 . 2 5 3 . 2 5 3 . 8 7 , DNS 1 9 2 . 2 4 9 . 2 4 9 . 8 7 .
,
IP- .
, D N S -
, , ,
.
, ,
,
. :
options {
sortlist {
{ 192.249.249/24;
{ 192.249.249/24; 192.253.253/24;
}; };
};
};

1 9 2 . 2 4 9 . 2 4 9 / 2 4 ,
1 9 2 . 2 5 3 . 2 5 3 / 2 4 .
,
:
options {
sortlist {
{ 15.1.200/21;
};
};
};
// 15.1.200/21,
{ 15.1.200/21;
//
15/8; };
// 15/8
DNS-:
BIND 8
sortlist,
D N S - . (
B I N D 9 9 . 3 . 2 . )
,
, D N S -
( R T T ) . -
-. BIND 8 DNS- 6 4
R T T .
3 2 ( ! ! ) ,
3 2 .
33 96 . . , D N S , ,
.
, ,
, ,
.
R T T - D N S -
, ,
, . D N S -
,
, .
,
DNS-, .
DNS- .
,

D N S - ( ) . :
topology {
15/8;
172.88/16;
};
DNS-
1 5 / 8 , 1 7 2 . 8 8 / 1 6 . DNS-
DNS- 1 5 / 8 , DNS- 1 7 2 . 8 8 / 1 6
DNS- 1 9 2 . 1 6 8 . 1 / 2 4 , , R T T
,
DNS- 1 5 / 8 .

, DNS- .
,
. ,
D N S - D N S - ,
, , , .
DNS-
BIND , DNS , ,
. ( ,
, 2 D N S . )
D N S -
.
, DNS-
,
. , ,
D N S - . DNS-
,
.
, .
,
D N S - . ,
D N S - ,
,
,
.
1

DNS- BIND :
options {
recursion no;
};
,
.
, re
cursion no :
options {
fetch-glue no;
};
,
,

. :
,
nslookup dig. ,
.
D N S -
. DNS B I N D 9 ,
fetch-glue
B I N D 9 .
DNS-
resolv.conf.
D N S - ,
, .
DNS-
, allow-recursion,
B I N D 8 . 2 . 1 ( B I N D 9 ) .
allow-recursion
;
,
, :
1
options {
allow-recursion { 192.253.254/24;
};
//
// FX
};
allow-recursion
.
IP--
, D N S -
. DNS-
,
. D N S -
,
allow-recursion.
D N S -
, (
DNS- DNS ) . ,
DNS- .
DNS-

D N S - , -
, ,
.
.
DNS- ,
; D N S . , ,
, ,
, nslookup, - .
B I N D 8, B I N D 9 9 . 1 . 0 .
:
server 10.0.0.2 {
bogus yes;
};
, IP- .
D N S -
, ,
. ,
D N S - ,
.

D N S - - blackhole.
D N S -
D N S -
, . blackhole -
options, :
1
options {
/* ,
(RFC 1918) */
blackhole {
10/8;
172.16/12;
192.168/16;
};
DNS- ,
(. RFC 1918).
, -
.
blackhole

8.2, BIND 9 9.1.0.
BIND 8

DNS- BIND
,
.
, DNS-.
. ,
allow-query, , ,
. , blackhole, . .

D N S - .
B I N D ,
. BIND 8
9 .
DNS-
,
D N S - .
DNS-,

, , .
:
options {
transfers-per-ns 2;
};
B I N D 9
D N S - , .
transfers
server:
server 192.168.1.2 {
transfers 2;
};
, ,
options.
D N S - .
, ,
. . , DNS-
. DNS-
,
. DNS .
D N S -
. , :
; .
?
, D N S -
, ,
,
. , , D N S -
. ,
, DNS-
,
.

DNS-.
DNS-. BIND
DNS- . 10 .
, DNS-
D N S - . D N S DNS-,
, ,
.
B I N D 8 9:
options {
transfers-in 10;
};

, .
, , ,
,
. , ,

D N S - . ( , D N S -
,
.
,
D N S - . )

DNS- BIND 9
.
, ,

D N S - ,
. B I N D 9:
options {
transfers-out 10;
};
10.

BIND
. 1 2 0 ( ) .
, ,
, , -
, , , .
( , D N S -
,
) :
options {
max-transfer-time-in 180;
};

max-transfer-time-in
zone. ,
, rinkydink.com

( , ) - -
,
( ) ,
:
options {
};
zone "rinkydink.com" {
type slave;
file "bak.rinkydink.com";
masters { 192.168.1.2; };
};
B I N D 9 max-transfer-time-out,

( options zone).

( D N S - ) ;
, max-transfer-time-in,
- 120 .
BIND 9
.
, max-transfer-idle-in
max-transfer-idle-out,

. opti
ons zone. 6 0 .

, DNS-
. , DNS-
,
,
D N S -
. ( D N S - ,
,
SOA-;
S O A - . ) ,

,
DNS- DNS-
.
9.1.0 BIND
max-refresh-time
min-refresh-time.

-
options
zone.
:
options {
max-refresh-time 86400;
min-refresh-time 1800;
//
// 30
};
9 . 1 . 0 D N S -

max-retry-time
min-retry-time,

.

, ,
, TCP-.
DNS
. :
,
.
. DNS-, TCP-,
,
64 !
D N S - B I N D 8 9
, many-answers.

many-answers
D N S .
many-answers

,
- ,
DNS.
, DNS- ,
,
transfer-format.

, DNS-.
transfer-format
options
server; options transfer-format

. B I N D 8
, one-answer,

D N S - B I N D 4. B I N D 9
many-answers.
:
options {
transfer-format many-answers;
};
DNS-
D N S - many-answers,

, server, ,
:
server 192.168.1.2 {
transfer-format one-answer;
};

, :
many-answers
(
, B I N D 9 ) ,
D N S - B I N D 8, B I N D 9
Microsoft D N S ,
.
1
one-answer,
DNS-
B I N D 4. transfer-format
server,
, .
, BIND 9
server
DNS-
BIND 4
one-answer.

D N S - , :
, . B I N D 8 9
.
Microsoft DNS,
many-answers, DNS-, 16 . -
Microsoft DNS,
one-answer, .

,
.
DNS- ,
D N S - .
,

. BIND 8 BIND 9
9 . 1 . 0 ,

. named
, .
BIND 8 9 :
options {
datasize size
};
size ( ) - , .
,
: k - , m - , g -
. , 6 4 m - 64 .

. DNS-
syslog LOG_WARNING,
.

D N S - B I N D 8 B I N D 9 9 . 1 . 0
,
,
named. :
options {
stacksize size;
};
size ,
datasize.
datasize,
stacksize
,
.

, named
( c o r e f i l e s ) ,
coresize.
, named
- ,
,
.
coresize:
options {
coresize size;
};
datasize,

,
; , B I N D 9 9 . 1 . 0 .

DNS- ,
named -
; ,
, DNS- .
, D N S -
, named
.
U N I X ,
. DNS , ,
syslog :
1
named[pid]: socket(SOCK_RAW): Too many open files

,
files:
options {
files number;
};
( )
unlimited
( ) , , D N S -
;
. ,
, B I N D 9
9.1.0.

BIND 9
, DNS-.
( DNS-, 14 DNS BIND
.
)

recursive-clients:
options {
recursive-clients 5000;
};
1000. , DNS log :

Sep 22 02:26:11 toystory named[13979]: client 192. 249. 249.151#1677: no more
recursive clients: quota reached
. , DNS-
,
.

TCP- ( TCP-)
tcp-clients.
TCP-
, UDP-,
T C P - .
- 100.
SOA-
BIND 8.2.2 DNS-
S O A - .
,
SOA-. ,
,
, DNS- BIND 8
. D N S -
,

serial-queries:
options {
serial-queries 1000;
};
serial-queries
B I N D 9. B I N D 9
S O A - ( 2 0 ) ,
.
serial-query-rate
options,
( ).

DNS- BIND
, , -
. BIND 8 9
.

DNS-
. , D N S - ,
. TTL ,
D N S - ,
.
. DNS-
,
,
.
, DNS- BIND

. ,
. ,
,
D N S -
.
60 .
cleaning-interval
options. :
options {
cleaning-interval 120;
};
120 .
,
.

, B I N D
. D N S - B I N D 8 9
, ,
.
.
,
6 0 . ,
,
, ,
:
options {
interface-interval 0;
,
, ,
.

: ,
D N S - B I N D 8,
. ,
,
, .
statistics-interval

:
options {
statistics-interval 60;
};
60 ,
.
B I N D 9 l o g - syslog,

.
TTL
BIND TTL
. BIND 8 9
.
B I N D 8 . 2 , B I N D 9
TTL
max-ncache-ttl
options.
,
8.2,
( R F C 2 3 0 8 ;
4). DNS-
SOA- ,
TTL , , .
D N S -
:
options {
max-ncache-ttl 3600;
// 3600 -
T T L
. 10800 (
) . ,
(
DNS ) , D N S -
,
.
D N S - B I N D 9
T T L
max-cache-ttl.
- . D N S -
B I N D 8
, .
, ,
TTL, ,
, T T L . ,
D N S - , D N S -
, .
, DNS- ,
. DNS- BIND 8 8.2, BIND 9
, 9 . 1 . 0 ,
TTL
lame-ttl options.
600 (10 ), - 30
. D N S -
, ,
.
, ,
DNS- DNS.
rfc2308-type1

, DNS-. DNS-
BIND 8 9 SOA-
. NS-
, DNS-
- . ,
- ( ,
)
NS-, :
options {
rfc2308-type1 yes;
rfc2308-type1
BIND 9 .
BIND 8.2;

DNS- . ,
,
, , .
DNS- :
.
.
!
auth-nxdomain
options
, DNS- ,
D N S - .
B I N D 8 auth-nxdomain
on
( ) ; B I N D 9 .
B I N D 8.2.2
W i n d o w s N T , , D N S -
,
( ,
W i n d o w s ) , (
U N I X ) .
:
options {
treat-cr-as-space yes;
};
BIND 9 , DNS-
.
, DNS- BIND
M i c r o s o f t D N S A c t i v e D i r e c t o r ,
syslog ,
. ,
A c t i v e D i r e c t o r y , .
,
B I N D 9 . 3 . 0 multi-master
zone
, I P - masters
D N S - ,
DNS:
zone "_msdcs.domain.com" {
type slave;
masters { 10.0.0.2; 10.0.0.3; };
file "bak._msdcs.domain.com";
multi-master yes;
IPv6
,
6- ,
IPv6. , , ,
IPv6 128 . IPv6- - ,
. :
2001: db80:0123:4567:89ab:cdef:0123:4567
( - 2 0 0 1 )
() .
, ,
,
:
2001:db80:123:4567:89ab:cdef:123:4567
;
: : . ::
.
, I P v 6 - . :
2001:db80: dead:beef::
6 4 I P v 6 - 2001:db80:dead:beef,
64 - .
:: I P v 6 -
. , loopback- IPv6
:
::1
1 2 7 , . : :

:
2001:db80: dead:beef::1
: :
.
IPv6 , CIDR-
I P v 4 .
I P v 6
. ,
( , ,
):
2001:db80: dead:beef:0000:00f1:0000:0000/96
2001:db80:dead:beef:0:f1:0:0/96
2001:db80:dead:beef:0:f1::/96
I P v 4 I P v 6
.

I P v 6 ,
.
, 0 0 1 .
-
.
-
,

.
I P v 6
,
;
.

.
R F C 3 5 1 3 ,
:
|
+
n bits
| global routing prefix

+
| m bits
+
|
+
128-n-m bits
|
+
| subnet ID |
+
+
interface ID
|
+
RFC 3 1 7 7
:
I P v 6
/ 4 8 .
- / 4 8 .
/ 4 7
.

I P v 4 I P v 6 ,
DNS- IPv4
I P v 6 . B I N D 8 . 4 . 0 , B I N D 9
IPv4, IPv6;
,
I P v 4 I P v 6 .
, ,
.
IPv4
listen-on
D N S - B I N D 8 B I N D 9. -
listen-on
:
options {
listen-on { 192.249.249/24; };
};
DNS-
, .
( , 5 3 )
, port:
options {
listen-on port 5353 { 192.249.249/24; };
};
B I N D 9
:
options {
listen-on { 192.249.249.1
port 5353; 192.253.253.1
port 1053; };
};
,
D N S - ,
D N S - ,
. ,
masters :
zone "movie.edu" {
type slave;
masters port 5353 { 192.249.249.1; };
};
D N S - B I N D 9 D N S - ,
,
:
zone "movie.edu" {
type slave;
masters { 192.249.249.1 port 5353; 192.253.253.1 port 1053; };
};
B I N D 9 N O T I F Y -
. DNS-
D N S - ,
:
also-notify port 5353 { 192.249.249.9; 192.253.253.9; }; //
// zardoz
, :
also-notify { 192.249.249.9 port 5353; 192.249.249.1 port 1053; };
D N S -
, - , ,
DNS-
, -
query-source:
options {
query-source address 192.249.249.1;
};
,
, I P - .
:
options {
query-source address 192.249.249.1 port 53;
};
B I N D :
,
, ,
. :
options {
query-source address * port *;
};
, query-source
UDP- ; T C P -
,
.
transfer-source,
, . BIND 9
S O A - ,
DNS-,
:
options {
transfer-source 192.249.249.1;
};
query-source,

I P - , address. B I N D 8
port . B I N D 9 :
options {
transfer-source 192.249.249.1 port 1053;
};
U D P - ( S O A -
).
transfer-source

zone, ( B I N D 9 SOA- ) :
zone "movie.edu" {
type slave;
masters { 192.249.249.3; };
transfer-source 192.249.249.1;
// IP-
// movie.edu
};
, BIND 9.1.0 ,
, N O T I F Y - , notify-source.
,
,
DNS- NOTIFY-
I P - , masters
.
notify-source
source-
. :
options {
notify-source 192.249.249.1;
};
transfer-source,
notify-source

,
zone :
zone "movie.edu" {
type slave;
masters { 192.249.249.3; };
notify-source 192.249.249.1
port 5353;
};
I P - , N O T I
F Y - ( , ,
), IP-
masters
allow-notify
N O T I F Y -
,
masters.
IPv6
D N S - B I N D 9 I P v e - .
D N S -
IPve-,
listen-on-v6:
options {
listen-on-v6 { any; };
B I N D 9 . 3 . 0 listen-on-v6

any none. D N S (
) port:
options {
listen-on-v6 port 1053 { any; };
};
I P v 6 ,
listen-on-v6.
,
, 53.

IPv6-
transfer-source-v6:
options {
transfer-source-v6
222:10:2521:1:210:4bff:fe10:d24;
};
, :
options {
transfer-source-v6 222:10:2521:1:210:4bff:fe10:d24
port 53;
};
( )
B I N D 9. ,
, ,
. transfer-source,
transfer-source-v6
zone.
S O A -
.
, BIND 9.1.0 ,
IPv6- N O T I F Y - - notify-source.

IPv6 , ,
notify-source-v6:
options {
notify-source-v6
222:10:2521:1:210:4bff:fe10:d24;
};
transfer-source-v6,
,
zone.
EDNS0
D N S - , U D P ,
5 1 2 .
,
. , -

UDP.
DNS, DNSSEC
I P v 6 , . ,
, 512 ,
TCP.
DNS 0 (The Extension Mechanisms
f o r D N S , version 0, E D N S 0 )
.
DNS DNS-,
DNS-, 512 .
( ,
.)
BIND EDNS0 9.0.0 8.3.0. DNS-
EDNS0
D N S - , U D P , 4 0 9 6 .
,
E D N S 0 , ,
512 .
, , ,
D N S - , E D N S 0 .
,
edns server,
EDNS0
:
server 10.0.0.1 {
edns no;
};
B I N D 9 . 2 . 0
, BIND 8.3.2 .
B I N D 9 . 3 . 0 , B I N D 8 . 4 . 0
DNS-,
U D P , DNS-.
edns-udp-size
options:
options {
edns-udp-size 512;
};
, ,
D N S 5 1 2 ,
. ( , ,
, -
.)
size - 4 0 9 6 , - 5 1 2 .
edns-udp-
IPv6:
, A - 1 2 8 -
IPv6-; B I N D , A -
3 2 - .
IETF ,
RFC 1886. 128- IPv6-
- A A A A ,
ip6.int.
B I N D 4.
, . ,
,
- A 6 D N A M E , DNS- . ,
, IETF ,
A 6 / D N A M E ,
, . ,
R F C , A 6 ,
, D N A M E
,
RFC 1886.
IPv6 A A A A .
ip6.int ,
; ip6.arpa.
, ,
A 6 D N A M E ,
.
AAAA ip6.arpa
IPv6
R F C 1 8 8 6
, , A - .
A A A A ( A ) . A A A A -
IPv6-, . A A A A - :
ipv6-host
IN
AAAA
2001:db80:1:2:3:4:567:89ab
R F C 1 8 8 6 ip6.int, ip6.arp a , IPv6-.

ip6.arpa
128- , A A A A - .
( ) .
, A A A A - ,
,
ip6.arpa, I P v 6 - ,
32 32 .
, :
b.a.9.8.7.6.5.0.4.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.0.8.b.d.1.0.0.2.ip6.arpa.
P T R - ,

in-addr.arpa:
b.a.9.8.7.6.5.0.4.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.0.8.b.d.1.0.0.2.ip6.int.
PTR mash.ip6.movie.edu.
IN
A6, DNAME-, - ip6.arpa

. -
-
IPv6
A 6 D N A M E . A 6 D N A M E RFC 2874
RFC 2672 .
BIND 9.0.0.
,
IPv6 ,
BIND . ,
, ,
. ,
A 6
.
A 6 -
, BIND 9.2.x. ISC
- 9.3.0 , A 6
. ,
, -
DNS.
A A A A - ip6.int
, ,
. , ,
A A A A - ,
IPv6- .
, :
.
1
,
, .
A6
A 6
IPv6-, 64 ( ,
), ,
.
,
, .
, DNS- A 6 ,

. ,

.
, A 6 :
$ORIGIN movie.edu.
drunkenmaster
IN
A6
64
::0210:4bff:fe10:0d24
subnet1.v6.movie.edu.
64 IPv6-
drunkenmaster.movie.edu ( 6 4 ,
A6-) , 64
A6-
subnet1.v6.movie.edu.
subnet1.v6.movie.edu,
, 16 6 4 ( ),
A 6 drunkenmaster.movie.edu,

A 6 :
$ORIGIN v6.movie.edu.
subnet1
IN
A6
48
0:0:0:1::
movie-u.isp-a.net.
subnet1
IN
A6
48
0:0:0:1::
movie.isp-b.net.
4 8 subnet1.v6.movie.edu
, .
,
A 6 : movie-u.isp-a.net,

movie.isp-b.net.
,
, I S P A ISP B. ISP A
:
$ORIGIN isp-a.net.
movie-u
IN
A6
40
0:0:21::
isp-a.rir-1.net.
,
I S P A . (
,

, , ,
.)
,
,

. A 6
.
I S P B ,
, :
$ORIGIN isp-b.net.
movie
IN
A6
40
0:0:42::
isp-b.rir-2.net.

IPv6:
$ORIGIN rir-1.net.
isp-a
IN
A6
36
0:0:0500::
rir-2.top-level-v6.net.
:
$ORIGIN rir-2.net.
isp-b
IN A6 36
0:0:0600::
rir-1.top-level-v6.net.
, IPv6
, ,
R I R 1 R I R 2.
$ORIGIN top-level-v6.net.
rir-1
IN
A6
2001:db80::2
rir-2
IN
A6
2001:db80::6
A 6 , DNS- 128
I P v 6 drunkenmaster.movie.edu.
:
2001:db80:2521:1:210:4bff:fe10:d24
2001:db80:6642:1:210:4bff:fe10:d24
R I R 1 ISP A
, - R I R 2 ISP B. (
.) ,
R I R 1 ISP A ,
A 6 isp-a.rir-1.net
;
A 6 ,
ISP A . , I P v 6 -
, .
, A 6 .
I P v 6 -
( A 6
, . . ) .
,
A A A A - ,
,
.
DNS- NS-
A 6 , A6-
128- IPv6-.
, DNS- DNS-
DNS-
IPv6- DNS-.
DNAME-
, A 6 ,
IPv6-.
A 6 , , ip6.arpa.
IPv6-
D N A M E , RFC 2672, , RFC 2673. DNAME-
C N A M E - .
. ,
movieu.edu,
movie.edu, movieu.edu
:
$TTL 1d
@
IN
SOA
toystory.movie.edu.
root.movie.edu. (
2000102300
3h
30m
30d
1h
IN
NS
toystory.movie.edu.
IN
NS
wormhole.movie.edu.
IN
MX
IN
DNAME
movie.edu.
D N A M E - movieu.edu

, movieu.edu,

movieu.edu.
D N A M E - , C N A M E - ,
,
C N A M E - D N A M E - . D N A M E .
D N S - movieu.edu

, movieu.edu,
cuckoosnest.movieu.edu,
D N A M E ,
cuckoosnest.movieu.edu
cuckoosnest.movie.edu,
movieu.edu
movie.edu:
cuckoosnest.movieu.edu.
IN
CNAME
cuckoosnest.movie.edu.
DNAME- s (sub
s t i t u t e , ) s e d . D N S - movieu.edu
-
C N A M E - . ,
DNAME- ,
CNAME- D N A M E - .
IPv6 -
,
()
. ,
I P - .
.
, IPv6-, 128 !
! ,
!
-
,
, .
" \ [ " " ] " ,
, ,
: b , o
x .
- , IPv6-
kenmaster.movie.edu:
drun-
\[x2001db802521000102104bfffe100d24]
\[x2001db806642000102104bfffe100d24]
, ,
I P v 6 , ,
in-addr.arpa.
,
-
, :
0.0.1.0.0.1.0.0.1.0.1.1.0.0.0.0.0.0.0.0.1.0.0.0.0.1.1.1.1.1.1.1...
, 32
- , ,
.
-
IPv6-,
, .
R I R 1 -
, \[
x2001db802/36].
DNAME- -
, IPv6 , ,
, ,
IPv6-.
,
\[x2001db806642000102104bfffe100d24].ip6.arpa,
,

drunkenmaster.movie.edu
( R I R 2 ISP B ) . D N S - , ,
D N S - D N S - ip6.arpa,
:
$ORIGIN ip6.arpa.
\[x2001db802/36]
IN
DNAME
ip6.rir-1.net.
\[x2001db806/36]
IN
DNAME
ip6.rir-2.net.
,
, D N S - ip6.arpa
, :
\[x2001db806642000102104bfffe100d24].ip6.arpa.
IN
CNAME
\[x642000102104bfffe100d24].ip6.rir-2.net.
( 36 )
,
ip6.rir-2.net,
,
R I R 2. ip6.rir-2.net
:
$ORIGIN ip6.rir-2.net.
\[x6/4]
IN
DNAME
ip6.isp-b.net.
:
\[x642000102104bfffe100d24].ip6.rir-2.net
:
\[x42000102104bfffe100d24].ip6.isp-b.net
DNS-
D N S - ip6.isp-b.net.
ip6.isp-b.net

:
$ORIGIN ip6.isp-b.net.
\[x42/8]
IN
DNAME
ip6.movie.edu.
:
\[x000102104bfffe100d24].ip6.movie.edu
, ip6.movie.edu
PTR-,
:
$ORIGIN ip6.movie.edu.
\[x000102104bfffe100d24/80]
IN
PTR
drunkenmaster.ip6.movie.edu.
( D N A M E -
. )
subnet1,
,
PTR-, ,
ip6.movie.edu.

-, DNAME-,

, .
,
, ,
.
, .
11
- , ? , .
- , , - .
- , -
.
- ,
!
-
? - .
- , , .
D N S ?
,
?
.
1 9 9 7
, www.internic.net
- I n t e r N I C ,
, A l t e r N I C . ( A l t e r N I C
D N S - ,
,
med porn.) ? ( E u g e n e
Kashpureff), AlterNIC,
, DNS-
, ,
www.internic.net - A l t e r N I C .
, ;
, , , ,
A l t e r N I C , I n t e r N I C . ,
D N S - , www.amazon.com
www.wellsfargo.com
- ,
. ,

, .
,
DNS. DNS
.
: , ,
DNS-. DNS-,
, ,
, ,
.
.
- D N S ,

.
TSIG
B I N D 8 . 2
D N S ,
( T S I G , t r a n s a c t i o n s i g n a t u r e s ) . T S I G
-
D N S ,
.
TSIG, RFC 2845,
, D N S DNS-, ,
DNS (
) . (
DNS,
.)
TSIG DNS-
TSIG-
DNS. TSIG-
D N S ,

, .
1
, , , T S I G - ^
,
.
,
,
( ).
-
T S I G
,

-.
- ,
, -

. -
, -
.
, - -
- ,
, -
, .
TSIG , MD5. , M D 5 ,
H M A C - M D 5 . H M A C - M D 5
, 1 2 8 - -
, .
TSIG-
T S I G - ,
: T S I G - -
, DNS- DNS-.
D N S T S I G - ,
, - ,
, .
, TSIG- - ,
DNS .
( , ,
DNS
H M A C - M D 5 -.) -
,
.
- ,
,
.
TSIG-
D N S . [ ]
( r e p l a y a t t a c k s ) , ,
( ,
R R - )
. D N S
, ,
( TSIG).
TSIG
TSIG ,
TSIG- ,
. , TSIG
D N S - - movie.edu
,
:
key toystory-wormhole.movie.edu. {
algorithm hmac-md5;
secret "skrKc4Twy/cIgIykQu7JZA==";
};
toystory-wormhole.movie.edu.,
key
, ,
. ( DNS ,
. ) R F C T S I G
, ,
.
.

.
, , ,
, .
TSIG-
, ,
TSIG- -
.
:
Jan
4 16:05:35 wormhole named[86705]: client 192.249.249.1#4666: request has
invalid signature: TSIG tsig-key.movie.edu: tsig verify failure (BADKEY)
hmac-md5.

Base 6 4 ,
dnssec-keygen,
B I N D 9,
dnskeygen,
B I N D 8.
dnssec-keygen,
:
# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST toystory-wormhole.movie.edu.
Ktoystory-wormhole.movie.edu.+157+28446
-a ,
. ( ,
dnssec-keygen
, -
D N S . ) -b
; RFC
1 2 8 . -n
HOST,
. ( D N S S E C Z O N E . )
- .
dnssec-keygen
dnskeygen
,
. dnssec-keygen

.
dnssec-keygen

Ktoystory-wormhole.movie.edu.+157
+28446.key
Ktoystory-wormhole.movie.edu.+157+28446.private.
. ,
- 1 5 7 2 8 4 4 6 , : D N S
SEC (157 H M A C - M D 5 ) (fin
g e r p r i n t , ) ( 2 8 4 4 6 ) - - ,
.
T S I G , D N S S E C
,
.
Ktoystory-wormhole.movie.edu.+157+28446.key
toystory-wormhole.movie.edu. IN KEY 512 3 157 skrKc4Twy/cIgIykQu7JZA==
Ktoystory-wormhole.movie.edu.+157+28446.private:
Private-key-format: v1.2
Algorithm: 157 (HMAC_MD5)
Key:
skrKc4Twy/cIgIykQu7JZA==
,
Base 6 4
mmencode:
% mmencode
foobarbaz
Zm9vYmFyYmF6
,
, ,
D N S - ( , s s h )
, .
named.conf
,
,
, include key
, :
include "/etc/dns.keys.conf";
,
TSIG - . TSIG- , -
,
, D N S - . (

- . )
:
wormhole named[86705]: client 192.249.249.1#54331: request has invalid
signature: TSIG toystory-wormhole.movie.edu.: tsig verify failure (BADTIME)
, N T P ( N e t w o r k T i
me Protocol) - .
1
TSIG
, T S I G
, , ,
. B I N D 8 . 2 ,
B I N D 9
, ,
TSIG.
keys server,
DNS-,
,
DNS-. ,
D N S - , wormhole.movie.edu,

, 1 9 2 . 2 4 9 . 2 4 9 . 1
( toystory.movie.edu)
toystory-wormhole.movie.edu:
server 192.249.249.1 {
keys { toystory-wormhole.movie.edu.;
};
};
(
) ,
masters
.
zone "movie.edu" {
type slave;
masters { 192.249.249.1 key toystory-wormhole.movie.edu.; };
};
toystory.movie.edu

,
toystory-wormhole.movie.edu:
zone "movie.edu" {
type master;
NTP - Network Time

Protocol http://www.ntp.org.
allow-transfer { key toystory-wormhole.movie.edu.;
};
};
toystory.movie.edu

, wormhole.movie.edu

.

T S I G , allow-update
licy, .
update-po-
nsupdate,
BIND 8.2
, B I N D 9,
TSIG-. ,
dnssec-keygen
,
-k nsupdate.

nsupdate B I N D 9:
% nsupdate -k
Ktoystory-wormhole.movie.edu.+157+28446.key
:
% nsupdate -k
Ktoystory-wormhole.movie.edu.+157+28446.private
BIND 8.2
nsupdate
. -k
, :
% nsupdate -k /var/named:toystory-wormhole.movie.edu.
( , nsupdate

),
nsupdate B I N D 9:
% nsupdate -y
toystory-wormhole.movie.edu.:skrKc4Twy/cIgIykQu7JZA==
- y , ,
Base 6 4 .
, Base 6 4
, .
N e t : : D N S , P e r l ,

T S I G - . N e t : : D N S 15
.
,
DNS, DNS.
DNS-
BIND 8 9 .
, D N S - ,
DNS-.
,
DNS-, .
, D N S - ,
,
DNS-.
BIND
DNS- B I N D .
B I N D 8 8.4.7 B I N D 9 9.3.2
.
B I N D

http://www.isc.org/sw/bind/bind-security.php.
:
, ,

B I N D .

comp.protocols.dns.bind
bind-users.
- bind-announce,

BIND.
1
B I N D
: , BIND
, , ,
. ,
: B I N D 4.9 DNS-
.
TXT- CHAOSNET
version.bind,
B I N D :
% dig txt chaos version.bind.
; <<>> DiG 9.3.2 <<>> txt chaos version.bind.
;; global options:
printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14286
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
, bind-users, 3.
bind-announce, .
;version.bind.
CH
TXT
CH
TXT
"9.1.0"
CH
NS
version.bind.
;; ANSWER SECTION:
version.bind.
;; AUTHORITY SECTION:
version.bind.
;; Query time: 17 msec
;; SERVER:
192.168.0.1#53(192.168.0.1)
;; WHEN: Sat Jan

;; MSG SIZE
7 16:14:39 2006
rcvd: 62
, BIND 8.2

DNS-
versi-
on.bind:
options {
version "NE TVOE DELO";
};
, NE TVOE DELO
, 8.2 ,
.
,
version none
BIND 9.3.0:
options {
version none;
};
D N S -
:
; <<>> DiG 9.3.2 <<>> txt chaos version.bind.
;; global options:
printcmd
;; Got answer:
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;version.bind.
CH
TXT
CH
SOA
version.bind.
86400
version.bind.
hostmaster.version.bind. 0 28800 7200 604800 86400

;; SERVER:
192.168.0.1#53(192.168.0.1)
;; WHEN: Sat Jan

;; MSG SIZE
7 16:16:43 2006
rcvd: 77

B I N D 4
, DNS-.
: DNS
,
.
. , ,
,

,
.
allow-query,
B I N D 8 9,
I P - ,
. (access control list, A C L )

, DNS-. ,
, IP-
DNS-.

allow-query
options {
allow-query { _; };
};
,
,
:
options {
allow-query { 192.249.249/24;
192.253.253/24; 192.253.254/24; };
};

B I N D 8 9
.
allow-query
zone ,
:
acl "HP-NET" { 15/8; };
zone "hp.com" {
type slave;
file "bak.hp.com";
masters { 15.255.152.2; };
allow-query { "HP-NET"; };
, ,
.
, ,
, A C L , .
, A C L - ,
. A C L - ,
ACL-.
1

,
DNS-, ,
DNS- .
, DNS-,
( , )
, . ,
,
. , ,

, ,
.
allow-transfer
BIND 8 9

. allow-transfer
zone
,
options - .
.
I P - D N S - movie.edu:
192.249.249.1
1 9 2 . 2 5 3 . 2 5 3 . 1 (wormhole.movie.edu),
192.249.249.9 192.253.253.9
(zardoz.movie.edu).
zone:
zone "movie.edu" {
type master;
allow-transfer { 192.249.249.1; 192.253.253.1; 192.249.249.9;
192.253.253.9; };
};
movie.edu
DNS-- .
DNS- BIND 8 9
I P -
D N S allow-query -.
,
zone:
zone "movie.edu" {
type slave;
masters { 192.249.249.3; };
allow-transfer { none; };
};
BIND 8 9 ACL . ,

zone. ,
IP-:
options {
allow-transfer { 192.249.249/24; 192.253.253/24;
192.253.254/24; };
};
, , DNS- BIND
8.2 , B I N D 9
DNS-,
.
DNS-
key, :
key toystory-wormhole. {
algorithm hmac-md5;
secret
"UNd5xYLjz0FPkoqWRymtgI+paxW927LU/gTrDyulJRI=";
};
zone "movie.edu" {
type master;
allow-transfer { key toystory-wormhole.; };
};
D N S -
. :
key toystory-wormhole. {
algorithm hmac-md5;
secret
"UNd5xYLjz0FPkoqWRymtgI+paxW927LU/gTrDyulJRI=";
};
server 192.249.249.3 {
keys { toystory-wormhole.;
};
//
// 192.249.249.3
};
zone "movie.edu" {
type slave;
masters { 192.249.249.3; };
};
DNS- , ,
DNS-.
D N S - ,
,

.
BIND
B I N D
, ; D N S - B I N D
r o o t .
DNS-, ,
.
,
,
root.
B I N D 8 . 1 . 2 , B I N D 9
, ,
D N S - . D N S -

,
,
.
, D N S - ,
.
D N S - chroot()

DNS-, ,

. ,
D N S -
, , ,
DNS-.

:
-u
,
D N S - . : named
-u
bin.
-g
, DNS . : named -g other.
, DNS--
. D N S -
BIND 9 ,
-g.
-t
,
DNS-.
chroot()
- - g , ,
.
DNS-,
bind named. D N S -
named.conf,

root, .
, ,
, D N S - ,
, .
, DNS-
.
DNS- ,
( l o g - syslog), ,
D N S - ,
.
-t .
, , ,
named,
, D N S - .

. , /var
/named:
1
1. /var/named
, .
d e v , e t c , lib, usr v a r . usr
sbin. var - named r u n :
# mkdir /var/named
# cd /var/named
# mkdir -p dev etc lib usr/sbin var/named var/run
2. named.conf
/var/named/etc/named.conf:
# cp /etc/named.conf etc
3. B I N D 8, namedxfer usr/sbin/ etc ( ,

- /usr/sbin /etc).
# cp /usr/sbin/named-xfer usr/sbin
FreeBSD,
.

/var/named
named-xfer,
named,
.
, /var/named
,
named.conf
/var/named

. ( B I N D 9,
, B I N D 9
named-xfer.)
4. dev/null
# mknod dev/null c 2 2
5. B I N D 8,
C lib:
# cp /lib/libc.so.6 /lib/ld-2.1.3.so lib

. B I N D 9 ,
.
6. ,
syslogd :
-a /var/named/dev/log.
U N I X
syslogd /etc/rc /etc/rc.d/
init.d/syslog.
syslogd
/var /named/dev/log,
named
.
syslogd -a,
logging, 7 B I N D ,
chroot-.
7. B I N D 8 -u -g,
etc passwd group,
-u -g
(
):
# echo "named:x:42:42:named:/:" > etc/passwd
# echo "named::42" > etc/group
/etc/passwd
/etc/group
. D N S - B I N D 9,
/etc/passwd
/etc/group,
DNS- BIND 9

chroot().
8. , , na
med -t /var/named
.
mknod, dev/null,
.
syslogd, U N I X
named /etc/rc
/etc/rc.d/init.d/named.
ndc D N S -
B I N D 8, ,
UNIX- - c :
# ndc -c /var/named/var/run/ndc
reload
rndc D N S - B I N D 9, ,
953.
DNS-
, D N S - :
D N S -
DNS-. ,
DNS- ,
,
DNS-.
DNS-
DNS-
DNS- , DNS-
NS-, . DNS-
, -
.
,
DNS-.
, D N S -
(
D N S -
) . - ,
-
. -
- DNS-,
DNS-,
DNS-,
,
.
, D N S -
, .
: , IP-,
DNS- DNS- , ,
,
, . -
,
B I N D 8 9:
options {
recursion no;
};

( ,
) . ,
. D N S -

DNS-, NS-;
DNS- ,
D N S - B I N D 8 ( D N S - B I N D 9 ) :
options {
fetch-glue no;
};
DNS-
D N S - ,

D N S - , D N S - .
D N S - ,
.
. , D N S D N S , ,
, I P -
.
allow-query
:
options {
allow-query { 192.249.249/24; 192.253.253/24;
192.253.254/24; };
};
DNS-
, D N S - ,
,
.
,
DNS-, use-id-pool:
options {
use-id-pool yes;
use-id-pool B I N D 8 . 2 . ,

- .
,
,

.
, ,
B I N D 9, D N S - B I N D 9
.

,
DNS-,
D N S - ,
? - . ,

B I N D 8 9. -
,
DNS-,
.
DNS- ,
, ,
.
named.conf
acl "internal" {
192.249.249/24; 192.253.253/24;
192.253.254/24; localhost;
};
acl "slaves" {
192.249.249.1; 192.253.253.1; 192.249.249.9; 192.253.253.9;
};
options {
allow-query { "internal"; };
use-id-pool yes;
};
zone "movie.edu" {
type master;
allow-query { any; };
allow-transfer { "slaves"; };
};
type master;
file "db.192.249.249";
allow-query { any; };
};
zone "." {
type hint;
file "db.cache";
};

,
D N S - , -
.
BIND 8.2.1
,
allow-recursion:
acl "internal" {
192.249.249/24; 192.253.253/24;
192.253.254/24; localhost;
};
acl "slaves" {
192.249.249.1; 192.253.253.1; 192.249.249.9; 192.253.253.9;
};
options {
allow-recursion { "internal"; };
use-id-pool yes;
};
zone "movie.edu" {
type master;
};
type master;
file "db.192.249.249";
};
zone "." {
type hint;
file "db.cache";
};
allow-query
: D N S -
, ,
.
D N S - .
:
DNS- ,
D N S - ,
. allow-query

,

allow-recursion.
named
. - DNS-, .
,
, IP.
,
, . ,
IP-.
IP-
. I P -
named. ,
IP-,
named I P - , -
l o o p b a c k - . ,
, ,
, DNS-.
named.conf
DNS-
, I P - :
acl "slaves" {
192.249.249.1; 192.253.253.1; 192.249.249.9; 192;253.253.9; };
};
options {
directory "/var/named-advertising";
recursion no;
fetch-glue no;
listen-on { 192.249.249.3; };
pid-file
"/var/run/named.advertising.pid";
};
zone "movie.edu" {
type master;
};
type master;
file "db.192.249.249";
named.conf
D N S - ,
:
options {
directory "/var/named-resolving";
listen-on { 127.0.0.1; };
pid-file
"/var/run/named.resolving.pid";
use-id-pool yes;
};
zone "." {
type hint;
file "db.cache";
};
,
D N S - ,
l o o p b a c k - , . (
DNS- IP-
,
allow-que r y , D N S - . )
,
.
P I D - ,
-
PID-,
.
D N S - ,
, resolv.conf

:
nameserver.
B I N D 9, D N S :
options {
};
acl "internal" {
192.249.249/24; 192.253.253/24;
};
view "internal" {
match-clients { "internal"; };
recursion yes;
zone "movie.edu" {
type master;
192.253.254/24; localhost;
type master;
file "db.192.249.249";
};
zone "." {
type hint;
file "db.cache";
};
};
view "external" {
recursion no;
zone "movie.edu" {
type master;
};
type master;
file "db.192.249.249";
};
zone "." {
type hint;
file "db.cache";
};
};
: ,
. ,
, . ,
. movie.edu 249.249.192.in-addr.arpa
. ,

, .
DNS
D N S
. D N S B I N D
, D N S
.
B I N D -
, ,
DNS BIND.
,
.

- .
B I N D
.
D N S -
DNS-, .
,
, - .
,
-, .

B I N D ,
, .
D N S
. ,
, , ,
.
D N S ,
,
.
,
.
,
, ,
D N S - .
E. Z w i c k y , S. C o o p e r B. C h a p m a n B u i l d i n g I n t e r n e t
Firewalls* (O'Reilly).
1

.
, ,
T C P / I P (
OSI, - ).

, ,
(TCP U D P ) , IP- ,
(. 11.1).
,
. - . . - .: -, 2002.
( )
( IP-)
. 11.1.

,
DNS .
, DNS-
.
DNS-
DNS- (
) . ,
, .
- F i r e W a l l - 1
C h e c k p o i n t , P I X C i s c o N e t S c r e e n J u n i p e r .
BIND 8/9

BIND 4
5 3 , D N S , 5 3 .
, DNS-
( 1 0 2 3 )
53. DNS-
D N S ,
D N S . ,
, D N S - B I N D 8 9
5 3 . ,
, DNS.

,
, DNS- ,
, D N S - ,
, DNS 53
53.
:
, D N S -
, 53
( , ,
D N S - ,
).
BIND,
query-source.
query-source

. ,
:
options { query-source address * port 53; };
B I N D 5 3
,
. ,
B I N D ,
. wormhole.movie.edu:
options { query-source address 192.249.249.1
port *; };
B I N D
1 9 2 . 2 4 9 . 2 4 9 . 1 ( 1 9 2 . 2 5 3 . 2 5 3 . 1 )
.
query-source

BIND 9 9.1.0, BIND 9
,
53.
(proxies)
,
OSI, (. 11.2).
-
, . ,
FTP
F T P , RETR ( get) STOR ( p u t ) .
( : STOR, RETR)
. 11.2. OSI
( ) ,
, ,
T C P . D N S , ,
UDP. ,

DNS- .
F i r e w a l l T o o l k i t ( )
Trusted I n f o r m a t i o n Systems (TIS
M c A f e e )
, Telnet, FTP H T T P .
, S i d e w i n d e r S e c u r e C o m p u t i n g ,
S y m a n t e c , .
, -
. .
, ,
,

D N S . ,
, , ;
,
D N S -
.

-
D N S ( ,
).
D N S - D N S -
,
D N S - . .
, - - :
B I N D
, .
B I N D , DNS-,
.
DNS- DNS- , .
DNS-
, ,
.
D N S - ,
, DNS
,
. ,
Telnet, D N S ,
telnet.

.

,
D N S ,
,
D N S . - ,
, D N S - ,
, D N S -
, - (. 11.3).
DNS
. 11.3.
DNS
DNS- DNS-
n=si
.
DNS
. 11.4.
DNS-
, ,
,
DNS- DNS-
. , D N S , (. 11.4).
DNS-,
D N S - , .

,
. ,
D N S - ,
, D N S , .
forwarders,
10
.
. 1 1 . 5
: DNS- DNS- , - .

, .
,
, D N S , toystory.movie.edu
wormhole.movie.edu,
DNS DNS- . DNS-
. BIND 8 9
:
options {
forwarders { 192.249.249.1; 192.249.249.3; };
forward only;
};
,
. DNS-
BIND 8.2.3 , BIND 9.3.0
,
.
D N S - ,
,
, ,
, DNS-
. !

, .
. ,
,
zardoz.movie.edu:
DNS-
. 11.5.

DNS-
options {
forwarders { 192.249.249.1; 192.253.253.3; };
};
zone "movie.edu" {
type slave;
masters { 192.249.249.3; };
};
zardoz.movie.edu
movie.edu

. , zardoz.movie.edu
fx.movie.edu?

movie.edu,
zardoz.movie.edu
N S - ,
fx.movie.edu
. zardoz.movie.edu
, ,
,
toystory.movie.edu
wormhole.movie.edu.
DNS-?
, zardoz.movie.edu

toystory.movie.edu.
,
toystory.movie.edu

D N S - zardoz.movie.edu
fx.movie.edu.
, zardoz.movie.edu

.
:
, ,
DNS-. DNS , ,
,
. ?
, D N S -
,
,
.
. -
, DNS-, ,
.
DNS-,
west.acmebw.com
east.acmebw.com
; , -
-, .
, ,
. D N S - west.acmebw.com

east.acmebw.com
. - DNS east.acmebw.com,
,
. D N S - east.acmebw.com
,
-.
,
D N S - , D N S - west.acmebw.com
,
D N S - east.acmebw.com
,
(- ).

.
:
,
.

.

,
B I N D 8 . 2 9 . 0 . zardoz.movie.edu
:
1
options {
forwarders { 192.249.249.1; 192.253.253.3; };
};
zone "movie.edu" {
type slave;
masters { 192.249.249.3; };
forwarders {};
};
, forwarders

. , zardoz.movie.edu

, movie.edu,

movie.edu ( , fx.movie.edu),

, options,

.
BIND 9
9.2.0 - .
zardoz.movie.edu
-
.
,
zone
named.conf:
type stub;
masters { 192.249.249.3; };
file "stub.192.249.249";
forwarders {};
};
type stub;
masters { 192.249.249.3; };
file "stub.192.253.253";
forwarders {};
};
type stub;
masters { 192.253.254.2; };
file "stub.192.253.254";
forwarders {};
};
type stub;
masters { 192.253.254.2; };
file "stub.192.254.20";
forwarders {};
};
zone: ,

- . , DNS-
NS-, DNS- .
forwarders

. ,
P T R -
2.254.253.192.in-addr.arpa, zardoz.movie.edu

zone
DNS-, , DNS-
BIND , 8.2 9.2.0.
,

,

.
,
.

, DNS-.
DNS- .
, .
? ,
D N S - ,
( )
, , .
DNS- ,
( 1 3 ) ,

. ,
D N S - .

DNS- ,
N S - .
,
, D N S - .
:
DNS-,
,
, .
DNS-
D N S -
,
,
DNS- .
, ,
DNS- .
,
DNS-.

.
-
. , movie.edu
:
movie.edu.
86400
IN
NS
toystory.movie.edu.
86400
IN
NS
wormhole.movie.edu.
86400
IN
NS
zardoz.movie.edu.
toystory.movie.edu.
86400
IN
192.249.249.3
wormhole.movie.edu.
86400
IN
192.249.249.1
86400
IN
192.253.253.1
86400
IN
192.249.249.9
86400
IN
192.253.253.9
zardoz.movie.edu.

e d u . , movie.edu
D N S - e d u ,
movie.edu .
, fx.movie.edu
movie.edu.
D N S - movie.edu
, DNS-
movie.edu,
,
, D N S - movie.edu,
( ) .
in-addr.arpa

in-addr.arpa,

:
86400
IN
NS
toystory.movie.edu.
86400
IN
NS
wormhole.movie.edu.
86400
IN
NS
zardoz.movie.edu.
86400
IN
NS
toystory.movie.edu.
86400
IN
NS
wormhole.movie.edu.
86400
IN
NS
zardoz.movie.edu.
86400
IN
NS
86400
IN
NS
86400
IN
NS
alien.fx.movie.edu.
86400
IN
NS
86400
IN
NS
86400
IN
NS
alien.fx.movie.edu.
,

254.253.
192.in-addr.arpa
,
fx.movie.edu.

fx.movie.edu ,
, movie.edu.
movie.edu

fx.movie.edu,

fx.movie.edu.

in-addr.arpa

, -
. ,
DNS-
S p e c i a l E f f e c t s , bladerunner.fx.movie.edu,
alien.fx.movie.edu,
D N S -
,
movie.edu.
db.root
SOA- NS-
DNS-:
$TTL 1d
IN
SOA
rainman.movie.edu.
hostmaster.movie.edu.
3h
1h
1w
1h ) ; TTL
IN
NS
rainman.movie.edu.
IN
NS
awakenings.movie.edu.
IN
192.249.249.254
awakenings.movie.edu. IN
rainman.movie.edu.
192.253.253.254
D N S -
rainman.movie.edu awakenings.movie.edu.

