DNS and BIND Other Resources from O’Reilly
Total Page:16
File Type:pdf, Size:1020Kb
DNS and BIND Other resources from O’Reilly Related titles DNS and BIND Cookbook™ DNS on Windows Server 2003 oreilly.com oreilly.com is more than a complete catalog of O’Reilly books. You’ll also find links to news, events, articles, weblogs, sample chapters, and code examples. oreillynet.com is the essential portal for developers interested in open and emerging technologies, including new platforms, pro- gramming languages, and operating systems. Conferences O’Reilly brings diverse innovators together to nurture the ideas that spark revolutionary industries. We specialize in document- ing the latest tools and systems, translating the innovator’s knowledge into useful skills for those in the trenches. Visit con- ferences.oreilly.com for our upcoming events. Safari Bookshelf (safari.oreilly.com) is the premier online refer- ence library for programmers and IT professionals. Conduct searches across more than 1,000 books. Subscribers can zero in on answers to time-critical questions in a matter of seconds. Read the books on your Bookshelf from cover to cover or sim- ply flip to the page you need. Try it today for free. FIFTH EDITION DNS and BIND Cricket Liu and Paul Albitz Beijing • Cambridge • Farnham • Köln • Sebastopol • Taipei • Tokyo DNS and BIND, Fifth Edition by Cricket Liu and Paul Albitz Copyright © 2006, 2001, 1998, 1997, 1992 O’Reilly Media, Inc. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (safari.oreilly.com). For more information, contact our corporate/institutional sales department: (800) 998-9938 or [email protected]. Editor: Mike Loukides Cover Designer: Edie Freedman Production Editor: Matt Hutchinson Interior Designer: David Futato Copyeditor: Mary Anne Weeks Mayo Cover Illustrator: Karen Montgomery Proofreader: Matt Hutchinson Illustrators: Robert Romano and Jessamyn Read Indexer: Ellen Troutman-Zaig Printing History: October 1992: First Edition. January 1997: Second Edition. September 1998: Third Edition. April 2001: Fourth Edition. May 2006: Fifth Edition. Nutshell Handbook, the Nutshell Handbook logo, and the O’Reilly logo are registered trademarks of O’Reilly Media, Inc. DNS and BIND, the image of grasshoppers, and related trade dress are trademarks of O’Reilly Media, Inc. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O’Reilly Media, Inc. was aware of a trademark claim, the designations have been printed in caps or initial caps. While every precaution has been taken in the preparation of this book, the publisher and authors assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein. This book uses RepKover™, a durable and flexible lay-flat binding. ISBN: 978-0-596-10057-5 [M] [7/09] Table of Contents Preface . xi 1. Background . 1 A (Very) Brief History of the Internet 1 On the Internet and Internets 2 The Domain Name System, in a Nutshell 4 The History of BIND 9 Must I Use DNS? 9 2. How Does DNS Work? . 11 The Domain Namespace 11 The Internet Domain Namespace 17 Delegation 21 Nameservers and Zones 22 Resolvers 26 Resolution 27 Caching 34 3. Where Do I Start? . 37 Getting BIND 37 Choosing a Domain Name 41 4. Setting Up BIND . 53 Our Zone 53 Setting Up Zone Data 54 Setting Up a BIND Configuration File 65 Abbreviations 68 Hostname Checking 71 v Tools 73 Running a Primary Nameserver 74 Running a Slave Nameserver 81 Adding More Zones 88 What’s Next? 88 5. DNS and Electronic Mail . 89 MX Records 90 Movie.edu’s Mail Server 92 What’s a Mail Exchanger, Again? 92 The MX Algorithm 94 DNS and Email Authentication 96 6. Configuring Hosts . 100 The Resolver 100 Resolver Configuration 101 Sample Resolver Configurations 112 Minimizing Pain and Suffering 114 Additional Configuration Files 119 The Windows XP Resolver 120 7. Maintaining BIND . 127 Controlling the Nameserver 127 Updating Zone Datafiles 136 Organizing Your Files 143 Changing System File Locations 147 Logging 148 Keeping Everything Running Smoothly 158 8. Growing Your Domain . 177 How Many Nameservers? 177 Adding More Nameservers 185 Registering Nameservers 189 Changing TTLs 192 Planning for Disasters 195 Coping with Disaster 198 vi | Table of Contents 9. Parenting . 201 When to Become a Parent 202 How Many Children? 202 What to Name Your Children 203 How to Become a Parent: Creating Subdomains 204 Subdomains of in-addr.arpa Domains 214 Good Parenting 220 Managing the Transition to Subdomains 223 The Life of a Parent 225 10. Advanced Features . 226 Address Match Lists and ACLs 226 DNS Dynamic Update 228 DNS NOTIFY (Zone Change Notification) 235 Incremental Zone Transfer (IXFR) 240 Forwarding 244 Views 247 Round-Robin Load Distribution 250 Nameserver Address Sorting 253 Preferring Nameservers on Certain Networks 255 A Nonrecursive Nameserver 256 Avoiding a Bogus Nameserver 257 System Tuning 258 Compatibility 267 The ABCs of IPv6 Addressing 268 Addresses and Ports 270 11. Security . 