232


Chapter 16. Berkeley Internet Name Domain (BIND)


When used with other


/etc/named.conf


statements and their options,


acl


statements can be


very useful in ensuring the proper use of your BIND nameserver as in this example:


acl black hats {


10.0.2.0/24;


192.168.0.0/24;


};


acl red hats {


10.0.1.0/24;


};


options {


blackhole { black hats; };


allow query { red hats; };


allow recursion { red hats; };


}


This


named.conf


contains two access control lists


black hats


and


red hats


.


  controls


  Configures various security requirements necessary to use the


rndc


command to


administer the


named


service.


See Section 16.3.1.1 to see how the


controls


statement should look, including various options


that may only be used with it.


  include " file name "


  Includes the specified file within the current configuration file,


allowing sensitive configuration data (such as


keys


) to be placed in a separate file with permissions


that prevent non privileged users from reading it.


  key " key name "


  Defines a particular key by name. Keys are used to authenticate various


actions, such as secure updates or the use of the


rndc


command. Two options are used with


key


:


algorithm


algorithm name


  The type of algorithm used, such as


dsa


or


hmac md5


.


secret " key value "


  The encrypted key.


See Section 16.3.1.2 for instruction on how to write a


key


statement.


  logging


  Allows for the use of multiple types of logs, called channels. By using the


channel


option within the


logging


statement, a customized type of log, with its own file name (


file


),


size limit (


size


), versioning (


version


), and level of importance (


severity


), can be constructed.


Once a customized channel has been defined, a


category


option is used the categorize the channel


and begin logging when


named


is restarted.


By default,


named


logs standard messages to the


syslog


daemon, which places them


in


/var/log/messages


. This occurs because several standard channels are built


into BIND with various severity levels, such as one that handles informational logging


messages (


default_syslog


) and another that specifically handles debugging messages


(


default_debug


). A default category, called


default


, uses the built in channels to do normal


logging without any special configuration.


Customizing the logging process can be a very detailed process and is beyond the scope of this


chapter. For information on creating custom BIND logs, see the BIND 9 Administrator Reference


Manual.


  options


  Assigns values to many assorted options, including the use of forwarders, the location


of the


named


working directory, the names of the various files, and much more.


The following options are among the most commonly used:


allow query


  Specifies which hosts are allowed to query this nameserver. By default, all


hosts are allowed to query. An access control list or collection of IP addresses or networks may


be used here to only allow particular hosts to query the nameserver.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      tomcat hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved