Chapter 16. Berkeley Internet Name Domain (BIND)


243


16.4.2. Multiple Views


Through the use of the


view


statement in


/etc/named.conf


, BIND allows you to configure a name 


server to answer queries for some clients in a different way than it answers them for others.


This is primarily used to deny particular types of DNS queries from clients outside of your network,


while allowing those same queries from clients on the local network.


The


view


statement uses the


match clients


option to match IP addresses or entire networks and


give them special options and zone data.


16.4.3. Security


BIND supports a number of different methods to protect the updating and transfer of zones, on both


master and slave nameservers:


DNSSEC   Short for DNS SECurity, this feature allows for zones to be cryptographically signed


with a zone key.


In this way, the information about a specific zone can be verified as coming from a nameserver that


has signed it with a particular private key, as long as the recipient has that nameserver's public key.


BIND version 9 also supports the SIG(0) public/private key method of message authentication.


TSIG   Short for Transaction SIGnatures, a shared secret key exists on the master and slave server,


verifying that a transfer from master to slave is authorized.


This feature strengthens the standard IP address based method of transfer authorization. An attacker


would not only need to have access to the IP address to transfer the zone, but they would also need


to know the secret key.


BIND version 9 also support TKEY, which is another shared secret key method of authorizing zone


transfers.


16.4.4. IP version 6


BIND version 9 can provide nameservice in IP version 6 (IPv6) environments, through the use of


A6


zone records.


If your network environment includes both IPv4 and IPv6 hosts, you should use the


lwresd


lightweight resolver daemon on your network clients. This daemon is essentially a very efficient,


caching only nameserver, which understands the new


A6


and


DNAME


records used with IPv6. See the


lwresd


man page for more information.


16.5. Common Mistakes to Avoid


It is very common for beginners to make mistakes when editing BIND configuration files or run in to


initial difficulties using


named


. Be sure to avoid the following problems:


Make sure you increment the serial number when editing a zone file.


If the serial number is not incremented, your master nameserver may have the correct, new infor 


mation, but your slave nameservers will never be notified of the change or attempt to refresh their


data of that zone.


Be careful to use ellipses and semi colons correctly in the


/etc/named.conf


file.


An omitted semi colon or unclosed ellipse section will cause


named


to refuse to start.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      tomcat hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved