分页: 1 / 1

《NetBSD指南-25.3.使用DNS》

发表于 : 2010-03-08 1:35
leo
In this section we will look at how to get DNS going and setup "strider" to use its own DNS services.

Setting up named to start automatically is quite simple. In /etc/rc.conf simply set named=yes. Additional options can be specified in named_flags, for example, I like to use -g nogroup -u nobody, so a non-root account runs the "named" process.

In addition to being able to startup "named" at boot time, it can also be controlled with the ndc command. In a nutshell the ndc command can stop, start or restart the named server process. It can also do a great many other things. Before use, it has to be setup to communicate with the "named" process, see the ndc(8) and named.conf(5) man pages for more details on setting up communication channels between "ndc" and the "named" process.

Next we want to point "strider" to itself for lookups. We have two simple steps, first, decide on our resolution order. On a network this small, it is likely that each host has a copy of the hosts table, so we can get away with using /etc/hosts first, and then DNS. However, on larger networks it is much easier to use DNS. Either way, the file where order of name services used for resolution is determined is /etc/nsswitch.conf (see Example 23.2, “nsswitch.conf”). Here is part of a typical nsswitch.conf:

代码: 全选

. . .
group_compat:   nis
hosts:          files dns
netgroup:       files [notfound=return] nis
. . .
The line we are interested in is the "hosts" line. "files" means the system uses the /etc/hosts file first to determine ip to name translation, and if it can't find an entry, it will try DNS.

The next file to look at is /etc/resolv.conf, which is used to configure DNS lookups ("resolution") on the client side. The format is pretty self explanatory but we will go over it anyway:

代码: 全选

domain diverge.org
search diverge.org
nameserver 192.168.1.1
In a nutshell this file is telling the resolver that this machine belongs to the "diverge.org" domain, which means that lookups that contain only a hostname without a "." gets this domain appended to build a FQDN. If that lookup doesn't succeed, the domains in the "search" line are tried next. Finally, the "nameserver" line gives the IP addresses of one or more DNS servers that should be used to resolve DNS queries.

To test our nameserver we can use several commands, for example:

代码: 全选

# host sam
sam.diverge.org has address 192.168.1.2
As can be seen, the domain was appended automatically here, using the value from /etc/resolv.conf. Here is another example, the output of running host http://www.yahoo.com:

代码: 全选

$ host www.yahoo.com
www.yahoo.com is an alias for www.yahoo.akadns.net.
www.yahoo.akadns.net has address 68.142.226.38
www.yahoo.akadns.net has address 68.142.226.39
www.yahoo.akadns.net has address 68.142.226.46
www.yahoo.akadns.net has address 68.142.226.50
www.yahoo.akadns.net has address 68.142.226.51
www.yahoo.akadns.net has address 68.142.226.54
www.yahoo.akadns.net has address 68.142.226.55
www.yahoo.akadns.net has address 68.142.226.32
Other commands for debugging DNS besides host(1) are nslookup(8) and dig(1). Note that ping(8) is not useful for debugging DNS, as it will use whatever is configured in /etc/nsswitch.conf to do the name-lookup.

At this point the server is configured properly. The procedure for setting up the client hosts are easier, you only need to setup /etc/nsswitch.conf and /etc/resolv.conf to the same values as on the server.