diff options
| author | Fukang Chen <loader@FreeBSD.org> | 2009-12-11 15:32:36 +0000 |
|---|---|---|
| committer | Fukang Chen <loader@FreeBSD.org> | 2009-12-11 15:32:36 +0000 |
| commit | 2b72c95307f1e9e811b25eb8eace9865ffbd5aca (patch) | |
| tree | 09bd7442133f5a2312a2ec03e35b2ac8ff6cae3e /zh_CN.GB2312/books/handbook/network-servers | |
| parent | b10cd500b41a60915afac3fd222dcc612f9740f8 (diff) | |
Notes
Diffstat (limited to 'zh_CN.GB2312/books/handbook/network-servers')
| -rw-r--r-- | zh_CN.GB2312/books/handbook/network-servers/chapter.sgml | 449 |
1 files changed, 281 insertions, 168 deletions
diff --git a/zh_CN.GB2312/books/handbook/network-servers/chapter.sgml b/zh_CN.GB2312/books/handbook/network-servers/chapter.sgml index 6aef0019b9..2e25551746 100644 --- a/zh_CN.GB2312/books/handbook/network-servers/chapter.sgml +++ b/zh_CN.GB2312/books/handbook/network-servers/chapter.sgml @@ -2,7 +2,7 @@ The FreeBSD Documentation Project The FreeBSD Simplified Chinese Project - Original Revision: 1.116 + Original Revision: 1.118 $FreeBSD$ --> @@ -2236,12 +2236,12 @@ nis_client_flags="-S <replaceable>NIS domain</replaceable>,<replaceable>server</ <see>DHCP</see> </indexterm> <indexterm> - <primary>Internet Software Consortium (ISC)</primary> + <primary>Internet Systems Consortium (ISC)</primary> </indexterm> <para>DHCP, 动态主机配置协议, 是一种让系统得以连接到网络上, 并获取所需要的配置参数手段。 FreeBSD 6.0 之前的版本, - 采用的是 ISC (Internet Software + 采用的是 ISC (Internet Systems Consortium) 的 DHCP 客户端 (&man.dhclient.8;) 实现。 更高版本使用的则是来自 OpenBSD 3.7 的 OpenBSD <command>dhclient</command>。 @@ -2415,7 +2415,7 @@ dhclient_flags=""</programlisting> <title>这一章包含哪些内容</title> <para>这一章提供了关于如何在 FreeBSD 系统上使用 ISC - (Internet 软件协会) 的 DHCP 实现套件来架设 DHCP 服务器的信息。</para> + (Internet 系统协会) 的 DHCP 实现套件来架设 DHCP 服务器的信息。</para> <para>DHCP 套件中的服务器部分并没有作为 FreeBSD 的一部分来提供, 因此您需要安装 @@ -2651,8 +2651,8 @@ dhcpd_ifaces="dc0"</programlisting> 提供少量域名解析服务并对域名信息进行缓存的域名服务器组成的。</para> <para>目前, BIND 由 - Internet Software Consortium - <ulink url="http://www.isc.org/"></ulink> + Internet Systems Consortium + <ulink url="https://www.isc.org/"></ulink> 维护。</para> </sect2> @@ -2690,7 +2690,7 @@ dhcpd_ifaces="dc0"</programlisting> </row> <row> - <entry><application>named</application>, BIND, 域名服务器</entry> + <entry><application>named</application>, BIND</entry> <entry>在 &os; 中 BIND 域名服务器软件包的常见叫法。</entry> </row> @@ -2701,7 +2701,7 @@ dhcpd_ifaces="dc0"</programlisting> <row> <entry>反向 <acronym>DNS</acronym></entry> - <entry>与正向 <acronym>DNS</acronym> 相对; 将 <acronym>IP</acronym> 地址映射为主机名</entry> + <entry>将 <acronym>IP</acronym> 地址映射为主机名</entry> </row> <row> @@ -2728,7 +2728,7 @@ dhcpd_ifaces="dc0"</programlisting> <itemizedlist> <listitem> - <para><hostid>.</hostid> 是根域。</para> + <para><hostid>.</hostid> 在本文档中通常指代根域。</para> </listitem> <listitem> @@ -2806,7 +2806,7 @@ dhcpd_ifaces="dc0"</programlisting> <sect2> <title>DNS 如何运作</title> <para>在 &os; 中, BIND 服务程序被称为 - <application>named</application>, 其原因显而易见。</para> + <application>named</application>。</para> <informaltable frame="none" pgwide="1"> <tgroup cols="2"> @@ -2852,6 +2852,7 @@ dhcpd_ifaces="dc0"</programlisting> <sect2> <title>启动 BIND</title> + <indexterm> <primary>BIND</primary> <secondary>starting (启动)</secondary> @@ -2860,10 +2861,11 @@ dhcpd_ifaces="dc0"</programlisting> <para>由于 BIND 是默认安装的, 因此配置它相对而言很简单。</para> <para>默认的 <application>named</application> 配置, 是在 - &man.chroot.8; 环境中提供基本的域名解析服务。 + &man.chroot.8; 环境中提供基本的域名解析服务, + 并且只限于监听本地 IPv4 回环地址 (127.0.0.1)。 如果希望启动这一配置, 可以使用下面的命令:</para> - <screen>&prompt.root; <userinput>/etc/rc.d/named forcestart</userinput></screen> + <screen>&prompt.root; <userinput>/etc/rc.d/named onestart</userinput></screen> <para>如果希望 <application>named</application> 服务在每次启动的时候都能够启动, 需要在 @@ -2883,6 +2885,7 @@ dhcpd_ifaces="dc0"</programlisting> <sect2> <title>配置文件</title> + <indexterm> <primary>BIND</primary> <secondary>configuration files (配置文件)</secondary> @@ -2895,23 +2898,6 @@ dhcpd_ifaces="dc0"</programlisting> 这个目录同时也是您进行绝大多数配置的地方。</para> <sect3> - <title>使用 <command>make-localhost</command></title> - - <para>要为 localhost 配置权威域, 需要进入 - <filename class="directory">/etc/namedb</filename> 目录, - 并运行下面的命令:</para> - - <screen>&prompt.root; <userinput>sh make-localhost</userinput></screen> - - <para>如果一切正常的话, 在 - <filename class="directory">master</filename> 子目录中会增加一组文件。 - 本地域名对应的文件是 <filename>localhost.rev</filename>, - 而 <acronym>IPv6</acronym> 对应的配置则是 <filename>localhost-v6.rev</filename>。 - 作为默认配置, 所需的信息已经放到了 - <filename>named.conf</filename> 文件中。</para> - </sect3> - - <sect3> <title><filename>/etc/namedb/named.conf</filename></title> <programlisting>// $FreeBSD$ @@ -2925,6 +2911,7 @@ dhcpd_ifaces="dc0"</programlisting> // or cause huge amounts of useless Internet traffic. options { + // Relative to the chroot directory, if any directory "/etc/namedb"; pid-file "/var/run/named/pid"; dump-file "/var/dump/named_dump.db"; @@ -2940,11 +2927,11 @@ options { // an IPv6 address, or the keyword "any". // listen-on-v6 { ::1; }; -// In addition to the "forwarders" clause, you can force your name -// server to never initiate queries of its own, but always ask its -// forwarders only, by enabling the following line: -// -// forward only; +// These zones are already covered by the empty zones listed below. +// If you remove the related empty zones below, comment these lines out. + disable-empty-zone "255.255.255.255.IN-ADDR.ARPA"; + disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; + disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; // If you've got a DNS server around at your upstream provider, enter // its IP address here, and enable the line below. This will make you @@ -2953,7 +2940,20 @@ options { forwarders { 127.0.0.1; }; -*/</programlisting> +*/ + +// If the 'forwarders' clause is not empty the default is to 'forward first' +// which will fall back to sending a query from your local server if the name +// servers in 'forwarders' do not have the answer. Alternatively you can +// force your name server to never initiate queries of its own by enabling the +// following line: +// forward only; + +// If you wish to have forwarding configured automatically based on +// the entries in /etc/resolv.conf, uncomment the following line and +// set named_auto_forward=yes in /etc/rc.conf. You can also enable +// named_auto_forward_only (the effect of which is described above). +// include "/etc/namedb/auto_forward.conf";</programlisting> <para>正如注释所言, 如果希望从上级缓存中受益, 可以在此处启用 <literal>forwarders</literal>。 @@ -2969,34 +2969,187 @@ options { </warning> <programlisting> /* - * If there is a firewall between you and nameservers you want - * to talk to, you might need to uncomment the query-source - * directive below. Previous versions of BIND always asked - * questions using port 53, but BIND versions 8 and later - * use a pseudo-random unprivileged UDP port by default. - */ - // query-source address * port 53; + Modern versions of BIND use a random UDP port for each outgoing + query by default in order to dramatically reduce the possibility + of cache poisoning. All users are strongly encouraged to utilize + this feature, and to configure their firewalls to accommodate it. + + AS A LAST RESORT in order to get around a restrictive firewall + policy you can try enabling the option below. Use of this option + will significantly reduce your ability to withstand cache poisoning + attacks, and should be avoided if at all possible. + + Replace NNNNN in the example with a number between 49160 and 65530. + */ + // query-source address * port NNNNN; }; // If you enable a local name server, don't forget to enter 127.0.0.1 // first in your /etc/resolv.conf so this server will be queried. // Also, make sure to enable it in /etc/rc.conf. +// The traditional root hints mechanism. Use this, OR the slave zones below. +zone "." { type hint; file "named.root"; }; + +/* Slaving the following zones from the root name servers has some + significant advantages: + 1. Faster local resolution for your users + 2. No spurious traffic will be sent from your network to the roots + 3. Greater resilience to any potential root server failure/DDoS + + On the other hand, this method requires more monitoring than the + hints file to be sure that an unexpected failure mode has not + incapacitated your server. Name servers that are serving a lot + of clients will benefit more from this approach than individual + hosts. Use with caution. + + To use this mechanism, uncomment the entries below, and comment + the hint zone above. +*/ +/* zone "." { - type hint; - file "named.root"; + type slave; + file "slave/root.slave"; + masters { + 192.5.5.241; // F.ROOT-SERVERS.NET. + }; + notify no; }; - -zone "0.0.127.IN-ADDR.ARPA" { - type master; - file "master/localhost.rev"; +zone "arpa" { + type slave; + file "slave/arpa.slave"; + masters { + 192.5.5.241; // F.ROOT-SERVERS.NET. + }; + notify no; }; - -// RFC 3152 -zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" { - type master; - file "master/localhost-v6.rev"; +zone "in-addr.arpa" { + type slave; + file "slave/in-addr.arpa.slave"; + masters { + 192.5.5.241; // F.ROOT-SERVERS.NET. + }; + notify no; }; +*/ + +/* Serving the following zones locally will prevent any queries + for these zones leaving your network and going to the root + name servers. This has two significant advantages: + 1. Faster local resolution for your users + 2. No spurious traffic will be sent from your network to the roots +*/ +// RFC 1912 +zone "localhost" { type master; file "master/localhost-forward.db"; }; +zone "127.in-addr.arpa" { type master; file "master/localhost-reverse.db"; }; +zone "255.in-addr.arpa" { type master; file "master/empty.db"; }; + +// RFC 1912-style zone for IPv6 localhost address +zone "0.ip6.arpa" { type master; file "master/localhost-reverse.db"; }; + +// "This" Network (RFCs 1912 and 3330) +zone "0.in-addr.arpa" { type master; file "master/empty.db"; }; + +// Private Use Networks (RFC 1918) +zone "10.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "16.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "17.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "18.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "19.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "20.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "21.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "22.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "23.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "24.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "25.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "26.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "27.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "28.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "29.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "30.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "31.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "168.192.in-addr.arpa" { type master; file "master/empty.db"; }; + +// Link-local/APIPA (RFCs 3330 and 3927) +zone "254.169.in-addr.arpa" { type master; file "master/empty.db"; }; + +// TEST-NET for Documentation (RFC 3330) +zone "2.0.192.in-addr.arpa" { type master; file "master/empty.db"; }; + +// Router Benchmark Testing (RFC 3330) +zone "18.198.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "19.198.in-addr.arpa" { type master; file "master/empty.db"; }; + +// IANA Reserved - Old Class E Space +zone "240.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "241.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "242.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "243.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "244.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "245.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "246.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "247.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "248.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "249.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "250.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "251.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "252.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "253.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "254.in-addr.arpa" { type master; file "master/empty.db"; }; + +// IPv6 Unassigned Addresses (RFC 4291) +zone "1.ip6.arpa" { type master; file "master/empty.db"; }; +zone "3.ip6.arpa" { type master; file "master/empty.db"; }; +zone "4.ip6.arpa" { type master; file "master/empty.db"; }; +zone "5.ip6.arpa" { type master; file "master/empty.db"; }; +zone "6.ip6.arpa" { type master; file "master/empty.db"; }; +zone "7.ip6.arpa" { type master; file "master/empty.db"; }; +zone "8.ip6.arpa" { type master; file "master/empty.db"; }; +zone "9.ip6.arpa" { type master; file "master/empty.db"; }; +zone "a.ip6.arpa" { type master; file "master/empty.db"; }; +zone "b.ip6.arpa" { type master; file "master/empty.db"; }; +zone "c.ip6.arpa" { type master; file "master/empty.db"; }; +zone "d.ip6.arpa" { type master; file "master/empty.db"; }; +zone "e.ip6.arpa" { type master; file "master/empty.db"; }; +zone "0.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "1.