Documentos de Académico
Documentos de Profesional
Documentos de Cultura
A Naming service performs lookups of stored information, such as: Host names and addresses User names Passwords Access permissions Group membership, automount maps, and so on This information is made available so that users can log in to their host, access resources, and be granted permissions. The name service information can be stored locally in various forms of database files, or in a central network-based repository or database. Without a central naming service, each host would have to maintain its own copy of this information. Naming service information can be stored in files, maps, or database tables. If you centralize all data, administration becomes easier. Naming services are fundamental to any computing network. Among other features, naming services provide functionality that does the following. Associates (binds) names with objects Resolves names to objects Removes bindings Lists names Renames information A network information service enables systems to be identified by common names instead of numerical addresses. This makes communication simpler because users do not have to remember and try to enter cumbersome numerical addresses like 192.168.0.0. For example, take a network of three systems that are named, pine, elm, and oak. Before pine can send a message to either elm or oak, pine must know their numerical network addresses. For this reason, pine keeps a file, /etc/inet/hosts, that stores the network address of every system in the network, including itself.
Likewise, in order for elm and oak to communicate with pine or with each other, the systems must keep similar files.
In addition to storing addresses, systems store security information, mail data, network services information and so on. As networks offer more services, the list stored of information grows. As a result, each system might keep an entire set of files that are similar to /etc/inet/hosts. A network information service stores network information on a server, which can be queried by any system. The systems are known as clients of the server. The following figure illustrates the client-server arrangement. Whenever information about the network changes, instead of updating each client's local file, an administrator updates only the information stored by the network information service. Doing so reduces errors, inconsistencies between clients, and the sheer size of the task.
This arrangement, of a server providing centralized services to clients across a network, is known as client-server computing. Although the main purpose of a network information service is to centralize information, the network information service can also simplify network names. For example, assume your company has set up a network which is connected to the Internet. The Internet has assigned your network the network address 192.168.0.0 and the domain name example.com. Your company has two divisions, Sales and Manufacturing (Manf), so its network is divided into a main network and one subnet for each division. Each net has its own address.
Each division could be identified by its network address, as shown above, but descriptive names made possible by naming services would be preferable.
Instead of addressing mail or other network communications to 198.168.0.0, mail could be addressed to example.com. Instead of addressing mail to 192.168.2.0 or 192.168.3.0, mail could be addressed to sales.example.com or manf.example.com. Names are also more flexible than physical addresses. Physical networks tend to remain stable, but company organization tends to change. For example, assume that the example.com network is supported by three servers, S1, S2, and S3. Assume that two of those servers, S2 and S3, support clients.
Clients C1, C2, and C3 would obtain their network information from server S2. Clients C4, C5, and C6 would obtain information from server S3. The resulting network is summarized in the following table. The table is a generalized representation of that network but does not resemble an actual network information map. Table 1-1 Representation of example.com Network Network Address Network Name Server Clients 192.168.1.0 S1 example.com 192.168.2.0 sales.example.com S2 C1, C2, C3 192.168.3.0 manf.example.com S3 C4, C5, C6 Now, assume that you create a third division, Testing, which borrowed some resources from the other two divisions, but did not create a third subnet. The physical network would then no longer parallel the corporate structure.
Traffic for the Test Division would not have its own subnet, but would instead be split between 192.168.2.0 and 192.168.3.0. However, with a network information service, the Test Division traffic could have its own dedicated network.
Thus, when an organization changes, its network information service can change its mapping as shown here.
Now, clients C1 and C2 would obtain their information from server S2. C3, C4, and C5 obtain information from server S3. Subsequent changes in your organization would be accommodated by changes to the network information structure without reorganizing the network structure.
Host Names
Domain Name Service (DNS) is the service used to convert human readable names of hosts to IP addresses. Host names are not case sensitive and can contain alphabetic or numeric letters or the hyphen. Avoid the underscore. A fully qualified domain name (FQDN) consists of the host name plus domain name as in the following example: computername.domain.com The part of the system sending the queries is called the resolver and is the client side of the configuration. The nameserver answers the queries. Read RFCs 1034 and 1035. These contain the bulk of the DNS information and are superceded by RFCs 1535-1537. Naming is in RFC 1591. The main function of DNS is the mapping of IP addresses to human readable names. Three main components of DNS 1. resolver 2. name server 3. database of resource records(RRs)
connect to the name server using its IP address rather than the name.
