mirror of
https://git.FreeBSD.org/ports.git
synced 2024-10-27 21:29:02 +00:00
bbcddcd587
The origin DNS-HOWTO's version is 3.0, and the current one is 3.1. Approved by: kris.
746 lines
27 KiB
Plaintext
746 lines
27 KiB
Plaintext
--- DNS-HOWTO.sgml.orig Sat Mar 10 13:12:21 2001
|
||
+++ DNS-HOWTO.sgml Sat Mar 10 13:38:31 2001
|
||
@@ -1,4 +1,4 @@
|
||
-<!doctype linuxdoc system>
|
||
+<!doctype linuxdoc public "-//FreeBSD//DTD linuxdoc 1.1//EN">
|
||
<!-- -*-SGML-*- -->
|
||
<article>
|
||
<title>DNS HOWTO <author>Nicolai Langfeldt (<tt/janl@linpro.no/),
|
||
@@ -77,11 +77,11 @@
|
||
"maps" as the jargon would have it) from name to address and from
|
||
address to name, and some other things. This HOWTO documents how to
|
||
define such mappings using Unix system, with a few things specific to
|
||
-Linux.
|
||
+FreeBSD.
|
||
|
||
<p>A mapping is simply an association between two things, in this case
|
||
-a machine name, like <tt>ftp.linux.org</tt>, and the machine's IP
|
||
-number (or address) <tt/199.249.150.4/. DNS also contains mappings
|
||
+a machine name, like <tt>ftp.freebsd.org</tt>, and the machine's IP
|
||
+number (or address) <tt/209.155.82.18/. DNS also contains mappings
|
||
the other way, from the IP number to the machine name; this is called
|
||
a "reverse mapping".
|
||
|
||
@@ -116,9 +116,11 @@
|
||
|
||
<p>Name serving on Unix is done by a program called <tt/named/. This
|
||
is a part of the ``BIND'' package which is coordinated by The Internet
|
||
-Software Consortium. <tt/Named/ is included in most Linux
|
||
-distributions and is usually installed as <tt>/usr/sbin/named</tt>,
|
||
-usually from a package called <tt/BIND/.
|
||
+Software Consortium. <tt/Named/ is included in all FreeBSD
|
||
+distributions and is installed as <tt>/usr/sbin/named</tt>,
|
||
+u can get the latest and greatest source from <htmlurl
|
||
+url="ftp://ftp.freebsd.org/pub/FreeBSD/FreeBSD-stable/src/contrib/bind/"
|
||
+name="ftp.freebsd.org:/pub/FreeBSD/FreeBSD-stable/src/contrib/bind/">.
|
||
|
||
<p>If you have a named you can probably use it; if you don't have one
|
||
you can get a binary off a Linux ftp site, or get the latest and
|
||
@@ -159,15 +161,14 @@
|
||
waiting time the next time significantly, especially if you're on a
|
||
slow connection.
|
||
|
||
-<p>First you need a file called <tt>/etc/named.conf</tt> (Debian:
|
||
-<tt>/etc/bind/named.conf</tt>). This is read when named starts. For
|
||
-now it should simply contain:
|
||
+<p>First you need a file called <tt>/etc/namedb/named.conf</tt>.
|
||
+This is read when named starts. For now it should simply contain:
|
||
|
||
<code>
|
||
// Config file for caching only name server
|
||
|
||
options {
|
||
- directory "/var/named";
|
||
+ directory "/etc/namedb";
|
||
|
||
// Uncommenting this might help if you have to go through a
|
||
// firewall and things are not working out. But you probably
|
||
@@ -178,27 +179,26 @@
|
||
|
||
zone "." {
|
||
type hint;
|
||
- file "root.hints";
|
||
+ file "named.root";
|
||
};
|
||
|
||
zone "0.0.127.in-addr.arpa" {
|
||
type master;
|
||
- file "pz/127.0.0";
|
||
+ file "localhost.rev";
|
||
};
|
||
</code>
|
||
|
||
-<p>The Linux distribution packages may use different file names for
|
||
+<p>The FreeBSD distribution packages may use different file names for
|
||
each kind of file mentioned here; they will still contain about the
|
||
same things.
|
||
|
||
<p>The `<tt/directory/' line tells named where to look for files. All
|
||
-files named subsequently will be relative to this. Thus <tt>pz</tt>
|
||
-is a directory under <tt>/var/named</tt>, i.e.,
|
||
-<tt>/var/named/pz</tt>. <tt>/var/named</tt> is the right directory
|
||
-according to the <em/Linux File system Standard/.
|
||
+files named subsequently will be relative to this.
|
||
+<tt>/etc/namedb</tt> is the standard directory
|
||
+according to the <em>hier(7)</em> manpage.
|
||
|
||
-<p>The file named <tt>/var/named/root.hints</tt> is named in this.
|
||
-<tt>/var/named/root.hints</tt> should contain this: (<em/If you cut
|
||
+<p>The file named <tt>/etc/namedb/named.root</tt> is named in this.
|
||
+<tt>/etc/namedb/named.root</tt> should contain this: (<em/If you cut
|
||
and paste this file from an electronic version of this document,
|
||
please note that there should be <bf/no/ leading spaces in the file,
|
||
i.e. all the lines should start with a non-blank character. Some
|
||
@@ -246,18 +246,18 @@
|
||
|
||
<p>The next section in <tt/named.conf/ is the last <tt/zone/. I will
|
||
explain its use in a later chapter; for now just make this a file
|
||
-named <tt/127.0.0/ in the subdirectory <tt/pz/: (<em/Again, please
|
||
-remove leading spaces if you cut and paste this/)
|
||
+named <tt/localhost.rev/ in the subdirectory <tt//etc/namedb/:
|
||
+(<em/Again, please remove leading spaces if you cut and paste this/)
|
||
|
||
<code>
|
||
$TTL 3D
|
||
-@ IN SOA ns.linux.bogus. hostmaster.linux.bogus. (
|
||
+@ IN SOA ns.freebsd.bogus. hostmaster.freebsd.bogus. (
|
||
1 ; Serial
|
||
8H ; Refresh
|
||
2H ; Retry
|
||
4W ; Expire
|
||
1D) ; Minimum TTL
|
||
- NS ns.linux.bogus.
|
||
+ NS ns.freebsd.bogus.
|
||
1 PTR localhost.
|
||
</code>
|
||
|
||
@@ -310,7 +310,7 @@
|
||
options. If that does not work try `<tt>/usr/sbin/ndc start</tt>'
|
||
instead. If that back-fires see the <ref id="qanda" name="qanda">
|
||
section. If you view your syslog message file (usually called
|
||
-<tt>/var/adm/messages</tt>, but another directory to look in is
|
||
+<tt>/var/log/messages</tt>, but another directory to look in is
|
||
<tt>/var/log</tt> and another file to look in is <tt/syslog/) while
|
||
starting named (do <tt>tail -f /var/log/messages</tt>) you should see
|
||
something like:
|
||
@@ -407,7 +407,7 @@
|
||
|
||
<p>This time dig asked your named to look for the machine
|
||
<tt/pat.uio.no/. It then contacted one of the name server machines
|
||
-named in your <tt>root.hints</tt> file, and asked its way from there.
|
||
+named in your <tt>named.root</tt> file, and asked its way from there.
|
||
It might take tiny while before you get the result as it may need to
|
||
search all the domains you named in <tt>/etc/resolv.conf</tt>. Please
|
||
note the "aa" on the "flags:" line. It means that the answer is
|
||
@@ -458,7 +458,7 @@
|
||
<p>All OSes implementing the standard C API has the calls
|
||
gethostbyname and gethostbyaddr. These can get information from
|
||
several different sources. Which sources it gets it from is
|
||
-configured in <tt>/etc/nsswitch.conf</tt> on Linux (and some other
|
||
+configured in <tt>/etc/nsswitch.conf</tt> on FreeBD (and some other
|
||
Unixes). This is a long file specifying from which file or database
|
||
to get different kinds of data types. It usually contains helpful
|
||
comments at the top, which you should consider reading. After that
|
||
@@ -671,7 +671,7 @@
|
||
<sect1>Our own domain
|
||
|
||
<p>Now to define our own domain. We're going to make the domain
|
||
-<tt/linux.bogus/ and define machines in it. I use a totally bogus
|
||
+<tt/freensd.bogus/ and define machines in it. I use a totally bogus
|
||
domain name to make sure we disturb no-one Out There.
|
||
|
||
<p>One more thing before we start: Not all characters are allowed in
|
||
@@ -685,25 +685,25 @@
|
||
<code>
|
||
zone "0.0.127.in-addr.arpa" {
|
||
type master;
|
||
- file "pz/127.0.0";
|
||
+ file "localhost.rev";
|
||
};
|
||
</code>
|
||
|
||
<p>Please note the lack of `<tt/./' at the end of the domain names in
|
||
this file. This says that now we will define the zone
|
||
<tt/0.0.127.in-addr.arpa/, that we're the master server for it and
|
||
-that it is stored in a file called <tt>pz/127.0.0</tt>. We've already
|
||
+that it is stored in a file called <tt>localhost.rev</tt>. We've already
|
||
set up this file, it reads:
|
||
|
||
<code>
|
||
$TTL 3D
|
||
-@ IN SOA ns.linux.bogus. hostmaster.linux.bogus. (
|
||
+@ IN SOA ns.freebsd.bogus. hostmaster.freebsd.bogus. (
|
||
1 ; Serial
|
||
8H ; Refresh
|
||
2H ; Retry
|
||
4W ; Expire
|
||
1D) ; Minimum TTL
|
||
- NS ns.linux.bogus.