- - ,
.
db.root (
db.root) :
$TTL 1d
IN
SOA
rainman.movie.edu.
3h
1h
1w
1h ) ; TTL
IN
NS
rainman.movie.edu.
IN
NS
IN
192.249.249.254
awakenings.movie.edu. IN
rainman.movie.edu.
192.253.253.254
movie.edu.
IN
NS
toystory.movie.edu.
IN
NS
wormhole.movie.edu.
IN
NS
zardoz.movie.edu.
toystory.movie.edu.
IN
192.249.249.3
wormhole.movie.edu.
zardoz.movie.edu.
IN
192.249.249.1
IN
192.253.253.1
IN
192.249.249.9
IN
192.253.253.9
IN
NS
toystory.movie.edu.
IN
NS
wormhole.movie.edu.
IN
NS
zardoz.movie.edu.
IN
NS
toystory.movie.edu.
IN
NS
wormhole.movie.edu.
IN
NS
zardoz.movie.edu.
IN
NS
IN
NS
IN
NS
alien.fx.movie.edu.
IN
NS
IN
NS
IN
NS
alien.fx.movie.edu.
named.conf
rainman.movie.edu
:
awakenings.movie.edu
zone "." {
type master;
file "db.root";
};
zone hint - D N S -
,
, db.root.
, D N S -
? , - ,
, , , D N S - ,
.
,
D N S - , !
D N S - ( D N S - ,
- )

DNS-, DNS-
. , D N S -
, .
DNS-
DNS-, D N S , ,
. ,
( ) ,

:
;
; ,
; !
99999999
IN
NS
rainman.movie.edu.
99999999
IN
NS
rainman.movie.edu.
99999999
IN
192.249.249.254
99999999
IN
192.253.253.254
DNS-,
, movie.edu in-addr.arpa
,
.

DNS-
,
D N S - ,
DNS-.
D N S - movie.edu, gump.fx.movie.edu.

D N S - ,
DNS-.
DNS- ,

.
gump.fx.movie.edu.
D N S - movie.edu
toystory.movie.edu,
wormhole.movie.edu
zardoz.movie.edu.
DNS- ,
gump.fx.movie.edu
D N S - movie.edu. D N S - movie.edu
D N S -
fx.movie.edu.
DNS-
gump.fx.movie.edu
DNS-
fx.movie.edu
, , .
. ,
D N S - , ,
D N S - ,
toystory.movie.edu,

wormhole.movie.edu.

gump.fx.movie.edu
, , toystory.movie.edu.
toystory.movie.edu
DNS-
fx.movie.edu
D N S - -
. DNS-
fx.movie.edu,

, ,
( gump.fx.movie.edu)

DNS-
fx.movie.edu.

! ,
D N S - .
,
sendmail .
,
M X - . , , ,
,
postmanrings2x.movie.edu,
- ,
.
, db.root:
*
IN
MX
*.edu.
IN
MX
M X - *.edu * ,
1 7 .
, movie.edu

, movie.edu
edu. ,
edu, edu
movie.edu.
,
movie.edu,
,
, postmanrings2x.movie.edu
.
, , nic.ddn.mil,
MX-, :
% nslookup -type=mx nic.ddn.mil.
MX-
*
Server:
Address:
rainman.movie.edu
192.249.249.19
nic.ddn.mil
preference = 5, mail exchanger = postmanrings2x.movie.edu
,
MX-:
% nslookup -type=mx vangogh.cs.berkeley.edu. -
vangogh.cs.berkeley.edu,
MX-
*.edu
Server:
Address:
rainman.movie.edu
192.249.249.19
vangogh.cs.berkeley.edu
postmanrings2x.movie.edu,
- , postmanrings2x.movie.edu
M X - . postmanrings2x.movie.edu
,
,
, M X - ,
.
sendmail.

, D N S - ,
: ,
, -
, . ,
, uk,
- , ,
. ,
, ,
,
.

- , ,
.
,

.
db.root:
; holygrail.movie.ac.uk - -
;
*.uk.
IN
MX
10 holygrail.movie.ac.uk.
holygrail.movie.ac.uk.
IN
192.168.76.4
, uk
holygrail.movie.ac.uk,

- , , ,
.
DNS-
, :
D N S - .
-
. ,
.
, ,
D N S - D N S - -
. , , -
( p r o x y ) ,
.

.
, D N S - ,
.

,
.
,
.
,
I P - I P , . ,

.
, B I N D
.
,
.
,
,

, -
.

,
.

.
,
, ,
.

,
, -
. movie.edu,

movie.edu
(SOA-
NS-), -
(postmanrings2x.movie.edu),
D N S - ns.movie.edu

- www.movie.edu.
-
- 2 0 0 . 1 . 4 . 2 , D N S - - 2 0 0 . 1 . 4 . 3 , - 2 0 0 . 1 . 4 . 4 . movie.edu

:
$TTL 1d
@
IN
SOA
ns.movie.edu.
hostmaster.movie.edu. (
3h
1h
1w
1h ) ; TTL
IN
NS
ns.movie.edu.
IN
NS
ns1.isp.net.
; DNS- -
; movie.edu
IN
200.1.4.4
IN
MX
; , http://movie.edu
IN
MX
100 mail.isp.net.
www
IN
200.1.4.4
postmanrings2x
IN
200.1.4.2
IN
MX
IN
MX
100 mail.isp.net.
; postmanrings2x.movie.edu ,
ns
IN
200.1.4.3
IN
MX
IN
MX
100 mail.isp.net.
IN
IN
MX
MX
100 mail.isp.net.
ns.movie.edu
,
movie.edu
D N S -
. ,

, , ,
.
db.200.1.4,
IP ,
, :
$TTL 1d
@
IN
SOA
ns.movie.edu.

3h
1h
1w
1h )
TTL
IN
IN
NS
NS
ns.movie.edu.
ns1.isp.net.
IN
PTR
IN
PTR
ns.movie.edu.
IN
PTR
www.movie.edu.
, D N S - ,
D N S - ns.movie.edu.

movie.edu
,
,

.
-
-
. :
, -
. :
- ,
?

, -
, D N S - e d u ,
D N S - movie.edu,

. - ,
, ,
,
. ,
D N S - ,
, ,
-. ?
D N S - ,
,
-
, - DNS- -
D N S - .
,
- . -
D N S ,
D N S - ,
DNS- -
. DNS-
,
.
D N S -
, DNS- -
movie.edu

in-addr.ar
pa, .
, -
movie.edu,

( ) NS-
DNS- ( - ) . (
DNS- , DNS -
movie.edu.)

movie.edu,
D N S - N S - movie.edu
D N S - , movie.edu,

D N S - .

- movie.edu
( , fx.movie.edu),

(. 11.6).
DNS-
movie.edu
Illllllll
DNS-
movie.edu
DNS
~
DNS-
movie.edu
()
(
]
. 11.6.
named.conf
:
DNS-
movie.edu
DNS
options {
};
zone "movie.edu" {
type slave;
masters { 192.249.249.3; };
};
type slave;
masters { 192.249.249.3; };
file "bak.192.249.249";
};
type slave;
masters { 192.249.249.3; };
file "bak.192.253.253";
};
type slave;
masters { 192.253.254.2; };
file "bak.192.253.254";
};
type slave;
masters { 192.253.254.2; };
file "bak.192.254.20";
};
zone "." {
type hint;
file "db.cache";
};
-
, -
,
, .
allow-query
(
) . allow-query

.
options
named.conf:
options {
allow-query { 127/8; 192.249.249/24;
192.253.253/24;
192.253.254/24; 192.254.20/24; };
};
l o o p b a c k -
, -
D N S - !

,
, DNS- -.
, :

, B I N D 9 ) .
( ) B I N D cftroot-
.
use-id-pool
, named.conf
192.253.254/24;
192.253.253/24;
192.254.20/24;
};
options {
allow-query { "internal"; };
allow-transfer { none; };
};
zone "movie.edu" {
type slave;
masters { 192.249.249.3; };
};
type slave;
masters { 192.249.249.3; };
file "bak.192.249.249";
};
type slave;
masters { 192.249.249.3; };
file "bak.192.253.253";
acl "internal" {
127/8; 192.249.249/24;
( B I N D 8.2
type slave;
masters { 192.253.254.2; };
file "bak.192.253.254";
};
type slave;
masters { 192.253.254.2; };
file "bak.192.254.20";
};
zone "." {
type hint;
file "db.cache";
};
-
- D N S - B I N D 9,

movie.edu
,
.
D N S - ns.movie.edu.

D N S -

movie.edu.
1 0 :
options {
};
acl "internal" {
127/8; 192.249.249/24;
192.253.253/24; 192.253.254/24;
};
view "internal" {
recursion yes;
zone "movie.edu" {
type slave;
masters { 192.249.249.3; };
};
type slave;
masters { 192.249.249.3; };
file "bak.192.249.249";
192.254.20/24;
};
type slave;
masters { 192.249.249.3; };
file "bak.192.253.253";
};
type slave;
masters { 192.253.254.2; };
file "bak.192.253.254";
};
type slave;
masters { 192.253.254.2; };
file "bak.192.254.20";
};
zone "." {
type hint;
file "db.cache";
};
};
acl "ns1.isp.net" { 199.11.28.12; };
view "external" {
recursion no;
zone "movie.edu" {
type master;
file "db.movie.edu.external";
allow-transfer { "ns1.isp.net"; };
};
type master;
file "db.200.1.4";
allow-transfer { "ns1.isp.net"; };
};
zone "." {
type hint;
file "db.cache";
};
};
,
movie.edu:
D N S - movie.edu,
db.movie.edu.external.
, ,
, ,
.
DNS
( T S I G ) , ,

DNS- ,
. ,
DNS- : ,
, DNS-,
TSIG-. , TSIG
,
DNS-. TSIG
DNS-
D N S - ,
.
,
, -

. D N S ,
R F C 2 5 3 5 , 4 0 3 4 4 0 3 5 ,

,
.
DNS
, RFC 4033, 4034,
4035.
DNSSEC,
, RFC 2065
. DNSEXT
IETF DNSSEC,
,
.
, , BIND 8
DNSSEC BIND 8 . 2 ,

BIND 9 , ,
9.3.0.
BIND 9.3.2. DNSSEC,
.
1
, BIND 8 .
SIG- ,
trusted-keys.

.
, . -
- .
,
(
) :
- . ( , R S A ,
,
.)

.
( , ),
. ,
, ,
. ( ,
- . )
, .
,
. ,
,
.
- ,
, .
,
( ,
) ,
. .
, - ,
.

( )
.
- .
-,
. - ,

,
,
.
, -

- . - ,
. -
,
.

. 11.7.
< 1 ^ (

few few
^^
-I
!
I
( J ^ - \_>
- 1
/
/ -
\
[J
____^_
- 2
- 11
. 11.7.
? - 21
DNSKEY
D N S
.
- DNS-.
RR- ,
. D N S K E Y .
K E Y
,
, D N S S E C .
DNSSEC
D N S K E Y .
D N S K E Y :
movie.edu. IN DNSKEY 257 3 5 AQPWA4BRyjB3eqYNy/oykeGcSXjl+HQK9CciAxJfMcS
1vEuwz9c+QG7s EJnQuH5B9i5o/ja+DVitY3jpXNa12mEn
,
. ,
2 5 7 .
:
0
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+--- +
|
|ZK |
|SEP|
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+--- +
( 0 6 ) 8 1 4
0.
:
0
D N S .
.
1
DNS.
DNSKEY.
(15) SEP (Secure
Entry Point, ),
R F C 3 7 5 7 .
.
D N S K E Y (
) , D N S K E Y - movie.edu.
,
3, .

D N S S E C , K E Y
. D N S S E C D N S K E Y
D N S ,
3, D N S S E C .
() D N S K E Y - ,
5, .
D N S S E C

, ,
. :
0
.
1
R S A / M D 5 . R S A / M D 5

MD5.
2
Diffie-Hellman. -
, D N S SEC.
3
D S A / S H A - 1 . D S A / S H A - 1 (
) .
4
.
5
R S A / S H A - 1 . R S A / S H A - 1 .
253-254

R F C 4 0 3 4 .
255
.
, R S A / S H A - 1 .
DNSKEY-
Base 6 4 . D N S S E C ,

movie.edu.
, (
) ,

,
D N S K E Y .
RRSIG
D N S K E Y ,

? , RRSIG. RRSIG
RRset. R R s e t - R R - ,
; , wormhole.movie.edu
RRset. MX-
movie.edu.
( R R s e t ) , ?
.
wormhole.movie.edu;
DNS-
. ,
?
RRSIG-
wormhole.movie.edu.
86400
RRSIG
wormhole.movie.edu:
A 5 3 86400 20060219233605 (
20060120233605 3674 movie.edu.
ZZP9AV28r824SZJqyIT+3WKkMQgcu1YTuFzp
LgU3EN4USgpJhLZbYBqTHL77mipET5aJr8Od
RxZvfFHHYV6UGw== )
- wormhole.movie.edu,

, .

( A ) . ,
wormhole.movie.edu
;
.
wormhole.movie.edu
RRSIG-.
, 5,
.
,
D N S K E Y , 5
R S A / S H A - 1 . R S A / S H A - 1
, , R S A / S H A - 1 .
, R S A / S H A - 1
D S A , RRset-
R R S I G - , 5 ( R S A / M D 5 ) ,
3 ( D S A ) .
1
.

.
wormhole.movie.edu, , , 3.

,
, DSA,
, , R S A / S H A - 1 ,
RSA/SHA-1.
R R S I G - ? RRSIG-
.
.

TTL R R s e t . (,
.) TTL , DNS-
, RRset-,
R R S I G - , T T L
. TTL,
-
.

.
, U N I X , 1
1 9 7 0 , R R S I G -
Y Y Y Y M M D D H H M M S S . (
R R S I G - 1 1 : 3 6 19
2 0 0 6 . )
, .
.
, R R S I G -
RRset-. :
,
, . :
, .
() R R S I G - ,
3 6 7 4 , - . -
, ,
, .
( , , ) ,
DNSSEC
, ,
.
movie.edu
- .

, ,
.
D N S K E Y - ,
. ,
.
- .

R R S I G - , . D N S K E Y , Base 6 4 .
NSEC
DNSSEC - NSEC.
.
,
? , D N S -
n o s u c h d o m a i n n a m e (
) . ?
, .
, ,
.
NSEC- .

, ,
, - ( n e x t secure ).

,
? , .
,
,
. .
, () ,
, - ( , movie.edu 0.movie.edu).
,
movie.edu :
movie.edu
carrie.movie.edu
cujo.movie.edu
fx.movie.edu
horror.movie.edu
localhost.fx.movie.edu
mi.fx.movie.edu
misery.movie.edu
monsters-inc.movie.edu
shining.movie.edu
shrek.movie.edu
toys.movie.edu
toystory.movie.edu
wh.movie.edu
wh249.movie.edu
wh253.movie.edu
wormhole.movie.edu
: movie.edu
carrie.movie.edu,
fx.movie.edu

, NSEC
. N S E C - ( , ) movie.edu:
movie.edu.
NSEC
carne.movie.edu.
NS SOA MX RRSIG NSEC DNSKEY
, movie.edu
- carrie.movie.edu,

.
, movie.edu
NS-, SOA-,
MX-, RRSIG-, NSEC- DNSKEY-.
NSEC- .
, N S E C -
:
wormhole.movie.edu.
NSEC
movie.edu.
A RRSIG NSEC
, , wormhole.movie.edu
, ,
movie.edu,
.
.
NSEC-
?
www.movie.edu,
N S E C - wormhole.movie.edu,
, www.movie.edu
,

wormhole.movie.edu.
, T X T - movie.edu,
NSEC-,
,
, movie.edu
T X T - ,
NS, SOA, M X , R R S I G , NSEC D N S K E Y .
R R S I G - N S E C -
,
.
, NSEC- ,
. ,
, ,
,
.

( - - , ,
NSEC-...) - BIND ,
NSEC- RRSIG-.
,
NSEC- . , ,
NSEC-, ,
, ,
. , ,
.
: , .
DS
DNSSEC, , . ( ,
!)
RRset-
R R S I G - .
R R S I G - , ,
KEY-. ,
D N S - - .
? ,

, DNSKEY-.
,
.
, movie.edu D N S K E Y -
, , -
. ,
, , ,
,
movie.edu.

edu. ,
edu
,
movie.edu.

, edu D S - .
:
1
movie.edu.
86400
DS
15480 5 1 (
F340F3A05DB4D081B6D3D749F300636DCE3D
6C17 )
86400
RRSIG
DS 5 2 86400 20060219234934 (
20060120234934 23912 edu.
Nw4xLOhtFoP0cE6ECIC8GgpJKtGWstzk0uH6
nd2cz28/24j4kz1Ahznr/+g5oU3AADyv86EK
CnWZtyOeqnfriMZ3UW0yyPcF3wy73tYLQ/Kj N
se
DNSKEY.
gPm1VPQA/Sl3smauJsFW7/YPaoQuxcnREPWf
YWInWvWx12IiPKfkVU3F0EbosBA= )
DS delegation
signer.
D S -
,
movie.edu.
,
R R S I G , D N S K E Y - ,
. - ,
DNSKEY RRSIG, DNSKEY- ,
. ,

,
,
.
- 1; S H A - 1 .
DNSKEY-
movie.edu,
20
.
1
DS R R S I G , ,
edu D S - movie.edu

.
D N S - , e d u ,
, movie.edu,

D N S K E Y movie.edu R R S I G - ,
DS-.
RRSIG- , DNS- DNSKEY- , movie.edu,
,
, DS. D N S K E Y , D N S -
, DS-.
, , DNSKEY- , DNS R R S I G - ,
R R s e t - D N S K E Y R R s e t - ,
.
- DNS- edu? D N S
K E Y - edu D S - ,

. ? ,
(, , ,
, ?),
BIND SHA-256,
S H A - 1 .
D N S - , DNSSEC.
1
D N S , D N S S E C .
, edu ,
.
DNSSEC
.

, D N S S E C
, .
movie.edu,
edu
D N S K E Y - ,
. D N S -
? ,
DNS-
?
DNS- BIND 9 ,
named.conf
,
. trusted-keys.

trusted-keys
movie.edu:
trusted-keys {
movie.edu. 257 3 5
+QG7s
"AQPWA4BRyjB3eqYNy/oykeGcSXjl+HQK9CciAxJfMcS1vEuwz9c
EJnQuH5B9i5o/ja+DVitY3jpXNa12mEn";
};
, D N S K E Y .
- .
, . movie.edu
, DSA,
:
trusted-keys {
movie.edu. 257 3 5
+QG7s
"AQPWA4BRyjB3eqYNy/oykeGcSXjl+HQK9CciAxJfMcS1vEuwz9c
EJnQuH5B9i5o/ja+DVitY3jpXNa12mEn";
movie.edu. 257 3 3 "AMnD8GXACuJ5GVnfCJWmRydg2A6JptSm6tjH7QoL81SfBY/kcz1N

beHh z4l9AT1GG2kAZjGLjH07BZHY+joz6iYMPRCDaPOIt9LO+SRfBNZg62P4 aSPT5zVQPahD
IMZmTIvvO7FV6IaTV+cQiKQl6noro8uTk4asCADrAHw0 iVjzjaYpoFF5AsB0cJU18fzDiCNB
Ub0VqE1mKFuRA/K1KyxM2vJ3U7IS to0IgACiCfHkYK5r3qFbMvF1GrjyVwfwCC4NcMsqEXI
, - ,
. ,
. , . :
. ,
, ? : -
!
T8IEI/YYIgFt4 Ennh";
};
trusted-keys
DNS- BIND 9

movie.edu.
DNS-
fx.movie.edu,
D N S K E Y -
DS- RRSIG-
movie.edu.
, movie.edu

,
D N S -
.

DS- ,

D N S K E Y - . ?
D S -
. , R R S I G - .
N S - , ,
N S E C - , N S E C -
RRSIG-.
,
N S E C R R S I G ,
.

D N S - ,
.
, .
DO, AD CD
DNSSEC- , .
UDP- DNS
512 . RRSIG-
.
, D N S S E C
E D N S 0 , 1 0 . E D N S 0
U D P - DNS 4096 .
D N S S E C E D N S 0 - D O (DNSSEC
OK),
, DNSSEC
, .
D O D N S -
D N S S E C ,
DNSSEC.
D N S S E C : A D C D .
- D N S - ; ,
.
1
A D A u t h e n t i c a t e d D a t a ,
.

DNS-, DNSSEC,
, DNSSEC-,
. DNS- ,
, A D .
A D D N S - ,
D N S S E C , D N S S E C
DNS-, . DNS A D ,
DNS- , IPSEC
TSIG.
CD, , DNS- ,
DNSSEC-
. C D C h e c k i n g D i s a b l e d , ,

D N S - , D N S S E C ,
.

, D N S - ,
D N S S E C , movie.edu.
,
,
wormhole.movie.edu. dig , D O

nslookup.
1
, DNS- .
% dig +dnssec +norec wormhole.movie.edu.
; <<>> DiG 9.3.2 <<>> +dnssec +norec wormhole.movie.edu.
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, i d : 32579
;; f l a g s : qr aa ra; QUERY: 1, ANSWER: 3 , AUTHORITY: 4 , ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0 , flags: do; u d p : 4096
;wormhole.movie.edu. IN A
, :
, A D CD
.
;; ANSWER SECTION:
wormhole.movie.edu.
86400
IN
192.253.253.1
wormhole.movie.edu.
86400
IN
192.249.249.1
wormhole.movie.edu.
86400
IN
RRSIG A 5 3 86400 20060219233605
20060120233605 3674 movie.edu.

ZZP9AV28r824SZJqyIT+3WKkMQgcu1YTuFzpLgU3EN4USgpJhLZbYBqT
HL77mipET5aJr8OdRxZvfFHHYV6UGw==
AUTHORITY SECTION:
movie.edu.
86400
IN
NS
movie.edu.
86400
IN
NS
wormhole.movie.edu.
movie.edu.
86400
IN
NS
toystory.movie.edu.
movie.edu.
86400
IN
RRSIG
NS 5 2 86400 20060219233605
20060120233605 3674 movie.edu. bwiM/R56VVV0pH rzIERVADLat7BoTR+eeFuCfgYc/

GMXecdTxnUahLig
RKsbNSsY+Uz8RVkcewFSiExExFoqwA==
;; ADDITIONAL SECTION:
toystory.movie.edu. 86400 IN A 192.249.249.3
toystory.movie.edu. 86400 IN RRSIG A 5 3 86400 20060219233605
20060120233605 3674 movie.edu.
2i7FPAkfnVyWMyTwG
hlz+W41UlcfIaCMdzoKVAuTP]nyqZhxY3TKOOm/
iBns7Z1ws6QV]7+ZedDFx7xs+V0Iyw==

SERVER:
127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jan 20 16:52:54 2006

;; MSG SIZE rcvd: 474
,
+dnssec.
D O ,
DNS-, DNSSEC- .
, dig D O : ,
; EDNS:. ,
DO U D P - 4096 .
, RRSIG-:
,

.
RRSIG-, DNS-
D N S K E Y - movie.edu.
,
, D N S - ,

trusted-keys
movie.edu.

: DNS- edu,
D S - movie.edu
R R S I G - ,
, , DNS-,
edu.
DNSSEC
dig , : D N S S E C
D N S ;
D N S - ,
;
DNS-,
, ;
( ). :
, .
,
.
named,
.
, DNSSEC ,
B I N D 8 .
DNSSEC
B I N D 9,
. ,
, DNS-
. D N S -
, ,
,
.

,
:
(zone-signing
keys, Z S K )
(keysigning
keys, K S K ) .
( , )

D N S K E Y .
D N S K E Y ,
DNSKEY-.
SEP D N S K E Y ( D N S ) ,
D N S K E Y -
. , ,
.
? ,
,
, - .

. :
.
, ,
. ,
.
D N S K E Y ,
DS ,
.

,
. ,
, ,
-
( R R S I G - R R s e t DNSSEC).

, ,
.
movie.edu.
, BIND 9.3.2,
DNSSEC.

, - K S K -
movie.edu:
# cd /var/named
# dnssec-keygen -f KSK -a RSASHA1 -b 512 -n ZONE movie.edu.
Kmovie.edu.+005+15480
Z S K - (
, Z S K - ) :
# dnssec-keygen -a RSASHA1 -b 512 -n ZONE movie.edu.
dnssec-keygen
DNS- . :
,
. , ,
DNSKEY RRSIG.
- 1024 .
D N S S E C ,
DNS-.
-f KSK S E P
D N S K E Y . ,
.

TSIG ( ) :
dnssec-keygen
-a
, R S A / S H A - 1 .
D S A , R S A / S H A - 1
.
-b
. R S A / S H A - 1
5 1 2 4 0 9 6 . D S A - 5 1 2 1 0 2 4 ,
6 4 .
-n
. DNSSEC .
-
, movie.edu.
dnssec-keygen

, .
TSIG, (005 15494)
DNSSEC, D N S K E Y -
( 0 0 5 R S A / S H A - 1 ) , ,
, .
^
(,
Kmovie.edu.+005+15480.key).
.private
( , Kmovie.edu.+005+15480.private).
,
, ,
, . dnssec-keygen
, .private
, .

,
:
# cat "$INCLUDE Kmovie.edu.+005+15480.key" >> db.movie.edu
# cat "$INCLUDE Kmovie.edu.+005+03674.key" >> db.movie.edu

# dnssec-signzone -o movie.edu. db.movie.edu
db.movie.edu.signed
dnssec-signzone:
DNSKEY

- o , dnssec-signzone
named.conf,
, .
, ,
.
dnssec-signzone
S E P D N S S E C
. ZSK,
DNSKEY - ZSK KSK.
dnssec-signzone
db-movie.edu.signed,
; File written on Fri Jan 20 16:36:05 2006

; dnssec_signzone version 9.3.2
movie.edu.
86400
IN
SOA
toystory.movie.edu. al.movie.edu. (
2006011700 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)
86400
RRSIG
SOA 5 2 86400 20060219233605 (

20060120233605 3674 movie.edu.
joujDnvBovW1ri+GJ2ZEhvmXQTGqVL4cZBCHM
ByFitPRLINe/dKj8VCZg87ZUHQ/eAZSSGDuw
XVIlT46ByG5AOg== )
86400
NS
86400
NS
wormhole.movie.edu.
86400
NS
toystory.movie.edu.
86400
RRSIG
NS 5 2 86400 20060219233605 (
20060120233605 3674 movie.edu.
bwiM/R56VVV0pHrzIERVADLat7BoTR+eeFuC
fgYc/GMXecdTxnUahLigRKsbNSsY+Uz8RVkc
ewFSiExExFoqwA== )
86400
MX
86400
RRSIG
MX 5 2 86400 20060219233605 (
20060120233605 3674 movie.edu.
rm7R0Ib451iK49+bRhch4pIP11F4xZMWtqll
8rQ9tKIOg+jTunNXxix5XnyVKoMQwoa8C5Tu
ZFeDcbHN0UB5ow== )
3600
NSEC
3600
RRSIG
misery.movie.edu. NS SOA MX RRSIG NSEC DNSKEY

NSEC 5 2 3600 20060219233605 (
20060120233605 3674 movie.edu.
V4ipZI5SHGdFNOVEFn43gsRdYffUH6COrPxn
RNfUMv6gfgwkythXXr5rx0NTOSfa+Dp4CZrC
qwn+CLryUN8vZg== )
86400
DNSKEY
256 3 5 (
AQO/T4DRCAbi1diCB+UT4fDOeCvsa+1NKkO8
UJMF5TlfRvokChybhHaDG5U98xw4XgA01/4R
gSlAcSDvhQeKu9n9
) ; key id = 3674
86400
DNSKEY
257 3 5 (
AQPWA4BRyjB3eqYNy/oykeGcSXjl+HQK9Cci
AxJfMcS1vEuwz9c+QG7sEJnQuH5B9i5o/]a+
DVitY3]pXNa12mEn
) ; key id = 15480
86400
RRSIG
DNSKEY 5 2 86400 20060219233605 (

20060120233605 3674 movie.edu.
b35F2azzAY6QDghak0RqJzPacmAhcsw3lDoA
zKCFPQRnqVpwl4l7tAgKw2T1Cy9GPmdHMTBx
fo0DB2smQQJjog== )
86400
RRSIG
DNSKEY 5 2 86400 20060219233605 (

20060120233605 15480 movie.edu.
J267HbxKdzGq6iIKywZT6xOFQY7Ev1JWYWEc
PKRyZLY2WQ9S3ro0rIUGJRIhHS5oBtzN1g0K
3DL2edi1Hgy+0A== )
, ,
movie.edu.

. !
, DNS- D N S
S E C zone named.conf,
:
1
options {
dnssec-enable yes;
};
zone "movie.edu" {
type master;
file "db.movie.edu.signed";
};

dnssec-signzone,
-s,
syslog.
-e

, R R S I G - .
30
.
,
, DNS -with-openssl=yes.

configure
( . C) .
. -s ,
-e - .
-i
(
) . B I N D 9 . 1 . 0
-c.
-f
,
.
.signed.
-k
, .
,
DNSKEY- SEP.

, .
dnssec-signzone

, .
, ,
,
.
,
, , ,
. ,
dnssec-signzone
:
# dnssec-signzone -o movie.edu -f db.movie.edu.signed.new
# mv db.movie.edu.signed
db.movie.edu.signed
db.movie.edu.signed.bak
# mv db.movie.edu.signed.new
db.movie.edu.signed
# rndc reload movie.edu
:
NSEC-, ,
,
. dnssec-signzone
,
7,5 (
) .
,
dnssec-signzone

.
-i ( -c).

K S K
. dnssec-signzone
. keyset-movie.edu

D N S K E Y - .
:
$ORIGIN .
movie.edu
3600
IN DNSKEY 257 3 5 (
AQPWA4BRyjB3eqYNy/oykeGcSXjl+HQK9Cci
AxJfMcS1vEuwz9c+QG7sEJnQuH5B9i5o/ja+
DVitY3jpXNa12mEn
) ; key id = 15480
, dnssec-signzone
DS-,
edu e d u ;
dsset-movie.edu.
dsset:
1
movie.edu.
IN DS 15480 5 1 F340F3A05DB4D081B6D3D749F300636DCE3D6C17
, keyset
.
,
edu .
edu :
2
movie.edu.
86400
IN NS
86400
IN NS
wormhole.movie.edu.
86400
IN NS
toystory.movie.edu.
86400
DS
15480 5 1 (
F340F3A05DB4D081B6D3D749F300636DCE3D
6C17 )
86400
RRSIG
DS 5 2 86400 20060219234934 (
20060120234934 23912 edu.
Nw4xLOhtFoP0cE6ECIC8GgpJKtGWstzk0uH6
nd2cz28/24j4kz1Ahznr/+g5oU3AADyv86EK
CnWZtyOeqnfriMZ3UW0yyPcF3wy73tYLQ/Kj N
gPm1VPQA/Sl3smauJsFW7/YPaoQuxcnREPWf
YWInWvWx12IiPKfkVU3F0EbosBA= )
86400
NSEC
edu. NS DS RRSIG NSEC
86400
RRSIG
NSEC 5 2 86400 20060219234934 (

20060120234934 23912 edu.
LpOmh/SZMonQUBUil5MYfIrxld5g6pVeyTxl
deDvJ7OIMdI+X0vXmRI3RgmKaRJKYBr4BcNO
jrNU8fQo5Ox5WvEeKn1St1NvdB62/Nqjfz6F
,
- keyset
DS, dsset. DS-
DNSKEY-, ,
keyset.
,
, . ,
.
I+LNXe6diq1uDZZUB3hx5PF+Flp28D75KHnZ
5YE9+vVJryOHHsGawklSrUAJAUg= )
, R R S I G - D S - .
, edu D S - , ,
DNSKEY- KSK.
D N S K E Y - ,
. DNS-
, trusted-keys
movie.edu,

.

,
, - . ,
dnssec-signzone,

. , ,
. ,
fx.movie.edu
,
movie.edu:
fx.movie.edu.
86400
IN NS
alien.fx.movie.edu.
86400
IN NS
86400
IN NS
3600
NSEC
misery.movie.edu. NS RRSIG NSEC
3600
RRSIG
NSEC 5 3 3600 20060220215231 (

20060121215231 3674 movie.edu.
maFMyIVEdjg5BUTKMUyCZvBu6Z rt rQwJyJRo
9A9PDO3bTpWcpCAp4Q0cQ5FwQcveIq15LMit
CWyOwN745dJ86Q== )
alien.fx.movie.edu.
86400
IN A
192.254.20.3
bladerunner.fx.movie.edu. 86400 IN A
192.253.254.2
192.253.254.3
86400
IN A
N S E C fx.movie.edu:

, N S E C - , N S -
A - .
NSEC.
fx.movie.edu
,
keyset dsset
(-
) - ,
e d u . (keyset)
, movie.edu, -g,
dnssec-signzone
D S - fx.movie.edu
. DS-
dsset movie.edu.

:
fx.movie.edu.
86400
IN NS
alien.fx.movie.edu.
86400
IN NS
outland.fx.movie. edu.
86400
IN NS
86400
DS
2847 5 1 (
F495606120C4927FB4BEB04D0C354BBE5ED8
CA31 )
86400
RRSIG
DS 5 3 86400 20060220230640
20060121230640 3674 movie.edu.

OuZCLrqLZlaEgePAxzhUCneV6FyOq6hQwRWF
4bsHPrvIrLMIuftxfB8M3mmgkKlpOlJIJFvH
Qc4RUfYOGkMkdg== )
3600
NSEC
misery.movie.edu. NS DS RRSIG NSEC
3600
RRSIG
NSEC 5 3 3600 20060220230640
20060121230640 3674 movie.edu.

TUTCnZFvr0YqCD7H0OMTxRs3kAb5OkR74YP3
ZxaBN9S0XxokkeUwHIlWq4JxFJ rlZJjMaamp
uKf+WSgdF+v3iA== )
, NS-
( ) ,
DS .
DNSSEC
dnssec-signzone

. DNS- BIND 9
. !
1

D N S - ( . p r i v a t e -
) , D N S - B I N D 9 ,
.
D N S - ( )
NSEC-.
.
,
movie.edu:
% dig +dnssec perfectstorm.movie.edu.
; <<>> DiG 9.3.2 <<>> +dnssec perfectstorm.movie.edu.
; (1 server found)
;; Got answer:
->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47491
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 1
; EDNS: version: 0, flags: do; udp: 4096
DNSSEC, BIND 8.
; ; QUESTION SECTION:
;perfectstorm.movie.edu.
IN
; ; AUTHORITY SECTION:
movie.edu.
3600 IN SOA toystory.movie.edu. al.movie.edu.
2006011700 10800 3600 604800 3600

movie.edu.
3600 IN RRSIG SOA 5 2 86400 20060219233605
20060120233605 3674 movie.edu.

joujDnvBovW1ri+GJ2ZEhvmXQTGqVL4cZBCHMByFitPRLINe/
dK]8VCZg
87ZUHQ/eAZSSGDuwXVIlT46ByG5AOg==
movie.edu.
3600 IN NSEC misery.movie.edu. NS SOA MX RRSIG
NSEC DNSKEY
movie.edu.
3600 IN RRSIG NSEC 5 2 3600 20060219233605
20060120233605 3674 movie.edu.
V4ipZI5SHGdFNOVEFn43gsRdYffUH6COrPxnRNfUMv6gfgwkythXXr5r
x0NTOSfa+Dp4CZrCqwn+CLryUN8vZg==
misery.movie.edu.
3600 IN NSEC monsters-inc.movie.edu. A RRSIG NSEC
misery.movie.edu.
3600 IN RRSIG NSEC 5 3 3600 20060219233605
20060120233605 3674 movie.edu. AFTF8DBjDtIzM/QkEajY4lUkbuEyDM5yt/

Kpe++Jrp1K1kArUSdGPuxj
xDZUXujbRzPY6JoAOgBO4bU8UDx2tA==
Query time: 16 msec

SERVER:
127.0.0.1#53(127.0.0.1)
WHEN: Fri Jan 20 17:02:51 2006

N S E C - misery.movie.edu,

, . nsupdate

perfectstorm.movie.edu:
% nsupdate
> update add perfectstorm.movie.edu. 3600 IN A 192.249.249.91
> send
perfectstorm.movie.edu:
% dig +dnssec perfectstorm.movie.edu.

; <<>> DiG 9.3.2 <<>> +dnssec perfectstorm.movie.edu.
; (1 server found)
;; Got answer:
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3 , AUTHORITY: 4 , ADDITIONAL: 6
; EDNS: version: 0 , flags: do; udp: 4096
;perfectstorm.movie.edu. IN A
;; ANSWER SECTION:
perfectstorm.movie.edu. 3600 IN A 192.249.249.91
perfectstorm.movie.edu. 3600 IN RRSIG A 5 3 3600 20060220010558

20060121000558 3674 movie.edu.
Fdp9EwdP6ze2siolli7wtYRgZdts+A+HTt5g8uqsgBavMml3TKFe+ba3
ppXvFosGHD7j3i6r1rfYUBF+aupEnQ==
perfectstorm.movie.edu. 3600 IN RRSIG A 5 3 3600 20060220010558
20060121000558 15480 movie.edu.
o46m/V762W90HqZ1R5mCTFSBYag]CqgpuIwflg/
06QvX9Ce67WSoHD3/ YjSh5oag5eSmAAn2iozZYVCLSoIzjA==
movie.edu.
86400 IN NS outland.fx.movie.edu.
movie.edu.
86400 IN NS wormhole.movie.edu.
movie.edu.
86400 IN NS toystory.movie.edu.
movie.edu.
86400 IN RRSIG NS 5 2 86400 20060219233605
20060120233605 3674 movie.edu. bwiM/R56VVV0pH rzIERVADLat7BoTR+eeFuCfgYc/

GMXecdTxnUahLig
RKsbNSsY+Uz8RVkcewFSiExExFoqwA==
wormhole.movie.edu.
86400 IN A 192.253.253.1
wormhole.movie.edu.
86400 IN A 192.249.249.1
toystory.movie.edu.
86400 IN A 192.249.249.3
wormhole.movie.edu.
86400 IN RRSIG A 5 3 86400 20060219233605
20060120233605 3674 movie.edu.

ZZP9AV28r824SZJqyIT+3WKkMQgcu1YTuFzpLgU3EN4USgpJhLZbYBqT
HL77mipET5aJr8OdRxZvfFHHYV6UGw==
toystory.movie.edu.
86400 IN RRSIG A 5 3 86400 20060219233605
20060120233605 3674 movie.edu.

2i7FPAkfnVyWMyTwG
hlz+W41UlcfIaCMdzoKVAuTP]nyqZhxY3TKOOm/
iBns7Z1ws6QVj7+ZedDFx7xs+V0Iyw==
Query time: 18 msec

SERVER:
127.0.0.1#53(127.0.0.1)
WHEN: Fri Jan 20 17:06:22 2006

MSG SIZE rcvd: 713

R R S I G - , Z S K - movie.edu.
30 ,
sig-validity-interval,
:
options {
sig-validity-interval 7;
// RRSIG-
//
};
K S K - . BIND.
BIND 9.1.0 sig-validity-interval
, .

, ,
, .
perfectstorm2.movie.edu

, ) ,
1
:
% dig +dnssec perfectstorm2.movie.edu.
; <<>> DiG 9.3.2 <<>> +dnssec perfectstorm2.movie.edu.
; (1 server found)
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8402
;; flags: qr aa rd ra; QUERY: 1 , ANSWER: 0 , AUTHORITY: 8 , ADDITIONAL: 1
; EDNS: version: 0 , flags: do; udp: 4096
;perfectstorm2.movie.edu.
IN A
movie.edu.
3600 IN SOA toystory.movie.edu. al.movie.edu.
2006011701 10800 3600 604800 3600

movie.edu.
3600 IN RRSIG SOA 5 2 86400 20060220010558
20060121000558 3674 movie.edu.

vwiC+zBzw8VFmrmFnARkNPLLmYEbSJRCiCsqjnvwVc5CMSzXu6kBkatN
bWE9Iqd//
brLiOA3E9G02BM3j+5Wkg==
movie.edu.
3600 IN RRSIG SOA 5 2 86400 20060220010558
20060121000558 15480 movie.edu.

HVlniwE8N8Fy+IdRSmTLw3XTVyLae0eOr26C5MAkzNoMr3OzRrDfbZUm
4+N1a6gC9P+EMzUYM1yflVQFs3Cehg==
movie.edu.
3600 IN NSEC misery.movie.edu. NS SOA MX RRSIG
NSEC DNSKEY
movie.edu.
3600 IN RRSIG NSEC 5 2 3600 20060219233605
20060120233605 3674 movie.edu.

V4ipZI5SHGdFNOVEFn43gsRdYffUH6COrPxnRNfUMv6gfgwkythXXr5r
x0NTOSfa+Dp4CZrCqwn+CLryUN8vZg==
perfectstorm.movie.edu.
3600 IN NSEC shining.movie.edu. A RRSIG NSEC
3600 IN RRSIG NSEC 5 3 3600 20060220010558
20060121000558 3674 movie.edu. EC/HwFtyrDtcf27QYvnSrJTypnAg3LsimFH+lTO/VbB/
dD7Wzj0am1Yy
+/SF3u6nrJ1nV2hZBgSqmYB9plpM3Q==
3600 IN RRSIG NSEC 5 3 3600 20060220010558
20060121000558 15480 movie.edu.

H2XwAMRYkxsv721q0fOQk7g7j1SPPurKNGBDqlEDpeLnRkde8NHtlFOx
VbqWDsWzq15sxoV4NRZyK14cQcbG7Q==

. ,
. -
..
Query time: 14 msec

SERVER:
127.0.0.1#53(127.0.0.1)
WHEN: Fri Jan 20 17:15:58 2006

NSEC-:
perfectstorm.movie.edu,
perfectstorm.movie.edu
.
!
, ,
, .
( , TSIG)
,
.
,
,
NSEC- ,
, ( R R S I G ). , DNS-
.

,
, ,
,
, - - .

.
, ,
, :
, .
.

,
.
, .
movie.edu
,
Z S K - . ,
. ,
.
, .
, DNS-, ,
D N S K E Y - -
.
:
1. T T L ,
RRSIG-, ZSK , ZSK.
2. D N S K E Y - .
3.
,
D N S K E Y .
4. , ,
, D N S K E Y -
.
. :
# dnssec-keygen -a RSA -b 512 -n ZONE movie.edu.
DNSKEY- :
# cat Kmovie.edu.+005+15494.key >> db.movie.edu.signed
dnssec-signzone
KSK:
# dnssec-signzone -o movie.edu -k Kmovie.edu.+005+15480
db.movie.edu.signed
Kmovie.edu.+005.15494
Z S K -
R R S I G - , Z S K - ,
, R R S I G -
. :
; File written on Tue Feb 21 02:41:09 2006
; dnssec_signzone version 9.3.2
movie.edu.
86400
IN
SOA toystory.movie.edu. al.movie.edu. (

2006022100 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
86400
RRSIG
SOA 5 2 86400 20060220210704 (

20060121210704 3674 movie.edu.
otYTiIHqJ4K0c6M5JZ9uC8q7AvXO1Gjp5FXJ
5SRO+UL/ilAZXGSfJSCJrUDetb7R0H27NqHe
yKujxcec69FoLw== )
86400
RRSIG
SOA 5 2 86400 20060320094111

20060221094111
15494 movie.edu.
zD/IGbzgO3sB5sPvYbb3vLmvULRQ05fV21Yz
DO8gq2E+v575ag469h+J2Dzs6XheMxShmIpk
YwjYxgMLcc1SjA== )
D N S K E Y - , (
SOA-)
, - 15494. RRSIG-,
3 6 7 4 , , - ,
.
R R S I G - , S O A : R R S I G -
3 6 7 4 ,
.
RRSIG , DNSK E Y - (
)
ZSK KSK:
# dnssec-signzone -o movie.edu db.movie.edu.signed
# mv db.movie.edu.signed.signed
db.movie.edu.signed
, RRSIG- DNS
KEY- KSK.
K S K - ,
:
1. T T L ,
RRSIG-, DNSKEY-, ZSK.
2. D N S K E Y - .
3. D N S K E Y -
K S K ( -k
dnssecsignzone).
4. K S K -
.
5. D S -
, K S K -
.
, , ,
,
.
?
, DNSSEC , ,
. ( ,
. ) :
D N S .

, ,
, .
, D N S S E C
, ,
.
- ,
.
12
nslookup dig
- ? - ,
. - -
, .
- , ...
- , -
-. - ?
- - ? -
.
- , , -
-
.
, DNS- , ,
D N S - , .
nslookup,

B I N D .
, , nslookup -
. nslookup ,
, BIND 9
( d e p r e c a t e d , -
) . nslookup,

. d i g ,

,
nslookup.
, , nslook
up dig ( ) ,
.
.
nslookup?
, nslookup
, DNS-.
nslookup D N S - ,
, D N S - .
, .
: nslookup D N S -
D N S - ? B I N D ?
, nslookup
D N S - , .
nslookup ,
. .
D N S - , nslookup
D N S - ,
DNS-,
. , D N S - , nslookup
. , nslookup

, D N S - ,
, .
, .

nslookup D N S -
. D N S - .
nameserver
resolv.conf.
resolv.conf
nameserver,

, ,
, ,
.
. , nslookup
, resolv.conf,

, .
,
. ,

DNS- -
, . nslookup
DNS-,
. ,

.

nslookup

DNS-. -
DNS- ,
D N S - ,
.
nslookup
D N S - ,
. D N S nslookup ,
, .

nslookup , , .
nslookup B I N D ,
,
search /etc/resolv.conf.
D N S -
, , nslookup

DNS-, ,
.

nslookup , D N S - . ,
D N S - , nslookup
S O A - ;
,
.
NIS /etc/hosts
nslookup
D N S - , .
, I S C , nslookup
D N S ; N I S /etc/hosts.
D N S , NIS
/etc/hosts
. , nslookup
,
DNS-.
1
?
nslookup .
nslookup .
,
.
, nslookup
NIS /etc/hosts;
H P - U X .
, D N S -
, .
,
nslookup:
% nslookup
Default Server:
Address:
toystory.movie.edu
0.0.0.0#53
? help.
D ( C t r l - D ) exit.
nslookup ( ,
) , .
nslookup
,
(, ) > .
1

:
% nslookup carrie
Server:
toystory.movie.edu
Address:
0.0.0.0#53
Name:
carrie.movie.edu
Address:
192.253.253.4
nslookup
,
.
.
,
.
% nslookup
Default Server:
Address:
0.0.0.0#53
> set all

Default Server:
Address:
0.0.0.0
Set options:
nodebug
defname
search
recurse
nod2
novc
noignoretc
port=53
querytype=A
class=IN
timeout=5
retry=4
root=a.root-servers.net.
domain=fx.movie.edu
nslookup BIND 9 ( 9.3.2).
srchlist=fx.movie.edu
BIND 9.3.2 :
nodebug
nod2
timeout = 0
recurse
retry = 3
port = 53
querytype = A
class = IN
novc
search
srchlist = fx.movie.edu
,
. DNS- bladerunner.fx.movie.edu.
, nslookup
bladerunner,
D N S - . 0 . 0 . 0 . 0
. nslookup
DNS-
0 . 0 . 0 . 0 1 2 7 . 0 . 0 . 1 , DNS-,
, -
bladerunner.
:
.
.
. ,
, ... . ,
, ?
, n o . , nodebug
, . , se
arch .
,
nslookup .
set (set debug set
domain=classics.movie.edu).

set (nslookup -de
bug nslookup -domain=classics.movie.edu).

