bind

Information about bind

Published on October 7, 2007

Author: Lucianna

Source: authorstream.com

Content

DNS(BIND) Server Configuration:  DNS(BIND) Server Configuration By 林逸祥(Yi-Hsiang Lin) 2002/1/8 @CISCC OUTLINE:  OUTLINE Hardware requirements Named startup Configuration files Example Hardware requirements:  Hardware requirements BIND is a memory hog. New features of BIND9 also CPU intensive(most notably DNSSEC & IPv6) BIND 9 is multithreaded and can make full use of multiprocessor systems. Watch the size of named process to determine if a name server has enough memory PID USERNAME THR PRI NICE SIZE RES STATE TIME CPU COMMAND 17399 root 6 59 0 12M 12M sleep 17:21 0.30% named Named startup:  Named startup Started at boot time, runs continuously Use a command-line interface: ndc or rndc(BIND 9) ndc command which command can be start, stop, restart, reload, status Should be started before syslogd Do not use inetd to manage named Configuration files(1/2):  Configuration files(1/2) /etc/named.conf (in BIND 8 and 9) Comments: /* */ , // , # Each statement begins with a keyword An address match list can include: IP/IP with netmask/acl name/key/! E.g. { ! 1.2.3.13; 1.2.3.24; }; { 140.113/16; 127.0.0.1; }; PS. “first match” algorithm Configuration files(2/2) Statement types in named.conf:  Configuration files(2/2) Statement types in named.conf The include statement:  The include statement include “path”; Put different portion of the configuration in separate files The path is relative Protect cryptographic keys not world-readable The options statement(1/4):  The options statement(1/4) options { option; option; … }; BIND 8 had 30 /BIND 9 has over 50 The options statement(2/4):  The options statement(2/4) version “string”; [real version of server] directory “path”; [where server started] notify yes | no; [yes] also-notify svrs_ips; [empty] recursion yes | no; [yes] allow-recursion { add_list }; [all hosts] The options statement(3/4):  The options statement(3/4) check-names { master|slave|response action} valid name letters, numbers, dashes, no longer than 64c per componect, total 256c default: master: fail-log and reject bad names slave: warn-log bad names, but continue processing response: ignore-do not checking transfer-format one-answer | many-answers; The options statement(4/4):  The options statement(4/4) listen-on port ip_port address_match_list; [53 all] query-source address ip_addr port ip_port; [random] forwarders { in_addr; in_addr; …}; [empty] forward only | first; [first] allow-query {address_match_list; }; allow-transfer {address_match_list;}; blackhole {address_match_list;} The acl statement:  The acl statement Acl acl_name { address_match_list }; Must be a top-level statement(one pass) Predefined lists: any, localnets, localhost, none The server statement:  The server statement server ip_addr { bogus yes | no; [no] provide-ixfr yes| no; [yes(V9 only)) request-ixfr yes| no; [yes(V9 only)] support-ixfr yes|no; [no(V8 only)] transfers number; [2(V9 only)] transfer-format one-answer|many-answers; [V8: one, V9: many] keys { key-id; key-id; … }; }; The logging statement:  The logging statement Logging { channel_def; channel_def; … category category_name { channel_name; channel_name; … }; “most configurable logging system on Earth” The zone statement:  The zone statement zone “domain_name” { type master|slave|stub|hint|forward; file “path”; allow-query {address_match_list; }; allow-transfer {address_match_list; }; allow-update {address_match_list; }; }; The key/trusted-keys statement:  The key/trusted-keys statement key key-id { algorithm string; secret string; };  for authentication with a particular server trusted-keys { domain flags protocol algorithm key; domain flags protocol algorithm key; … };  for DNSSEC security, specified in RFC2065. The controls statement:  The controls statement controls { inet ip_addr port port# allow { address_match_list|key…}; unix permission owner group; [0600 0 0] } Specifies how ndc controls a running named process The view statement:  The view statement view view-name { match-clients { address_match_list }; view_option; … zone_statement; … }; New feature of BIND 9 Split DNS