|
||
+ NS ns.freebsd.bogus.
|
||
1 PTR localhost.
|
||
</code>
|
||
|
||
@@ -728,11 +728,11 @@
|
||
Saves some typing that. So the NS line could also be written
|
||
|
||
<tscreen><verb>
|
||
-0.0.127.in-addr.arpa. IN NS ns.linux.bogus
|
||
+0.0.127.in-addr.arpa. IN NS ns.freebsd.bogus
|
||
</verb></tscreen>
|
||
|
||
<p>It tells DNS what machine is the name server of the domain
|
||
-<tt/0.0.127.in-addr.arpa/, it is <tt/ns.linux.bogus/. 'ns' is a
|
||
+<tt/0.0.127.in-addr.arpa/, it is <tt/ns.freebsd.bogus/. 'ns' is a
|
||
customary name for name-servers, but as with web servers who are
|
||
customarily named <tt/www./<em/something/ the name may be anything.
|
||
|
||
@@ -742,8 +742,8 @@
|
||
|
||
<p>The SOA record is the preamble to <em/all/ zone files, and there
|
||
should be exactly one in each zone file. It describes the zone, where
|
||
-it comes from (a machine called <tt/ns.linux.bogus/), who is
|
||
-responsible for its contents (<tt/hostmaster@linux.bogus/; you should
|
||
+it comes from (a machine called <tt/ns.freebsd.bogus/), who is
|
||
+responsible for its contents (<tt/hostmaster@freebsd.bogus/; you should
|
||
insert your e-mail address here), what version of the zone file this
|
||
is (serial: 1), and other things having to do with caching and
|
||
secondary DNS servers. For the rest of the fields (refresh, retry,
|
||
@@ -778,31 +778,31 @@
|
||
</verb></tscreen>
|
||
|
||
<p>So it manages to get <tt/localhost/ from 127.0.0.1, good. Now for
|
||
-our main task, the <tt/linux.bogus/ domain, insert a new 'zone'
|
||
+our main task, the <tt/freebsd.bogus/ domain, insert a new 'zone'
|
||
section in <tt/named.conf/:
|
||
|
||
<code>
|
||
-zone "linux.bogus" {
|
||
+zone "freebsd.bogus" {
|
||
notify no;
|
||
type master;
|
||
- file "pz/linux.bogus";
|
||
+ file "pz/freebsd.bogus";
|
||
};
|
||
</code>
|
||
|
||
<p>Note again the lack of ending `<tt/./' on the domain name in the
|
||
<tt/named.conf/ file.
|
||
|
||
-<p>In the <tt/linux.bogus/ zone file we'll put some totally bogus
|
||
+<p>In the <tt/freebsd.bogus/ zone file we'll put some totally bogus
|
||
data:
|
||
|
||
<code>
|
||
;
|
||
-; Zone file for linux.bogus
|
||
+; Zone file for freebsd.bogus
|
||
;
|
||
; The full zone file
|
||
;
|
||
$TTL 3D
|
||
-@ IN SOA ns.linux.bogus. hostmaster.linux.bogus. (
|
||
+@ IN SOA ns.freebsd.bogus. hostmaster.freebsd.bogus. (
|
||
199802151 ; serial, todays date + todays serial #
|
||
8H ; refresh, seconds
|
||
2H ; retry, seconds
|
||
@@ -810,7 +810,7 @@
|
||
1D ) ; minimum, seconds
|
||
;
|
||
NS ns ; Inet Address of name server
|
||
- MX 10 mail.linux.bogus ; Primary Mail Exchanger
|
||
+ MX 10 mail.freebsd.bogus ; Primary Mail Exchanger
|
||
MX 20 mail.friend.bogus. ; Secondary Mail Exchanger
|
||
;
|
||
localhost A 127.0.0.1
|
||
@@ -818,11 +818,11 @@
|
||
mail A 192.168.196.4
|
||
</code>
|
||
|
||
-<p>Two things must be noted about the SOA record. <tt/ns.linux.bogus/
|
||
+<p>Two things must be noted about the SOA record. <tt/ns.freebsd.bogus/
|
||
<em/must/ be a actual machine with a A record. It is not legal to
|
||
have a CNAME record for the machine mentioned in the SOA record. Its
|
||
name need not be `ns', it could be any legal host name. Next,
|
||
-hostmaster.linux.bogus should be read as hostmaster@linux.bogus. This
|
||
+hostmaster.freebsd.bogus should be read as hostmaster@freebsd.bogus. This
|
||
should be a mail alias, or a mailbox, where the person(s) maintaining
|
||
DNS should read mail frequently. Any mail regarding the domain will
|
||
be sent to the address listed here. The name need not be
|
||
@@ -831,7 +831,7 @@
|
||
|
||
<p>There is one new RR type in this file, the MX, or Mail eXchanger
|
||
RR. It tells mail systems where to send mail that is addressed to
|
||
-<tt/someone@linux.bogus/, namely to <tt/mail.linux.bogus/ or
|
||
+<tt/someone@freebsd.bogus/, namely to <tt/mail.freebsd.bogus/ or
|
||
<tt/mail.friend.bogus/. The number before each machine name is that
|
||
MX RR's priority. The RR with the lowest number (10) is the one mail
|
||
should be sent to if possible. If that fails the mail can be sent to
|
||
@@ -842,19 +842,19 @@
|
||
with dig:
|
||
|
||
<tscreen><verb>
|
||
-$ dig any linux.bogus +pfmin
|
||
+$ dig any freebsd.bogus +pfmin
|
||
;; res options: init recurs defnam dnsrch
|
||
;; got answer:
|
||
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23499
|
||
;; QUERY: 1, ANSWER: 4, AUTHORITY: 1, ADDITIONAL: 1
|
||
;; QUERY SECTION:
|
||
-;; linux.bogus, type = ANY, class = IN
|
||
+;; freebsd.bogus, type = ANY, class = IN
|
||
|
||
;; ANSWER SECTION:
|
||
-linux.bogus. 3D IN MX 10 mail.linux.bogus.linux.bogus.
|
||
-linux.bogus. 3D IN MX 20 mail.friend.bogus.
|
||
-linux.bogus. 3D IN NS ns.linux.bogus.
|
||
-linux.bogus. 3D IN SOA ns.linux.bogus. hostmaster.linux.bogus. (
|
||
+freebsd.bogus. 3D IN MX 10 mail.freebsd.bogus.freebsd.bogus.
|
||
+freebsd.bogus. 3D IN MX 20 mail.friend.bogus.
|
||
+freebsd.bogus. 3D IN NS ns.freebsd.bogus.
|
||
+freebsd.bogus. 3D IN SOA ns.freebsd.bogus. hostmaster.freebsd.bogus. (
|
||
199802151 ; serial
|
||
8H ; refresh
|
||
2H ; retry
|
||
@@ -865,29 +865,29 @@
|
||
<p>Upon careful examination you will discover a bug. The line
|
||
|
||
<tscreen><verb>
|
||
-linux.bogus. 3D IN MX 10 mail.linux.bogus.linux.bogus.
|
||
+freebsd.bogus. 3D IN MX 10 mail.freebsd.bogus.freebsd.bogus.
|
||
</verb></tscreen>
|
||
|
||
<p>is all wrong. It should be
|
||
|
||
<tscreen><verb>
|
||
-linux.bogus. 3D IN MX 10 mail.linux.bogus.
|
||
+freebsd.bogus. 3D IN MX 10 mail.freebsd.bogus.
|
||
</verb></tscreen>
|
||
|
||
<p>I deliberately made a mistake so you could learn from it :-)
|
||
Looking in the zone file we find this line:
|
||
|
||
<tscreen><verb>
|
||
- MX 10 mail.linux.bogus ; Primary Mail Exchanger
|
||
+ MX 10 mail.freebsd.bogus ; Primary Mail Exchanger
|
||
</verb></tscreen>
|
||
|
||
-<p>It is missing a period. Or has a 'linux.bogus' too many. If a
|
||
+<p>It is missing a period. Or has a 'freebsd.bogus' too many. If a
|
||
machine name does not end in a period in a zone file the origin is
|
||
-added to its end causing the double <tt/linux.bogus.linux.bogus/. So
|
||
+added to its end causing the double <tt/freebsd.bogus.freebsd.bogus/. So
|
||
either
|
||
|
||
<code>
|
||
- MX 10 mail.linux.bogus. ; Primary Mail Exchanger
|
||
+ MX 10 mail.freebsd.bogus. ; Primary Mail Exchanger
|
||
</code>
|
||
|
||
or
|
||
@@ -912,19 +912,19 @@
|
||
|
||
<code>
|
||
;
|
||
-; Zone file for linux.bogus
|
||
+; Zone file for freebsd.bogus
|
||
;
|
||
; The full zone file
|
||
;
|
||
$TTL 3D
|
||
-@ IN SOA ns.linux.bogus. hostmaster.linux.bogus. (
|
||
+@ IN SOA ns.freebsd.bogus. hostmaster.freebsd.bogus. (
|
||
199802151 ; serial, todays date + todays serial #
|
||
8H ; refresh, seconds
|
||
2H ; retry, seconds
|
||
4W ; expire, seconds
|
||
1D ) ; minimum, seconds
|
||
;
|
||
- TXT "Linux.Bogus, your DNS consultants"
|
||
+ TXT "FreeBSD.Bogus, your DNS consultants"
|
||
NS ns ; Inet Address of name server
|
||
NS ns.friend.bogus.
|
||
MX 10 mail ; Primary Mail Exchanger
|
||
@@ -939,31 +939,31 @@
|
||
ns A 192.168.196.2
|
||
MX 10 mail
|
||
MX 20 mail.friend.bogus.
|
||
- HINFO "Pentium" "Linux 2.0"
|
||
+ HINFO "Pentium" "FreeBSD 3.0"
|
||
www CNAME ns
|
||
|
||
donald A 192.168.196.3
|
||
MX 10 mail
|
||
MX 20 mail.friend.bogus.
|
||
- HINFO "i486" "Linux 2.0"
|
||
+ HINFO "i486" "FreeBSD 3.0"
|
||
TXT "DEK"
|
||
|
||
mail A 192.168.196.4
|
||
MX 10 mail
|
||
MX 20 mail.friend.bogus.
|
||
- HINFO "386sx" "Linux 1.2"
|
||
+ HINFO "386sx" "FreeBSD 2.2"
|
||
|
||
ftp A 192.168.196.5
|
||
MX 10 mail
|
||
MX 20 mail.friend.bogus.
|
||
- HINFO "P6" "Linux 2.1.86"
|
||
+ HINFO "P6" "FreeBSD 3.0"
|
||
</code>
|
||
|
||
<p>There are a number of new RRs here: HINFO (Host INFOrmation) has
|
||
two parts; it's a good habit to quote each. The first part is the
|
||
hardware or CPU on the machine, and the second part the software or OS
|
||
on the machine. The machine called 'ns' has a Pentium CPU and runs
|
||
-Linux 2.0. CNAME (Canonical NAME) is a way to give each machine
|
||
+FreeBSD 3.0. CNAME (Canonical NAME) is a way to give each machine
|
||
several names. So www is an alias for ns.
|
||
|
||
<p>CNAME record usage is a bit controversial. But it's safe to follow
|
||
@@ -982,7 +982,7 @@
|
||
</code>
|
||
|
||
<p>It's also safe to assume that a CNAME is not a legal host name for
|
||
-an e-mail address: <tt/webmaster@www.linux.bogus/ is an illegal e-mail
|
||
+an e-mail address: <tt/webmaster@www.freebsd.bogus/ is an illegal e-mail
|
||
address given the setup above. You can expect quite a few mail admins
|
||
Out There to enforce this rule even if it works for you. The way to
|
||
avoid this is to use A records (and perhaps some others too, like a MX
|
||
@@ -1002,10 +1002,10 @@
|
||
named to read its files again.
|
||
|
||
<tscreen><verb>
|
||
-$ dig linux.bogus axfr
|
||
+$ dig freebsd.bogus axfr
|
||
|
||
-; <<>> DiG 8.2 <<>> linux.bogus axfr
|
||
-$ORIGIN linux.bogus.
|
||
+; <<>> DiG 8.2 <<>> freebsd.bogus axfr
|
||
+$ORIGIN freebsd.bogus.
|
||
@ 3D IN SOA ns hostmaster (
|
||
199802151 ; serial
|
||
8H ; refresh
|
||
@@ -1017,26 +1017,26 @@
|
||
3D IN NS ns.friend.bogus.
|
||
3D IN MX 10 mail
|
||
3D IN MX 20 mail.friend.bogus.
|
||
- 3D IN TXT "Linux.Bogus, your DNS consultants"
|
||
+ 3D IN TXT "FreeBSD.Bogus, your DNS consultants"
|
||
gw 3D IN TXT "The router"
|
||
3D IN HINFO "Cisco" "IOS"
|
||
3D IN A 192.168.196.1
|
||
localhost 3D IN A 127.0.0.1
|
||
-mail 3D IN HINFO "386sx" "Linux 1.2"
|
||
+mail 3D IN HINFO "386sx" "FreeBSD 2.1.5"
|
||
3D IN MX 10 mail
|
||
3D IN MX 20 mail.friend.bogus.
|
||
3D IN A 192.168.196.4
|
||
www 3D IN CNAME ns
|
||
donald 3D IN TXT "DEK"
|
||
- 3D IN HINFO "i486" "Linux 2.0"
|
||
+ 3D IN HINFO "i486" "FreeBSD 2.2"
|
||
3D IN MX 10 mail
|
||
3D IN MX 20 mail.friend.bogus.