. , nodeb
nodebug.
,
querytype
type.
:
[no]debug
. D N S .
.
([no]d2).
[no]defname
( B I N D 9 . 3 . 2 . )
, BIND ,
, , -
. nslookup
(search ,
me ) (search ) .
defna-
[no]search
search
(defname).
defname
,
search . nslookup
(srchlist) ,
.
[no]recurse
nslookup .
. B I N D
. DNS-
DNS- .
[no]d2
.
,
- . d2
debug. d2
d 2 ; debug . debug
debug, d 2 .
[no]vc
nslookup
UDP-,
T C P - . B I N D
U D P , nslookup
. D N S -
TCP,
nslookup.
[no]ignoretc
( B I N D 9 . 3 . 2 . )
nslookup .
( ,
D N S - U D P ) , nslookup ,
T C P - .
BIND. TCP-
, TCP-
UDP-.
port=53
DNS- 53.
D N S - ,
nslookup .
querytype=A
nslookup A ( ) R R -
. , I P - ( A
P T R ) , nslookup
, in-addr.arpa

PTR-.
class=IN
, - , - (IN).
, , Hesiod (HS) - Ultrix.
timeout=5
D N S - 5 , nslookup
( 1 0 , 2 0 ,
40 ). BIND
DNS-.
retry=4
.
.
BIND.
root=a.root-servers.net.
( B I N D 9 . 3 . 2 . )
root,
D N S - . root
nslookup

server a.root-servers.net.

D N S - nic.ddn.mil
( )
sri-nic.arpa
( ) .
set
root=server.
domain=fx.movie.edu
( B I N D 9 . 3 . 2 . )
,
defname.
srchlist=fx.movie.edu
search ,
, .

.
.nslookuprc
BIND 9.3.2 .nslookuprc .
nslookup
.nslookuprc.
nslookup

.nslookuprc
;
, .
.nslookuprc
set, .
, , nslookup
sri-nic.arpa
D N S - . D N S - ,
,

.nslookuprc:
set root=a.root-servers.net.
.nslookuprc

, ,
nslookup .

nslookup
,
. .

(set nosearch)

, . ,
.

,
nslookup:
IP-
MX-
DNS-. ,
, .

nslookup
. ,
querytype,
:
% nslookup
Default Server:
Address:
toystory.movie.edu
0.0.0.0#53
> misery
Server:
Address:
Name:
toystory.movie.edu
0.0.0.0#53
misery.movie.edu
Address:
192.253.253.2
-
> 192.253.253.2
Server:
toystory.movie.edu
Address:
0.0.0.0#53
Name:
misery.movie.edu
Address:
192.253.253.2
-
> set q=mx
MX-
> wormhole
Server:
toystory.movie.edu
Address:
0.0.0.0#53
wormhole.movie.edu
preference = 1 0 , mail exchanger = wormhole.movie.edu
wormhole.movie.edu
wormhole.movie.edu
> set q=any

> monsters-inc
Server:
toystory.movie.edu
Address:
0.0.0.0#53

preference = 10, mail exchanger = monsters
inc.movie.edu
, D N S .
A DNS
RR-.

, nslookup
,
, - .
:
% nslookup
Default Server: toystory.movie.edu
Address:
0.0.0.0#53
> slate.mines.colorado.edu.
Address: 0.0.0.0#53
Name:
slate.mines.colorado.edu
Address: 138.67.1.3
> slate.mines.colorado.edu.
Address:
0.0.0.0#53
Name:
Address: 138.67.1.3
. , DNS
slate.mines.colorado.edu, D N S - mines.colorado.edu,

mines.colorado.edu
. ,
D N S -
nslookup.
.
DNS- .
1
,
. ,
.
, .
, ,
, , ,
, , , ,
.
DNS-

D N S - - , ,
. DNS-
nslookup
lserver.
server lserver ,
lserver D N S - - ,
- ,
; server D N S -
. , ,
:
% nslookup
Default Server:
Address:
toystory.movie.edu
0.0.0.0#53
D N S - , toystory.movie.edu,

lserver.
.
> server galt.cs.purdue.edu.
Default Server:
Address:
galt.cs.purdue.edu
128.10.2.39#53
, BIND 9
.
> cs.purdue.edu.
Server:
galt.cs.purdue.edu
Address:
128.10.2.39#53
*** galt.cs.purdue.edu can't find cs.purdue.edu.: No response from server
D N S . D N S - galt.cs.purdue.edu

toystory.movie.edu:
> server toystory.movie.edu.
*** Can't find address for server toystory.movie.edu.: Query refused
, lserver
toystory.movie.edu
DNS-:
> lserver toystory.movie.edu.
Default Server:
Address:
toystory.movie.edu
192.249.249.3#53
> "D
D N S - galt.cs.purdue.edu
,
toystory.movie.edu,

D N S - toystory.

lserver: D N S - , toystory,
-
, .
lserver,
I P - toystory - server
192.249.249.3.
DNS-
. nslookup,
DNS , D N S -
, :
% nslookup
Default Server:
Address:
toystory.movie.edu
192.249.249.3#53
> saturn.sun.com. ns.sun.com.

Name Server:
Address:
Name:
ns.sun.com
192.9.9.3#53
saturn.sun.com
Addresses: 192.9.25.2
, , nslookup
. , ,
, :
% nslookup -type=mx fisherking.movie.edu. toystory.movie.edu.
nslookup
DNS toystory.movie.edu
M X -
fisherking.movie.edu.
, DNS-
, nslookup
:
% nslookup - toystory.movie.edu.

, ,
.
DNS B I N D ;
, , DNS- BIND,
.
-
-
nslookup
.
debug.
- d2.
set nodebug, set nod2
.
.
R F C 1 0 3 5 , 2 5
.
% nslookup
Default Server:
Address:
toystory.movie.edu
0.0.0.0#53
> set debug

> wormhole
Server:
Address:
toystory.movie.edu
0.0.0.0#53
Got answer:
HEADER:
opcode = QUERY, id = 6813, rcode = NOERROR
header flags:
response, auth. answer, want recursion,

questions = 1, answers = 2,
recursion avail.
authority records = 2,
additional = 3
QUESTIONS:
wormhole.movie.edu, type = A, class = IN
ANSWERS:
->
wormhole.movie.edu
ttl = 86400 (1D)
->
wormhole.movie.edu
ttl = 86400 (1D)
AUTHORITY RECORDS:
->
movie.edu
nameserver = toystory.movie.edu
ttl = 86400 (1D)
->
movie.edu
nameserver = wormhole.movie.edu
ttl = 86400 (1D)
ADDITIONAL RECORDS:
->
toystory.movie.edu
ttl = 86400 (1D)
->
wormhole.movie.edu
ttl = 86400 (1D)
->
wormhole.movie.edu
ttl = 86400 (1D)
Name:
wormhole.movie.edu
Addresses:
192.253.253.1,
192.249.249.1
> set d2
> wormhole
Server:
toystory.movie.edu
Address:
0.0.0.0#53
This time the query is also
SendRequest(
shown.
), len 36
HEADER:
header flags:
questions = 1,
query, want
recursion
answers = 0,
additional = 0
QUESTIONS:
wormhole.movie.edu, type = A, class = IN
Got answer (164 bytes):

The answer
is the same as above.
- -.
, , .
DNS : (header), (ques
tion), (answer), (authority) (additional).

. , nslookup,

Q U E R Y . :
( N O T I F Y )
( U P D A T E ) , nslookup ,
.
I D
.
, , ,
. want recursion ,
. auth. answer
. ,
D N S - , . , rcode,
: no error ( ) , server failure (
) , name error ( ,
nxdomain
nonexistent
domain - ) , not
implemented
( ) refused ( ) . server
failure,
name error, not implemented
refused
nslookup
Server failed, Nonexistent domain,
Not implemented Query refused .
,
, R R -
.
D N S ;
, .
D N S -

.
,

.
, ,
, .
R R - ,
. R R - .
, ,
.
DNS- (NS-
). DNS-
, DNS- .
,
. , D N S -
, .
, DNS-,
.
DNS- BIND
nslookup
,
D N S - . , D N S -
- .
,
, D N S - .
,
nslookup,

. DNS- ,
, D N S - .
nslookup
,
. ,
.
nslookup ,

.
D N S - , set norecurse
set nosearch. :
nslookup -norecurse
-nosearch.
DNS- BIND , ,
, .
, ,
D N S - ,
. D N S -
, ,
NS-.
NS-, .
D N S - N S -
- .
DNS-
N S - . ,
, DNS- DNS-
NS-. DNS- -
D N S - ,
.
D N S - ,
.
,
. DNS-
toystory.movie.edu
www.usps.gov
(
) , N S - ,
g o v . D N S - D N S - gov
. D N S - usps.gov. D N S - D N S - usps.gov
:
% nslookup
Default Server:
Address:
toystory.movie.edu
0.0.0.0#53
- DNS-:
-
- (
nslookup)
- ,
> set norec

> set nosearch
> set nodefnamt
> www.usps.gov
Server:
toystory.movie.edu
Address:
Name:
0.0.0.0#53
www.usps.gov
Served by:
- G.GOV.ZONEEDIT.COM
66.135.32.100
gov
-
F.GOV.ZONEEDIT.COM
66.197.185.229
gov
E.GOV.ZONEEDIT.COM
82.165.40.134
gov
D.GOV.ZONEEDIT.COM
209.97.207.48
gov
- C.GOV.ZONEEDIT.COM
69.72.142.35
gov
-
B.GOV.ZONEEDIT.COM
206.51.224.229
gov
- A.GOV.ZONEEDIT.COM
216.55.155.29
gov
D N S - gov ( D N S -
D N S - gov, ,
):
> server
g.gov.zoneedit.com
Default Server:
Address:
g.gov.zoneedit.com
66.135.32.100#53
D N S - g o v . D N S , :
> www.usps.gov
Server:
g.gov.zoneedit.com
Address:
66.135.32.100#53
Name: www.usps.gov
Served by:
- DNS072.usps.gov
56.0.72.25
usps.gov
- DNS096.usps.gov
56.0.96.25
usps.gov
- DNS141.usps.gov
56.0.141.25
usps.gov
D N S - usps.gov
- :
> server dns096.usps.gov

Default Server: dns096.usps.gov
Address: 56.0.96.25#53
> www.usps.gov
Server: dns096.usps.gov
Address: 56.0.96.25#53
Name: www.usps.gov
Address: 56.0.134.23
, , D N S .
, . 2.12 2.13.
,
, D N S - :
www.usps.gov?
,
, D N S - gov
www.usps.gov?
D N S -
, D N S - usps.gov.
? , -
. ,
. DNS- ,
DNS- ,
. DNS-,
,
, ;
, ,
D N S - .
,
, ,
,
, D N S - . , ?
, , DNS-
. ,
T L D - ,
. , - .

nslookup
ls. ,
,
.
, nslookup .
,
.
: D N S -
,
.
.
movie.edu.

, - S O A - ,
,
. nslookup
N S - ,
-d :
% nslookup
Default Server:
Address:
toystory.movie.edu
0.0.0.0#53
> ls -d movie.edu.
[toystory.movie.edu]
$ORIGIN movie.edu.
@
1D IN SOA
1D IN NS
toystory al (
2000091400
3H
1H
4W2D
1H )
toystory
1D IN NS
wormhole
wormhole
1D IN A
192.249.249.1
wh249
shrek
toys
cujo
1D
1D
1D
1D
1D
IN
IN
IN
IN
IN
A
A
A
CNAME
TXT
wh253
wh
shining
toystory
localhost
fx
1D
1D
1D
1D
1D
1D
IN
IN
IN
IN
IN
IN
A
CNAME
A
A
A
NS
192.253.253.1
192.249.249.1
192.249.249.2
toystory
"Location:" "machine" "room" "dog"
"house"
192.253.253.1
wormhole
192.253.253.3
192.249.249.3
127.0.0.1
bladerunner.fx
bladerunner.fx
1D IN A
192.253.254.2
fx
1D IN NS
outland.fx
outland.fx
1D IN A
192.253.254.3
fx
1D IN NS
huskymo.boulder.acmebw.com.
1D IN NS
tornado.acmebw.com.
mi
carrie
diehard
1D IN CNAME
1D IN A
1D IN A
monsters-inc
192.253.253.4
192.249.249.4
misery
1D IN A
192.253.253.2
1D IN SOA
toystory al (
2000091400
;
;
;
;
;
3H
1H
4W2D
1H )
, ,
. nslookup
:
> ls -d movie.edu
> /tmp/movie.edu -
/tmp/movie.edu
Received 25 answers (25 records).
nslookup vi
ew,
. B I N D 8 view ,
B I N D 9 9 . 3 . 2 .
nslookup
, , ,
. ,
nslookup
. nslookup ( )
, -
, .
nslookup

;
DNS-. .

, , .
nslookup
, ,
- , :
% nslookup
Default Server:
Address:
toystory.movie.edu
0.0.0.0#53
> movie.edu.
Address:
0.0.0.0#53
*** No address (A) records available for movie.edu.
? ,
set
type=any:
> set type=any
> movie.edu.
Server:
toystory.movie.edu
Address:
0.0.0.0#53
movie.edu
origin = toystory.movie.edu
mail addr = shrek.movie.edu
serial = 42
refresh = 10800 (3H)
retry
= 3600 (1H)
expire
= 604800 (7D)
minimum ttl = 86400 (1D)

movie.edu
nameserver = toystory.movie.edu
movie.edu
nameserver = wormhole.movie.edu
movie.edu
nameserver = zardoz.movie.edu
movie.edu

, ?
% nslookup
Default Server:
Address:
toystory.movie.edu
0.0.0.0#53
> toystory
Server:
toystory.movie.edu
Address:
0.0.0.0#53
*** toystory.movie.edu can't find toystory: No response from server
n o r e s p o n s e f r o m s e r v e r
: . ,
nslookup
- . ,
D N S - - 0 . 0 . 0 . 0 , , nslookup
( hostname)

Default
Server ( ) ,
. -
, . ,
D N S - , D N S -
.
, D N S - ,
, nslookup
. DNS-
, , D N S - ,
, ? ls:
% nslookup
Default Server:
Address:
> ls foo.
toystory.movie.edu
0.0.0.0#53
*** Can't list domain foo.: No response from server
D N S - .
, timed out (
) . D N S - ,
:
1
% nslookup
Default Server:
Address:
toystory.movie.edu
0.0.0.0#53
> ls foo.
*** Can't list domain foo.: No information
,
foo.
PTR- DNS-
nslookup:
, nslookup :
- , -
TCP- , (no respon
se), (timeout) . - .
..
% nslookup
*** Can't find server name for address 192.249.249.3: Non-existent host/
domain
*** Default servers are not available
nonexistent domain ( ) ,
3.249.249.192.in-addr.arpa
. ,
nslookup
1 9 2 . 2 4 9 . 2 4 9 . 3 ,
D N S - , . ,
nslookup ?
nslookup
. . resolv.conf,

nameserver,
nslookup
, DNS-
.
DNS-
1 9 2 . 2 4 9 . 2 4 9 . 3 , , P T R -
1 9 2 . 2 4 9 . 2 4 9 . 3 . ,
, ,

3.49.249.192.in-addr.arpa.
d e f a u l t s e r v e r s are n o t a v a i l a b l e ( D N S -
) .
, D N S - , ,
. ,
, no response
f r o m s e r v e r ( ) . d e f a u l t s e r v e r s are n o t a v a i l a b l e .

, .
nslookup
:
% nslookup
*** Can't find server name for address 192.249.249.3: Query refused
%
.
nslookup D N S - ,
PTR-, . ,
, , ,
, DNS-.
allow-query,
IP-
l o o p b a c k - , nslookup
, DNS-.
DNS- resolv.conf
:
% nslookup
*** Can't find server name for address 192.249.249.3: No response from server
Default Server:
Address:
wormhole.movie.edu
192.249.249.1
, resolv.conf,
.
resolv.conf
nameserver,

D N S - . nslookup
wormhole.movie.edu,

1 9 2 . 2 4 9 . 2 4 9 . 3 .
,
, , nslookup D N S - , .
. nslookup
d2 .
nslookup ,
:
% nslookup -d2
SendRequest(
), len 44
HEADER:
header flags:
questions = 1,
query, want recursion

answers = 0,
additional = 0
QUESTIONS:
3.249.249.192.in-addr.arpa,
type = PTR, class = IN
timeout (5 secs)
timeout (10 secs)
timeout (20 secs)
timeout (40 secs)
SendRequest failed
*** Can't find server name for address 192.249.249.3: No response from server
( t i m e o u t ) , nslookup 75
, .
75 ;
, .

, .
. ,

( nslookup,

, 14 D N S B I N D ) :
(root)
nameserver = NS.NIC.DDN.MIL
(root)
nameserver = B.ROOT-SERVERS.NET
(root)
nameserver =
(root)
nameserver = D.ROOT-SERVERS.NET
(root)
nameserver =
(root)
nameserver = C.ROOT-SERVERS.NET
(root)
nameserver =
E.ROOT-SERVERS.NET
F.ROOT-SERVERS.NET
*** Error: record size incorrect (1050690 != 65519)

*** relay.hp.com can't find .: Unspecified error
,
U D P - . D N S -
, .
, nslookup
T C P - ; , D N S -
, .
.
NS- ,
. (,
,
. ) ,
, ,
, , D N S -
. D N S -
root-servers.net

( 1 3 ) . : N S - . , ,
14. , 9
, .

.
, ,
. , ,

. , -
, , ,
. :
nslookup:
% nslookup
Default Server:
Address:
envy.ugcs.caltech.edu
131.215.134.135
> quit
Server:
envy.ugcs.caltech.edu
Addresses:
Name:
131.215.134.135,
ugcs.caltech.edu
Addresses:
Aliases:
131.215.128.135
131.215.128.135,
131.215.134.135
quit.ugcs.caltech.edu
use.exit.to.leave.nslookup.-.-.-.ugcs.caltech.edu
> exit
dig
nslookup. - nslookup dig, Do
main Information Groper - (
, ).
, dig , nslookup,
, . dig
src/bin/dig
(BIND 8)
bin/dig
( B I N D 9 ) B I N D .
, dig.
dig
,
dig . , ,
, (,
a , mx M X - ) -
;
. DNS-, ,
@ ,
I P - . D N S - resolv.conf.
dig .
, dig , mx - ,
, , , .
1
BIND 9 ( 9.1.0)
dig, ,
. DNS-, , .
nslookup dig ,
dig , ,

. :
% dig plan9.fx.movie.edu
plan9.fx.movie.edu;
DNS-
:
resolv.conf.
% dig acmebw.com mx
M X - acmebw.com
, :
DNS--
% dig @wormhole.movie.edu. movie.edu. soa
D N S - wormhole.movie.edu
vie.edu.
S O A - mo-
dig
dig D N S ,
( , , ,
), RR- -.
,

. , ,
:
% dig @a.root-servers.net ns .
:
; <<>> DiG 8.3 <<>> @a.root-servers.net
; (1 server found)
. ns
;; res options: init recurs defnam dnsrch

;; got answer:
flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
;; QUERY SECTION:
;;
., type = NS, class = IN
;; ANSWER SECTION:
.
6D IN NS
6D IN NS
H.ROOT-SERVERS.NET.
6D IN NS
C.ROOT-SERVERS.NET.
6D IN NS
G.ROOT-SERVERS.NET.
.
.
6D IN NS
6D IN NS
F.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.
6D IN NS
J.ROOT-SERVERS.NET.
6D IN NS
K.ROOT-SERVERS.NET.
6D IN NS
L.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.
6D IN NS
M.ROOT-SERVERS.NET.
6D IN NS
I.ROOT-SERVERS.NET.
6D IN NS
E.ROOT-SERVERS.NET.
6D IN NS
D.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.
6D IN A
198.41.0.4
H.ROOT-SERVERS.NET.
6D IN A
128.63.2.53
C.ROOT-SERVERS.NET.
6D IN A
192.33.4.12
G.ROOT-SERVERS.NET.
6D IN A
192.112.36.4
F.ROOT-SERVERS.NET.
6D IN A
192.5.5.241
B.ROOT-SERVERS.NET.
6D IN A
128.9.0.107
J.ROOT-SERVERS.NET.
5w6d16h IN A
198.41.0.10
K. ROOT-SERVERS.NET.
5w6d16h IN A
193.0.14.129
L.ROOT-SERVERS.NET.
5w6d16h IN A
198.32.64.12
M.ROOT-SERVERS.NET.
202.12.27.33
I.ROOT-SERVERS.NET.
5w6d16h IN A
6D IN A
E.ROOT-SERVERS.NET.
6D IN A
192.203.230.10
D.ROOT-SERVERS.NET.
6D IN A
128.8.10.90
192.36.148.17
;; Total query time: 116 msec

;; FROM: toystory.movie.edu to SERVER: a.root-servers.net
198.41.0.4
;; WHEN: Fri Sep 15 09:47:26 2000

MSG SIZE
sent: 17
rcvd: 436
.

DiG 8.3 <<>>
, ,
NS- DNS-
a.root-servers.net.
, (1 server found), , dig
, ,
" @ " , a.root-servers.net,
. ( dig
, ,
,
DNS-.)
, - > > HEADER
<<-,

,
DNS-. Q U E R Y ,
nslookup.
N O E R R O R ,
,
- - , .
I D - , 1 6 - ,
.
( f l a g s ) . qr
, , . dig
, , qr .
aa rd. aa -
, rd - , ,
( D N S - ) .
, rd ,
ra, , D N S . a.root-servers.net

DNS-, ,
11 ,
, .
rd , , ra.
, dig
13 ,
13 .
QUERY SECTION:

: N S - I N .
ANSWER
SECTION:
13 N S -
D N S - , ADDITIONAL
SECTION:
- 13 A - ,
13 D N S - .
,
AUTHORITY
SECTION:.
dig
. ,
D N S - .
,
DNS-.
. - .
dig:
nslookup,
dig
. , nslookup, dig ,
.
axfr ( )
. ,
D N S - ,
.
movie.edu
:
D N S - wormhole.movie.edu
% dig @wormhole.movie.edu movie.edu axfr

; <<>> DiG 8.3 <<>> @wormhole.movie.edu movie.edu axfr
; (1 server found)
$ORIGIN movie.edu.
@
1D IN SOA
toystory al (
2000091402
3H
1H
1D IN NS
1D IN NS
1W
1H )
toystory
wormhole
1D IN NS
1D IN A
outland.fx
wormhole
1D IN A
1D IN A
192.249.249.1
wh249
192.249.249.1
shrek
1D IN A
1D IN A
toys
1D IN CNAME
toystory
cujo
1D IN TXT
"Location:" "machine" "room" "dog"
wh253
1D IN A
192.253.253.1
wh
1D IN CNAME
wormhole
shining
1D IN A
1D IN A
192.253.253.3
outland.fx
192.253.254.3
192.253.253.1
192.249.249.2
"house"
toystory
localhost
fx
bladerunner.fx
fx
outland.fx
mi
carrie
monsters-inc
misery
@
192.249.249.3
1D IN A
1D IN NS
bladerunner.fx
1D IN A
1D IN NS
outland.fx
1D IN A
1D IN CNAME
monsters-inc
127.0.0.1
192.253.254.2
192.253.254.3
1D IN A
1D IN A
192.253.253.4
192.249.249.4
1D IN A
1D IN SOA
192.253.253.2
toystory al (
2000091402
3H
1H
1W
1H )
;; Received 25 answers (25 records).

;; FROM: toystory.movie.edu to SERVER: wormhole.movie.edu
;; WHEN: Fri Sep 22 11:02:45 2000
, , nslookup,
S O A -
: .
, dig,
-,
.
dig
dig
, ,

dig.
SOA-.
-x
nslookup ,
IP-
in-addr.arpa.
dig . -x, dig ,
IP- , in-addr.arpa.
-x ,
A N Y ,
I P - dig -x
10.0.0.1.
-p
,
53.
+norec[
urse ]
( ) .
+vc
TCP- ( U D P - ) .
13
BIND
- , , - ,
, .
- , !
- - , - .
- !

DNS-. DNS-
D E B U G ,
. ;
,
.
. ,
, D N S - ;
.
,
.
DNS-.

, D N S - ,
. ,
.
,
. ,
,
. ,
, 1
,
. -
-
, .
,
BIND 8
B I N D 9. : 2 1.
: ,
, .
,
. ,
14 D N S B I N D ,
, DNS-
.
B I N D 8 9 9 9 ,
l o g -
, .
BIND 8
. D N S ,

.
,

. 1

. ,
D N S , l o g -
. (referrals).
2 : IP-
DNS-, ,
RTT-; ;
- SYSTEM (sysquery) US
E R .
D N S - ,
: , ,
, -
DNS- ,
.
3- ,
, -
D N S - .

.
, (sysquery),
D N S - , ,
, .
4
4
,
D N S - .
.
5
5 ,
.
,
malloc()

DNS- .
6 , .
7 ,
.
10
10
,
DNS-.
, 4.
, D N S -
nslookup dig.
11

, ,
.
BIND 9
1 DNS-:
, ( SOA-, ,
), NOTIFY-
( DNS-).
2 .
3
. ,
(
requestmgr_detach?), . 3
, log-
; , , DNS-
log- log-
. D N S S E C
TSIG- .
4 DNS-
A X F R , .
5 ,
.
6 ,
D N S - ,
.

: ,
, .
, ,
8: ,
.
, ,
RR-,
.
10
10 ,
.
20
20 .
90

B I N D 9.
B I N D 8 9 D N S -
,
. print-severity
(.
log- 7 B I N D ) .
, -
B I N D ,
, , , .
, , D N S -
, , , DNS- ;
.

DNS-
.
,
,
.

. DNS-
named.run
.

sortlist, , ,
, D N S -
( , ,
syslog, ) .
,
,

. , ,
: -d
.

D N S - ,
.
, rndc (
ndc B I N D 8 )
DNS-.
3, :
# rndc trace 3
# rndc notrace
,
, rndc
.

.
DNS-.
. - DNS-, .
D N S - , D N S - ,
. ( ) D N S , .
, , ,
,
. , ,
, . -
,
( , . . ) .
DNS- (BIND 8, 1)

D N S - . D N S - B I N D 8.
- d 1, ,
named.run:
1) Debug level 1
2) Version = named 8.2.3-T7B Mon Aug 21 19:21:21 MDT 2000
3)
cricket@abugslife.movie.edu:/usr/local/src/bind-8.2.3-T7B/src/bin/named
4) conffile = ./named.conf
5) starting.
6)
named 8.2.3-T7B Mon Aug 21 19:21:21 MDT 2000
cricket@abugslife.movie.edu:/usr/local/src/bind-8.2.3-T7B/src/bin/named
7) ns_init(./named.conf)
8) Adding 64 template zones
9) update_zone_info('0.0.127.in-addr.arpa',
1)
10) source = db.127.0.0

11) pu rge_zone(0.0.127.in-addr.arpa,1)
12) reloading zone
13) db_load(db.127.0.0, 0.0.127.in-addr.arpa,
1, Nil, Normal)
14) purge_zone(0.0.127.in-addr. arpa,1)

15) master zone "0.0.127.in-addr.arpa" (IN) loaded (serial 2000091500)
16) zone[1] type 1: '0.0.127.in-addr.arpa' z_time 0, z_refresh 0
17) update_zone_info('.', 3)
18) source = db.cache
19) reloading hint zone
20) db_load(db.cache,
, 2, Nil, Normal)
21) pu rge_zone(,1)
22) hint zone "" (IN) loaded (serial 0)
23) zone[2] type 3: '.' z_time 0, z_refresh 0

24) update_pid_file(
25) getnetconf(generation
969052965)
26) getnetconf: considering lo [127.0.0.1]

27) ifp->addr [127.0.0.1].53 d_dfd 20
28) evSelectFD(ctx 0x80d8148, fd 20, mask 0x1, func 0x805e710, uap
0x40114344)
29) evSelectFD(ctx 0x80d8148, fd 21, mask 0x1, func 0x8089540, uap
0x4011b0e8)
30) listening on [127.0.0.1].53 (lo)
31) getnetconf: considering eth0
[192.249.249.3]
32) ifp->addr [192.249.249.3].53 d_dfd 22

33) evSelectFD(ctx 0x80d8148, fd 22, mask 0x1, func 0x805e710, uap
0x401143b0)
34) evSelectFD(ctx 0x80d8148, fd 23, mask 0x1, func 0x8089540, uap
0x4011b104)
35) listening on [206.168.194.122].53
(eth0)
36) fwd ds 5 addr [0.0.0.0]. 1085

37) Forwarding source address is [0.0.0.0].1085
38) evSelectFD(ctx 0x80d8148, fd 5, mask 0x1, func 0x805e710, uap 0)
39) evSetTimer(ctx 0x80d8148, func 0x807cbe8, uap 0x40116158, due
969052990.812648000, inter 0.000000000)
40) exit ns_init(
41) update_pid_file(
42) Ready to answer queries.

43) prime_cache: priming = 0, root = 0
44) evSetTimer(ctx 0x80d8148, func 0x805bc30, uap 0, due 969052969.000000000,
inter 0.000000000)
45) sysquery: send -> [192.33.4.12].53 dfd=5 nsid=32211 id=0
retry=969052969
46) datagram from [192.33.4.12].53, fd 5, len 436

47) 13 root servers
, ,
.
BIND .
8 . 2 . 3 - T 7B ISC ( I n t e r n e t S o f t w a r e C o n
sortium) 2000 .
,
./named.conf.
7 - 2 3
BIND. DNS- ,
db.127.0.0
( 9 - 1 6 ) db.cache
(
1 7 - 2 3 ) . 9
(0.0.127.inaddr.arpa),
10 - ,
(db.127.0.0).
11 ,
. 1 2
, ,
.
1 3 - 1 5 . 16 2 3 z_time -
, z_refresh
- . -
, D N S -
.
2 5 3 9
. (
. ) 2 0 21 ( 2 7 - 2 9 )
l o o p b a c k - , 1 2 7 . 0 . 0 . 1 . 2 0 -
, 21 - . 2 2 2 3
( 3 2 - 3 4 ) 1 9 2 . 2 4 9 . 2 4 9 . 3 .
;
,
. 5 ( 3 6 - 3 9 )
, 0 . 0 . 0 . 0 .
- , - ,
.
, .
, named
, , ,
.
named D N S - , ,
. named ,
, ,
. named ,
, . na
med ? ,
,
,
. ,
.
, ,
- ,
. DNS-
I P - , ,

. named
- , ,
,
.
named ,
IP-.
43 47 DNS-
, DNS-
.
. DNS- ,
13 D N S - .
, DNS- .
DNS- (BIND 9, 1)
, D N S - B I N D 9.
DNS- BIND 9
named.run,

. , ,
, D N S -
named.run,

. named.run

:
1 26-Jun-2005 15:34:23.136 starting BIND 9.3.2 -d1
2 26-Jun-2005 15:34:23.232 loading configuration from
'/etc/named.conf
3 26-Jun-2005 15:34:23.247 no IPv6 interfaces found

4 26-Jun-2005 15:34:23.247 listening on IPv4 interface lo, 127.0.0.1#53
5 26-Jun-2005 15:34:23.248 listening on IPv4 interface eth0, 192.249.249.3#53
6 26-Jun-2005 15:34:23.255 command channel listening on 127.0.0.1#953
1 2 B I N D ( 9 . 3 . 2 )
.
3 ,
I P v 6 ; , B I N D 9
.
4 5 , DNS-
lo ( l o o p b a c k , ) eth0 (
E t h e r n e t ) . B I N D 9 #,

B I N D 8, []..
6
, named
9 5 3 - .
B I N D 9
,
, options
, :
options {
};
named.run
/var/named:
1 26-Jun-2005 15:34:23.255 now using logging configuration from config file

2 26-Jun-2005 15:34:23.256 load_configuration: success
3 26-Jun-2005 15:34:23.256 zone 0.0.127.IN-ADDR.ARPA/IN: starting load
4 26-Jun-2005 15:34:23.258 zone 0.0.127.IN-ADDR.ARPA/IN:
loaded
5 26-Jun-2005 15:34:23.258 zone 0.0.127.IN-ADDR.ARPA/IN: journal
rollforward
completed successfully: no journal

6 26-Jun-2005 15:34:23.258 zone 0.0.127.IN-ADDR.ARPA/IN: loaded serial 3
7 26-Jun-2005 15:34:23.258 zone authors.bind/CH: starting load
8 26-Jun-2005 15:34:23.259 zone authors.bind/CH: loaded
9 26-Jun-2005 15:34:23.259 zone hostname.bind/CH: starting load
10 26-Jun-2005 15:34:23.259 zone hostname.bind/CH: loaded

11 26-Jun-2005 15:34:23.259 zone version.bind/CH: starting load
12 26-Jun-2005 15:34:23.259 zone version.bind/CH: loaded
13 26-Jun-2005 15:34:23.260 zone id.server/CH: starting load
14 26-Jun-2005 15:34:23.260 zone id.server/CH: loaded
15 26-Jun-2005 15:34:23.260 dns_zone_maintenance: zone
0.0.127.IN-ADDR.ARPA/
IN: enter
16 26-Jun-2005 15:34:23.260 dns_zone_maintenance: zone version.bind/CH:

enter
17 26-Jun-2005 15:34:23.260 dns_zone_maintenance: zone hostname.bind/CH:
enter
18 26-Jun-2005 15:34:23.260 dns_zone_maintenance: zone authors.bind/CH:
enter
19 26-Jun-2005 15:34:23.260 dns_zone_maintenance: zone id.server/CH: enter
20 26-Jun-2005 15:34:23.263 running
3 - 6
starting ( ) loaded ( )
. no journal . ( ,
1 0 ,
, .)
7 - 1 4 C H A O S N E T :
authors.bind,
hostname.bind,
version.bin
id.server.
, 1 5 - 1 9
. , ,
SOA- -
NOTIFY-.

CHAOSNET, DNS- , , dig
authors.bind,
any
CHAOSNET:
# dig @wormhole.movie.edu authors.bind any c
; <<>> DiG 9.3.2 <<>> @wormhole.movie.edu authors.bind any ch
; (1 server found)
;; global options:
printcmd
;; Got answer:
->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6822
flags: qr aa rd; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 0
;authors.bind.
CH
ANY
;; ANSWER SECTION:
authors.bind.
CH
TXT
"Mark Andrews"
authors.bind.
CH
TXT
"James Brister"
authors.bind.
CH
TXT
"Ben Cottrell"
authors.bind.
CH
TXT
"Michael Graff"
authors.bind.
CH
TXT
"Andreas Gustafsson"
authors.bind.
CH
TXT
"Bob Halley"
authors.bind.
CH
TXT
"David Lawrence"
authors.bind.
CH
TXT
"Danny Mayer"
authors.bind.
CH
TXT
"Damien Neil"
authors.bind.
CH
TXT
"Matt Nelson"
authors.bind.
CH
TXT
"Michael Sawyer"
authors.bind.
CH
TXT
authors.bind.
86400
CH
"Brian Wellington"
SOA
authors.bind.
hostmaster.authors.bind. 0 28800 7200 604800 86400

authors.bind.
CH
NS
authors.bind.
Query time: 2 msec

;; SERVER:
wormhole.movie.edu#53(192.249.249.1)
;; WHEN: Sun Jun 26 16:30:28 2005

MSG SIZE
rcvd: 402
(BIND 8, 1)
,
ndc,
,
:
# ndc trace 1
# /etc/ping galt.cs.purdue.edu.
# ndc notrace

named.run:
datagram from [192.249.249.3].1162, fd 20, len 36

req: nlookup(galt.cs.purdue.edu) id 29574 type=1 class=1
req: missed 'galt.cs.purdue.edu' as '' (cname=0)
forw: forw -> [198.41.0.10].53 ds=4 nsid=40070 id=29574 2ms retry 4sec
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 9, ADDITIONAL: 9
galt.cs.purdue.edu, type = A, class = IN
EDU.
6D IN NS
A.ROOT-SERVERS.NET.
EDU.
6D IN NS
H.ROOT-SERVERS.NET.
EDU.
6D IN NS
B.ROOT-SERVERS.NET.
EDU.
6D IN NS
C.ROOT-SERVERS.NET.
EDU.
6D IN NS
D.ROOT-SERVERS.NET.
EDU.
6D IN NS
E.ROOT-SERVERS.NET.
EDU.
6D IN NS
I.ROOT-SERVERS.NET.
EDU.
6D IN NS
F.ROOT-SERVERS.NET.
EDU.
6D IN NS
G.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.
5w6d16h IN A
H.ROOT-SERVERS.NET.
5w6d16h IN A
128.63.2.53
B.ROOT-SERVERS.NET.
5w6d16h IN A
128.9.0.107
C.ROOT-SERVERS.NET.
5w6d16h IN A
192.33.4.12
198.41.0.4
D.ROOT-SERVERS.NET.
5w6d16h IN A
E.ROOT-SERVERS.NET.
5w6d16h IN A
128.8.10.90
192.203.230.10
I.ROOT-SERVERS.NET.
5w6d16h IN A
192.36.148.17
F.ROOT-SERVERS.NET.
5w6d16h IN A
192.5.5.241
G.ROOT-SERVERS.NET.
5w6d16h IN A
192.112.36.4
resp: nlookup(galt.cs.purdue.edu) qtype=1

resp: found 'galt.cs.purdue.edu' as 'edu' (cname=0)
resp: forw -> [192.36.148.17].53 ds=4 nsid=40071 id=29574 1ms
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 4
;;
galt.cs.purdue.edu, type = A, class = IN
PURDUE.EDU.
2D IN NS
NS.PURDUE.EDU.
PURDUE.EDU.
2D IN NS
MOE.RICE.EDU.
PURDUE.EDU.
2D IN NS
PENDRAGON.CS.PURDUE.EDU.
PURDUE.EDU.
2D IN NS
HARBOR.ECN.PURDUE.EDU.
NS.PURDUE.EDU.
2D IN A
128.210.11.5
MOE.RICE.EDU.
2D IN A
128.42.5.4
2D IN A
128.10.2.5
2D IN A
128.46.199.76

resp: found 'galt.cs.purdue.edu' as 'cs.purdue.edu' (cname=0)
send_msg -> [192.249.249.3].1162 (UDP 20) id=29574
Debug off
-, , IP-
, , D N S - .
.
, ,
,

.
IP- .
, .
.
.
, ,
. , , , ,
, ;
,
.
I P - 1 9 2 . 2 4 9 . 2 4 9 . 3
(toystory.movie.edu).
1 2 7 . 0 . 0 . 1
, ,
DNS-. , ,
1162. DNS-
( f d ) 2 0 . D N S - ,
, ,
2 0 . (len) 3 6 .
req: nlookup(galt.cs.purdue.edu) id 29574 type=1 class=1
req,
, . ,
, - galt.cs.purdue.edu.
- 29574.
type=1 ,
. class=1
- IN.
/usr/
include/arpa/nameser.h.
req: missed 'galt.cs.purdue.edu' as
(cname=0)
D N S - .
DNS-,
;
( ) . cname=0
,
D N S - C N A M E - . C N A M E - ,
, cname .
forw: forw -> [198.41.0.10].53 ds=4 nsid=40070 id=29574 2ms retry 4sec
( 5 3 ) D N S - 1 9 8 . 4 1 . 0 . 1 0
(j.root-servers.net).
DNS-
4 ( ) . D N S -
4 0 0 7 0 (nsid=40070),
.
2 9 5 7 4 (id=29574),
nlookup. D N S -
DNS-.
D N S - j.root-servers.net.

,
.
, , ,
. , qtype=1
, .
resp: found 'galt.cs.purdue.edu' as 'edu' (cname=0)
edu.
1 9 2 . 3 6 . 1 4 8 . 1 7 (i.root-servers.net),
edu. i.root-servers.net

purdue.edu.
resp: found 'galt.cs.purdue.edu' as 'cs.purdue.edu' (cname=0)
cs.purdue.edu.
D N S - 1 2 8 . 4 6 . 1 9 9 . 7 6 (harbor.ecn.purdue.edu)

. , , 40072.
D N S - harbor.ecn.purdue.edu
.
, .
send_msg -> [192.249.249.3].1162 (UDP 20) id=29574
, , ,
DNS- (
1162,
) . U D P - ( T C P - ) 20.
D N S -
; .
l o g - D N S -
.
, , .
. ,
nlookup, .
nsid-. BIND 8 ,
nsid-.
(BIND 9, 1)

D N S - B I N D 9
1, . ,
, ,
. :
1
28-Jun-2005 21:14:20.554 createfetch: galt.cs.purdue.edu A
28-Jun-2005 21:14:20.568 createfetch: . NS
, .
log-, .
/etc/named.conf
:
logging {
category queries {
default_debug;
};
};
:
1
28-Jun-2005 21:16:36.080 client 192.249.249.3#1090: query:

galt.cs.purdue.edu IN A +
28-Jun-2005 21:16:36.081 createfetch: galt.cs.purdue.edu A
28-Jun-2005 21:16:36.081 createfetch: . NS
, IP- 1 9 2 . 2 4 9 . 2 4 9 . 3 (
) , 1 0 9 0 ,
galt.cs.purdue.edu.
+
, .
D N S - ,
; ,
, .

(BIND 8, 1)
, , -
.
,
,
.
, .
IP-
. , !
1 Debug turned ON, Level 1
2
3 datagram from toystory.movie.edu port 3397, fd 20, len 35
4 req: nlookup(ucUNIX.san.uc.edu) id 1 type=1 class=1
5 req: found 'ucUNIX.san.uc.edu' as 'edu' (cname=0)
6 forw: forw -> i.root-servers.net
port 53
ds=4 nsid=2 id=1 0ms retry 4 sec
7
8 datagram from i.root-servers.net
port 53, fd 4, len 240
<delegation lines removed>

9 resp: nlookup(ucUNIX.san.uc.edu) qtype=1
10 resp: found 'ucUNIX.san.uc.edu' as 'san.uc.edu' (cname=0)
11 resp: forw -> uceng.uc.edu port 53 ds=4 nsid=3 id=1 0ms
12 resend(addr=1 n=0) - > ucbeh.san.uc.edu port 53 ds=4 nsid=3 id=1 0ms
13
14 datagram from toystory.movie.edu port 3397, fd 20, len 35
15 req: nlookup(ucUNIX.san.uc.edu) id 1 type=1 class=1
16 req: found 'ucUNIX.san.uc.edu' as 'san.uc.edu' (cname=0)
17 resend(addr=2 n=0) - > uccba.uc.edu port 53 ds=4 nsid=3 id=1 0ms
18 resend(addr=3 n=0) - > mail.cis.ohio-state.edu port 53 ds=4 nsid=3 id=1 0ms

19
20 datagram from mail.cis.ohio-state.edu
21 send_msg -> terminator.movie.edu
port 53, fd 4, len 51
(UDP 20 3397) id=1
, ( 1 - 1 1 ) :
D N S - ucUNIX.san.uc.edu,
D N S - edu (i.root-servers.net),
,
D N S - uc.edu,
(uceng.uc.edu).
resend ( 1 2 , 17 1 8 ) .
forw 11 resend(addr=0
n=0);
,
, . uceng.uc.edu
, D N S -
ucbeh.san.uc.edu
( 1 2 ) , uccba.uc.edu
( 1 7 ) mail.cis.ohio-state.edu
( 18).
, D N S - mail.cis.ohio-state.edu
(
2 0 ) . ,
nsid=3; ,
.
,
toystory.movie.edu
( 14). , ,
, ,
3.
, . DNS-
,
. DNS-
, .
, forw: req:,
, .
, , DNS ?
, DNS-
( nsid=).
, ,
D N S - . D N S , , ,
.
D N S - B I N D 9 . 1 . 0 ,
,

B I N D 9. , 3 B I N D
9 . 1 . 0 , D N S -
.
DNS-
(BIND 8, 1)
, ,
DNS-.

S O A - ,
, nslookup dig,
1 4 .
,
. ,
.

D N S - - , -
,
. , DNS-
B I N D 8
.
DNS-
named.run,
xfer.ddt.PID.
PID - .
- D N S -

xfer.ddt.PID,
,
. 1
l o g - print-time
(BIND 8).
3 , , ,
, .
RR-
xfer.ddt.PID
.
21-Feb 00:13:18.026 do_zone_maint for zone movie.edu (class IN)
21-Feb 00:13:18.034 zone_maint('movie.edu')
21-Feb 00:13:18.035
qserial_query(movie.edu)
21-Feb 00:13:18.043 sysquery: send -> [192.249.249.3].53 dfd=5

nsid=29790 id=0 retry=888048802
21-Feb 00:13:18.046 qserial_query(movie.edu) QUEUED
21-Feb 00:13:18.052 next maintenance for zone 'movie.edu' in 2782 sec
21-Feb 00:13:18.056 datagram from [192.249.249.3].53, fd 5, len 380
21-Feb 00:13:18.059 qserial_answer(movie.edu,
26739)
21-Feb 00:13:18.060 qserial_answer: zone is out of date

21-Feb 00:13:18.061 startxfer(
) movie.edu
21-Feb 00:13:18.063 /usr/etc/named-xfer -z movie.edu -f db.movie
-s 26738 -C 1 -P 53 -d 1 -l xfer.ddt 192.249.249.3
21-Feb 00:13:18.131 started xfer child 390
21-Feb 00:14:02.089 endxfer: child 390 zone movie.edu
returned
status=1 termsig=-1
21-Feb 00:14:02.094 loadxfer(
21-Feb 00:14:02.094
) "movie.edu"
purge_zone(movie.edu,1)
21-Feb 00:14:30.049 db_load(db.movie, movie.edu, 2, Nil)

21-Feb 00:17:12.478 slave zone "movie.edu" (IN) loaded (serial 26739)
21-Feb 00:17:12.486 no schedule change for zone 'movie.edu'
21-Feb 00:42:44.817 Cleaned cache of 0 RRs
21-Feb 00:45:16.046 do_zone_maint for zone movie.edu (class IN)
21-Feb 00:45:16.054
zone_maint('movie.edu')
21-Feb 00:45:16.055
21-Feb 00:45:16.063 sysquery: send -> [192.249.249.3].53 dfd=5

nsid=29791 id=0
retry=888050660
21-Feb 00:45:16.066 qserial_query(movie.edu) QUEUED

21-Feb 00:45:16.074 datagram from [192.249.249.3].53, fd 5, len 380
21-Feb 00:45:16.077 qserial_answer(movie.edu,
26739)
21-Feb 00:45:16.078 qserial_answer: zone serial is still OK

,
.
.
D N S - , movie.edu. , 0 0 : 1 3 : 1 8 . 0 2 6 , ,
.
S O A -
. ,
0 0 : 1 3 : 1 8 . 0 5 9 0 0 : 1 3 : 1 8 . 1 3 1 ,
( 2 6 7 3 9 ) , , ,
(pid 390)
. 0 0 : 1 3 : 1 8 . 1 3 2 7 2 0 0
. , .
0 0 : 1 4 : 0 2 . 0 8 9 .
1 ,
. ( t i m e 0 0 : 1 4 : 0 2 . 0 9 4 ) ,
.
( 0 0 : 1 4 : 3 0 . 0 5 8 ) 1 8 4 6
. 3600 ,
1 8 4 6 ? D N S -
.
, 3 6 0 0 ,
,
( 1 8 0 0 ) , ( 3 6 0 0 ) . 0 0 : 4 5 : 1 6 . 0 4 6
,
.
, ,
0 0 : 4 2 : 4 4 . 8 1 7 , - . :
, ,
.
DNS- -
B I N D 4.
B I N D 8,
,
.
,
, N O T I F Y :
rcvd NOTIFY(movie.edu, IN, SOA) from
[192.249.249.3].1059
sysquery: send -> [192.249.249.3].53 dfd=5
nsid=29790 id=0
retry=888048802
DNS-
(BIND 9, 1)
D N S - B I N D 9 . 3 . 1 1,
, . :
04-Jul-2005 15:05:00.059 zone_timer: zone movie.edu/IN: enter
04-Jul-2005 15:05:00.059 zone_maintenance: zone movie.edu/IN: enter
04-Jul-2005 15:05:00.059 queue_soa_query: zone movie.edu/IN: enter
04-Jul-2005 15:05:00.059 soa_query: zone movie.edu/IN: enter
04-Jul-2005 15:05:00.061
refresh_callback: zone movie.edu/IN: enter
04-Jul-2005 15:05:00.062 refresh_callback: zone movie.edu/IN: Serial: new

2005010923,old 2005010922
04-Jul-2005 15:05:00.062 queue_xfrin: zone movie.edu/IN: enter
04-Jul-2005 15:05:00.062 zone movie.edu/IN: Transfer started.
04-Jul-2005 15:05:00.062 zone movie.edu/IN: requesting IXFR from
192.249.249.3#53
04-Jul-2005 15:05:00.063 transfer of 'movie.edu/IN' from 192.249.249.3#53:
connected using
04-Jul-2005 15:05:00.070 calling
192.249.249.2#1106
free_rbtdb(movie.edu)
04-Jul-2005 15:05:00.070 zone movie.edu/IN: zone transfer finished: success

04-Jul-2005 15:05:00.070 zone movie.edu/IN: transferred serial 5
04-Jul-2005 15:05:00.070 transfer of 'movie.edu' from 192.249.249.3#53: end
of transfer
04-Jul-2005 15:05:01.089 zone_timer: zone movie.edu/IN: enter
04-Jul-2005 15:05:01.089 zone_maintenance: zone movie.edu/IN: enter
04-Jul-2005 15:05:19.121 notify_done: zone movie.edu/IN: enter
04-Jul-2005 15:05:19.621 notify_done: zone movie.edu/IN: enter
, 1 5 : 0 5 : 0 0 . 0 5 9 ,
, DNS-
( ) . - , D N S -
S O A - IN -
movie.edu
(queue_soa_query
) - . 15:05:00.062
, DNS-
, ( 2 0 0 5 0 1 0 9 2 3 2 0 0 5 0 1 0 9 2 2 ) ,
(queue_xfrin).

