Home
Contents

Book Fire Online by http://bookfire.net
Prev Page Next Page
 
Main Page
Table of content
Copyright
Preface
Versions
What's New in the Fourth Edition?
Organization
Audience
Obtaining the Example Programs
Contacting O'Reilly
Conventions Used in This Book
Quotations
Acknowledgments
Chapter 1. Background
1.1 A (Very) Brief History of the Internet
1.2 On the Internet and internets
1.3 The Domain Name System in a Nutshell
1.4 The History of BIND
1.5 Must I Use DNS?
Chapter 2. How Does DNS Work?
2.1 The Domain Name Space
2.2 The Internet Domain Name Space
2.3 Delegation
2.4 Name Servers and Zones
2.5 Resolvers
2.6 Resolution
2.7 Caching
Chapter 3. Where Do I Start?
3.1 Getting BIND
3.2 Choosing a Domain Name
Chapter 4. Setting Up BIND
4.1 Our Zone
4.2 Setting Up Zone Data
4.3 Setting Up a BIND Configuration File
4.4 Abbreviations
4.5 Host Name Checking (BIND 4.9.4 and Later Versions)
4.6 Tools
4.7 Running a Primary Master Name Server
4.8 Running a Slave Name Server
4.9 Adding More Zones
4.10 What Next?
Chapter 5. DNS and Electronic Mail
5.1 MX Records
5.2 What's a Mail Exchanger, Again?
5.3 The MX Algorithm
Chapter 6. Configuring Hosts
6.1 The Resolver
6.2 Sample Resolver Configurations
6.3 Minimizing Pain and Suffering
6.4 Vendor -Specific Options
Chapter 7. Maintaining BIND
7.1 Controlling the Name Server
7.2 Updating Zone Data Files
7.3 Organizing Your Files
7.4 Changing System File Locations in BIND 8 and 9
7.5 Logging in BIND 8 and 9
7.6 Keeping Everything Running Smoothly
Chapter 8. Growing Your Domain
8.1 How Many Name Servers?
8.2 Adding More Name Servers
8.3 Registering Name Servers
8.4 Changing TTLs
8.5 Planning for Disasters
8.6 Coping with Disaster
Chapter 9. Parenting
9.1 When to Become a Parent
9.2 How Many Children?
9.3 What to Name Your Children
9.4 How to Become a Parent: Creating Subdomains
9.5 Subdomains of in-addr.arpa Domains
9.6 Good Parenting
9.7 Managing the Transition to Subdomains
9.8 The Life of a Parent
Chapter 10. Advanced Features
10.1 Address Match Lists and ACLs
10.2 DNS Dynamic Update
10.3 DNS NOTIFY (Zone Change Notification)
10.4 Incremental Zone Transfer (IXFR)
10.5 Forwarding
10.6 Views
10.7 Round Robin Load Distribution
10.8 Name Server Address Sorting
10.9 Preferring Name Servers on Certain Networks
10.10 A Nonrecursive Name Server
10.11 Avoiding a Bogus Name Server
10.12 System Tuning
10.13 Compatibility
10.14 The ABCs of IPv6 Addressing
10.15 Addresses and Ports
10.16 IPv6 Forward and Reverse Mapping
Chapter 11. Security
11.1 TSIG
11.2 Securing Your Name Server
11.3 DNS and Internet Firewalls
11.4 The DNS Security Extensions
Chapter 12. nslookup and dig
12.1 Is nslookup a Good Tool?
12.2 Interactive Versus Noninteractive
12.3 Option Settings
12.4 Avoiding the Search List
12.5 Common Tasks
12.6 Less Common Tasks
12.7 Troubleshooting nslookup Problems
12.8 Best of the Net
12.9 Using dig
Chapter 13. Reading BIND Debugging Output
13.1 Debugging Levels
13.2 Turning On Debugging
13.3 Reading Debugging Output
13.4 The Resolver Search Algorithm and Negative Caching (BIND 8)
13.5 The Resolver Search Algorithm and Negative Caching (BIND 9)
13.6 Tools
Chapter 14. Troubleshooting DNS and BIND
14.1 Is NIS Really Your Problem?
14.2 Troubleshooting Tools and Techniques
14.3 Potential Problem List
14.4 Transition Problems
14.5 Interoperability and Version Problems
14.6 TSIG Errors
14.7 Problem Symptoms
Chapter 15. Programming with the Resolver and Name Server Library Routines
15.1 Shell Script Programming with nslookup
15.2 C Programming with the Resolver Library Routines
15.3 Perl Programming with Net::DNS
Chapter 16. Miscellaneous
16.1 Using CNAME Records
16.2 Wildcards
16.3 A Limitation of MX Records
16.4 Dialup Connections
16.5 Network Names and Numbers
16.6 Additional Resource Records
16.7 DNS and WINS
16.8 DNS and Windows 2000
Appendix A. DNS Message Format and Resource Records
A.1 Master File Format
A.2 DNS Messages
A.3 Resource Record Data
Appendix B. BIND Compatibility Matrix
Appendix C. Compiling and Installing BIND on Linux
C.1 Instructions for BIND 8.2.3
C.2 Instructions for BIND 9.1.0
Appendix D. Top-Level Domains
Appendix E. BIND Name Server and Resolver Configuration
E.1 BIND Name Server Boot File Directives and Configuration File Statements
E.2 BIND 4 Boot File Directives
E.3 BIND 8 Configuration File Statements
E.4 BIND 9 Configuration File Statements
E.5 BIND Resolver Statements
Colophon
Index
Index SYMBOL
Index A
Index B
Index C
Index D
Index E
Index F
Index G
Index H
Index I
Index J
Index K
Index L
Index M
Index N
Index O
Index P
Index Q
Index R
Index S
Index T
Index U
Index V
Index W
Index X
Index Y
Index Z
I l@ve RuBoard Previous Section Next Section

10.15 Addresses and Ports

BIND 9 name servers can use both IPv4 and IPv6 as a transport; that is, they can send and receive queries and responses over IPv4 and IPv6. BIND 8 name servers support only IPv4 as a transport. However, both name servers support similar substatements to configure which network interfaces and ports they listen on and send queries from.

