dave spink toolset
|
|
dave spink toolset |
|
|
DNS: |
|||
| RECORDS | SECURITY | COMMANDS | |
THE PROJECTTo document an internal DNS deployment. RECORDSSee an extract of a zone file below.
# more /var/named/db.cpships.com
@ IN SOA d1pr0003.cpships.com. root.cpships.com. (
20060616001 ; Serial Format YYYYMMDDXXX
3h ; Refresh
1h ; Retry
1w ; Expire
1h ) ; Negative caching TTL
IN NS d1pr0003.cpships.com.
IN NS c1pr0001.cpships.com.
localhost IN A 127.0.0.1
c1pr0001 IN A 10.140.129.10
c1pr0001-ce0 IN A 10.140.129.12
c1pr0001-ce1 IN A 10.140.129.13
d1de0100 IN A 10.140.131.25
d1de0100-hme0 IN A 10.140.131.26
d1de0100-hme1 IN A 10.140.131.27
pvcs IN CNAME d1de0100
d1pr0002 IN A 10.140.128.58
d1pr0002-ge0 IN A 10.140.128.59
d1pr0002-ge1 IN A 10.140.128.60
d1pr0003 IN A 10.140.128.61
d1pr0003-ge0 IN A 10.140.128.62
d1pr0003-ge1 IN A 10.140.128.63
See an extract of the reverse pointer record zone file.
# more /var/named/db.10.140.128
@ IN SOA d1pr0003.cpships.com. root.cpships.com. (
2006031701 ; Serial Format YYYYMMDDXX
3h ; Refresh
1h ; Retry
1w ; Expire
1h ) ; Negative caching TTL
IN NS d1pr0003.cpships.com.
IN NS c1pr0001.cpships.com.
10 IN PTR c1pr0001.cpships.com.
12 IN PTR c1pr0001.cpships.com.
13 IN PTR c1pr0001.cpships.com.
25 IN PTR d1de0100.cpships.com.
26 IN PTR d1de0100.cpships.com.
27 IN PTR d1de0100.cpships.com.
58 IN PTR d1pr0002.cpships.com.
59 IN PTR d1pr0002.cpships.com.
60 IN PTR d1pr0002.cpships.com.
See an extract of the /usr/local/etc/named.conf configuration file.
/*
* A simple BIND configuration file for cpships.com
* This server is the primary for cpships.com
*
* !!! IF YOU ADD A ZONE, MAKE SURE TO ADD TO NAMED.CONF ON ALL SLAVE SERVERS !!!
*
*/
options {
directory "/var/named";
};
logging {
category lame-servers { null; };
category cname { null; };
};
/* master forward lookup zones */
zone "." in {
type hint;
file "db.cache";
};
zone "cpships.com" in {
type master;
file "db.cpships.com";
};
zone "trident.cpships.com" in {
type master;
file "db.trident.cpships.com";
};
/* reverse lookup zones */
zone "0.0.127.in-addr.arpa" in {
type master;
file "db.127.0.0";
};
zone "128.140.10.in-addr.arpa" in {
type master;
file "db.10.140.128";
};
zone "129.140.10.in-addr.arpa" in {
type master;
file "db.10.140.129";
};
/* secondary zones */
zone "canmar.com" in {
type slave;
masters { 10.152.38.133;};
file "db.canmar.com";
};
zone "contship.com" in {
type slave;
masters { 10.152.38.133;};
file "db.contship.com";
};
zone "ad.cpships.corp" in {
type slave;
masters { 10.152.38.133;};
file "db.ad.cpships.corp";
};
See an extract of root hints file "A" record. . 360000 IN NS A.ROOT-SERVERS.NET. ;first . is root domain A.ROOT-SERVERS.NET. 360000 A 198.41.0.4 ;ip of name server - termed glue record SECURITYRestricting all queries to specific locations.
options {
allow-query { 128.50.1.3/24; 130.50.2.0/24; };
};
Restricting queries on a zone only.
zone "central.sun.com" {
type slave;
file "db.central";
masters { 128.50.1.1; };
allow-query { "zoo.edu"; };
};
Authorizing zone transfer.
zone "central.sun.com" {
type master;
file "db.central";
allow-transfer { 128.50.1.2; };
};
Blocking all zone transfer requests.
zone "central.sun.com" {
type master;
file "db.central";
allow-transfer { none; };
};
Authorizing global zone transfer from a certain subnet.
options {
allow-transfer { 128.50.1.0/24; };
};
COMMANDSSee Solaris Commands for DNS examples. |