30.6. DNS – Domain Name Service

Beigetragen von Chern Lee, Tom Rhodes und Daniel Gerzo.

www.FreeBSD.org
ftp.FreeBSD.org
.
org.
example.org.
org.
1.168.192.in-addr.arpa.
192.168.1.*
example.org.
org.
org.
/dev
example.org
www.FreeBSD.org
/etc/namedb
/etc/namedb/named.conf
master
slave
dynamic
/etc/namedb
# /etc/rc.d/named onestart

/etc/rc.conf
named_enable="YES"

/etc/namedb/named.conf
named_*
/etc/defaults/rc.conf
/etc/namedb
/etc/namedb/named.conf
// $FreeBSD$
//
// Refer to the named.conf(5) and named(8) man pages, and the documentation
// in /usr/share/doc/bind9 for more details.
//
// If you are going to set up an authoritative server, make sure you
// understand the hairy details of how DNS works.  Even with
// simple mistakes, you can break connectivity for affected parties,
// or cause huge amounts of useless Internet traffic.

options {
// All file and path names are relative to the chroot directory,
// if any, and should be fully qualified.
    directory	"/etc/namedb/working";
	pid-file	"/var/run/named/pid";
	dump-file	"/var/dump/named_dump.db";
	statistics-file	"/var/stats/named.stats";

// If named is being used only as a local resolver, this is a safe default.
// For named to be accessible to the network, comment this option, specify
// the proper IP address, or delete this option.
	listen-on	{ 127.0.0.1; };

// If you have IPv6 enabled on this system, uncomment this option for
// use as a local resolver.  To give access to the network, specify
// an IPv6 address, or the keyword "any".
//	listen-on-v6	{ ::1; };

// These zones are already covered by the empty zones listed below.
// If you remove the related empty zones below, comment these lines out.
	disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
	disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
	disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";

// If you've got a DNS server around at your upstream provider, enter
// its IP address here, and enable the line below.  This will make you
// benefit from its cache, thus reduce overall DNS traffic in the Internet.
/*
	forwarders {
		127.0.0.1;
	};
*/

// If the 'forwarders' clause is not empty the default is to 'forward first'
// which will fall back to sending a query from your local server if the name
// servers in 'forwarders' do not have the answer.  Alternatively you can
// force your name server to never initiate queries of its own by enabling the
// following line:
//	forward only;

// If you wish to have forwarding configured automatically based on
// the entries in /etc/resolv.conf, uncomment the following line and
// set named_auto_forward=yes in /etc/rc.conf.  You can also enable
// named_auto_forward_only (the effect of which is described above).
//	include "/etc/namedb/auto_forward.conf";

forwarders
127.0.0.1
	/*
	   Modern versions of BIND use a random UDP port for each outgoing
	   query by default in order to dramatically reduce the possibility
	   of cache poisoning.  All users are strongly encouraged to utilize
	   this feature, and to configure their firewalls to accommodate it.

	   AS A LAST RESORT in order to get around a restrictive firewall
	   policy you can try enabling the option below.  Use of this option
	   will significantly reduce your ability to withstand cache poisoning
	   attacks, and should be avoided if at all possible.

	   Replace NNNNN in the example with a number between 49160 and 65530.
	*/
	// query-source address * port NNNNN;
};

// If you enable a local name server, don't forget to enter 127.0.0.1
// first in your /etc/resolv.conf so this server will be queried.
// Also, make sure to enable it in /etc/rc.conf.

// The traditional root hints mechanism. Use this, OR the slave zones below.
zone "." { type hint; file "/etc/namedb/named.root"; };

/*	Slaving the following zones from the root name servers has some
	significant advantages:
	1. Faster local resolution for your users
	2. No spurious traffic will be sent from your network to the roots
	3. Greater resilience to any potential root server failure/DDoS

	On the other hand, this method requires more monitoring than the
	hints file to be sure that an unexpected failure mode has not
	incapacitated your server.  Name servers that are serving a lot
	of clients will benefit more from this approach than individual
	hosts.  Use with caution.

	To use this mechanism, uncomment the entries below, and comment
	the hint zone above.