10.15.1 Configuring the IPv4 Transport

You can specify which network interface your BIND 8 or BIND 9 name server listens on for queries using the listen-on substatement. In its simplest form, listen-on takes an address match list as an argument:

options {
	listen-on { 192.249.249/24; };
};

The name server listens on any of the local host's network interfaces whose addresses match the address match list. To specify an alternate port (one other than 53) to listen on, use the port modifier:

options {
	listen-on port 5353 { 192.249.249/24; };
};

In BIND 9, you can even specify a different port for each network interface:

options {
	listen-on { 192.249.249.1 port 5353; 192.253.253.1 port 1053; };
};

Note that there's no way to configure most resolvers to query a name server on an alternate port, so this name server might not be as useful as you'd think. Still, it can serve zone transfers, because you can specify an alternate port in a masters substatement:

zone "movie.edu" {
	type slave;
	masters port 5353 { 192.249.249.1; };
	file "bak.movie.edu";
};

Or, if your BIND 9 name server has multiple master name servers, each listening on a different port, you can use something like:

zone "movie.edu" {
	type slave;
	masters { 192.249.249.1 port 5353; 192.253.253.1 port 1053; };
	file "bak.movie.edu";
};

BIND 9 even allows you to send your NOTIFY messages to alternate ports. To tell your master name server to notify all its slave name servers on the same oddball port, use:

also-notify port 5353 { 192.249.249.9; 192.253.253.9; }; // zardoz's two addresses

To notify each on a different port, use:

also-notify { 192.249.249.9 port 5353; 192.249.249.1 port 1053; };

If your slave name server needs to use a particular local network interface to send queries—perhaps because one of its master name servers recognizes it by only one of its many addresses—use the query-source substatement:

options {
	query-source address 192.249.249.1;
};

Note that the argument isn't an address match list; it's a single IP address. You can also specify a particular source port to use for queries:

options {
	query-source address 192.249.249.1 port 53;
};

BIND's default behavior is to use whichever network interface the route to the destination points out and a random, unprivileged port, i.e.:

options {
	query-source address * port *;
};

Note that query-source applies only to UDP-based queries; TCP-based queries always choose the source address according to the routing table and use a random source port.

There's an analogous transfer-source substatement that controls the source address to use for zone transfers. In BIND 9, it also applies to a slave name server's SOA queries and to forwarded dynamic updates:

options {
	transfer-source 192.249.249.1;
};

As with query-source, the argument is just a single IP address, but with no address keyword. With BIND 8, there's no port modifier. With BIND 9, you can specify a source port:

options {
	transfer-source 192.249.249.1 port 1053;
};

However, that source port applies only to UDP-based traffic (i.e., SOA queries and forwarded dynamic updates).

transfer-source can also be used as a zone substatement, in which case it applies only to transfers (and, for BIND 9, SOA queries and dynamic updates) of that zone:

zone "movie.edu" {
	type slave;
	masters { 192.249.249.3; };
	file "bak.movie.edu";
	transfer-source 192.249.249.1; // always use IP address on same network
                                   // for transfers of movie.edu
};

Finally, as of BIND 9.1.0, there's even a substatement that lets you control which address you send NOTIFY messages from, called notify-source. This comes in handy with multihomed name servers since slaves only accept NOTIFY messages for a zone from IP addresses in that zone's masters substatement. notify-source's syntax is similar to the syntax of the other -source substatements; for example:

options {
	notify-source 192.249.249.1;
};

As with transfer-source, notify-source can specify a source port and can be used as a zone statement to apply only to that zone:

zone {
	type slave;
	masters { 192.249.249.3; };
	file "bak.movie.edu";
	notify-source 192.249.249.1 port 5353;
};

10.15.2 Configuring the IPv6 Transport

By default, a BIND 9 name server won't listen for IPv6-based queries. To configure it to listen on the local host's IPv6 network interfaces, use the listen-on-v6 substatement:

options {
	listen-on-v6 { any; };
};

Unlike its IPv4 counterpart, the listen-on-v6 substatement accepts only any and none as arguments. You can, however, configure a BIND 9 name server to listen on an alternate port—or even multiple ports—with the port modifier:

options {
	listen-on-v6 port 1053 { any; };
};

The default port is, of course, 53.

You can also determine which IPv6 address your name server uses as the source port for outgoing queries with the transfer-source-v6 substatement, as in:

options {
	transfer-source-v6 222:10:2521:1:210:4bff:fe10:d24;
};

or:

options {
	transfer-source-v6 port 53 222:10:2521:1:210:4bff:fe10:d24;
};

The default is to use the source address corresponding to whichever network interface the route points out and a random, unprivileged source port. As with transfer-source, you can use transfer-source-v6 as a zone substatement. And the source port applies only to SOA queries and forwarded dynamic updates.

Finally, BIND 9.1.0 and later let you determine which IPv6 address to use in NOTIFY messages, à la the notify-source substatement. The IPv6 substatement is called, not surprisingly, notify-source-v6:

options {
	notify-source-v6 222:10:2521:1:210:4bff:fe10:d24;
};

As with transfer-source-v6, you can specify a source port and use the substatement in a zone statement.


    I l@ve RuBoard Previous Section Next Section
    Linking to Www Google.Com. Host by Book Fire