DNS and BIND 5th Edition_6

Tham khảo tài liệu dns and bind 5th edition_6, công nghệ thông tin, hệ điều hành phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả
Nội dung trích xuất từ tài liệu:
DNS and BIND 5th Edition_6 DNS & BIND Chapter 8 Growing Your Domain8.6 Coping with DisasterWhen disaster strikes, it really helps to know what to do. Knowing to duck under a sturdy table or deskduring an earthquake can save you from being pinned under a toppling monitor. Knowing how to turn offyour gas can save your house from conflagration.Likewise, knowing what to do in a network disaster (or even just a minor mishap) can help you keep yournetwork running. Living out in California, as we do, we have some experience and some suggestions.8.6.1 Short Outages (Hours)If your network is cut off from the outside world (whether the outside world is the rest of the Internet or therest of your company), your name servers may start to have trouble resolving names. For example, if yourdomain, corp.acme.com, is cut off from the rest of the Acme Internet, you may not have access to your parent(acme.com) name servers, or to the root name servers.Youd think this wouldnt impact communication between hosts in your local domain, but it can. For example,if you type: % telnet selma.corp.acme.comon a host running an older version of the resolver, the first domain name the resolver looks up will beselma.corp.acme.com.corp.acme.com (assuming your host is using the default search list − remember thisfrom Chapter 6). The local domain name server, if its authoritative for corp.acme.com, can tell thats not akosher domain name. The following lookup, however, is for selma.corp.acme.com.acme.com. Thisprospective domain name is no longer in the corp.acme.com domain, so the query is sent to theacme.com name servers. Or rather your local name server tries to send the query there, and keepsretransmitting until it times out.You can avoid this problem by making sure the first domain name the resolver looks up is the right one.Instead of typing: % telnet selma.corp.acme.comtyping: % telnet selmaor: % telnet selma.corp.acme.com. 266 DNS & BIND(note the trailing dot) will result in a lookup of selma.corp.acme.com first.Note that BIND 4.9 and later resolvers dont have this problem, at least not by default. 4.9 and newerresolvers check the domain name as is first, as long as the name has more than one dot in it. So, if you tried: % telnet selma.corp.acme.comeven without the trailing dot, the first name looked up would be selma.corp.acme.com.If you are stuck running a 4.8.3 BIND or older resolver, you can avoid querying off−site name servers bytaking advantage of the definable search list. You can use the search directive to define a search list thatdoesnt include your parent zones domain name. For example, to work around the problem corp.acme.com ishaving, you could temporarily set your hosts search lists to just: search corp.acme.comNow, when a user types: % telnet selma.corp.acme.comthe resolver looks up selma.corp.acme.com.corp.acme.com first (which the local name server can answer),then selma.corp.acme.com, the correct domain name. And this works fine, too: % telnet selmaworks fine, too.8.6.2 Longer Outages (Days)If you lose network connectivity for a long time, your name servers may have other problems. If they loseconnectivity to the root name servers for an extended period, theyll stop resolving queries outside theirauthoritative data. If the slaves cant reach their master, sooner or later theyll expire the zone.In case your name service really goes haywire because of the connectivity loss, its a good idea to keep asite−wide or workgroup /etc/hosts around. In times of dire need, you can move resolv.conf to resolv.bak, killthe local name server (if there is one), and just use /etc/hosts. Its not flashy, but itll get you by.As for slaves, you can reconfigure a slave that cant reach its master to run as a primary master. Just editnamed.conf and change the type substatement in the zone statement from slave to master, then delete themaster substatement. If more than one slave for the same zone is cut off, you can configure one as a primarymaster temporarily and reconfigure the other to load from the temporary primary.Alternatively, you can just increase the expire time in all of your slaves backup files and then signal theslaves to reload the files.8.6.3 Really Long Outages (Weeks)If an extended outage cuts you off from the Internet − say for a week or more − you may need to restoreconnectivity to root name servers artificially to get things working again. Every name server needs to talk to aroot name server occasionally. Its a bit like therapy: the name ...