Home
Contents

Book Fire Online by http://bookfire.net
Prev Page Next Page
 
Main Page
Table of content
Copyright
Preface
Versions
What's New in the Fourth Edition?
Organization
Audience
Obtaining the Example Programs
Contacting O'Reilly
Conventions Used in This Book
Quotations
Acknowledgments
Chapter 1. Background
1.1 A (Very) Brief History of the Internet
1.2 On the Internet and internets
1.3 The Domain Name System in a Nutshell
1.4 The History of BIND
1.5 Must I Use DNS?
Chapter 2. How Does DNS Work?
2.1 The Domain Name Space
2.2 The Internet Domain Name Space
2.3 Delegation
2.4 Name Servers and Zones
2.5 Resolvers
2.6 Resolution
2.7 Caching
Chapter 3. Where Do I Start?
3.1 Getting BIND
3.2 Choosing a Domain Name
Chapter 4. Setting Up BIND
4.1 Our Zone
4.2 Setting Up Zone Data
4.3 Setting Up a BIND Configuration File
4.4 Abbreviations
4.5 Host Name Checking (BIND 4.9.4 and Later Versions)
4.6 Tools
4.7 Running a Primary Master Name Server
4.8 Running a Slave Name Server
4.9 Adding More Zones
4.10 What Next?
Chapter 5. DNS and Electronic Mail
5.1 MX Records
5.2 What's a Mail Exchanger, Again?
5.3 The MX Algorithm
Chapter 6. Configuring Hosts
6.1 The Resolver
6.2 Sample Resolver Configurations
6.3 Minimizing Pain and Suffering
6.4 Vendor -Specific Options
Chapter 7. Maintaining BIND
7.1 Controlling the Name Server
7.2 Updating Zone Data Files
7.3 Organizing Your Files
7.4 Changing System File Locations in BIND 8 and 9
7.5 Logging in BIND 8 and 9
7.6 Keeping Everything Running Smoothly
Chapter 8. Growing Your Domain
8.1 How Many Name Servers?
8.2 Adding More Name Servers
8.3 Registering Name Servers
8.4 Changing TTLs
8.5 Planning for Disasters
8.6 Coping with Disaster
Chapter 9. Parenting
9.1 When to Become a Parent
9.2 How Many Children?
9.3 What to Name Your Children
9.4 How to Become a Parent: Creating Subdomains
9.5 Subdomains of in-addr.arpa Domains
9.6 Good Parenting
9.7 Managing the Transition to Subdomains
9.8 The Life of a Parent
Chapter 10. Advanced Features
10.1 Address Match Lists and ACLs
10.2 DNS Dynamic Update
10.3 DNS NOTIFY (Zone Change Notification)
10.4 Incremental Zone Transfer (IXFR)
10.5 Forwarding
10.6 Views
10.7 Round Robin Load Distribution
10.8 Name Server Address Sorting
10.9 Preferring Name Servers on Certain Networks
10.10 A Nonrecursive Name Server
10.11 Avoiding a Bogus Name Server
10.12 System Tuning
10.13 Compatibility
10.14 The ABCs of IPv6 Addressing
10.15 Addresses and Ports
10.16 IPv6 Forward and Reverse Mapping
Chapter 11. Security
11.1 TSIG
11.2 Securing Your Name Server
11.3 DNS and Internet Firewalls
11.4 The DNS Security Extensions
Chapter 12. nslookup and dig
12.1 Is nslookup a Good Tool?
12.2 Interactive Versus Noninteractive
12.3 Option Settings
12.4 Avoiding the Search List
12.5 Common Tasks
12.6 Less Common Tasks
12.7 Troubleshooting nslookup Problems
12.8 Best of the Net
12.9 Using dig
Chapter 13. Reading BIND Debugging Output
13.1 Debugging Levels
13.2 Turning On Debugging
13.3 Reading Debugging Output
13.4 The Resolver Search Algorithm and Negative Caching (BIND 8)
13.5 The Resolver Search Algorithm and Negative Caching (BIND 9)
13.6 Tools
Chapter 14. Troubleshooting DNS and BIND
14.1 Is NIS Really Your Problem?
14.2 Troubleshooting Tools and Techniques
14.3 Potential Problem List
14.4 Transition Problems
14.5 Interoperability and Version Problems
14.6 TSIG Errors
14.7 Problem Symptoms
Chapter 15. Programming with the Resolver and Name Server Library Routines
15.1 Shell Script Programming with nslookup
15.2 C Programming with the Resolver Library Routines
15.3 Perl Programming with Net::DNS
Chapter 16. Miscellaneous
16.1 Using CNAME Records
16.2 Wildcards
16.3 A Limitation of MX Records
16.4 Dialup Connections
16.5 Network Names and Numbers
16.6 Additional Resource Records
16.7 DNS and WINS
16.8 DNS and Windows 2000
Appendix A. DNS Message Format and Resource Records
A.1 Master File Format
A.2 DNS Messages
A.3 Resource Record Data
Appendix B. BIND Compatibility Matrix
Appendix C. Compiling and Installing BIND on Linux
C.1 Instructions for BIND 8.2.3
C.2 Instructions for BIND 9.1.0
Appendix D. Top-Level Domains
Appendix E. BIND Name Server and Resolver Configuration
E.1 BIND Name Server Boot File Directives and Configuration File Statements
E.2 BIND 4 Boot File Directives
E.3 BIND 8 Configuration File Statements
E.4 BIND 9 Configuration File Statements
E.5 BIND Resolver Statements
Colophon
Index
Index SYMBOL
Index A
Index B
Index C
Index D
Index E
Index F
Index G
Index H
Index I
Index J
Index K
Index L
Index M
Index N
Index O
Index P
Index Q
Index R
Index S
Index T
Index U
Index V
Index W
Index X
Index Y
Index Z
I l@ve RuBoard Previous Section Next Section