	As documented at http://dns.icann.org/services/axfr/ these zones:
	"." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and ROOT-SERVERS.NET
	are availble for AXFR from these servers on IPv4 and IPv6:
	xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org
*/
/*
zone "." {
	type slave;
	file "/etc/namedb/slave/root.slave";
	masters {
		192.5.5.241;	// F.ROOT-SERVERS.NET.
	};
	notify no;
};
zone "arpa" {
	type slave;
	file "/etc/namedb/slave/arpa.slave";
	masters {
		192.5.5.241;	// F.ROOT-SERVERS.NET.
	};
	notify no;
};
*/

/*	Serving the following zones locally will prevent any queries
	for these zones leaving your network and going to the root
	name servers.  This has two significant advantages:
	1. Faster local resolution for your users
	2. No spurious traffic will be sent from your network to the roots
*/
// RFCs 1912 and 5735 (and BCP 32 for localhost)
zone "localhost"        { type master; file "/etc/namedb/master/localhost-forward.db"; };
zone "127.in-addr.arpa" { type master; file "/etc/namedb/master/localhost-reverse.db"; };
zone "255.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };

// RFC 1912-style zone for IPv6 localhost address
zone "0.ip6.arpa"       { type master; file "/etc/namedb/master/localhost-reverse.db"; };

// "This" Network (RFCs 1912 and 5735)
zone "0.in-addr.arpa"   { type master; file "/etc/namedb/master/empty.db"; };

// Private Use Networks (RFCs 1918 and 5735)
zone "10.in-addr.arpa"     { type master; file "/etc/namedb/master/empty.db"; };
zone "16.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "17.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "18.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "19.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "20.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "21.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "22.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "23.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "24.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "25.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "26.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "27.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "28.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "29.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "30.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "31.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "168.192.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };

// Link-local/APIPA (RFCs 3927 and 5735)
zone "254.169.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };

// IETF protocol assignments (RFCs 5735 and 5736)
zone "0.0.192.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };

// TEST-NET-[1-3] for Documentation (RFCs 5735 and 5737)
zone "2.0.192.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "100.51.198.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "113.0.203.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };

// IPv6 Range for Documentation (RFC 3849)
zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };

// Domain Names for Documentation and Testing (BCP 32)
zone "test" { type master; file "/etc/namedb/master/empty.db"; };
zone "example" { type master; file "/etc/namedb/master/empty.db"; };
zone "invalid" { type master; file "/etc/namedb/master/empty.db"; };
zone "example.com" { type master; file "/etc/namedb/master/empty.db"; };
zone "example.net" { type master; file "/etc/namedb/master/empty.db"; };
zone "example.org" { type master; file "/etc/namedb/master/empty.db"; };

// Router Benchmark Testing (RFCs 2544 and 5735)
zone "18.198.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "19.198.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };

// IANA Reserved - Old Class E Space (RFC 5735)
zone "240.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "241.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "242.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "243.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "244.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "245.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "246.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "247.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "248.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "249.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "250.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "251.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "252.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "253.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
zone "254.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };

// IPv6 Unassigned Addresses (RFC 4291)
zone "1.ip6.arpa"       { type master; file "/etc/namedb/master/empty.db"; };
zone "3.ip6.arpa"       { type master; file "/etc/namedb/master/empty.db"; };
zone "4.ip6.arpa"       { type master; file "/etc/namedb/master/empty.db"; };
zone "5.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "6.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "7.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "8.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "9.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "a.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "b.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "c.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "d.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "e.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "0.f.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "1.f.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "2.f.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "3.f.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "4.f.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "5.f.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "6.f.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "7.f.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "8.f.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "9.f.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "a.f.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "b.f.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "0.e.f.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "1.e.f.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "2.e.f.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "3.e.f.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "4.e.f.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "5.e.f.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "6.e.f.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "7.e.f.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };

// IPv6 ULA (RFC 4193)
zone "c.f.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "d.f.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };

// IPv6 Link Local (RFC 4291)
zone "8.e.f.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "9.e.f.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "a.e.f.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "b.e.f.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };

// IPv6 Deprecated Site-Local Addresses (RFC 3879)
zone "c.e.f.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "d.e.f.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "e.e.f.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };
zone "f.e.f.ip6.arpa"		{ type master; file "/etc/namedb/master/empty.db"; };

// IP6.INT is Deprecated (RFC 4159)
zone "ip6.int"			{ type master; file "/etc/namedb/master/empty.db"; };

// NB: Do not use the IP addresses below, they are faked, and only
// serve demonstration/documentation purposes!
//
// Example slave zone config entries.  It can be convenient to become
// a slave at least for the zone your own domain is in.  Ask
// your network administrator for the IP address of the responsible
// master name server.
//
// Do not forget to include the reverse lookup zone!
// This is named after the first bytes of the IP address, in reverse
// order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6.
//
// Before starting to set up a master zone, make sure you fully
// understand how DNS and BIND work.  There are sometimes
// non-obvious pitfalls.  Setting up a slave zone is usually simpler.
//
// NB: Don't blindly enable the examples below. :-)  Use actual names
// and addresses instead.

