Miscellaneous

Previous page
Table of content
Next page

Bind 4 has some additional features. The following sections describe them.

Debugging

Starting named with the -d command-line option or running ndc debug turns on debugging output. If you don't have ndc, sending SIGUSR1 to increment the debug level also accomplishes this. By default, this is written to /usr/tmp/named.run. This in addition to, or in place of, query logging can help you figure out whether someone is sending you bogus information or bombarding you with queries, slowing down your system. However, using just query logging might be sufficient. Sending SIGUSR2 disables debugging.

Sending SIGINT to named is analogous to the ndc dumpdb command. It dumps the entire database and cache contents to a file, probably called /var/tmp/named_dump.db. This file then enables you to examine whether the zone data was loaded correctly and whether anything odd is in the cache .

Reloading Zones

If you don't have the ndc program, you can cause a named.boot and zone reload by sending named a SIGHUP. This also forces SOA queries, for serial number comparison, to the master servers. Any updated slave zones are also updated by force when SIGHUP is sent .

Zone Access Lists

BIND 4 has a feature called secure_zone, which lets you define an ACL for a zone. Although secure_zone is implemented by embedding secure_zone records in the zone file, they are in fact not RRs and are not transferred in a zone transfer. So, even if you have secure_zone set up on a master server, none of the slaves will have the necessary information. Additionally, BIND implements no way to distribute them. If you need slave servers and secure_zone to secure the zone(s), you must find some way to distribute them other than traditional zone transfer. The BOG suggests that secure_zone is useful for Hesiod (zone class HS) password zones to restrict the availability of passwords outside local networks. But, secure_zone is perhaps best forgotten. This example is from the BOG :

 secure_zone   HS      TXT     "130.215.0.0:255.255.0.0" secure_zone   HS      TXT     "128.23.10.56:H"

Similar to xfrnets, BIND knows which class the given network addresses are, and if no subnet mask is given, the class mask is used. In the first line of the previous example, a subnet mask is given. The second line specifies a lone host.

BIND 8 has ACLs for this. ACLs are not transferred by zone transfer either but at least they are not removed by zone transfers. They stay put in the named.conf file .

Previous page
Table of content
Next page
The Concise Guide to DNS and BIND
The Concise Guide to DNS and BIND
ISBN: 0789722739
EAN: 2147483647
Year: 1999
Pages: 183
Authors: Nicolai Langfeldt
BUY ON AMAZON
Java I/O
Strategies for Information Technology Governance
Documenting Software Architectures: Views and Beyond
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
.NET-A Complete Development Cycle
VBScript in a Nutshell, 2nd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy