DNS HOWTO Nicolai Langfeldt (dns-howto(at)langfeldt.net), Jamie Nor- rish ¼ Version 9.0, 2001-12-20 ìY nakano(at)apm.seikei.ac.jp v9.0j1, 2002-02-03 ZÔÅ DNS ÇÒÉÈéû@B ______________________________________________________________________ Ú 1. O« 1.1 @I鱮 1.2 Ó«ÆwvåW 1.3 £« 1.4 ÅVÅ 2. ͶßÉ 2.1 ¼Ìl[T[oÌÀ 3. ¼OðÆLbV ðs¤l[T[o 3.1 named ðN®·é 3.2 ]o 3.3 ¨ßÅƤ 4. tH[h (forwarding) 5. PÈhC 5.1 ÅàܸÅÉÞüÈ_ 5.2 ©ªÌhCðìé 5.3 tø«][ 5.4 Cð¯ÄÙµ¢±Æ 5.5 Ⱥtø«ª®ìµÈ¢Ì© 5.5.1 tø«][ªã³êÈ¢ 5.5.2 NXX (classless) ÌTulbgðàçÁ½ê 5.6 X[uT[o 6. î{IÈZL eBIvV 6.1 ][]̧À 6.2 s³p©ççé 6.3 named ð root ÈOÅÀs·é 7. ÀÛÌhCÌá 7.1 /etc/named.conf (Ü½Í /var/named/named.conf) 7.2 /var/named/root.hints 7.3 /var/named/zone/127.0.0 7.4 /var/named/zone/land-5.com 7.5 /var/named/zone/206.6.177 8. eiX 9. BIND 9 ÉÚs·é 10. Q & A 11. æènûµ½ DNS ÇÒÉÈé½ßÉ ______________________________________________________________________ 1. O« Keywords: DNS, BIND, BIND 4, BIND 8, BIND 9, named, dialup, PPP, slip, ISDN, Internet, domain, name, resolution, hosts, caching. ±Ì¶Í Linux Documentation Project ÌêÅ·B (ó: |óÅÍ Japanese FAQ Project ÌêÅ·) 1.1. @I鱮 (C)opyright 1995-2001 Nicolai Langfeldt, Jamie Norrish & Co. Do not modify without amending copyright, distribute freely but retain copyright message. ±Ì¶Ìì Í (C)opyright 1995-2001 Nicolai Langfeldt, Jamie Norrish & Co. É èÜ·B±Ì¶ðC³·éêÍì \¦Éà»Ì| ¾LµÄº³¢Bìé¾ðÏXµÈ¯êΩRÉÄzz·é±ÆªÅ«Ü ·B óF|óÍìYªs¢Üµ½B(C)opyright 1998-2002 Takeo Nakano 1.2. Ó«ÆwvåW { HOWTO ̸Çð¨è¢µ½·×ÄÌlX (»ê¼êÌûª²¶¶Ì͸)A ñÄâîñðdq[ÅÁľ³Á½·×ÄÌÇÒɴӵܷB ±Ì¶Íܾ®¬µ½àÌÅÍ èܹñB±Ì¶ðæèÇ¢¨É·é½ ßÉAâè_â¬÷áÈÇÉ¢ÄMÒÉ[ðÁĺ³¢BRgE ¿âA»àÈÇÍ janl(at)langfeldt.net ÜÅB é¢ÍÌ DNS {ðÁ ľ³¢ (è¼Í "The Concise Guide to DNS and BIND Å·B ISBN ÍQ l¶£XgÉ èÜ·)B[ðèAÔMðó]·éêÉÍAÔMæ ÌAhXª³µ¢©Aܽ¿áñÆ@\µÄ¢é©Ç¤©ðmFµÄº³é æ¤É¨è¢µÜ·Bܽ[·éOÉÍK¸ ``Q & A'' ÌZNVð Çñž³¢BȨAªÇßéÌÍmEF[êÆpêÉÀçêÜ·B ±êÍ HOWTO ¶Å·BÍ 1995 N©çA±Ì¶ð LDP ÌêƵÄÇ µÄ«Üµ½B 2000 NÉAͱÌgsbNÉÖ·éÐð«Üµ½B ¨fèµÄ¨«½¢ÌÅ·ªA±Ì HOWTO Í¢ë¢ëÈ_Å»Ì{ÆÄ¢ Ü·¯êÇàA{Ìèã°ðLη½ßÉ±Ì HOWTO Å貫ðµ½æ¤ ȱÆÍ èܹñB±Ì HOWTO ÌÇÒÍADNS Ì𪢩Éïµ¢àÌ Å é©ðɳ¦Ä¾³¢Üµ½B»êÉæÁıÌ{ÍÇ¢àÌÉÈè ܵ½µAܽêû{ð±ÆÅA±Ì HOWTO ɽªKvÈÌ©ðl¦³ ¹çêé±ÆÉàÈèܵ½B±Ì HOWTO ª»Ì{ðYÝAܽ»Ì{ª± Ì HOWTO ÌæOÅðYÞ±ÆÉÈèܵ½B±Ì`Xðɺ³Á½± ÆÉεÄAoÅÐÌ Que ɴӵܷ :-) ó: ±Ì¶Ì v1.0 ÍA¡cMF³ñÆ¡´Póñƪ|ó³êܵ ½Bìª v2.1.1 É í¹ÄXVµAÈ~ÌÇðsÁĢܷBXVÌÛ ÉÍA²Ó©ð¢½¾¢½¡´³ñE¡³ñEÔ³ñE ´³ñAZ³ð µÄ¾³Á½·Jì³ñEä³ñðͶßA JF-ML ÌF³ñɨ¢bÉ Èèܵ½B |óÉÖ·éRgÍ nakano(at)apm.seikei.ac.jp ÜŨ袵ܷB DNS ÉÖ·éú{êÅÌ¿âæƵÄÍ linux-users [OXg <http://www.linux.or.jp/community/ml/linux-users/> â fj.os.linux.networking, fj.net.ip.dns ÈǪKŵå¤B 1.3. £« ±Ì HOWTO ¶ð Anne Line Norheim Langfeldt Éù°éBÆ¢ÁÄàÞ ª±Ì¶ðÇÞ±Æͳ¢¾ë¤¯ÇB»¤¢Á½ÞÌÌq¶áÈ¢©ç È B 1.4. ÅVÅ ±Ì HOWTO ÌXVÅÍA <http://langfeldt.net/DNS-HOWTO/> Ü½Í <http://www.linuxdoc.org/> ũ©é͸ŷB±Ì¶ª 9 ©ÈãO Ìút¾Á½çA±¿çÉsÁľ³¢B 2. ͶßÉ ±Ì¶Í½Å ÁĽÅÍÈ¢©B DNS ÆÍ Domain Name System ̱ÆÅ·B DNS Í}V̼Oð IP Ô (lbg[NãÌ}VÉÍK¸±ÌÔªt¢Ä¢Ü·) ÉÏ·µÜ·B DNS ͼO©çAhXÖÌAܽAhX©ç¼OÖÌ|ó ( é¢ÍÔ ¤¿Ì¾tÅ¢¦Îu}bvv) ÈÇðs¢Ü·B±Ì HOWTO ¶Å ÍAUnix VXeðp¢Ä±Ìæ¤È}bvðè`·éû@É¢ÄLqµ Ü·BȨ Linux ÉÁLȱƪçà¢Â©ÜÜêĢܷB u}bvvÆÍAPÉñÂÌàÌðѯé±ÆÅ·B±±ÅÍ ftp.linux.org Æ¢Á½æ¤È}V̼OÆA»Ì}VÌ IP Ô (IP AhX) Å é 199.249.150.4 Ìæ¤Èlðѯé±ÆÉÈèÜ·B DNS ÉÍtü«Ì}bvàÜÜêÜ·B·Èí¿AIP Ô©ç}V̼O ÖÌÏ·Å·B±êÍutø«vÆÄÎêĢܷB SÒ ( Ƚ ;-) ÉÆÁÄ DNS ÍAlbg[NÇÌÈ©Åàí©èÉ ¢ªÌêÂÅ·BK¢ DNS ÍÀÛÉÍ»êÙÇïµÍ èܹñB± Ì HOWTO ÅÍA¢Â©Ì¿ð½ÈèÆàí©éæ¤Éµ½¢ÆvÁÄ ¢Ü·BÈPÈ DNS l[T[oðÝè·éû@àྵܷBܸLb V êpÌT[o©çͶßÄA éhCÉηévC} DNS T[ oðÝèµÄ¢«Ü·BàÁÆ¡GÈÝèðsȤêÉÍA±Ì¶Ì ``Q & A'' ÌÍðQƵľ³¢B»±Éà¢Ä¢È©Á½çAàÁÆ¿áñ Ƶ½¶£ðÇÞKvª éŵå¤Bu¿áñƵ½¶£vÉ¢ÄÍA ``æènûµ½ÇÒÉÈé½ßÉ'' ÌÍÅྵܷB DNS É¢ÄÌìÆðnßéOÉA ȽÌ}VðÝèµÄA telnet ÅÌ oüèâlbgÖÌeíÚ±ªÅ«éæ¤ÉµÄ¨¢Ä¾³¢BÁÉ telnet 127.0.0.1 ÅA»ÝÌ}V©gÉOCÅ«éæ¤ÉµÄ¾³ ¢ (¡·®eXg!)Bܽ /etc/nsswitch.conf ( é¢Í /etc/host.conf)A /etc/resolv.confA /etc/hosts ÈÇÌt@CÉε ÄA³µ¢ÝèðµÄ¨¢Ä¾³¢B±êçÌ@\É¢Äͱ̶ÅÍ à¾µÜ¹ñBÈãÌõªÅ«Ä¢È¢êÍA Networking-HOWTO â Networking-Overview-HOWTO Éྪ èÜ·©çA¿áñÆÇñÅÝèµÄ ¨¢Ä¾³¢B ±Ì¶Åu ȽÌ}VvÆ¢Ä Á½êA»êÍ DNS ð®ì³¹ æ¤ÆµÄ¢é}Vðw·àÌƵܷB¼Éàlbg[NÉÂȪÁÄ ¢é ȽÌ}VÍ éŵ夯ÇA»ê̱ÆÅÍ èܹñB ȽÌ}Vª®µÄ¢élbg[NÉÍA¼Oø«ðubN·éæ ¤ÈhÎÇ (t@CAEH[) ͶݵȢàÌƵܷBt@CAEH[ àÉ¢éêÉÍÁÊÈÝèªKvÉÈèÜ·B ``Q & A'' ÌÍð©Ä ¾³¢B UNIX VXeÅ̼Oø«ÌT[rXÍ named ÆÄÎêévOÉæÁ ÄÀ»³êÜ·B±êÍ Internet Software Consortium Ì ``BIND'' pbP [WÉÜÜêévOÅ·B named ÍAÙÆñÇÌ Linux fBXg r [VÉÜÜêĢܷB½¢Ä¢Í BIND Æ¢¤¼OÌpbP[WÉ üÁÄ¢Ä (嶬¶ÍeiÌCªæŵ太)A /usr/sbin/named ƵÄCXg[³êÜ·B ൠnamed ª·ÅÉ êÎA»êðg¦Î¢¢Åµå¤B൳¢êÉÍ Linux Ì ftp TCg©çoCiðüè·é©AÅVÌ (»µÄÅÌ) \ [Xð <ftp://ftp.isc.org/isc/bind9/> ©çüèµÜµå¤B±Ì HOWTO ÅÍ BIND Ì version 9 ðÎÛɵĢܷB BIND 4 â 8 ðÎÛɵ½Ã ¢o[WÌ HOWTO Í <http://www.math.uio.no/~janl/DNS/> É èÜ· ÌÅA BIND 4 ðgÁÄ¢élͱ¿çðQƵľ³¢ (¢ÅÉ±Ì HOWTO àêɨ¢Ä èÜ·)B named Ì man y[W (ÅãÌûÉ é FILES ZNV) É named.conf ÉÖ·éLqª êÎA ȽÌgÁÄ¢ éÌÍ BIND 8 Ü½Í 9 Å·BtÉ named.boot ÉÖ·éLqª êÎ BIND 4 Å·BZL eBÉCðgíȯêÎÈçÈ¢lÅA 4 ðgÁÄ¢éê ÍAÅVÌ BIND 8 â 9 ÉAbvO[h·é׫ŵå¤B¡·®ÉA Å·B (ó) ÅãÍ¿åÁÆө̪©êéƱë©àmêܹñBá¦Î\[X xÅÌZL eB`FbNðsÁÄ¢é±ÆÅmçêé OpenBSD Å ÍAܾËRÆµÄ BIND 4 ª»ðÌ named ¾Á½èµÜ·B DNS Ílbg[NSÌÉLªéf[^x[XÅ·Bf[^Ìo^ÍTdÉs Ȣܵå¤BÏÈàeðo^·éÆA Ƚà¼ÌlBàÀfµÜ·B^Ê ÚÉ¿áñÆ^p·êÎA DNS Ͷbðà½çµÄêé͸ŷB DNS Ì g¢ûAÇÌdûAfobOÌâ詽ðwÑAÇ¢ÇÒÉÈÁľ³ ¢BÝè~XÅlbgðƵ½è·é±ÆªÈ¢æ¤ÉµÜµå¤ËB Ó: ªÏX·éæ¤Éw¦µ½t@Cª·ÅɶݵĢ½çA±êç ÌobNAbvðæÁĨ«Üµå¤BìÆÌʪ¤Ü¢©È©Á½ê ÉA³Ì®¢Ä¢éóÔÉß·±ÆªÅ«éæ¤É·é½ßÅ·B 2.1. ¼Ìl[T[oÌÀ ±ÌßÍ Joost van Baal ª«Üµ½B ȽÌ}Vð DNS T[oÉ·épbP[WͽíÞ©¶ÝµÄ¢Ü·B ܸ BIND pbP[W ( <http://www.isc.org/products/BIND/>)A±Ì HOWTO ªÎÛƵĢéÀÅ·BàÁÆàLgíêÄ¢él[T[o ÅA 1980 Nã©çoêAyµÄ«Üµ½B»ÝC^[lbgÅl[T [rXðñµÄ¢é}VÌ媪 BIND ðgÁĢܷB BIND Í BSD CZXÅzz³êĢܷBàÁÆàLgíêÄ¢épbP[WÅ·© çA BIND ÉÖ·é¶âm¯à½³ñ¶ÝµÜ·Bµ©µABIND ÉÍZ L eBãÌâ誶¶½±Æà èܵ½B »ê©ç djbdns ( <http://djbdns.org/>) Æ¢¤Ìà èÜ·BärIVµ ¢ DNS pbP[WÅADaniel J. Bernstein (qmail ÌìÒÅà èÜ·) ª «Üµ½B djbdns ÍñíÉW [»³êĢܷB¢Âà̬³È vOªAl[T[o̵¤×«dÌ»ê¼ê̪ðµ¤ÌÅ·B djbdns ÍZL eBðOªÉ¨¢ÄÝv³êĢܷB][t@CÌ tH[}bgÍæèPÅAܽåïÌêÍÝèàÈPÅ·Bµ©µ Üè L¼ÅÍÈ¢½ßÉA ȽÌßÌOÉæé¯ÍA±ÌvOÉÖ µÄ;çêÈ¢©àµêܹñBcOȪçA±Ì\tgEFAÍI[v \[XÅÍ èܹñBìÒÉæéé`Í <http://cr.yp.to/djbdns/ad.html> É èÜ·B DJB Ì\tgEFAªAâ¼Ì\tgEFAÉä×A{ÉiൽàÌÅ é̩Ǥ©ÍAÈc_ÌÎÛÉÈÁĢܷB BIND vs djbdns ÉÖ ·é¢_ ( é¢Ít[EH[?) ÍA <http://www.isc.org/ml- archives/bind-users/2000/08/msg01075.html> É èÜ·B 3. ¼OðÆLbV ðs¤l[T[o DNS ÝèÌÅÌêàB_CAAbvEP[ufEADSL ÈÇÌ[ UÉÍÆÄàÖÅ·B Red Hat âARed Hat ÉÖAµ½fBXgr [VÅÍA bind pbP [WEbind-utils pbP[WE caching-nameserver pbP[WðCXg [·é¾¯ÅA±Ì HOWTO ÌÅÌZNVÌÊƯ¶à̪¾çê Ü·B Debian ðgÁÄ¢éÈç bind Æ bind-doc ðCXg[·é¾¯ Å· ( é¢ÍOÒÉεÄÍ bind9B±Ì¶Ì·MÅÍADebian ÌÀ èÅ (potato) Í BIND 9 ðT|[gµÄ¢Ü¹ñ)Bà¿ëñ±êçÌpb P[WðCXg[·é¾¯ÅÍA±Ì HOWTO ðÇÞ±ÆÉæÁľçê ém¯ÍèÉüèܹñBÅ·ÌÅAܸpbP[WðCXg[µA»± ÅCXg[³ê½t@Cð²×ȪçAÇÝiñÅ¢ÌªÇ¢Åµå ¤B LbV êpÌl[T[oÆÍA¼Oø«ÌÊðL¯µÄ¨«AñÌ â¢í¹ÌÉ»ÌL¯ðgÁĦéàÌÅ·Bñ©çÌâ¢í¹É ηéÍ (ÁÉx¢ñüðgÁÄ¢éêÉÍ) ÆÄà¬ÈèÜ·B ܸÅÉ /etc/named.conf Æ¢¤t@CªKvÅ· (Debian ÅÍ /etc/bind/named.conf)B named ÍN®·éÆܸ±Ìt@CðÇÝÝÜ ·B»ÝÌƱëÍAÌæ¤ÈÈPÈàÌÅæ¢Åµå¤B ______________________________________________________________________ // Config file for caching only name server // // The version of the HOWTO you read may contain leading spaces // (spaces in front of the characters on these lines ) in this and // other files. You must remove them for things to work. // // Note that the filenames and directory names may differ, the // ultimate contents of should be quite similar though. options { directory "/var/named"; // Uncommenting this might help if you have to go through a // firewall and things are not working out. But you probably // need to talk to your firewall admin. // query-source port 53; }; controls { inet 127.0.0.1 allow { localhost; } keys { rndc_key; }; }; key "rndc_key" { algorithm hmac-md5; secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K"; }; zone "." { type hint; file "root.hints"; }; zone "0.0.127.in-addr.arpa" { type master; file "pz/127.0.0"; }; ______________________________________________________________________ Linux fBXgr [VÌpbP[WÅÍA±±ÅÐî·é»ê¼êÌ t@CÉAÊ̼Oð¯Ģé©àµêܹñBÅààeͯ¶Í¸Å ·B directory ÌsÍA named ªQÆ·ét@CÌu«êðwè·éàÌÅ ·B±êÈ~Ì·×ÄÌt@C¼Í±±©çÌÎpXÆÈèÜ·B·Èí ¿fBNg pz Í /var/named 鼃 èAtpXÅ\L·êÎ /var/named/pz Æ¢¤±ÆÉÈèÜ·B /var/named Í Linux Filesystem Standard ɵ½³µ¢fBNg¼Å·B /var/named/root.hints Æ¢¤t@C̼Oͱ±Åt¯çêĢܷB± Ìt@CÌgÍÌæ¤ÉÈèÜ·B ______________________________________________________________________ ; ; There might be opening comments here if you already have this file. ; If not don't worry. ; ; About any leading spaces in front of the lines here: remove them! ; Lines should start in a ;, . or character, not blanks. ; ; ·ÅɱÌt@Cª Á½êÍA±±ÉJnRgª é©à ; µêܹñBÈÄàâèÍ èܹñB ; ; sªÉó¶ª Á½êÍAíµÄ¾³¢! esÍ ;A. ; ܽͶÅnÜèÜ·BóÅnÜé±ÆÍ èܹñB ; . 