Journey Yesterday's DNS and Bind Learning Notes 2!
It is a bit boring today, I want to sleep. But still come over, it's not easy, huh, huh!
8. Resolv.conf file UNIX system has such a file, and if you want to use DNS, you must set this file. (Of course, you might modify /tc/nsswitch.conf on some systems, telling it to use DNS instead of NIS. The specific location is: /etc/resolv.conf, its format is: Search Domain Nameserver IP address mainly said The "Search Domain Name" is used in the old version of Bind. It lists the domain names written later if a host name is incomplete. As I join in the file. "Search COM." So restarting NetWork, just need SSH China, just equal to SSH china.com, and Nameserver can only list three, and must be a recursive server.
9. Bind server configuration BIND is very consumed. Its database is kept in memory, so with the operation of the NAMED process, the cache will gradually increase. However, Bind9 supports multi-threaded and makes full use of multiprocessor systems, as well as controlling the configuration options used by the NAMED resource. The new version of Bind starts, stops using new commands: NDC Start | Stop | Restart | Status. Instead of previous Init.D scripts. Profile: named.conf Each statement ends in a semicolon. The format is very important to a space or less a semicolon will make you depressed for 1 hour: (, each statement begins with a keyword with a marked statement type. How to specify the global option, there are about 30 options in bind8, 9 The option is more than 50. It is often used here. The format is as follows: options {option; option; ...}; version "string"; [Real version number] # of the [server "can hide Directory" Path "; [Launch Server Directory] # You can let the Named program CD into this directory (absolute path). It is recommended to put all configuration files related to bind (except Named.conf and Resolv.conf) / var. In the subdirectory. For example / var / namedNotify Yes | NO; [YES] # If set to yes, and named is a primary server of one or more zones, then each time the area database changes, the corresponding area will be automatically notified from Server.Recursion Yes | NO; [YES] # Specify whether NAMED represents a client to query other named servers. Allow-recursion {address_match_list}; [All Host] # can set to the above option to allow recursive, but External query prohibits recursive allow-query {address_match_list}; [All Host] # Specify which hosts (or networks) can query this name server. Allow-Transfer {address_match_listh}; [All Host] # Specify which hosts (or network) can be specified The block transmission of the request area data. BLACKHOLE {address_match_list}; [empty] # indicates server that you don't want to communicate with it. Named will not accept queries from these servers, and will not ask them questions.
ACL statement: It must be a top statement in Named.conf. ACL ACL_NAME {address_match_list}; where there are 4 lists are pre-defined: Any, LocalNets, LocalHost, Nonezone statement: Is the core statement in Named.conf. Will tell NAMED that it has an authoritative area. And set the appropriate option to manage each zone. The ZONE statement format is different depending on the role that Named is in the (primary server, from the server). 1. Configure a region's primary server zone "domain_name" {type master; file "path"; allow-query {address_match_list}; [all] allow-transfert {address_match_list}; [all] allow-update {address_match_list}; ] Ixfr-base "pat"; [domain_name.ixfr (version 8 only)]};
2. Configure a zone from the server: Under normal circumstances, a complete copy of the area database will retain the area database. However, if the server's type is set to stub, not Slave, only the NS record will be transmitted. ZONE "domain_name" {type slave | stub; file "path"; ixfr-base "path"; [only version 8] mAns {ip_addr; ip_addr; ...}; [no default] allow-query {address_match_list}; [All] Allow-Transfer {Address_Match_List}; [All]};
3. Set a forwarding area: If your organization and other organizations or companies have strategic partnerships, and I hope to bypass the standard query path, directly gather traffic to the company's name server, you can use the Forward area, you can Use this arrangement to access the name server that is invisible to the outside world. Zone "domain_name" {type forward; forward only | first; forwarders {ip_addr; ip_addr; ...};
