Tải bản đầy đủ
[Appendix B] B.11 The Aggregate Statements

[Appendix B] B.11 The Aggregate Statements

Tải bản đầy đủ

[Appendix B] B.11 The Aggregate Statements

Only aggregate routes learned from the specified protocol. The value of proto may be any
currently configured protocol. This includes the "protocols" direct, static, and kernel,
discussed in the previous section; all for all possible protocols; and aggregate for other route
aggregations.
as as_number
Only aggregate routes learned from the specified autonomous system.
tag tag
Only aggregate routes with the specified tag.
aspath aspath_regexp
Only aggregate routes that match the specified AS path.
restrict
Indicates routes that are not to be aggregated.
Routes that match the route filters may contribute to the aggregate route. A route may only contribute
to an aggregate route that is more general than itself. Any given route may only contribute to one
aggregate route, but an aggregate route may contribute to a more general aggregate.
A slight variation of aggregation is the generation of a route based on the existence of certain
conditions. The most common usage for this is to create a default based on the presence of a route
from a peer on a neighboring backbone. This is done with the generate statement.
generate default | address [mask mask | masklen number]
[preference preference] {
proto proto
[as as_number | tag tag | aspath aspath_regexp]
[restrict] |
[[preference preference] {
route_filter [restrict | preference preference]] ;
};
};
The generate statement uses many of the same options as the aggregate statement. These options are
described earlier in this appendix.

Previous: B.10 Control
Statements
B.10 Control Statements

TCP/IP Network
Administration
Book Index

file:///C|/mynapster/Downloads/warez/tcpip/appb_11.htm (2 of 3) [2001-10-15 09:19:19]

Next: C. A named
Reference
C. A named Reference

[Appendix B] B.11 The Aggregate Statements

[ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ]

file:///C|/mynapster/Downloads/warez/tcpip/appb_11.htm (3 of 3) [2001-10-15 09:19:19]

[Appendix C] A named Reference

Previous: B.11 The
Aggregate Statements

Appendix C

Next: C.2 named.boot
Configuration Commands

C. A named Reference
Contents:
The named Command
named.boot Configuration Commands
Zone File Records
This appendix provides detailed information about named syntax and the commands and files used to
configure it. This is primarily a reference to use in conjunction with the tutorial information in
Chapter 8, Configuring DNS Name Service . This information is useful to any domain administrator.

C.1 The named Command
The server side of DNS is run by the name server daemon, named. The syntax of the named
command is: [1]
[1] Sun systems use in.named instead of named.
named [-d level] [-p port[/localport]] [[-b] bootfile] [[-q] [[-r]
The three options used on the named command line are:
-d level
Logs debugging information in the file /usr/tmp/named.run. The argument level is a number
from 1 to 9. A higher level number increases the detail of the information logged, but even
when level is set to 1, the named.run file grows very rapidly. Whenever you use debugging,
keep an eye on the size of the named.run file and use SIGUSR2 to close and remove the file if
it gets too large. Signal handling is covered in the next section.
It is not necessary to turn on debugging with the -d option to receive error messages from
named. named displays error messages on the console and stores them in the messages, even
if debugging is not specified. The -d option provides additional debugging information.
file:///C|/mynapster/Downloads/warez/tcpip/appc_01.htm (1 of 3) [2001-10-15 09:19:20]

[Appendix C] A named Reference

-p port[/localport]
Defines the UDP/TCP port used by named. port is the port number used to connect to the
remote name server. localport is the number of the port on which the local name server
daemon listens for connections. If the -p option is not specified, the standard port (53) is used.
Since port 53 is a well-known port, changing the port number makes the name server
inaccessible to standard software packages. Therefore, -p is only used for testing.
-b bootfile
Specifies the file named uses as its configuration file. By default the configuration file is
/etc/named.boot, but the -b option allows the administrator to choose another configuration
file. Note that the -b is optional. As long as the filename used for bootfile doesn't start with
a dash, the -b flag is not required. Any filename written on the named command line is
assumed to be the boot file.
-q
Logs all incoming queries. named must be compiled with the QRYLOG option set to enable
this type of logging.
-r
Turns off recursion. With this option set, the server will only provide answers for zones for
which it is an authoritative server. It will not pursue the query through other servers or zones.

