Linux Network Administrator Manual (6)

Source: Internet
Author: User
Tags name server lookup nameserver
Article title: Linux Network Administrator Manual (6 ). Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Chapter 6 Name Service and parser configuration
As described in chapter 2, TCP/IP networks can rely on different solutions to convert names to addresses. If you do not use the name
The simplest way to split a space into partitions is to use the host table stored in/etc/hosts. This is only composed
Small LAN managed by administrators, and the LAN must communicate with the outside world without IP addresses. The hosts file format is earlier.
It has been described in chapter 5th.
You can use the BIND-berbury Internet Name Domain service (Berkeley Internet Name Domain)
Service) -- to resolve the host name to the IP address. Configuring BIND may be complicated, but once you complete it, the network
Topology changes are easy to achieve. In Linux, as in many other UNIX-like systems, the name service
Provided by a program called named. At startup, it loads a group of major files into the buffer, waiting for remote or local users
Process. There are different ways to set up BIND, and not all methods require you to run on each host
Name server.
Although this chapter describes more details, it only gives a rough overview of how to operate a name server. For example
If you plan to use BIND in an environment that is not just a small LAN and may have an Internet connection, you should
Get a good book for BIND, such as Crichet Liu's "DNS and BIND" (see [AlbitzLiu92]). For the current
You can also view the release notes included in the original BIND program ). Another DNS question
Newsgroup is called comp. protocols. tcp-ip.domains.
6.1 parser library
When talking about the parser, we don't refer to any special application, but to the parser library (resolver libra
Ry) is a set of functions that can be found in the standard C library. The main routines are gethostbyname (2) and gethost.
Byaddr (2), which searches for all IP addresses of a host, and vice versa. They can be configured
Simply query information in hosts, request a number of name servers, or use the hosts database (Network
Information Service ). Other applications, such as smail, may include any different drivers
And requires special care.
6.1.1 host. conf file
The main file that controls your parser settings is host. conf. It is stored in/etc and notifies the parser of which service to use
And in what order.
The options in Host. conf must appear on different rows. Each field must be isolated by spaces (spaces or tabs. A"
# Indicates a comment line.
There are the following options:
Order
This determines the sequence of the parsing service test. Valid options are: bind for request name server, hosts for/et
In c/hosts, nis is used for NIS lookup. You can specify either or all of them. They appear on a line
Order determines the order of relevant service tests.
Multi
Use on or off as an option. This determines whether a host in/etc/hosts can have several IP addresses.
As "multi-host ". This flag does not work for DNS or NIS requests.
Nospoof
As explained in the previous chapter, DNS allows you to find the host name that belongs to an IP address by using the in-addr.arpa domain. Name
The attempt by the word Server to provide a false host name is called "spoofing "). To prevent this practice,
The parser can be configured to check whether an original IP address is actually related to an obtained host name. If not
This name will be discarded and an error will be returned. This action is enabled by setting nospoof to on.
Alert
This option uses on or off as the parameter. If it is opened, any spoofing attempt (see the above) will cause the parser to send messages
Information is written into the syslog log file.
Trim
This option uses a domain name as a parameter and will be deleted from the host name before search. This is useful for hosts items.
You may only want to specify a host name without a local region. Search for a host with a local domain name will be removed
In this way, the search in/etc/hosts is successful.
A sample file of Vlager is shown as follows:
#/Etc/host. conf
# We have named running, but no NIS (yet)
Order bind hosts
# Allow multiple addrs
Multi on
# Guard against spoof attempts
Nospoof on
# Trim local domain (not really necessary ).
Trim vbrew.com.
6.1.2 parser environment variables
The settings in host. conf can be overwritten by using environment variables. These environment variables are
RESOLV_HOST_CONF
This specifies to read a file instead of/etc/host. conf.
RESOLV_SERV_ORDER
Overwrite the sequence options in host. conf. The server is given in hosts, bind, and nis order, with spaces and commas
, Colons, or semicolons.
RESOLV_SPOOF_CHECK
Determine the method to treat fraud. You can use off to completely disable it. Value: warn and warn off.
Enable or disable logs. Value * indicates that the scam check is enabled, but the log options defined in host. conf are left.
RESOLV_MULTI
The on or off value can be used to overwrite the multi option in host. conf.
RESOLV_OVERRIDE_TRIM_DOMAINS
This environment variable specifies a list of trim fields, which overwrites the trim fields given in host. conf.
RESOLV_ADD_TRIM_DOMAINS
This environment variable specifies a list of trim fields, which adds the trim fields in host. conf.
6.1.3 configure name server lookup-resolv. conf
When you configure the parser library to use the BIND name service for host search, you must also tell it which name server to use.
There is an independent file called resolv. conf. If the file does not exist or is empty, the parser is false.
Set the name server to your local host.
If you run a name server on your local host, as described in the following section, you must
Set it. If you have the chance to use an existing name server on the local network, this will always be
Recommended Practices.
The most important option in resolv. conf is nameserver, which provides the IP address of the name server to be used. If you
Several nameserver options are used to specify several name servers, so they will be tried in the given order. Therefore
First, you should provide the most reliable server. Currently, up to three name servers are supported.
If the nameserver option is not provided, the parser tries to connect to the name server on the local host.
The other two options include domain and search. if BIND cannot use the first request to parse the host name, it is attached to the host.
The default domain name. The search option specifies a list of domain names for trial use. List items are separated by spaces or tabs.
  
If the search option is not provided, the domain name itself will be created from the local domain name and from the root parent domain
Search list. The local domain name can be given using the domain statement. if neither of them is provided, the parser will pass
The system calls getdomainname (2) to obtain it.
If this makes you confused, consider the resolv. conf sample file of the virtual Brewery:
#/Etc/resolv. conf
# Our domain
Domain vbrew.com
#
# We use vlager as central nameserver:
Nameserver 191.72.1.1
When vale is parsed, the parser queries vale, and vale.vbrew.com and vale.com both fail.
6.1.4 parser stability
If you run a LAN in a large network, you should undoubtedly use the primary name servers if they exist.
. The advantage of this is that they have a wealth of buffer, because all requests are forwarded to them. However, this
The solution also has disadvantages: when a fire destroys the backbone network cable of our school, the LAN in our system won't do much work, because
For example, the parser can no longer reach any name server, the X-terminal can no longer log on, or print.
Although it is not common for the campus backbone network to be burned in the fire, we must take preventive measures against this situation.
One option is to set a local name server that resolves the host name from the local region and forward all
Request to the master server. Of course, this only applies when you run your own background program.
Another option is to maintain a backup host table for your domain or LAN in your/etc/hosts. Then,
The/etc/host. conf file must contain "order bind hosts" so that the parser will return
Hosts file.
6.2 run named
Programs that provide domain name services on most UNIX machines are generally called named (pronounced name-dee ). This is an initial
A server program developed for BSD to provide name services to customers. Other name server programs may also be like this.
. Currently, most Linux installations use the BIND-4.8.3 version. Now BIND-4.9.3 is in Beta testing
Phase.
This section requires some understanding of the working principle of the domain name system. If you cannot understand the following discussion, you can review it.
Read Chapter 1, where there is more information about DNS.
Named is usually started during system boot and runs until the machine is shut down again. It is called/etc/na
Med. boot configuration files and various files that contain domain name-to-address ING data. The latter is called a zone.
Zone files ). The format and semantics of these files are described in the next section.
To run named, simply type
#/Usr/sbin/named
Named will be started to read the named. boot file and any region files specified in it. It uses the process id in ASCII
Write/var/named. pid, download any region file from the master server if necessary, and start Port 53
Listen to DNS requests. [1]
6.2.1 named. boot File
The named. boot file is usually very small and only contains pointers to the main file containing region information, as well as the name service.
Pointer. The comment line in the boot file starts with a semicolon and continues until the next new line. In our details
Before discussing the named. boot format, we will take a look at the vlager sample file given in section 6.1. [2]
;
;/Etc/named. boot file for vlager.vbrew.com
;
Directory/var/named
;
; Domain file
;---------------------

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.