2.4 Name Servers and Zones

The programs that store information about the domain name space are called name servers. Name servers generally have complete information about some part of the domain name space (a zone), which they load from a file or from another name server. The name server is then said to have authority for that zone. Name servers can be authoritative for multiple zones, too.

The difference between a zone and a domain is important, but subtle. All top-level domains, and many domains at the second level and lower, such as berkeley.edu and hp.com, are broken into smaller, more manageable units by delegation. These units are called zones. The edu domain, shown in Figure 2-8, is divided into many zones, including the berkeley.edu zone, the purdue.edu zone, and the nwu.edu zone. At the top of the domain, there's also an edu zone. It's natural that the folks who run edu would break up the edu domain: otherwise, they'd have to manage the berkeley.edu subdomain themselves. It makes much more sense to delegate berkeley.edu to Berkeley. What's left for the folks who run edu? The edu zone, which would contain mostly delegation information for subdomains of edu.

Figure 2-8. The edu domain broken into zones
figs/dns4_0208.gif

The berkeley.edu subdomain is, in turn, broken up into multiple zones by delegation, as shown in Figure 2-9. There are delegated subdomains called cc, cs, ce, me, and more. Each of these subdomains is delegated to a set of name servers, some of which are also authoritative for berkeley.edu. However, the zones are still separate, and may have a totally different group of authoritative name servers.

Figure 2-9. The berkeley.edu domain broken into zones
figs/dns4_0209.gif

A zone and a domain may share the same domain name but contain different nodes. In particular, the zone doesn't contain any nodes in delegated subdomains. For example, the top-level domain ca (for Canada) has subdomains called ab.ca, on.ca, and qc.ca, for the provinces Alberta, Ontario, and Quebec. Authority for the ab.ca, on.ca, and qc.ca subdomains may be delegated to name servers in each of the provinces. The domain ca contains all the data in ca plus all the data in ab.ca, on.ca, and qc.ca. But the zone ca contains only the data in ca (see Figure 2-10), which is probably mostly pointers to the delegated subdomains. And ab.ca, on.ca, and qc.ca are separate zones from the ca zone.

