232
Chapter 16. Berkeley Internet Name Domain (BIND)
When used with other
/etc/named.conf
statements and their options,
acl
statements can be
very useful in ensuring the proper use of your BIND nameserver as in this example:
acl black hats {
10.0.2.0/24;
192.168.0.0/24;
};
acl red hats {
10.0.1.0/24;
};
options {
blackhole { black hats; };
allow query { red hats; };
allow recursion { red hats; };
}
This
named.conf
contains two access control lists
black hats
and
red hats
.
  controls
  Configures various security requirements necessary to use the
rndc
command to
administer the
named
service.
See Section 16.3.1.1 to see how the
controls
statement should look, including various options
that may only be used with it.
  include " file name "
  Includes the specified file within the current configuration file,
allowing sensitive configuration data (such as
keys
) to be placed in a separate file with permissions
that prevent non privileged users from reading it.
  key " key name "
  Defines a particular key by name. Keys are used to authenticate various
actions, such as secure updates or the use of the
rndc
command. Two options are used with
key
:
algorithm
algorithm name
  The type of algorithm used, such as
dsa
or
hmac md5
.
secret " key value "
  The encrypted key.
See Section 16.3.1.2 for instruction on how to write a
key
statement.
  logging
  Allows for the use of multiple types of logs, called channels. By using the
channel
option within the
logging
statement, a customized type of log, with its own file name (
file
),
size limit (
size
), versioning (
version
), and level of importance (
severity
), can be constructed.
Once a customized channel has been defined, a
category
option is used the categorize the channel
and begin logging when
named
is restarted.
By default,
named
logs standard messages to the
syslog
daemon, which places them
in
/var/log/messages
. This occurs because several standard channels are built
into BIND with various severity levels, such as one that handles informational logging
messages (
default_syslog
) and another that specifically handles debugging messages
(
default_debug
). A default category, called
default
, uses the built in channels to do normal
logging without any special configuration.
Customizing the logging process can be a very detailed process and is beyond the scope of this
chapter. For information on creating custom BIND logs, see the BIND 9 Administrator Reference
Manual.
  options
  Assigns values to many assorted options, including the use of forwarders, the location
of the
named
working directory, the names of the various files, and much more.
The following options are among the most commonly used:
allow query
  Specifies which hosts are allowed to query this nameserver. By default, all
hosts are allowed to query. An access control list or collection of IP addresses or networks may
be used here to only allow particular hosts to query the nameserver.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

tomcat hosting

 

Our partners: PHP: Hypertext Preprocessor Best Web Hosting Java Web Hosting Inexpensive Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Jsp Hosting Cheap Hosting

Visionwebhosting.net Business web hosting division of Web Design Plus. All rights reserved