There are a few other zone data files, some of which are created during the installation of BIND: named. The loopback address is a special address hosts use to direct traffic to themselves. This is usually IP Address Let's have a quick look at the files we have covered so far to make sure we don't lose track:. You should also be aware that the file names can change, there is no standard for names, it's just very convenient and tidy to keep some type of convention.
To tie all the zone data files together a name server needs a configuration file. BIND version 8 and above calls it named. Most entries in the zone data files are called DNS resource records. Since DNS lookups are case insensitive, you can enter names in your zone data files in uppercase, lowercase or mixed case.
I tend to use lowercase. Resource records must start in the first column of a line. Some people choose to follow this order, while others don't.
You are not required to follow this order, but I do :. The next article deals with the construction of our first zone data file, db. Deal with bandwidth spikes Free Download.
Web Vulnerability Scanner Free Download. Not only does it limit queries for individual resource records, it limits zone transfers, too. In BIND 8, restricting zone transfers is done separately. However, 4. To use secure zones, you include one or more special TXT text records in your zone data on the primary master name server. The records are conveniently transferred to the zone's slave servers automatically.
Of course, only BIND 4. The mask is the netmask for that address. If you want to allow all of net 15 access to your zone data, use If you only want to allow the range of IP addresses from The H is equivalent to the mask Therefore, If we wanted to restrict queries for information in movie. That's so a resolver can query its local name server. If you wanted to prevent unauthorized queries for data in other zones on this server, you'd have to add secure zones records to that zone on its primary master name server, too.
Users on remote hosts that can query your name server's zone data can only look up data e. Users who can start zone transfers from your server can list all of the hosts in your zones.
It's the difference between letting random folks call your company's switchboard and ask for John Q. If you feel your use of code examples falls outside fair use or the permission given above, feel free to contact us at permissions oreilly.
Safari Books Online is an on-demand digital library that lets you easily search over 7, technology and creative reference books and videos to find the answers you need quickly. With a subscription, you can read any page and watch any video from our library online. Read books on your cell phone and mobile devices.
Access new titles before they are available for print, and get exclusive access to manuscripts in development and post feedback for the authors. Copy and paste code samples, organize your favorites, download chapters, bookmark key sections, create notes, print out pages, and benefit from tons of other time-saving features.
We have a web page for this book, where we list errata, examples, and any additional information. You can access this page at:. Many thanks to my long-time editor, Mike Loukides, for suggesting this book in the first place. Thanks also to my boss at Infoblox, Steve Nye, who supported the project, and to my old friend and co-conspirator in the Ask Mr. And much credit is due Owen DeLong for his excellent technical review. Most of all, though, thanks to my family: Walt and Greta, Charlie and Jessie, and especially my wife, Paige.
When all of your configuration and zone files have no errors in them, you should be ready to restart the BIND service. In most environments, it is a good idea to set up a secondary DNS server that will respond to requests if the primary becomes unavailable.
Luckily, the secondary DNS server is much easier to configure. Save and exit named. Define slave zones that correspond to the master zones on the primary DNS server.
If you defined multiple reverse zones in the primary DNS server, make sure to add them all here:. Now you must configure your servers to use your private DNS servers. Add the following lines to the file substitute your private domain, and ns1 and ns2 private IP addresses :.
Then add the following lines to the TOP of the file substitute your private domain, and ns1 and ns2 private IP addresses :. Use nslookup to test if your clients can query your name servers. For example, we can perform a forward lookup to retrieve the IP address of host1.
The output of the command above would look like the following:. If all of the names and IP addresses resolve to the correct values, that means that your zone files are configured properly. If you receive unexpected values, be sure to review the zone files on your primary DNS server e. Your internal DNS servers are now set up properly!
Now we will cover maintaining your zone records. Now that you have a working internal DNS, you need to maintain your DNS records so they accurately reflect your server environment. Whenever you add a host to your environment in the same datacenter , you will want to add it to DNS.
Here is a list of steps that you need to take:. If you remove a host from your environment or want to just take it out of DNS, just remove all the things that were added when you added the server to DNS i. This makes configuration of services and applications easier because you no longer have to remember the private IP addresses, and the files will be easier to read and understand. Also, now you can change your configurations to point to a new servers in a single place, your primary DNS server, instead of having to edit a variety of distributed configuration files, which eases maintenance.
Once you have your internal DNS set up, and your configuration files are using private FQDNs to specify network connections, it is critical that your DNS servers are properly maintained. If they both become unavailable, your services and applications that rely on them will cease to function properly. This is why it is recommended to set up your DNS with at least one secondary server, and to maintain working backups of all of them. Software Engineer DigitalOcean.
0コメント