6D IN NS A.ROOT-SERVERS.NET. . 6D IN NS B.ROOT-SERVERS.NET. . 6D IN NS C.ROOT-SERVERS.NET. . 6D IN NS D.ROOT-SERVERS.NET. . 6D IN NS E.ROOT-SERVERS.NET. . 6D IN NS F.ROOT-SERVERS.NET. . 6D IN NS G.ROOT-SERVERS.NET. . 6D IN NS H.ROOT-SERVERS.NET. . 6D IN NS I.ROOT-SERVERS.NET. . 6D IN NS J.ROOT-SERVERS.NET. . 6D IN NS K.ROOT-SERVERS.NET. . 6D IN NS L.ROOT-SERVERS.NET. . 6D IN NS M.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4 B.ROOT-SERVERS.NET. 6D IN A 128.9.0.107 C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12 D.ROOT-SERVERS.NET. 6D IN A 128.8.10.90 E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10 F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241 G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4 H.ROOT-SERVERS.NET. 6D IN A 128.63.2.53 I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17 J.ROOT-SERVERS.NET. 6D IN A 198.41.0.10 K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129 L.ROOT-SERVERS.NET. 6D IN A 198.32.64.12 M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33 ______________________________________________________________________ ±Ìt@CÉÍ¢EÌ[gl[T[oðLqµÜ·B±êÍÔÆÆ àÉÏ»µÄ¢ÌÅAÆ«Ç«XV·éKvª èÜ·BXVÌû@Í ``eiX'' ÌÍð©Ä¾³¢B named.conf ÌöÌûÉÍ zone ZNVª èÜ·B±Ìp@É¢ ÄÍãÌÍÅq×éÂàèÅ·ÌÅA¡ÌƱëÍȺÌæ¤ÈàeÌt@C ð pz TufBNgÉ 127.0.0 Æ¢¤¼OÅìÁĨ¢Ä¾³¢B (±±ÅàJbgAhy[Xg·éÆ«ÉÍæªÌXy[Xðæèæ¤ ÉµÄ¾³¢) ______________________________________________________________________ $TTL 3D @ IN SOA ns.linux.bogus. hostmaster.linux.bogus. ( 1 ; Serial 8H ; Refresh 2H ; Retry 4W ; Expire 1D) ; Minimum TTL NS ns.linux.bogus. 1 PTR localhost. ______________________________________________________________________ key â control Æ¢Á½¼OªÂ¢½ZNVÍA±ÌñÂÅàÁÄA± Ì named ª[g©ç§äÅ«é±ÆðwèµÄ¢Ü· (rndc Æ¢¤v Oªp¢çêÜ·)B±±ÅÍ[JzXg©çÌÚ±ÅȯêÎÈç ¸AGR[h³ê½é§®ÅÌFتKvÉÈèÜ·B±Ì®ÍpX[h Ìæ¤ÈàÌÅ·B rndc ª@\·éÉÍA±Ì®É}b`·é /etc/rndc.conf ªKvÉÈèÜ·B ______________________________________________________________________ key rndc_key { algorithm "hmac-md5"; secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K"; }; options { default-server localhost; default-key rndc_key; }; ______________________________________________________________________ ©Äí©éæ¤ÉAsecret ÌwèͯêÅ·B rndc ð¼Ì}V©çg¤ êÍA»êçÌvÍ 5 ªÈàÉïÁĢȯêÎÈèܹñB±ÌÚI ÉÍ ntp (xntpd â ntpdate) \tgEFAðp¢é±Æ𨷷ߵܷB ÉAȺÌæ¤ÈàeÌ /etc/resolv.confªKvÅ·B (¯¶óðæ è±Æ!) ______________________________________________________________________ search subdomain.your-domain.edu your-domain.edu nameserver 127.0.0.1 ______________________________________________________________________ `search' ÅnÜÁÄ¢ésÍAâ¢í¹³ê½zXgðT·hCÌw èÅ·B`nameserver' ÅnÜésÍAl[T[oÌAhXwèÅ·B¡ Í©ªÌ}VÅl[T[o𮩷ÌÅA[JzXgðwèµÜ·B (: named ͱÌt@CðQƵܹñBQÆ·éÌÍ]oÅ·B 2: resolv.conf t@CiÉÍ "domain" Æ©ê½sª é©àµêܹ ñB ÁÄàâè èܹñªA "search" Æ "domain" ̼ûð¯ÉÍp ¢È¢æ¤ÉµÄ¾³¢Bǿ穵©øÍð¿Ü¹ñB) ±Ìt@CÌÓ¡ðྵܵå¤BNCAgª foo ̼Oø«ðs ¤ÆAܸÅÉ foo.subdomain.your-domain.edu ð²×AÉ foo.your- domain.edu ðµAÅãÉ foo ð²×Ü·Bsearch sÉ Üè½Ìh CðÆA·×Äð²×éÌÉÔª©©éæ¤ÉÈéÌÅAÙÇÙÇÉ µÄ¨ÌªÇ¢Åµå¤B ±ÌáÅÍ È½Ì}Vª subdomain.your-domain.edu É éÆµÄ¢Ü ·ÌÅA ȽÌ}V̼Oͨ»ç your-machine.subdomain.your- domain.edu ÆÈÁÄ¢éŵå¤BȨ search sÉÍ È½Ì TLD (Top Level Domain, ±ÌêÍ `edu') ðÜßé׫ÅÍ èܹñBpÉÉÚ± ·éæ¤ÈÁèÌhCª êÎAȺÌæ¤É search sÉ»ÌhC ðÁ¦Äࢢŵå¤B (æªÉXy[Xª Á½çæèéÌðYêÈ¢ æ¤ÉB) ______________________________________________________________________ search subdomain.your-domain.edu your-domain.edu other-domain.com ______________________________________________________________________ à¿ëñÀÛÉÍ{ÌhC¼ðKvª èÜ·BhC¼ÌÅã ÉÍsIhð©È¢±ÆÉӵľ³¢B±êÍdvÈ|CgÅ ·BhC¼ÌÅãÉÍsIhð©È¢±ÆÉӵľ³¢B 3.1. named ðN®·é ±êçÌõª·ñ¾ç named ð§¿ã°Üµå¤B_CAAbvÚ±ð µÄ¢élÍAܸæÉÚ±µÄ¾³¢BÅÍ named ðN®µÜ·Bu[ gXNvg©çN®·éêÍ /etc/init.d/named startA named ð¼Ú N®·éêÍ /usr/sbin/named ƵܷBÈOÌÅÌ BIND Žæ¤È ±ÆðsÁ½Æ«ÍA¨»ç ndc ðgÁ½±ÆÆv¢Ü·B BIND 9 Å ÍA±êÍ rndc ÉÏíèܵ½B rndc Í named ð[g©ç§äÅ« Ü·ªA named ðN®·é±ÆÍūܹñB named 𮩵ĢéÅÉ syslog ÌbZ[Wt@C (ÊÍ /var/adm/messages Å·ªA Debian ÅÍ /var/log/daemin Å·µAfBNgª /var/log ¾Á½èAt@C ¼ªÊ¾Á½è·é©àµêܹñ) ð©éÆ (tail -f /var/adm/messages Ƶܷ)AȺÌæ¤Èoͪ\¦³êé͸ŷ: (sª \ ÌsÍÌsɱ«Ü·) Dec 23 02:21:12 lookfar named[11031]: starting BIND 9.1.3 Dec 23 02:21:12 lookfar named[11031]: using 1 CPU Dec 23 02:21:12 lookfar named[11034]: loading configuration from \ '/etc/named.conf' Dec 23 02:21:12 lookfar named[11034]: the default for the \ 'auth-nxdomain' option is now 'no' Dec 23 02:21:12 lookfar named[11034]: no IPv6 interfaces found Dec 23 02:21:12 lookfar named[11034]: listening on IPv4 interface lo, \ 127.0.0.1#53 Dec 23 02:21:12 lookfar named[11034]: listening on IPv4 interface eth0, \ 10.0.0.129#53 Dec 23 02:21:12 lookfar named[11034]: command channel listening on \ 127.0.0.1#953 Dec 23 02:21:13 lookfar named[11034]: running G[bZ[Wª Á½êÍA½©Ôá¦Ä¢éÌŵå¤B named Í ÇñÅ¢é»Ìt@Cð¼wµµÄêé͸ŷBßÁÄt@Cð `FbNµÄ¾³¢BC³ªIíÁ½çÄx named ðN®µÄ¾³¢B ³ÄA±±ÜÅsÁÄ«½ÝèðµÄÝܵå¤B±êÜÅÍ nslookup ª eXg̽ßÌvOŵ½BÅßÅÍ dig ª§³êĢܷB $ dig -x 127.0.0.1 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26669 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;1.0.0.127.in-addr.arpa. IN PTR ;; ANSWER SECTION: 1.0.0.127.in-addr.arpa. 259200 IN PTR localhost. ;; AUTHORITY SECTION: 0.0.127.in-addr.arpa. 259200 IN NS ns.linux.bogus. ;; Query time: 3 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Dec 23 02:26:17 2001 ;; MSG SIZE rcvd: 91 Æ\¦³êêÎA¤Ü®¢Ä¢é͸ŷB±¤ÈéÆ¢¢Å·ËBñíÉ ÙÈÁ½\¦ªo½çAâè¼µASÄ`FbNÅ·B named.conf ðÏX µ½çA»Ì½ÑÉ rndc reload R}hðÀs·éKvª èÜ·B ÅÍâ¢í¹ðµÄÝܵå¤B ȽÌßÉ é}V̼Oðø¢Ä Ýܵå¤BÌß (Oslo åw) ÉÍ pat.uio.noÆ¢¤}Vª èÜ ·B $ dig pat.uio.no ; <<>> DiG 9.1.3 <<>> pat.uio.no ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15574 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0 ;; QUESTION SECTION: ;pat.uio.no. IN A ;; ANSWER SECTION: pat.uio.no. 86400 IN A 129.240.130.16 ;; AUTHORITY SECTION: uio.no. 86400 IN NS nissen.uio.no. uio.no. 86400 IN NS nn.uninett.no. uio.no. 86400 IN NS ifi.uio.no. ;; Query time: 651 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Dec 23 02:28:35 2001 ;; MSG SIZE rcvd: 108 ¡xÍAdig Í È½Ì}VÅ®¢Ä¢é named É pat.uio.no ðT·æ ¤ËµÜ·B·éÆ named Í root.hints t@CÉ©êÄ¢él[ T[oÌêÂÉÚ±µÄAâ¢í¹ðµÜ·B /etc/resolv.conf É©ê Ä¢éhC·×ÄÉ¢IJ×éKvª é©àµêÈ¢ÌÅAʪ¾ çêéÜÅÉXÔª©©é±Æª èÜ·B ±±Åà¤êx¯¶â¢í¹ðs¤ÆAÌæ¤ÈÊÉÈéŵå¤B $ dig pat.uio.no ; <<>> DiG 8.2 <<>> pat.uio.no ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 ;; QUERY SECTION: ;; pat.uio.no, type = A, class = IN ;; ANSWER SECTION: pat.uio.no. 23h59m58s IN A 129.240.130.16 ;; AUTHORITY SECTION: UIO.NO. 23h59m58s IN NS nissen.UIO.NO. UIO.NO. 23h59m58s IN NS ifi.UIO.NO. UIO.NO. 23h59m58s IN NS nn.uninett.NO. ;; ADDITIONAL SECTION: nissen.UIO.NO. 23h59m58s IN A 129.240.2.3 ifi.UIO.NO. 1d23h59m58s IN A 129.240.64.2 nn.uninett.NO. 1d23h59m58s IN A 158.38.0.181 ;; Total query time: 4 msec ;; FROM: lookfar to SERVER: default -- 127.0.0.1 ;; WHEN: Sat Dec 16 00:23:09 2000 ;; MSG SIZE sent: 28 rcvd: 162 ±ñÇ͸ÁƬ©Á½±ÆªÍÁ«èí©éŵå¤BOÍ 0.5 bÈã© ©ÁĢܵ½ªA¡ñÍ 4ms Å·Ýܵ½BT[o©çÌñªLb V ³ê½ÌÅ·BLbV ³ê½ñÍAÃÈÁÄ»óÆÙÈÁÄµÜ ¤Â\«à èÜ·ªALbV ³ê½ñ𳵢ƩȹéúÔÍAñ ðÔµ½T[o̤ŧäÅ«éÌÅA¾çê½ñª³µ¢àÌÅ é \«Í¢Åµå¤B 3.2. ]o WIÈ C API ðÀµÄ¢é·×ÄÌ OS ÉÍA gethostbyname Æ gethostbyaddr Æ¢¤VXeR[ª¶ÝµÜ·B±êçͽíÞ©ÌÙÈ éîñ¹©çîñðæ¾Å«Ü·BÇÌîñ¹©çæ¾·é©ÍALinux Èç /etc/nsswitch.conf Æ¢¤t@CÅÝèÅ«Ü· (±êðp¢Ä¢é Unix ͼÉà èÜ·)B±êÍ·¢t@CÅAÇÌt@C©çA é¢ÍÇ Ìf[^x[X©çA¢ë¢ëÈíÞÌf[^ðæ¾·é©ðwèµÜ·BÊ íÍæªÉRg`®ÌðઠèÜ·ÌÅAÇñŨ«Üµå¤BÇÝI íÁ½ç `hosts:' ÅͶÜésðTµÄ¾³¢BȺÌæ¤ÉÈÁÄ¢é ͸ŷB ______________________________________________________________________ hosts: files dns ______________________________________________________________________ (æªÌXy[X̱ÆÍo¦Ä¢Ü·ËH±êÈãÍाyµÜ¹ñB) `hosts:' ÅͶÜésª³¯êÎAãLÌæ¤Èàeð¢Ä¨¢Ä¾³ ¢B±êÍAvOÍܸ /etc/hosts t@Cð©És«AÉ DNS ð resolv.conf ɵ½ªÁÄ`FbN¹æAƾÁĢܷB 3.3. ¨ßÅƤ ³ÄA¡â ȽÍLbV ®ìð·é named ÌÝèû@ðmÁ½í¯Å ·Br[Åà~NÅàA¨D«ÈàÌÅ£tµÜµå¤B 4. tH[h (forwarding) wp@Öâ ISP (Internet Service Provider) ÈÇÌAãèÉgD»³ê½ å«Èlbg[NÅÍAlbg[NÌvBÍ DNS T[oÉutH[ _ (forwarder)vÆÄÎêéKwðݯĢé±Æª é©àµêܹñB± ¤·éÆAàÌlbg[N×âAOÉ éT[oÌ×ðº°éøÊ ª éÌÅ·B©ªª»Ìæ¤Èlbg[NÌêÉ¢é̩Ǥ©ðmé ÌÍ»êÙÇÈPÅÍ èܹñBµ©µ¢¸êɹæAÚ±µÄ¢évo C_Ì DNS T[oðutH[_vƵÄp·êÎAâ¢í¹Ì½ð ¬Å«Albg[NÖÌ×ðº°é±ÆªÅ«Ü·B±êðp¢éÆA ȽÌl[T[oÍAâ¢í¹ð ISP Ìl[T[oÉs¢Ü·Bâ ¢í¹ªN±é½ÑA ISP Ìl[T[oÌåÈLbV ©çf[^ ð·¢æé±ÆÉÈèÜ·BæÁÄâ¢í¹Ì¬xÍãªèA ȽÌl [T[oÍ©ªÅSÌdð±È³ÈÄàÇÈèÜ·BfðgÁ Ä¢éêÍA±ÌøÊÍ©Èè嫢ŷB±±ÅáƵÄA¨g¢Ìlb g[NvoC_ÉÍpª§³êÄ¢él[T[oªñ éÆµÜ ·B»ê¼êÌ IP Ôð 10.0.0.1 Æ 10.1.0.1 Ƶܵå¤B±Ìæ¤È êÉÍA¨è³Ì named.conf t@CÌÅÌZNVA ``options'' Æ¢¤¼OªÂ¢Ä¢éªÉȺÌsð}üµÄº³¢B ______________________________________________________________________ forward first; forwarders { 10.0.0.1; 10.1.0.1; }; ______________________________________________________________________ _CAAbv}Vü¯Éà forwarders ðgÁ½¿åÁÆðµ¢gbN ª èÜ·B ``Q & A'' ÌÍÉ¢Ä èÜ·B l[T[oðÄN®µÄAdig ÅeXgµÄ¾³¢B¤Ü¢ÁÄ¢éÆ v¢Ü·B 5. PÈ hC Ƚ©gÌhCÌÝèû@ 5.1. ÅàܸÅÉÞüÈ_ ܸÅÉ: ±±ÜÅÌàeÍ¿áñÆÇÝܵ½©HÇñÅȯêÎÇÞæ ¤ÉB ±ÌZNVðÀÛÉnßéOÉADNS Ì®ìÉÖ·é_ðXÆAÀÛ Ì®ìáðÐîµÄ¨«Ü·B«ÁÆðɧ¿Ü·©çAºÐÇÝܵå¤B ÇݽÈÄàAÈÆଵÇÝç¢ÍµÄ¨¢Ä¾³¢B named.conf t@CÌÝèÉÖ·éªÜÅ«½ç¬µÇÝÍXgbvÅ ·B DNS ÍKwIÈc[\¢ÌVXeÅ·B»Ì¸_Í `.' ÆLq³êA (c[^f[^\¢Å̵áÉ]¢) u[g (root)vƹ³êÜ·B `.' ̺Éͽ³ñÌ Top Level Domain (TLD) ª èÜ·B ORG, COM, EDU, NET ÈǪL¼Å·ªA¼Éཱིñ èÜ·BÀÛÌØƯ¶æ¤ ÉA±Ìc[\¢Íªð¿A}ª©êµÜ·BvZ@ÈwÌm¯ª él ÉÍA DNS Íõc[É©¦éŵå¤Bܽ»±ÉÍß_ (node)A[_ (leaf node)A} (edge) ª é±Æà©Äæêéŵå¤B }VÌõðs¤Æ«Aâ¢í¹Í[g©çnÜéKwÉεÄÄAI ÉsíêÜ·B¢ÜzXg prep.ai.mit.edu. ÌAhXð©Â¯½¢ÆµÜ µå¤B·éÆl[T[oÍDZ©Éâ¢í¹ðs¤Kvª èÜ·BÜ ¸LbV ÉÈ¢©Ç¤©TµÜ·BàµÈOÌâí¹ªLbV É cÁÄ¢ÄAðmÁÄ¢½êÉÍA¼OÌßÅ©½æ¤ÉA½¾¿Éð ԵܷBLbV ɪȩÁ½êÍAâ¢í¹Ì Á½¼OÉÇÌ ç¢ß¢¦ªÔ¹é©ð²×ALbV ³êÄ¢éîñðū龯g ¨¤ÆµÜ·BÅ«ÌêÍ `.' ([g) ¾¯ª}b`·é±ÆÉÈèA æÁÄ[gT[oÉqËéKvª èÜ·Bl[T[oͼO̶¤Ì ªðÁµÄ¢«A©ªª ai.mit.edu., mit.edu., edu. É¢ÄmÁÄ¢é ©`FbNµÄ¢«Ü·B±êçðmç颮 . Ésí¯Å·ªA±Ì Í hints t@CÉ¢Ä éÌÅA©Â©èÜ·B±±Å ȽÌl[ T[oÍ . ÌT[oÉ prep.ai.mit.edu ÉÖ·éâ¢í¹ðs¢Ü·B± Ì . T[oͼÚÌÍmçȢŵ太A ȽÌT[oÉQÆæðñ ¦µAÉDZɷ¯Î¢¢©ð³¦ÄêÜ·B±ÌQÆæñ¦Í¯¶æ¤ ÉXÉsíêA ȽÌl[T[oÍðmÁÄ¢él[T[oÉÜÅ ±©êÜ·B±êð¢Ü©ç¨©¹µÜµå¤B +norec Å dig ÉÄAIÈ âí¹ðµÈ¢æ¤É½¶AÄAðäX©gÅs¤±ÆɵܷB»Ì¼Ì IvVÍAdig ɶ¬·éîñð¸ç·æ¤É½¶éàÌÅAðßñ µÜ·B $ dig +norec +noques +nostats +nocmd prep.ai.mit.edu. ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 980 ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0 ;; AUTHORITY SECTION: . 518400 IN NS J.ROOT-SERVERS.NET. . 518400 IN NS K.ROOT-SERVERS.NET. . 518400 IN NS L.ROOT-SERVERS.NET. . 518400 IN NS M.ROOT-SERVERS.NET. . 518400 IN NS A.ROOT-SERVERS.NET. . 518400 IN NS B.ROOT-SERVERS.NET. . 518400 IN NS C.ROOT-SERVERS.NET. . 518400 IN NS D.ROOT-SERVERS.NET. . 518400 IN NS E.ROOT-SERVERS.NET. . 518400 IN NS F.ROOT-SERVERS.NET. . 518400 IN NS G.ROOT-SERVERS.NET. . 518400 IN NS H.ROOT-SERVERS.NET. . 518400 IN NS I.ROOT-SERVERS.NET. ±êÍQÆæÌñ¦Å·B±±ÉÍ "Authority section" µ©ÈA"Answer section" ª èܹñB½¿Ì§Ä½l[T[oÍA½¿ð±Ìl[ T[oÌÇê©Éwµü¯Ü·BÇê©ÐÆÂð_ÉIñÅÝÜµå ¤B $ dig +norec +noques +nostats +nocmd prep.ai.mit.edu. @D.ROOT-SERVERS.NET. ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58260 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 3 ;; AUTHORITY SECTION: mit.edu. 172800 IN NS BITSY.mit.edu. mit.edu. 172800 IN NS STRAWB.mit.edu. mit.edu. 172800 IN NS W20NS.mit.edu. ;; ADDITIONAL SECTION: BITSY.mit.edu. 172800 IN A 18.72.0.3 STRAWB.mit.edu. 172800 IN A 18.71.0.151 W20NS.mit.edu. 172800 IN A 18.70.0.160 MIT.EDU ÌT[oQª¢ÁØñÉñ¦³êܵ½BÅÍܽÇê©ð_ ÉIÑܵå¤B $ dig +norec +noques +nostats +nocmd prep.ai.mit.edu. @BITSY.mit.edu. ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29227 ;; flags: qr ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4 ;; ANSWER SECTION: prep.ai.mit.edu. 10562 IN A 198.186.203.77 ;; AUTHORITY SECTION: ai.mit.edu. 21600 IN NS FEDEX.ai.mit.edu. ai.mit.edu. 21600 IN NS LIFE.ai.mit.edu. ai.mit.edu. 21600 IN NS ALPHA-BITS.ai.mit.edu. ai.mit.edu. 21600 IN NS BEET-CHEX.ai.mit.edu. ;; ADDITIONAL SECTION: FEDEX.ai.mit.edu. 21600 IN A 192.148.252.43 LIFE.ai.mit.edu. 21600 IN A 128.52.32.80 ALPHA-BITS.ai.mit.edu. 21600 IN A 128.52.32.5 BEET-CHEX.ai.mit.edu. 21600 IN A 128.52.32.22 ¡xÍ "ANSWER SECTION" ª èܵ½B»µÄ½¿Ìm轩Á½à© ©èܵ½B "AUTHORITY SECTION" ÉÍAñ ai.mit.edu ÉqËéÛÉ ÍÇÌT[oɷ׫©AÆ¢¤îñªÜÜêĢܷBµ½ªÁÄÉ ai.mit.edu ̼OÉ¢Äm轢ƫÉÍA±êçɼڷ¯ÎÇ¢í¯ Å·B named Í¯É mit.edu ÉÖ·éîñàWßéÌÅAÉá¦Î www.mit.edu ªâ¢í³ê½Æ«ÉÍA¦É¸ÁÆߢƱëÉ¢é±Æ ÉÈèÜ·B Æ¢¤í¯ÅA. ©çX^[gµAQÆæñ¦ðHé±ÆÅAhC¼Ìe xɨ¯él[T[oðXɩ¯é±ÆªÅ«Üµ½B©OÌ DNS T[oª êÎA±êç̼Ìl[T[oðgíÈÄàA È½Ì named ÍA±Ìæ¤É@ÁÄ¢iKũ¯½îñð·×ÄLbV µAµÎç ÍÄÑqËÈÄàÇ¢æ¤ÉµÄêÜ·B c[ÆÌAiW[Å¢¤ÆA¼OÌe ``.'' Í}ª©êÌ|CgÉÎ µÜ·B»µÄ ``.'' ɲÜ꽪Íc[ÅÌ»ê¼êÌ}̼O ÉÈèÜ·B~µ¢¼O (prep.ai.it.edu) ̼Oð¾éÉÍA±Ìc[ð ¸ÁÄ¢±ÆÉÈèÜ·B root (.) âAroot ©ç prep.ai.mit.edu É érÌ çäéT[oÉîñðâ¢í¹A»êçðLbV µÜ·B LbV ̧ÀÉB·éÆA±ÌÄAIÈ]oÍ»ÌT[oÖÌâí ¹ðâßA»±ÅQÆñ¦³ê½A¼OÌ[ÌÙ¤É éÌT[oÖÆiñ Å¢«Ü·B ¢ÜÜÅÙÆñÇGêܹñŵ½ªA¯¶ç¢ñíÉdvÈhCƵ Ä in-addr.arpa ª èÜ·B±êÍuÊÌvhCÌæ¤ÉlXgൠܷB in-addr.arpa ̨©°ÅAAhXªí©ÁÄ¢éêÉzXg¼ð ¾é±ÆªÅ«éæ¤ÉÈèÜ·B±±ÅdvÈÌÍA IP ÔÍ in- addr.arpa hCÅÍtÉLq³êé±ÆÅ·B é}VÌAhX 192.186.203.77 ªí©ÁÄ¢½êA named Í æöÌ prep.ai.mit.edu Ì áƯ¶æ¤É 77.203.168.198.in-addr.arpa ðT»¤ÆµÜ·B¢ÜᦠÎA `.' ÈOS}b`µÈ¢æ¤ÈALbV ÉÈ¢GgðT·Æ µÜµå¤B root T[oÉKËA m.root-servers.net Í¼Ì root T[o ÖÌQÆðԵܷB b.root-servers.net Í¼Ú bitsy.mit.edu/ ÖÌQÆ ðÔµÄêéÌÅA»±©çîñðæ¾·é±ÆÉÈèÜ·B 5.2. ©ªÌhCðìé ³ÄA½¿ÌhCðè`µÜµå¤BhC linux.bogus ðìèA »±É½¿Ì}Vðè`µÜµå¤B±±ÅÍ®SÉËóÌhC¼ð gÁÄAÔáÁÄàOÌlÉÀfª©©çÈ¢æ¤ÉµÜµå¤B nßéOÉà¤ê_BzXg¼Ég¦é¶ÉͧÀª èÜ·BpêÌA t@xbg a-zA 0-9A¨æÑ '-' (_bV ) ¶¾¯ªg¦Ü·Bç éæ¤ÉµÄ¾³¢ (±ÌK¥ðjÁÄà BIND 9 ÅÍåävÅ·ªABIND 8 Í_Å·)B嶬¶Í DNS ÅÍæʳêܹñBµ½ªÁÄ pat.uio.no Æ Pat.UiO.No ÆÍÜÁ½¯¶æ¤Éðß³êÜ·B ÀͱÌÍÅÅÉs¤×«ªÍ·ÅÉLqÏÝÅ·B named.conf ÉÍÈ ºÌæ¤Èsª èÜ·æËB ______________________________________________________________________ zone "0.0.127.in-addr.arpa" { type master; file "pz/127.0.0"; }; ______________________________________________________________________ ±Ìt@CÅÍhC¼ÌÅãÉ `.' ðt¯Ä¢È¢_Éӵľ ³¢BãLÌàe©çA±ê©ç½¿Í][ 0.0.127.in-addr.arpa ðè `·é±ÆA»µÄ±Ì named ª»Ì][Ì}X^[T[oÉÈé±ÆA ܽ»Ìàeªt@C pz/127.0.0 ÉÛ¶³êé±ÆÈǪí©èÜ·B± Ìt@CÍ·ÅÉÝèÏÝÅAȺÌæ¤ÈàeÌ͸ŷB ______________________________________________________________________ $TTL 3D @ IN SOA ns.linux.bogus. hostmaster.linux.bogus. ( 1 ; Serial 8H ; Refresh 2H ; Retry 4W ; Expire 1D) ; Minimum TTL NS ns.linux.bogus. 1 PTR localhost. ______________________________________________________________________ æöÌ named.conf ÌêÆÍÎÆIÉA±¿çÌt@CÅÍ·×ÄÌh C¼ÌÅãÉ `.' ª é±ÆÉӵľ³¢B][t@CÌæª É $ORIGIN ½ßðu±ÆðDÞl½¿à¢éæ¤Å·ªA±êÍsvÅ ·B][t@CÌ origin (±Ì][ª®·é DNS ÌKw) Í named.conf Ì][ZNVÅwè³êÜ·B±ÌêÍ 0.0.127.in- addr.arpa Å·B ±Ìu][t@CvÉÍOÂÌu\[XR[h (resource record: RR)vªÜÜêĢܷB SOA RR, NS RR, PTR RR Å·B SOA Í Start Of Authority ÌȪŷB`@' ÍÁÊÈLÅA origin ðÓ¡µÜ·B±Ì t@CÌ `domain' JÍ 0.0.127.in-addr.arpa Å·©çAÅÌsÌ ÀÛÌÓ¡ÍȺƯ¶ÉÈèÜ·B 0.0.127.in-addr.arpa. IN SOA ... NS Í Name Server RR ̪ŷB±ÌsÌæªÉÍ `@' ª èܹñB±ê ÍÃṲ̀¿É·ÅÉwè³ê½±ÆÉÈÁĢܷB¼OÌsª `@' ÅÍ ¶ÜÁÄ¢½©çÅ·B½^CvÌʪßñÅ«Ü·ËBµ½ªÁÄ NS Ì sÍȺÌæ¤ÉàLqÅ«é±ÆÉÈèÜ·B 0.0.127.in-addr.arpa. IN NS ns.linux.bogus ±ÌsÍ DNS ÉAÇÌ}Vª±ÌhC 0.0.127.in-addr.arpa Ìl[ T[oÅ é©ð³¦Ü·B ns.linux.bogus Æ¢¤í¯Å·ËB `ns' Æ ¢¤ÌÍl[T[oÉÇp¢çêé¼OÅ·ªA±êÍ web T[oÉ www.something Æ¢¤¼Oªt¯çêéÌƽæ¤ÈàÌÅ·BÀÛÉÍÇ ñȼOðp¢Äà©Ü¢Ü¹ñB ÅãÉ PTR (Domain Name Pointer) R[hªATulbg 0.0.127.in- addr.arpa ÌAhX 1 ÌzXgA·Èí¿ 127.0.0.1 ª localhost Æ¢ ¤¼OÅ é±Æð¦µÄ¢Ü·B SOA R[hÍÇñÈ][t@CÅàæªÉu©êÜ·Bܽe][ t@CÉ«êÂAæªÉ (½¾µ $TTL wèÌ ÆÉ) «Ü·B±Ì R[hÍ][Ìà¾Å·BDZ©ç¾çêéÌ© (ns.linux.bogusÆ¢¤} V)AàeÉÖ·éÓCÒÍN© (hostmaster@linux.bogus: ±±ÉÍ È ½Ìdq[AhXðüêܵå¤)A][t@CÌo[WÍ¢ © (VAÔ: 1)A»Ì¼LbV âZJ_ DNS T[oÈÇ ÉÖAµ½àeÈÇð«Ü·BcèÌtB[h (refresh, retry, expire, minimum) É¢ÄÍA±Ì HOWTO Ìlð»ÌÜÜg¦ÎÁÉâèÈ ¢Åµå¤B SOA ÌOÉÍK{ÌsA$TTL 3D Æ©ê½sª èÜ·B± êÍ·×ÄÌ][t@Cɢľ³¢B ÅÍA±±Å named ðÄN® (rndc stop; named) µÄA dig R}hÅ¡ ÜÅÌÝèÌmFðs¢Üµå¤B -x ðg¤Ætø«Ìâí¹ðs¢Ü ·B $ dig -x 127.0.0.1 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30944 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;1.0.0.127.in-addr.arpa. IN PTR ;; ANSWER SECTION: 1.0.0.127.in-addr.arpa. 259200 IN PTR localhost. ;; AUTHORITY SECTION: 0.0.127.in-addr.arpa. 259200 IN NS ns.linux.bogus. ;; Query time: 3 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Dec 23 03:02:39 2001 ;; MSG SIZE rcvd: 91 ÈñÆ© 127.0.0.1 ©ç localhost ª¾çêܵ½B¢¢´¶Å·ËBÅÍ C̨dÅ é linux.bogus hC̽ßÉA named.conf ÉVµ ¢ `zone' ZNVð«Üµå¤B ______________________________________________________________________ zone "linux.bogus" { type master; notify no; file "pz/linux.bogus"; }; ______________________________________________________________________ ±±Åà named.conf t@CÉLq·éhC¼ÌÅãÉÍ `.' ªt¢ ĢȢ±ÆÉÚB linux.bogus ][t@CÉÍAÜÁ½ËóÌf[^ðu±ÆÉµÜ µå¤B ______________________________________________________________________ ; ; Zone file for linux.bogus ; ; The full zone file ; $TTL 3D @ IN SOA ns.linux.bogus. hostmaster.linux.bogus. ( 199802151 ; serial, todays date + todays serial # 8H ; refresh, seconds 2H ; retry, seconds 4W ; expire, seconds 1D ) ; minimum, seconds ; NS ns ; Inet Address of name server MX 10 mail.linux.bogus ; Primary Mail Exchanger MX 20 mail.friend.bogus. ; Secondary Mail Exchanger ; localhost A 127.0.0.1 ns A 192.168.196.2 mail A 192.168.196.4 ______________________________________________________________________ SOA R[hÉ¢ÄÍñÂÌ_ÉÓ·éKvª èÜ·B ns.linux.bogus Í A R[hðÁ½ÀÛÌ}VÅȯêÎÈèܹñB CNAME R[hÍA SOA R[hÌT[o}V̪ÉÍLqūܹ ñB¼OÍ `ns' ÅÈÄàA³µ¢zXg¼Å êΩܢܹñBÉ hostmaster.linux.bogus Í hostmaster@linux.bogus ÆÇÝ֦ľ³ ¢B±êÍ[GCAX©[{bNXÅA±Ì DNS ðeiX µÄ¢élªpÉÉ`FbNµÄ¢éƱëÅȯêÎÈèܹñB±Ìh CÉÖ·é[ÍA±±ÅLq³ê½AhXÉé±ÆÉÈÁÄ¢Ü ·B¼OÍ `hostmaster' ÅÈ È½Ì e-mail AhXÅà©Ü¢Ü¹ ñBÅà `hostmaster' Åàà¿ëñ¿áñƮ͸ŷB ±Ìt@CÉÍVµ¢^CvÌ RR ª èÜ·B MX (Mail eXchanger) RR Å·B±êÍ[VXeÉ뵀 someone@linux.bogus ¶[Ìè æð`¦éàÌÅA mail.linux.bogus Ü½Í mail.friend.bogus ª±êÉ ÈèÜ·B}V̼OÌOÉ©ê½lÍ MX RR ÌDæxð¦µÜ·B ŬÌl (10) ðÂzXgÉεÄDæIÉ[ªçêÜ·B±Ìz ɸs·éÆA[Íæèå«ÈlðÂzXgÉz³êÜ·B·È í¿±±ÅÍDæx 20 ð mail.friend.bogus Å·B rndc reload ðÀsµÄAnamed ÉÝèt@CðÄÑÇܹܷB±±ÜÅ ÌÝèð dig ÅmFµÜµå¤B $ dig any linux.bogus ; <<>> DiG 9.1.3 <<>> any linux.bogus ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55239 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;linux.bogus. IN ANY ;; ANSWER SECTION: linux.bogus. 259200 IN SOA ns.linux.bogus. \ hostmaster.linux.bogus. 199802151 28800 7200 2419200 86400 linux.bogus. 259200 IN NS ns.linux.bogus. linux.bogus. 259200 IN MX 20 mail.friend.bogus. linux.bogus. 259200 IN MX 10 mail.linux.bogus.linux.bogus. ;; AUTHORITY SECTION: linux.bogus. 259200 IN NS ns.linux.bogus. ;; ADDITIONAL SECTION: ns.linux.bogus. 259200 IN A 192.168.196.2 ;; Query time: 4 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Dec 23 03:06:45 2001 ;; MSG SIZE rcvd: 184 æ©éÆAoOª é±Æªí©éÆv¢Ü·B linux.bogus. 259200 IN MX 10 mail.linux.bogus.linux.bogus. Æ¢¤ÌÍS¨©µ¢Å·ËB±êÍA linux.bogus. 259200 IN MX 10 mail.linux.bogus. ÅȯêÎÈèܹñB ÇÒÌwKøÊð¶ÁÄ :-)A±±ÅÍí´ÆÔá¦Üµ½B][t@C ð©éÆAȺÌsª é͸ŷB MX 10 mail.linux.bogus ; Primary Mail Exchanger ±±ÉÍsIhªÈ¢Å·ËB é¢Í]vÉ 'linux.bogus' ð¢Äµ ÜÁÄ¢éAÆྦܷB][t@CÉ©ê½zXg¼ÌÅãÉs IhªÈ¢êÉÍA origin ªÅãÉÁ¦çêÜ·BÂÜè linux.bogus.linux.bogus ÆñdÉÈÁĵܤÌÅ·BÅ·©çA ______________________________________________________________________ MX 10 mail.linux.bogus. ; Primary Mail Exchanger ______________________________________________________________________ Ü½Í ______________________________________________________________________ MX 10 mail ; Primary Mail Exchanger ______________________________________________________________________ Æ·é׫ŷBÍãÒªD«Å·B^CvʪȢŷ©çB BIND Ì êåÆÉͱ̮ɽηélà¢Ü· (^¬·élà¢Ü·)B][ t@CÅÍAhCÍ·×Ä«ºµÄ `.' ÅI¦é©AS©È¢ ©Ç¿ç©ÉµÜ·BãÒÅÍftHgÅ origin ªt®µÜ·B ÐÆÂӵĨ«½¢ÌÅ·ªAnamed.conf t@CÅÍAhC ¼ÌãÉ `.' ðt¯ÄÍ¢¯Ü¹ñB `.' ª½·¬½èÈ·¬½èµ½¨ ©°ÅAÇ꾯½Ì¨ª¾ßÉÈèAlXª¬³¹ç꽩A«ÁÆ È½ÉÍzà©Ȣŵå¤B ÅÍA±Ì_ð³¦ÄV½È][t@Cð«Üµå¤BXVµ¢î ñàÁíÁĢܷªAȺÌæ¤ÉÈèÜ·B ______________________________________________________________________ ; ; Zone file for linux.bogus ; ; The full zone file ; $TTL 3D @ IN SOA ns.linux.bogus. hostmaster.linux.bogus. ( 199802151 ; serial, todays date + todays serial # 8H ; refresh, seconds 2H ; retry, seconds 4W ; expire, seconds 1D ) ; minimum, seconds ; TXT "Linux.Bogus, your DNS consultants" NS ns ; Inet Address of name server NS ns.friend.bogus. MX 10 mail ; Primary Mail Exchanger MX 20 mail.friend.bogus. ; Secondary Mail Exchanger localhost A 127.0.0.1 gw A 192.168.196.1 TXT "The router" ns A 192.168.196.2 MX 10 mail MX 20 mail.friend.bogus. www CNAME ns donald A 192.168.196.3 MX 10 mail MX 20 mail.friend.bogus. TXT "DEK" mail A 192.168.196.4 MX 10 mail MX 20 mail.friend.bogus. ftp A 192.168.196.5 MX 10 mail MX 20 mail.friend.bogus. ______________________________________________________________________ CNAME (Canonical NAME) ÍAe}Vð¡Ì¼OÅÄÔû@Å·BæÁÄ www Í ns ÌʼÉÈèÜ·BCNAME R[hÌpÉ¢ÄÍA½c_Ì ]nª èÜ·BÅàȺÌ[ðçÁĨ¯Îåävŵå¤B MX, CNAME, SOA ÌeR[hÅÍ CNAME R[hðQƵÄÍ¢¯Ü¹ñB±ê çÍ A R[h¾¯ðQƷ׫ÈÌÅ·Bµ½ªÁÄ ______________________________________________________________________ foobar CNAME www ; NO! ______________________________________________________________________ Æ¢¤wèͷ׫ÅÍÈA ______________________________________________________________________ foobar CNAME ns ; Yes! ______________________________________________________________________ Æ¢¤w誳µ¢àÌÆÈèÜ·B rndc reload ðÀsµÄVµ¢f[^x[Xð[hµÜµå¤B·éÆ named ªt@CðÇÝݼµÜ·B $ dig linux.bogus axfr ; <<>> DiG 9.1.3 <<>> linux.bogus axfr ;; global options: printcmd linux.bogus. 259200 IN SOA ns.linux.bogus. hostmaster.linux.bogus. 