Author: Liuying Bo
Time: 2003-6-6 mail: liuyingbo@126.com, please correct
Reprint, please indicate the source and the author
maintain
RNDC and Controls (Note: NDC for bind8)
CONTROLS {
inet * allow {any;} key {"rNDC-key";
}
// This determines what encrypting key for RDC users to verify identity
The key specified in the key spectrum must be defined in a KEY statement:
Key "rndc-key" {algorithm HMAC-MD5;
SECRET "ZM9VCG ==";
}
The corresponding configuration file is the rndc.conf file
Maintenance zone data file
Add and delete the host: update the serial number in the db.domain file; add a, cname, mx record; update the serial number in the db.addr file; add a PTR record; reload the master name server
There are two types of resource records: TXT (General Text Information), RP (Head)
Keep the root clue is the latest
Dig @ a.root-servers.net. ns> db.cache
Organizational Data File: $ TTL, $ Origin (Starting point), $ INCLUDE three control statements
Safety
Protect DNS messages
TSIG Transaction Signature (Transaction Sigaature)
Create a key via a DNSSEC-KEYGEN program
Protect the name server
Dividing the name server into two parts: Some of the service parser, another part answering the query of other name servers
A.Bind version
Options {
Version "None of Your Business";
}; // actually leaked Bind is a version of 8.2 or more
b. Restriction query: allow-query clause
Limited all queries:
Options {
ALLOW-Query {address_match_list;
}
Limited query on a particular area:
ACL "YNCNC-Net" {15/8;
Zone "YNCNC.COM" {
Tupe slave;
File "bak.yncnc.com";
MASTER {221.3.131.4;
Allow-query {"yncnc -net";
}
c. Prevent unauthorized zones from transfer: Allow-Transfer clause
Zone "YNCNC.NET" {
Tupe master;
File "db.yncnc.net";
Allow-Transfer {221.3.131.5; 221.3.131.6;
// Allow these several auxiliary domain name servers to transmit data from the main domain server to the YNCNC.NET area
}
DNS automatic start
Run NTSYSV, select Named, Tab to OK, Enter is
Attached to: Bind related tools
DIG
DIG Query the DNS server.
Host
Host is a DNS lookup tool.
RNDC
RNDC controls the operation of BIND.
RNDC-Confgen
RNDC-Confgen generates rndc.conf file
Named-checkconf
Named-checkconf Check the syntax of the named.conf file.
Named-checkzone
Named-checkzone checks the legality of the area file.
lwresd
LWRESD is only a cached name server provided for the local process.
Named
Named is the name server daemon.
DNSSec-Signzone
DNSSec-Signzone generates zone files with a signature.
DNSSEC-SIGNKEY
DNSSec-signkey generates a signature for the zone file key.
DNSSEC-KEYGEN
DNSSEC-KEYGEN is a DNS key generator. DNSSec-makeKeyset
DNSSec-makeKeySet creates a key set by one or more key generated by DNSSec-Keygen.
NSUPDATE
NSUPDATE is used to submit DNS update requests.