|
||
3D IN A 192.168.196.3
|
||
-ns 3D IN HINFO "Pentium" "Linux 2.0"
|
||
+ns 3D IN HINFO "Pentium" "FreeBSD 2.2"
|
||
3D IN MX 10 mail
|
||
3D IN MX 20 mail.friend.bogus.
|
||
3D IN A 192.168.196.2
|
||
-ftp 3D IN HINFO "P6" "Linux 2.1.86"
|
||
+ftp 3D IN HINFO "P6" "FreeBSD 2.1.7"
|
||
3D IN MX 10 mail
|
||
3D IN MX 20 mail.friend.bogus.
|
||
3D IN A 192.168.196.5
|
||
@@ -1056,28 +1056,28 @@
|
||
Let's check what it says for <tt/www/ alone:
|
||
|
||
<tscreen><verb>
|
||
-$<24>dig www.linux.bogus +pfmin
|
||
+$<24>dig www.freebsd.bogus +pfmin
|
||
;; res options: init recurs defnam dnsrch
|
||
;; got answer:
|
||
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27345
|
||
;; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 1
|
||
;; QUERY SECTION:
|
||
-;; www.linux.bogus, type = A, class = IN
|
||
+;; www.freebsd.bogus, type = A, class = IN
|
||
|
||
;; ANSWER SECTION:
|
||
-www.linux.bogus. 3D IN CNAME ns.linux.bogus.
|
||
-ns.linux.bogus. 3D IN A 192.168.196.2
|
||
+www.freebsd.bogus. 3D IN CNAME ns.freebsd.bogus.
|
||
+ns.freebsd.bogus. 3D IN A 192.168.196.2
|
||
</verb></tscreen>
|
||
|
||
-<p>In other words, the real name of <tt/www.linux.bogus/ is
|
||
-<tt/ns.linux.bogus/, and it gives you some of the information it has
|
||
+<p>In other words, the real name of <tt/www.freebsd.bogus/ is
|
||
+<tt/ns.freebsd.bogus/, and it gives you some of the information it has
|
||
about ns as well, enough to connect to it if you were a program.
|
||
|
||
<p>Now we're halfway.
|
||
|
||
<sect1>The reverse zone
|
||
|
||
-<p>Now programs can convert the names in linux.bogus to addresses
|
||
+<p>Now programs can convert the names in freebsd.bogus to addresses
|
||
which they can connect to. But also required is a reverse zone, one
|
||
making DNS able to convert from an address to a name. This name is
|
||
used by a lot of servers of different kinds (FTP, IRC, WWW and others)
|
||
@@ -1091,7 +1091,7 @@
|
||
zone "196.168.192.in-addr.arpa" {
|
||
notify no;
|
||
type master;
|
||
- file "pz/192.168.196";
|
||
+ file "192.168.196";
|
||
};
|
||
</code>
|
||
|
||
@@ -1100,19 +1100,19 @@
|
||
|
||
<code>
|
||
$TTL 3D
|
||
-@ IN SOA ns.linux.bogus. hostmaster.linux.bogus. (
|
||
+@ IN SOA ns.freebsd.bogus. hostmaster.freebsd.bogus. (
|
||
199802151 ; Serial, todays date + todays serial
|
||
8H ; Refresh
|
||
2H ; Retry
|
||
4W ; Expire
|
||
1D) ; Minimum TTL
|
||
- NS ns.linux.bogus.
|
||
+ NS ns.freebsd.bogus.
|
||
|
||
-1 PTR gw.linux.bogus.
|
||
-2 PTR ns.linux.bogus.
|
||
-3 PTR donald.linux.bogus.
|
||
-4 PTR mail.linux.bogus.
|
||
-5 PTR ftp.linux.bogus.
|
||
+1 PTR gw.freebsd.bogus.
|
||
+2 PTR ns.freebsd.bogus.
|
||
+3 PTR donald.freebsd.bogus.
|
||
+4 PTR mail.freebsd.bogus.
|
||
+5 PTR ftp.freebsd.bogus.
|
||
</code>
|
||
|
||
<p>Now you restart your named (<tt/ndc restart/) and examine your
|
||
@@ -1128,7 +1128,7 @@
|
||
;; 4.196.168.192.in-addr.arpa, type = ANY, class = IN
|
||
|
||
;; ANSWER SECTION:
|
||
-4.196.168.192.in-addr.arpa. 3D IN PTR mail.linux.bogus.
|
||
+4.196.168.192.in-addr.arpa. 3D IN PTR mail.freebsd.bogus.