Figure 2-10. The domain ca . . .
figs/dns4_0210.gif

If a subdomain of the domain isn't delegated away, however, the zone contains the domain names and data in the subdomain. So the bc.ca and sk.ca (British Columbia and Saskatchewan) subdomains of the ca domain may exist, but might not be delegated. (Perhaps the provincial authorities in B.C. and Saskatchewan aren't yet ready to manage their own zones, but the authorities running the top-level ca zone want to preserve the consistency of the namespace and implement subdomains for all of the Canadian provinces right away.) In this case, the zone ca has a ragged bottom edge, containing bc.ca and sk.ca but not the other ca subdomains, as shown in Figure 2-11.

Figure 2-11. . . . versus the zone ca
figs/dns4_0211.gif

Now it's clear why name servers load zones instead of domains: a domain might contain more information than the name server needs.[6] A domain could contain data delegated to other name servers. Since a zone is bounded by delegation, it never includes delegated data.

[6] Imagine if a root name server loaded the root domain instead of the root zone: it would be loading the entire namespace!

If you're just starting out, however, your domain probably won't have any subdomains. In this case, since there's no delegation going on, your domain and your zone contain the same data .

2.4.1 Delegating Subdomains

Even though you may not need to delegate parts of your domain just yet, it's helpful to understand a little more about how the process of delegating a subdomain works. Delegation, in the abstract, involves assigning responsibility for some part of your domain to another organization. What really happens, however, is the assignment of authority for your subdomains to different name servers. (Note that we said "name servers," not just "name server.")

Your zone's data, instead of containing information in the subdomain you've delegated, includes pointers to the name servers that are authoritative for that subdomain. Now if one of your name servers is asked for data in the subdomain, it can reply with a list of the right name servers to talk to.

2.4.2 Types of Name Servers

The DNS specs define two types of name servers: primary masters and secondary masters. A primary master name server for a zone reads the data for the zone from a file on its host. A secondary master name server for a zone gets the zone data from another name server that is authoritative for the zone, called its master server. Quite often, the master name server is the zone's primary master, but that's not required: a secondary master can load zone data from another secondary. When a secondary starts up, it contacts its master server and, if necessary, pulls the zone data over. This is referred to as a zone transfer. Nowadays, the preferred term for a secondary master name server is a slave, though many people (and much software, including Microsoft's DNS Manager) still use the old term.

Both the primary master and slave name servers for a zone are authoritative for that zone. Despite the somewhat disparaging name, slaves aren't second-class name servers. DNS provides these two types of name servers to make administration easier. Once you've created the data for your zone and set up a primary master name server, you don't need to fool with copying that data from host to host to create new name servers for the zone. You simply set up slave name servers that load their data from the primary master for the zone. Once they're set up, the slaves transfer new zone data when necessary.

Slave name servers are important because it's a good idea to set up more than one name server for any given zone. You'll want more than one for redundancy, to spread the load around, and to ensure that all the hosts in the zone have a name server close by. Using slave name servers makes this administratively workable.

Calling a particular name server a primary master name server or a slave name server is a little imprecise, though. We mentioned earlier that a name server can be authoritative for more than one zone. Similarly, a name server can be a primary master for one zone and a slave for another. Most name servers, however, are either primary for most of the zones they load or slave for most of the zones they load. So if we call a particular name server a primary or a slave, we mean that it's the primary master or a slave for most of the zones it's authoritative for.

2.4.3 Zone Data Files

The files from which primary master name servers load their zone data are called, simply enough, zone data files. We often refer to them as data files or database files. Slave name servers can also load their zone data from data files. Slaves are usually configured to back up the zone data they transfer from a master name server to data files. If the slave is later killed and restarted, it will read the backup data files first, then check to see whether its zone data is current. This both obviates the need to transfer the zone data if it hasn't changed and provides a source of the data if the master is down.

The data files contain resource records that describe the zone. The resource records describe all the hosts in the zone and mark any delegation of subdomains. BIND also allows special directives to include the contents of other data files in a zone data file, much like the #include statement in C programming.


    I l@ve RuBoard Previous Section Next Section
    Linking to Www Google.Com. Host by Book Fire