C.1.1 Signal Processing
named handles the following signals:
SIGHUP
Causes named to reread the named.boot file and reload the name server database. named then
continues to run with the new configuration. This signal is particularly useful for forcing
secondary servers to reload a database from the primary server. Normally the databases are
downloaded from the primary server on a periodic basis. Using SIGHUP causes the reload to
occur immediately.
SIGINT
Causes named to dump its cache to /usr/tmp/named_dump.db. The dump file contains all of
the domain information that the local name server knows. The file begins with the root servers,
and marks off every domain under the root that the local server knows anything about. If you
examine this file, you'll see that it shows a complete picture of the information the server has
learned.
SIGUSR1
Turns on debugging; each subsequent SIGUSR1 signal increases the level of debugging.

file:///C|/mynapster/Downloads/warez/tcpip/appc_01.htm (2 of 3) [2001-10-15 09:19:20]

[Appendix C] A named Reference

Debugging information is written to /usr/tmp/named.run just as it is when the -d option is used
on the named command line. Debugging does not have to be enabled with the -d option for the
SIGUSR1 signal to work. SIGUSR1 allows debugging to be turned on when a problem is
suspected, without stopping named and restarting it with the -d option.
SIGUSR2
Turns off debugging and closes /usr/tmp/named.run. After issuing SIGUSR2, you can examine
named.run or remove it if it is getting too large.
Optionally, some other signals can be handled by named. These additional signals require named to
be compiled with the appropriate options to support the signals:
SIGABRT
Writes statistics data to /var/tmp/named.stats. named must be compiled with -DSTATS for
this signal to work.
SIGSYS
Writes profiling data into the /var/tmp directory. named must be compiled with profiling to
support this signal.
SIGTERM
Writes back the primary and secondary database files. This is used to save data modified by
dynamic updates before the system is shut down. named must be compiled with dynamic
updating enabled.
SIGWINCH
Toggles logging of all incoming queries via syslogd. named must be compiled with QRYLOG
option to support this.

Previous: B.11 The
Aggregate Statements
B.11 The Aggregate
Statements

TCP/IP Network
Administration
Book Index

Next: C.2 named.boot
Configuration Commands
C.2 named.boot Configuration
Commands

[ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ]

file:///C|/mynapster/Downloads/warez/tcpip/appc_01.htm (3 of 3) [2001-10-15 09:19:20]

[Appendix C] C.2 named.boot Configuration Commands

Previous: C.1 The named
Command

Appendix C
A named Reference

Next: C.3 Zone File
Records

C.2 named.boot Configuration Commands
The /etc/named.boot file defines the name server configuration and tells named where to obtain the
name server database information. named.boot contains the following types of records:
directory directory-path
Defines a default directory used for all subsequent file references anywhere in the named
configuration. If named is forced to dump memory, the memory dump is stored in this
directory.
primary domain-name file-name
Declares the local name server as the primary master server for the domain specified by
domain-name. As a primary server, the system loads the name server database from the
local disk file specified by name in the file-name field.
secondary domain-name server-address-list file-name
Makes the local server a secondary master server for the domain identified by domain-name.
The server-address-list contains the IP address of at least one other master server for
this domain. Multiple addresses can be provided in the list, but at least the primary server's
address should be provided. The local server will try each server in the list until it successfully
loads the name server database. The local server transfers the entire domain database and
stores all of the data it receives in a local file identified by file-name. After completing the
transfer, the local server answers all queries for information about the domain with complete
authority.
cache . file-name
The cache command points to the file used to initialize the name server cache with a list of
root servers. This command starts with the keyword cache, followed by the name of the root
domain (.), and ends with the name of the file that contains the root server list. This file can
have any name you wish, but it is usually called named.ca, named.root, or root.cache. The
cache command is included in every named.boot file. named needs the list of root servers as a
starting point from which to locate all other DNS domains.
forwarders server-address server-address ...

file:///C|/mynapster/Downloads/warez/tcpip/appc_02.htm (1 of 4) [2001-10-15 09:19:21]

[Appendix C] C.2 named.boot Configuration Commands

The forwarders command provides named with a list of servers to try if it can't resolve a
query from its own cache. In the syntax shown, server-address is the IP address of a
server on your network that can perform a recursive name server query for the local host. (A
recursive query [2] means that the remote server pursues the answer to the query, even if it
does not have the answer itself, and returns the answer to the originator.) The servers listed on
the forwarders command line (the servers are also called "forwarders") are tried in order until
one responds to the query. The listed servers develop an extensive cache that benefits every
host that uses them. Because of this, their use is often recommended. If you plan to use
forwarders, your network administrator should define the list of forwarders for your network.
The forwarders only develop a rich cache if they are used by several hosts.
[2] Chapter 3, Network Services, discusses recursive and nonrecursive name server
queries.
slave
The slave command forces the local server to use only the servers listed on the forwarders
command line. The slave command can only be used if a forwarders command is also present
in the named.boot file. A server that has a slave command in its named.boot file is called a
slave server. A slave server does not attempt to contact the authoritative servers for a domain,
even if the forwarding servers do not respond to its query. Regardless of the circumstances, a
slave server queries only the forwarders. The slave command is used when limited network
access makes the forwarders the only servers that can be reached by the local host. The slave
command is not used on systems that have full Internet access because it limits their flexibility.
sortlist network network ...
The sortlist command causes named to prefer addresses from the listed networks over
addresses from other networks. Normally, DNS sorts the addresses in a response only if the
host issuing the query and the name server share a network. In that case, the shared network is
the preferred network.
xfrnets address[&mask] ...
The xfrnets command limits zone transfers to hosts with the specified address. The
address is written in dotted decimal notation and is intepreted as a network address. The
optional mask field is used to change the interpretation of the address. When a bit is on in
the mask field, that bit is significant for determining which hosts will be allowed to receive a
zone file transfer. For example, xfrnets 172.16.0.0 allows every host on network 172.16 to do
zone file transfers, while xfrnets 172.16.12.3&255.255.255.255 limits zone file transfers to the
single host 172.16.12.3.
For security reasons, many sites do not want to let everyone list all of the hostnames in their
domain. xfrnets limits the ability to retrieve your entire domain to specific, trusted hosts.
tcplist is an alternative form of this command maintained for compatibility with older server
implementations.
include file
file:///C|/mynapster/Downloads/warez/tcpip/appc_02.htm (2 of 4) [2001-10-15 09:19:21]

[Appendix C] C.2 named.boot Configuration Commands

The include command includes the contents of file at the location that the command appears
in the boot file. This command can be used for very large configurations that are maintained by
different people.
bogusns address address ...
The bogusns command prevents queries from being sent to the name server specified by
address. address must be an IP address, not a domain name. This command is used to
avoid cache contamination when you know that a remote name server is providing incorrect
informatiom. bogusns is only a temporary fix placed in the boot file until the remote domain
administrator has a chance to fix the real problem.
limit name value
The limit command changes BIND's internal quotas. value is a number that specifies the new
quota setting. k, m, or g, for kilobytes, megabytes, and gigabytes, respectively, can be
appended to the new quota value number as appropriate. name is the name of the quota being
set. There are four possible values for name: datasize sets the process data size quota; [3]
transfers-in sets the number of named transfer subprocesses that BIND may spawn at any one
time; transfers-per-ns sets the maximum number of simultaneous zone transfers allowed to
any one remote nameserver. There can be multiple limit commands in a boot file - one for each
quota that is being set.
[3] This is a kernel quota and therefore can be set only on systems that provide a kernel
call to implement this.
options option option ...
The options command enables optional features of BIND. The option keywords are
Booleans. Specifying an option on the command line turns on the optional behavior. By
default, the optional features are turned off. Valid option values are: query-log - logs all
queries via syslogd, which produces a very large amount of log data. forward-only - all
queries are to be sent to the forwarders; this is exactly the same as the slave command, though
this syntax is now preferred over the slave syntax. fake-iquery - the nameserver responds to
inverse queries with a fake reply rather than an error; used if you have some clients that cannot
properly handle the error. no-recursion - the name server answers a query for data only in a
zone for which it is authoritative; all other queries are answered with a referral to another
server. no-fetch-glue - the nameserver does not fetch missing glue records for a query
response; the resulting response could be incomplete; it is used with no-recursion to limit
cache growth and reduce the chance of cache corruption.
check-names source action
The check-names command tells the name server to check host names against the standards
for hostnames defined in RFC 952, and to check non-hostname responses to make sure that
they contain nothing but printable characters. The source is the source of the hostname or
string data that is being checked. The source can be primary for the primary zone file;
secondary for the secondary zone file, or response for the message received during recursive
file:///C|/mynapster/Downloads/warez/tcpip/appc_02.htm (3 of 4) [2001-10-15 09:19:21]

[Appendix C] C.2 named.boot Configuration Commands

search. The action tells the name server what to do when an error is detected: fail (reject the
data; do not load, cache, or forward it); warn (send an error message to the system log); or
ignore (process the data as if no error occurred). Multiple check-names commands can appear
in a boot file; one for each source of data. The action for each source can be different.
max-fetch value
The max-fetch command performs exactly the same function as the limit transfers-in
command described previously. The limit command is now the preferred syntax.
At this writing, an experimental named.boot command is supported in some configurations:
stub domain-name server-address-list file-name
This command declares that this is a "stub" server for the domain specified by domainname. The stub information is loaded from a server specified in the server-addresslist and is stored in the file identified by file-name. The format of the stub command is
the same as the secondary command and the functions of the fields in the command are the
same. However, the stub command has very limited applicability. It is only used on a primary
host that is not secondary for its subordinate domains. In that limited case, it is used to ensure
that the primary host has the correct NS records for its subordinate domains.
There is a named.boot command that is no longer widely supported. You'll occasionally encounter
descriptions of it in material written about name service, and for that reason it's discussed here. But
don't use it in your configurations. It is:
domain name
This command functions in exactly the same way as the domain command used in the
resolv.conf file. It is an obsolete command and may not be available in future releases of
BIND. You don't need this command because the default domain name is easily defined in
resolv.conf.

Previous: C.1 The named
Command
C.1 The named Command

TCP/IP Network
Administration
Book Index

Next: C.3 Zone File
Records
C.3 Zone File Records

[ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ]

file:///C|/mynapster/Downloads/warez/tcpip/appc_02.htm (4 of 4) [2001-10-15 09:19:21]

[Appendix C] C.3 Zone File Records

Previous: C.2 named.boot
Configuration Commands

Appendix C
A named Reference

Next: D. A dhcpd Reference

C.3 Zone File Records
Two types of entries are used to construct a zone file: control entries that simplify constructing the
file, and standard resource records that define the domain data contained in the zone file. While there
are several types of standard resource records, there are only two control statements. These are:
$INCLUDE filename
Identifies a file that contains data to be included in the zone file. The data in the included file
must be valid control entries or standard resource records. $INCLUDE allows a large zone file
to be divided into smaller, more manageable units.
The filename specified on the command line is relative to the directory named on the
directory statement in the named.boot file. For example: if the named.boot file for almond
contains a directory /etc statement, and a zone file on almond contains an $INCLUDE
sales.hosts statement, then the file /etc/sales.hosts would be included in that zone file. If you
don't want the filename to be relative to that directory, specify a fully qualified name, such as
/usr/dns/sales.hosts.
$ORIGIN domainname
Changes the default domain name used by subsequent records in the zone file. Use this
command to put more than one domain in a zone file. For example, an $ORIGIN sales
statement in the nuts.com zone file sets the domain name to sales.nuts.com. All subsequent
resource records would be relative to this new domain.
The named software uses $ORIGIN statements to organize its own information. Dumping the
named database, with the SIGINT signal, produces a single file containing all the information
that the server knows. This file, named_dump.db, contains many $ORIGIN entries used to
place all of the domains that named knows about into a single file.
These two control entries are helpful for organizing and controlling the data in a zone file, but all of
the actual database information comes from standard resource records. All of the files pointed to by
named.boot contribute to the DNS database, so all of these files are constructed from standard
resource records.

file:///C|/mynapster/Downloads/warez/tcpip/appc_03.htm (1 of 16) [2001-10-15 09:19:23]

[Appendix C] C.3 Zone File Records

C.3.1 Standard Resource Records
The format of standard resource records, sometimes called RRs, is defined in RFC 1033, the Domain
Administrators Operations Guide. The format is:
[name] [ttl] class type data
The individual fields in the standard resource record are:
name
This is the name of the object affected by this resource record. The named object can be as
specific as an individual host, or as general as an entire domain. The string entered for name is
relative to the current domain unless a fully qualified domain name is used. [4] Certain name
values have special meaning. These are:

A blank name field denotes the current named object. The current name stays in force
until a new name value is encountered in the name field. This permits multiple RRs to
be applied to a single object without having to repeat the object's name for each record.
..
Two dots in the name field refer to the root domain. However, a single dot (the actual
name of the root) also refers to the root domain, and is more commonly used.
@
A single at-sign (@) in the name field refers to the current origin. The origin is a domain
name derived by the system from the current domain name or explicitly set by the
system administrator using the $ORIGIN command.
*
An asterisk in the name field is a wildcard character. It stands for a name composed of
any string. It can be combined with a domain name or used alone. Used alone, an
asterisk in the named field means that the resource record applies to objects with names
composed of any string of characters plus the name of the current domain. Used with a
domain name, the asterisk is relative to that domain. For example, *.bitnet. in the name
field means any string plus the string .bitnet.
[4] The FQDN must be specified all the way to the root; i.e., it must end with a
dot.
ttl

file:///C|/mynapster/Downloads/warez/tcpip/appc_03.htm (2 of 16) [2001-10-15 09:19:23]