|
||
</code>
|
||
|
||
<p>so, it looks OK, dump the whole thing to examine that too:
|
||
@@ -1138,20 +1138,20 @@
|
||
|
||
; <<>> DiG 8.2 <<>> -x AXFR
|
||
$ORIGIN 196.168.192.in-addr.arpa.
|
||
-@ 3D IN SOA ns.linux.bogus. hostmaster.linux.bogus. (
|
||
+@ 3D IN SOA ns.freebsd.bogus. hostmaster.freebsd.bogus. (
|
||
199802151 ; serial
|
||
8H ; refresh
|
||
2H ; retry
|
||
4W ; expiry
|
||
1D ) ; minimum
|
||
|
||
- 3D IN NS ns.linux.bogus.
|
||
-4 3D IN PTR mail.linux.bogus.
|
||
-2 3D IN PTR ns.linux.bogus.
|
||
-5 3D IN PTR ftp.linux.bogus.
|
||
-3 3D IN PTR donald.linux.bogus.
|
||
-1 3D IN PTR gw.linux.bogus.
|
||
-@ 3D IN SOA ns.linux.bogus. hostmaster.linux.bogus. (
|
||
+ 3D IN NS ns.freebsd.bogus.
|
||
+4 3D IN PTR mail.freebsd.bogus.
|
||
+2 3D IN PTR ns.freebsd.bogus.
|
||
+5 3D IN PTR ftp.freebsd.bogus.
|
||
+3 3D IN PTR donald.freebsd.bogus.
|
||
+1 3D IN PTR gw.freebsd.bogus.
|
||
+@ 3D IN SOA ns.freebsd.bogus. hostmaster.freebsd.bogus. (
|
||
199802151 ; serial
|
||
8H ; refresh
|
||
2H ; retry
|
||
@@ -1205,7 +1205,7 @@
|
||
read it. Now.
|
||
|
||
<p>The reverse zone also needs to be delegated. If you got the
|
||
-<tt/192.168.196/ net with the <tt/linux.bogus/ domain from your
|
||
+<tt/192.168.196/ net with the <tt/freebsd.bogus/ domain from your
|
||
provider they need to put <tt/NS/ records in for your reverse zone as
|
||
well as for your forward zone. If you follow the chain from
|
||
<tt/in-addr.arpa/ and up to your net you will probably find a break in
|
||
@@ -1269,9 +1269,9 @@
|
||
master. You set it up like this:
|
||
|
||
<code>
|
||
-zone "linux.bogus" {
|
||
+zone "freebsd.bogus" {
|
||
type slave;
|
||
- file "sz/linux.bogus";
|
||
+ file "sz/freebsd.bogus";
|
||
masters { 192.168.196.2; };
|
||
};
|
||
</code>
|
||
@@ -1280,7 +1280,7 @@
|
||
zone transfer is controlled by your SOA record:
|
||
|
||
<code>
|
||
-@ IN SOA ns.linux.bogus. hostmaster.linux.bogus. (
|
||
+@ IN SOA ns.freebsd.bogus. hostmaster.freebsd.bogus. (
|
||
199802151 ; serial, todays date + todays serial #
|
||
8H ; refresh, seconds
|
||
2H ; retry, seconds
|
||
@@ -1326,7 +1326,7 @@
|
||
adding yourself for debugging purposes:
|
||
|
||
<code>
|
||
-zone "linux.bogus" {
|
||
+zone "freebsd.bogus" {
|
||
allow-transfer { 192.168.1.4; localhost; };
|
||
};
|
||
</code>
|
||
@@ -1347,7 +1347,7 @@
|
||
allow-query { 192.168.196.0/24; localhost; };
|
||
};
|
||
|
||
-zone "linux.bogus" {
|
||
+zone "freebsd.bogus" {
|
||
allow-query { any; };
|
||
};
|
||
|
||
@@ -1401,7 +1401,7 @@
|
||
here differs a bit from what you find if you query LAND-5's name
|
||
servers now.
|
||
|
||
-<sect1>/etc/named.conf (or /var/named/named.conf)
|
||
+<sect1>/etc/namedb/named.conf
|
||
|
||
<p>Here we find master zone sections for the two reverse zones needed:
|
||
the 127.0.0 net, as well as LAND-5's <tt/206.6.177/ subnet, and a
|
||
@@ -1413,7 +1413,7 @@
|
||
// Boot file for LAND-5 name server
|
||
|
||
options {
|
||
- directory "/var/named";
|
||
+ directory "/etc/namedb";
|
||
};
|
||
|
||
zone "." {
|
||
@@ -1441,7 +1441,7 @@
|
||
put ``<tt/notify no;/'' in the zone sections for the two <tt/land-5/
|
||
zones so as to avoid accidents.