( 1 5 : 0 5 : 0 0 . 0 7 0 ) , 1 5 : 0 5 : 0 1 . 0 8 9
DNS-
(zone_timer).

movie.edu.
, DNS-
movie.edu movie.edu,
D N S -
( A - ,
A 6 - AAAA-!), .
DNS- NOTIFY-
- , , - DNS-,
NS-
movie.edu.
DNS-
(BIND 8)
,
BIND
D N S - B I N D 8.
galt.cs.purdue.edu,
,
.
foo.bar. :
1 datagram from cujo.horror.movie.edu 1109, fd 6, len 25
2 req: nlookup(foo.bar) id 19220 type=1 class=1
3 req: found 'foo.bar' as '' (cname=0)
4 forw: forw -> D.ROOT-SERVERS.NET 53 ds=7 nsid=2532 id=19220 0ms retry 4sec
5
6 datagram from D.ROOT-SERVERS.NET 53, fd 5, len 25
7 ncache: dname foo.bar, type 1, class 1
8 send_msg -> cujo.horror.movie.edu 1109 (UDP 6) id=19220
9
11 req: nlookup(foo.bar.horror.movie.edu)
id 19221 type=1 class=1
12 req: found 'foo.bar.horror.movie.edu' as 'horror.movie.edu' (cname=0)

13 forw: forw -> carrie.horror.movie.edu 53 ds=7 nsid=2533 id=19221 0ms
retry 4sec
14 datagram from carrie.horror.movie.edu 53, fd 5, len 42
15 ncache: dname foo.bar.horror.movie.edu, type 1, class 1
16 send_msg -> cujo.horror.movie.edu 1110 (UDP 6) id=19221
foo.bar:

18 req: nlookup(foo.bar) id 15541 type=1 class=1
19 req: found 'foo.bar' as 'foo.bar' (cname=0)
20 ns_req: answer -> cujo.horror.movie.edu 1111 fd=6 id=15541 size=25 Local
21
23 req: nlookup(foo.bar.horror.movie.edu)
id 15542 type=1 class=1
24 req: found 'foo.bar.horror.movie.edu' as 'foo.bar.horror.movie.edu'

(cname=0)
25 ns_req: answer -> cujo.horror.movie.edu 1112 fd=6 id=15542 size=42 Local
. ,
( 2 ) ,
, .
,
. ,
horror.movie.edu,
.

(ncache).

( 19), ,
,
. ( , 3 1 9 . 3:
foo.bar, 19
.)
DNS-
(BIND 9)
DNS- BIND 9.3.1
foo.bar:
04-Jul-2005 15:45:42.944
client cujo.horror.movie.edu#1044: query: foo.bar A +
04-Jul-2005 15:45:42.945 createfetch: foo.bar. A

04-Jul-2005 15:45:42.945 createfetch: . NS
04-Jul-2005 15:45:43.425 client cujo.horror.movie.edu#1044: query:
foo.bar. horror.movie.edu A +
04-Jul-2005 15:45:43.425 createfetch: foo.bar.horror.movie.edu. A
, , ,
/etc/named.conf
,
:
logging {
category queries {
default_debug;
};
, B I N D 8,
. ,
1 5 : 4 5 : 4 2 . 9 4 4 , foo.bar,
cujo.horror.movie.edu
(,
, IP- ,
) . ,
D N S - (createfetch)

foo.bar: - , foo.bar,
- , NS-
,
foo.bar.
NS- , DNS-
D N S - foo.bar
, bar . ,
, .
, 1 5 : 4 5 : 4 3 . 4 2 5 ,
cujo.horror.movie.edu

foo.bar.horror.movie.edu. D N S - (createfetch)

.
foo.bar
04-Jul-2005 15:45:46.557 client cujo.horror.movie.edu#1044: query: foo.bar A +

04-Jul-2005 15:45:46.558 client cujo.horror.movie.edu#1044: query:
foo.bar.horror.movie.edu A +
createfetch?
.
DNS-
. , IP .
Perl:
#!/usr/bin/perl -n
use "Socket";
if (/\b)(\d+\.\d+\.\d+\.\d+)\b/)
$addr = pack('C4', split(/\./, $1));

($name, $rest) = gethostbyaddr($addr, &AF_INET);
if($name) {s/$1/$name/;
}
print;
named.run

,
DNS-.
14
DNS BIND
- !
! - .
- ?
- , , - .
- ...
- ! - .
-

!

nslookup dig, ,
, D N S - .
,
U N I X , ping,

DNS BIND.
- , .
.
,
, , , ,
, .

,
, .
NIS?

DNS BIND, ,
, , N I S , ,
D N S . N I S
, .
, B S D - n s l o o k u p N I S .
nslookup S u n ,
D N S - ,
NIS.
, ?
nslookup
N I S ,
N I S . , nslookup H P - U X ,
NIS :
% nslookup
Default NIS Server:
Address:
toystory.movie.edu
192.249.249.3
, N I S , -
ypcat hosts.
, , andrew.cmu.edu

NIS, :
% ypcat hosts | grep andrew.cmu.edu
N I S ( ,
), .
, U N I X , nsswitch.conf,
,
hosts. ,
NIS:
hosts:
nis dns files
-
:
hosts:
dns nis files

witch.conf
6 .
nss

. DNS ,
.

nslookup,
dig
DNS-. , -
,
: named-xfer,
.
named-xfer
named-xfer
- , DNS- BIND 8
. (, , , DNS- B I N D 9 -
:
. ) named-xfer
,
, ,
.
13 B I N D
D N S - B I N D 8,
.
(named-xfer)

. , named-xfer

, , named,

(
named).
, ,
, , named
. ,
:
% /usr/sbin/named-xfer
Usage e r r o r : no domain
Usage: named-xfer
-z zone_to_transfer
-f db_file
[-i i x f r _ f i l e ]
[-s s e r i a l _ n o ]
[-d d e b u g _ l e v e l ]
[-l debug_log_file]
[-t t r a c e _ f i l e ]
[-p p o r t ]
[-S] [-Z]
[-C c l a s s ]
[-x a x f r - s r c ]
[-X
axfr-src-v6]
[-T t s i g _ i n f o _ f i l e ]
servers [ - i x f r | - a x f r ] . . .
named-xfer
B I N D 8.4.7.
named-xfer
.
named named-xfer
-z ( ,
) , -f (
, named.conf),
-s
(
SOA-), ,
(IP-
masters
zone named.conf).
named
, -d
named-xfer.

, ,
TSIG- .
named-xfer

-d. ( ,

!)

- l . /var
/tmp/xfer.ddt.XXXXXX,
XXXXXX
- ,
,
/usr/tmp. ,
, IP-.
, ,

toystory.movie.edu:
% /usr/sbin/named-xfer -z movie.edu -f /tmp/db.movie -s 0 toystory.movie.edu
% echo $?
4
(serial),
named-xfer,

. 0 ,
movie.edu t o y s t o r y ( ,
) ,
. ,
namedxfer /tmp,
.
? ,
named-xfer.
B I N D 8 . 1 . 2
:
0
,
.
/ , named-xfer
,
, ; ,
l o g - syslog.
, log syslog.
B I N D 8 . 2
:
4
AXFR- () .
IXFR- () .
D N S - A X F R named-xfer
I X F R .
DNS-, I X F R ,

. , -
, .
, BIND 8.2
named-xfer
1.
4 7.
named-xfer?
B I N D 9 named-xfer
, - nslookup
dig . ,
, ,
named-xfer.
dig
:
% dig @toystory.movie.edu movie.edu axfr
8 nslookup
DNS-
ls -d .
, dig, nslookup
, named-xfer.
nslookup ,
:
> ls movie.edu
*** C a n ' t l i s t domain m o v i e . e d u : U n s p e c i f i e d
error
allow-transfer,


movie.edu, .
,
DNS--, log-
syslog.
BIND 8
DNS-,
,
. ndc dumpdb -
named
named_dump.db
B I N D .
named_dump.db.

,
:
; Dumped at Tue Jan
6 10:49:08 1998
;; ++zone table++
; 0.0.127.in-addr.arpa
;
(type 1, class 1, source db.127.0.0)
time=0, lastupdate=0, serial=1,
refresh=0, retry=3600, expire=608400,
ftime=884015430, xaddr=[0.0.0.0], state=0041, pid=0
minimum=86400
;; --zone table-; Note: Cr=(auth,answer,addtnl,cache) tag only shown for non-auth RR's
; Note: NT=milliseconds for any A RR which we've used as a nameserver
;
Cache & Data
$ORIGIN .
518375
IN
NS
G. ROOT-SERVERS.NET.
;Cr=auth [128.8.10.90]
518375
IN
NS
J.ROOT-SERVERS.NET.
;Cr=auth [128.8.10.90]
518375
IN
NS
K.ROOT-SERVERS.NET.
;Cr=auth [128.8.10.90]
518375
IN
NS
L.ROOT-SERVERS.NET.
;Cr=auth [128.8.10.90]
518375
IN
NS
M.ROOT-SERVERS.NET.
;Cr=auth [128.8.10.90]
518375
IN
NS
A.ROOT-SERVERS.NET.
;Cr=auth [128.8.10.90]
518375
IN
NS
H.ROOT-SERVERS.NET.
;Cr=auth [128.8.10.90]
518375
IN
NS
B.ROOT-SERVERS.NET.
;Cr=auth [128.8.10.90]
518375
IN
NS
C.ROOT-SERVERS.NET.
;Cr=auth [128.8.10.90]
518375
IN
NS
D.ROOT-SERVERS.NET.
;Cr=auth [128.8.10.90]
518375
IN
NS
E.ROOT-SERVERS.NET.
;Cr=auth [128.8.10.90]
518375
IN
NS
I.ROOT-SERVERS.NET.
;Cr=auth [128.8.10.90]
518375
IN
NS
F.ROOT-SERVERS.NET.
86393
IN
SOA A.ROOT-SERVERS.NET.
EDU
;Cr=auth [128.8.10.90]
hostmaster.INTERNIC.NET. (
1998010500 1800 900 604800 86400 )

$ORIGIN
0
;Cr=addtnl
IN
SOA cujo.movie.edu.
root.cujo.movie.edu. (
1998010600 10800 3600 608400 86400 )

IN
$ORIGIN
[128.63.2.53]
0.127.in-addr.arpa.
NS
cujo.movie.edu.
;Cl=5
;Cl=5
IN
PTR localhost.
;Cl=5
$ORIGIN EDU.
PURDUE
172787 IN NS NS.PURDUE.EDU.
;Cr=addtnl
[192.36.148.17]
172787
IN
NS
MOE.RICE.EDU.
;Cr=addtnl
[192.36.148.17]
172787
IN
NS
;Cr=addtnl
[192.36.148.17]
172787
IN
NS
;Cr=addtnl
[192.36.148.17]
$ORIGIN
movie.EDU.
;cujo
593
IN
SOA
A.ROOT-SERVERS.NET. hostmaster.INTERNIC. NET. (
1998010500 1800 900 604800 86400 );EDU.; NXDOMAIN
;-$
BIND 9 . 1 . 0 BIND 9,
() .
;Cr=auth
$ORIGIN
MOE
[128.63.2.53]
RICE.EDU.
172787
$ORIGIN
CS
NS
;NT=84 Cr=addtnl
NS
pendragon.cs.PURDUE.edu.
;Cr=addtnl
[128.42.5.4]
IN
NS
ns.PURDUE.edu.
;Cr=addtnl
[128.42.5.4]
86387
IN
NS
harbor.ecn.PURDUE.edu.
;Cr=addtnl
[128.42.5.4]
86387
IN
NS
moe.rice.edu.
;Cr=addtnl
[128.42.5.4]
128.210.11.5
IN
ECN.PURDUE.EDU.
$ORIGIN
IN
128.46.199.76
CS.PURDUE.EDU.
86387
PENDRAGON
172787
IN
A
IN
;NT=4 Cr=addtnl
[192.36.148.17]
;NT=6 Cr=addtnl
[192.36.148.17]
;Cr=auth
128.10.2.39
128.10.2.5
[128.42.5.4]
;NT=20 Cr=addtnl
[192.36.148.17]
ROOT-SERVERS.NET.
604775
IN A 193.0.14.129
604775
IN A 198.41.0.4
;NT=10 Cr=answer
604775
IN
;NT=8 Cr=answer
[128.8.10.90]
604775
IN
128.9.0.107
;NT=9 Cr=answer
[128.8.10.90]
604775
IN
202.12.27.33
;NT=20 Cr=answer
604775
IN
192.33.4.12
;NT=17 Cr=answer
[128.8.10.90]
604775
IN
128.8.10.90
;NT=11 Cr=answer
[128.8.10.90]
604775
IN
192.203.230.10
;NT=9 Cr=answer
604775
IN
192.5.5.241
;NT=73 Cr=answer
[128.8.10.90]
604775
IN
192.112.36.4
;NT=14 Cr=answer
[128.8.10.90]
604775
IN
128.63.2.53
;NT=160 Cr=answer
604775
IN
192.36.148.17
;NT=102 Cr=answer
604775
IN
198.41.0.10
;NT=21 Cr=answer
198.32.64.12
; --- Hints --
3600
IN
NS
A.ROOT-SERVERS.NET.
;Cl=0
3600
IN
NS
B.ROOT-SERVERS.NET.
;Cl=0
3600
IN
NS
C.ROOT-SERVERS.NET.
;Cl=0
3600
IN
NS
D.ROOT-SERVERS.NET.
;Cl=0
3600
IN
NS
E.ROOT-SERVERS.NET.
;Cl=0
3600
IN
NS
F.ROOT-SERVERS.NET.
;Cl=0
3600
IN
NS
G.ROOT-SERVERS.NET.
;Cl=0
3600
IN
NS
H.ROOT-SERVERS.NET.
;Cl=0
3600
IN
NS
I.ROOT-SERVERS.NET.
;Cl=0
3600
IN
NS
J.ROOT-SERVERS.NET.
;Cl=0
3600
IN
NS
K.ROOT-SERVERS.NET.
;Cl=0
3600
IN
NS
L.ROOT-SERVERS.NET.
;Cl=0
IN NS M.ROOT-SERVERS.NET.
ROOT-SERVERS.NET.
;Cl=0
3600
$ORIGIN
[128.8.10.90]
;NT=20 Cr=answer
$ORIGIN .
.
[192.36.148.17]
IN
172787
$ORIGIN
128.42.5.4
86387
$ORIGIN
galt
86387
172787
HARBOR
IN
PURDUE.EDU.
3600
IN
193.0.14.129
;NT=11 Cl=0
3600
IN
198.32.64.12
;NT=9 Cl=0
3600
IN
198.41.0.4
;NT=10 Cl=0
3600
IN
202.12.27.33
;NT=11 Cl=0
3600
IN
128.9.0.107
;NT=1288 Cl=0
3600
IN
192.33.4.12
;NT=21 Cl=0
3600
IN
128.8.10.90
;NT=1288 Cl=0
[128.8.10.90]
[128.8.10.90]
[128.8.10.90]
[128.8.10.90]
[128.8.10.90]
[128.8.10.90]
3600
IN
192.203.230.10
;NT=19 Cl=0
3600
IN
192.5.5.241
;NT=23 Cl=0
3600
IN
192.112.36.4
;NT=18 Cl=0
3600
IN
128.63.2.53
;NT=11 Cl=0
3600
IN
192.36.148.17
;NT=21 Cl=0
3600
IN
198.41.0.10
;NT=13 Cl=0
DNS-, ,

: galt.cs.purdue.edu
cujo.movie.edu.

galt.cs.purdue.edu
galt,
D N S - p u r d u e . e d u . cujo.movie.edu ( movie.edu,
) ,
.
( )
( N X D O M A I N ) .
, TTL (593). BIND
8.2 DNS- , SOA-,
,
TTL .

db.cache. T T L
, .
RR-
NT=. D N S - .
DNS-, DNS-
;

R T T .
-
(Cr=) - I P - ,
.
Cl=, (count of level)
( 0 , foo 1,
1
DNS- IP- , .
BIND 8.2 DNS- IP-
, - hoststatistics, 8 .
DNS- BIND 8 . host-statistics
DNS- ,
- DNS-,
(, , DNS- ),
.
foo.foo - 2 . . ) .
.
B I N D 4 . 8 . 3 4 . 9
. D N S -
,
, .
4 . 8 . 3 -
- . -
- D N S -
, ,
. , D N S - ,
.
4 . 8 . 3
. , D N S - toystory.movie.edu
D N S -
movie.edu.
( - . )
foo.oreilly.com
DNS-
toystory.movie.edu,
oreilly.com (toystory.movie.edu
D N S ) . D N S - 4 . 8 . 3
toystory.movie.edu,
,
D N S - c o m , D N S - movie.edu. D N S - com movie.edu
toystory.movie.edu,
? -,
.
DNS- 4.9
. 4 . 8 . 3 ,
- .
, D N S - .

:
auth
D N S - (
).
answer

( ) .
addtnl
-
.
N S - , D N S - .
, , -
, ( ,
, N S -
).
: D N S -
DNS-, ,
addtnl, answer,
.
, DNS-
answer,
D N S purdue.edu
addtnl.
D N S - 4.9
( auth)
toystory.movie.edu
(
addtnl),
.
BIND 9
BIND 9 .
rndc dumpdb. D N S -
named_dump.db
.
, . ,
rndc dumpdb
-all.
; Start view _default
; Cache dump of view
'_defaulf
$DATE 20050827190436
; authanswer
518364
IN NS
518364
IN NS
A.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.
518364
IN NS
C.ROOT-SERVERS.NET.
518364
IN NS
D.ROOT-SERVERS.NET.
518364
IN NS
E.ROOT-SERVERS.NET.
518364
IN NS
F.ROOT-SERVERS.NET.
518364
IN NS
G.ROOT-SERVERS.NET.
518364
IN NS
H.ROOT-SERVERS.NET.
518364
IN NS
I.ROOT-SERVERS.NET.
518364
IN NS
J.ROOT-SERVERS.NET.
518364
IN NS
K.ROOT-SERVERS.NET.
518364
IN NS
L.ROOT-SERVERS.NET.
518364
IN NS
M.ROOT-SERVERS.NET.
; glue
A3.NSTLD.COM.
172764
192.5.6.32
172764
192.26.92.32
; glue
C3.NSTLD.COM.
; glue
D3.NSTLD.COM.
172764
192.31.80.32
172764
192.12.94.32
172764
192.42.93.32
172764
192.54.112.32
172764
192.41.162.32
172764
192.55.83.32
; glue
E3.NSTLD.COM.
; glue
G3.NSTLD.COM.
; glue
H3.NSTLD.COM.
; glue
L3.NSTLD.COM.
; glue
M3.NSTLD.COM.
; glue
edu.
NS
A3.NSTLD.COM.
172764
172764
NS
C3.NSTLD.COM.
172764
NS
D3.NSTLD.COM.
172764
NS
E3.NSTLD.COM.
172764
NS
G3.NSTLD.COM.
172764
NS
H3.NSTLD.COM.
172764
NS
L3.NSTLD.COM.
172764
NS
M3.NSTLD.COM.
; authauthority
cujo.movie.edu.
10796
\-ANY
;-$NXDOMAIN
; glue
purdue.edu.
172764
NS
NS.purdue.edu.
172764
NS
MOE.RICE.edu.
172764
NS
HARBOR.ECN.purdue.edu.
172764
NS
PENDRAGON.cs.purdue.edu.
; authauthority
cs.purdue.edu.
86364
NS
ns.purdue.edu.
86364
NS
moe.rice.edu.
86364
NS
ns2.purdue.edu.
86364
NS
harbor.ecn.purdue.edu.
86364
NS
pendragon.cs.purdue.edu.
; authanswer
galt.cs.purdue.edu.
86364
128.10.2.39
172764
128.10.2.5
172764
128.46.154.76
172764
128.210.11.5
3564
128.210.11.57
172764
128.42.5.4
604764
198.41.0.4
604764
192.228.79.201
604764
192.33.4.12
; glue
PENDRAGON.cs.purdue.edu.
; glue
HARBOR.ECN.purdue.edu.
; glue
NS.purdue.edu.
; additional
ns2.purdue.edu.
; glue
MOE.RICE.edu.
; additional
A.ROOT-SERVERS.NET.
; additional
B.ROOT-SERVERS.NET.
; additional
C.ROOT-SERVERS.NET.
; additional
D.ROOT-SERVERS.NET.
604764
128.8.10.90
604764
192.203.230.10
604764
192.5.5.241
604764
192.112.36.4
604764
128.63.2.53
604764
192.36.148.17
604764
192.58.128.30
604764
193.0.14.129
604764
198.32.64.12
604764
202.12.27.33
; additional
E.ROOT-SERVERS.NET.
; additional
F. ROOT-SERVERS.NET.
; additional
G.ROOT-SERVERS.NET.
; additional
H.ROOT-SERVERS.NET.
; additional
I.ROOT-SERVERS.NET.
; additional
J.ROOT-SERVERS.NET.
; additional
K.ROOT-SERVERS.NET.
; additional
L.ROOT-SERVERS.NET.
; additional
M.ROOT-SERVERS.NET.
; Start view _default
; Address database dump

; M3.NSTLD.COM [v4 TTL 6] [v4 success] [v6 unexpected]
;
192.55.83.32 [srtt 20] [flags 00000000] [ttl 1796]
; L3.NSTLD.COM [v4 TTL 6] [v4 success] [v6 unexpected]

;
192.41.162.32 [srtt 20] [flags 00000000] [ttl 1796]
; H3.NSTLD.COM [v4 TTL 6] [v4 success] [v6 unexpected]

;
192.54.112.32 [srtt 27] [flags 00000000] [ttl 1796]
; G3.NSTLD.COM [v4 TTL 6] [v4 success] [v6 unexpected]

;
192.42.93.32 [srtt 15] [flags 00000000] [ttl 1796]
; E3.NSTLD.COM [v4 TTL 6] [v4 success] [v6 unexpected]

;
192.12.94.32 [srtt 17] [flags 00000000] [ttl 1796]
; D3.NSTLD.COM [v4 TTL 6] [v4 success] [v6 unexpected]

;
192.31.80.32 [srtt 10] [flags 00000000] [ttl 1796]
; C3.NSTLD.COM [v4 TTL 6] [v4 success] [v6 unexpected]

;
192.26.92.32 [srtt 28156] [flags 00000000] [ttl 1796]
; A3.NSTLD.COM [v4 TTL 6] [v4 success] [v6 unexpected]

;
192.5.6.32 [srtt 23155] [flags 00000000] [ttl 1796]
; M.ROOT-SERVERS.NET
;
; L.ROOT-SERVERS.NET
;
[v4 TTL 86364] [v4 success] [v6 unexpected]
193.0.14.129 [srtt 22] [flags 00000000] [ttl 1764]
; J.ROOT-SERVERS.NET
;
198.32.64.12 [srtt 16] [flags 00000000] [ttl 1764]
; K.ROOT-SERVERS.NET
;
202.12.27.33 [srtt 0] [flags 00000000] [ttl 1764]
192.58.128.30 [srtt 25] [flags 00000000] [ttl 1764]
; I.ROOT-SERVERS.NET
192.36.148.17 [srtt 19] [flags 00000000] [ttl 1764]
; H.ROOT-SERVERS.NET [v4 TTL 86364] [v4 success] [v6 unexpected]

;
128.63.2.53 [srtt 19] [flags 00000000] [ttl 1764]
; G.ROOT-SERVERS.NET [v4 TTL 86364] [v4 success] [v6 unexpected]

;
192.112.36.4 [srtt 24] [flags 00000000] [ttl 1764]
; F.ROOT-SERVERS.NET [v4 TTL 86364] [v4 success] [v6 unexpected]

;
192.5.5.241 [srtt 17850] [flags 00000000] [ttl 1764]
; E.ROOT-SERVERS.NET [v4 TTL 86364] [v4 success] [v6 unexpected]

;
192.203.230.10 [srtt 7] [flags 00000000] [ttl 1764]
; D.ROOT-SERVERS.NET [v4 TTL 86364] [v4 success] [v6 unexpected]

;
128.8.10.90 [srtt 8] [flags 00000000] [ttl 1764]
; C.ROOT-SERVERS.NET [v4 TTL 86364] [v4 success] [v6 unexpected]

;
192.33.4.12 [srtt 5] [flags 00000000] [ttl 1764]
; B.ROOT-SERVERS.NET [v4 TTL 86364] [v4 success] [v6 unexpected]

;
192.228.79.201 [srtt 24] [flags 00000000] [ttl 1764]
; A.ROOT-SERVERS.NET [v4 TTL 86364] [v4 success] [v6 unexpected]

;
198.41.0.4 [srtt 29] [flags 00000000] [ttl 1764]
; Unassociated entries
;
128.210.11.5 [srtt 47718] [flags 00000000] [ttl 1764]
128.10.2.5 [srtt 9] [flags 00000000] [ttl 1764]
;
;
128.42.5.4 [srtt 2] [flags 00000000] [ttl 1764]

128.46.154.76 [srtt 6] [flags 00000000] [ttl 1764]
; Start view _bind
; Cache dump of view '_bind'

$DATE 20050827190436
; Start view _bind
; Address database dump
; Unassociated entries
; Dump complete
D N S - , named_dump.db,
rndc
galt.cs.purdue.edu
galt.cs.purdue.edu
galt,
dumpdb
-all).
cujo.movie.edu.
DNS-,
e d u , purdue.edu,
cujo.movie.edu
( ,
cs.purdue.edu,
movie.edu,
), .
B I N D 9, B I N D 8 ,
, .
, . NS-
authanswer.
; authanswer
518364
IN NS
A.ROOT-SERVERS.NET.
,
:
I
secure
DNSSEC
authanswer
authauthority
authority
answer
glue
additional
pending
DNSSEC,
Address
database
dump ( )
DNS-
DNS-.
( I P - ) ,
( ,
E D N S 0 ) .
- Unassociated
entries ( ) .
, , ,
. , .
Address
database
dump
(M3.NSTLD.COM)
( T T L ) , 6. ,
, , ,
1 9 2 . 5 5 . 8 3 . 3 2 , Unassociated
entries.

B I N D
(query logging),
.
, DNS-
l o g - syslog.
, -
, , ,
, .
, LOG_INFO
syslog daemon.

: BIND 8 D N S -q ndc querylog D N S - . B I N D 9 . 1 . 0
( B I N D 9
) rndc querylog.
l o g - syslog
:
XX+ /192.253.253.2/carrie.movie.edu/A
XX+ /192.253.253.2/4.253.253. 192.in-addr.arpa/PTR
BIND 9 :
Jan 13 18:32:25 toystory named[13976]: info: client 192. 253.253.2#1702: query:
carrie.movie.edu IN A
Jan 13 18:32:42 toystory named[13976]: info: client 192.253.253.2#1702: query:
4.253.253.192.in-addr.arpa IN PTR
IP- , ,
. DNS-
BIND 8.2.3, ,
X X + .
X X . ( D N S - 8 . 2 . 1
. )

ndc querylog rndc
querylog.
DNS-
B I N D 9, na
med 1.

, ,
,
. .
,
. ,
.
.
1.
DNS- ,
D N S - . ,
, .
, ?
, . ,
, ,
, . D N S -
,
.
, ,
. , , - nslo
okup ,
. , , ,
. ,
, .

DNS-,
diff .
1
. ,
, , .
,
D N S - ,
.
,
NOTIFY. BIND 9.3,

rndc retransfer.
BIND 8
,
named named-xfer
(
, ) :
# /usr/sbin/named-xfer -z movie.edu -f bak.movie.edu -s 0 toystory.movie.edu
# echo $?
named-xfer
1 4,
. ,
- , ,
,
, (, 2001010500 -
2001 ),
.
. ( .
named-xfer.)
. ,
h2n
.

.
, ,
.
,
, , h2n
1.
D N S - -
( , , 598), DNS
l o g - syslog:
Jun
7 20:14:26 wormhole named[29618]: Zone "movie.edu"

(class 1) SOA serial# ( 1 ) rcvd from
[192.249.249.3]
is < ours (112)
D N S - -
, ,
, :
% nslookup
Default Server:
Address:
toystory.movie.edu
192.249.249.3
> set q=soa

> movie.edu.
Server:
toystory.movie.edu
Address:
192.249.249.3
movie.edu
mail addr = al.movie.edu
serial = 1
refresh = 10800 (3 hours)
retry
= 3600 (1 hour)
expire
= 604800 (7 days)
minimum ttl = 86400 (1 day)

> server wormhole.movie.edu.
Default Server:
Addresses:
wormhole.movie.edu
192.249.249.1,
192.253.253.1
> movie.edu.
Server:
wormhole.movie.edu
Addresses:
192.249.249.1,
192.253.253.1
movie.edu
mail addr = al.movie.edu

serial = 112
refresh = 10800 (3 hours)
retry
= 3600 (1 hour)
expire
= 604800 (7 days)
minimum ttl = 86400 (1 day)
wormhole.movie.edu,
DNS-
movie.edu,
, D N S , - .
,
, 15
.
2. DNS--
, ,
DNS-.
D N S -
,
.
, D N S - :
.
, D N S -
, l o g - syslog
(DNS- BIND 9):
Mar
8 17:22:08 toystory named[22317]: loading configuration from ' / e t c /
named.conf'
BIND 8 :
Mar
8 17:22:08 toystory named[22317]: reloading
nameserver
,
DNS-. DNS-
() , ,
BIND 9 :
Mar
8 17:22:08 toystory named[22317]: running
DNS- BIND 8 :
Mar
8 17:22:08 toystory named[22317]: restarted

, DNS. ,
.
,
, ls - l .
3.
D N S -
, l o g - syslog
(BIND 9):
Sep 25 22:02:38 wormhole named[21246]: refresh_callback: zone
movie.edu/IN: failure for 192.249.249.3#53: timed out
B I N D 8:
Jan
6 11:55:25 wormhole named[544]: Err/TO getting serial# for "movie.edu"
,
. D N S -
BIND 9 :
Sep 25 23:20:20 wormhole named[21246]: zone_expire: zone
movie.edu/IN: expired
B I N D 8:
Mar 8 17:12:43 wormhole named[22261]: secondary zone
"movie.edu" expired
, DNS-
SERVFAIL:
% nslookup robocop wormhole.movie.edu.
Server:
wormhole.movie.edu
Addresses:
192.249.249.1,
192.253.253.1
*** wormhole.movie.edu can't find robocop.movie.edu: Server failed
:
- , I P -

D N S - .
, IP-
:
zone "movie.edu" {
type slave;
masters { 192.249.249.3; };
};
, IP-
DNS-.
IP-:
% ping 192.249.249.3 -n 10
PING 192.249.249.3: 64 byte packets
192.249.249.3 PING Statistics
10 packets transmitted, 0 packets received, 100% packet loss
D N S - ,
, , ,
( . . ) ,
. , , named

:
# /usr/sbin/named-xfer -z movie.edu -f /tmp/db.movie.edu -s 0 192.249.249.3
# echo $?
2
2 , . log syslog
. :
Jan
6 14:56:07 zardoz named-xfer[695]: record too short from
[192.249.249.3], zone movie.edu
.
, ,
nslookup:
% nslookup - toystory.movie.edu
Default Server:
Address:
toystory.movie.edu
192.249.249.3
> ls movie.edu
*** Can't list domain movie.edu: Query refused
: named
. , ,
allow-transfer.
,
, DNS- BIND 9 :
Sep 26 13:29:23 zardoz named[21890]: refresh_callback: zone movie.edu/IN:
non-authoritative answer from
192.249.249.3#53
D N S - B I N D 8:
Jan
6 11:58:36 zardoz named[544]: Err/TO getting serial# for "movie.edu"
Jan
6 11:58:36 zardoz named-xfer[793]: [192.249.249.3] not authoritative for

movie.edu, SOA query got rcode 0, aa 0, ancount 0, aucount 0
- ,
. -, ,
-
.
l o g - syslog
( . 5,
).
4. ,
PTR-
D N S I P -
IP- ,
P T R - . A - - ,
, ,
, ,
. -
P T R -
.
P T R -
. ,
rlogin
, rsh rcp . ,
, IP ,
.rhosts hosts.equiv.

l o g - syslog
:
Aug 15 17:32:36 toystory inetd[23194]: login/tcp:
Connection from unknown
(192.249.249.23)
,
F T P - , , I P -
.
:
530- Sorry, we're unable to map your IP address 140.186.66.1 to a hostname
530- in the DNS.
This is probably because your nameserver does not have a
530- PTR record for your address in its tables, or because your reverse
530- nameservers are not registered.
We refuse service to hosts whose
530- names we cannot resolve.
.

, .
, PTR-,
% nslookup
Default Server:
Address:
> beetlejuice
Server:
Address:
Name:
Address:
toystory.movie.edu
192.249.249.3
toystory.movie.edu
192.249.249.3
beetlejuice.movie.edu
192.249.249.23
nslookup:
> 192.249.249.23
Server:
Address:
toystory.movie.edu
192.249.249.3
*** toystory.movie.edu can't find 192.249.249.23: Non-existent domain
D N S - 249.249.192.in-addr.arpa

db.192.249.249
, P T R -
D N S -
. D N S - , ,
, ,
D N S - -
.
5.

(
) DNS-
.
, D N S - .
options ,
D N S - , l o g syslog ( B I N D 9 ) :
Sep 26 13:39:30 toystory named[21924]: change directory to '/var/name'
failed: file not found
Sep 26 13:39:30 toystory named[21924]: options configuration failed: file
notfound
Sep 26 13:39:30 toystory named[21924]: loading configuration: failure
Sep 26 13:39:30 toystory named[21924]: exiting (due to fatal error)
D N S - B I N D 8:
Jan
6 11:59:29 toystory named[544]: can't change directory to /var/name: No

such file or directory
, named
, , na
med .

, zone,
. , D N S -
( , m a s t e r s

). BIND 9
l o g - syslog:
Sep 26 13:43:03 toystory named[21938]: /etc/named.conf:80:
parse error near 'masters'
Sep 26 13:43:03 toystory named[21938]: loading configuration: failure

B I N D 8:
Jan
6 12:01:36 toystory named[841]: /etc/named.conf:10: syntax error near

'movie.edu'
, DNS ,
S E R V F A I L :
% nslookup carrie.movie.edu
Server:
Address:
toystory.movie.edu
192.249.249.3
*** toystory.movie.edu can't find carrie.movie.edu.: Server failed

s y s l o g - D N S - B I N D 9,
, :
Sep 26 13:45:40 toystory named[21951]: error: dns_rdata_fromtext:
db.movie.edu:11: near 'postmanrings2x': unexpected token
Sep 26 13:45:40 toystory named[21951]: error: dns_zone_load: zone movie.edu/
IN:database db.movie.edu: dns_db_load failed: unexpected token
Sep 26 13:45:40 toystory named[21951]: critical: loading zones: unexpected
token
Sep 26 13:45:40 toystory named[21951]: critical: exiting (due to fatal error)
B I N D 8:
Jan 6 15:07:46 toystory named[693]: db.movie.edu:11: Priority error
(postmanrings2x.movie.edu.)
Jan 6 15:07:46 toystory named[693]: master zone "movie.edu" (IN) rejected due
to errors (serial 1997010600)
,
:
postmanrings2x
IN
MX
MX- , .
, ,
l o g - syslog
( ).
:
Jan
Jan
Jan
Jan
6 12:04:10
is invalid
6 12:04:10
6 12:04:10
6 12:04:10
toystory named[841]:
- rejecting
owner name "ID_4.movie.edu" IN (primary)

db.movie.edu:11: owner name error
db.movie.edu:11: Database error near (A)
master zone "movie.edu" (IN) rejected
due to errors (serial 1997010600)
6.

.
( ,
resolv.conf,
-
$ O R I G I N . . . ) ,
. RR-:
zorba
IN
MX
10 zelig.movie.edu
movie.edu
IN
NS
toystory.movie.edu
, , ,
, . db.movie.edu

:
zorba.movie.edu.
IN
MX
10 zelig.movie.edu.movie.edu.
movie.edu.movie.edu.
IN
NS
toystory.movie.edu.movie.edu.
.
R R - R R -
( ,
RR-), NS MX-:
% nslookup -type=mx zorba.movie.edu.
Server:
Address:
toystory.movie.edu
192.249.249.3
zorba.movie.edu
preference = 10, mail exchanger

= zelig.movie.edu.movie.edu
zorba.movie.edu
preference = 50, mail exchanger

=
postmanrings2x.movie.edu.movie.edu

nslookup.

( N S - movie.edu),

.
nslookup,

. DNS- :
$ORIGIN edu.movie.edu.
movie
IN
NS
toystory.movie.edu.movie.edu.
$ O R I G I N ,
.
7.
, B I N D 9,

.
-
D N S - , D N S -
,
. nslookup, ,

:
% nslookup
Default Server:
Address:
> ftp.uu.net.
Server:
toystory.movie.edu
192.249.249.3
DNS- SERVFAIL...
toystory.movie.edu
Address:
192.249.249.3
*** toystory.movie.edu can't find ftp.uu.net.: Server failed
D N S -
:
> wormhole.movie.edu.
Server:
toystory.movie.edu
Address:
Name:
192.249.249.3
wormhole.movie.edu
Addresses:
192.249.249.1,
192.253.253.1
> "D
,
, l o g - syslog
:
Jan
6 15:10:22 toystory named[764]: No root nameservers for class IN
, 1 - I N , .
,
D N S - .
8.
,
A R P A n e t ,
.
,
:
% nslookup nisc.sri.com.
Server:
Address:
toystory.movie.edu
192.249.249.3
*** Request to toystory.movie.edu timed out ***
D N S - , ,
. ,
. .
B I N D 8:
Debug turned ON, Level 1
nslookup D N S -
I P - nisc.sri.com.

D N S - , - -
:
req: nlookup(nisc.sri.com) id 18470 type=1 class=1
req: missed 'nisc.sri.com' as ' c o m ' (cname=0)
forw: forw -> [198.41.0.4].53 ds=7 nsid=58732 id=18470 0ms retry 4 sec
resend(addr=1 n=0) -> [128.9.0.107].53 ds=7 nsid=58732 id=18470 0ms
nslookup D N S - . , .
D N S -
:
nslookup D N S - ,
:
Debug turned OFF
D N S - B I N D 9
. , D N S -

nisc.sri.com:
Sep 26 14:33:27.486 client 192.249.249.3#1028: query: nisc.sri.com A

Sep 26 14:33:27.486 createfetch: nisc.sri.com. A

, B I N D 9 . 1 . 0 -
DNS-, .
DNS- BIND 8
IP- DNS-
. , ping
, DNS-:
- ping
% ping 198.41.0.4 -n 10
DNS-

% ping 128.9.0.107 -n 10
- ping
DNS-

, ,
. ,
- DNS-.
B I N D 8 B I N D 9,
BIND 8/9
11 ; ,
.
ping
, .
( ,
) traceroute
ping
.
, .
DNS- .
( P T R - - ,
.) , ,
DNS-, , ,
. , ,
, ,
.
9.

, ,
D N S -
.
, .
,
. , , .
D N S -
, DNS-
, (
) ,
.
,
, . ,
telnet, ftp ping
.
, in-addr.arpa,
.
D N S - , D N S -
.
, DNS , NS- .
DNS-, :
% nslookup
Default Server:
Address:
toystory.movie.edu
192.249.249.3
> server a.root-servers.net.

Default Server:
Address:
> set type=ns

> 249.249.192.in-addr.arpa.
Server:
DNS-
198.41.0.4
> set norecurse
Address:
a.root-servers.net
NS-
a.root-servers.net
198.41.0.4
192.in-addr.arpa
nameserver = chia.ARIN.NET
192.in-addr.arpa
nameserver = dill.ARIN.NET
192.in-addr.arpa
nameserver = BASIL.ARIN.NET
192.in-addr.arpa
nameserver = henna.ARIN.NET
192.in-addr.arpa
nameserver = indigo.ARIN.NET
192.in-addr.arpa
nameserver = epazote.ARIN.NET
192.in-addr.arpa
> server dill.arin.net.

Server:
nameserver = figwort.ARIN.NET
DNS-
in-addr.arpa
dill.arin.net
Address:
192.35.51.32
> 249.249.192.in-addr.arpa.
Server:
dill.arin.net
Address:
192.35.51.32
*** dill.arin.net can't find 249.249.192.in-addr.arpa.: Non-existent domain
,
,

,
.

,
, , .
10.
-
.
:
DNS- .
, ,
. ,
- ,
, ,

.
DNS-,
, I P - ,
. DNS-
.
, ,
D N S -
.
, DNS-
,
, ,
.

,
,
nslookup:
% nslookup

Address: 192.249.249.3
> server a.root-servers.net.
- DNS-
Default Server: a.root-servers.net

Address: 198.41.0.4
-
> set type=ns
> hp.com.
NS
Server: a.root-servers.net.
Address: 198.41.0.4
*** Can't find hp.com.: No answer
com nameserver = A.GTLD-SERVERS.NET.
com nameserver = G.GTLD-SERVERS.NET.
com nameserver = H.GTLD-SERVERS.NET.
com nameserver = C.GTLD-SERVERS.NET.
com nameserver = I.GTLD-SERVERS.NET.
com nameserver = B.GTLD-SERVERS.NET.
com nameserver = D.GTLD-SERVERS.NET.
com nameserver = L.GTLD-SERVERS.NET.
com nameserver = F.GTLD-SERVERS.NET.
com nameserver = J.GTLD-SERVERS.NET.
com nameserver = K.GTLD-SERVERS.NET.
com nameserver = E.GTLD-SERVERS.NET.
com nameserver = M.GTLD-SERVERS.NET.
A.GTLD-SERVERS.NET has AAAA address 2001:503:a83e::2:30
A.GTLD-SERVERS.NET internet address = 192.5.6.30
G.GTLD-SERVERS.NET internet address = 192.42.93.30
H.GTLD-SERVERS.NET internet address = 192.54.112.30
C.GTLD-SERVERS.NET internet address = 192.26.92.30
I.GTLD-SERVERS.NET internet address = 192.43.172.30
B.GTLD-SERVERS.NET has AAAA address 2001:503:231d::2:30
B.GTLD-SERVERS.NET internet address = 192.33.14.30
D.GTLD-SERVERS.NET internet address = 192.31.80.30
L.GTLD-SERVERS.NET internet address = 192.41.162.30
F.GTLD-SERVERS.NET internet address = 192.35.51.30
J.GTLD-SERVERS.NET internet address = 192.48.79.30
K.GTLD-SERVERS.NET internet address = 192.52.178.30
E.GTLD-SERVERS.NET internet address = 192.12.94.30
M.GTLD-SERVERS.NET internet address = 192.55.83.30
> server a.gtld-servers.net.
COM
Default server: a.gtld-servers.net.

Address: 192.5.6.30#53
-
> hp.com.
Server:
a.gtld-servers.net.
Address:
192.5.6.30#53
hp.com nameserver = am10.hp.com.
hp.com nameserver = ap1.hp.com.
hp.com nameserver = eu1.hp.com.
am10.hp.com internet address = 15.227.128.50
am3.hp.com internet address = 15.243.160.50
ap1.hp.com internet address = 15.211.128.50
eu1.hp.com internet address = 16.14.64.50
, ,
am10.sdd.hp.com
. am10.sdd.hp.com
hp.com
( , S O A - hp.com) :
> server am10.hp.com.
Default Server: am10.hp.com
Addresses: 15.227.128.50
> set norecurse
> set type=soa
> hp.com.
Server: am10.hp.com
Addresses: 15.227.128.50
hp.com
origin = charon.core.hp.com
mail addr = hostmaster.hp.com
serial = 1008811
refresh = 3600
retry = 900
expire = 604800
minimum = 600
hp.com nameserver = ap1.hp.com.
am3.hp.com
ap1.hp.com
eu1.hp.com
eu2.hp.com
eu3.hp.com
am10.sdd.hp.com

hp.com, .
hp.com , am10.sdd.hp.com

hp.com, .

lame server*.
Oct 1 04:43:38 toystory named[146]: Lame server on '40.234.23.210.inaddr.arpa' (in '210.in-addr.arpa'?): [198.41.0.5].53
'RS0.INTERNIC.NET':
learnt(A=198.41.0.21,NS=128. 63.2.53)
: DNS-
1 2 8 . 6 3 . 2 . 5 3 D N S - 1 9 8 . 4 1 . 0 . 5
210.in-addr.arpa,

40.234.23.210.in-addr.arpa.
D N S - 1 9 8 . 4 1 . 0 . 5
,
210.in-addr.arpa.

128.63.2.53 ,
198.41.0.5 .
11. resolv.conf

resolv.conf,
. ,
, resolv.conf

.
:
, D N S . , ,
, D N S -
.
,
resolv.conf
, - nslookup.
nslookup
,
resolv.conf,
DNS- -
set all, 1 2
nslookup dig:
% nslookup
Address:
192.249.249.3
> set all

Address: 192.249.249.3
Set options:
novc
nodebug
search
recurse
timeout = 0
retry = 3
nod2
port = 53
querytype = A
class = IN
srchlist=movie.edu
>
set all ,
resolv.conf.
, re
solv.conf search fx.movie.edu
movie.edu,

:
srchlist=fx.movie.edu/movie.edu
resolv.conf.
,
( , set list v i ) .

;
. ,
,
,
.
12.
.
hostname
(
) resolv.conf.

-
:
% telnet br
br: No address associated with name
% telnet br.fx
br.fx: No address associated with name
% telnet br.fx.movie.edu
Trying...
Connected to bladerunner.fx.movie.edu.
HP-UX bladerunner.fx.movie.edu A.08.07 A 9000/730
(ttys1)
login:
,

resolv.conf:
% nslookup
Address:
192.249.249.3
> set all

Address: 192.249.249.3
Set options:
nslookup,
novc
search
timeout = 0
querytype = A
srchlist=
nodebug
nod2
recurse
retry = 3
port = 53
class = IN
, .
, DNS-.
( , D N S - ,
, . )
DNS- BIND 9

telnet:
Sep 26 16:17:58.824 client 192.249.249.3#1032: query: br A

Sep 26 16:17:58.825 createfetch: br. A
Sep 26 16:18:09.996 client 192.249.249.3#1032: query: br.fx A
Sep 26 16:18:09.996 createfetch: br.fx. A
Sep 26 16:18:18.677 client 192.249.249.3#1032: query: br.fx.movie.edu A
DNS- BIND 8
:
Debug turned ON, Level 1
req: nlookup(br) id 27974 type=1 class=1
req: missed 'br' as '' (cname=0)
ncache: dname br, type 1, class 1
send_msg -> [192.249.249.3].1057 (UDP 5) id=27974
req: nlookup(br.fx) id 27975 type=1 class=1
req: missed 'br.fx' as '' (cname=0)
ncache: dname br.fx, type 1, class 1
send_msg -> [192.249.249.3].1059 (UDP 5) id=27975
req: nlookup(br.fx.movie.edu) id 27976 type=1 class=1
req: found 'br.fx.movie.edu' as 'br.fx.movie.edu' (cname=0)
req: nlookup(bladerunner.fx.movie.edu) id 27976 type=1 class=1
req: found 'bladerunner.fx.movie.edu' as 'bladerunner.fx.movie.edu'
(cname=1)
ns_req: answer -> [192.249.249.3].1060 fd=5 id=27976 size=183 Local
Debug turned OFF
,
13.
, , -
. ,
.
13.
,
DNS, response f r o m unexpected source.
: c IP , ,
. B I N D ,
, I P -
.
. BIND
: DNS- BIND
, .
, , ,
() :
Mar
8 17:21:04 toystory named[235]: Response from unexpected source ([205.
199.4.131].53)
: -
spoof- DNS-, - D N S -
, ,
, .

