Learning Action in publishing DNS part 7

Tham khảo tài liệu Learning Action in publishing DNS part_7, công nghệ thông tin, hệ điều hành phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả
Nội dung trích xuất từ tài liệu:
Learning Action in publishing DNS part 7 Chapter 4forward: This is not a real zone, but a method for forwarding queries on a per-domain basis. Thename server has the role of a forwarder for the forward zone. A zone statement of type forwardcan contain a forward and/or forwarders statement, which will apply to queries within thedomain given by the zone name.The name of a zone can be followed by a class. If the class is not specified, in (Internet) is used.Parameters:Most parameters of the zone statement have the same meanings as the parameters of the optionsstatement with identical names. If a certain parameter is specified in the zone statement, its valuehas a higher priority than the value of the parameter in the options statement.allow-update: This parameter defines those hosts that are permitted to carry out a dynamicupdate of the server. By default, the dynamic update is prohibited from all hosts.update-policy: This parameter provides the option to set rules for the dynamic update in greaterdetail compared with the allow-update parameter. The permission/ban of a dynamic update can beset not only for the whole zone, but also at a domain name level or for groups of names as it is in thecase of the allow-update parameter. This parameter is only implemented in version 9 and higher.Only one of allow-update and update-policy can be used in the zone statement.4.3.2.2 DNS DatabaseBIND version 9 has also brought changes in zone files. Some of the most significant changes arethe $TTL and $GENERATE statements.$TTL StatementEvery zone file must include either the $TTL statement, which defines the default TTL value forthe particular zone, or every RR record must include a TTL value. If this condition is not fulfilled,the server announces an error during startup. BIND 8 was still able to use the TTL value from theSOA record.$GENERATE StatementThis statement is used to create an RR set that provides the reverse delegation of a subnet. EveryDNS administrator who has at least once defined a reverse delegation for a subnet of, for example,128 IP addresses, would be grateful for this statement. Chapter 7 tells you that a zone file mustinclude a number of CNAME records for the reverse delegation of a subnet. For example, in thecase of a subnet of 128 IP addresses, exactly 128 records have to be stated. These CNAMErecords, however, only differ in one position in the IP address (in the last byte), and this number isincreased in each successive record by 1. Using this statement can solve the delegation quitenicely. Lets look at an example on how to use this statement.Example:Sequence of statements in the zone file: $ORIGIN 37.47.195.IN-ADDR.ARPA. $GENERATE 1-2 0 NS server$.company.com. $GENERATE 1-127 $ CNAME $.0 109Name Server ImplementationThis is equivalent to a set of 128 CNAME records and 2 NS records for a reverse delegation: 0.37.47.195.IN-ADDR.ARPA NS server1.company.com. 0.37.47.195.IN-ADDR.ARPA NS server2.company.com. 1.37.47.195.IN-ADDR.ARPA CNAME 1.0.37.47.195.IN-ADDR.ARPA. 2.37.47.195.IN-ADDR.ARPA CNAME 2.0.37.47.195.IN-ADDR.ARPA. ... 127.37.47.195.IN-ADDR.ARPA CNAME 127.0.37.47.195.IN-ADDR.ARPA.4.3.2.3 Lightweight ResolverIn connection with the support of IPv6, BIND 9 has a new solution for the translation of DNSqueries. It has a new resolver library.Older applications that needed to translate an IP into a name and vice versa used a stub resolver.These applications had compiled libraries with a resolver and therefore sent requests fortranslation to the local name server as described in Sections 1.9 and 1.10. However, a stub resolverdoes not support the translation of A6 records for the IPv6 protocol (see Section 3.5.2).BIND 9 replaces the stub resolver with a new solution. For DNS translations, it offers thelightweight resolver and lightweight resolver daemon pair. This pair communicates together usingthe lwres protocol.How does this Mechanism Function?An application using IPv6 is compiled with an lwres library, which is an implementation of anlwres client. Applications send requests for IP address translation to the lwres daemon (lwresd),which is an implementation of the lwres server. Figure 4.2: Lightweight resolver110 Chapter 4Lwres is a simple caching-only name server. This server accepts queries from an application in thelwres protocol, transforms the queries into a DNS protocol, and sends them to a name server forresolution. Then it transforms the answer from the name server into the lwres protocol and sends itto the application. L ...