199802151 28800 7200 2419200 86400 linux.bogus. 259200 IN NS ns.linux.bogus. linux.bogus. 259200 IN MX 10 mail.linux.bogus. linux.bogus. 259200 IN MX 20 mail.friend.bogus. donald.linux.bogus. 259200 IN A 192.168.196.3 donald.linux.bogus. 259200 IN MX 10 mail.linux.bogus. donald.linux.bogus. 259200 IN MX 20 mail.friend.bogus. donald.linux.bogus. 259200 IN TXT "DEK" ftp.linux.bogus. 259200 IN A 192.168.196.5 ftp.linux.bogus. 259200 IN MX 10 mail.linux.bogus. ftp.linux.bogus. 259200 IN MX 20 mail.friend.bogus. gw.linux.bogus. 259200 IN A 192.168.196.1 gw.linux.bogus. 259200 IN TXT "The router" localhost.linux.bogus. 259200 IN A 127.0.0.1 mail.linux.bogus. 259200 IN A 192.168.196.4 mail.linux.bogus. 259200 IN MX 10 mail.linux.bogus. mail.linux.bogus. 259200 IN MX 20 mail.friend.bogus. ns.linux.bogus. 259200 IN MX 10 mail.linux.bogus. ns.linux.bogus. 259200 IN MX 20 mail.friend.bogus. ns.linux.bogus. 259200 IN A 192.168.196.2 www.linux.bogus. 259200 IN CNAME ns.linux.bogus. linux.bogus. 259200 IN SOA ns.linux.bogus. hostmaster.linux.bogus. 199802151 28800 7200 2419200 86400 ;; Query time: 41 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Dec 23 03:12:31 2001 ;; XFR size: 23 records ¤Ü¢ÁĢܷËB²ÌÊèA][t@C»ÌàÌÆ¿åÁÆÄ ¢Ü·B www ¾¯É¢Äà²×ÄÝܵå¤B $ dig www.linux.bogus ; <<>> DiG 9.1.3 <<>> www.linux.bogus ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16633 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.linux.bogus. IN A ;; ANSWER SECTION: www.linux.bogus. 259200 IN CNAME ns.linux.bogus. ns.linux.bogus. 259200 IN A 192.168.196.2 ;; AUTHORITY SECTION: linux.bogus. 259200 IN NS ns.linux.bogus. ;; Query time: 5 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Dec 23 03:14:14 2001 ;; MSG SIZE rcvd: 80 ÂÜè www.linux.bogus Ì{̼OÍ ns.linux.bogus Èí¯Å·B»µ Ä named ª ns É¢ÄÁÄ¢éîñ঵ÄêĢܷB Ƚªv OÈçA±ÌîñÅڱūé͸ŷB ³ÄA±±ÜŪ¼ªB 5.3. tø«][ ¡âvOÍA linux.bogus É é¼OðAÀÛÉÚ±·×«AhX ÉÏ·Å«éæ¤ÉÈÁ½í¯Å·BÅàtø«Ì][àKvÅ·B±êÍ DNS ÅAhXð¼OÉÏ·Å«éæ¤É·é½ßÌàÌÅ·B±Ì¼Oͳ Ü´ÜÈíÞ̽³ñÌT[o (FTP, IRC, WWW ÈÇÈÇ) ɨ¢ÄA È ½ÆÌÊMðFßé©AܽFß½êAÇÌöxÌDæ«ðt^·é©ÈÇ Ì»fÉp¢çêÜ·BC^[lbgÉ éT[rX·×ÄÉANZX·é ½ßÉÍAtø«Ì][ªKvÉÈèÜ·B Ⱥð named.conf ÉLqµÄ¾³¢B ______________________________________________________________________ zone "196.168.192.in-addr.arpa" { type master; notify no; file "pz/192.168.196"; }; ______________________________________________________________________ ±êÍ 0.0.127.in-addr.arpa ÆÜÁ½¯¶Å·Bt@CÌgà¯¶æ ¤ÉÈèÜ·B ______________________________________________________________________ $TTL 3D @ IN SOA ns.linux.bogus. hostmaster.linux.bogus. ( 199802151 ; Serial, todays date + todays serial 8H ; Refresh 2H ; Retry 4W ; Expire 1D) ; Minimum TTL NS ns.linux.bogus. 1 PTR gw.linux.bogus. 2 PTR ns.linux.bogus. 3 PTR donald.linux.bogus. 4 PTR mail.linux.bogus. 5 PTR ftp.linux.bogus. ______________________________________________________________________ ÅÍ rndc reload ðÀsµAnamed ÉÝèt@CðÄÑÇܹAÄÑ dig űêÜÅÌÝèðmFµÜµå¤B ______________________________________________________________________ $ dig -x 192.168.196.4 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58451 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;4.196.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 4.196.168.192.in-addr.arpa. 259200 IN PTR mail.linux.bogus. ;; AUTHORITY SECTION: 196.168.192.in-addr.arpa. 259200 IN NS ns.linux.bogus. ;; ADDITIONAL SECTION: ns.linux.bogus. 259200 IN A 192.168.196.2 ;; Query time: 4 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Dec 23 03:16:05 2001 ;; MSG SIZE rcvd: 107 ______________________________________________________________________ ¤ñAdz»¤Å·ËBSÌà_vµÄ²×ÄÝܵå¤B ______________________________________________________________________ $ dig 196.168.192.in-addr.arpa. AXFR ; <<>> DiG 9.1.3 <<>> 196.168.192.in-addr.arpa. AXFR ;; global options: printcmd 196.168.192.in-addr.arpa. 259200 IN SOA ns.linux.bogus. \ hostmaster.linux.bogus. 199802151 28800 7200 2419200 86400 196.168.192.in-addr.arpa. 259200 IN NS ns.linux.bogus. 1.196.168.192.in-addr.arpa. 259200 IN PTR gw.linux.bogus. 2.196.168.192.in-addr.arpa. 259200 IN PTR ns.linux.bogus. 3.196.168.192.in-addr.arpa. 259200 IN PTR donald.linux.bogus. 4.196.168.192.in-addr.arpa. 259200 IN PTR mail.linux.bogus. 5.196.168.192.in-addr.arpa. 259200 IN PTR ftp.linux.bogus. 196.168.192.in-addr.arpa. 259200 IN SOA ns.linux.bogus. \ hostmaster.linux.bogus. 199802151 28800 7200 2419200 86400 ;; Query time: 6 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Dec 23 03:16:58 2001 ;; XFR size: 9 records ______________________________________________________________________ æ³»¤Å·ËI±Ìæ¤ÈoÍÉÈçÈ©Á½êÍA syslog ÉG[ bZ[WªoĢȢ©©ÄÝܵå¤BâèûÍ``named ðN®·é'' ¼ºÌÅÌZNVÅྵܵ½ËB 5.4. Cð¯ÄÙµ¢±Æ ±±Å¢Â©t¯Á¦Ä¨±Æª èÜ·BãLÅp¢½ IP ÔÍ 'private net' ̤¿ÌêÂÌubN©çæÁÄ«½àÌÅ·BÂÜè±ê çÌ IP ÔÍC^[lbgÅpubNÉp¢é±ÆÍūܹñBÅ· ©ç±Ì HOWTO ÅáƵÄ\¦µÄàÀSÈí¯Å·BÌ_Í notify no; ÌsÅ·B±êÍ named ÉεÄAu][t@CÌÇꩪXV³êÄ àA»êðZJ_ (X[u) T[oÉ`¦È¢vÆ¢¤w¦ð·é±Æ ÉÈèÜ·B BIND 8 È~Ì named ÍA][t@CÌ NS R[hÉ Xg³êÄ¢é¼ÌT[oÉA][ÌXVðmç¹é±ÆªÅ«Ü·B±ê ÍÊíÍÖÈ@\Å·ªAvCx[gÈÀ±ÅͱÌ@\Í off ÉµÄ ¨«Üµå¤B±ÌÀ±ÉæÁÄC^[lbgÉÀf𩯽ÍȢŠµå¤H »µÄà¿ëñA±ÌhCÍËóÌ¢¢©°ñÈàÌÅAgíêÄ¢éA hX௶ËóÌàÌÅ·B»ÀÌ¢EÅp¢çêÄ¢é{¨ÌáÍA ÌÍð©Äº³¢B 5.5. Ⱥtø«ª®ìµÈ¢Ì© ¼Oø«ÌVXeÉÍA¿åÁƵ½uÅ«Ì«¢ªvª¢Â© èÜ ·BÊí±êçª\ÉoÄé±ÆÍ èܹñªAtø«][ÌÝèÅÍ Ç¨ÚÉ©©é±Æª èÜ·B±±©çÈ~ðÇÝißéOÉÍA Ƚ Ì}Vªu ȽÌl[T[ov©çtø«Å«é±ÆðmFµÄ¾³ ¢BÅ«È¢êÍßÁÄâ輵ĩçɵľ³¢B ±±ÅÍAtø«ðOlbg[N©ç©½êɶ¶â·¢ñÂÌâè_ É¢Äc_µÜ·B 5.5.1. tø«][ªã³êÈ¢ T[rXvoC_©çlbg[NAhXóÔÆhCl[ðàç¤ Æ«ÉÍAÊí»ÌhCl[Íã (delegation) ³êÜ·BãÆÍ ´nµÌðÚð·é NS R[ẖÆÅA él[T[o©çÊÌl[ T[oðæ¾·éÆ«Ép¢Ü·BæÉ ``ÞüÈ_'' ÌßÅྵܵ ½BÇñÅÜ·AæËHtø«][ª®ìµÄ¢È¢êÍA¡·®ßÁÄ Çñž³¢B tø«][ÉàãªKvÅ·Bá¦Î 192.168.196 Ìlbg[Nð linux.bogus hCÆêÉvoC_©çàçÁ½Æµ½çAvoC_ ÉÍ NS R[hð³ø«][¾¯ÅÈtø«][ÉàÁ¦Äàç¤K vª èÜ·B in-addr.arpa ©ç ȽÌlbg[NÜÅÌqªèðHÁ Ä¢ÆA¨»çDZ©Å½ÌÖªØêÄ¢é±Æŵå¤B½ªÚ±µÄ ¢éT[rXvoC_ÅBuØêÄ¢éÖvª©t©Á½çAT[rXv oC_ÉAµÄG[ðC³µÄàç¢Üµå¤B 5.5.2. NXX (classless) ÌTulbgðàçÁ½ê ±êÍââxÈbèÉÈèÜ·Bµ©µNXXÌTulbgÍÅßñí ÉÇgíêéæ¤ÉÈÁÄ«½ÌÅA¬³ÈïÐÉ®µÄ¢élÈçA¨ »çgßÉ éŵå¤B ÅßÌC^[lbgðÈñÆ©ÛÅ«Ä¢éÌÍAÀÍNXXTu lbg̨©°ÈÌÅ·BNOÉ IP ÔÌÍÉ¢ĿåÁƵ½¬ ÉÈÁ½±Æª èܵ½B»Ì IETF (Internet Engineering Task Force: C^[lbgª¿áñÆ®¢Ä¢éÌÍÞç̨©°ÈÌÅ·) Ì «l½¿ÍAÞçÌbqðWßıÌâèððµ½Ìŵ½B½¾µÌ οðàÁÄB»ÌοÌêÍA``C'' ¢ÌTulbgðgíȯêÎÈ çÈ¢±ÆA»êÉæÁÄ®ìµÈÈéà̪oÄé±ÆAÅ·B±Ì ½èÉÖ·éà¾ÆA»Ìµ¢ûÉÖµÄÍA Ask Mr. DNS <http://www.acmebw.com/askmrdns/00007.htm> É éDê½ðàð©Ä¾ ³¢B ÇÝܵ½H±±ÅÍྵܹñ©çA¿áñÆÇñž³¢ËB ±Ìâè̼ªÍAÚ±æÌ ISP ª Mr. DNS É¢Ä Á½eNjbNð ðµÄ¢È¯êÎÈçÈ¢AÆ¢¤Æ±ëÉ èÜ·B¬³È ISP ÅÍA± êðmç¸É®©µÄ¢éƱëà éŵå¤B»ÌêÍA ȽªÞç ɪÜñ³¦Ä °È¯ê΢¯Ü¹ñB»êÉAܸ ȽªðµÈ ¢Æ¢¯Ü¹ñË ;-) ðµÄê½çA«ÁÆ¿áñƵ½tø«][ ðÝèµÄêéŵå¤B dig ðgÁijµ¢©Ç¤©m©ßܵå¤B âèÌc輪ÍA Ƚª±ÌeNjbNððµÈ¯êÎÈçÈ¢AÆ¢ ¤Æ±ëÅ·B©MªÈ¯êÎAà¤êxÇÝÉ¢«Üµå¤B»µÄ Mr. DNS Ìà¾Éµ½ªÁÄA©ªÌNXXtø«][ðÝèµÜµå¤B Àͱ±ÉÍà¤êÂgbvªÒ¿\¦Ä¢Ü·B (ñíÉ) â]o ÍA¼OðÌ`F[ÌÉu©ê½±Ì CNAME gbN̪ð½Çé ±ÆªÅ«¸A ȽÌ}VÌtø«É¸sµÄµÜ¤±Æª èÜ·B± ÌÊA»Ì]oͳµÈ¢ANZXNXðÔµ½èAANZXð Ûµ½èAÆÉ©»ñÈæ¤È±ÆÉÈèÜ·B±ÌâèÉøÁ©©Áĵ ÜÁ½çA (Ìm马èÅÍ) Ú±æÌ ISP ÉÞµ© èܹñBg bNðgÁ½NXX][t@CÉA CNAME ÌãíèÉ È½Ì PTR R[hð¼Ú«ñÅà礱ÆÉÈèÜ·B ISP ÉæÁÄÍÊÌð@ðñµÄ¢é±Æà èÜ·B½Æ¦Î Web x[ XÌ form ÉæÁÄtø«Ì}bvðüÍÅ«éæ¤ÉÈÁÄ¢éÆ©A é ¢Í½æ¤ÈS©®^o^VXeÆ©B 5.6. X[uT[o }X^[T[oÅ][ª³µÝèÅ«½çAÈÆà 1 äÌX[u T[oªKvÉÈèÜ·BX[uT[oÍVXeðSÉ·é½ßÉKv ÈàÌÅ·B}X^[ª¿ÄàAlbgÉ¢éOÌlªAX[u©ç ȽÌhCÉÖ·éîñðæ¾Å«éæ¤ÉÈéÌÅ·BX[uÍA Ƚ̢éƱë©çū龯£ê½Æ±ëÉu«Ü·B}X^[ÆX[ uÍAd͹ELANEISPE¬EAÈÇðAÅ«éÀè¤LµÄ¢È¢± ƪ]ܵ¢ÌÅ·B±ê窷×Ä}X^[ÆÙÈÁÄ¢éX[uª©Â ©Á½çA»êÍñíÉÇ¢X[u¾Æ¾¦Ü·B X[uÍAPÉ}X^[©ç][t@CðRs[·él[T[oÅ ·BȺÌæ¤ÉÝèµÜ·B ______________________________________________________________________ zone "linux.bogus" { type slave; file "sz/linux.bogus"; masters { 192.168.196.2; }; }; ______________________________________________________________________ f[^ÌRs[ÉÍ][]Æ¢¤dgÝðp¢Ü·B][]Í SOA R[hŧäµÜ·B ______________________________________________________________________ @ IN SOA ns.linux.bogus. hostmaster.linux.bogus. ( 199802151 ; serial, todays date + todays serial # 8H ; refresh, seconds 2H ; retry, seconds 4W ; expire, seconds 1D ) ; minimum, seconds ______________________________________________________________________ }X^[ÌVAÔªX[uæèà嫢ƫÉÀÁÄ][ª]³ êÜ·BtbV (refresh) ÔÉêñ¸ÂAX[uÍ}X^[ªX V³êĢȢ©Ç¤©`FbNµÜ·B`FbNÅ«È¢ (}X^[ÉÚ± Å«È¢) ÆAX[uÍgC (retry) ÔÉêñ¸ÂÄÚ±ðÝÜ ·BúÀØê (expire) ÔªoßµÄà¸sµ±¯½êÍAX[uÍ» Ì][ðt@CVXe©çíµA»êÈãÍ][îñÌñðsí ÈÈèÜ·B 6. î{IÈZL eBIvV By Jamie Norrish âèðð¯é½ßÌIvVÝè ¢Â©ÈPÈìÆðs¦ÎAT[oðæèÀSÉÅ«AܽT[oÌ×ð á¸Å«Ü·B±±ÅÐî·éàeÍo_Éܹ߬ñBZL eḆ Æðl¦éÈç (l¦é׫ŷ)AlbgãÉ é¼Ì\[XÉ ½ÁÄ ¾³¢ (``ÅãÌÍ''ð²¾³¢)B ȺÌwèÍ named.conf És¢Ü·B±êçÌwèð±Ìt@CÌ options ÌàÉÆA±Ìt@CÅXg³ê½·×ÄÌ][ÉKp ³êÜ·BÁèÌ zone GgÌàÉÆA»Ì][¾¯ÉKp³ê Ü·B zone àÉ©ê½GgÍ options É©ê½Ggæèà Dæ³êÜ·B 6.1. ][]̧À X[uT[oªhCÉηéâí¹É¦éÉÍAvC}T[o ©ç][Ìîñð]µÄéKvª èÜ·Bµ©µX[uT[oÈO ÌzXgÉÍA±Ì]ÌKvÍȢ͸ŷBÅ·©ç][]Í allow-transfer IvVðgÁħÀµÜµå¤Bá¦Î ns.friend.bogus Ì IP AhXÅ é 192.168.1.4 ÆA»ê©çfobO pÌ©ª©gðÇÁ·éÈçÎ: ______________________________________________________________________ zone "linux.bogus" { allow-transfer { 192.168.1.4; localhost; }; }; ______________________________________________________________________ ][]ð§À·êÎAOÌlX©ç©¦éÌÍAÞ窼Úq˽zX gÉÖ·éàe¾¯ÉÀçêÜ·B DNS ÝèÌÚ×SÌðâí¹é±ÆÍ Å«ÈÈéÌÅ·B 6.2. s³p©ççé ܸAàlbg[NÆ[JÌ}V©çÌàÌð̼«A ȽÌÇ ·éhCÈOÖÌâí¹ÍÖ~µÜµå¤B±êÍA«ÓðÁÄ È½Ì DNS T[oðpµæ¤Æ·éÝðÖ~·é¾¯ÅÈA{sK vÈâí¹ð¸çµÜ·B ______________________________________________________________________ options { allow-query { 192.168.196.0/24; localhost; }; }; zone "linux.bogus" { allow-query { any; }; }; zone "196.168.192.in-addr.arpa" { allow-query { any; }; }; ______________________________________________________________________ ³çÉà/[J©çÌàÌð«AÄAIÈâí¹àÖ~µÜ·B± êÉæèLbV õU (cache poisoning attack: ÔáÁ½f[^ðT [oÉè¯é±Æ) Ì믫ª¸ç¹Ü·B ______________________________________________________________________ options { allow-recursion { 192.168.196.0/24; localhost; }; }; ______________________________________________________________________ 6.3. named ð root ÈOÅÀs·é named ð root ÈO©çÀs·éÌÍÇ¢l¦Å·Bjçê½Æ«ÉANb J[ÉDíêé Àð¸ç·±ÆªoÜ·©çBܸ named ð®ì³¹é [UðìèAÉ named ðN®µÄ¢é init XNvgðC³µÜ·B VµìÁ½[U¼ðA named Ì -u tOÉwèµÜ·B á¦Î Debian GNU/Linux 2.2 ÈçA /etc/init.d/bind XNvgðÈºÌ sÌæ¤ÉC³µÜ· ([U named Í ç©¶ß쬵Ĩ«Ü·): ______________________________________________________________________ start-stop-daemon --start --quiet --exec /usr/sbin/named -- -u named ______________________________________________________________________ Red Hat â¼ÌfBXgr [VÅà¯lÉÅ«é͸ŷB Dave Lugo ÍAñÂÌ chroot ðp¢½ZL AÈÝèð <http://www.etherboy.com/dns/chrootdns.html> ÅðàµÄ¢Ü·B«ÁÆ »¡ð½êéÇÒª½¢Åµå¤B±êðp¢êÎ named 𮩵Ģé zXgð³çÉÀSÉÅ«Ü·B 7. ÀÛÌhCÌá ÀÛÉp¢çêÄ¢é][t@CÌá ` [gAÌᾯÅÈÀÛÉ®ìµÄ¢éáðÚ¹Ä~µ¢AÆ¢¤ Ó©ª Á½ÌÅA±ÌÍðݯܵ½B ±ÌáÍ LAND-5 Ì David Bullock ÌÂ̺Ép¢Ä¢Ü·B±êçÌ t@CÍA 1996 N 9 24 ú»ÝÌàÌðAª BIND 9 ̧ÀÆg£ É í¹ÄÒWµ½àÌÅ·Bµ½ªÁı±ÅÌLqÍAÀÛÉ LAND-5 Ì l[T[oÉâ¢í¹ðsÁ½ÊÆͽÙÈèÜ·B 7.1. /etc/named.conf (Ü½Í /var/named/named.conf) }X^[][ZNVƵÄAK{Ìtø«][ªñ©êÄ¢Ü ·B 127.0.0 ÌlbgÆ LAND-5 ÌTulbgÅ é 206.6.177 Å·B LAND-5 ̳ø«][Å é land-5.com àvC}ƵÄwè³êÄ¢ Ü·B][t@CÍ{ HOWTO ̱êÜÅÌáÅp¢Ä¢½ pz ÅÍÈ A zone Æ¢¤fBNgÉûßçêÄ¢é±ÆÉàӵľ³¢B ______________________________________________________________________ // Boot file for LAND-5 name server options { directory "/var/named"; }; controls { inet 127.0.0.1 allow { localhost; } keys { rndc_key; }; }; key "rndc_key" { algorithm hmac-md5; secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K"; }; zone "." { type hint; file "root.hints"; }; zone "0.0.127.in-addr.arpa" { type master; file "zone/127.0.0"; }; zone "land-5.com" { type master; file "zone/land-5.com"; }; zone "177.6.206.in-addr.arpa" { type master; file "zone/206.6.177"; }; ______________________________________________________________________ ±Ìt@Cð È½Ì named.conf t@CÉp¢éÆ«ÉÍAK¸ ``notify no;'' ð land-5 ÌñÂÌ zone ZNVÉÇÁµÄA̪N ±çÈ¢æ¤ÉµÄ¾³¢B 7.2. /var/named/root.hints ±Ìt@CÍ®IÉÏ»·éàÌÅ·©çA±ÌXgÍâŷBÈOÉ à¾µ½æ¤ÉµÄAVµìÁ½àÌðg¢Üµå¤B ______________________________________________________________________ ; <<>> DiG 8.1 <<>> @A.ROOT-SERVERS.NET. ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10 ;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13 ;; QUERY SECTION: ;; ., type = NS, class = IN ;; ANSWER SECTION: . 6D IN NS G.ROOT-SERVERS.NET. . 6D IN NS J.ROOT-SERVERS.NET. . 6D IN NS K.ROOT-SERVERS.NET. . 6D IN NS L.ROOT-SERVERS.NET. . 6D IN NS M.ROOT-SERVERS.NET. . 6D IN NS A.ROOT-SERVERS.NET. . 6D IN NS H.ROOT-SERVERS.NET. . 6D IN NS B.ROOT-SERVERS.NET. . 6D IN NS C.ROOT-SERVERS.NET. . 6D IN NS D.ROOT-SERVERS.NET. . 6D IN NS E.ROOT-SERVERS.NET. . 6D IN NS I.ROOT-SERVERS.NET. . 6D IN NS F.ROOT-SERVERS.NET. ;; ADDITIONAL SECTION: G.ROOT-SERVERS.NET. 5w6d16h IN A 192.112.36.4 J.ROOT-SERVERS.NET. 5w6d16h IN A 198.41.0.10 K.ROOT-SERVERS.NET. 5w6d16h IN A 193.0.14.129 L.ROOT-SERVERS.NET. 5w6d16h IN A 198.32.64.12 M.ROOT-SERVERS.NET. 5w6d16h IN A 202.12.27.33 A.ROOT-SERVERS.NET. 5w6d16h IN A 198.41.0.4 H.ROOT-SERVERS.NET. 5w6d16h IN A 128.63.2.53 B.ROOT-SERVERS.NET. 5w6d16h IN A 128.9.0.107 C.ROOT-SERVERS.NET. 5w6d16h IN A 192.33.4.12 D.ROOT-SERVERS.NET. 5w6d16h IN A 128.8.10.90 E.ROOT-SERVERS.NET. 5w6d16h IN A 192.203.230.10 I.ROOT-SERVERS.NET. 5w6d16h IN A 192.36.148.17 F.ROOT-SERVERS.NET. 5w6d16h IN A 192.5.5.241 ;; Total query time: 215 msec ;; FROM: roke.uio.no to SERVER: A.ROOT-SERVERS.NET. 198.41.0.4 ;; WHEN: Sun Feb 15 01:22:51 1998 ;; MSG SIZE sent: 17 rcvd: 436 ______________________________________________________________________ 7.3. /var/named/zone/127.0.0 ñíÉVvÈàÌÅ·BܸâÎÉKvÈ SOA R[hA»µÄ 127.0.0.1 ð localhost É}bv·éR[hÅ·B±êçͼûÆàK{ Å·BtɱêÈãÌàÌÍu׫ÅÍ èܹñB±Ìt@CÍAgÁ Ä¢él[T[o© hostmaster Ì[AhXªÏX³êÈ¢ÀèAX V·éKvͨ»çȢŵå¤B ______________________________________________________________________ $TTL 3D @ IN SOA land-5.com. root.land-5.com. ( 199609203 ; Serial 28800 ; Refresh 7200 ; Retry 604800 ; Expire 86400) ; Minimum TTL NS land-5.com. 1 PTR localhost. ______________________________________________________________________ KÉCXg[³ê½ BIND ÅÍA±±ÅÌáÌæ¤É $TTL ÌsªÈ¢ ©àµêܹñB±ÌsÍÈOÍp¢çêĨç¸A 8.2 Ì BIND ¾¯ªN ®É±Ìsª³¢|ÌxðoµÜ·BȨ BIND 9 ÅÍ $TTL ÍK{Å ·B 7.4. /var/named/zone/land-5.com ܸK{Å é SOA R[hÆA¯¶K{Ì NS R[hª èÜ·BZ J_Ìl[T[oª ns2.psi.net ÉpÓ³êÄ¢é±Æàí©èÜ· ËB±êÍ]ܵ¢ÝèÅ·BK¸TCgÌOÉobNAbvÌZJ_l [T[oðu׫ŷB}X^[ÌzXgÍ land-5 ÅA±ÌzXgͯ ÉeíÌC^[lbgT[rXðñµÄ¢é±Æàí©èÜ·B±êÉ Í (A R[hÅÈ) CNAME ªp¢çêĢܷB SOA R[h©çí©éæ¤ÉA±Ì][t@CÍ land-5.com ð origin ɵĨèAASÒÍ root@land-5.com Å·B hostmaster àS ÒÌAhXƵÄÇp¢çêÜ·BVAÔÍ yyyymmdd `®ÅA »Ìṳ́¿ÌVAÔªÇÁ³êĢܷB±êÍ«ÁÆ 1996 N 9 20 úÌæ 6 ÅÈÌŵå¤BVAÔÍK¸ÁµÈ¯êÎÈçÈ ¢±Æðv¢oµÄ¾³¢B±±ÉÍúÌVAÔƵÄê µ© g¤±ÆªÅ«Ü¹ñBµ½ªÁÄ 9 ñÏXðsÁ½çAÌÏXðs¤É ÍúÜÅҽȯêÎÈèܹñBñ g¤ûªÇ¢©àµêܹñËB ______________________________________________________________________ $TTL 3D @ IN SOA land-5.com. root.land-5.com. ( 199609206 ; serial, todays date + todays serial # 8H ; refresh, seconds 2H ; retry, seconds 4W ; expire, seconds 1D ) ; minimum, seconds NS land-5.com. NS ns2.psi.net. MX 10 land-5.com. ; Primary Mail