DNS and BIND (5th Edition)
Format: PDF / Kindle (mobi) / ePub
DNS and BIND tells you everything you need to work with one of the Internet's fundamental building blocks: the distributed host information database that's responsible for translating names into addresses, routing mail to its proper destination, and even listing phone numbers with the new ENUM standard. This book brings you up-to-date with the latest changes in this crucial service.
The fifth edition covers BIND 9.3.2, the most recent release of the BIND 9 series, as well as BIND 8.4.7. BIND 9.3.2 contains further improvements in security and IPv6 support, and important new features such as internationalized domain names, ENUM (electronic numbering), and SPF (the Sender Policy Framework).
Whether you're an administrator involved with DNS on a daily basis or a user who wants to be more informed about the Internet and how it works, you'll find that this book is essential reading.
- What DNS does, how it works, and when you need to use it
- How to find your own place in the Internet's namespace
- Setting up name servers
- Using MX records to route mail
- Configuring hosts to use DNS name servers
- Subdividing domains (parenting)
- Securing your name server: restricting who can query your server, preventing unauthorized zone transfers, avoiding bogus servers, etc.
- The DNS Security Extensions (DNSSEC) and Transaction Signatures (TSIG)
- Mapping one name to several servers for load sharing
- Dynamic updates, asynchronous notification of change to a zone, and incremental zone transfers
- Troubleshooting: using nslookup and dig, reading debugging output, common problems
- DNS programming using the resolver library and Perl's Net::DNS module
or MX records for a given domain name, or querying a particular nameserver for data. We'll cover these first, before moving on to the more occasional stuff. Looking Up Different Record Types By default, nslookup looks up the address for a domain name, or the domain name for an address. You can look up any record type by changing the querytype, as we show in this example: %nslookup Default Server: toystory.movie.edu Address: 0.0.0.0#53 > misery Look up address Server: toystory.movie.edu
nlookup(nisc.sri.com) id 18470 type=1 class=1 req: missed 'nisc.sri.com' as 'com' (cname=0) forw: forw -> [22.214.171.124].53 ds=7 nsid=58732 id=18470 0ms retry 4 sec resend(addr=1 n=0) -> [126.96.36.199].53 ds=7 nsid=58732 id=18470 0ms Now nslookup is getting impatient, and it queries our local nameserver again. Notice that it uses the same source port. The local nameserver ignores the duplicate query and tries forwarding the query two more times: datagram from [188.8.131.52].1051, fd 5, len 30
transfers to all hosts. blackhole Specifies a list of addresses the server doesn't accept queries from or use to resolve a query. Queries from these addresses aren't responded to. The default is none. Interfaces The interfaces and ports that the server answers queries from may be specified using the listen-on option. listen-on takes an optional port, and an address_match_list. The server listens on all interfaces allowed by the address match list. If a port is not specified, port 53
speed up the convergence of slave zones, but it also may increase the load on the remote nameserver. transfers-per-ns may be overridden on a per-server basis by using the transfers phrase of the server statement. transfer-source transfer-source determines which local addresses are bound to IPv4 TCP connections that fetch zones transferred inbound by the server. It also determines the source IPv4 address, and optionally the UDP port, used for the refresh queries and forwarded dynamic updates.
signature field, The RRSIG Record signer's name field, The RRSIG Record rsync tool, Adding More Nameservers RTT (round-trip time), Preferring Nameservers on Certain Networks choosing between nameservers based on, Preferring Nameservers on Certain Networks S search algorithm, resolver, The Resolver Search Algorithm and Negative Caching (BIND 8) search directive (BIND resolvers), The BIND 4.8.3 search list search list, The Search List, The BIND 4.9 and later search list, The BIND