DNS is hierarchical in structure. A domain is a subtree of the domain name space. From the root, the assigned top-level domains in the U.S. are: GOV - Government body. EDU - Educational body. INT - International organization NET - Networks COM - Commercial entity. MIL - U. S. Military. ORG - Any other organization not previously listed.
Outside this list are top level domains for various countries. Each node on the domain name system is separated by a ".". Example: "mymachine.mycompany.com.". Note that any name ending in a "." is an absolute domain name since it goes back to root.
32-47 Number of questions 48-63 Number of answer RRs 64-79 Number of authority RRs 80-95 Number of additional RRs Questions - variable 96-?? lengths Answers - variable ??-?? lengths Authority - variable ??-?? lengths Additional Information ??-?? variable lengths
There can be variable numbers of questions sent. Answers are variable numbers of resource records.
Question format includes query name, query type and query class. The query name is the name being looked up. The query class is normally 1 for internet address. The query types are listed in the table below. They include NS, CNAME, A, etc. The answers, authority and additional information are in resource record (RR) format which contains the following. 1. 2. 3. 4. 5. Domain name Type - One of the RR codes listed below. Class - Normally indicates internet data which is a 1. Time to live field - The number of seconds the RR is saved by the client. Resource data length specifies the amount of data. The data is dependent on its type such as CNAME, A, NS or others as shown in the table below. If the type is "A" the data is a 4 byte IP address.
The table below shows resource record types: Type A NS CNAME PTR HINFO MX AXFR ANY RR value 1 2 5 12 13 15 252 255 Description Host's IP address Host's or domain's name server(s) Host's canonical name, host identified by an alias domain name Host's domain name, host identified by its IP address Host information Host's or domain's mail exchanger Request for zone transfer Request for all records
A - Host's IP address. Address record allowing a computer name to be translated into an IP address. Each computer must have this record for its IP address to be located. These names are not assigned for clients that have dynamically assigned IP addresses, but are a must for locating servers with static IP addresses. PTR - Hosts domain name, host identified by its IP address CNAME - Hosts canonical name allows additional names or aliases to be used to locate a computer. MX - Hosts or domains mail exchanger. NS - Hosts or domains name server(s). SOA - Indicates authority for the domain TXT - Generic text record SRV - Service location record RP - Responsible person HINFO - Host information record with CPU type and operating system. When a resolver requests information from the server, the DNS query message indicates one of the preceding types.
chroot features
chroot feature is run named as user named, and it also limit the files named can see. When installed, named is fooled into thinking that the directory /var/named/chroot is actually the root or / directory. Therefore, named files normally found in the /etc directory are found in /var/named/chroot/etc directory instead, and those you would expect to find in /var/named are actually located in /var/named/chroot/var/named. The advantage of the chroot feature is that if a hacker enters your system via a BIND exploit, the
hacker's access to the rest of your system is isolated to the files under the chroot directory and nothing else. This type of security is also known as a chroot jail.
main configuration file for dns server is named.conf. By default this file is not created in /var/named/chroot/etc/ directory. Instead of named.conf a sample file /var/named/chroot/etc/named.caching-nameserver.conf is created. This file is use to make a caching only name server. We can also do editing in this file after changing its name to named.conf to configure master dns server or you can manually create a new named.conf file. In our example we are creating a new named.conf file We are using bind's chroot features so all our necessary files will be located in chroot directory. Set directory location to /var/named. Further we will set the location of forward zone and reverse lookup zone files. Or do editing exactly as shown here in image
Now open forward zone file example.com.zone By default this file will look like this
Now open reverse lookup zone file 0.168.192.in-addr.arpa By default this file will look like this
If service restart without any error means you have successfully configured master name server .