282 TSIG 283 Securing Your Nameserver 287 DNS and Internet Firewalls 300 The DNS Security Extensions 322 12. nslookup and dig . 349 Is nslookup a Good Tool? 349 Interactive Versus Noninteractive 351 Option Settings 352 Avoiding the Search List 355 Common Tasks 355 Table of Contents | vii Less Common Tasks 358 Troubleshooting nslookup Problems 366 Best of the Net 370 Using dig 371 13. Reading BIND Debugging Output . 376 Debugging Levels 376 Turning On Debugging 379 Reading Debugging Output 380 The Resolver Search Algorithm and Negative Caching (BIND 8) 393 The Resolver Search Algorithm and Negative Caching (BIND 9) 394 Tools 395 14. Troubleshooting DNS and BIND . 396 Is NIS Really Your Problem? 396 Troubleshooting Tools and Techniques 397 Potential Problem List 409 Transition Problems 426 Interoperability and Version Problems 427 TSIG Errors 431 Problem Symptoms 432 15. Programming with the Resolver and Nameserver Library Routines . 438 Shell Script Programming with nslookup 438 C Programming with the Resolver Library Routines 445 Perl Programming with Net::DNS 470 16. Architecture . 474 External, Authoritative DNS Infrastructure 474 Forwarder Infrastructure 478 Internal DNS Infrastructure 480 Operations 481 Keeping Up with DNS and BIND 482 viii | Table of Contents 17. Miscellaneous . 483 Using CNAME Records 483 Wildcards 488 A Limitation of MX Records 489 Dial-up Connections 489 Network Names and Numbers 494 Additional Resource Records 496 ENUM 501 Internationalized Domain Names 504 DNS and WINS 506 DNS, Windows, and Active Directory 508 A. DNS Message Format and Resource Records . 517 B. BIND Compatibility Matrix . 537 C. Compiling and Installing BIND on Linux . 538 D. Top-Level Domains . 543 E. BIND Nameserver and Resolver Configuration . 548 Index . 589 Table of Contents | ix Preface1 You may not know much about the Domain Name System—yet—but whenever you use the Internet, you use DNS. Every time you send electronic mail or surf the World Wide Web, you rely on the Domain Name System. You see, while you, as a human being, prefer to remember the names of computers, computers like to address each other by number. On an internet, that number is 32 bits long, or between 0 and 4 billion or so.* That’s easy for a computer to remember because computers have lots of memory ideal for storing numbers, but it isn’t nearly as easy for us humans. Pick 10 phone numbers out of the phone book at random and then try to remember them. Not easy? Now flip to the front of the phone book and attach random area codes to the phone numbers. That’s about how difficult it would be to remember 10 arbitrary internet addresses. This is part of the reason we need the Domain Name System. DNS handles mapping between hostnames, which we humans find convenient, and internet addresses, which computers deal with. In fact, DNS is the standard mechanism on the Internet for advertising and accessing all kinds of information about hosts, not just addresses. And DNS is used by virtually all internetworking software, including electronic mail, remote terminal programs such as ssh, file transfer programs such as ftp, and web browsers such as Microsoft’s Internet Explorer. Another important feature of DNS is that it makes host information available all over the Internet. Keeping information about hosts in a formatted file on a single com- puter only helps users on that computer. DNS provides a means of retrieving infor- mation remotely from anywhere on the network. More than that, DNS lets you distribute the management of host information among many sites and organizations. You don’t need to submit your data to some central site or periodically retrieve copies of the “master” database. You simply make sure * And, with IP version 6, it’s a whopping 128 bits long, or between 0 and a 39-digit decimal number. xi This is the Title of the Book, eMatter Edition Copyright © 2009 O’Reilly & Associates, Inc. All rights reserved. your section, called a zone, is up to date on your nameservers. Your nameservers make your zone’s data available to all the other nameservers on the network. Because the database is distributed, the system also needs to be able to locate the data you’re looking for by searching a number of possible locations. The Domain Name System gives nameservers the intelligence to navigate through the database and find data in any zone. Of course, DNS does have a few problems. For example, the system allows more than one nameserver to store data about a zone, for redundancy’s sake, but inconsis- tencies can crop up between copies of the zone data.