B I N D 8 9 U N I X -
D N S - D N S - .
B I N D .
DNS D N S , .

, ,
6, .
, fx.movie.edu
movie.edu.
, , ssh
db.personnel

db.personnel.movie.edu,
,
. ,
search ,
.
.
DNS-
4.9 D N S - B I N D
,
.
movie.edu
, movie.edu
db.movie.edu,

hp.com db.movie.edu,
D N S - R R - hp.com
.
in-addr.arpa
. .
DNS- B I N D 4.9 R R - .
P T R - in-addr.arpa

zone, D N S -
, . :
P T R - gethostbyaddr(),

.
BIND log-
syslog. B I N D 9 :
Sep 26 13:48:19 toystory named[21960]: dns_master_load: db.movie.edu:16:
ignoring out-of-zone data
B I N D 8:
Jan
7 13:58:01 toystory named[231]: db.movie.edu:16: data "hp.com" outside zone
Jan
7 13:58:01 toystory named[231]: db.movie.edu:17: data "hp.com" outside zone
"movie.edu" (ignored)
"movie.edu" (ignored)
:
zone .

B I N D 9 M i c r o s o f t D N S
, DNS-.
, BIND
.
,
, .

- WINS-
M i c r o s o f t D N S W I N S -
, ,
.
:
@
IN
WINS
SIP- WINS
, W I N S I N .
, B I N D
, W I N S - , :
May 23 15:58:43 toystory named-xfer[386]: "fx.movie.edu IN 65281" - unknown
type (65281)
Microsoft DNS
. D N S Manager
, Proper
ties. Zone Properties

WINS Lookup ( . 1 4 . 1 ) .
. 14.1.
Settings only affect local server

W I N S - .
M i c r o s o f t D N S , ,
.
DNS- No NS Record for SOA MNAME

B I N D 8 . 1 :
May 8 03:44:38 toystory named[11680]: no NS RR for SOA MNAME "movie.edu" in
zone "movie.edu"
8.1 S O A - .
? 4 ,
DNS- . BIND 8 . 1 ,
, N S - ,
M N A M E . NS , B I N D
. NOTIFY.
M N A M E DNS-,
N S - , B I N D B I N D 8.
, B I N D 8.1 .
8.1.1.
DNS- Too Many Open Files

I P -
B I N D
:
Dec 12 11:52:06 toystory named[7770]: socket(SOCK_RAW): Too many open files
.
B I N D bind()

,
.
,

-. :
, ,
I P - .
D N S - B I N D 8 9
listenon. toystory.movie.edu,
:
options {
listen-on { 192.249.249.3; };
};
named toystory.movie.edu,

bind() I P -
192.249.249.3.
,
.
Looked for PTR, Found CNAME

, B I N D .
log- :
Sep 24 10:40:11 toystory syslog: gethostby*.getanswer: asked for

"37.103.74.204.in-addr.arpa IN PTR", got type "CNAME"
Sep 24 10:40:11 toystory syslog: gethostby*.getanswer: asked for
"37.103.74.204.in-addr.arpa", got "37.32/27.103.74.204.in-addr.arpa"
: DNS-
IP- 2 0 4 . 7 4 . 1 0 3 . 3 7 .
, , 37.103.74.204.in-addr.arpa

37.32/27.103.74.204.in-addr.
arpa. , ,

, 9
. B I N D 4 . 9 . 3 - B E T A
, , (
) . , ,
D N S - B I N D 4 . 9 . 3 - B E T A
.
.
DNS- :
UDP
, S u n O S 4 . 1 . x ,
:
Sep 24 10:40:11 toystory named[7770]: ns_udp checksums NOT turned on: exiting
named
,
U D P , ,
.
: U D P named, ,
UDP- .
UDP
. B I N D
shres/sunos/INSTALL
src/port/sunos/shres/ISSUES
(
BIND 8).
DNS-

, ,
B I N D 8, ,
. B I N D 9
. , BIND 8 9
D N S - D N S -
. , auth-nxdomain
.
auth-nxdomain
- options,

D N S - B I N D 8 9,
, . ,
D N S - , titanic.movie.edu

, D N S - movie.edu,
auth-nxdomain

DNS- ,

movie.edu.
, ,
, DNS-
( N X D O M A I N N O E R R O R
) .
,
D N S - ,
.
- .
, D N S -
, B I N D 8 9

. , B I N D 8 ,
,
,
auth-nxdomain.
BIND 9, ,
auth-nxdomain
,
,
.

4, R F C 2308
B I N D 8 . 2 .
SOA- (
TTL) , $ T T L ,
TTL .
BIND 8 ,
8 . 2 , $ T T L ,
l o g - syslog

DNS-:
Sep 26 19:34:39 toystory named[22116]: Zone "movie.edu" (file db.movie.edu):
No default TTL ($TTL <value>) set, using SOA minimum instead
B I N D 8 , R F C
2308, SOA-
T T L
. BIND 9 9.2.0
:
Sep 26 19:35:54 toystory named[22124]: dns_master_load: db.movie.edu:7: no TTL

specified
Sep 26 19:35:54 toystory named[22124]: dns_zone_load: zone movie.edu/IN:
database db.movie.edu: dns_db_load failed: no ttl
Sep 26 19:35:54 toystory named[22124]: loading zones: no ttl
B I N D 9
$TTL.
TSIG
1 1 ,
(

) . , ,

( ):
, D N S - B I N D 8,
T S I G ,
DNS-:
Sep 27 10:47:49 wormhole named[22139]: Err/TO getting serial# for "movie.edu"
Sep 27 10:47:49 wormhole named-xfer[22584]: SOA TSIG verification from server
[192.249.249.3], zone movie.edu: message had BADTIME set (18)
DNS-
movie.edu,
toystory.movie.edu
( 1 9 2 . 2 4 9 . 2 4 9 . 3 ) .
toystory.movie.edu
, wormhole.movie.edu
,
. Err/TO -
TSIG-.
,
D N S - B I N D 8
:
Sep 27 12:02:44 wormhole named-xfer[22651 ]: SOA TSIG verification from server
[209.8.5.250], zone movie.edu: BADKEY(-17)
T S I G -
,
T S I G - .
, ,
.
, BIND 9 .

:
Sep 27 13:35:42.804 client 192.249.249.1#1115: query: movie.edu SOA

Sep 27 13:35:42.804 client 192. 249.249.1#1115: error

, ,
. ,
,
.
.

ssh ftp ,
,
nslookup dig .
,
-
, .
DNS-,
.
, , ,
, -
.
:
resolv.conf
( 11
, . ).
( 12).
set all
nslookup.
nslookup D N S - ,
, , DNS-
. D N S - ,
:
, ,
, D N S - ( 2).
, ,
.

( 5 ) .
l o g - syslog.
, , ( 6 ) .
D N S - ,
D N S - .
, :
, DNS-
( 1).
,
( 3).
,
.
DNS-, ,
:
,
( 7).
(
9 1 0 ) . ,
,
. ,
DNS-
, DNS- .

,
,
:
D N S - ? ,
( 7).
ping, D N S -
? , D N S - -
( 8).
? ,
( 9 ) .

( 10).
DNS- ( 2)? ,
( 1 3).

,
DNS- ,
DNS-:
D N S - ?
( 1)? ,
,
,
.
(
1)? D N S - -
.
( 2 ) ?
( , nslookup dig)
, .
D N S - ,
( 3)?
l o g - syslog
.
r o u n d r o b i n ,
?

, ,
D N S - . , ,
,
nslookup d i g . D N S -
,
, , ,
. DNS-
, DNS-, ,
.
, D N S -
, M N A M E ( ) SOA-.
, , ,
.
,
. ,
, D N S - ,
() ,
. .
, DNS-
, ,
, ,
. ,
, -
,
DNS-.
,
, ,
, bogus server,
D N S - , -
.
( 8),
DNS- ping.
( 10),
DNS-
IP-.
p i n g -
:
D N S - D N S - .
,
. , DNS-
D N S - , ping
, (
traceroute
-
) . ,
, D N S - -
. , . ,
. ,
,
. ( , whois ! )
rlogin rsh -
D N S - . ,
, ,
.rhosts.
( 6.)
rlogin rsh
.
- ,
in-addr.arpa
( 9 10), PTR- ( 4 ) .
B I N D 4.9 P T R -
in-addr.arpa
- , DNS-
, , ,
. -
:
% rlogin wormhole
Password:
, ,
, - .rhosts
hosts.equiv.
l o g - syslog (
wormhole.movie.edu),
, ,
:
May
4 18:06:22 wormhole inetd[22514]: login/tcp: Connection

from unknown
(192.249.249.213)
,
.
inaddr.arpa
N S - in-addr.arpa.

, PTR-,
I P - rlogin r s h . ,
PRT-,
.

( 1 3).

rlogin rsh. B I N D
, ,
, .
, ,
B I N D , ,
. , N I S
NIS , DNS-
.

,
/etc/bootparams
/etc/exports.

DNS- IP-
,
. D N S .
,
. ? .
.

( ) ,

, D N S - .
edu ( )

movie.edu:
$ORIGIN movie.edu.
@
86400
IN
NS
toystory
86400
IN
NS
wormhole
toystory
86400
IN
192.249.249.3
wormhole
86400
IN
192.249.249.254 ; wormhole's former

; IP address
D N S - edu
wormhole.movie.edu.
, , D N S -
:
.
,
, , , -
DNS-.
D N S - ,
( ) ,
,
, .
DNS-
g T L D - c o m , net o r g .
, D N S -
,
D N S - ! D N S - g T L D -
?
: g T L D - ,
DNS-, -. ,
www.foo.com,

c o m - , D N S - com
. ,
. ,

. DNS-
foo.com,
.
?
, ?
, D N S -
:
D N S - g T L D - ? , ,
.
D N S - , g T L D ? ,
.
, . ,
, ,
,
D N S , ,
, . ,
, !
15

DNS-
- , , - , ! !
- , , -
. - ,
, , ,
, !
!
, ,
- . !
. DNS
- A S N . 1 , S N M P .
,
DNS.
R F C 1 0 3 5 A .
R F C 1 0 3 5
, DNS.
1

nslookup
C ,
, D N S ,
,
nslookup d i g . :
ASN.1 (Abstract Syntax Notation) - ,
ISO (Inter
national Organization for Standardization,
).
,
C.
DNS,
, .
C -

.
,
,
C.
,
,
.
,
P e r l ,
.
P e r l N e t : : D N S ( M i c h a e l F u h r ) .

,
, . ,
,
DNS-.
: D N S -
( ) , D N S - ,
, (
,
) DNS- (
D N S - -
).
.
D N S - , I C M P -
(port unreachable).

,
, . ,
DNS- , : SOA-
. SOA- , , .
S O A -
, D N S -
DNS-. SOA-,
.

,
, DNS-
DNS- SOA- .
, D N S -
, . ,
, D N S . ,
.
DNS- ( NS- ),
, D N S - .
,
DNS-
.
, ,
nslookup.
,
nslookup,

U N I X - . NS-
, DNS-
,
, :
% nslookup
Default Server:
Address:
relay.hp.com
15.255.152.2
> set type=ns
, , D N S -
NS-:
> mit.edu.
Server:
Address:
relay.hp.com
15.255.152.2
mit.edu nameserver = STRAWB.MIT.EDU
mit.edu nameserver = W20NS.MIT.EDU
mit.edu nameserver = BITSY.MIT.EDU
MIT.EDU nameserver = STRAWB.MIT.EDU
MIT.EDU nameserver = W20NS.MIT.EDU
MIT.EDU nameserver = BITSY.MIT.EDU
STRAWB.MIT.EDU
W20NS.MIT.EDU
BITSY.MIT.EDU
DNS-:
> server strawb.mit.edu.

Default Server:
Address:
strawb.mit.edu
18.71.0.151
> mit.edu.
Server:
strawb.mit.edu
Address:
18.71.0.151
mit.edu nameserver = BITSY.MIT.EDU
mit.edu nameserver = STRAWB.MIT.EDU
mit.edu nameserver = W20NS.MIT.EDU
BITSY.MIT.EDU
STRAWB.MIT.EDU
W20NS.MIT.EDU
, D N S -
,
nameserver.
N S - ,
,
.
SOA- ,
, SOA-,
, . ,
D N S - S O A -
:
% nslookup
Default Server:
Address:
relay.hp.com
15.255.152.2
> set type=soa

> set norecurse
, , D N S -
S O A - :
> mit.edu.
Server:
Address:
relay.hp.com
15.255.152.2

MIT.EDU nameserver = STRAWB.MIT.EDU
MIT.EDU nameserver = W20NS.MIT.EDU
MIT.EDU nameserver = BITSY.MIT.EDU
STRAWB.MIT.EDU
W20NS.MIT.EDU
BITSY.MIT.EDU
, , DNS-
:
> server strawb.mit.edu.

Default Server:
Address:
strawb.mit.edu
18.71.0.151
> mit.edu.
Server:
strawb.mit.edu
Address:
18.71.0.151
mit.edu
origin = BITSY.MIT.EDU
mail addr = NETWORK-REQUEST.BITSY.MIT.EDU
serial = 1995
refresh = 3600 (1H)
retry
= 900 (15M)
expire
= 3600000
(5w6d16h)
minimum ttl = 21600 (6H)
D N S - ,
. D N S -
SOA- ,
SOA-. . D N S S O A - ,
, serial.
,
nslookup
, DNS- .
S O A - , ,
D N S - :
% nslookup
Default Server:
Address:
relay.hp.com
15.255.152.2
> server galt.cs.purdue.edu.

Default Server:
Address:
galt.cs.purdue.edu
128.10.2.39
> set type=soa

> mit.edu.
Server:
galt.cs.purdue.edu
Address:
128.10.2.39
*** galt.cs.purdue.edu can't find mit.edu.: No response from server
, , nslookup
. , D N S -
:
% nslookup
Default Server:
relay.hp.com
Address:
15.255.152.2
> server 15.255.152.100

Default Server:
Address:
[15.255.152.100]
15.255.152.100
> set type=soa

> mit.edu.
Server:
[15.255.152.100]
Address:
15.255.152.100
*** Request to [15.255.152.100] timed-out

, stderr.
.
.
check_soa:
#!/bin/sh
if test
= ""
then
echo : $0
exit 1
fi
ZONE=$1
#
# nslookup DNS- ($1).
# awk, DNS-
# nameserver.(
# .) sort -u ;
# .
#
SERVERS='nslookup -type=ns $ZONE |\
awk '/nameserver/ {print $NF}' | sort - u '
if test "$SERVERS" = ""
then
#
# . ;
# nslookup .
# .
#
exit 1
fi
#
# SOA- . nslookup
# : nso.$$ ( )
nslookup
.
, .
# nse.$$ ( ).
# . defname search ,
# .
#
# : ;
# .
#
f o r i i n $SERVERS
do
nslookup >/tmp/nso.$$ 2>/tmp/nse.$$ <<-EOF
s e r v e r $i
s e t nosearch
s e t nodefname
set norecurse
s e t q=soa
$ZONE
EOF
#
# ,
# ? , ( a )
# ( b ) ,
# .
#
i f eg rep " N o n - a u t h o r i t a t i v e | A u t h o r i t a t i v e answers can be" \
/tmp/nso.$$ >/dev/null
then
echo $i $ZONE
continue
fi
#
# , ; .
#
SERIAL='cat /tmp/nso.$$ | grep s e r i a l | sed -e "s/.*= //"'
i f t e s t "$SERIAL" = ""
then
#
# ,
# .
# nslookup; cat " ".
#
cat /tmp/nse.$$
else
#
# .
#
echo $i $SERIAL
fi
done # "for"
#
# .
#
rm -f /tmp/nso.$$ /tmp/nse.$$
:
% check_soa mit.edu
BIT-SY.MIT.EDU 1995
STRAWB.MIT.EDU 1995
W20NS.MIT.EDU 1995
,
, . ,
, - . ,
, nslookup, .
.
C
DNS-
,
DNS DNS-.

D N S nslookup.
C
.
DNS.
DNS
D N S , 1 2 .
:
R F C 1 0 3 5 ,
2 6 2 8 , A .
:
(2 )
(1 )
(4 )
(1 )
(1 )
(1 )
(1 )
(3 )
(4 )
(2 )
(2 )
DNS- (2 )
(2 )
, ,
arpa/nameser.h

. ,
DNS-.
2 8 2 9 R F C 1 0 3 5 .
:
( )
(2 )
(2 )
,
2 9 3 0 R F C 1 0 3 5 .
RR-, :
( )
(2 )
(2 )
TTL (4 )
(2 )
( )
R R - .

, , DNS,
. D N S ,
, C.
- , .

. venera.isi.edu
:
6 venera
isi
3 edu 0
, D N S
. D N S
.

,
.

. . ,
venera.isi.edu.

vaxa.isi.edu,
vaxa,
isi.edu. ?
,
- - .
, . , , ,
2 D N S ,
6 3 . ,
6 ,
0 6 3 .
- , , .
6 ,
14 .
D N S . , vaxa.isi.edu
, venera.isi.edu,

:
: 0 123456 7 890 1 234 5 6 7890 1
+
: 6 venera 3 isi 3 edu 0 4 vaxa 0xC0 7
0xC0 ,
, .
, ,
. - 7, 6
, 7.
7
, vaxa, isi.edu.

, D N S .
D N S .
,
. :
, ,
.
, DNS
, .
, , ,
, v -
.
DNS-
,
. .

DNS-

.
:
B I N D 9 . B I N D 9
,
D N S , D N S - BIND 9 , .
B I N D 9 B I N D 8 ( lib/bind/resolv),

. ,
B I N D 8, D N S B I N D 9.
, :
#include
#include
#include
#include
<sys/types.h>
<netinet/in.h>
<arpa/nameser.h>
<resolv.h>
herror and h_errno

e x t e r n i n t h_errno;
i n t h e r r o r ( c o n s t char *s)
herror perror,
h_errno,
:

errno.
s
, . s
, herror s, : ( )
,
h_errno.

h_errno:
HOST_NOT_FOUND
. D N S - MAIN.
NXDO
TRY_AGAIN
D N S - S E R V F A I L .
NO_RECOVERY
,
( ,
.movie.edu),
DNS- F O R M E R R , NOTIMP
REFUSED.
NO_DATA
, .
NETDB_INTERNAL
,
D N S . errno.
res_init
int
res_init(void)
res_init resolv.conf
_res (
) . res_init,
, .
. ,

D N S - .
resolv.conf
, res_init ,
. res_init
,

- 1 .
res_mkquery
i n t r e s _ m k q u e r y ( i n t op,
const char *dname,
int class,
i n t type,
const u_char *data,
int datalen,
const u_char *newrr,
u_char *buf,
int buflen)
res_mkquery
-.
,
, .
dname, class type ,
res_search
res_query.
:
op
, . ,
Q U E R Y , I Q U E R Y (
). , , IQUERY
. B I N D 4 . 9 . 4
I Q U E R Y .
data
, .
N U L L - , op Q U E R Y .
datalen
data. data
datalen .
NULL-,
newrr
,
( 10 ) .
,
NULL-.
buf
, res_mkquery
-.
P A C K E T S Z ,
res_search
res_query.
buflen
buf ( , P A C K E T S Z ) .
res_mkquery
- - 1 ,
.
res_query
i n t r e s _ q u e r y ( c o n s t char *dname,
int class,
i n t type,
u_char *answer,
int anslen)
res_query
- .
: -
res_mkquery,

res_send
,
, .
res_query
res_search,
. ,
. res_query

h_errno
- 1 ,
.
res_search
i n t r e s _ s e a r c h ( c o n s t char *dname,
int class,
i n t type,
u_char *answer,
int anslen)
res_search
- ,
gethostbyname.
res_search

. (dname)
( , )
,
res_query,

.
.
res_search
,
HOSTALIASES. ( HOSTALIASES
6 . ) ,

. res_search

h_errno - 1 ,
. ( h_errno

errno, D N S . )
, ,
res_search,
dname;
res_query

. :
class
, .
C_IN,
.
arpa/nameser.h.
type
, .
, arpa/nameser.h.

T _ N S , DNS-,
T _ M X , MX-.
answer
, res_search

. - P A C K E T S Z (

arpa/nameser.h).
anslen
answer
( , P A C K E T S Z ) .
res_search

.
res_send
i n t r e s _ s e n d ( c o n s t u_char *msg,
i n t msglen,
-1
u_char *answer,
int anslen)
res_send
.
- msg U D P - T C P -
. answer.
,
( ,

- connected
datagramm
sockets).

:
msg
, - DNS.
msglen
.
answer
, DNS.
anslen
.
res_send - 1 ,
. - 1 ,
errno E C O N N R E F U S E D , ,
D N S - .
errno E C O N N R E F U S E D
res_search
res_query.
(res_search
res_query,
res_query
res_send.)

errno res_query,
errno
. , ,
res_send
errno.

res_search
errno, res_search

res_query.
_res
(
res_) , _res.
DNS-,
_res.
res_send,

retry. ,
R E S _ D N S R C H options.
_res resolv.h:
struct
res_state {
int
retrans;
int
retry;
u_long
options;
/* */
/* */
/* - . . */
int
nscount;
/* DNS- */
struct sockaddr_in
nsadd r_list[MAXNS];
#define nsaddr nsaddr_list[0]
u_short id;
/* DNS- */
/* */
/* */
char
*dnsrch[MAXDNSRCH+1]; /* */
char
defdname[MAXDNAME];
/* */
u_long
pfcode;
/* RES_PRF_ - . . */
unsigned ndots:4;
/*
unsigned nsort:4;
/* sort_list[] */
*/
char
unused[3];
struct {
struct in_addr
addr;
u_int32_t
mask;
/* */
} sort_list[MAXRESOLVSORT];
};
options .
,
options.
resolv.h; :
RES_INIT
,
res_init.
RES_DEBUG

, DEBUG.
.
RES_AAONLY

D N S - , . ,
( ) ,
. DNS- B I N D ,
, (
) DNS-.
RES_PRIMARY
D N S - - (
).
RES_USEVC
,
( T C P ) , U D P - . , TCP .
.
RES_STAYOPEN
TCP-
,
DNS-.

. .
RES_IGNTC
DNS- ,

TCP-.
RES_IGNTC

T C P .
.
RES_RECURSE
BIND .
-
. .
RES_DEFNAMES
BIND
,
. .
.
RES_DNSRCH
BIND
, .
.
.
RES_INSECURE1
BIND 4.9.3
D N S - , .
.
( ) .
RES_INSECURE2
B I N D 4 . 9 . 3
,
.
. (
).
RES_NOALIASES
BIND ,
, HOSTALIASES.
HOSTALIASES
B I N D 4 . 9 . 3 .

. .
RES_USE_INET6
I P v 6 (
IPv4)
gethostbyname.
RES_ROTATE

DNS-
resolv.conf.
R E S _ R O T A T E , B I N D 8 . 2
D N S - re
solv.conf,
D N S - . .
6 opti
ons rotate. D N S -
.
RES_NOCHECKNAME
B I N D 4 . 9 . 4
,
4 B I N D . B I N D 8 . 2
.
( ) .
RES_KEEPTSIG
BIND 8.2
T S I G - D N S .
, ,
.
RES_BLAST

. .
RES_DEFAULT
, R E S _ R E C U R S E ,
R E S _ D E F N A M E S R E S _ D N S R C H ,
.
RES_DEFAULT;

res_init.
DNS-
DNS- ,
.
:
#include
#include
<sys/types.h>
<netinet/in.h>
#include <netdb.h>
#include <arpa/nameser.h>
#include <resolv.h>
DNS-.
ns_get16 ns_put16
u_int ns_get16(const u_char *cp)
void
ns_put16(u_int s, u_char *cp)
DNS ,
( , , , ) . ns_get16
1 6 - , c p , ns_put16
16- s cp.
ns_get32 ns_put32
u_long ns_get32(const u_char *cp)
void
ns_put32(u_long l, u_char *cp)
, 1 6 - , 3 2 . TTL ( )
32- .
ns_initparse
int ns_initparse(const u_char *msg,
int msglen,
ns_msg *handle)
ns_initparse
- , ,

D N S - . ns_initparse
,
handle ,
. :
msg
.
msglen
.
handle
,
ns_initparse.
ns_initparse
- 1
.
ns_msg_base, ns_msg_end ns_msg_size

const u_char *ns_msg_base(ns_msg
const u_char *ns_msg_end(ns_msg
int ns_msg_size(ns_msg
handle)
handle)
handle)
,
.
, ns_initparse.
:
handle
,
ns_initparse.
ns_msg_count
u_int16_t ns_msg_count(ns_msg handle, ns_sect section)
ns_msg_count

. :
handle
,
ns_initparse.
section
, :
ns_s_qd
/* : */
ns_s_zn
/* : */
ns_s_an
/* : */
ns_s_pr
/* : */
ns_s_ns
/* : DNS- */
ns_s_ud
/* : */
ns_s_ar
/* |: */
ns_msg_get_flag
u_int16_t ns_msg_get_flag(ns_msg handle, ns_flag flag)
ns_msg_get_flag
-
. :
handle
,
ns_initparse.
flag
, :
ns_f_qr
/* / */
ns_f_opcode
/* */
ns_f_aa
/* */
ns_f_tc
ns_f_rd
ns_f_ra
ns_f_z
/* */
/* */
/* */
/* */
ns_f_cd
/* (DNSSEC) */
/* (DNSSEC) */
ns_f_rcode
/* */
ns_f_ad
ns_f_max
ns_msg_id
u_int16_t ns_msg_id(ns_msg
handle)
ns_msg_id

( ). :
handle
,
ns_initparse.
ns_name_compress
int ns_name_compress(const char *exp_dn,
u_char *comp_dn,
size_t length,
const u_char **dnptrs,
const u_char **lastdnptr)
ns_name_compress
.
-
res_mkquery.

, .
:
exp_dn
, ,
,
.
comp_dn
, .
length

comp_dn.
dnptrs
. dnptrs[0]
;
N U L L - . dnptrs[0]
, dnptrs[1]
- NULL-
, dn_comp .
lastdnptr
dnptrs.
ns_name_compress,
.
,
B I N D : src/lib/resolv/res_mkquery.c
( B I N D 8 ) res/res_mkquery.c
(BIND 4).

, , .
ns_name_compress

- 1 , .
ns_name_skip
i n t ns_name_skip(const u_char * * p t r p t r ,
const u_char *eom)
ns_name_skip
ns_name_uncompress,

. :
ptrptr
, .
.
eom
. ,
ns_name_skip

.
ns_name_skip

- 1 , .
ns_name_uncompress
i n t ns_name_uncompress(const u_char *msg,
const u_char *eomorig,
const u_char *comp_dn,
char *exp_dn,
size_t length)
ns_name_uncompress

.
D N S - , check_soa,

C, . :
msg
.
eomorig
, .
, ns_name_uncompress

.
comp_dn
.
exp_dn
, ns_name_uncompress

. M A X D N A M E .
length

exp_dn.
ns_name_uncompress

- 1 , . ,
ns_name_uncompress

,
?
,
ns_name_uncompress
DNS, ,
,
.
ns_parserr
int ns_parserr(ns_msg
*handle,
ns_sect section,
int rrnum,
ns_rr *rr)
ns_parserr

rr,
DNS-. :
handle
ns_initparse.
section
section
ns_msg_count.
rrnum
RR- .
. ns_msg_count
RR-
.
rr ,
.
ns_parserr
- 1 ,
.
ns_rr
char *ns_rr_name(ns_rr rr)
u_int16_t ns_rr_type(ns_rr rr)
u_int16_t ns_rr_class(ns_rr rr)

u_int32_t ns_rr_ttl(ns_rr rr)
u_int16_t ns_rr_rdlen(ns_rr rr)
const u_char *ns_rr_rdata(ns_rr rr)

. :
rr ,
ns_parserr.
DNS
DNS -
, . ,
BIND,
, src/lib/resolv/res_debug.c
( B I N D 8 ) lib/bind/
resolv/res_debug.c
( DNS- BIND 8
B I N D 9 ) . ( B I N D 9,
3 0 0 0 lib/dns/message.c.)
res_debug.c
fp_query
(res_pquery
B I N D 8.2
) , D N S D N S . - .
DNS.

p_query,
fp_query

D N S . P e r l awk
. ,
.
: checksoa
C - , ,

.
, ,
. ,
h_errno
( ) , errno.
2 0 - D N S - .
,
D N S - , 2 0
:
* check_soa
*
SOA- DNS- *
* : check_soa
*
*
* :
*
o .
*
o .
*
o .
*
o .
*
o .
*
o
*
o SOA-.
*
o .
*
*
*
*
*
*
*
*
*
/* */
#include <sys/types.h>
#include <netinet/in.h>
# i n c l u d e <netdb.h>
#include <stdio.h>
#include <errno.h>
# i n c l u d e <arpa/nameser.h>
#include <resolv.h>
/* - */
e x t e r n i n t h_errno;
/* */
extern int errno;
/* */
/* ; */
void nsError();
/* */
void findNameServers();
/* DNS- */
v o i d addNameServers();
/* DNS- */
v o i d q u e r y N a m e S e r v e r s ( ) ; /* SOA- */
v o i d r e t u r n C o d e E r r o r ( ) ; /* , */
/* DNS- */
# d e f i n e MAX_NS 20
.
, nsList, D N S - .
res_init _res.
res_init ,
,
_res. , _res ,
res_init.

findNameServers,
DNS-
, argv[ 1 ] ;
nsList. ,
queryNameServers,
D N S - nsList
SOA- :
main(argc, argv)
i n t argc;
char * a r g v [ ] ;
{
char *nsList[MAX_NS];
i n t nsNum = 0;
/* DNS- */
/* DNS- */
/* : */
i f ( a r g c != 2 ) {
( v o i d ) f p r i n t f ( s t d e r r , ": %s , a r g v [ 0 ] ) ;
exit(1);
}
(void)
res_init();
/*
* DNS- .
* n s L i s t .
*/
f i n d N a m e S e r v e r s ( a r g v [ 1 ] , n s L i s t , &nsNum);
/*
* SOA- DNS- .
* n s L i s t .
*/
q u e r y N a m e S e r v e r s ( a r g v [ 1 ] , n s L i s t , nsNum);
exit(0);
}
findNameServers.

DNS- NS-
. addNameServers

DNS-
. arpa/nameser.h
resolv.h
, :
*
*
*
findNameServers - DNS-
*
n s L i s t . *
nsNum n s L i s t .
*
void
findNameServers(domain,
char *domain;
char * n s L i s t [ ] ;
i n t *nsNum;
nsList,
nsNum)
{
union {
HEADER hdr;
u_char buf[NS_PACKETSZ];
} response;
i n t responseLen;
ns_msg handle;
/*
/*
/*
/*
r e s o l v . h */
arpa/nameser.h */
*/
*/
/* */
* NS- .
* , ,
* r e s _ q u e r y ( ) .
* , r e s _ s e a r c h ( ) .
*/
if((responseLen =
res_query(domain,
/* , */
ns_c_in,
/*
*/
ns_t_ns,
/* DNS- */
(u_char *)&response,
/*
*/
sizeof(response)))
/*
*/
< 0){
/*
*/
n s E r r o r ( h _ e r r n o , domain);
/*
*/
/*
*/
exit(1);
/*
*/
}
/*
* .
* , .
*/
i f ( n s _ i n i t p a r s e ( r e s p o n s e . b u f , responseLen, &handle) < 0) {
f p r i n t f ( s t d e r r , " n s _ i n i t p a r s e : %s\n", s t r e r r o r ( e r r n o ) ) ;
return;
}
/*
*
*
*
*
*
*
*
DNS-, . NS-
/
DNS.
. DNS-
, ,
g e t h o s t b y n a m e ( ) ,
.
*/
/*
* DNS- .
*/
a d d N a m e S e r v e r s ( n s L i s t , nsNum, handle, ns_s_an);
/*
* DNS- .
*/
a d d N a m e S e r v e r s ( n s L i s t , nsNum, handle, n s _ s _ n s ) ;
}
* addNameServers - RR-
* DNS-.
void
addNameServers(nsList,
nsNum, handle,
section)
*
*
i n t *nsNum;
ns_msg handle;
ns_sect s e c t i o n ;
{
i n t rrnum; /* RR- */
ns_rr rr;
/* RR- */
i n t i , dup; /* */
/*
* RR-
*/
f o r ( r r n u m = 0; rrnum < ns_msg_count(handle, s e c t i o n ) ; rrnum++)
{
/*
* rrnum r r .
*/
i f ( n s _ p a r s e r r ( & h a n d l e , s e c t i o n , rrnum, & r r ) ) {
f p r i n t f ( s t d e r r , " n s _ p a r s e r r : %s\n", s t r e r r o r ( e r r n o ) ) ;
}
/*
* - NS, DNS-.
*/
i f ( n s _ r r _ t y p e ( r r ) == n s _ t _ n s ) {
/*
* .
* , malloc
* , .
*/
n s L i s t [ * n s N u m ] = ( c h a r *) malloc (MAXDNAME);
i f ( n s L i s t [ * n s N u m ] == NULL){
( v o i d ) f p r i n t f ( s t d e r r , " m a l l o c \ n " ) ;
exit(1);
}
/* DNS- */
i f (ns_name_uncompress(
ns_msg_base(handle),/* */
ns_msg_end(handle), /* */
n s _ r r _ r d a t a ( r r ) , /* */
nsList[*nsNum],
/*
*/
MAXDNAME)
/* n s L i s t
*/
< 0) {
/* : */
( v o i d ) f p r i n t f ( s t d e r r , "
ns_name_uncompress\n");
exit(1);
}
*
* DNS-, .
* .
*/
f o r ( i = 0, dup=0; ( i < *nsNum) && !dup;
dup = ! s t r c a s e c m p ( n s L i s t [ i ] , n s L i s t [ * n s N u m ] ) ;
if(dup)
free(nsList[*nsNum]);
else
(*nsNum)++;
,
D N S - . , res_query ; - 1
herrno NO_DATA.

res_query
- 1 , nsError,
h_errno,

herror. herror ,
,
( , h_errno NO_DATA,
: N o a d d r e s s a s s o c i a t e d w i t h n a m e (
, )).
DNS-
S O A - .
_res. nsaddr_list,
,
D N S - (res_send)
.
, options
, ,
:
* queryNameServers - SOA- DNS-,
*
n s L i s t .

*
(, DNS-
*
) . ,
*
.
void
queryNameServers(domain,
char *domain;
i n t nsNum;
nsList,
nsNum)
{
union {
HEADER hdr;
u_char buf[NS_PACKETSZ];
} query, response;
i n t responseLen, q u e r y L e n ;
u_char
*cp;
/*
/*
/*
/*
r e s o l v . h */
arpa/nameser.h */
*/
*/
/* */
*
*
*
*
*
/* DNS- */
struct in_addr saveNsAddr[MAXNS]; /* _res */
int nsCount;
/* res */
struct hostent *host; /* ns addr */
int i;
/* - */
ns_msg handle;
/* */
ns_rr rr;
/* RR- */
/*
* DNS- _res; .
*/
nsCount = _res.nscount;
for(i = 0; i < nsCount; i++)
saveNsAddr[i] = _res.nsaddr_list[i].sin_addr;
/*
*
* gethostbyname(); DNS-
* .
*/
_res.options &= ~(RES_DNSRCH
| RES_DEFNAMES);
/*
* SOA- DNS- .
*/
for(nsNum-- ; nsNum >= 0; nsNum--){
/*
* IP- DNS-.
* . gethostbyname()
* .
* _res,
* _res gethostbyname(). (
* _res .)
* res_init() ,
* _res
* , res_init().
*/
_res.options
|= RES_RECURSE;
/* ( ) */
_res.retry = 4;
/* 4 ( )
_res.nscount = nsCount;
/* DNS- */
for(i = 0; i < nsCount; i++)

_res.nsaddr_list[i].sin_addr = saveNsAddr[i];
/* DNS- */
host = gethostbyname(nsList[nsNum]);
if (host == NULL) {
(void) fprintf(stderr," %s\n",
nsList[nsNum]);
continue; /* nsNum, for */
}
*/
/*
* . host IP-
* DNS-, .
* _res. SOA-...
*/
(void) memcpy((void
*)&_res.nsaddr_list[0].sin_addr,
(void *)host->h_addr_list[0], (size_t)host->h_length);

_res.nscount = 1;
/*
* . , DNS-
* , SOA-; DNS-
* .
*/
_res.options &= ~RES_RECURSE;
/*
* .
*
* .
* 15 .
*/
_res.retry = 2;
/*
* ,
* - ,
* res_query(). res_query() -1,
* , .
* ,
res_mkquery()
* -1. ,
* res_query()
* , .
*/
queryLen = res_mkquery(
ns_o_query,
/*
domain,
/* */
*/
ns_c_in,
/* */
ns_t_soa,
/* SOA- */
(u_char *)NULL,
/* NULL
0,
/* NULL
*/
(u_char *)NULL,
/* NULL
*/
(u_char *)&query,/* */
sizeof(query));
/*
*/
/*
* -.
* DNS-, res_send() -1
* errno ECONNREFUSED.
* -, errno.
*/
*/
e r r n o = 0;
i f ( ( r e s p o n s e L e n = r e s _ s e n d ( ( u _ c h a r *)&query,/* */
queryLen,
/* */
(u_char *)&response,/* */
s i z e o f ( r e s p o n s e ) ) ) /* */
< 0){
/* */
i f ( e r r n o == ECONNREFUSED) { /* DNS- */
(void) fprintf(stderr,
" DNS- %s\n",
nsList[nsNum]);
} else {
/* : */
"%s ^ " ,
nsList[nsNum]);
}
c o n t i n u e ; /* nsNum, f o r */
}
/*
* .
* .
*/
i f ( n s _ i n i t p a r s e ( r e s p o n s e . b u f , responseLen, &handle) < 0) {
f p r i n t f ( s t d e r r , " n s _ i n i t p a r s e : %s\n", s t r e r r o r ( e r r n o ) ) ;
return;
}
/*
* ,
* .
*/
i f ( n s _ m s g _ g e t f l a g ( h a n d l e , n s _ f _ r c o d e ) != n s _ r _ n o e r r o r ) {
returnCodeError(ns_msg_getflag(handle, ns_f_rcode),
nsList[nsNum]);
}
/*
* ?
* .
DNS- ,
* .
*/
if(!ns_msg_getflag(handle, ns_f_aa)){
"%s %s\n",
n s L i s t [ n s N u m ] , domain);
}
* ,
* .
*/
if(ns_msg_count(handle, ns_s_an) != 1){

"%s: 1 , %d\n",
nsList[nsNum], ns_msg_count(handle, ns_s_an));
continue; /* nsNum, for */
}
/*
* rr.
*/
if (ns_parserr(&handle, ns_s_an, 0, &rr)) {
if (errno != ENODEV){
fprintf(stderr, "ns_parserr: %s\n",
strerror(errno));
}
}
/*
* SOA-; ,
* .
*/
if (ns_rr_type(rr) != ns_t_soa) {
"%s: %d, %d\n",
nsList[nsNum], ns_t_soa, ns_rr_type(rr));
continue; /* nsNum for-loop */
}
/*
* cp SOA-.
*/
cp = (u_char *)ns_rr_rdata(rr);
/*
* SOA ;
* , .
* " ".
*/
ns_name_skip(&cp, ns_msg_end(handle));
ns_name_skip(&cp, ns_msg_end(handle));
/* cp , */
/* . */
(void) printf("%s %d\n",
nsList[nsNum], ns_get32(cp));
} /* for- nsNum */
}
, ,
gethostbyname,
. gethostbyname
- SOA-
D N S - . , D N S - -
, S O A - ,
,
. DNS- SOA-
, .
:
* n s E r r o r - h_errno *
*
NS-. r e s _ q u e r y ( )
*
*
DNS
*
*
h_errno.
*
*
h e r r o r ( ) ,
*
*
h_errno , p e r r o r ( )
*
*
e r r n o . , h e r r o r ( )
*
*
,
*
*
.
*
*
NS- ,
*
*
.
*
void
n s E r r o r ( e r r o r , domain)
int error;
char *domain;
{
switch(error){
case HOST_NOT_FOUND:
break;
case NO_DATA:
break;
case TRY_AGAIN:
break;
default:
break;
}
}
" : %s\n", domain);
" NS- %s\n", domain);
" NS-\n");
" \ n " ) ;
/**************************************************************************
* r e t u r n C o d e E r r o r -
*
* , .
*
void
r e t u r n C o d e E r r o r ( r c o d e , nameserver)
ns_rcode rcode;
char *nameserver;
{
( v o i d ) f p r i n t f ( s t d e r r , "%s: ", n a m e s e r v e r ) ;
switch(rcode){
case ns_r_formerr:
(void) fprintf(stderr, " FORMERR\n");
break;
case ns_r_servfail:
(void) fprintf(stderr, " SERVFAIL\n");
break;
case ns_r_nxdomain:
(void) fprintf(stderr, " NXDOMAIN\n");
break;
case ns_r_notimpl:
(void) fprintf(stderr, " NOTIMP\n");
break;
case ns_r_refused:
(void) fprintf(stderr, " REFUSED\n");
break;
default:
(void) fprintf(stderr, " \n");
break;
}
,
D N S - libc, :
% cc -o check_soa check_soa.c
BIND (
C B I N D L i n u x - ) ,

:
% cc -o check_soa -I/usr/local/src/bind/src/include \
check_soa.c
/usr/local/src/bind/src/lib/libbind.a
:
% check_soa mit.edu
BITSY.MIT.EDU has serial number 1995
W20NS.MIT.EDU has serial number 1995
STRAWB.MIT.EDU has serial number 1995

, , ,
, .
, , C
.
Perl
Net::DNS
nslookup
, C -
, P e r l ,
N e t : : D N S .
http://www.perl.com/CPAN-local/modules/by-module/Net/NetDNS-0.12.tar.gz.
Net::DNS , DNS R R
.
, Perl-

check_soa.

- ,
:
$res = new N e t : : D N S : : R e s o l v e r ;
resolv.conf,
. ,
N e t : : D N S : : R e s o l v e r ,
_res, .
,
,
$res->retry:
$res->retry(2);
, :
$res->search
$res->query
$res->send

res_search,
res_query
res_send,

C, .
,
( A - I N ) .
Net::DNS::Packet,
. :
$packet = $ r e s - > s e a r c h ( " t e r m i n a t o r " ) ;
$packet = $ r e s - > q u e r y ( " m o v i e . e d u " , "MX");
$packet = $ r e s - > s e n d ( " v e r s i o n . b i n d " , "TXT",
"CH");

Net::DNS::Packet,
, , ,
, DNS:
$header
question
answer
authority
additional
=
=
=
=
=
$packet->header;
$packet->question;
$packet->answer;
$packet->authority;
$packet->additional;

DNS-
N e t : : D N S : : H e a d e r . ,
Net::DNS::Header, ,
R F C 1 0 3 5 , HEADER,
-. , ,
D N S - ,
$header->aa:
i f ($header->aa) {
p r i n t " ^ " ;
} else {
p r i n t " ^ " ;
}

DNS
N e t : : D N S : : Q u e s t i o n . ,
:
$question->qname
$question->qtype
$question->qclass
RR-
, ,
N e t : : D N S : : R R . , ,
TTL R R - :
$rr->name
$rr->type
$rr->class
$rr->ttl
N e t : : D N S : : R R
.
,
M X - :
$preference = $rr->preference;
$exchanger = $ r r - > e x c h a n g e ;
Perl- check_soa
, , Net::DNS, ,
.
check_soa
Perl:
#!/usr/local/bin/perl
-w
use Net::DNS;
#
# .
#
d i e ": check_soa ^ " u n l e s s @ARGV == 1;
$domain = $ARGV[0];
#
# DNS- .
#
$res = new N e t : : D N S : : R e s o l v e r ;
$res->defnames(0);
$res->retry(2);
$ns_req = $ r e s - > q u e r y ( $ d o m a i n , "NS");
d i e " DNS- $domain: ", $ r e s - > e r r o r s t r i n g , "\n"
u n l e s s d e f i n e d ( $ n s _ r e q ) and ( $ n s _ r e q - > h e a d e r - > a n c o u n t > 0);
@nameservers = grep { $_->type eq "NS" } $ns_req->answer;
#
# SOA- DNS-.
#
$| = 1;
$res->recurse(0);
f o r e a c h $ n s r r (@nameservers) {
#
# DNS-.
#
$ns = $nsrr->nsdname;
p r i n t "$ns ";
unless ($res->nameservers($ns)) {
warn ": : ", $ r e s - > e r r o r s t r i n g ,
next;
}
#
# SOA-.
"\n";
#
$soa_req = $res->send($domain, "SOA");
unless (defined($soa_req)) {
warn ": ", $ r e s - > e r r o r s t r i n g , "\n";
next;
}
#
# DNS- ?
#
unless ($soa_req->header->aa) {
warn " $domain\n";
next;
}
#
# .
#
u n l e s s ( $ s o a _ r e q - > h e a d e r - > a n c o u n t == 1) {
warn ": 1 ,
",
$soa_req->header->ancount, "\n";
next;
}
#
# SOA-?
#
u n l e s s ( ( $ s o a _ r e q - > a n s w e r ) [ 0 ] - > t y p e eq "SOA") {
warn ": SOA-,
",
($soa_req->answer)[0]->type,
"\n";
next;
}
#
# .
#
p r i n t " ", ( $ s o a _ r e q - > a n s w e r ) [ 0 ] - > s e r i a l , "\n";
}
, DNS-
, P e r l ,
, ,
.
16
- , ,
, -
, , ,

.

DNS :
D N S - 4,
8,
D N S - 9. 11
DNS-, , ,
- . ,
, .
,

DNS.
D N S
D N S - , .
, , ?
?
?
?
DNS -
, .
,
.
,
D N S ;
named.conf
dig.
DNS .
: DNS-.

DNS-
D N S -
:
D N S - .
- ,
, DNS-.
11 D N S - ,
. , ns.movie.edu,

,
. D N S -
,
ns1.isp.net.
D N S -
. ns.movie.edu

,
. D o S - , . .
, .
DNS-
, TSIG.
D N S - D o S - ,
.
,
,
, DNS-:
UDP- TCP-
5 3 , U D P - TCP- 53.

DNS-,
,
. , DNS-
movie.edu
movie.edu . ,

. named.conf

DNS-:
options {
};
acl "internal" {
127/8; 192.249.249/24;
192.253.253/24; 192.253.254/24;
192.254.20/24;
view "internal" {
recursion yes;
zone "movie.edu" {
type master;
file "db.movie.edu.internal";
forwarders {};
};
type master;
file "db.192.249.249";
};
type master;
file "db.192.253.253";
};
type master;
file "db.192.253.254";
};
type master;
file "db.192.254.20";
};
zone "." {
type hint;
file "db.cache";
};
};
key "ns.movie.edu" {
algorithm hmac-md5;
secret "JprUYzd+p2TO/B7k9k9Gdg==";
};
view "external" {
match-clients { key "ns.movie.edu"; };
recursion no;
zone "movie.edu" {
type master;
file "db.movie.edu.external";
};
type master;
file "db.200.1.4";
, ,
DNS-
D M Z , ns.movie.edu,
movie.edu
, D N S -
D N S - , ,
;
D N S -
.
DNS-, ,
( 8 ) , N S - - N S - ,
. D N S -
.
D N S - ,
, ,
NS-, .
. 16.1 , .
DNS-, D N S
,
N O T I F Y ,
.
. 16.1.
DNS-,

. 16.1.
16.1.
DNS-

IP-

NOTIFY
NOTIFY
53
53
53
UDP
UDP
53
UDP
UDP
53

IP-
53

TCP,

TCP

query-source,
UDP- .
notify-source

D N S - T S I G - , I P - . (
T S I G match-clients

.)
DNS-, .

D N S . D N S - D N S -
.
, DNS-
DNS- ,
. , 1 1 ,
.
, , ,
D N S - . ( 1 0 . )
,
.
DNS-
, D N S -
.
allow-query
named.conf
,
U D P .
, DNS- , .
, D N S -
B I N D , 9 . 3 . 0 ,
, 10.
B I N D ( 9 . 3 . 0 ) ,
, ,
.
,
-
. D N S - ,
,
. ( , ,
1 0 0 0
.)
1 1 , DNS-
, ,

. , movie.edu,
.
, D N S - movie.edu

movie.edu zone
forwarders:
zone "movie.edu" {
type slave;
masters { 192.249.249.1; };
forwarders {};
};
D N S - , fx.movie.edu,
movie.edu:
zone "movie.edu" {
type stub;
masters { 192.249.249.1; };
forwarders {};
DNS- NS-,
movie.edu,
,
,
. .
,
, -
.
.
. 1 6 . 2 .
. 16.1.
,
DNS- ?
, .
,

, DNS-
IP- .

DNS - ,
, . .
DNS .
DNS
DNS:
. , . movie.edu D N S -
toystory.movie.edu,
wormhole.movie.edu
zardoz.movie.edu. fx.movie.edu
D N S - bladerunner.fx.movie.edu

,
D N S - movie.edu fx.movie.edu. D N S
D N S - , D N S -
,
.
.

DNS- DNS- DNS , D N S
- . .
- movie.edu S E R V F A I L
movie.edu,

. , D N S - ,
.

, .
movie.edu
,
.
, , ,
.
, ,
DNS. ,
, .
8, , D N S - ,
D N S - .
( ) ,
D N S -
DNS-.
DNS-
,
DNS-. , DNS movie.edu,
DNS-
.
, N S - movie.edu,
, D N S -
;
.
, ,
DNS DNS-
.
,
D N S .
, ,

named.conf
( ,
) (RCS).
( ) ,
named-checkzone,
4.
named.conf

named-checkconf.

, :
1. .
2.
3. named-checkzone
.
named-checkzone.
4.
, RCS.
D N S - ,
syslog- .
l o g - named,
:
daemon.*
@loghost
syslog.conf
, D N S - .
s y s l o g - ,
, D N S
logging:
logging {
channel d e f a u l t _ s y s l o g
syslog localO;
};
:
localO.*
@loghost
syslog.conf
syslog-
named ( , local0
) .
log-
DNS-, -.
( ! ) - swatch ,
log- (
)
.
1
syslog
. ,
D N S - ,
. dnswalk
-
.
, cron:
2
0 * * * *
/ u s r / b i n / d n s w a l k m o v i e . e d u . 2>&1 | mail - s "dnswalk:
hostmaster@movie.edu
'date'"
,
, dnswalk

grep .
( , ,
), .

,
named.conf
,
. 8
rsync .
DNS BIND

B I N D , ,
.
B I N D Users B I N D A n n o u n c e ,
3. B I N D ,
.
, , . !
swatch
dnswalk
http://swatch.sourceforge.net/.
http://sourceforge.net/projects/dnswalk/.
17

: :
,
,
,
, ,
.
. DNS
B I N D , ,
.
(, , A c t i v e Direc
t o r y B I N D ) , - .
, !
CNAME-
C N A M E - 4 B I N D .
, - .
D N S - ,
CNAME. ,
, - ,
.
CNAME-

, ,
, CNAME-,

. , fx.movie.edu

magic.movie.edu,
CNAME- :
fx.movie.edu.
IN
CNAME
magic.movie.edu.
,
empire.fx.movie.edu
empire.magic.movie.edu.
,
:
C N A M E - ,
fx.movie.edu,
.
, fx.movie.edu
SOA- NS-,
C N A M E - ,
,
, .
B I N D 9, D N A M E ( 10) -
:
fx.movie.edu.
IN
DNAME
magic.movie.edu.
D N A M E
fx.movie.edu
- S O A N S , ,
, fx.movie.edu. C N A M E -
fx.movie.edu
magic.movie.edu

fx.movie.edu.
B I N D 9 ,
- C N A M E - :
IN
IN
CNAME
CNAME
empire.magic.movie.edu.
bladerunner.magic.movie.edu.
, S O A - N S - ,
fx.movie.edu.

fx.movie.edu,

fx.movie.edu.
,
, C N A M E - . ( h2n,
4, . )
CNAME- CNAME-
( C N A M E - ) ,
? ,
,
. ,
.
,
?
CNAME-?
: , CNAME- .
CNAME- BIND,
R F C - .
,
. R F C D N S
- C N A M E , .
, , - ,
. ,
C N A M E - (
B I N D ) D N S - .
1
RR-
, C N A M E ,
.
D N S - . ,
5 D N S , sendmail
M X - ,
. , sendmail
M X - ,

, .
, DNS- BIND 8
log- :
Sep 27 07:43:48 toystory named[22139]: "digidesign.com IN NS" points to
a CNAME
(ns1.digidesign.com)
Sep 27 07:43:49 toystory named[22139]: "moreland.k12.ca.us IN MX" points to

a CNAME
(mail.moreland.k12.ca.us)
D N S - B I N D 9, , .
CNAME-
,
, , , -
, - C N A M E .
r o u n d robin
RR-. , :
fullmonty
IN
CNAME
fullmonty1
fullmonty
IN
CNAME
fullmonty2
fullmonty
IN
CNAME
fullmonty3
, Microsoft DNS,
Windows.
CNAME- .
fullmontyl,
fullmonty2,
fullmonty3 D N S - ,
, ( ,
CNAME ).
B I N D 4 , B I N D 8, 9 . 1 . 0
. BIND 8
:
options {
multiple-cnames yes;
};
B I N D 9 . ,
, CNAME- .
CNAME-
CNAM E - , ,
. nslookup
dig.
cname any, :
% nslookup
Default Server:
Address:
wormhole
0.0.0.0
> set query=cname

> toys
Server:
Address:
wormhole
0.0.0.0
bigt.movie.edu
canonical name = toystory.movie.edu
> set query=any

> toys
Server: wormhole
Address:
0.0.0.0
toys.movie.edu
canonical name = toystory.movie.edu
> exit
% dig toys.movie.edu cname
; <<>> DiG 9.3.2 <<>> toys.movie.edu cname
;; Got answer:
flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4
;toys.movie.edu
IN CNAME
;; ANSWER SECTION:
toys.movie.edu.
86400 IN CNAME
toystory.movie.edu.

, D N S :
.
, : ,
, :
% grep toystory /etc/hosts
192.249.249.3
toystory.movie.edu toystory toys
D N S
, .
DNS- ,
:
% nslookup
Default Server:
Address:
wormhole
0.0.0.0
> toystory
Server:
wormhole
Address:
Name:
0.0.0.0
toystory.movie.edu
Address:
192.249.249.3
nslookup dig ,
nslookup dig .

:
% nslookup
Default Server:
Address:
wormhole
0.0.0.0
> toys
Server:
Address:
Name:
wormhole
0.0.0.0
toystory.movie.edu
Address:
192.249.249.3
Aliases:
toys.movie.edu
> exit
% dig toys.movie.edu
; <<>> DiG 9.3.2 <<>> toys.movie.edu
;; Got answer:
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 4
; toys.movie.edu.
IN
;; ANSWER SECTION:
toys.movie.edu.
86400 IN CNAME
toystory.movie.edu.
86499 IN A
toystory.movie.edu.
192.249.249.3
C N A M E -
- , C N A M E -
:
% nslookup
Default Server:
Address:
wormhole
0.0.0.0
> ls -t cname movie.edu

[wormhole.movie.edu]
$ORIGIN movie.edu.
toys
1D IN CNAME
toystory
wh
mi
>
1D IN CNAME
1D IN CNAME
wormhole
monsters-inc
,
; ,
.
, ,
D N S . , R R -

, , .
DNS *
.
, ,
D N S - .

. ,
, ,
.
movie.edu
M X - , ,
-. :
*.movie.edu.
IN
MX
10 movie-relay.nea.gov.
*
, R R - ,
toystory.movie.edu, empire.fx.movie.edu
casablanca.bogart.classics.movie.edu.
,
.
cujo.movie.edu.movie.edu,

. ,
mail M X - :
send
% nslookup
Default Server:
Address:
wormhole
0.0.0.0
> set type=mx

> cujo.movie.edu
Server:
Address:
-
- cujo
MX-
wormhole
0.0.0.0
cujo. movie.edu.movie. edu
preference = 10, mail exchanger = movie-relay.nea.gov
?
, . ,
,

db.movie.edu:
*
IN
MX
10 mail-hub.movie.edu.
et
IN
MX
10 et.movie.edu.
jaws
IN
192.253.253.113
fx
IN
NS
fx
IN
NS
toystory.movie.edu

mail-hub.movie.edu,
et.movie.edu
.
M X - jaws.movie.edu
,
M X - .
,
.
fx.movie.edu,

.
movie.edu,

,
,

movie.edu.
MX-
M X , ,
, ,
. MX-
,
.
,
. .
, , ,
- .
, . .
,
M X - ,
, -
.
, ( ,
) . ,
,
M X - ,
.

( DNS) ,
D N S , -
.
D N S , .

-,
,
, .
DNS
-
,
. ( ,
,
. )
( d i a l - o n - d e m a n d ) , -
:
, ,
.
:
( ,
) (
- , ,
, Linux
-
,
) .
. - ,
, , -
, .
,
.

, ,
I S D N - ,
dial-on-demand ( ) .
,
, .
,
, - .
, , DNS- BIND
.

D N S - ,
.
DNS. , tinyoffice.megacorp.com,
D N S - ,
.
, , :
tinyoffice.megacorp.com
megacorp.com
, FTP-
, deadbeef.tinyoffice.megacorp.com,

deadbeef
deadbeer:
% ftp deadbeer
,
deadbeer.tinyoffice.megacorp.com.
DNS-,
tinyoffice.megacorp.com,
,
.
deadbeer.megacorp.com.
,
, DNS- DNS-
megacorp.com,
.

. , , -
B I N D ,
( B I N D 8 9 ) . ,
deadbeer , D N S -
deadbeer.megacorp.com
, , , ,
megacorp.com.
- ,
. - tinyoffice.megacorp.com,
, .
.
-, . BIND
, 4.9,
(
) .
,
, , .
, ,
/etc/hosts,

D N S , /etc/
hosts. /etc/
hosts, .
.
,

- D N S , -.
DNS-
. ,
, D N S - ,
- ,
.
, Windows NT, 2000
X P , DNS-.
DNS-
U U N e t - .
,
.

.
, ,
,
.
, ,
DNS- . DNS-
,
, . UNIX-
(, Linux) :
ifup ifdown - -
. , , ifup-post ifdown-post,
ifup ifdown
. na
med ndc start ifup-post
ndc stop rndc stop ifdown-post.
, , -
resolv.conf.

, DNS-,
,
D N S - , .
,
,
, ,
.
DNS- -,
/etc/hosts ( N I S ,
) D N S - .
, /etc/hosts .
DNS-,
:
, D N S - .
, (
/etc/hosts) ,
. D N S -
- ifup-post
ifdown-post.
, D N S
, /etc/hosts

D N S - .
,
DNS-.
,

, -
DNS- ,
, DNS- ( ) .
,
, localhost
1.0.0.127.in-addr.arpa,
/etc/hosts

DNS-.
DNS-, ,
localhost 1.0.0.127.in-addr.arpa

127.0.0.1 localhost ,
.
D N S - ,
, (
ndc querylog D N S - B I N D 8 rndc querylog D N S -
B I N D 9 . 1 . 0 ) ,
.
, DNS .

.
,

,
: -
/etc/hosts D N S - .
,
.

: D N S -
/etc/hosts

D N S - .
DNS-

-
DNS-
? ,

,
. , BIND
DNS-.
DNS-
,
. DNS- , ,

SOA-
.
B I N D 8.2 DNS-

(heartbeat
interval),
, ( )
:
options {
heartbeat-interval 180;
// 3
};
60 ;
, .

, DNS-

. D N S -
(
, )
SOA- - .
- N O T I F Y - , ,
,
D N S - .
D N S -
,
dialup options:
options {
heartbeat-interval 60;
dialup yes;
};

, dialup zone:
zone "movie.edu" {
type master;
dialup yes;
};
, ,
, : D N S , .
-
D N S -
,
.
S O A - .

,
.

D N S
,
,
HOSTS.TXT.
RFC 1101
;
, ,
HOSTS.TXT.
,
;
PTR- -.
, I P - D N S
I P - , in-addr.arpa,

P T R - .
,
1 5 / 8 H P Internet*.
, 4 ,
P T R - , IP- . ,
A R P A n e t , 1 0 / 8 ,
P T R -
ARPAnetARPA.
A R P A n e t ,
0.0.0.10.in-addr.arpa
.
, 2 5 5 . 2 5 5 . 0 . 0 .
, , I P - .

. ,
.
, P T R - .
P T R - , (

in-addr.arpa).
,
HP (HP Internet 1 5 / 8 ) ,
.

db.hp.com:
; HP 15.0.0.0.
hp-net.hp.com.
IN
PTR 0. 0. 0.15. in-addr.arpa.
db.corp.hp.com:
; corp 15.1.0.0.
corp-subnet.corp.hp.com.
IN
PTR 0.0.1.15.in-addr.arpa.
db.15:
; 15.0.0.0 hp-net.hp.com.
; HP - 255.255.248.0.
IN
PTR hp-net.hp.com.
IN
255.255.248.0
db.15.1 :
; 15.1.0.0 .

15.1.0.1:
IN
PTR corp-subnet.corp.hp.com.
IP-
1. .
1 5 . 1 . 0 . 1 A , 2 5 5 . 0 . 0 . 0 .
I P - - 1 5 .
2.
addr.arpa.
(type=A
type=ANY)
0.0.0.15.in-
3. .
0.0.0.15.in-addr.arpa
( 2 5 5 . 2 5 5 . 2 4 8 . 0 ) , I P - .
15.1.0.0.
4.
addr.arpa.
(type=A
type=ANY)
0.0.1.15.in-
5. ; ,
1 5 . 1 . 0 . 0 .
6. P T R -
7.
net.corp.hp.com.
15.1.0.1:
corp-sub-

P T R - :
movie.edu.
IN
PTR
0.249.249.192.in-addr.arpa.
IN
PTR
0.253.253.192.in-addr.arpa.
: , R F C
1 1 0 1 ,
,

.
D N S ,

.
.
RR-
R R - ,
. ,
.
,
.
AFSDB
A F S D B M X - ,
NS-. A F S D B
A F S D N S -
DCE-. , ,
, ,
.
A F S ? A F S ,
. A F S ( A n d r e w File S y s t e m ) -
, ( A n d r e w P r o j e c t ) . (
I B M . ) A F S -
, N F S , , N F S .

. A F S ,
( )
A F S ( ).
,
A F S .
(authenticated) DNS-? DNS-,
,
DCE-. DCE-? ,
,
( D i s t r i b u t e d C o m p u t i n g E n v i r o n m e n t , D C E ) O p e n
Group.
. A F S - DCE , ,
D N S - . .
, , ,
. ,
DNS, .
, A F S D B
MX-. 1
A F S 2 DNS- DCE-.
- ,
. !
, fx.movie.edu
DCE ( A F S - ) ,

. A F S DNS-
D C E bladerunner.fx.movie.edu

empire.fx.movie.edu,

D N S - D C T - aliens.fx.movie.edu.

AFSDB-:
; DCE- f x . m o v i e . e d u , . . ,
fx.movie.edu.
IN AFSDB 1 b l a d e r u n n e r . f x . m o v i e . e d u .
IN AFSDB 2 b l a d e r u n n e r . f x . m o v i e . e d u .
IN AFSDB 1 e m p i r e . f x . m o v i e . e d u .
IN AFSDB 2 a l i e n s . f x . m o v i e . e d u .
LOC
RFC 1876 LOC,

, .
, .
,
.
LOC- ,
( ) .
:
<> [ [.< >]]
(N|S|E|W)
.
LOC- R F C
1 8 7 6 R e s o u r c e s * ( R F C 1 8 7 6 ) , http://
www.ckdhr.com/dns-loc.
,
( C h r i s t o p h e r D a v i s ) , R F C 1 8 7 6 ,
,
LOC-.

( G l o b a l P o s i t i o n i n g S y s t e m , G P S ) ,
, - ,
, -
: Tele A t l a s ' s E a g l e G e o c o d i n g
http://www.geocode.com/modules.php?name=TestDrive_Eagle,
, A i r N a v ' s A i r p o r t I n f o r m a t i o n http://
www.airnav.com/airports,

. ,
,
, ,
!
LOC- :
huskymo.boulder.acmebw.com.
IN
LOC
40 2 0.373 N 105 17 23.528 W 1638m
,
, - ( , LOC
) ,
.
( ) ,
- , -
.
Z I P - . ,
Z I P - .
LOC- .

, RFC 1101 (
) , L O C -
:
; HP 15.0.0.0.
hp-net.hp.com.
IN
PTR 0.0.0.15.in-addr.arpa.
IN
LOC 37 24 55.393 N 122 8 37 W 26m
SRV
-
, ,
. ,
. ,

ftp.movie.edu,
,
FTP-:
ftp.movie.edu.
IN
CNAME
plan9.fx.movie.edu.
,
F T P - , ,
, ,
F T P .
CNAME-.
SRV-, RFC
2 7 8 2 , . S R V
,

;
M X - . S R V M X ,

SMTP.
SRV- ,
.
, , S R V - ,
, ,
, .
, ,
,
. ,
_ftp._tcp.movie.edu
SRV-,
F T P - movie.edu,
:
_http._tcp.www.movie.edu
SRV-,
U R L - http://www.movie.edu
-
www.movie.edu.

I A N A (
http://www.iana.org/assignments/port-numbers)

, .
- .
S R V - : ,
, . ,
- 1 6 - ( 0 6 5 5 3 5 ) . .
M X - :
,
. ,
, ,
.

.
. ,
, - 2,
(
, , ) , .
: ,
.
, ,
, .
, .

. , S R V - ,
-,
8 0 0 0 , H T T P - ( 8 0 ) .
, (
).
( ) , .
, F T P - movie.edu
db.movie.edu:
ftp._tcp.movie.edu.
IN
SRV
21
plan9.fx.movie.edu.
IN
SRV
21
thing.fx.movie.edu.
FTP-, SRV-,
F T P - plan9.fx.movie.edu
21 ,
F T P - thing.fx.movie.edu
21 , F T P -
plan9.fx.movie.edu
.
:
_http._tcp.www.movie.edu.
IN
SRV
80
www.movie.edu.
IN
SRV
80
www2.movie.edu.
IN
SRV
- www.movie.edu
8 0
www.movie.edu
www2.movie.edu,
www.movie.edu
, www2.movie.edu.

,
8000.
, ,
:
gopher._tcp.movie.edu.
IN
SRV
, S R V - , ,
. SIP- - W i n d o w s 2000, W i n
dows X P W i n d o w s Server 2003 -
. ( SRV- W i n d o w s -
.) , ,
S R V - . S R V -
, .
, ,
, S R V - (
, , ) ,
,
. S R V -
, I P - . ,
,
,
A - .
, www.movie.edu
_http._tcp.www.movie.edu. IN
SRV
80
www.movie.edu.
IN
SRV
80
www2.movie.edu.
IN
SRV
IN
200.1.4.3 ; www.movie.edu
IN
200.1.4.4 ; www2.movie.edu
www.movie.edu.
; ,
; SRV-
, SRV-,
www.movie.edu
,
www2.movie.edu,
,
- .
( r o u n d r o b i n ) www.movie.edu
www2.movie.edu.
ENUM
E N U M ( T e l e p h o n e N u m b e r M a p p i n g ,
) - D N S ,
DNS
E . 1 6 4 U R I - . U R I
V o I P ,
, - ; .
1
, E.164,
. E . 1 6 4
ITU (International Telecommunication Union)
, .
( , ,
, - URI - (Uniform Resource Iden
tifiers). URL (Uniform Resource Locators,
), , , ,
URI, URN (Uniform Resource Names,
).
, , ,
) , .
.

.
: ( 4 0 8 ) 5 5 5 - 1 2 3 4 .
, , , .
+ ,
.
E . 1 6 4 U R I - ,
, V o I P ,
U R I - .
E . 1 6 4 , U R I , ( ,
, , )
URI . , E N U M
V o I P ,
. , E N U M
.
E.164 URI- ,
, -.
E.164
E N U M DNS E.164 URI-, DNS
,
,
.
:
1. ,
+ . ( +
4 0 8 - 5 5 5 - 1 2 3 4 + 1 4 0 8 5 5 5 1 2 3 4 . )
E N U M ,
A U S (Application Unique S t r i n g ) .
.
2.
. ( + 1 4 0 8 5 5 5 1 2 1 2
21215558041.)
3. e 1 6 4 . a r p a . , , . (

21215558041
2.1.2.1.5.5.5.8.0.4.1
.e164.arpa.)
NAPTR
, E . 1 6 4 ,
, , . E N U M
R R - N A P T R . N A P T R ,
, :
1
M X S R V .
E N U M
N A P T R , .
: 16- .
, .
1 6 - .
E N U M , . E N U M
U R I
N A P T R , ,
, ,
;
. ,

.
, N A P T R
E N U M , - u . , N A P T R -
,
E.164
U R I - . , N A P T R
, ,
, URI-.
E N U M e 2 u +
( ) . e 2 u
E . 1 6 4 U R I . , e 2 u + ,
URI- N A P T R . , e 2 u + s i p
E.164 U R I - , sip:
sips:.
N A P T R ENUM
,
ENUM.
,
P e r l sed. A U S , .

P O S I X .
, A U S
A U S ,
, . i ,
.
.
N A P T R
.
N A P T R R F C 3 7 6 1 ,
ENUM:
$ORIGIN
3.8.0.0.6.9.2.3.6.1.4.4.e164.arpa.
NAPTR 10 100 "u" "E2U+sip" "!".*$!sip:info@example.com!" .

NAPTR 10 101 "u" "E2U+h323" "!".*$!h323:info@example.com!" .
NAPTR 10 102 "u" "E2U+msg" "!".*$!mailto:info@example.com!" .
( ,
N A P T R , ,
.)
N A P T R - E . 1 6 4 + 4 4 1 6 3 2 9 6 0 0 8 3
URI-.
, , , ,
SIP-.

D N S , .
(!) ,
( / ) . :
,
,
.
( ) ,
( i ) .
/ ! , .

A U S .

A U S .
A U S , $ - . . *
. ,
A U S , .
A U S URI-:
sip:info@example.com.
, N A P T R
E N U M A U S URI.
N A P T R , A U S
URI- :
$ORIGIN 0.5.6.1.e164.arpa.
*
NAPTR 10 100 " u " "E2U+sip" "/"+1650(..)$/sip:\1@peninsula.sip.sbc.com/" .
,
A U S + 1 6 5 0 ,
SIP URI-
, A U S .

, ,
Perl.)
, E . 1 6 4 U R I ,
DNS-,
URI- IP- .
ENUM
E.164, DNS,
. e164.arpa
: e164.arpa,
,
,
.
-.
, 9.4.e164.arpa,
E N U M 4 9 ,
, D E N I C ,
de. ,
, NAPTR- 9.4.e164.arpa,
DENIC,
,
, N A P T R .
, e164.arpa,
, , , R I P E
http://www.ripe.net/enum/request-archives/.
ENUM:

,
E N U M . ,
e164.arpa
.
,
. N A P T R -
, E . 1 6 4 , ,
.
DNSSEC . ,
R F C - E N U M D N S S E C
.

D N S
- ,
. D N S ,
,
D N S
U S - A S C I I .
, ,
, ASCII
. -ASCII
ASCII;
ae o e .
R F C 3 4 9 0
.
- A S C I I ,
DNS ,
,
A S C I I .
, Base 6 4 .
A S C I I - .
ASCII-
, A S C I I - , A S C I I -
x n - - ,
ASCII-. ,
ASCII- ,
(internationalized
domain names, IDN).
R F C 3 4 9 0 ,
,
, Unicode, ASCII.
! U n i c o d e
.
, (,
ISO L a t i n - 1 ) , U n i c o d e - .
1
Unicode
The Unicode Consortium,
http://www.unicode.org/.
U n i c o d e - A S C I I -
, D N S .
www.etwas-a.hnlich.de,

etwas-ahnlich A S C I I - ,
D N S - . -
,
D N S . ,
,
,

.
1
, ,
etwas-'ihnlich.de.
D E N I C ,
de, , DNS-,
.
A S C I I -
etwas-3hinlich.de.
- ASCII- . :
http://www.imc.org/idna/
http://www.idnforums.com/converter/
http://josefsson.org/idn.php/
, xn--etwas-hnlich-lcb.de - ASCII-
etwas-3hnlich.de.
DNS-
named.conf
zone :
zone "xn--etwas-hnlich-lcb.de" {
type master;
file "db.xn--etwas-hnlich-lcb.de";
};

ASCII- :
$TTL 1d
xn--etwas-hnlich-lcb.de.
IN
SOA
ns1.xn--etwas-hnlich-lcb.de. (
hostmaster.xn--etwas-hnlich-lcb.de.
2006012500 1h 15m 30d 1h )
IN
NS
ns1.xn--etwas-hnlich-lcb.de.
IN
NS
ns2.xn--etwas-hnlich-lcb.de.
,
, D N S ,
ASCII, SOA.
www com - ASCII,
.

, ,
A S C I I - U n i c o d e
. ; :
idnkit J N I C B I N D 9
idn/idnkit-1.0-src
G N U I D N , libidn,
software/libidn/
contrib/
http://www.gnu.org/
IDN. - ,
.
Firefox, Opera, Internet Explorer 7 IDN.
, ,
, I D N .
, I D N -

- ,
. ASCII
,
, 1 () l (
) 0 O , ,
,
www.goog1e.com.
IDN- ,
U n i c o d e
. ,
I D N , A S C I I - I D N - ,
Unicode-. .
DNS WINS
- , -
N e t B I O S
, , , , D N S
DNS- NetBIOS. ,
DNS- NetBIOS, DNS-
.
, BIND 8 9 .
, N e t B I O S , W I N S
DNS- . WINS-
,
, N e t B I O S - . ,
W I N S D N S .
Microsoft DNS-, Microsoft DNS Server,
WINS-. Microsoft DNS
,
M i c r o s o f t ,
W I N S : D N S -
W I N S - , D N S .
W I N S . W I N S - ,
SOA-, .
, Microsoft DNS W I N S , - . :
@
IN
WINS
192.249.249.39
192.253.253.39
Microsoft DNS W I N S 1 9 2 . 2 4 9 . 2 4 9 . 3 9 1 9 2 . 2 5 3 . 2 5 3 . 3 9 (
) . T T L ( ) -
, .
W I N S - R ,
M i c r o s o f t D N S I P -
N e t B I O S - N B S T A T . inaddr.arpa W I N S - R - :
@
IN
WINS-R
movie.edu
I P - , D N S -
N B S T A T IP-.
,
: ?
, , . m o v i e . e d u .

. , . ,
- .
, ,
Microsoft DNS W I N S W I N S - R .
, , fx.movie.edu
W I N S - , DNS-
fx.movie.edu
M i c r o s o f t D N S . ?
, D N S - fx.movie.edu
- Mic
rosoft DNS BIND. , DNS-
N e t B I O S - fx.movie.edu,

.
M i c r o s o f t D N S ,
. B I N D ,
.
DNS W I N S
. W I N S -
, wins.movie.edu.
DNS-
wins.movie.edu
Microsoft D N S ,
wins.movie.edu
SOA-, NS- WINS- , W I N S wins.movie.edu.

D N S , .
, ,
, BIND
M i c r o s o f t D N S .
, P T R - ,
W I N S - R ,
M i c r o s o f t D N S .
, W I N S W I N S - R
. D N S - B I N D ,
, D N S - , W I N S -
D N S - - M i c r o s o f t D N S , ,
W I N S . (
14.)
B I N D ,
DNS.
B I N D 8 ( 1 0 )
W i n d o w s 2 0 0 0 , W i n d o w s X P W i n d o w s S e r v e r 2 0 0 3 .

, Microsoft
, DNS
NetBIOS. . . .
DNS, Windows, Active Directory

W i n d o w s , W i n d o w s 2 0 0 0 , W i n d o w s X P Win
dows Server 2003,
DNS.
W i n d o w s

, ,
W i n d o w s - W I N S - . W i n d o w s 2 0 0 0
, ,
. , Active Directory
S R V - ,
Windows, .

Windows
?
W i n d o w s S p e c i a l E f f e c t s .
mummy.fx.movie.edu.

I P - 1 9 2 . 2 5 3 . 2 5 4 . 1 3 ( D H C P - ).
:
1. S O A - mummy.fx.movie.edu
D N S -
. S O A - ,
S O A - ,
mummy.fx.movie.edu,

fx.movie.edu.
2. D N S - , M N A M E S O A - , bladerunner.fx.movie.edu.
3. bladerunner.fx.movie.edu
:
mummy.fx.movie.edu
( C N A M E - ) ,
1 9 2 . 2 5 3 . 2 5 4 . 1 3 .
, .
4. mummy.fx.movie.edu
,
.

: mummy.fx.movie.edu

. ,
, mummy.fx.movie.edu

1 9 2 . 2 5 3 . 2 5 4 . 1 3 . mummy.fx.movie.edu

, , ,
.
5. S O A -
6. D N S - , M N A M E S O A -
( M N A M E bladerunner.fx.movie.edu,

, W i n d o w s
,
) .
7.
,
13.254.253.192.inaddr.arpa
. ,
PTR-
1 9 2 . 2 5 3 . 2 5 4 . 1 3 mummy.fx.movie.edu.
13.254.253.192.in-addr.arpa
,
.
M i c r o s o f t D H C P S e r v e r
W i n d o w s , D H C P - P T R . M M C - D H C P -
DHCP-
P T R - , A - . D H C P A - ,
.
, ,
DNS, ,
,
. ( , netlogon
S R V - -
!) ,
, .
A c t i v e D i r e c t o r y fx.movie.edu,

, ,
matrix.fx.movie.edu:
fx.movie.edu. 600 IN A 192.253.254.14
ec4caf62-31b2-4773-bcce-7b1e31c04d25._msdcs.fx.movie.edu.
matrix.fx.movie.edu.
600 IN CNAME
gc._msdcs.fx.movie.edu. 600 IN A 192.253.254.14

_gc._tcp.fx.movie.edu. 600 IN SRV 0 100 3268 matrix.fx.movie.edu.
_gc._tcp.Default-First-Site-Name._sites.fx.movie.edu. 600 IN SRV 0 100 3268
_ldap._tcp.gc._msdcs.fx.movie.edu. 600 IN SRV 0 100 3268 matrix.fx.movie.edu.
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.fx.movie.edu. 600 IN SRV
0 100 3268 matrix.fx.movie.edu.
_kerberos._tcp.dc._msdcs.fx.movie.edu.
600 IN SRV 0 100 88
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.fx.movie.edu.
600 IN
SRV 0 100 88 matrix.fx.movie.edu.

_kerberos._tcp.fx.movie.edu. 600 IN SRV 0 100 88 matrix.fx.movie.edu.
_kerberos._tcp.Default-First-Site-Name._sites.fx.movie.edu.
600 IN SRV 0 100
88 matrix.fx.movie.edu.
_kerberos._udp.fx.movie.edu. 600 IN SRV 0 100 88 matrix.fx.movie.edu.
_kpasswd._tcp.fx.movie.edu. 600 IN SRV 0 100 464 matrix.fx.movie.edu.
_kpasswd._udp.fx.movie.edu. 600 IN SRV 0 100 464 matrix.fx.movie.edu.
_ldap._tcp.fx.movie.edu. 600 IN SRV 0 100 389 matrix.fx.movie.edu.
_ldap._tcp.Default-First-Site-Name._sites.fx.movie.edu.
600 IN SRV 0 100 389
_ldap._tcp.pdc._msdcs.fx.movie.edu. 600 IN SRV 0 100 389 matrix.fx.movie.edu.
_ldap._tcp.97526bc9-adf7-4ec8-a096-0dbb34a17052.domains._msdcs.fx.movie.edu.
600 IN SRV 0 100 389 matrix.fx.movie.edu.
_ldap._tcp.dc._msdcs.fx.movie.edu. 600 IN SRV 0 100 389 matrix.fx.movie.edu.
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.fx.movie.edu. 600 IN SRV
0 100 389 matrix.fx.movie.edu.
! ! A c t i v e D i r e c t o r y
, , Kerberos
L D A P . S R V - ,
matrix.fx.movie.edu,
.
, .
1
A c t i v e
D i r e c t o r y , fx.movie.edu.
A c t i v e Directory
ad.movie.edu,

, ad.movie.edu,

movie.edu.

How DNS Support for Active Directory W o r k s ( DNS
Active Directory) http://www.microsoft.com/
Resources/Documentation/windowsserv/2003/all/techref/en-us/
w2k3tr_addns_how.asp.

Active Directory BIND
M i c r o s o f t W I N S D N S ,
,
DNS- BIND. -, Windows 2000 DHCP- ,
, .
,

,
,
,
( )
. , , .
, .
, ,
4 . (
, . )
, Q246804
Microsoft (Microsoft Knowledge Base), ,
. ?
,
, , ,

.
Microsoft DHCP Server
, .
M i c r o s o f t D H C P S e r v e r
,
.
,
D H C P - ,
? ,
,
,
IP-,

.

MX-
DNS-.

Microsoft ?
, M i c r o s o f t D N S . M i c r o s o f t D N S -
GSS-TSIG, TSIG (
11). , GSS-TSIG, T S I G -
K e r b e r o s ,
. GSS (Generic Security
S e r v i c e , )
,
.
TSIG-,
, , DNS-
, ,
, T S I G - ,
.
, TSIG- .
Windows ,
G S S - T S I G - , ,
.
,
. ,
Q 2 4 6 8 0 4 Microsoft, .
BIND GSS-TSIG
, D N S - B I N D
G S S - T S I G ,
W i n d o w s B I N D .
GSS-TSIG. ,
,
1 0 , ,
. :
zone " f x . m o v i e . e d u " {
t y p e master;
f i l e "db.fx.movie.edu";
update-policy {
g r a n t * . f x . m o v i e . e d u . s e l f * . f x . m o v i e . e d u . A;
g r a n t m a t r i x . f x . m o v i e . e d u . s e l f m a t r i x . f x . m o v i e . e d u . ANY;
g r a n t m a t r i x . f x . m o v i e . e d u . subdomain f x . m o v i e . e d u . SRV CNAME A;
};
};
,
W i n d o w s

fx.movie.edu.
?
,
A c t i v e Directory? Microsoft
D N S - M i c r o s o f t D N S .
B I N D - , - , ,
.
Windows
(, , )
W i n d o w s - ,
. win.fx.movie.edu.

win.fx.movie.edu
:
,
.
, (
, ) ,
.
, , .
W i n d o w s
, , A c t i v e Di
r e c t o r y , .
, ,
win.fx.movie.edu,
fx.movie.edu.
,
, My Computer
>
Properties
> Network Identification
> Properties
> More,
Change primary DNS suffix when domain membership
changes,
win.fx.movie.edu
, Primary DNS suf
fix of this computer.
.
- (
fx.movie.edu),

DHCP-.
D H C P A - P T R - . ( ,
D H C P , A - P T R - . )

,
I P - . ,
,
, - .
D H C P - ,
.
ISC D H C P T S I G T X T - D H C P . D H C P D H C P - ,
TXT- .
M A C . :
walktheline
192.253.254.237
TXT
"313f1778871429e6d240893c1afc163aee"
D C H P -
, ,
MAC- , TXT-. , DHCP-
, ,
.
DHCP- ,
, , ,
.
ISC D H C P
http://www.isc.org/sw/dhcp/.
Windows
, D N S - , -
( , ).
, , SRV . ,
-
System32\Config\netlogon.dns .
- , , .
,
A c t i v e Directory. A c t i v e Directory
, , ,
. Ac
t i v e D i r e c t o r y , .
, , ,
. ,
,
allow-update
zone, .

, netlogon.dns.

$ I N C L U D E
:
$INCLUDE n e t l o g o n . d n s
, ,
,
, S R V - .
.
SRV-
( ) _udp.fx.movie.edu,
_tcp.fx.movie.edu, _sites.fx.movie.edu
_msdcs.fx.movie.edu.
(,
_msdcs.fx.movie.edu,

( S R V - )
,
.
, :
acl dc { 192.253.254.13; };
zone "_udp.fx.movie.edu" {
type master;
file "db._udp.fx.movie.edu";
allow-update { dc; };
};
zone "_tcp.fx.movie.edu" {
type master;
file "db._tcp.fx.movie.edu";
};
zone "_sites.fx.movie.edu" {
type master;
file "db._sites.fx.movie.edu";
};
zone "_msdcs.fx.movie.edu" {
type master;
file "db._msdcs.fx.movie.edu";
check-names ignore;
};
W i n d o w s Server
2 0 0 3 , :
Zones.fx.movie.edu
DomainDNS-
ForestDNSZones.fx.movie.edu:
zone "DomainDNSZones.fx.movie.edu" {
type master;
file "db.DomainDNSZones.fx.movie.edu";
};
zone "ForestDNSZones.fx.movie.edu" {
type master;
file "db.ForestDNSZones.fx.movie.edu";
check-names ignore;
};
, :
.
A
DNS
RR-
DNS,
R R - . R R -
, , ,
, DNS.
,
,
.
R F C 1 0 3 5 , -
( , )
DNS ( , DNS-).
-
( RFC 1 0 3 5 , . 3 3 - 3 5 )
.
-,

, CRLF.

, .
.
(;).
:
blank[comment]
$ORIGIN domain-name [comment]
$INCLUDE file-name
[domain-name]
[comment]
domain-namerr
blankrr
[comment]
[comment]
, ,
.
: $ O R I G I N $ I N C L U D E . $ORI
G I N

(domain-name).
$INCLUDE

,
.
$ I N C L U D E .
, $ I N C L U D E
( )
,
.
( R R - ,
R R s ) . R R - ,
.
R R - (domain-name),

.
RR- :
[TTL] [class]
[class]
type
RDATA
[TTL] type
RDATA
R R - T T L ,
R D A T A , .
, TTL
.
TTL
T T L .
, .
- .

.
. ,
, .
, ,
;
,
$ O R I G I N $ I N C L U D E
-.
,
.

(character-string)

: ,
, ,
" " .
, , ,
",
(\).
,
,
. :
.
@
@
.
\X
X - ( 0 9 ) , \

. , \.
.
\DDD
D ,
, D D D .

.
()
,
. ,
.
;
.

( RFC 1 0 3 5 , . 9)
D N S ,
, ( , ,
. . ) .
D N S -
.

, -
7- ASCII-,
R R - .
-.
D N S - D N S - . R R - . 1 3 - 2 1
RFC 1035.
A address
( R F C 1 0 3 5 , . 20)

owner ttl class A address
IN A 127.0.0.1

: 1
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|
ADDRESS
|
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
:
ADDRESS
- 32- .
CNAME canonical name

( R F C 1 0 3 5 , . 14)

owner ttl class CNAME
canonical-dname
wh.movie.edu.
IN
CNAME
wormhole.movie.edu.

CNAME: 5
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
/
CNAME
/
/
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
:
CNAME
- (domain-name),
.
(owner) .
HINFO host information

( RFC 1 0 3 5 , . 14)

owner ttl class HINFO cpu os
gnzzly.movie.edu.
IN
HINFO
VAX-1 1/780 UNIX

HINFO: 13
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+-_+
/
CPU
/
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
/
OS
/
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
:
CPU
(character-string),
.
OS
(character-string),
MX mail exchanger
( RFC 1 0 3 5 , . 17)

owner ttl class MX preference
exchange-dname
ora.com.
IN
MX
IN
MX
10 ruby.ora.com.
ora.ora.com.
IN
MX
10 opal. ora.com.

MX: 15
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|
PREFERENCE
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
/
EXCHANGE
/
/
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
:
PREFERENCE
- 16- ,
.
.
EXCHANGE
- (domain-name),
NS name server
( RFC 1 0 3 5 , . 18)

owner ttl class NS
name-server-dname
movie.edu.
IN
NS
terminator.movie.edu

NS: 2
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
/
NSDNAME
/
/
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
:
NSDNAME
- (domain-name), ,

.
PTR pointer
( RFC 1 0 3 5 , . 18)

owner ttl class PTR dname
1.249.249.192.in-addr.arpa.

PTR: 12
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
/
PTRDNAME
/
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
:
PTRDNAME
- (domain-name),
SOA start of authority

( RFC 1 0 3 5 , . 1 9 - 2 0 )

owner ttl class SOA source-dname
mbox (serial
refresh
retry expire
movie.edu. IN SOA terminator.movie.edu. al.robocop.movie.edu. (

1
;
10800
3600
; 3
; 1
minimum)
604800
; 1
86400 )
; TTL 1

SOA: 6
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
/
MNAME
/
/
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
/
RNAME
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
SERIAL
+
- -
- -
- -
- -
- -
- -
- -
|
+
- -
- -
- -
- -
- -
- -
- -
- -
- -
REFRESH
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
RETRY
+
- -
- -
- -
- -
- -
- -
- -
- -
- -
EXPIRE
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
MINIMUM
+
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
:
MNAME
- DNS-,
RNAME
- , ,
SERIAL
- 32- .
.
.
.
(wraps)
.
REFRESH
- 32- .
RETRY
- 32- .
EXPIRE
- 32- .
MINIMUM
- 32-
,
.
TXT text
( RFC 1 0 3 5 , . 20)

owner ttl class TXT
txt-strings

cujo.movie.edu.
IN
TXT
"Location: machine room dog house"

TXT: 16
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
/
TXT-DATA
/
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
:
TXT-DATA
- .
WKS well-known services

( RFC 1 0 3 5 , . 21)

owner ttl class WKS address
protocol
service-list
terminator.movie.edu.
IN
WKS 192.249.249.3
TCP ( telnet smtp

ftp shell domain )

WKS: 11
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|
ADDRESS
|
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|
PROTOCOL
+--+--+--+--+--+--+--+--+
BIT MAP
/
/
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
:
ADDRESS
- 32- .
PROTOCOL
- 8- IP-.
BIT MAP
- - . -
.
RFC 1183
AFSDB Andrew File System Data Base ()

owner ttl class AFSDB subtype
hostname
fx.movie.edu.
IN
AFSDB
1 bladerunner.fx.movie.edu.
IN
AFSDB
2 bladerunner.fx.movie.edu.
IN
AFSDB
1 empire.fx.movie.edu.
IN
AFSDB
2 aliens.fx.movie.edu.

AFSDB: 18
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|
+
SUBTYPE
- -
- -
- -
- -
- -
- -
- -
- -
- -
|
- -
- -
- -
- -
- -
- -
- -
HOSTNAME
:
SUBTYPE
- 1 AFS .
HOSTNAME
2 - DNS- DCE-.
, ,
, ( owner) .
ISDN Integrated Services Digital Network address

()

owner ttl class ISDN ISDN-address
sa
delay.hp.com.
IN
ISDN
141555514539488
hep.hp.com.
IN
ISDN
141555514539488 004

ISDN: 20
/
ISDN ADDRESS
/
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
/
SUBADDRESS
/
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
:
ISDN ADDRESS
ISDN-
DDI- (Direct Dial In),

.
SUBADDRESS
RP Responsible Person ()

owner ttl class RP mbox-dname
txt-dname
; - fx.movie.edu
@
IN
RP
ajs.fx.movie.edu.
ajs.fx.movie.edu.
bladerunner
IN
RP
root.fx.movie.edu.
hotline.fx.movie.edu.
IN
RP
richard.fx.movie.edu.
ajs
IN
TXT
"Arty Segue, (415) 555-3610"
hotline
IN
TXT
"Movie U. Network Hotline, (415) 555-4111"
rb.fx.movie.edu.
(owner)
rb
IN
TXT
"Richard Boisclair, (415) 555-9612"

RP: 17
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
/
MAILBOX
/
/
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
/
TXTDNAME
/
/
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
:
MAILBOX
.
TXTDNAME
, TXT-.
TXT-
txt-dname
RT Route Through ()

owner ttl class RT preference
intermediate-host
sh.prime.com.
IN
RT
Relay.Prime.COM.
IN
RT
10
NET.Prime.COM.

RT: 21
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|
PREFERENCE
|
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
/
INTERMEDIATE
/
/
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
:
PREFERENCE
- 16- ,
.
.
EXCHANGE
, ,
( owner).
X25 X.25 address ()

owner ttl class X25
PSDN-address
relay.pink.com.
IN
X25
31 105060845

X25: 19
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
/
PSDN ADDRESS
/
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
:
PSDN ADDRESS
(owner) PSDN (Public Switched Data

Network) X.121.
RFC 1664
PX pointer to X.400/RFC 822 mapping information

owner ttl class P X preference
RFC822 address
X.400
address
ab.net2.it.
IN
PX
10
ab.net2.it.
O-ab.PRMD-net2.ADMDb.C-it.

PX: 26
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|
PREFERENCE
|
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
/
MAP822
/
/
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
/
MAPX400
/
/
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
:
PREFERENCE
- 16- ,
.
.
MAP822
rfc822-domain,
( RFC 822)
RFC 1327.
MAPX400
x400-in-domain-syntax,

X.400-
RFC 1327.
RFC 3596
AAAA IPv6 Address

owner ttl class AAAA
IPv6-address

ipv6-host
IN
4321:0:1:2:3:4:567:89ab
AAAA

AAAA: 28
ADDRESS
+
- -
- -
- -
- -
:
ADDRESS
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
128- Internet-.
RFC 2782
SRV Locate Services

owner ttl class SRV Priority
Weight Port
Target
_http._tcp.www.movie.edu.
IN
SRV 0
80
www.movie.edu.

SRV: 33
R F C 2 7 8 2
. priority,
weight
port
1 6 - . target
- .
RFC 2915
NAPTR Naming Authority Pointer

owner ttl class NAPTR Order
Preference
Flags Service
gatech.edu IN NAPTR 100 50
" s " "http+I2L+I2C+I2R
_http._tcp.gatech.edu.

SRV: 35
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+-- +
ORDER
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+-- +
PREFERENCE
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+-- +
FLAGS
/
/
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+-- +
RegExp
Replacement
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+-- +
/
SERVICES
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+-- +
/
REGEXP
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+-- +
/
REPLACEMENT
/
/
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+-- +
:
ORDER
16- ,
NAPTR- .
.
PREFERENCE
16- ,
, ORDER-.
.
.
(<character-string>),
FLAGS
.
SERVICES
.
REGEXP
REPLACEMENT
(<domain-name>);
( RFC 1 0 3 5 , . 13)
CLASS .
:
IN
1:
CS
2: C S N E T ( ,
RFC)
CH
3: C H A O S
HS
4: H e s i o d
DNS
, D N S ,
. DNS
UDP-.
UDP-.
TCP,
,
, .
DNS .

( RFC 1 0 3 5 , . 25)

,
.
(
):
+
DNS-
RR-,
RR-, DNS-
RR-
. ,
, ,
- ,
. .
, ,
.
, DNS-, :
(QTYPE), (QCLASS) (QNAME).
:
R R - , , . ,
;
, D N S - ;
,
, .

( RFC 1 0 3 5 , . 2 6 - 2 8 )
1 1 1 1 1 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|
ID
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|QR|
Opcode
|AA|TC|RD|RA|
RCODE
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|
QDCOUNT
|
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
ANCOUNT
+
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
:
ID
+ + + +
NSCOUNT
- -
- -
- -
+ + + +
ARCOUNT
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- 16- , ,
.

.
QR
- , ,
(0) (1).
- , .

