50 %
50 %
Information about bind

Published on October 7, 2007

Author: Lucianna


DNS(BIND) Server Configuration:  DNS(BIND) Server Configuration By 林逸祥(Yi-Hsiang Lin) 2002/1/8 @CISCC OUTLINE:  OUTLINE Hardware requirements Named startup Configuration files Example Hardware requirements:  Hardware requirements BIND is a memory hog. New features of BIND9 also CPU intensive(most notably DNSSEC & IPv6) BIND 9 is multithreaded and can make full use of multiprocessor systems. Watch the size of named process to determine if a name server has enough memory PID USERNAME THR PRI NICE SIZE RES STATE TIME CPU COMMAND 17399 root 6 59 0 12M 12M sleep 17:21 0.30% named Named startup:  Named startup Started at boot time, runs continuously Use a command-line interface: ndc or rndc(BIND 9) ndc command which command can be start, stop, restart, reload, status Should be started before syslogd Do not use inetd to manage named Configuration files(1/2):  Configuration files(1/2) /etc/named.conf (in BIND 8 and 9) Comments: /* */ , // , # Each statement begins with a keyword An address match list can include: IP/IP with netmask/acl name/key/! E.g. { !;; }; { 140.113/16;; }; PS. “first match” algorithm Configuration files(2/2) Statement types in named.conf:  Configuration files(2/2) Statement types in named.conf The include statement:  The include statement include “path”; Put different portion of the configuration in separate files The path is relative Protect cryptographic keys not world-readable The options statement(1/4):  The options statement(1/4) options { option; option; … }; BIND 8 had 30 /BIND 9 has over 50 The options statement(2/4):  The options statement(2/4) version “string”; [real version of server] directory “path”; [where server started] notify yes | no; [yes] also-notify svrs_ips; [empty] recursion yes | no; [yes] allow-recursion { add_list }; [all hosts] The options statement(3/4):  The options statement(3/4) check-names { master|slave|response action} valid name letters, numbers, dashes, no longer than 64c per componect, total 256c default: master: fail-log and reject bad names slave: warn-log bad names, but continue processing response: ignore-do not checking transfer-format one-answer | many-answers; The options statement(4/4):  The options statement(4/4) listen-on port ip_port address_match_list; [53 all] query-source address ip_addr port ip_port; [random] forwarders { in_addr; in_addr; …}; [empty] forward only | first; [first] allow-query {address_match_list; }; allow-transfer {address_match_list;}; blackhole {address_match_list;} The acl statement:  The acl statement Acl acl_name { address_match_list }; Must be a top-level statement(one pass) Predefined lists: any, localnets, localhost, none The server statement:  The server statement server ip_addr { bogus yes | no; [no] provide-ixfr yes| no; [yes(V9 only)) request-ixfr yes| no; [yes(V9 only)] support-ixfr yes|no; [no(V8 only)] transfers number; [2(V9 only)] transfer-format one-answer|many-answers; [V8: one, V9: many] keys { key-id; key-id; … }; }; The logging statement:  The logging statement Logging { channel_def; channel_def; … category category_name { channel_name; channel_name; … }; “most configurable logging system on Earth” The zone statement:  The zone statement zone “domain_name” { type master|slave|stub|hint|forward; file “path”; allow-query {address_match_list; }; allow-transfer {address_match_list; }; allow-update {address_match_list; }; }; The key/trusted-keys statement:  The key/trusted-keys statement key key-id { algorithm string; secret string; };  for authentication with a particular server trusted-keys { domain flags protocol algorithm key; domain flags protocol algorithm key; … };  for DNSSEC security, specified in RFC2065. The controls statement:  The controls statement controls { inet ip_addr port port# allow { address_match_list|key…}; unix permission owner group; [0600 0 0] } Specifies how ndc controls a running named process The view statement:  The view statement view view-name { match-clients { address_match_list }; view_option; … zone_statement; … }; New feature of BIND 9 Split DNS

Add a comment

Related presentations

Related pages


Bing helps you turn information into action, making it faster and easier to go from searching to doing.
Read more

BIND – Wikipedia

BIND ist ein Open-Source-Programmpaket für die Namensauflösung im Domain Name System. Sein Name geht zurück auf den Berkeley Internet Name Domain Server ...
Read more

BIND | Internet Systems Consortium

BIND is open source software that implements the Domain Name System (DNS) protocols for the Internet. It is a reference implementation of those protocols ...
Read more

Bind - definition of bind by The Free Dictionary

bind (bīnd) v. bound (bound), bind·ing, binds 1. a. To tie or secure, as with a rope or cord. b. To hold or restrain by tying with rope or bonds ...
Read more | bind | Wörterbuch Englisch-Deutsch

Übersetzung für bind im Englisch-Deutsch-Wörterbuch
Read more

bindit | Das exklusive Designfotobuch empfohlen von Fotografen

Dein schönstes Abenteuer - Bind it! Dein erstes Mal Südafrika - Bind it! Deine Hochzeit - Bind it!
Read more Wörterbuch :: to bind :: Deutsch-Englisch-Übersetzung

Englisch-Deutsch-Übersetzung für to bind im Online-Wörterbuch (Deutschwörterbuch).
Read more

DNS-Server Bind › Wiki ›

BIND ist ein von der Universität Berkeley (USA) entwickelter DNS-Server, der eine hohe Verbreitung in mittleren bis großen Netzen findet. Er ist als Open ...
Read more

BIND - Wikipedia, the free encyclopedia

BIND / ˈ b aɪ n d /, or named / ˈ n eɪ m d iː /, is the most widely used Domain Name System (DNS) software on the Internet. On Unix-like operating ...
Read more

.bind() | jQuery API Documentation

Note: Although demonstrated in the next example, it is inadvisable to bind handlers to both the click and dblclick events for the same element.
Read more