荔园在线
荔园之美,在春之萌芽,在夏之绽放,在秋之收获,在冬之沉淀
[回到开始]
[上一篇][下一篇]
发信人: Lg (创造人生的传奇), 信区: Linux
标 题: DNS Tricks and Tips(转寄)
发信站: BBS 荔园晨风站 (Fri Jan 15 23:37:02 1999), 站内信件
【 以下文字转载自 Lg 的信箱 】
【 原文由 liugang.bbs@bbs.net.tsinghua.edu.cn 所发表 】
发信人: reden (鱼 ~ 梦娜丽莎的微笑 流星的故事), 信区: Linux
标 题: DNS Tricks and Tips(转寄)
发信站: BBS 水木清华站 (Wed Nov 25 01:51:41 1998)
DNS Tricks and Tips
Here are some common tricks and some tips for common problems.
Generating cache file with dig
Recovering from an SOA typo
Ultrix needs primaries in host file
SLIP and BIND
What is a Lame Delegation?
Terminology: domain, zone, label
CNAMEs as RR targets
Local dummy zones
Legal characters in hostnames
Checking if a domain is registered already
Setting up a resolver
Given a choice of servers, which one is queried?
Transferring zones from a server running Microsoft NT Server 4.0
Generating cache file with dig
From Paul A Vixie <paul@vix.com> and Ruediger Volk <rv@zeus.NIC.DTAG.DE>
Anyone with DiG installed (which includes anyone running BIND 4.9 or better)
can generate a new cache file by typing
% dig @a.root-servers.net. . ns >root.cache
Check this file by hand before installing it, of course.
Recovering from an SOA typo
From Steve Hubert <hubert@cac.washington.edu>
It's only hard to recover from a typo if you're running an old BIND. If your
secondaries are 4.9 or later, then you should
just need two serial number changes to get back in sync:
Let all the secondaries catch up to your typo serial number.
Reset it to (2^31 - a little bit) more than the typo and wait for all the
secondaries to catch up again. You may have
to wrap the serial number back to zero in this or the next step.
Set it to the correct value and wait for all the secondaries to catch up.
Also refer to RFC 1982.
Ultrix needs primaries in host file
From William Gianopoulos <wag@swl.msd.ray.com>
With the stock Ultrix 4.3 name server (and possibly other releases), all
primary nameservers must be in the /etc/hosts file.
Look out for the indicative "address of primary server not in local db:"
message in the logs.
SLIP and DNS
Based on a message from Cricket Liu <cricket@hp.com>
Cricket Liu recommends not running a name server at the site that connects via
SLIP, but instead pointing the resolver at
a single name server on the upstream side of the SLIP link. If the SLIP link
isn't up, the resolver doesn't have a route to
the server, and since there's only one name server in resolv.conf, the resolver
quickly backs off to using /etc/hosts. This
assumes a reasonable resolver, of course.
What is a Lame Delegation?
From Bryan Beecher <Bryan.Beecher@umich.edu>
A lame delegation is an instance when a nameserver has been listed as
authoritative for a domain, but does not seem to
be performing authoritative service for that domain. That is, the nameserver
appears to be answering out of its cache
instead of out of its data. Note that even a server which is performing
secondary service for a domain is still an
authoritative server, and should be returning authoritative data.
Terminology: domain, zone, label
Based on a message from Paul Mockapetris <pvm@ISI.EDU>
A domain is a complete subtree. In the DNS tree, a domain is everything
under a particular point in the tree.
Domains relate to the naming structure itself, not the way things are
distributed.
A zone is a pruned domain. Pruning occurs when zones are delegated. Zones
relate to the way the database is
partitioned and distributed.
A label is one component of a domain name. Labels need only be unique at
a particular point in the tree, not in a
zone: it is acceptable to have both NAME.dom.ain and NAME.sub.dom.ain
both in the zone dom.ain.
CNAMEs as RR targets
From RFC 1034, Domain Concepts and Facilities
Section 3.6.2, `Aliases and canonical names':
Domain names in RRs which point at another name should always point at the
primary name and not the alias. In other
words, the names which are on the right hand side of a resource record (RR
targets) should not be on the left hand side
of a CNAME resource record. Depending on how smart the resolver software is
CNAME targets may work fine, but
depending on correct behaviour in resolvers all around the world is guaranteed
to fail somewhere.
Local dummy zones
Based on a message from Dave Barr <barr@math.psu.edu>
To stop the DNS from doing a lookup when the request is to localhost, run a
local caching-only nameserver which is set
up to be a primary for "localhost" as well as "127.in-addr.arpa" and include
the necessary DNS data in those zones to
resolve the respective names/addresses. Then point your /etc/resolv.conf to
your local machine. To be extra safe from
DNS corruption set the server up as a primary for "255.in-addr.arpa" and
"0.in-addr.arpa" also.
Legal characters in hostnames
Domain names can contain almost any characters. However, host names and mail
domain names have restrictions which
only allow the use of characters `a-z', `A-Z', `0-9', and `-' (dash or minus
sign). The `/' and `_' (divide or slash and
underscore) characters are not legal. Note that hostnames include the owners of
A and MX records and .in-addr.arpa
PTR records, and the data fields of MX and .in-addr.arpa PTR records: in other
words, almost all currently used DNS
entries! The current releases of the BIND name server software enforce these
restrictions. 20-Nov-1997, 10-Apr-1996
Checking if a domain is registered already
Based on a question by Plato <gking@GroupZ.net>
To check if a domain has been registered, there are a couple of approaches.