. :
OPCODE
(QUERY)
(IQUERY)
(STATUS)
3-15
- (Authoritative Answer).
(valid)
, DNS-
AA
,
. ,
-
. AA ,
, .
TC
- (TrunCation)

.
RD
- (Recursion Desired).
.
RD ,
.
.
RA
- (Recursion Available).
RA ,
DNS-.
- .
RCODE
- . ,
.
.
:
0
1
.
- DNS-
.
- DNS-
- .
- ,
;
, ,
, .
- DNS-
.
- DNS-

. ,

(,
) .
6-15
QDCOUNT
16- ,
.
ANCOUNT
16- ,
RR- .
NSCOUNT
16- ,
RR- .
16- ,
RR- .
ARCOUNT

( RFC 1 0 3 5 , . 2 8 - 2 9 )

, , ,
. Q D C O U N T ( 1) ,
:
1 1 1 1 1 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+-- +
/
QNAME
/
/
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+-- +
|
QTYPE
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+-- +
|
QCLASS
|
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+-- +
:
QNAME
QTYPE
, ,
,
.
( ). ,
,
(padding) .
, .
,
TYPE, ,
.
, . ,
QCLASS
QCLASS IN.
QCLASS
( RFC 1 0 3 5 , . 13)
QCLASS .
QCLASS C L A S S ;
CLASS QCLASS.
CLASS QCLASS:
*
255
QTYPE
( RFC 1 0 3 5 , . 1 2 - 1 3 )
Q T Y P E .
QTYPE T Y P E ,
, T Y P E - Q T Y P E .
Q T Y P E :
AXFR
252 .
MAILB
253 , (MB, MG
M R ) .
MAILA
2 5 4 R R - ( , . M X ) .
*
255 .
,
( RFC 1 0 3 5 , . 2 9 - 3 0 )
,
: RR-,
- . R R -
:
0
/
/
/
NAME
TYPE
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|
CLASS
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|
+
TTL
- -
|
+
- -
+
+
- -
- -
+
+
- -
- -
+
+
- -
- -
+
+
- -
- -
+
+
- -
- -
- -
- -
- -
- -
- -
RDLENGTH
+ + + +
- -
/
/
+
- -
- -
- -
+
+
- -
- -
- -
+
+
- -
- -
+
+
- -
- -
+
+
- -
- -
- -
- -
RDATA
/
/
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
- -
:
NAME
- , .
TYPE
- , .
CLASS
- , ,
TTL
- 32- ,
, RDATA.
RDATA.
( ),
.
,
.
RDLENGTH
- 16- ,
, RDATA ( ).
RDATA
- , .

TYPE CLASS . , TYPE A,

CLASS - IN, RDATA
, ARPA/.

( RFC 1 0 3 5 , . 8 - 9 )
,
, .
, -
. ,
, .
0
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
I
1
I
2
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
3
|
4
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
5
|
6
|
+ + + + + + + + + + + + + + + + +
-
,
.
. ,
1 7 0 ( ) .
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
|1 0 1 0 1 0 1 0|
+-+-+-+-+-+-+-+-+
,
, .
.
RR-

,
, R R -

( RFC 1 0 3 5 , . 13)
- ,
.

, 2 5 6 ,
.

( RFC 1 0 3 5 , . 10)

. ,
.
,
.
,
63 .

( RFC 1 0 3 5 , . 30)
,
, -
.

.
:
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| 1 1|
OFFSET
|
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
,
; ,
63 . (
1 0 0 1 . ) O F F S E T
( ID
) . I D .
B
BIND
. B.1
BIND.
B.1.
BIND
B IND
8.2.3
8.4.7
9.1.0
9.3.2

TSIG-

TSIG-
NOTIFY
X
X
RTT

Round robin
X
X
( )
RRset

B.1.
BIND
B IND
8.2.3
8.4.7
9.1.0
9.3.2
EDNS0
IPv6
AAAA-
DNSSECbis
C
BIND
Linux-
B I N D , L i n u x ,
.
( ) 8 . 4 . 7 ,
ISC B I N D 9.
,
Linux-.
BIND 8
BIND 8 -
. ( , bind-8
. )
.

-, .
ftp.isc.org
F T P - :
% cd /tmp
% ftp ftp.isc.org.
Connected to isrv4.pa.vix.com.
220 ProFTPD 1.2.0 Server (ISC FTP Server)
[ftp.isc.org]
Name (ftp.isc.org.:user): ftp

331 Anonymous login ok, send your complete e-mail address as password.
Password:
230 Anonymous access granted, restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
:
ftp > cd /isc/bind/src/cur/bind-8
250 CWD command successful.
ftp > binary
200 Type set to I.
ftp > get bind-src.tar.gz
local: bind-src.tar.gz remote: bind-src.tar.gz
200 PORT command successful.
150 Opening BINARY mode data connection for bind-src.tar.gz (1600504 bytes).
226 Transfer complete.
1600504 bytes received in 23 seconds (56 Kbytes/s)
ftp > quit
221 Goodbye.

tar-,

B I N D . tar
:
% tar -zxvf bind-src.tar.gz
( , tar,
, gzip;
tar F T P
ftp.gnu.org
( /gnu/tar/tar-1.15.tar.)).

s r c , ,
bin, include,
lib, port.
:
bin
BIND,
named.
include
, B I N D .

,
.
lib
, BIND.
port
, BIND

.

, C.
L i n u x gcc,
C G N U , .
gcc http://www.gnu.org/software/gcc/gcc.html.
B I N D , G N U C,
G N U - , flex byacc.
Linux-. Linux
,
port/linux/Makefile.set.
BIND ,
, .

.
:
% make stdlinks
:
% make clean
% make depend
,
,
(Makefile).

:
% make all
.
named named-xfer

/usr/sbin.
,
(root). :
# make install
BIND 9
B I N D 9
L i n u x - . (
9.3.2.)

B I N D 8,
. , FTP
ftp.isc.org:
% cd /tmp
% ftp ftp.isc.org.
Connected to isrv4.pa.vix.com.
220 ProFTPD 1.2.1 Server (ISC FTP Server)
[ftp.isc.org]
Name (ftp.isc.org.:user): ftp

331 Anonymous login ok, send your complete email address as your password.
Password:
230 Anonymous access granted, restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
:
ftp> cd /isc/bind9

dir.
9.3.2.
ftp> cd 9.3.2
ftp> get bind-9.3.2.tar.gz
local: bind-9.3.2.tar.gz remote: bind-9.3.2.tar.gz
200 PORT command successful.
150 Opening BINARY mode data connection for bind-9.3.2.tar.gz
(4673603
bytes).
226 Transfer complete.
4673603 bytes received in 92.4 secs (35 Kbytes/sec)
ftp> quit
221 Goodbye.

tar:
% tar zxvf bind-9.3.2.tar.gz
B I N D 8,
,
B I N D (bind-9.3.2).
B I N D 8
. bind9.3.2 :
bin
BIND,
named.
contrib
.
doc
BIND,
(Administrator Resource Manual).
lib
, BIND.
make
.
configure
9 ,
configure,

. R E A D M E
. configure
,
t h r e a d s ,
, .
configure:
%./configure
, threads:
%./configure --disable-threads
BIND:
% make all
.
B I N D ,
root:
# make install
D

, .

, .
AC
AW
, (
)
AD
AZ
AE
BA
AERO
BB
AF
BD
AG
BE
AI
BF
AL
BG
AM
BH
AN
BI
AO
AQ
AR
BIZ
BJ
BM
ARPA
A R P A Internet
BN
AS
BO
AT
BR
AU
BS

--
BT
DM
BV
DO
BW
DZ
BY
EC
BZ
EDU
CA
EE
CC
(
)
EG
CD
EH
CF
ER
CG
ES
CH
ET
CI
-'
EU
CK
FI
CL
FJ
CM
FK
()
CN
FM
CO
FO
COM
( -
)
FR
COOP
FX
CR
GA
CU
GB
CV
GD
CX
GE
CY
GF
CZ
GG
,
( -)
DE
GH
DJ
GI
DK
GL
UK
.
GM
JM
GN
JO
GOV
JOBS
GP
JP
GQ
KE
GR
KG
GS
KH
GT
KI
GU
KM
GW
KN
GY
KP
HK
KR
HM
-, K W
HN
KY
HR
KZ
HT
LA
HU
LB
ID
LC
IE
LI
IL
LK
IM
LR
IN
LS
INFO
LT
INT
LU
IO
LV
IQ
LY
IR
MA
IS
MC
IT
MD
JE
MG
MH
NO
MIL
NP
MK
NR
ML
NU
MM
NZ
MN
OM
MO
ORG
( -
)
MOBI
PA
MP
PE
MQ
PF
MR
PG
MS
PH
MT
PK
MU
PL
MUSEUM
PM
MV
PN
MW
PR
MX
PRO
MY
PS
MZ
PT
NA
PW
NAME
PY
NATO
QA
NC
RE
NE
RO
NET
( -
)
RU
NF
RW
NG
SA
NI
SB
NL
SC
SD
SE
TR
TRAVEL
SG
TT
SH
TV
SI
TW
SJ
-,
TZ
SK
UA
SL
UG
SM
UK
SN
UM
SO
US
SR
UY
ST
UZ
SU
VA
( )
SV
VC
SY
VE
SZ
TC
TD
TF
TG
WF
TH
WS
TJ
YE
TK
YT
TL
YU
TM
ZA
TN
ZM
TO
ZR
TP
ZW
()
VG
VI
VN
VU

(.)
()
E
DNS-
BIND

BIND

D N S - B I N D ,
DNS- B I N D .
named.conf,
,
B IN D , , 8.4.7 9.3.2.
options .
BIND 9
Administra
tor Reference
Manual
,
. BIND 8

named.conf.
BIND 8
acl
a c l name {
address_match_list;
};
10 1 1 .
controls (8.2+)
, ndc D N S - .
controls {
[ i n e t ( ip_addr | * ) port i p _ p o r t a l l o w a d d r e s s _ m a t c h _ l i s t ;
[ UNIX path_name perm number owner number group number; ]
};
7.
include
,
include.
i n c l u d e path_name;
7.
key (8.2+)
,
server T S I G -
DNS-.
key key_id {
algorithm algo rithm_id;
secret secret_string;
};
10 1 1 .
logging
, log-.
logging {
[ channel channel_name {
( f i l e path_name
[ versions ( number | unlimited ) ]

[ size size_spec ]
| syslog ( kern | user | mail
| daemon
| auth | syslog
| lpr |
news | uucp | cron | authpriv | ftp |

local0 | local1
| local2
| local3 |
local4 | local5 | local6
| local7 )
| null );
[ severity ( critical
| error | warning
| notice |
info
| debug [ level ] | dynamic ); ]
[ print-category yes_or_no; ]
[ print-severity yes_or_no; ]
[ print-time yes_or_no; ]
}; ]
[ category category_name {
channel_name; [ channel_name;
... ]
}; ]
7.
options
options {
[ allow-query { address_match_list }; ]
[ allow-recursion { address_match_list }; ]
[ allow-transfer { address_match_list }; ]
[ also-notify { ip_addr; [ ip_addr; ... ] }; ]
[ auth-nxdomain yes_or_no; ]
[ blackhole { address_match_list }; ]
[ check-names ( master | slave | response ) ( warn | fail
[ cleaning-interval number; ]
[ coresize size_spec; ]
[ datasize size_spec; ]
[ deallocate-on-exit yes_or_no; ]
[ dialup yes_or_no; ]
[ directory path_name; ]
[ dump-file path_name; ]
[ edns-udp-size number; ]
[ fake-iquery yes_or_no; ]
[ fetch-glue yes_or_no; ]
[ files size_spec; ]
[
[
[
[
forward ( only | first ); ]

forwarders { [ ip_addr ; [ ip_addr ; ... ] ] }; ]
has-old-clients yes_or_no; ]
heartbeat-interval number; ]
ignore ); ]
[ hostname hostname_string;]
[ host-statistics yes_or_no; ]
[ host-statistics-max number;]
[ interface-interval number; ]
[ lame-ttl number; ]
[ listen-on [ port ip_port ] { address_match_list }; ]
[ listen-on-v6 [ port ip_port ] { address_match_list }; ]
[
maintain-ixfr-base
yes_or_no;
[ max-ixfr-log-size number; ]
[ max-ncache-ttl number; ]
[ max-transfer-time-in number; ]
[ memstatistics-file path_name; ]
[ min-roots number; ]
[ multiple-cnames yes_or_no; ]
[ named-xfer path_name; ]
[ notify yes_or_no; ]
[ pid-file path_name; ]
[ preferred-glue ( A | AAAA ); ]
[ query-source [ address ( ip_addr | * ) ] [ port ( ip_port | * ) ]; ]
[ query-source-v6 [ address ( ipv6_addr | * ) ]
[ port ( ip_port | * ) ] ; ]
[ recursion yes_or_no; ]
[ rfc2308-type1 yes_or_no; ]
[ rrset-order { order_spec; [ order_spec; ... ] }; ]
[ serial-queries number; ]
[ sortlist { address_match_list }; ]
[ stacksize size_spec; ]
[ statistics-file path_name; ]
[ statistics-interval number; ]
[ suppress-initial-notify yes_or_no; ]
[ topology { address_match_list }; ]
[ transfer-format ( one-answer | many-answers ); ]
[ transfer-source ( ip_addr | * ); ]
[ transfer-source-v6 ipv6_addr; ]
[ transfers-in number; ]
[ transfers-out number; ]
[ transfers-per-ns number; ]
[ treat-cr-as-space yes_or_no; ]
[ use-id-pool yes_or_no; ]
[ use-ixfr yes_or_no; ]
[ version version_string; ]
};
4 , 1 0 , 11 1 6 .
server
,
.
DNS--

s e r v e r ip_addr {
[ bogus yes_or_no; ]
[ edns yes_or_no; ]
[ keys { key_id [ key_id . . . ] } ; ]
[ s u p p o r t - i x f r yes_or_no; ]
[ t r a n s f e r s number; ]
[ t r a n s f e r - f o r m a t ( one-answer | many-answers ) ; ]
};
10 1 1 .
trusted-keys (8.2+)
DNSSEC.
trusted-keys {
domain-name f l a g s p r o t o c o l _ i d a l g o r i t h m _ i d p u b l i c _ k e y _ s t r i n g ;
[ domain-name f l a g s p r o t o c o l _ i d a l g o r i t h m _ i d p u b l i c _ k e y _ s t r i n g ;
};
[ ...
1 1 .
zone
, DNS-.
zone "domain_name" [ ( in | hs | hesiod | chaos ) ] {

t y p e master;
f i l e path_name;
[ a l l o w - q u e r y { address_match_list }; ]
[ a l l o w - t r a n s f e r { address_match_list }; ]
[ allow-update { address_match_list }; ]
[ a l s o - n o t i f y { ip_addr; [ ip_addr; . . . ]
[ check-names ( warn | f a i l | i g n o r e ) ; ]
[ d i a l u p yes_or_no | n o t i f y ; ]
[ forward ( only | f i r s t ); ]
[ f o r w a r d e r s { [ ip_addr; [ ip_addr; . . . ] ] } ; ]
[ n o t i f y yes_or_no; ]
[ pubkey f l a g s p r o t o c o l _ i d a l g o r i t h m _ i d p u b l i c _ k e y _ s t r i n g ;
};
zone "domain_name" [ ( in | hs | hesiod
type( slave | stub);
masters [ port i p _ p o r t ] { ip_addr; [
[ a l l o w - q u e r y { address_match_list };
[ a l l o w - t r a n s f e r { address_match_list
| chaos ) ] {
ip_addr;
]
}; ]
...
] };
] ]
[
[
[
[
[
[
[
[
[
[
[
[
allow-update { address_match_list }; ]
a l s o - n o t i f y { ip_addr; [ ip_addr; . . . ] } ;
check-names ( warn | f a i l | i g n o r e ) ; ]
d i a l u p yes_or_no; ]
f i l e path_name; ]
forward ( only | f i r s t ); ]
f o r w a r d e r s { [ ip_addr; [ ip_addr; . . . ] ] } ; ]
m a x - t r a n s f e r - t i m e - i n number; ]
n o t i f y yes_or_no; ]
pubkey f l a g s p r o t o c o l _ i d a l g o r i t h m _ i d p u b l i c _ k e y _ s t r i n g ;
t r a n s f e r - s o u r c e ipv4_addr; ]
t r a n s f e r - s o u r c e - v 6 ipv6_addr; ]
};
zone "domain_name" [ ( in | hs | hesiod | chaos ) ] {
type forward;
[ forward ( only | f i r s t ); ]
[ f o r w a r d e r s { [ ip_addr ; [ ip_addr ; . . . ] ] }; ]
};
zone "." [ ( in | hs | hesiod | chaos ) ] {
type hint;
f i l e path_name;
};
4 10.
BIND 9
C: /* */
C + + : //
U N I X : #
acl
a c l s t r i n g { address_match_element;
10 1 1 .
...
};
controls
, rndc D N S - .
controls {
i n e t ( ipv4_address | ipv6_address | * )
[ port ( i n t e g e r | * ) ]
a l l o w { address_match_element; . . .
[ keys { s t r i n g ; . . . } ] ;
UNIX unsupported; //
};
7.
include
,
include.
i n c l u d e path_name;
7.
key
,
server T S I G - DNS-.
key domain_name {
algorithm string;
secret string;
};
10 1 1 .
logging
, log-.

logging {
channel s t r i n g {
file log_file
[ v e r s i o n s ( number | u n l i m i t e d ) ]
[ s i z e size_spec ] ;
syslog o p t i o n a l _ f a c i l i t y ;
null;
stderr;
severity log_severity;
p r i n t - t i m e boolean;
p r i n t - s e v e r i t y boolean;
p r i n t - c a t e g o r y boolean;
};
category string { string;
...
};
};
7.
Iwres
DNS-.
lwres {
l i s t e n - o n [ port i n t e g e r ] {
( i p v 4 _ a d d r e s s | i p v 6 _ a d d r e s s ) [ port i n t e g e r ] ;
...
};
view string optional_class;
search { s t r i n g ; . . . } ;
ndots i n t e g e r ;
};
D N S - .
masters
.
z o n e masters,

zone.
masters s t r i n g [ port i n t e g e r ] {
( masters | i p v 4 _ a d d r e s s [ p o r t i n t e g e r ] |
i p v 6 _ a d d r e s s [ p o r t i n t e g e r ] ) [ key s t r i n g
];
...
4 10
zone.
options
options {
a v o i d - v 4 - u d p - p o r t s { port; . . . };
a v o i d - v 6 - u d p - p o r t s { port; . . . };
b l a c k h o l e { address_match_element; . . . };
coresize size;
datasize size;
d i r e c t o r y quoted_string;
dump-file quoted_string;
f i l e s size;
heartbeat-interval integer;
h o s t - s t a t i s t i c s boolean; //
h o s t - s t a t i s t i c s - m a x number; //
hostname ( q u o t e d _ s t r i n g | none ) ;
i n t e r f a c e - i n t e r v a l integer;
l i s t e n - o n [ p o r t i n t e g e r ] { address_match_element; . . . } ;
l i s t e n - o n - v 6 [ port i n t e g e r ] { address_match_element; . . . } ;
match-mapped-addresses boolean;
m e m s t a t i s t i c s - f i l e quoted_string;
p i d - f i l e ( q u o t e d _ s t r i n g | none ) ;
port integer;
q u e r y l o g boolean;
r e c u r s i n g - f i l e quoted_string;
random-device q u o t e d _ s t r i n g ;
recursive-clients integer;
serial-query-rate integer;
s e r v e r - i d ( q u o t e d _ s t r i n g | none |;
stacksize size;
s t a t i s t i c s - f i l e quoted_string;
s t a t i s t i c s - i n t e r v a l i n t e g e r ; //
tcp-clients integer;
tcp-listen-queue integer;
tkey-dhkey quoted_string integer;
tkey-gssapi-credential quoted_string;
tkey-domain quoted_string;
transfers-per-ns integer;
transfers-in integer;
transfers-out integer;
u s e - i x f r boolean;
v e r s i o n ( q u o t e d _ s t r i n g | none ) ;
a l l o w - r e c u r s i o n { address_match_element; . . . } ;
s o r t l i s t { address_match_element; . . . } ;
t o p o l o g y { address_match_element; . . . } ; //
auth-nxdomain boolean; //
minimal-responses boolean;
recursion boolean;
rrset-order {
[ class string ] [ type string ]
[ name quoted_string ] string string; ...
};
provide-ixfr boolean;
request-ixfr boolean;
rfc2308-type1 boolean; //
additional-from-auth boolean;
additional-from-cache boolean;
query-source querysource4;
query-source-v6 querysource6;
cleaning-interval integer;
min-roots integer; //
lame-ttl integer;
max-ncache-ttl integer;
max-cache-ttl integer;
transfer-format ( many-answers
| one-answer );
max-cache-size size_no_default;
check-names ( master | slave | response )
( fail | warn | ignore );
cache-file quoted_string;
suppress-initial-notify boolean; //
preferred-glue string;
dual-stack-servers [ port integer ] {
( quoted_string
[port integer] |
ipv4_address [port integer] |

ipv6_address [port integer] ); ...
}
edns-udp-size integer;
root-delegation-only [ exclude { quoted_string;
... } ];
disable-algorithms string { string; ... };

dnssec-enable boolean;
dnssec-lookaside string trust-anchor string;
dnssec-must-be-secure string boolean;
dialup dialuptype;
ixfr-from-differences ixfrdiff;
allow-query { address_match_element;
... };
allow-transfer { address_match_element;
... };
{ address_match_element;
... };
notify notifytype;
notify-source ( ipv4_address
| * ) [ port ( integer | * ) ];
notify-source-v6 ( ipv6_address
| * ) [ port ( integer | * ) ];
also-notify [ port integer ] { ( ipv4_address

[ port integer ]; ... };
allow-notify { address_match_element;
forward ( first | only );
... };
| ipv6_address )
f o r w a r d e r s [ port i n t e g e r ] {
( ipv4_address | ipv6_address ) [ port i n t e g e r ] ;
};
...
max-journal-size size_no_default;
max-transfer-time-in integer;
max-transfer-time-out integer;
max-transfer-idle-in integer;
max-transfer-idle-out integer;
max-retry-time integer;
min-retry-time integer;
max-refresh-time integer;
min-refresh-time integer;
m u l t i - m a s t e r boolean;
s i g - v a l i d i t y - i n t e r v a l integer;
t r a n s f e r - s o u r c e ( ipv4_address | * )
[ port ( i n t e g e r | * ) ] ;
t r a n s f e r - s o u r c e - v 6 ( ipv6_address | * )
[ port ( i n t e g e r | * ) ] ;
a l t - t r a n s f e r - s o u r c e ( ipv4_address | * )
[ port ( i n t e g e r | * ) ] ;
a l t - t r a n s f e r - s o u r c e - v 6 ( ipv6_address | * )
[ port ( i n t e g e r | * ) ] ;
u s e - a l t - t r a n s f e r - s o u r c e boolean;
z o n e - s t a t i s t i c s boolean;
key-directory quoted_string;
a l l o w - v 6 - s y n t h e s i s { address_match_element;
d e a l l o c a t e - o n - e x i t boolean; //
f a k e - i q u e r y boolean; //
f e t c h - g l u e boolean; //
h a s - o l d - c l i e n t s boolean; //
m a i n t a i n - i x f r - b a s e boolean; //
m a x - i x f r - l o g - s i z e s i z e ; //
m u l t i p l e - c n a m e s boolean; //
named-xfer q u o t e d _ s t r i n g ; //
s e r i a l - q u e r i e s i n t e g e r ; //
t r e a t - c r - a s - s p a c e boolean; //
u s e - i d - p o o l boolean; //
...
}; //
};
4, 1 0 , 11 1 6 .
server
,
.
DNS--

s e r v e r ( ipv4_address | ipv6_address ) {
bogus boolean;
edns boolean;
p r o v i d e - i x f r boolean;
r e q u e s t - i x f r boolean;
keys server_key;
transfers integer;
t r a n s f e r - f o r m a t ( many-answers | one-answer ) ;
[ port ( i n t e g e r | * ) ] ;
[ port ( i n t e g e r |
) ];
s u p p o r t - i x f r boolean; //
};
10 1 1 .
trusted-keys
DNSSEC.
trusted-keys {
domain_name f l a g s p r o t o c o l a l g o r i t h m key;
};
...
1 1 .
view
view s t r i n g optional_class {
m a t c h - c l i e n t s { address_match_element; . . . };
m a t c h - d e s t i n a t i o n s { address_match_element; . . .
m a t c h - r e c u r s i v e - o n l y boolean;
key s t r i n g {
algorithm string;
secret string;
};
zone s t r i n g o p t i o n a l _ c l a s s {
};
s e r v e r ( ipv4_address
| ipv6_address ) {
};
trusted-keys {
string integer integer integer quoted_string; ...
};
allow-recursion { address_match_element;
... };
sortlist { address_match_element;
... };
topology { address_match_element;
... }; //
auth-nxdomain boolean; //
minimal-responses boolean;
recursion boolean;
rrset-order {
[ class string ] [ type string ]
[ name quoted_string ] string string; ...
};
provide-ixfr boolean;
request-ixfr boolean;
rfc2308-type1 boolean; //
additional-from-auth boolean;
additional-from-cache boolean;
query-source querysource4;
query-source-v6 querysource6;
cleaning-interval integer;
min-roots integer; //
lame-ttl integer;
max-ncache-ttl integer;
max-cache-ttl integer;
transfer-format ( many-answers | one-answer );
max-cache-size size_no_default;
check-names ( master | slave | response )
( fail | warn | ignore );
cache-file quoted_string;
suppress-initial-notify boolean; //
preferred-glue string;
dual-stack-servers [ port integer ] {
( quoted_string [port integer] |
ipv4_address [port integer] |
ipv6_address [port integer] ); ...
};
edns-udp-size integer;
root-delegation-only [ exclude { quoted_string;
disable-algorithms string { string; ... };
dnssec-enable boolean;
dnssec-lookaside string trust-anchor string;
dnssec-must-be-secure string boolean;
dialup dialuptype;
ixfr-from-differences ixfrdiff;
allow-query { address_match_element;
... };
allow-transfer { address_match_element;
... };
... } ];
notify
{ address_match_element;
...
};
notifytype;
n o t i f y - s o u r c e ( i p v 4 _ a d d r e s s | * ) [ port ( i n t e g e r | * ) ] ;
n o t i f y - s o u r c e - v 6 ( ipv6_address | * ) [ port ( i n t e g e r | * ) ] ;
a l s o - n o t i f y [ port i n t e g e r ] { ( i p v 4 _ a d d r e s s | i p v 6 _ a d d r e s s )
[ port i n t e g e r ] ; . . . };
a l l o w - n o t i f y { address_match_element; . . . } ;
forward ( f i r s t | only );
( i p v 4 _ a d d r e s s | i p v 6 _ a d d r e s s ) [ port i n t e g e r ] ;
};
...
[ port ( i n t e g e r | * ) ] ;
[ port ( i n t e g e r | * ) ] ;
[ port ( i n t e g e r | * ) ] ;
[ port ( i n t e g e r | * ) ] ;
a l l o w - v 6 - s y n t h e s i s { address_match_element;
f e t c h - g l u e boolean; //
...
}; //
};
10 1 1 .
zone
, DNS-.

zone s t r i n g o p t i o n a l _ c l a s s {
t y p e ( master | s l a v e | stub | h i n t |
forward | d e l e g a t i o n - o n l y );
f i l e quoted_string;
masters [ port i n t e g e r ] {
( masters |
ipv4_address [port i n t e g e r ] |
i p v 6 _ a d d r e s s [ port i n t e g e r ] ) [ key s t r i n g ] ;
};
...
database s t r i n g ;
d e l e g a t i o n - o n l y boolean;
check-names ( f a i l | warn | i g n o r e ) ;
dialup dialuptype;
i x f r - f r o m - d i f f e r e n c e s boolean;
a l l o w - q u e r y { address_match_element; . . . } ;
a l l o w - t r a n s f e r { address_match_element; . . . } ;
a l l o w - u p d a t e { address_match_element; . . . } ;
a l l o w - u p d a t e - f o r w a r d i n g { address_match_element; . . . };
update-policy {
( g r a n t | deny ) s t r i n g
( name | subdomain | w i l d c a r d | s e l f ) s t r i n g
rrtypelist; ...
};
notify notifytype;
n o t i f y - s o u r c e ( i p v 4 _ a d d r e s s | * ) [ port ( i n t e g e r | * ) ] ;
n o t i f y - s o u r c e - v 6 ( ipv6_address | * ) [ port ( i n t e g e r | * ) ] ;
a l s o - n o t i f y [ port i n t e g e r ] { ( i p v 4 _ a d d r e s s | i p v 6 _ a d d r e s s )
[ port i n t e g e r ] ; . . . };
a l l o w - n o t i f y { address_match_element; . . . } ;
forward ( f i r s t | only );
( ipv4_address | ipv6_address ) [ port i n t e g e r ] ;
};
[ port ( i n t e g e r | * ) ] ;
...
[ port ( i n t e g e r | * ) ] ;
[ port ( i n t e g e r | * ) ] ;
[ port ( i n t e g e r | * ) ] ;
i x f r - b a s e q u o t e d _ s t r i n g ; //
i x f r - t m p - f i l e q u o t e d _ s t r i n g ; //
pubkey i n t e g e r i n t e g e r i n t e g e r q u o t e d _ s t r i n g ;
//
};
4 10.
DNS- BIND

/etc/resolv.conf.
;#
# 4.8.3
# .
6.
domain
domain
domain-name
domain c o r p . h p . c o m
6.
nameserver
DNS-.
nameserver
IP-address
nameserver
15.255.152.4
6.
options attempts (8.2+)
, DNS-.
options
attempts:number-of-attempts
options attempts:2
6.
options debug
options debug
options debug
6.
options ndots
, ,
,
.
options
ndots:number-of-dots
options ndots:1
6.
options no-check-names (8.2+)
options
no-check-names
options
no-check-names
6.
options timeout (8.2+)
DNS-.
options
timeout:timeout-in-seconds
options timeout:1
6.
options rotate (8.2+)
, DNS-.
options
rotate
options
rotate
6.
search
s e a r c h local-domain-name
next-domain-name-in-search-list
...
last-domain-name-in-search-list
s e a r c h c o r p . h p . c o m p a . i t c . h p . c o m hp.com
6.
sortlist
sortlist
network-list
sortlist 128.32.4.0/255.255.255.0
15.0.0.0
6.
options BIND 9
?
options {
avoid-v4-udp-ports { port; ... };
avoid-v6-udp-ports { port; ... };
blackhole { address_match_element;
... };
.
BIND 9 Administrator
Reference
Manual (
N o m i n u m ) . B I N D 8,
named.conf.

options B I N D .
.
options , ,
.
directory
.
.
(
, named.run).
,
., , .
.
key-directory
,
,
.
.
named-xfer
. B I N D 8
named-xfer.
B I N D 9
named-xfer,
D N S .
tkey-domain
,
, TKEY.
T K E Y - ,
. ,
,
tkey-domain.

+ tkey-domain.

.
tkey-dhkey
-,
,
D i f f i e - H e l l m a n TKEY.

.
DNS-.
dump-file
, DNS- ,
rndc dumpdb.
named_dump.db.
memstatistics-file
, D N S -
.

named.memstats.
pid-file
, D N S -
.
/var/run/named.pid.
pid-file
DNS-.
pid-file none P I D - :
. ,
none - , ,
.
statistics-file
, ,
rndc stats.
named.stats
.
port
U D P / T C P , DNS- .
- 53.
D N S - ; , 5 3 ,
D N S .
random-device
DNS-. ( )
DNSSEC,
TKEY .
( ) ,
. , ,
, ,
. /dev/random
(
), ;
. random-device

.
preferred-glue
( A A A A A )
.
.
root-delegation-only

.
,
( D E , L V , U S M U S E U M ) .
options {
r o o t - d e l e g a t i o n - o n l y e x c l u d e { "de"; "lv";
};
"us"; "museum"; } ;
disable-algorithms
D N S S E C , .
disable-algorithms
.
.
dnssec-lookaside
, dnssec-lookaside

DNSKEY-
. D N S K E Y
,
dnssec-lookaside
, ,
trust-anchor,

DLV-, . DLV D N S K E Y (
, D S - ) , D N S K E Y R R s e t
.
dnssec-must-be-secure
, ,
( ) ,
. yes named
, .
no dnssec
.
trusted-key,

dnsseclookaside.
auth-nxdomain
yes, N X D O M A I N -
A A , .
n o ; B I N D 8 .
DNS-, ,
yes.
deallocate-on-exit
B I N D 8
. B I N D 9
.
dialup
yes, DNS- ,

,
, D N S - .
,
, heartbeat-interval,
-
. ,
, .
no.
dialup view zone
,
dialup.
, DNS- NOTIFY
D N S - (
) .
( N O T I F Y ) ,
, .
, NOTIFY,
notify
also-notify.
,

heartbeat-interval
NOTIFY.

notify,
NOTIFY-;
notify-passive,
N O T I F Y
; refresh,

heartbeat-interval;
, passive,

.
no
yes
notify
refresh
passive
notify-passive
( )
, N O T I F Y dialup .
fake-iquery
B I N D 8
D N S - , I Q U E R Y . B I N D 9
IQUERY.
fetch-glue
. B I N D 8 fetch-glue
yes
, DNS-
R R - .
, B I N D 9
.
flush-zones-on-shutdown
DNS- S I G T E R M ,

. - flush-zones-on-shutdown
no.
has-old-clients
B I N D 8 , B I N D 9
. has-old-clients
yes,
: auth-nxdomain
yes
rfc2308-type1
no.
host-statistics
BIND 8 ,
D N S - . B I N D 9 .
maintain-ixfr-base
. B I N D 8
,
. B I N D 9 ,
.
, provide-ixfr
no.
minimal-responses
yes D N S - , ,
,
(
) .
. no.
multiple-cnames
BIND 8 CNAME- D N S .
BIND 9.2 C N A M E ,
, .
notify
yes ( )
DNS NOTIFY,
. ,
N S - (
, M N A M E S O A ) ,
,
also-notify.
explicit

, also-notify.
no
.
notify zone,
, options
notify.
notify
,
.
recursion
yes D N S -
, ,
. ,
, D N S - . yes. ,
recursion no
,
. -

, NOTIFY. .
fetch-glue.
rfc2308-type1
yes ,
S O A - , N S - . no. B I N D 9 .
use-id-pool
. B I N D 9
.
zone-statistics
yes,
( ,
zone-statistics
no
zone). rndc
stats,
,
statistics-file.
use-ixfr
. I X F R
,
provide-ixfr.
provide-ixfr
, ,
,
,
. yes ,
. no,
.
request-ixfr
, ,
,
, .
treat-cr-as-space
B I N D 8, ,
( \ ) ,
,
U N I X , N T DOS. BIND 9
\n \r\n,
.
additional-from-auth
additional-from-cache

, ,
C N A M E D N A M E .
yes (
) ( ,
),

. - ,

,
. ,

,

.
, M X - foo.example.com
MX 10 mail.example.net,

( A A A A A )
mail.example.net,
, example.com.
no

, .

.
no, recursion
no,
,
.
no
, .
,
.
D N S - ,
,
,
.
,
,
no.
R E F U S E D . , -

.
match-mapped-addresses
yes , 4 -
IPve- ,
IPv4-.
Linux-, I P v 6 ,
,
, T C P - I P v 4 , ,
I P v 6 , .
,
IPv4.
.
ixfr-from-differences
yes,
, , ,
,
,
.

.
,
,

. ,
,
.
.
multi-master
,
.
yes named
, ,
.
no.
dnssec-enable
D N S S E C n a m e d .
yes, named , D N S S E C .
- no.
querylog
, DNS-
named.
querylog
,
queries l o g - .
check-names

/ DNS-,
. .
- fail,
- warn. ,
, ignore.

R F C 9 5 2 R F C 8 2 1 ( R F C 1 1 2 3 ) .
check-names
, A ,
A A A M X . , check-names

R D A T A N S , S O A M X , P T R - ,
I N - A D D R . A R P A ,
I P 6 . A R P A , IP6.INT .

, DNS-.
,
,
. ,
D N S -
.
forward
,
. first, ,
,
, . only
.
forwarders
I P - ,
. ,
.

,
.
,
forward only/first

.

, -
IPv4 IPv6 .
dual-stack-servers
/ ,
IPv4 IPv6. ,
,
.
, dual-stack-servers

, (
, named
-4).
IP-
allow-notify
, , ,
- -
. allow-notify

zone ,
options allow-notify.
.

.
allow-query
, DNS- . allow-query zone,
, options allow-query. .
allow-recursion
, DNS .
. ,

, DNS-.
,
,
. none,
. ,
any.
( none any) ,

D N S - , .
,
,
,
I P - .
allow-v6-synthesis

A A A A A 6 . ,
A 6 ,
, . D N S - .
allow-transfer
,
. allow-transfer
zone
, op
tions allow-transfer.

.
blackhole
,
. ,
, .
none.
, ,
listen-on.

listen-on

(address_match_list).

, . ,
53.
listen-on.
:
listen-on { 5.6.7.8;
};
listen-on port 1234 { ! 1.2.3.4;
1.2/16; };
D N S - 53 I P - 5 . 6 . 7 . 8 ,
1 2 3 4 1.2, , 1 . 2 . 3 . 4 .
listen-on ,
53 .
listen-on-v6
,
, IPv6.
{ any; }
address_match_list
listen-on-v6,
I P v 6 - ,
I P v 6 ,
I P v 6 ( ,
RFC 3493 RFC
3542). IPv6-.

I P v 6 , , I P v 4 .
I P v 6 - ,
,
.

:
listen-on-v6.
listen-on-v6 { any; };
listen-on-v6 port 1234 { !2001:db8::/32; any; };
D N S - 53 I P v 6 - (
-) 1234 IPv6-
2 0 0 1 : d b 8 : : / 3 2 ( ).
IPv6-,
:
listen-on-v6 { none; };
listen-on-v6
IPv6.

D N S - ,
D N S - . query-source

. , I P v 6 ,
query-source-v6.
*
( ) , -
(INADDR_ANY).
* ( ) ,
;
avoid-v4-udp-ports
avoid-v6-udp-ports

named . :
query-source address * port *;
query-source-v6 address * port *;
, ,
query-source,
UDP-, TCP-,
U D P - . TCP-
.
. transfer-source
notify-source.

B I N D , ,
,
.
:
also-notify
IP- DNS-,
( , N S - )
N O T I F Y
. ,
D N S - . also-notify
zone, , op
tions also-notify.
zone notify
n o , I P - also-notify

N O T I F Y . (
) .
max-transfer-time-in
, ,
, . 120 (2 ). - 28
(40 320 ).
max-transfer-idle-in
,
,
. - 6 0 (1 ) .
- 28 (40 3 2 0 ) .
max-transfer-time-out
, ,
, . 120 (2 ). - 28
(40 320 ).
max-transfer-idle-out
,
,
. - 6 0 (1 ) .
- 28 (40 3 2 0 ) .
serial-query-rate

, , .

.
, B I N D 9 .
serial-query-rate

, . - 20.
serial-queries
B I N D 8 serial-queries

,
. B I N D 9

serial-queries.

serial-query-rate.
transfer-format
:
one-answer
many-answers.
,
, trans
fer-format.
one-answer
D N S - R R - . many-answers
R R - . many-an
swers ,
, B I N D 9,
B I N D 8 . x B I N D 4 . 9 . 5 .
many-answers.
transfer-format

server.
transfers-in

. - 1 0 . transfers-in
,
.
transfers-out

. ,
. - 10.
transfers-per-ns

D N S - . - 2.
transfers-per-ns

,
D N S - . transfers-per-ns

transfers
server.
transfer-source
, TCP-
I P v 4 , . ,
IPv4- () U D P ,

. ,
.
allow-transfer
,
.
,
, transfer-source

view zone.
transfer-source-v6
, transfer-source,
IPv6.
alt-transfer-source
,
, transfer-source,

use-alt-transfer-source.
alt-transfer-source-v6
,
, transfer-source-v6,

use-alt-transfer-source.
use-alt-transfer-source
,
. , no;
yes (
BIND 8).
notify-source
, (
) UDP- NOTIFY.
masters
allow-notify.

,

notify-source
zone view
.
notify-source-v6
notify-source,

, IPv6-.
UDP
avoid-v4-udp-ports
avoid-v6-udp-ports

U D P - I P v 4 I P v 6 ,
U D P - . -
,
. ,
, D N S -
.

.
. , ,
1G 1 0 7 3 7 4 1 8 2 4 . unlimited
,
. default ,
.

D N S - .
(
) . BIND ,
.
coresize
. -
default.
datasize
, .
- default.

.
, ,

.
,

, .
,
max-cache-size
recursive-clients.
files
.
unlimited.
stacksize
,
. default.
max-ixfr-log-size
;
B I N D 8. max-journal-size

B I N D 8.
max-journal-size
.
,

. unlimited.
host-statistics-max
B I N D 8
. B I N D 9 .
recursive-clients

, . - 1 0 0 0 .

( 2 0 ) , recursive-clients,
,
.
tcp-clients
TCP-,
. - 100.
max-cache-size
, DNS-,
. , DNS ,
, .
,
.
unlimited,

.
tcp-listen-queue
. - 3 (
) .
dataready, TCP , .
, 3, .

cleaning-interval
R R -
cleaning-interval
. - 60 .
- 28 (40 320 ) .
0 ,
.
heartbeat-interval
, ,
dialup, . 6 0 . 1
( 1 4 4 0 ) . - 28 (40 3 2 0
) . 0 ,
.
interface-interval

interface-in
terval . - 6 0 .
- 28 ( 4 0 3 2 0 ) . 0,

.
( ,
listen-on)

.
statistics-interval
DNS-
statistics-interval
. - 6 0 . - 28
( 4 0 3 2 0 ) . 0 ,
.
statistics-interval
BIND 9.
, D N S -
, ,
. topology
(address_match_list),

.
. (!)
, ,
.

. , ,
, , ,
. :
topology {
10/8;
!1.2.3/24;
{ 1.2/16; 3/8; };
};
1 0 ,
1 . 2 . 0 . 0 ( n e t m a s k 2 5 5 . 2 5 5 . 0 . 0 ) 3,
1.2.3 ( n e t m a s k 2 5 5 . 2 5 5 . 2 5 5 . 0 ) ,
.
:
topology { localhost; localnets; };
topology BIND 9.
sortlist
D N S - R R - ,
RRset-. DNS- RR-
. D N S -
,
. D N S -
, .
,
, .
D N S , .
sortlist ( . )
(address_match_list)

, topology.

sortlist
, .
- (
I P - , I P - ,
) ,
.
, , , ,
R R - - .
-, -
, topolo
gy. ,
.
,
, ,
. -
1 9 2 . 1 6 8 . 1 / 2 4 ,
1 9 2 . 1 6 8 . 2 / 2 4 1 9 2 . 1 6 8 . 3 / 2 4 ;
. 1 9 2 . 1 6 8 . 1 / 2 4
,
1 9 2 . 1 6 8 . 2 / 2 4 1 9 2 . 1 6 8 . 3 / 2 4 .
1 9 2 . 1 6 8 . 4 / 2 4 1 9 2 . 1 6 8 . 5 / 2 4
.
sortlist {
/ / localhost
/ /
//
{ localhost;
{ localnets;
192.168.1/24;
{ 192.168.2/24;
{ 192.168.1/24;
192.168.3/24; }; }; };
// C,192.168.1
{ 192.168.1/24;
// .1, .2,
.3
{ 192.168.2/24;
192.168.3/24; }; }; };
{ 192.168.2/24;
// C,192.168.2
{ 192.168.2/24;
// .2, .1,
.3
{ 192.168.1/24;
192.168.3/24; }; }; };
{ 192.168.3/24;
// C, 192.168.3
{ 192.168.3/24;
// .3, .1,
.2
{ 192.168.1/24;
192.168.2/24; }; }; };
{ { 192.168.4/24; 192.168.5/24;
};
// .4 .5,
//
};
};

( l o c a l h o s t ) .
B I N D 4 . 9 . x .
l o c a l h o s t
.
.
.
sortlist {
{ localhost; localnets; };
{ localnets; };
};
RRset-
,
. rrset-order
.
order_spec
:
[ c l a s s class_name ] [ t y p e type_name
o r d e r ordering
] [ name
"domain_name"]
A N Y .
A N Y .
* .

(ordering):
fixed
,
.
random
.
cyclic
(round-robin) .
:
rrset-order {
c l a s s IN t y p e A name "host.example.com" o r d e r random;
order cyclic;
};
, , A
IN host.example.com,

. .
rrset-order
.
, -
rrset-order BIND 9.
BIND 9 fixed.

lame-ttl

, . 0

.
- 600 (10 ). 1800 (30 ).
max-ncache-ttl

, D N S -
. max-ncache-ttl

, . 10 8 0 0 (3 ) . max-ncache-ttl

; ,
.
max-cache-ttl
max-cache-ttl

( ) . -
( ).
min-roots
, ,
. - 2 . B I N D 9
.
sig-validity-interval
, DNSSEC ,
. - 30 .
- 10 ( 3 6 6 0 ) .
,
.
min-refresh-time
max-refresh-time
min-retry-time
max-retry-time

( SOA)
. SOA- ,
,
.

, .
-
SOA-
.
edns-udp-size
EDNS UDP.
5 1 2 4 0 9 6 (
) .
- 4 0 9 6 . ednsudp-size - , U D P -
,
/ UDP-,
512 .

BIND
, - bind
CHAOS.
CHAOS, ( I N ) ;
, DNS- (,
allow-query)
CHAOS.