Exchanger TXT "LAND-5 Corporation" localhost A 127.0.0.1 router A 206.6.177.1 land-5.com. A 206.6.177.2 ns A 206.6.177.3 www A 207.159.141.192 ftp CNAME land-5.com. mail CNAME land-5.com. news CNAME land-5.com. funn A 206.6.177.2 ; ; Workstations ; ws-177200 A 206.6.177.200 MX 10 land-5.com. ; Primary Mail Host ws-177201 A 206.6.177.201 MX 10 land-5.com. ; Primary Mail Host ws-177202 A 206.6.177.202 MX 10 land-5.com. ; Primary Mail Host ws-177203 A 206.6.177.203 MX 10 land-5.com. ; Primary Mail Host ws-177204 A 206.6.177.204 MX 10 land-5.com. ; Primary Mail Host ws-177205 A 206.6.177.205 MX 10 land-5.com. ; Primary Mail Host ; {Many repetitive definitions deleted - SNIP} ws-177250 A 206.6.177.250 MX 10 land-5.com. ; Primary Mail Host ws-177251 A 206.6.177.251 MX 10 land-5.com. ; Primary Mail Host ws-177252 A 206.6.177.252 MX 10 land-5.com. ; Primary Mail Host ws-177253 A 206.6.177.253 MX 10 land-5.com. ; Primary Mail Host ws-177254 A 206.6.177.254 MX 10 land-5.com. ; Primary Mail Host ______________________________________________________________________ land-5 Ìl[T[oðµÄÝêÎí©èÜ·ªA{ÌzXg¼Í ws_number ÆÈÁĢܷB BIND 4 ÌãÌûÌo[W©çAzXg¼É p¢é±ÆÌū鶪§À³êéæ¤ÉÈèܵ½Bµ½ªÁı̼O Í BIND 8 ÅÍS®ìµÜ¹ñ©çA±Ì HOWTO ÉfÚ·éÛÉÍ '_' (underline) ð '-' (dash) Åu«·¦Üµ½Bµ©µAæÉq×½æ¤ ÉABIND 9 ÅÍÄѱ̧ÀÍÈÈèܵ½B à¤êÂCªÂ«Üµ½©He[NXe[VÉÍÅÊ̼OÍt¢Ä¨ ç¸AvtBbNXÉ IP ÔÌÅãÌñªt¢½`®ÉÈÁĢܷB ±Ìæ¤È½¼û@ðp¢êÎeiXÍÆÄàyÉÈèÜ·ªAââl ÔÆÌ«Í«¢ÌÅAÚqðCC³¹éÊÉÈÁĵܤ©àµêÜ ¹ñB funn.land-5.com à land-5.com ÌGCAXÉÈÁĢܷªA±êÍ CNAME R[hÅÍÈ A R[hðp¢Ä¢Ü·B 7.5. /var/named/zone/206.6.177 ±Ìt@CÉ¢ÄÍãÅRgµÜ·B ______________________________________________________________________ $TTL 3D @ IN SOA land-5.com. root.land-5.com. ( 199609206 ; Serial 28800 ; Refresh 7200 ; Retry 604800 ; Expire 86400) ; Minimum TTL NS land-5.com. NS ns2.psi.net. ; ; Servers ; 1 PTR router.land-5.com. 2 PTR land-5.com. 2 PTR funn.land-5.com. ; ; Workstations ; 200 PTR ws-177200.land-5.com. 201 PTR ws-177201.land-5.com. 202 PTR ws-177202.land-5.com. 203 PTR ws-177203.land-5.com. 204 PTR ws-177204.land-5.com. 205 PTR ws-177205.land-5.com. ; {Many repetitive definitions deleted - SNIP} 250 PTR ws-177250.land-5.com. 251 PTR ws-177251.land-5.com. 252 PTR ws-177252.land-5.com. 253 PTR ws-177253.land-5.com. 254 PTR ws-177254.land-5.com. ______________________________________________________________________ tø«Ì][ÍAÝèÌÅà½Ìßðø«N±·ªÆ¾¦Ü·B± êÍ}VÌ IP Ôªí©ÁÄ¢éêÉAzXg¼ðæ¾·é½ßÉp¢ çêÜ·Bá¦ÎA Ƚª§ÄÄ¢é FTP T[oª FTP NCAg©ç Ú±³ê½ÆµÜµå¤B È½Ì FTP T[oÍmEF[É éÌÅAm EF[ƼÌXJWirAÌXÈO©çÌڱͽßÉA¼ÌX©ç ÌÚ±ÍÈßɧÀµ½¢ÆµÜ·BNCAg©çÚ±³êéÆA C CuÉæÁÄÚ±µÄ«½}VÌ IP Ôðmé±ÆªÅ«Ü·BÈ ºÈçNCAgÌ IP ÔÍAlbg[Nð^ÎêÄ«½ IP pPbg Ì»ê¼êÉ«ÜêÄ¢é©çÅ·B±±Å gethostbyaddr Æ¢¤Ö ðÄ×ÎA IP Ô©çzXg̼Oðø±ÆªÅ«Ü·B gethostbyaddr Í DNS T[oÉqËA DNS T[oÍ DNS ©ç»Ì}VðTµÜ·BÚ± µÄ«½NCAgÍ ws-177200.land-5.com ¾Á½ÆµÄÝܵå¤B C Cuª IRC T[oÉn· IP ÔÍ 206.6.177.200 ÆÈèÜ·Bµ½ ªÁļOðø½ßÉÍ 200.177.6.206.in-addr.arpa ð©Â¯éKvª èÜ·B DNS T[oÍܸ arpa. ÌT[oÉâ¢í¹ðµA in- addr.arpa. ÌT[oð³¦Äàç¢Ü·B±¢Ä 206, 6 ðtÉHÁ ÄAÅãÉ Land-5 Ì][Å é 177.6.206.in-addr.arpa ][𩵠ܷBÅãÉT[oÍA»±©ç 200.177.6.206.in-addr.arpa ÉÎ·é¦ ðüèµÜ·B ``PTR ws-177200.land-5.com'' R[h©çA 206.6.177.200 Í ws-177200.land-5.com Å é±Æªí©èÜ·B FTP T[oÍXJWirAÌXA·Èí¿ *.no, *.se, *.dk ©çÌÚ± ðDæµÜ·ªA ws-177200.land-5.com ;ç©ÉÈãÌÇêÉà}b`µ ܹñ©çAT[oͱÌß±ðAohªæ謳AÅåÚ±àÈ ¢NXÉèÄÜ·B 206.2.177.200 Éηétø«}bvª»à»à in-addr.arpa ][ɶݵȯêÎAT[o͵ļOð©Â¯é±Æ ªÅ«Ü¹ñ©çA 206.2.177.200 »ÌàÌð *.no, *.se, *.dk Æärµ Ü·BÇêÉà}b`·éí¯ÍÈAT[oÍNXÌèĪūȢ »Ìß±ðAÛ·é±Æà è¾Ü·B tø«}bvªdvÈÌÍT[o¾¯¾AÆ¢¤lâA»à»àtø«}bv ÈñÄSRå¶áÈ¢ñ¾AÈñÄ¢¤lª¢é©àµêܹñB±êÍÔ á¢Å·B½Ì ftp, news, IRC T[oÅÍtø«ÌÅ«È¢}V©çÌ Ú±ð۵ܷ (WWW T[oɳ¦Û·éàÌà èÜ·)BÅ·©ç} V¼Ìtø«}bvÍÀÌƱëÍK{ÈÌÅ·B 8. eiX ®ìðÛ·é½ßÉ named ÉÍA½¾ç¹éÈOÉàêÂÛçìƪ èÜ·B root.hints t@CðÅVÌóÔÉÛÂìÆÅ·BêÔÈPÈÌÍ dig ðg¤âèûÅ ·Bܸø«ÈµÅ dig 𮩷ÆA»ÝT[oÅgÁÄ¢é root.hints Ìàeª\¦³êÜ·BÉXg³êÄ¢é[gT[oÌ¢¸ê©Éε Ä dig @rootserver Ìæ¤Éâ¢í¹ðs¢Ü·BoÍÊÍ root.hints ÌàeÉÆÄàæÄ¢é͸ŷB±ÌÊð dig @e.root-servers.net . ns > root.cache.new Ìæ¤ÉÛ¶µÄAâ root.hints Æu«·¦Ü ·B LbV t@CðüêÖ¦½ãÉÍ named ÉÄÇÝݳ¹éÌð¨Y êÈB Al Longyear ªXNvgðÁÄêܵ½B©®IÉ root.hints ðXV µÄêéàÌÅ·B±êðÉêxN®·é crontab ÌGgðCX g[·êÎAãÍS¨Ü©¹Å·BXNvgÅÍA[ª¿áñÆ® ìµÄ¢ÄA[GCAXÆµÄ `hostmaster' ªè`³êÄ¢é±Æð OñƵĢܷB ȽÌÝèÉ í¹ÄnbN·éKvª èÜ·B ______________________________________________________________________ #!/bin/sh # # Update the nameserver cache information file once per month. # This is run automatically by a cron entry. # # Original by Al Longyear # Updated for BIND 8 by Nicolai Langfeldt # Miscelanious error-conditions reported by David A. Ranch # Ping test suggested by Martin Foster # named up-test suggested by Erik Bryer. # ( echo "To: hostmaster <hostmaster>" echo "From: system <root>" # Is named up? Check the status of named. case `rndc status 2>&1` in *refused*) echo "named is DOWN. root.hints was NOT updated" echo exit 0 ;; esac PATH=/sbin:/usr/sbin:/bin:/usr/bin: export PATH # NOTE: /var/named must be writable only by trusted users or this script # will cause root compromise/denial of service opportunities. cd /var/named 2>/dev/null || { echo "Subject: Cannot cd to /var/named, error $?" echo echo "The subject says it all" exit 1 } # Are we online? Ping a server at your ISP case `ping -qnc 1 some.machine.net 2>&1` in *'100% packet loss'*) echo "Subject: root.hints NOT updated. The network is DOWN." echo echo "The subject says it all" exit 1 ;; esac dig @e.root-servers.net . ns >root.hints.new 2> errors case `cat root.hints.new` in *NOERROR*) # It worked :;; *) echo "Subject: The root.hints file update has FAILED." echo echo "The root.hints update has failed" echo "This is the dig output reported:" echo cat root.hints.new errors exit 1 ;; esac echo "Subject: The root.hints file has been updated" echo echo "The root.hints file has been updated to contain the following information:" echo cat root.hints.new chown root.root root.hints.new chmod 444 root.hints.new rm -f root.hints.old errors mv root.hints root.hints.old mv root.hints.new root.hints rndc restart echo echo "The nameserver has been restarted to ensure that the update is complete." echo "The previous root.hints file is now called /var/named/root.hints.old." ) 2>&1 | /usr/lib/sendmail -t exit 0 ______________________________________________________________________ ó: óÒÍܾ BIND 8 ÈÌűÌXNvgðµÄ¢È¢ÌÅ·ªA rndc restart Æ¢¤R}hÍ rndc stop; named Åu«·¦È¢Æ¢¯È ¢æ¤ÈCªµÜ·B root.hints Í Internic ©ç ftp ÅàüèÅ«éAƾ¤±Æð·Åɲ¶ ¶Ìûà¢é©àµêܹñBÅ·ª root.hints ÌXVÉ ftp ÍgíÈ¢ æ¤ÉµÄ¾³¢BãLÌû@ÌÙ¤ªA¸ÁÆulbg (Æ Internic) ÉDµ¢vÌÅ·B 9. BIND 9 ÉÚs·é BIND 9 ÌzzA[JCuâApbP[W»³ê½o[WÉÍA migration Æ¢¤¶ªÜÜêĨèA»±É BIND 8 ©ç BIND 9 ÉÚs· é½ßÌîñªLq³êĢܷB±Ì¶ÍñíÉí©èâ·©êÄ¢ Ü·BoCipbP[WðCXg[µ½êÍA /usr/share/doc/bind* â /usr/doc/bind* ½èÉu©êÄ¢éÆv¢Ü ·B BIND 4 ðgÁÄ¢élÍA¯¶êÉ é migration-4to9 ð©Ä¾³ ¢B 10. Q & A É[·éOÉAܸ±ÌÍðÇñž³¢B 1. Ì named ÅÍ named.boot t@CªKvƾíêÜ· ÇñÅ¢é HOWTO ªÔáÁĢܷB±Ì HOWTO ÌâÅÅÍ bind 4 ̱ÆðµÁĢܷÌÅA»¿çðÇñž³¢B <http://langfeldt.net/DNS-HOWTO/> É èÜ·B 2. t@CAEH[ÌÅ DNS ðg¤ÉÍH qgB forward only;Bܽ ___________________________________________________________________ query-source port 53; ___________________________________________________________________ ª named.conf t@CÌ ``options'' ̪ÉKvÉÈéŵå¤B ``LbV êpÌl[T[o'' ÌßÉ éáÅ¿åÁÆGêܵ½ËB 3. DNS ÉæÁÄA éT[rXÉηéAhXðJèÉÜí· (round- robin ·é) ÉÍǤ·êÎǢŷ©HÂÜèá¦Î www.busy.site É Î·é×ðªU³¹éæ¤É·éÉÍǤ·êÎǢŵ天B www.busy.site Éηé A