Brute force search of DNS zone file
If the relevant zone file corresponding to the domain can be obtained,
standard text searching tools can be used to
check the file for the domain or variants. This procedure is flexible and
quick once the file has been obtained since
it is performed off line. The zones ARPA, COM, EDU, GOV, INADDR.ARPA, MIL,
NET, and ORG are available at
the InterNIC. Other zones may be available via ftp, but will usually need
to be downloaded using the zone transfer
mechanism of DNS. If a server is configured to disallow zone transfers,
it may not be possible to easily obtain a
copy of the zone file.
WHOIS lookups
If the domain being sought is in one of the InterNIC maintained zones,
information about the domain will be stored
in the InterNIC WHOIS database. A standard whois client can be used to
query this database, currently located at
rs.internic.net. In the absence of a client, rs.internic.net also offers
telnet access to the database. For some
domains, information is kept in WHOIS-like services like RWHOIS or in
domain-specific WHOIS registries.
Checking the DNS
Using DNS query tools like dig or nslookup with query types NS, MX or A,
information about the existence of a
domain name can be obtained. This is the most general method, although it
requires an exact guess to be made
both of the type of records associated with the domain name and the name
itself. Using a query type ANY can
sometimes be effective, but can also result in misleading answers.
Setting up a resolver
Based on a question by Aidan N.R. Low <aidan@MIT.EDU>
Setting up the client side of DNS depends on the operating environment of the
client. For a Unix machine, the resolver is
configured through a text file, usually /etc/resolv.conf which commonly
contains the IP address of the name server or
servers which will be used to do the actual work. An adequate resolv.conf file
contains just the one line
nameserver x.y.z.w
where x.y.z.w is the IP address of a suitable name server. Often this will be a
server provided by the Internet service
provider. It is a bad idea to point resolvers to name servers controlled by
organisations with which there is no
organisational relationship: the name server could be configured to return
bogus information, especially if permission was
not sought first for using the server.
For PC type resolvers there is usually a network configuration option which
specifies the same information as resolv.conf.
Each network stack tends to have its own set of configuration information.
However, on MacOS, there are moves towards
central network configuration.
For SunOS 4.x, the resolver is by default not set up to use DNS. The standard
operating procedure to get SunOS to use
DNS is in the comp.sys.sun FAQ, last I looked these were questions 1 and 2. In
short,
add the DNS trapdoor to NIS, or
rebuild libc.a using resolv+ or the BIND 4.9.3 resolver routines.
Of these, the BIND 4.9.3 option is recommended.
Solaris 2.x is also not set up to use DNS by default. In the file
/etc/nsswitch.conf there is a line
hosts: files
which needs to be changed to
hosts: files dns
for the machine to use DNS.
Given a choice of servers, which one is queried?
Based on a question by Mark A. Dohm <mark.dohm@teldta.com> and answer by Paul A
Vixie <paul@vix.com>
Every recursive BIND name server (that is, one which is willing to go out and
find something if asked something it doesn't
know) will remember the measured round trip time (RTT) to each server it sends
queries to. If it has a choice of several
servers for some domain (like "." for example) it will use the one whose
measured RTT is lowest.
Since the measured RTT of all NS RRs starts at zero (0), every one is tried
once. Once all have responded, all RTT's will
be nonzero, and the "fastest server" will get all queries henceforth, until it
slows down for some reason.
To promote dispersion and good recordkeeping, BIND will penalize the RTT by a
little bit each time a server is reused,
and it will penalize the RTT a _lot_ if it ever has to retransmit a query. For
a server to stay "#1", it has to keep on
answering quickly and consistently.
Note that this is something BIND does that the DNS Specification does not
mention at all. So other servers, those not
based on BIND, might behave very differently.
Transferring zones from a server running Microsoft NT Server 4.0
Based on an answer by Stuart Kwan <skwan@microsoft.com>
If Microsoft's DNS server is integrated with WINS, it needs to be explicitly
configured to interoperate with non-Microsoft
name servers. Microsoft represents WINS information in the DNS using a
nonstandard resource record type. This can
cause a name server to fail when attempting a zone transfer from a Microsoft
server. Older BIND servers may actually
terminate when receiving such resource records in a zone transfer.
To correct the problem, ensure that the option "Zone Properties -> WINS Lookup
-> Settings only affect local server" is
set for each such zone on the Microsoft server.
andras@is.co.za / The Internet Solution
--
白马带著她一步步的回到中原。白马已经老了,只能慢慢的走,
但终是能回到中原的。江南有杨柳、桃花,有燕子、金鱼……
汉人中有的是英俊勇武的少年,倜傥潇洒的少年……但这个美
丽的姑娘就像古高昌国人那样固执:
「那都是很好很好的,可是我偏不喜欢。」
※ 来源:·BBS 水木清华站 bbs.net.tsinghua.edu.cn·[FROM: 159.226.21.172]
--
※ 转载:.BBS 荔园晨风站 bbs.szu.edu.cn.[FROM: 210.39.0.80]
[回到开始]
[上一篇][下一篇]
荔园在线首页 友情链接:深圳大学 深大招生 荔园晨风BBS S-Term软件 网络书店