,
CHAOS,
CHAOS, .
version
, version.bind TXT, CHAOS.
-
DNS-.
version
none, .
hostname
, hostname.bind TXT, CHAOS. -
, D N S - ,
gethostname().
- ,
a n y c a s t - .
hostname none,
.
server-id
,
ID.SERVER
TXT, CHAOS.
- , a n y c a s t -
. server-id none,
.
server-id hostname,
named ,
gethostname().

server-id
none.
- () , 102
* () , 576
# , , resolv.conf, 149
. (), 35
, 86
, 98

, 189
FQDN, 139
DNS, 26

, 497
DNS-, ndots, 148
/ (), 26, 35

, 140
$=w, (sendmail), 155
::-, -, 329
:
A
A-, 87
DNS- Windows X P , 163
,
178
,
round-robin, 307

, 289
, 130

, 89
DNS-
BIND 8, 215
A6-, , 336
, 338
AAAA-, , 336
ACE (ASCII- )
Unicode , 598
, 597
ACL (access control lists),
, 281
, , 387
, 286

DNS-, 362
IP-, 287
, 353
, 353
, 354
nslookup,
443
acl, , 281, 645
view, 305
Active Directory, 600-607
BIND, 603
, 606
AD (Authenticated Data), , 404
Address database dump,
, 487
aero, , 43
AFS (Andrew File System), 586, 615
AFSDB-, 586, 615
allow-notify, , 295
allow-query, , 353, 362

, 387
, 353

, 360
, 353
allow-recursion, , 315

, 362
allow-transfer, , 354

IP-, 355
allow-update, , 286, 350
allow-update-forwarding, , 287
also-notify, , 295
NOTIFY-
DNS-,
, 295
any ( ), 282
ANY-
DNS-
BIND 8, 217
APNIC (Asia Pacific Network Information

Center), , 78
ARIN (American Registry of Internet Num
bers), , 78
arpa, , 42
ARPAnet, 22
, 24
ASCII- (ACE), 596
attempts, DNS-, 148, 657
au, , 44
auth-nxdomain, , 328
AXFR-
IXFR-, 296
DNS-
BIND 8, 217
B
Base 64, ,
347
Base 64, , 172
BIND (Berkeley Internet Name Domain), 11
Active Directory, , 603
DNS-, 52, 136
GSS-TSIG , 604
IXFR, BIND 8 9, 298
log-, 191-202
logging, , 194
, 196-198
, 191
, 198-202
NOTIFY, , 235
Windows 2000, , 603

, 356-359
, 351-352
, 11, 64
(BIND 9), 304-307
(RTT), ,
DNS-, 57
, 582
, 31
,
, 63, 64
DNS-
4.9, 149
, 139
DNS- DNS-,
640-681
IP-, 66
, 64
update-policy
( 9), 12
, 452

DNS-, 60
BIND 8/9, 367

DNS ( 8 9), 282
, , 65,
297
, 300-304
Linux-,
630
, , 628
, 157

Usenet, 65
4.8.3, 4.9
, 140, 141
DNS-, 211-223
BIND 8, 214-221
BIND 9, 221
, 211
DNS-, 166-177
ndc controls (BIND 8), 167-171
rndc controls (BIND 9), 171-175
, 176
, 81-121
loopback-, 92
, 92-95
TTL , 85
, 9 5 - 9 7
, 83, 85-92

BIND 8, 640
BIND 9, 645
bindgraph, , 230
bind-users, ,
, 351
biz, , 43, 74
blackhole, , 316
BSD UNIX, , 23
bstat, , 217
C
ca (), , 47
cache, , 379
CD (Checking Disabled), , 404
CHAOS, , 620
chmod(1), , 167
chroot( ), 356
CIDR (Classless Inter-Domain Routing)

, 77
CLASS, RR-, 620
cleaning-interval, , 325
CNAME-, 87, 88, 571-576
sendmail , 154
, 89
RR-, 573
, 571
A-, 89
round-robin,
308
,
573
, 575
, 178

, 264

, 276
, 574
PTR-, 511
, 129
DNS-
BIND 8, 216
, 278
CNAME-, 572
com, , 41, 74
(), 45
comp.protocols.dns.bind, ,
BIND, 351
config, (log-), 197
continue, , 159
controls, , 646
BIND9, 171
DNS-
, 168
coop, , 43
corp, , 45
critical, , 192
CSNET, , 620
D
d2, (nslookup), 433, 444
daemon, , 192, 197
date, , 222
db.ADDR, , ,
178
db.cache, , 93, 236
, 251
, 185
, 94
db.DOMAIN,

spcl.DOMAIN, 185
, 178
db.movie.edu.signed, (), 409
db.root, , 250, 378

, 381
DC (Domain Controller), 606
debug, (nslookup), 433
debug, , 192
debug, (. named.run, )
default servers are not available, ,
443
default, (log-), 193-196
BIND 8/9, 198, 200
default-key, rndc.conf,
174
defaultrouter, , 248
default-server,
options rndc.conf, 174
default_stderr, (log-), 197
DHCP, 282

A, TXT PTR,
update-policy, 289
dialup, , 583
Diffie-Hellman, , 395
dig, , 446-451
nslookup, , 446
, 450

, 446
, 449, 478

DNS-, 186
DNS-,
DNSSEC, 404
, 447
distfile, , 234
dname, (res_search), 535
DNAME-, 336
, 340-343
DNS (Domain Name System), 9, 26
DNS- BIND, 143
EDNS0, 334
NOTIFY, 119
RR-, 83
Windows Active Directory, 600-607
WINS , 598-600
, 561-570
DNS-,
562-565
, 565
, 568
, 569
, 365-391
, 282
(. RR-), 83
SPF, 132-135
, 376-383
-, 370-376
, 383
DNS-,
369
, 24

, 578-583
, 32
, 34-41
, 545-556
, 12
. DNSSEC
, 245-249
, 620-626
, 435, 447
, 529
,
26, 34, 36
,
, 230
-, 608-611
, 122-131
, 131
DNSEXT, 66
dnskeygen, , 347
DNSKEY-, 394-395, 403, 405
Secure Entry Point (SEP), , 394
, , 395
, 412
, 408

, 406
, 395

dnssec-signzone, 409
, 394
DNSSEC (DNS Security Extensions),
DNS, 12, 391-421
DNSKEY-, 394-395
DO, AD CD, 403
DS- , 400-403
NSEC-, 398-400
RRSIG-, 396-397
, , 348
, 414
, 404

, 406
, 407-414
, 411
, 413
, 407
, 406
, 418-420

, 392
dnssec-keygen, , 347, 407-408
dnssec-signzone, , 408
, 410
, 411
DS-, 412
DNS-, 26, 51, 57, 136-152
BIND 8.2.3, 136
BIND, , 655-658
ns_update( ) , , 283
Windows XP, 159-165
DNS-, 162
, 163
, 164
, 161
, 164
, 160
, 471
, 360
, 531-539
_res, , 536
,
DNS- BIND 8/9, 231, 232
, 361
nslookup, 436
, 137-150
nameserver, , 142-146
options, , 147
search, , 141
sortlist, , 146
4.9, 149
BIND 4.9
8.2, 145
, 149
, 137
, 150-152
, 150
, 139
DNS- , 315
DNS-, 360
, 323
,
, 247
CNAME- PTR, 511

BIND, 508
DNS-, 327
-, 436
, 311
nslookup, 423
DNS-, 10, 26, 46-51
blackhole, , 316
DNS- (resolvers) , 51
EDNS0, , 335
foward-only,
, 301
IPv6-, , 333
log-, 191-202
logging, , 194
, 196-198
, 191
, 198-202
NS-, 613
nslookup, , 431
, 47
, 56

, 582
, 539-545
, 55
, 231
, 315
, 562-565
, 379
, 105
, 656

,
BIND, 370
, 50
, 233-238
, 234
, 235
-, 237
, 51
, nslookup,
436-439
- (BIND 8 9), 275
, 169, 170
, , 92
, 52, 314
, 60
TTL ( ), 62
, , 151
, , 316-327
TTL ( ), 326
, 324
, 321-324
, 317-321
, 314
, 351-365
BIND, , 351-352
BIND
, 356-359
DNS- , 361-365
,
354-356
, 353
, 359-361
,
, 224
-
UDP, 512
, 105
, 190
, 50
, 202-223
syslog-,
202
BIND, 211-213, 223

, BIND, 509
, , 226
, 52-60
, 56
, 53
, 238-241
DNS-, 238
, 241
, 227
, 231
DNS-, 233
, 228
,
bind, 228
, 229

DNS-, 228, 229
, , 304
, 300
, 301
DNS-
DNS-, 327
,
, 284
, 311-312
, 235
, 50
, 313
(authenticated), 586
DNS- Windows XP,
160
, 166-177
ndc controls (BIND 8), 167-171
rndc controls (BIND 9), 171-175
, 176
, 81-121
, 82-95
, 51
, 177-186
RP-, 182
SOA , 179
TXT-, 182
, 178
, 185
, 183
, 186-190
, 189
,
186
-, 237
nslookup, 423
DNS-, hosts, 158
DO, , 403
domain, DNS-, 138
BIND, 142

search BIND 4.9, 150
DSA/SHA-1, , 395
dsset-, 413
DS-, 400-403, 405

, 413
dnssec-signzone,
412
dumpdb, ndc, 170
dumpdb, rndc, 175
dynamic, , 192
E
E.164, , 591
URI-,
592
edns, server, 335
EDNS0 (Extension Mechanisms for DNS,
version 0), DNS,
0, 334
,
DNSSEC, 403
edns-udp-size,
options, 335
edu (), , 27, 41
(), 45
edu, , 47
ENUM (Telephone Number Mapping),
, 12,
591-596
E.164, ,
, 592
NAPTR-, 593-595
, 595
error, , 192
/etc/hosts,
nslookup, 424

, , 249

, 258
/etc/named.pid, , 177
/etc/netgroups, , 153
exec, ndc, 170
explicit, ( notify),
295
exports NFS-, 154
extranet-, 24
F
fetch-glue, , 314, 315
flush, rndc, 175
flushname, rndc, 175
forwarders, , 301, 371
, 303
forward-first, , 302
forward-only,
, 301
FQDN (fully qualified domain name),
, 139
, 36
freeze zone, rndc, 175
freeze, rndc, 297
ftp, , 153
G
getpid, ndc, 169
getrlimit(), ,
203
gov, , 41
group, , 358
GSS (Generic Security Service), 604
GSS-TSIG BIND, 604
gTLDs (generic top-level domains),
, 42, 69
, 73
H
h2n, , 104, 183-185
-d ( ), , 183
-n ( ), , 183
,
185
, 184

, 185
named.conf, 260

, , 277
,
, 278
Harvest, , 216
h_errno, , 532
HINFO-, 216, 612
HMAC-MD5, , 172,
346
host, , 272
, 272
, 273
HOSTALIASES, , 157
hostname, ,
, 138
hosts, , 158
hosts, , , 249
hosts.equiv, ,
, 156
host-statistics, , 215, 231
HOSTS.TXT, , 24
HUP, , 177
ICANN (Internet Corporation for Assigned

Names and Numbers), 43
ICMP (Internet Control Message Protocol)
: port unreachable
( ), host unreachable
( ) network un
reachable ( ), 144, 247
identity ( update-policy), 288
IDN (Internationalized Domain Names),

, 12, 75, 596-598
ifconfig, , 246
in-addr.arpa,
, 267-272

, 267-272
in-addr.arpa, , 79
, 265
DNS-, 377
DNS-, 80, 240
$INCLUDE, , 186, 189, 257, 609
include, (SPF TXT-), 134
include, , 186, 646
key ,
348
inet, controls, 171
info, , 43, 74
info, , 192
, syslog
, 196
int ( ), ,
42
Internet Systems Consortium, 31
InterNIC
Network Modification, , 240
-, 76
ip6.arpa, 336
ip6.int, , 336
ipconfig /displaydns, , 164
ipconfig /flushdns, , 164
IPv4-, , 330-333
IPv6
, 329-330
, 330
,
330
::-, 329
, 330
, 330
, 329
, 333
, 336-343
A6- ,
338-339
DNAME-
, 340-343
AAAA-
ip6.arpa, 12
IP-, 58

, 80
DHCP, 282
, 66
, 57
DNS-, 311
IP-, 281
IP-
IP-, 76
, 76-78
ISC (Internet Software Consortium), 64
- BIND, 66
-,
BIND, 64
ISC DHCP, , 605
ISDN-, 616
ISO 3166,
uk, 44
, 44
, 42
IXFR-, 296
.
ixfr-base, , 299
ixfr-from-differences, , 297
J
JEEVES, 31
.jnl, , 286
, 300
jobs, , 43
K
key, , 347, 646
rndc, , 171
rndc.conf, 172
view, 305
DNS-, 174
keys, , 349
keyset-, 413
KSKs, ,
406, 409, 419

, 420
, 420
L
lame server, , 505
LAN (local area network), , 23
DNS-, 230

DNS, 33
LACNIC (Latin America and Caribbean In

ternet Addresses Registry), , 78
Linux, BIND, 630
listen-on, , 330
listen-on-v6, , 333
Local Area Connection Properties (Windows
XP), 159
local0, , syslog, 197
LOCALDOMAIN, , 138
localhost ( ), 282
localnets ( ), 282
LOC-, 587
logging, , 192, 201, 646

(BIND 8), 201
, 194
logging,
193
log.msgs, , 193, 194
log-
BIND, 191-202
logging, , 194
NOTIFY-, 293
, 196-198
, 191
, 198-202
log- , 286
loopback-, 92
IPv6, 329
named, 363

nameserver, 144
lpd.allow, ,
, 156
ls, , 439, 442
lserver, , 431
lwres, , 647
M
maintain-ixfr-base, , 298
many-answers, , 300,
320
DNS-, 321
masters, , 294, 328, 647
TSIG- ,
349
, 331
match-clients, , 305
match-destinations, , 305
match-recursive-only, , 305
max-journal-size, , 300
max-ncache-ttl, , 326
max-refresh-time min-refresh-time,
, 320
max-retry-time, , 320
max-transfer-idle-in, , 319
max-transfer-idle-out, , 319
max-transfer-time-in, , 319
max-transfer-time-out, , 319
MD5, , 346
Microsoft DHCP Server, 603
Microsoft DNS Server, 598
many-answers, , 321
Active Directory,
328
DNS NOTIFY, 294
GSS-TSIG, 604
, 509
Microsoft Knowledge Base, Q246804,
603
mil, , 41
min-refresh-time, , 320
min-retry-time, , 320
mmencode, , 172, 348
MNAME, SOA-,
DNS-, 283
mobi ( ), , 43
multi-master, zone,
328
multiple-cnames, , 309
museum, , 43
MX-, 123-126
MD- MF-, 123
MX-, 128
sendmail , 154
A-, MX-,
125
, 381, 576
, 178
, 127
, 577
, 124
DNS-
BIND 8, 216
,
126
N
name, , 43
named
-t, -u, -g, , 3 5 6 - 357
,
176
rndc
stop, 180
, 228
, 322

DNS-, 363
named -g other, , 356
named.conf, , 83
controls, , 173
db.root, , DNS, 379

DNS- -
, 386, 388
rndc key, , 171
trusted-keys, , 402
DNS-
, 262
, 235
,
249
rndc-confgen, 173
DNS-

, 276

, 318
,
rndc.conf, 172
DNS-
, 259
, 266
, 306
DNS-,
loopback-, 364
DNS-,
IP-
, 363
DNS-, 236
,
acl, 281
,
189
- DNS-, 237
named.conf.primary, , 188
named.conf.slave, 188
named_dump.db, , 190
named.pid, , 177, 190
named.root, , 92
namedroppers, , 66
named.run, , 193, 456
default, .
null, 194
info, 196
named.stats, , 191, 214, 221
named-xfer, , 190, 476-478
nameserver, (DNS-),
142-146, 656
DNS-, 145
, 143
DNS-, 144
nametype ( update-policy), 288
NAPTR-, 593-595
, 595
ndc (name daemon controller), ,

107, 167-171
-c, , 167, 359
start restart, , 169
, 168

, 456
rndc, 174
DNS-
BIND 8, 214
, , 176
, 169
, 176
ndots, , 148
ndssec-keygen, , 172
net, , 42
Net::DNS, , 350, 557-560
NetBIOS-, 598
NetBIOS, (WINS), 163
netgroup, NFS-, 154
netgroups, , 153
Network Modification, , 240
Network Solutions Inc.,
, 75
NFS (Network File System), , 153
NIC (Network Information Center), 24
NIS (Network Information Service), 33
nslookup, 424
, NIS,
474
DNS, 38
"no",
nslookup, 426
no response from server,
, 442
no-check-names
DNS-, 149
, 657
none ( ), 282
nonexistent domain, , 443
no-recursion, , 360
nosearch, (nslookup), 427, 429
NOTFOUND, , 158
notice, , 192
NOTIFY, , 12, 235, 290-296
BIND,
( NOTIMP),
294
, 294
DNS-
NS- ,
295
, 291
DNS- NOTIFY-, 292
, 331
, 293
,
DNS- ,
292
notify, zone,
explicit, 295
notify-source, , 333
notify-source-v6, , 334
notrace, ndc, 171
notrace, rndc, 175
NSAP-, DNS BIND 8, 216
NSEC-, 398-400, 403

, 415, 418
, ,
413
, 399
NSFNET, , 23
, 230
ns_get32, , 540
ns_init_parse, , 540
nslookup, , 423-446
dig, , , 446
IP-, , 67
.nslookuprc, , 429
, 11
, 424
, 445
, 423
NIS, 475
DNS-, 423

, 524-529
, 425-428
BIND 9.3.2, 426
, 426
, 426
, 429-433

, 430
DNS-,
431
, 429
, 425
, 424, 439, 478

, 265
, 69
,
502
PTR-, 494
, 433-440
DNS- BIND,
436-439
-
-, 433-436
, 440-445
, 444
, 443
, 445
DNS-
resolv.conf, 444
PTR-
DNS-, 442
, 441
, 441
, 424
, 429
DNS, 116
DNS- DNS-, 423
ns_msg_count, , 541
ns_msg_get_flag, , 541
ns_msg_id, , 542
ns_name_compress, , 542
ns_name_skip, , 543
ns_name_uncompress, , 543
ns_parserr, , 544
ns_put32, , 540
nsswitch.conf, , 158, 475
ns_update(), DNS-, 283
nsupdate, , 283
-k -y, , 350
TSIG, 350
, 283
NS-, 86, 613
no NS RR for SOA MNAME, ,
510
, 263, 267
DNS-
, 273
,
445
DNS-
BIND 8, 215
TTL, 240
NTP (Network Time Protocol),
, 349
null, (log-), 193, 197
O
one-answer, , 321
options, (DNS- BIND),
147
options debug, 657
options fetch-glue, 314
options no-check-names, 657
options notify-source, 333
options query-log, 488

options rotate, 658
options timeout, 657
options,
allow-query, , 353
ACL- ,
387
allow-recursion, , 315
auth-nxdomain, , 328
BIND 8, 642-643
BIND 9, 648-650, 658-681
blackhole, , 316
cleaning-interval, , 325
dialup, , 583
edns-udp-size, , 335
fetch-glue, , 315
forwarders, , 301, 303
host-statistics, , 215, 231
lame-ttl, , 327
listen-on, , 330
listen-on-v6, , 333
maintain-ixfr-base, , 298
max-journal-size, , 300
max-ncache-ttl, , 326
max-refresh-time, , 320
max-transfer-idle-in max-transfer-idleout, , 319
max-transfer-time-in max-transfertime-out, , 319
notify-source-v6, , 334
provide-ixfr, , 299
query-source, , 332, 368
recursive-clients, , 324
request-ixfr, , 300
rfc2308-type1, , 327
rndc.conf, 172
default-server, , 174
serial-queries, , 324
sig-validity-interval, , 416
sortlist, , 311
statistics-interval, , 326
transfer-format, , 320
transfer-source, , 332
transfer-source-v6, , 334
transfers-out, , 318
transfers-per-ns, 317
use-id-pool, , 360
view, , 305
options, zone
allow-notify, 296
view, 305
also-notify, 295
org, , 42, 74
$ORIGIN, , 186, 609
, 189,
257
OSI Network Service Access Point, ,
, 216
P
passwd, , 358
Perl
Net::DNS, , 350
, 557
560
check_soa, , 559
Socket.pm, 473
PID-, 177
DNS, 364
ping,

, 500
rotate DNS-, 149

, 88
port unreachable, , 247
post ( ), , 44
prereq, (nsupdate), 283
primary, , , 120
Primary DNS suffix, 605
primary- ( ), 187
pro (), , 43
provide-ixfr, , 299
ps, ,
DNS-, 177
pstree, , 177
PTR-, 89
DNS- Windows XP, 163
ip6.arpa, 337
,
, 259
, 178
, 584
DNS-, 443
CNAME-
PTR-, 511
DNS-
BIND 8, 216
,
, 494
PX-, 618
qr, (dig), 448

QUERY, , 435
querylog, ndc, 171
querylog, rndc, 175
query-source, , 332, 368

querytype, (nslookup), 429
quit, ndc, 171
R
rdist, , 234
special, , 234
reconfig, ndc, 170
reconfig, rndc, 175
recursing, rndc, 175
recursive-clients, , 324
redirect, (SPF-), 134
refresh zone, rndc, 174
reload, ndc, 170
reload, rndc, 174, 178
request-ixfr, , 300
_res, , 536
RESDEBUG, , 147
res_init, , 533
res_mkquery, , 533
resolv.conf, , 137, 655-658
, 149
,
315
DNS-, 444
DNS-
, 247
, 505

DNS- , 151
DNS-, 152
resolv.h, , 536
res_query, , 534, 550
res_search, , 535
res_send, , 536
restart, ndc, 170
retransfer zone, rndc, 174
return, , 159
RFC 1034 1035, 25,522
RFC 1183, 586, 615
RFC 1664, 618
RFC 2136, 282
rfc2308-type1, , 327
.rhosts,

, 156
, 89
RIPE Network Coordination Centre, 78
RIRs (regional Internet registries),
, 78
in-addr.arpa, 80
rlogin, , 153
, 518
rndc, , 171-175
freeze, , 297
-p -s, , 174
reload, , 178
rndc-confgen, , 173
stop, , 180
thaw, , 298
trace, , 193

, 456

, 171
(BIND 9.3.2), 174
DNS-
BIND 9, 221
rndc.conf, 172
, 173
rotate, DNS-, 148
rotate, , 658
round robin, 88
, 165, 307-311
rrset-order, , 309
CNAME-, 308
route, , 246
RPC (Remote Procedure Call),
NFS-, 154
RP- (Responsible Person), 182
, 182
RP-
, 182
rrset-order, , 309
,
DNS-, 310
RRset-

, 283
TTL
, 397

, 396
RRSIG-, 396-397, 403, 405
, , 397
, , 396

, 397
DS-, 413
TTL, 397
, , 397
, , 396
, , 397
, , 396
, 420
RR- (), 40, 83, 586, 611, 620
A, 87
AFSDB, 586
CNAME RR-, 88, 573
DNSKEY, 394-395
DNSSEC, , 404

DS, 400-403
LOC, 587
MX, 123-126
Net::DNS, RR-, 558
NS, 86
, 263
NSEC, 398-400
ns_parserr, , 544
PTR, 89
rrser-order, , 310
RRSIG, 396-397
SOA, 85
SRV, 588
TSIG, 346
TTL, , 241-243
, 326
, 242
, 509
, 51
, 84
, 626

, 282

/ , 178
, 88
, 40
, 441
, 182

nslookup, 429
DNS- ,
, 308
/ e t c /
hosts, 185
,
update-policy, 289
RSA, , 392
RSA/MD5, 395
RSA/SHA-1, 395, 396
rsh, , 153
, 518
rsync, , 234
RTT (round-trip time), , 57

DNS-, 313
ruserok(), , 139
S
search, DNS- BIND,
141

domain BIND 4.9, 150
search, (nslookup), 427
secondary, , , 120
secondary- ( ), 187
sendmail
CNAME-
, 216
w, , 131
, 277
A-, MX-,
125
ANY-, 217
A- ()
CNAME-, 89
DNS, 154

, 381
,
, 130

sendmail.cf, 131
sendmail.cf, , 156

, 156
sendto(), , 220
SEP (Secure Entry Point), ,
DNSKEY-, 394, 406
serial-queries, , 324
serial-query-rate,
options, 324
server, (nslookup), 431
server, , 643, 650
edns, , 335
keys, , 349
provide-ixfr, , 299
request-ixfr, , 300
support-ixfr, , 298
transfers, , 317
view, 305
DNS-, 174
SERVFAIL-, 219
set norecurse set nosearch,
nslookup, 436
set type=any, nslookup, 441
set, nslookup, 426
setrlimit(),
, 203
sig-validity-interval, , 416
SIG-, 396
size, (file, ), 196
SMTP (Simple Mail Transfer Protocol), 124
SOA-, 69
check_soa, -
C, 545-556
Perl, 559
in-addr.arpa, ,
, 80
MNAME, ,
DNS- , 283
no NS RR for SOA MNAME, ,
510
, 85
DNS-,

, 332
, 244
, 244
DNS, 324
, 179

, 274

, 257
,
69
DNS-
BIND 8, 216
Socket.pm, 473
sortlist, (DNS- BIND),
146
sortlist, , 311
spcl.DOMAIN, , 185
SPF (Sender Policy Framework),
, 12, 132-135
spoof-
NAPTR-, 595
, 508
SRI (Stanford Research Institute),

, 24
SRV-, , 5 8 8 - 589
start, ndc, 170
statistics-interval, , 229, 326
stats, ndc, 170
stats, rndc, 175, 221
status, ndc, 169
status, rndc, 175
stderr, (log-), 197
sTLDs ( TLDs), 43
stop, ndc, 170
stop, rndc, 175, 180
string ( update-policy), 289
SUCCESS, , 159
support-ixfr, , 298
syslog,
default, , 194
log-, 196
, 229
NOTIFY-, 293
,
192
DNS- BIND 8,
230
DNS-, 106
, 192
, 202
, 171
info, 196
syslogd, -a, 358
T
TCP/IP (Transmission Control Protocol/
Internet Protocol), , 22
, 40
TCP-,
DNS-, 167
telnet, , 153
thaw, rndc, 298
thaw zone, rndc, 175
timeout, DNS- BIND,
148
timeout, , 657
too many open files, , 511
top, , 228
trace, ndc, 170
trace, rndc, 175, 193
traceroute, 500
transfers, , 317
travel, , 43
trusted-keys, , 402, 405, 413, 644,
651
TRYAGAIN, , 159
TSIG (transaction signatures),
, 12, 345-350
GSS-TSIG, 604
update-policy,
zone (BIND 9), 288
, 287
, 346
, 347-349
, 347
, 348
-, 346
, 391
, 514
,
355
, 349
, 514
TTL (time to live), , 62, 326
Windows XP, DNS-, 164
, 95
, 245
, , 85

, 62
, BIND 8.2, 244
, 327
, 513
NS-, 240
TXT-
SPF, 132-134
SPF,
133
, 182
RP-, 182
DNS-
BIND 8, 216
types, ( update-policy), 289
U
UDP
, , 512
, 334
DNS-, 403
uk, ,
, 44
Unassociated entries section (
), 487
UNAVAIL, , 158
Unicode, 596
ASCII-
, 598
UNIX,
BSD, , 23
,
(
), 139
, 328
, 167, 171
BIND, 64
Unix-, , 222
Unspecified error, nslookup, 478
update-policy, , 286, 288, 350
UPS (uninterruptible power system),
, 248
URI-
E.164, 592
URL
APNIC, , 78
Modify Tool, 266
RIPE, , 78
Webmin, , 269
whois, , 69, 71
, 351
-,
whois, 78
,
, 69
us, , 44, 73
(), 45
use-id-pool, , 360
Usenet-, BIND,
66
/var/run/ndc, , 167
verion.bind, , 351
versions, (file, ), 196
view, nslookup, 440
view, , 304, 651-653
match-clients, , 305
match-destinations, , 305
match-recursive-only, , 305
, 305
W
warning, , 192
Webmin, , 269
whois, , 6 9 - 71

, 79
, 71
-, 78
WINCH, , 176
Windows, , 600-607
,
603

, 600-602
Active Directory BIND, 603
, 328
Windows 2000 DNS, , 161
Windows NT, ,
328
Windows Server 2003, 607
Windows XP, DNS-, 159-165
DNS-, 162
, 163
, 160
, 164
, 164
, 161
, 160
WINS (Windows Internet Name Service), 33,
163, 598-600
-
, 509
X
X Window,
, 228
X0.hosts, ,
, 156
xfrnets, , 354
Yellow Pages, 137
ypcat, , 475
Z
zone, , 644
allow-query, , 353
allow-update update-policy,
, 286
allow-update-forwarding, ,
287
also-notify, , 295
BIND 9, 653-655
dialup, , 583
ixfr-base, 299
masters, , 294, 328
TSIG-, 349
, 331
max-refresh-time, , 320
max-transfer-idle-in max-transfer-idleout, , 319
max-transfer-time-in max-transfertime-out, , 319
multi-master, , 328
update-policy, , 288
view, 305
, 120
NOTIFY, 294
forward
ers, 303

DNS-, 355
ZSK, , 406,
409
, 419
, 35, 139
, 27
, (RRSIG-), 397
, DNS-, 436,
624
DNS-, 47, 85
, 56
DNS-, 315
, 582

DNS-, 236
, 430, 435
aa, dig, 273, 448
,
, 79, 86
loopback-
nameserver, 144
, 88
DNS-, 311-312
PTR, 89
, 82
-, , 57
, 283
(. A-), 87
AAAA-, 336
, 215
, 40
, DNS-, 471
, 472
,
DNSKEY-, 395
RRSIG-, 396
, 561-570
DNS, , 569
DNS-,
562-565
, 565
567
DNS, 568
, 392
DNS-,
, 370
,
359
BIND, 351
,
BIND 8, 478-483
BIND 9, 483-487
Microsoft, Q246804,
603
, ,
DNS-, 190
, 308
, , 370
, 389

, 385-387
,
-,
387
,
DNS-, 371
, 381
, , , 249
(), 249
, 245-249
, 344-421
DNS -, 365, 370
376, 383-391
, 376-383
, 383
391
DNS-,
369
DNSSEC, 391-421
DNS-, 360
DNS-, 351-365
BIND, , 351
BIND
, 356-359
, 361-365
,
354-356
, 353
, 359-361
ENUM, 595
TSIG, 345-350
BIND, 64
, 190
, 351

, 392
- (
IPv6), 341
DNS-, 55
DNS-,
512 , 335
DNS, 365-391
DNS-, 500
, 376-383
-, 370-376
, 366
, 368
, 366
, 383
391
DNS-,
369
- ,
DNS-, 228
-,
, 69
, 393
, 370
, 304-307
named.conf, , 306
, 306
, 365
, 306
, 365
-, 389
BIND 9, 65
DNS, 364
, 509
,
, 516
DNS, 562-567
, , 328
, DNS-, 435
, (Net::DNS), 558
, IP-, 58

UNIX (mtime), 291
DNS-, 250
(. TTL), 62

, 85
(. RTT), 57
DNS-, 50, 237
AXFR-
, 217
NOTIFY-
, 292
, 292
syslog, , 116
TTL, 243
(named-xfer), 190
, 266
, 266

, 234
,
IXFR- DNS, 300
, , 116

, 249
, 170

, 290

, 301
,
492-493

, 564
DNS- , 113

, 355

DNS-, 236

, 354

, 262
(BIND 8,
1), 468-470
(BIND 9,
1), 470
, 238
nslookup, 116
, 51
, 178
, 186
DNS-, 436
, 69
, 75
,
42, 69
, 69
( us), 73

(IPv6), 330, 338
,
DNS-, 228
, 346
,
(. , ), 84
, 159
, 45
in-addr.arpa,
DNS-,
377
in-addr.arpa, , 267
, 47
, 241
, 403
, 50, 257-262, 505
in-addr.arpa, 267-272
, 502
, 501
, 256

, 268
host,
272
,
, 376
, 274
, 275
, 276-279

, 278
, 520
DNS, 12, 282
290
DNSSEC, 414
GSS-TSIG Windows 2000,
604
RFC 2136, , 65
TSIG-, 287
, 350
, 285
ACL-, 286
, 65
Windows, 603
Windows, 600-602

, 332

, 297
, 285
, 297
, 291
, 186
DNS-, 233
DNS-, 266
primary, 120
zone, 120
(jobs), 43
, 28, 35
ENUM, , 595
, 139
, 6 8 - 8 0
, 73
(.), 497, 609
, 75, 596-598
, , 371

, 156

E.164, 592
DNS, 137
CNAME-,
, 309
,
506
(
), 497
OSI Network
Service Access Point, 216
,
157
(FQDN), 36
, 44
, 57
, 29
NS-, 263
, 50
, 530
, 398
ndots, 148
, 530
, , 34
RR-, 40
, 35
, 36-40
, 41-45
, 26, 3 6 - 4 0
aero, 43
arpa, 42
biz, 43, 74
ca (), 47
com, 41, 74
coop, 43
DNS NIS, 38
edu (), 41
gov, 41
in-addr.arpa, 58, 265
info, 43, 74
int, 42
jobs, 43
mil, 41
mobi ( ), 43
museum, 43
name, 43
net, 42
org, 42, 74
post ( ), 44
pro (), 43
travel, 43
whois, , 69, 71
, 40
, 45, 505
, 47
, 27
, 42
,
254
, 39
, 279
(TLDs), 40

, 256

nslookup, 69
, 41-44
, 42
, 43
, 44
(DNS-),
530, 624
DNS-, 226
DNS,
26
, 220
, , 78
, (.jnl), 286
, 298
IXFR, 298
, 299
, 285
(.)
, 497
, 276
/etc/hosts , 248
, 375
, (Net::DNS), 558
, DNS-, 435
( BIND)
IP-
, 248
BIND 8, 640
BIND 9, 645
, 116
, 392
KSK, 406

, 414
, 418

RRSIG-, 396
DNS-, 86
, 69
(MD), 123
(MF), 123
, . RR-, 40
-, 89
::-, 6-, 329
DNS-, , 435
, 215
, 57
,
229
, 220
(), 523
, 171
, 301
, 211
, 317
, 353
, 443
nslookup, 433
,
302
, 487
, 301
, 54
, 220
, 65
IXFR, 296
DNS-, 116
, 383
, 384
DNS-, 226
, 402, 403
( nslookup), 426
, , 317-321

AXFR-, 217
NOTIFY, 235

DNS-, 290
, 12, 65, 296-300

, 354-356
, 293
NOTIFY-, 292
, 65
,
db.movie.edu.signed (), 409
SOA-, 85
TTL, RR-, 241
, 306
IXFR
, 297
, 285
, 384
, 84
(db.root), 378
, 177-186
RP-, 182
SOA , 179
TXT-, 182
, 178
, 185
, 180

, 183-185
, 186-190
, 189
,
186-190
PTR- ,
494

, 497
, 495-496
, DNS, 235
(), 90
, 82-95
A- , 87
loopback-, 92
NS-, 86
PTR-, 89
, 92-95
TTL, 85
, 85-92

, 258
ca (), 48
, 10, 28, 46-51
RP-, 182
SOA-,
, 69
DNS-, 47
, 509
, DNS, 52
, 32
, , 398
, 47
-, 276
, 86
, , 406
, , 403
, 407-414
, 411
, 413
, 407
nslookup, 109
( ),
82
, 254
, 505
, 79
, 12, 302, 374

, 303
DNS-, 50
, 406
(DNS NOTI
FY), 290-296
DNS-
, 50
, 83
-, 276
(IPv6), 330
, 77
ruserok(), 139
rndc, , 171
, (. ),
52
, 27
, 87
, 283
Windows XP, 163
, 52
, 82
, 305
, 281

NFS-,
154
sendmail, 155
, 137
bindgraph, 230
dig, 186
h2n, 104
host, 272, 273
Modify Tool, 266
named-xfer,
, 190
rdist, 234
rsync, 234
top, 228
Webmin, 269
, 290
BIND
8.2 , 146
4.9 8.2, 145
nslookup, DNS- DNS, 423
, 582
, 325
, 326
(SOA-), 244
, 325
, 42

(. IDN), 12
-, 23, 24
, 22
, 620
DNS-, 53
DNS, 32
, 41-45
, 44
, 81
-
DNS, 368
, 366
-, ,
578-583
DNS-
, 582
, 580

, 5 8 1 - 582
, 579
, 579
-,
IP- DHCP, 282
-, 370-376
-
intranet, 24
, 23, 24
TCP/IP,
DNS, 32
, (6-),
330
, , 325
, HINFO-, 216
,
, 105
(UPS),
248
TTL (RRSIG-),
397
BIND, , 63
, 55, 56
() , 54
SOA-, 523
DNS-, 359
(log-), 191, 196-198

null, 197
stderr, 197
syslog, 196

, 191
, 192

, 194
, 193
, 191
, 196
, 197

, 156
(sendmail), 154
, 89

(. CNAME-), 88
, 30
NS-, 263
PTR-, 90
, 129
, 130
, , RRSIG-, 397
(log-), 191, 198-202
BIND 8, 198
BIND 9, 200
default, 193
syslog, 194
, 191
, 201
$=w (sendmail), 155
, 40
-, 40
A, B, C- , 77
,
2 6 8 - 269
- DNS, 26
,
DNS-, 323
, , 392
, DNSSEC, 394
, 407, 419
, , 412
(. ZSK)
(. KSK)
,
nslookup, 426
, BIND, 456
, ,
nslookup dig,
522
, 645
DNS- BIND, 4.9, 149
, 84
, 578-583
DNS-
, 582
, ,
580-581
, 579
,
, 5 8 1 - 582
, 579
, 606
,
UDP, 512
Usenet,
BIND, 66
, 30
, Win
dows UNIX, 328
, , 587
, DNS-
, 92-95
, (.), , 26
DNS, 26
DNS-, 52, 314
, 376-383
db.root, , 378
in-addr.arpa, 377

, 376

DNS-, 380
DNS-
, 379

,
382

, 381
, 382
, 376
, 250
, 314
, 52

, 250

DNS-, 236
, 185
, 498

KSK, 406
TSIG, 345
, 347
ZSK, 406
, 411

DNS-, 355
,
- TSIG-, 346
, 418-420
, 419
, 391
,
346
(TSIG), 287
, 88
, 60
DNS- Windows XP, 164
, 164
, 164
TTL ( ), 62
,
326
DNS-, 53
, 314
, 325
, 137, 138
, 506
, 515
(. LAN), 23
DNS-, 431
DNS-
, 152
(
), IP-
, 248
, ,
, 124, 128
, 576
MX-, 381
-, 50
-, , 83, 608-611
(int), ,
42

. (), 26
(" " ) , 26
, (RRSIG-), 396

, 290
DNS, 334
, , 308
(. round-robin,
, 356-359
IPv4, 330
, 192
,
, 495-496
, (. SOA), 69
(), 328
, 430
( DNS-), 569
, 42
TTL, 327
, 241
, 505
-, 346, 392
(nslookup), 445,
478
, , 403

, 181
, 54, 301
(. ), 54
SOA-, 523
DNS-, 301
gTLDs, 43
, 43
, , 282
TSIG-, 287
, 282
,
, 319
, 185
, 123
(. edu), 41
, 82
IPv6, 336
DNAME-, 340-343
- , 341
, 337
,
, 375
,
named, 322
, 204,
511
DNS-, 301
, 81
DNS-,
321-324
SOA-, 324
, 322
, 322
, 322
, 323
, 323
DNS-, 227
, 59
, 267
DNS, 569

DNS-, 227

DNS-, 322
BIND, 64
DNS, 162, 605

BIND 4.8.3, 162
, 162
, 443
, DNS-, 435, 624

DNS-, , 435
, 516
, 508
nslookup, 433
, 545-556
(DNS-), 435, 624
, 519
, , 391, 392
DNSKEY-, 394, 395
, 392
BIND, 452-473
, 456
, 457-473
, 452-456
,
457-471
, 171
nslookup, 433
DNS-/, 147
(), 197
, 26
, 57, 89
, 82, 87
, 82
, 82
, 60
BIND 8, 471
BIND 9, 472
DNS- Windows X P , 164
max-ncache-ttl,
options, 326
(TTL), 85
, 244
, 512

(NSEC-), 398-400
, 327
rcodes, 435
resolv.conf, 505

, 247
herror
h_errno, 532
(), 366
,
367
BIND 8/9, 367
DNS-
DNS- , 371

DNS-, 228

DNS-, 322
named,
322
DNS-, 50
IXFR-,
, 300
named.conf, ,
, 259
TTL ( ), 243
, 263
, 266
, 234

, 178
DNS-, 113

, 301
,
, 356

, 178

DNS-, 236
, 238
, 151, 564
, 206

(. NOTIFY)
MNAME SOA-,
283

, 186
, ,
491
, 50, 317-321
dig, , 449
dig nslookup, 478
nslookup, , 424, 439
, 332
, 318
, 319
, 319
, 317, 318

many-answers, 320
, 177
(IXFR), 65, 296-300
named-xfer, 476-478
- WINS-, 509
, 206
, 206
, 65
TSIG-, 349
many-answers, 300
( nslookup), 426
,
, MX-, 124, 128
, (SOA-), 244
, 359
, 27, 39, 252-279
, 69
, , 254, 255
, 50
, 253
, 502
, 501

host, 272
, 274
, 46
, 403
, 186
, 39
in-addr.arpa, 267-272

, 267, 268
, 384

, 189
nslookup, 69
,
254
, 27
, 73
, 256-267
, 256
, 257-262
, 253
, 253
, 256
, 276-279
, 279
, (TSIG), 287
, 393, 407-414
, 411
, 413
, 407
, (RRSIG-), 397
, 417
, 416
, 397
, 77
(IPv6), 330
IP-, 585
, DNS- Windows
XP, 164
sortlist, 146
, 267
DNS-, 50
IP-, 66
, 518
, 26
(FQDN), 36
, 81
IPv4, 330-333
IPv6, 334
IPv4 ,
331

DNS, 285
Active Directory
Microsoft DNS Server, 328
, 178

,179
, 209
, 180
, ,
489-491
, 368
DNS-,
370
, syslog-, 196
, 123
, 123
,
, MX-, 128
, 123, 126
( . MX-), 123
A-, 130
, 123
, 124
, 130

IP-
, 126
, 127
(
), 126
(IXFR), 12, 65,
296-300

, 297, 298
BIND 8/9, 298, 299
, 297
BIND 8/9, 65
6-, 329
, 52
debug, 1, 197
log-, , 191
MX-, 124, 130

, 130
, 196
, 301
-

in-addr.arpa, 80
DNS-, 67
, 76

, 418
,
DNS, 131-135
SPF, 132-135

DNS-, 529-545
check_soa (), 545-556
_res, , 536
DNS-, 539-545

UNIX-
, 64
BIND, 63
BIND, 66
DNS-, 227
DNSSEC , 406
, 500
, round robin, 307
, ,
, 319

ip6.int, 336
, 34-41
, 383
, 254
, 383-391
, 383
, (DNSKEY-), 394
, ,
named, 228
,
, 322
, 82
IPv6, 336
, 337

DNS-, 376
, 29, 87, 88, 571
( . CNAME-), 88
MX-, 129
,
129

, 131

DNS, 157

, 278
,
, 254
( DNS), 530
( DNS), 530
,
, 322
DNS-, 360
loopback-, named.conf, 364
, 52-60
, 57
, 55, 56
DNS-, 52
, 60
, 53
, 518
, 543
, 308
round robin, 88, 307
, 307
( us), 73
, 383-391
, -,
389
, 387
DNS-
-, 388
-, 385-387
, 68, 72
, 75
, 79
, 68
DNS-, 238-241
, 238
, 241
-, 241
, Windows X P , 163
, 266
ENUM, 595
,
, 75
, 487
, 79
, 76-78
DNS-, 520
, 68
APNIC, 78
ARIN, 78
, 78
(RIRs), 78, 80
DNS-, , 209
, , 206
DNS-, 359

, named.conf, 363
, 54
DNS- , 301
DNS-, 56
DNS-, 359
DNS-, 360
, 301
DNS, 315
, 53
rd, dig, 448
, 359
DNS-, 314
, nslookup, , 436
, ( . RR-), 83
, 300, 565-567
DNS-, 304
, 370-376
, 373

, 315
,
, 301
, 302
, 300-304
, 302, 385
, 374
DNS-
, 301
, 372
, 282
TSIG-, 287
, 287
, 123
, 474-521
NIS, 474
rlogin rsh, , 518
TSIG, , 514
,
, 516
DNS-
, 492-493
(. dig)
, 515
, 518
DNS, 491

, 489-491
,
506
,
516

, 519

, 502
, 508

, 498

, 501

, 497
resolv.conf, 505
nslookup
dig, 478
BIND, 508
named-xfer, 476-478
, 498-500
, 487

,
495-496
, , 519
, 509

BIND 8, 478-483
BIND 9, 483-487
, PTR-,
, 494

. , 80

, 413
DNS-, 239
(gTLDs),
42, 43, 69
, 263
, 360
, , 171
, IP-,
DNS-, 363
, 24
, 78
,
DNS-, 325
, , 307
, , 77
ISDN, 616
, 77
, 584-586

DNS-, 224
,
498-500
, 76-78
, , , 2 4 5 - 250
sortlist, 146
,
, 267
DNS, 176
,
392
logging, 194
, 106
resolv.conf, 505
SERVFAIL, 219
getrlimit(), 203
sendto(), 220
setrlimit(), 203
, 220
, , 190
DNS-, 151, 564
whois, ,
, 78
DNS- DNS, 327
, , 500
,
268-272
, UNIX, 167, 171

, 106
DNS-, syslog,
, 106
syslog, 116
, 88
DNS-,
235
, 241
, 280
allow-update, , 286
allow-update-forwarding, 287
, 281
TSIG-, 287
, 139
BIND 4.8.3 4.9, 139
dig, , 447
nslookup, 424
, 429
, 436
BIND 4.8.3 DNS, 162

BIND, 508
sendmail, 154
(ACL), 281
, , 387
, 286
BIND 8 9, 65
BIND, 65

(sTLDs), 43
BIND, , 211-213, 223

BIND 8, 214-221
BIND 9, 221
BIND, 222
, 211
DNS, 231
DNS, , 162
DNS, DNS-
Windows XP, 162
IPv6-, 329
, 79
, (RRSIG-), 396
, BIND 8, 313
(. TSIG)
IPv4, 330-333
IPv6, 333
, SRI-NIC, , 25
CNAME-, 278
DNS-, 586
-, 370
, , 77
, , ypcat,
475
,
DNS-
, 247
, 183-185
DNS, 122
DNS, 82
, 82
DNS-, 34
RP-, 182
DNS, 26
, 226
DNS-, 226
, 29
, 612
, 136-165
DNS- Windows XP, 159-165
DNS-, 136-152
nsswitch.conf, , 158
, 156
,
154
, 153
, 157
, 36
, 29
BIND 8, 217-221, 231
TTL, 245

, 189
, 139
, 542
, 167
, 186
$INCLUDE, 189
$ORIGIN, 189

BIND 9, 171
, 456
, 487
, 40
, 158

BIND 8, 1, 462
, 466
BIND 9, 1, 465
, 95
, (SOA-)
, 245
BIND, 351
, 412
DNS,
, 26, 34
, 36

named, 323
/etc/named.boot, 83
/etc/named.conf, 83, 97
db.cache, 93
too many open files (
), , 511
, 92
, 94, 185
, , 83

named, 323
, 204
, 51, 83
h2n, , 104
DNS, 83
, 189
(), 90
DNS-, , 315
, (DNSKEY-), 394
-, 83, 608-611
- TSIG-, 346
,
, 301
, 400-403
, 392
, RRSIG, 396
- DNS-, 237
, 238
, 241
, , 172, 346, 392,

395, 396
, 391
, 407
, 122-135
MX-, 128
MX-, 123-126
DNS-, 228
, 228
, 126

, 126
DNS,
131-135
SPF, 132-135
, 154

DNS-, 382
,
, 395

DNS I BIND - Li, Krikiet & Al'Bitts, Pol - 17640

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

DNS I BIND - Li, Krikiet & Al'Bitts, Pol - 17640

Загружено:

Авторское право:

Доступные форматы

DNS

12. nslookup dig

14. DNS BIND

DNS, Windows, Active Directory

% zcat dns.tar.Z | tar xof -

DNS. RFC 1034 1035

. 1.4. edu, berkeley.edu

Internet Systems Consortium

, ACME Co. - Bugs Bunny

ab.ca, on.ca qc.ca,

winnie . corp. hp. com

(Dynamic Update), RFC 2 1 3 6 .

% nslookup ftp.isc.org. 207.69.188.185

minimum ttl = 3600

> set type=any

> set type=any

*** ns.unet.umn.edu can't find gizmonic-institute.com.: Non-existent host/

toystory.movie.edu toystory toys

wormhole.movie.edu wormhole wh wh249

wormhole.movie.edu wormhole wh wh253

movie.edu. IN SOA toystory.movie.edu. al.movie.edu. (

This file holds the information on root name servers needed to

initialize cache of Internet domain name servers

(e.g. reference this file in the "cache

configuration file of BIND domain name servers).

This file is made available by InterNIC

under anonymous FTP as

Jan 29, 2004

related version of root zone:

; operated by VeriSign, Inc.

; operated by RIPE NCC

@ IN SOA toystory.movie.edu. al.movie.edu. (

@ IN SOA toystory.movie.edu. al.movie.edu. (

@ IN SOA toystory.movie.edu. al.movie.edu. (

options (check-names master fail),

/etc/named.conf:14: zone '.': missing 'file' entry

% named-checkzone movie.edu db.movie

internet address = 192.5.6.30

AAAA IPv6 address = 2001:503:a83e::2:30

internet address = 192.33.14.30

AAAA IPv6 address = 2001:503:231d::2:30

internet address = 192.26.92.30

internet address = 192.31.80.30

internet address = 192.12.94.30

internet address = 192.35.51.30

internet address = 192.42.93.30

internet address = 192.54.112.30

internet address = 192.43.172.30

internet address = 192.48.79.30

internet address = 192.52.178.30

internet address = 192.41.162.30

internet address = 192.55.83.30

internet address = 15.227.128.

internet address = 15.243.160.

internet address = 15.211.128.

internet address = 16.14.64.50

internet address = 16.6.64.50

internet address = 16.8.64.50

% grep named /etc/*rc*

554 <root@movie.edu>... Local configuration error

554 MX list for acme.com points back to mail.isp.net

(Sender Policy Framework)

"v=spf1 +a:smtp1.oreilly.com +a:smtp2.oreilly.com -all"

% grep named /etc/rc