Related presentations


Other presentations created by Lucianna

Nutritional Care of Burns
04. 01. 2008
0 views

Nutritional Care of Burns

spine2 no background
08. 05. 2008
0 views

spine2 no background

banking
14. 04. 2008
0 views

banking

emerging security threats
29. 09. 2007
0 views

emerging security threats

Thunderstorms
03. 10. 2007
0 views

Thunderstorms

i2 traffic shaping
03. 10. 2007
0 views

i2 traffic shaping

prefix delegation requirement1
09. 10. 2007
0 views

prefix delegation requirement1

dipo
12. 10. 2007
0 views

dipo

Living Things
12. 10. 2007
0 views

Living Things

wnv062904
21. 10. 2007
0 views

wnv062904

latinoamerica
22. 10. 2007
0 views

latinoamerica

Rachinsky
11. 10. 2007
0 views

Rachinsky

Slide presentazione
24. 10. 2007
0 views

Slide presentazione

feynman
16. 10. 2007
0 views

feynman

gt bot
13. 10. 2007
0 views

gt bot

fr summit marginson 230306
30. 10. 2007
0 views

fr summit marginson 230306

Accelerators CZ
15. 11. 2007
0 views

Accelerators CZ

Les Animaux du Zoo
11. 10. 2007
0 views

Les Animaux du Zoo

Rapport Nationale MAROC
23. 10. 2007
0 views

Rapport Nationale MAROC

Grammar essentials
16. 11. 2007
0 views

Grammar essentials

sponge
20. 11. 2007
0 views

sponge

Crans Montana 03 nieuw
15. 10. 2007
0 views

Crans Montana 03 nieuw

Workshop
02. 11. 2007
0 views

Workshop

NSF 12 6 2001
31. 12. 2007
0 views

NSF 12 6 2001

Class8
07. 01. 2008
0 views

Class8

toc wkshp nov03
18. 10. 2007
0 views

toc wkshp nov03

VCT Morocco
24. 10. 2007
0 views

VCT Morocco

NACADA Combined Workshop 11 04
29. 09. 2007
0 views

NACADA Combined Workshop 11 04

sky
13. 11. 2007
0 views

sky

file Kigali Strengthening Local
07. 01. 2008
0 views

file Kigali Strengthening Local

10638221831Maroc MinInt French
23. 10. 2007
0 views

10638221831Maroc MinInt French

ub geographicimagery051 001
27. 09. 2007
0 views

ub geographicimagery051 001

Presentación RR EXPORTA def
23. 10. 2007
0 views

Presentación RR EXPORTA def

prosper
28. 12. 2007
0 views

prosper

HPCN summary 7 5 2007
17. 10. 2007
0 views

HPCN summary 7 5 2007

ammosov
12. 10. 2007
0 views

ammosov

A NEW ENGLISH COURSE Book 3
20. 02. 2008
0 views

A NEW ENGLISH COURSE Book 3

Food Bank of New Jersey
29. 02. 2008
0 views

Food Bank of New Jersey

lewis
19. 10. 2007
0 views

lewis

XC Safety and mentor
03. 04. 2008
0 views

XC Safety and mentor

NA3
07. 04. 2008
0 views

NA3

Civitas Plus2006
18. 03. 2008
0 views

Civitas Plus2006

Ch14 7e
10. 04. 2008
0 views

Ch14 7e

Team2
11. 04. 2008
0 views

Team2

fmla
04. 10. 2007
0 views

fmla

retailcompetition
17. 04. 2008
0 views

retailcompetition

Using ILS
22. 04. 2008
0 views

Using ILS

shaw
16. 03. 2008
0 views

shaw

CSI Presentation 2007
19. 02. 2008
0 views

CSI Presentation 2007

NIST TDT2004
07. 05. 2008
0 views

NIST TDT2004

chapter3v2
15. 10. 2007
0 views

chapter3v2

MEDOPSBOOKFEB01
02. 05. 2008
0 views

MEDOPSBOOKFEB01

BostwPres
02. 05. 2008
0 views

BostwPres

555 Spanish
02. 05. 2008
0 views

555 Spanish

hexapod Shirke
02. 05. 2008
0 views

hexapod Shirke

Lung Expansion 1
02. 05. 2008
0 views

Lung Expansion 1

Aaron
02. 05. 2008
0 views

Aaron

CMI slides Feb05
01. 11. 2007
0 views

CMI slides Feb05

SAP1012
10. 03. 2008
0 views

SAP1012

lesson 4
15. 10. 2007
0 views

lesson 4

2006 APHA
05. 10. 2007
0 views

2006 APHA

probir
30. 03. 2008
0 views

probir

Rauf Presentation NEW
18. 10. 2007
0 views

Rauf Presentation NEW

IAJAPAN
09. 10. 2007
0 views

IAJAPAN

Mr Daisuke Matsunaga
09. 10. 2007
0 views

Mr Daisuke Matsunaga

3 KukaGLBThealthissues
29. 10. 2007
0 views

3 KukaGLBThealthissues

Bernard ANSELMETTI
24. 10. 2007
0 views

Bernard ANSELMETTI

NBII Newark 10 02
21. 10. 2007
0 views

NBII Newark 10 02

MarketingWorkshop 4 22 05rev1
24. 10. 2007
0 views

MarketingWorkshop 4 22 05rev1

FEESTDAGEN
06. 11. 2007
0 views

FEESTDAGEN

trainplanesandautomo biles
13. 03. 2008
0 views

trainplanesandautomo biles

NWA June00
05. 10. 2007
0 views

NWA June00

Panama 2004 Reporte
25. 10. 2007
0 views

Panama 2004 Reporte

SAKURA Yamamoto
25. 03. 2008
0 views

SAKURA Yamamoto

tiner presentation
04. 01. 2008
0 views

tiner presentation

aseancjp
09. 10. 2007
0 views

aseancjp

schools talk
29. 10. 2007
0 views

schools talk

BethkeA
02. 10. 2007
0 views

BethkeA

DeVidtsPresentation
11. 10. 2007
0 views

DeVidtsPresentation

Zhu Zhiyong
16. 10. 2007
0 views

Zhu Zhiyong

pres1 1
22. 10. 2007
0 views

pres1 1

AESC 2005 VERMONT Result
02. 11. 2007
0 views

AESC 2005 VERMONT Result