R[hð¡pÓµÄA 4.9.3 È~Ì BIND ðp¢Üµå¤B BIND Íñð round-robin µÄêÜ·BâÅÌ BIND ÅÍA±êÍ®ìµÜ¹ñB 4. (N[YÈ) CglbgÅ DNS ðg¢½¢ÌÅ·BǤ·êÎÇ¢ Å·©H root.hints t@CðgíÈ¢æ¤ÉµÄA][t@C¾¯ðg¢Ü µå¤B root.hints t@C𢿢¿XV·éKvàÈ¢í¯Å·B 5. ZJ_ (X[u) Ìl[T[oðÝè·éÉÍH vC} (}X^) ÌT[oªAAhX 127.0.0.1 ¾Á½ÆµÄAÈ ºÌæ¤ÈsðZJ_Ì named.conf ÉLqµÜ·B ___________________________________________________________________ zone "linux.bogus" { type slave; file "sz/linux.bogus"; masters { 127.0.0.1; }; }; ___________________________________________________________________ zone îñðæÁıêé}X^T[oª¼Éà éêÍA masters Xg É `;' (Z~R) ÅæØÁÄÇÁ·é±ÆàÅ«Ü·B 6. net ©çØf³êÄ¢éÆ«Éà BIND ð®ì³¹Ä¨«½¢ñÅ·ªB ±êÉÖAµ½Lð 4 ÂÐîµÜµå¤B o BIND 8/9 ÉÁ»µ½âèûð Adam L Rice ªdq[ų¦Äê ܵ½B_CAAbvÌ}VÅ DNS ðèÔ𩯸ɮ쳹é û@Å·B ÍAÅßÌo[WÌ BIND ÅÍA±ê [Ò: t@CðØè Ö¦é] ªà¤sKvÅ é±ÆÉCªÂ«Üµ½B "forwarders" wè̼É"forward" wèªÂ\ÉÈÁÄ¢ÄAãÒÅOÒÌgíêûð §äÅ«éæ¤ÉÈÁÄ¢½ñÅ·BftHgÌÝèÍ "forward first" ÅA ÅÉ»ê¼êÌ forwarders Éâ¢í¹ðs¢A ¸sµ½êÉͶßÄ©ª©gÅ·«Ý²¸ðnßÜ·B±êª CªØêÄ¢éÉ gethostbyname() Éâ½çÆÔª©©ÁÄ µÜ¤A¨È¶ÝÌUé¢Å·Bµ©µ "forward only" ðÝèµÄ ¨ÆA BIND Í forwarders ©ç½ªAÁıȢƷ®É «çßÜ·Bµ½ªÁÄ gethostbyname() à¬â©ÉÔÁÄé ±ÆÉÈèÜ·BÅ·©çZIðgÁÄ /etc Ìt@CðØèÖ¦A T[oðÄN®·éKvÍÈ¢ÌÅ·B ÌêÅÍAȺÌsð named.conf t@CÌ options { } ZNVÉÇÁ·é¾¯Åµ½B forward only; forwarders { 193.133.58.5; }; ÆÁÄà¤Ü®ìµÄÜ·B±Ìû@̽¾êÂÌ_ÍAñíÉ ôû³ê½ DNS \tgEFAðALbV ®ì¾¯µ©µÈ¢ P@\È\tgɵĵܤAÆ¢¤±ÆÅ·B½¾ DNS LbV ¾¯ð·é\tgª êÎÍÀÍ»Á¿ðg¢½¢ñÅ·¯ÇA Linux ÅÍ»Ìæ¤È\tgÍȢݽ¢Å·ËB o ȺÌLÍ Ian Clard <ic@deakin.edu.au> ©çàçÁ½[Å ·BÞÌâèûðྵÄêĢܷB IP }XJ[hð³¹Ä¢éè³Ì}VÅ named ðç¹Ä¢Ü·B root.hints t@CðñÂpӵܷBêÂÍ root.hints.real ÅA {¨Ì root T[o̼Oª©êĢܷBà¤êÂÍ root.hints.fake ÅA»ÌàeÍ... ---- ; root.hints.fake ; this file contains no information ---- Å·BØf·éÆ«ÉÍ root.hints.fake t@Cð root.hints É Rs[µÄ named ðÄN®µÜ·B Ú±·éÆ«ÉÍ root.hints.real t@Cð root.hints ÉRs[ µÄ named ðÄN®µÜ·B ±êçÍ ip-down Æ ip-up Å»ê¼ê©®Às³¹Ä¢Ü·B ItCÌÉhC¼Éηéâ¢í¹ðs¤ÆAnamed Í »êçÉt¢Ämèܹñ©çAȺÌæ¤ÈGgð messages É o͵ܷB Jan 28 20:10:11 hazchem named[10147]: No root nameserver for class IN ±êÍCɵÈÄà©Ü¢Ü¹ñB ÌƱëÅͱêÅSâèÈ®ìµÄ¢Ü·Blbg©çØf ³êÄ¢éÆ«ÍA[J}VÌl[T[oðOÌhC¼É ηé^CAEgÌÒ¿ÔȵÅg¦Ü·µAÚ±³êÄ¢éÆ« ÉÍOÌhCÉηéâ¢í¹ðÊÉs¤±ÆªÅ«Ä¢Ü·B µ©µAPeter Denison Í Ian ÌâèûªÜ¾[ªÅȢƳ¦ÄêÜ µ½BÞÌbZ[WÉæéÆ: IC) LbV ³ê½Gg (Æ[JlbgÌGg) Í ½¾¿Éñ·éBLbV ³êĢȢGgÉ¢ÄÍA ©ªÌ ISP Ìl[T[oÉtH[h·éB ItC) [Jlbg[NÖAÌâí¹Í½¾¿Éñ·éB »Ì¼Ìâí¹É¢ÄÍ **½¾¿É** ¸s·éB root LbV t@CÌÏXÆAâí¹ÌtH[hÆÌgÝí¹Í ¤Ü®ìµÜ¹ñB »±ÅAÍñÂÌ named ð (næ LUG Åc_µÈªç) ȺÌæ¤É ÝèµÜµ½B named-online: ISP Ìl[T[oÖtH[h localnet ][Ì}X^[ localnet Ìtø«][ (1.168.192.in-addr.arpa) Ì}X^[ 0.0.127.in-addr.arpa Ì}X^[ |[g 60053 ÅÒ@ named-offline: tH[hðsíÈ¢ root LbV t@CÍuɹàÌvÉ·é 3 ÂÌ[J][ÌX[u (}X^[Í 127.0.0.1:60053) |[g 61053 ÅÒ@ »µÄ±êð|[gtH[hÆgÝí¹A|[g 53 ðItCÌÉÍ 61053 ÉAICÌÉÍ 60053 ÉtH[hµÜ· (Í 2.3.18 Å Vµ¢ netfilter pbP[Wðg¢Üµ½ªAÈOÌ (ipchains) Ì@\Åà ®ì·é͸ŷB ½¾µ±êÍ}VÌO¤©çÌâí¹ÉÍ®ìµÜ¹ñB BIND 8.2 ÉÍ ¬³ÈoOª ÁÄAX[uð}X^[Ư¶ IP AhXÅÍ (|[gª ÙÈÁÄà) ¯É®ìÅ«È¢©çÅ· (JÒÉÍmç¹Üµ½)B ¾ç©Èpb`ÈÌÅA¨»ç·®É¼éŵå¤B o Øf³êÄ¢éÔÌ·¢}Vɨ¢ÄABIND ªNFS â|[g}b pÆÇÌæ¤ÉÝìp·éÌ©ÉÖ·éîñࢽ¾«Üµ½B Karl-Max Wanger ©çÅ·B C^[lbgÉεÄfoRŽÜɵ©Ú±µÈ¢}VÉÍA Í·×Ä named ðç¹Ä¢Üµ½Bl[T[oÍLbV Æ µÄÌÝ®ìµA authority ðà zone ÍÛL¹¸A·×Äð root.cache t@CÉ©ê½l[T[oÉâ¢í¹ÉsÝèÉ µÄ¢Üµ½B Slackware ̬VÉ]¢Anamed Í nfsd â mountd Ì OÉN®µÄ¢Üµ½B }V̤¿Ìê (Libretto 30 notebook) ÅAâèªN±èܵ½B Ì[JÈ LAN ÉÂȪÁÄ¢é¼Ì}V©çA»Ì}Vð mount Å«ÈÈÁĵܤÌÅ· (²½ÜÉÅ«éà èÜ·ª)B ±êÍÚ±`®É˶¹¸A PLIP Åà PCMCIA ÌC[TlbgJ[hÅàA VAoRÌ PPP Å௶æ¤ÉN±èܵ½B µÎçÀ±Æl@ðsÁ½ãAȺÌæ¤È_ÉBµÜµ½B nfsd Æ mountd ªN®É portmapper ÉεÄsÁ½o^®ì (ͱêçÌf[ðAÊíÊèu[gÉX^[gµÄ¢Üµ½) ðA named Íß¿áß¿áɵĵܤÌÅ·B named ÌN®ð nfsd Æ mountd Ì ÆÉs¤æ¤Éµ½Æ±ëA±ÌâèÍ®SÉ ðµÜµ½B u[gÌð±Ìæ¤ÉÏX·é±ÆÉæésÍÜÁ½ èܹñ ©çAöÝIÈâèðð¯é½ßÉA±Ìæ¤É·é±Æð·×ÄÌ F³ñɨEßµ½¢Æv¢Ü·B 7. LbV l[T[oÍDZÉLbV ðÛ¶µÄ¢éÌHLb V ÌTCYͧäÅ«Ü·©H LbV Í·×ÄÉÛdzêĢܷBfBXNÉ«Üêé ±ÆÍÜÁ½ èܹñB named ð kill ·éÆALbV à¸íê Ü·BLbV ð§ä·éû@Í èܹñB named ÌLbV Ç ÍPÈ[É]ÁÄ¢é©çÅ·BLbV »ÌàÌàA é¢Í LbV ÌTCYàAÇñÈRª ê§äūܹñB±Ì_ðuC ³vµ½¯êÎ named ðnbNµÄàǢŵå¤B¨··ßÍūܹ ñªB 8. named ÍÄN®³êéÆ«ÉLbV ðÛ¶µÄêÜ·©HÛ¶·é æ¤ÉÅ«Ü·©H ¢¢¦A named ÍI¹ÉLbV ðÛ¶µÜ¹ñBÂÜè named ð kill µÄÄN®·é½ÑÉALbV Í[©çÄ\¬³êÜ·B LbV ðt@CÉÛ¶·éæ¤É named Éw¦·éû@ÍÈ¢ÌÅ ·B±Ì_ðuC³vµ½¯êÎ named ðnbNµÄàǢŵå¤B¨ ··ßÍūܹñªB 9. hCðèÉüêéÉÍǤ·ê΢¢Å·©HÍ (á¦Î) linux- rules.net Æ¢¤hCð§¿ã°½¢ÌÅ·ªA±ÌhCðè ÄÄàç¤ÉÍǤ·ê΢¢Ìŵ天B lbg[NT[rXvoC_ÉAµÄÝêÎA¨»ç¯Äàç ¦éŵå¤BȨ¢EÌÙÆñÇÌnæÅÍAhCÌüèÉÍ¨à ªKvÅ é͸ŷB 10. DNS T[oðÀSÉ·éÉÍǤ·ê΢¢Åµå¤H split DNS ÌÝè ̵©½ÍH ¼ûÆàxÈbèÉÈèÜ·B¢¸êà <http://www.etherboy.com/dns/chrootdns.html> Åæèã°çêÄ¢Ü ·B±ÌbèÍA±êÈã±±Å͵¢Ü¹ñB 11. æènûµ½ DNS ÇÒÉÈé½ßÉ ¶£Æc[ µÁ©èµ½¶£ª¿áñƶݵĢܷBICÌàÌÆóü³êÄ ¢éàÌƪ»ê¼ê èÜ·B¦È DNS ÇÒªnûµ½ DNS ÇÒÉÈ é½ßÌXebvð¥ÞÉÍA±Ì̢©ðÇޱƪKvÅ·B Í The Concise Guide to DNS and BIND (by Nicolai Langfeldt, Que, ISBN 0-7897-2273-9) ð«Üµ½B±Ì{Í±Ì HOWTO ÆAÆÄàÄ¢ Ü·ªA½Ú×ÉA»µÄ¸ÁÆL¢bèðµÁĢܷB±Ì{Í|[ hêÉ|ó³êAHelion ©ç DNS i BIND ƵÄoųêĢܷB ( <http://helion.pl/ksiazki/dnsbin.htm>, ISBN 83-7197-446-9) C. Liu P. Albitz ª¢½ DNS and BIND ÍA¡âælÅÆÈèܵ½ (O'Reilly & Associates, ISBN 0-937175-82-X. ob^{ƵÄmçêĢܷ)Bܽ Linux DNS Server Administration Æ¢¤{ª Craig Hunt ÉæÁÄ© êASybex ©çoųêĢܷ (ISBN 0782127363)BͱêÍܾÇñÅ ¢Ü¹ñBÇ¢ DNS (»Ì¼ÈñÅà) ÌÇÒÉÈé½ßÉÍA Robert M. Pirsig Ì Zen and the Art of Motorcycle Maintenance àKÇŵå¤B ó: Langfeldt ³ñÌ{Ìú{êóÍAI[ЩçwDNS & BIND üåx <http://www.ohmsha.co.jp/data/books/contents/4-274-06421-2.htm> Æ¢¤ ^CgÅoųêĢܷBIC[ÌwDNS & BINDxÌú{êÅÍA» Ýæ3Å <http://www.oreilly.co.jp/BOOK/dns3/> ªoųêĨèAæ4Å àßXɧ\èÆ̱ÆÅ·B ICÅÍAÌ{ (â»Ì¼ÌåÊÌ{) ðdqIÉwÇ·éT[rX ª <http://safari.informit.com/> É èÜ·B <http://www.dns.net/dnsrd> (DNS Resources Directory) â <http://www.isc.org/bind.html> Åà¢ë¢ë©Â©èÜ·B FAQAt@ X}j AA_¶âvgRè`â DNS ÌnbNà èÜ· (±ê çâAȺɦ· RFC Ì (SÅÍȢɹæ) ÙÆñÇÍA BIND Ìzz A[JCuÉÜÜêĢܷ)BÍ±Ì ½èÌÙÆñÇÍÇñŢܹ ñBj [XO[v comp.protocols.tcp-ip.domains ÅÍ DNS Ìc_ðµ ĢܷBܽ DNS ÉÖ·é RFC ཱིñ¶ÝµÄ¢Ü·BÅàdvÈ àÌðȺɰĨ«Ü·B BCP (Best Current Practice) ÌÔªt¢ Ä¢éàÌÍKÇÅ·B RFC 2671 P. Vixie, Extension Mechanisms for DNS (EDNS0) August 1999. RFC 2317 BCP 20, H. Eidnes et. al. Classless IN-ADDR.ARPA delegation, March 1998. This is about CIDR, or classless subnet reverse lookups. RFC 2308 M. Andrews, Negative Caching of DNS Queries, March 1998. About negative caching and the $TTL zone file directive. RFC 2219 BCP 17, M. Hamilton and R. Wright, Use of DNS Aliases for Network Services, October 1997. About CNAME usage. RFC 2182 BCP 16, R. Elz et. al., Selection and Operation of Secondary DNS Servers, July 1997. RFC 2052 A. Gulbrandsen, P. Vixie, A DNS RR for specifying the location of services (DNS SRV), October 1996 RFC 1918 Y. Rekhter, R. Moskowitz, D. Karrenberg, G. de Groot, E. Lear, Address Allocation for Private Internets, 02/29/1996. RFC 1912 D. Barr, Common DNS Operational and Configuration Errors, 02/28/1996. RFC 1912 Errors B. Barr Errors in RFC 1912. Only available at <http://www.cis.ohio-state.edu/~barr/rfc1912-errors.html> RFC 1713 A. Romao, Tools for DNS debugging, 11/03/1994. RFC 1712 C. Farrell, M. Schulze, S. Pleitner, D. Baldoni, DNS Encoding of Geographical Location, 11/01/1994. RFC 1183 R. Ullmann, P. Mockapetris, L. Mamakos, C. Everhart, New DNS RR Definitions, 10/08/1990. RFC 1035 P. Mockapetris, Domain names - implementation and specification, 11/01/1987. RFC 1034 P. Mockapetris, Domain names - concepts and facilities, 11/01/1987. RFC 1033 M. Lottor, Domain administrators operations guide, 11/01/1987. RFC 1032 M. Stahl, Domain administrators guide, 11/01/1987. RFC 974 C. Partridge, Mail routing and the domain system, 01/01/1986.