|
||
|
||
-<sect1>/var/named/root.hints
|
||
+<sect1>/var/namedb/named.root
|
||
|
||
<p>Keep in mind that this file is dynamic, and the one listed here is
|
||
old. You're better off using one produced now, with dig, as explained
|
||
@@ -1493,7 +1493,7 @@
|
||
;; MSG SIZE sent: 17 rcvd: 436
|
||
</code>
|
||
|
||
-<sect1>/var/named/zone/127.0.0
|
||
+<sect1>/etc/namedb/zone/127.0.0
|
||
|
||
<p>Just the basics, the obligatory SOA record, and a record that maps
|
||
127.0.0.1 to <tt/localhost/. Both are required. No more should be in
|
||
@@ -1518,7 +1518,7 @@
|
||
absence. I would recommend that you put the <tt/$TTL/ in line in zone
|
||
files as you discover that they are missing.
|
||
|
||
-<sect1>/var/named/zone/land-5.com
|
||
+<sect1>/etc/namedb/zone/land-5.com
|
||
|
||
<p>Here we see the mandatory SOA record, the needed NS records. We
|
||
can see that he has a secondary name server at <tt/ns2.psi.net/. This
|
||
@@ -1608,7 +1608,7 @@
|
||
<tt/land-5.com/, but using an A record, not a CNAME record. This is a
|
||
good policy as noted earlier.
|
||
|
||
-<sect1>/var/named/zone/206.6.177
|
||
+<sect1>/etc/namedb/zone/206.6.177
|
||
|
||
<p>I'll comment on this file below
|
||
|
||
@@ -1732,10 +1732,10 @@
|
||
|
||
PATH=/sbin:/usr/sbin:/bin:/usr/bin:
|
||
export PATH
|
||
- # NOTE: /var/named must be writable only by trusted users or this script
|
||
+ # NOTE: /etc/namedb must be writable only by trusted users or this script
|
||
# will cause root compromise/denial of service opportunities.
|
||
- cd /var/named 2>/dev/null || {
|
||
- echo "Subject: Cannot cd to /var/named, error $?"
|
||
+ cd /etc/namedb 2>/dev/null || {
|
||
+ echo "Subject: Cannot cd to /etc/namedb, error $?"
|
||
echo
|
||
echo "The subject says it all"
|
||
exit 1
|
||
@@ -1784,7 +1784,7 @@
|
||
echo
|
||
echo "The nameserver has been restarted to ensure that the update is complete."
|
||
echo "The previous root.hints file is now called
|
||
-/var/named/root.hints.old."
|
||
+/etc/namedb/named.root"
|
||
) 2>&1 | /usr/lib/sendmail -t
|
||
exit 0
|
||
</code>
|
||
@@ -1806,7 +1806,7 @@
|
||
style) for a cache-only name server:
|
||
|
||
<code>
|
||
-directory /var/named
|
||
+directory /etc/namedb
|
||
cache . root.hints
|
||
primary 0.0.127.IN-ADDR.ARPA 127.0.0.zone
|
||
primary localhost localhost.zone
|
||
@@ -1827,7 +1827,7 @@
|
||
// generated by named-bootconf.pl
|
||
|
||
options {
|
||
- directory "/var/named";
|
||
+ directory "/etc/namedb";
|
||
};
|
||
|
||
zone "." {
|
||
@@ -1853,13 +1853,13 @@
|
||
|
||
<code>
|
||
// This is a configuration file for named (from BIND 8.1 or later).
|
||
-// It would normally be installed as /etc/named.conf.
|
||
+// It would normally be installed as /etc/namedb/named.conf.
|
||
// The only change made from the `stock' named.conf (aside from this
|
||
// comment :) is that the directory line was uncommented, since I
|
||
-// already had the zone files in /var/named.
|
||
+// already had the zone files in /etc/namedd.
|
||
|
||
options {
|
||
- directory "/var/named";
|
||
+ directory "/etc/namedb";
|
||
datasize 20M;
|
||
};
|
||
|
||
@@ -1928,9 +1928,9 @@
|
||
like this in the named.conf file of your secondary:
|
||
|
||
<code>
|
||
- zone "linux.bogus" {
|
||
+ zone "freebsd.bogus" {
|
||
type slave;
|
||
- file "sz/linux.bogus";
|
||
+ file "freebsd.bogus";
|
||
masters { 127.0.0.1; };
|
||
};
|
||
</code>
|
||
@@ -2101,7 +2101,7 @@
|
||
not recommended.
|
||
|
||
<item>How can I get a domain? I want to set up my own domain called
|
||
- (for example) <tt/linux-rules.net/. How can I get the domain I want
|
||
+ (for example) <tt/freebsd-rules.net/. How can I get the domain I want
|
||
assigned to me?
|
||
|
||
<p>Please contact your network service provider. They will be able
|