/* An example dynamic zone
key "exampleorgkey" {
	algorithm hmac-md5;
	secret "sf87HJqjkqh8ac87a02lla==";
};
zone "example.org" {
	type master;
	allow-update {
		key "exampleorgkey";
	};
	file "/etc/named/dynamic/example.org";
};
*/

/* Example of a slave reverse zone
zone "1.168.192.in-addr.arpa" {
	type slave;
	file "/etc/namedb/slave/1.168.192.in-addr.arpa";
	masters {
		192.168.1.1;
	};
};
*/

named.conf
named.conf
example.org
zone "example.org" {
        type master;
        file "master/example.org";
};     

/etc/namedb/master/example.org
zone "example.org" {
        type slave;
        file "slave/example.org";
};     

/etc/namedb/master/example.org
example.org
$TTL 3600        ; 1 hour default TTL
example.org.    IN      SOA      ns1.example.org. admin.example.org. (
                                2006051501      ; Serial
                                10800           ; Refresh
                                3600            ; Retry
                                604800          ; Expire
                                300             ; Negative Response TTL
                        )

; DNS Servers
                IN      NS      ns1.example.org.
                IN      NS      ns2.example.org.

; MX Records
                IN      MX 10   mx.example.org.
                IN      MX 20   mail.example.org.

                IN      A       192.168.1.1

; Machine Names
localhost       IN      A       127.0.0.1
ns1             IN      A       192.168.1.2
ns2             IN      A       192.168.1.3
mx              IN      A       192.168.1.4
mail            IN      A       192.168.1.5

; Aliases
www             IN      CNAME   example.org.

ns1
ns1.example.org.
recordname      IN recordtype   value

example.org. IN SOA ns1.example.org. admin.example.org. (
                        2006051501      ; Serial
                        10800           ; Refresh after 3 hours
                        3600            ; Retry after 1 hour
                        604800          ; Expire after 1 week
                        300 )           ; Negative Response TTL

example.org.
ns1.example.org.
admin.example.org.
admin.example.org
2006051501
JJJJMMTTRR
2006051501
	  IN NS           ns1.example.org.

	  localhost       IN      A       127.0.0.1
	  ns1             IN      A       192.168.1.2
	  ns2             IN      A       192.168.1.3
	  mx              IN      A       192.168.1.4
	  mail            IN      A       192.168.1.5

A
ns1.example.org
192.168.1.2
	  IN      A       192.168.1.1

192.168.1.1
example.org
	  www             IN CNAME        @

www
example.org
192.168.1.1
	  IN MX   10      mail.example.org.

mail.example.org
example.org
in-addr.arpa
$TTL 3600

1.168.192.in-addr.arpa. IN SOA ns1.example.org. admin.example.org. (
                        2006051501      ; Serial
                        10800           ; Refresh
                        3600            ; Retry
                        604800          ; Expire
                        300 )           ; Negative Response TTL

        IN      NS      ns1.example.org.
        IN      NS      ns2.example.org.

1       IN      PTR     example.org.
2       IN      PTR     ns1.example.org.
3       IN      PTR     ns2.example.org.
4       IN      PTR     mx.example.org.
5       IN      PTR     mail.example.org.

example.net
example.com
named.conf
% dig +multi +noall +answer DNSKEY . > root.dnskey

root.dnskey
. 93910 IN DNSKEY 257 3 8 (
	AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQ
	bSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh
	/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWA
	JQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXp
	oY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3
	LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGO
	Yl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGc
	LmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
  	) ; key id = 19036
. 93910 IN DNSKEY 256 3 8 (
	AwEAAcaGQEA+OJmOzfzVfoYN249JId7gx+OZMbxy69Hf
	UyuGBbRN0+HuTOpBxxBCkNOL+EJB9qJxt+0FEY6ZUVjE
	g58sRr4ZQ6Iu6b1xTBKgc193zUARk4mmQ/PPGxn7Cn5V
	EGJ/1h6dNaiXuRHwR+7oWh7DnzkIJChcTqlFrXDW3tjt
) ; key id = 34525

% dnssec-dsfromkey -f root-dnskey . > root.ds

. IN DS 19036 8 1 B256BD09DC8DD59F0E0F0D8541B8328DD986DF6E
. IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5

managed-keys
trusted-keys
trusted-keys {
	"." 257 3 8
	"AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
	FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
	bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
	X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
	W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
	Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
	QxA+Uk1ihz0=";
};

managed-keys {
	"." initial-key 257 3 8
	"AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
  	FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
  	bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
  	X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
  	W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
  	Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
  	QxA+Uk1ihz0=";
};

named.conf
named.conf
options
dnssec-enable yes;
dnssec-validation yes;

AD
% dig @resolver +dnssec se ds

.se
flags:
AD
...
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
...

example.com
example.com
% dnssec-keygen -f KSK -a RSASHA256 -b 2048 -n ZONE example.com

% dnssec-keygen -a RSASHA256 -b 2048 -n ZONE example.com

Kexample.com.+005+nnnnn.key
Kexample.com.+005+nnnnn.private
nnnnn
% mv Kexample.com.+005+nnnnn.key Kexample.com.+005+nnnnn.KSK.key
% mv Kexample.com.+005+nnnnn.private Kexample.com.+005+nnnnn.KSK.private

KSK
ZSK
$include
$include Kexample.com.+005+nnnnn.KSK.key    ; KSK
$include Kexample.com.+005+nnnnn.ZSK.key    ; ZSK

example.com
example.com.db
% dnssec-signzone -o example.com -k Kexample.com.+005+nnnnn.KSK example.com.db Kexample.com.+005+nnnnn.ZSK.key

.signed
example.com.db.signed
dsset-example.com
named.conf
example.com.db.signed
auto-dnssec
example.com
named.conf
zone example.com {
	type master;
	key-directory "/etc/named/keys";
	update-policy local;
	auto-dnssec maintain;
	file "/etc/named/dynamic/example.com.zone";
};

key-directory

Begriff	Bedeutung
Forward-DNS	Rechnernamen in IP-Adressen umwandeln.
Origin (Ursprung)	Die in einer bestimmten Zonendatei beschriebene Domäne.
named, BIND	Gebräuchliche Namen für das unter FreeBSD verwendete BIND-Nameserverpaket.
Resolver	Ein Systemprozess, durch den ein Rechner Zoneninformationen von einem Nameserver anfordert.
Reverse-DNS	die Umwandlung von IP-Adressen in Rechnernamen
Root-Zone	Der Beginn der Internet-Zonenhierarchie. Alle Zonen befinden sich innerhalb der Root-Zone. Dies ist analog zu einem Dateisystem, in dem sich alle Dateien und Verzeichnisse innerhalb des Wurzelverzeichnisses befinden.
Zone	Eine individuelle Domäne, Unterdomäne, oder ein Teil von DNS, der von der gleichen Autorität verwaltet wird.

Datei	Beschreibung
named	Der BIND-Daemon.
rndc(8)	Das Steuerprogramm für named.
`/etc/namedb`	Das Verzeichnis, in dem sich die Zoneninformationen für BIND befinden.
`/etc/namedb/named.conf`	Die Konfigurationsdatei für named.

Zurück	Zum Anfang	Weiter
Automatische Netzwerkkonfiguration mit DHCP	Nach oben	Der Apache HTTP-Server

30.6. DNS – Domain Name Service

30.6.1. Überblick

30.6.2. Begriffsbestimmungen

30.6.3. Gründe für die Verwendung eines Nameservers

30.6.4. Wie funktioniert DNS?

30.6.5. BIND starten

30.6.6. Konfigurationsdateien

30.6.6.1. `/etc/namedb/named.conf`

30.6.6.2. Zonendateien

30.6.7. Zwischenspeichernde (cachende) Nameserver

30.6.8. DNSSEC

30.6.8.1. Rekursive DNS-Server Konfiguration

30.6.8.2. Autoritative DNS-Server Konfiguration

30.6.8.3. Automatisierung mittels BIND 9.7 oder höher

30.6.9. Sicherheit

30.6.10. Weitere Informationsquellen