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "2.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "3.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "4.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "5.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "6.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "7.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "8.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "9.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "a.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "b.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "0.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "1.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "2.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "3.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "4.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "5.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "6.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "7.e.f.ip6.arpa" { type master; file "master/empty.db"; }; + +// IPv6 ULA (RFC 4193) +zone "c.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "d.f.ip6.arpa" { type master; file "master/empty.db"; }; + +// IPv6 Link Local (RFC 4291) +zone "8.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "9.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "a.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "b.e.f.ip6.arpa" { type master; file "master/empty.db"; }; + +// IPv6 Deprecated Site-Local Addresses (RFC 3879) +zone "c.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "d.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "e.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "f.e.f.ip6.arpa" { type master; file "master/empty.db"; }; + +// IP6.INT is Deprecated (RFC 4159) +zone "ip6.int" { type master; file "master/empty.db"; }; // NB: Do not use the IP addresses below, they are faked, and only // serve demonstration/documentation purposes! @@ -3004,26 +3157,19 @@ zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" // Example slave zone config entries. It can be convenient to become // a slave at least for the zone your own domain is in. Ask // your network administrator for the IP address of the responsible -// primary. +// master name server. // -// Never forget to include the reverse lookup (IN-ADDR.ARPA) zone! -// (This is named after the first bytes of the IP address, in reverse -// order, with ".IN-ADDR.ARPA" appended.) +// Do not forget to include the reverse lookup zone! +// This is named after the first bytes of the IP address, in reverse +// order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6. // -// Before starting to set up a primary zone, make sure you fully -// understand how DNS and BIND works. There are sometimes -// non-obvious pitfalls. Setting up a slave zone is simpler. +// Before starting to set up a master zone, make sure you fully +// understand how DNS and BIND work. There are sometimes +// non-obvious pitfalls. Setting up a slave zone is usually simpler. // // NB: Don't blindly enable the examples below. :-) Use actual names // and addresses instead. -/* An example master zone -zone "example.net" { - type master; - file "master/example.net"; -}; -*/ - /* An example dynamic zone key "exampleorgkey" { algorithm hmac-md5; @@ -3038,14 +3184,7 @@ zone "example.org" { }; */ -/* Examples of forward and reverse slave zones -zone "example.com" { - type slave; - file "slave/example.com"; - masters { - 192.168.1.1; - }; -}; +/* Example of a slave reverse zone zone "1.168.192.in-addr.arpa" { type slave; file "slave/1.168.192.in-addr.arpa"; @@ -3089,18 +3228,18 @@ zone "1.168.192.in-addr.arpa" { <primary>BIND</primary> <secondary>zone files (域文件)</secondary> </indexterm> - + <para>下面的例子展示了用于 <hostid role="domainname">example.org</hostid> 的主域文件 (存放于 <filename>/etc/namedb/master/example.org</filename>):</para> - <programlisting>$TTL 3600 ; 1 hour + <programlisting>$TTL 3600 ; 1 hour default TTL example.org. IN SOA ns1.example.org. admin.example.org. ( 2006051501 ; Serial 10800 ; Refresh 3600 ; Retry 604800 ; Expire - 86400 ; Minimum TTL + 300 ; Negative Reponse TTL ) ; DNS Servers @@ -3121,30 +3260,23 @@ mx IN A 192.168.1.4 mail IN A 192.168.1.5 ; Aliases -www IN CNAME @</programlisting> +www IN CNAME example.org.</programlisting> - <para> - 请注意以 <quote>.</quote> 结尾的主机名是全称主机名, 而结尾没有 + <para>请注意以 <quote>.</quote> 结尾的主机名是全称主机名, 而结尾没有 <quote>.</quote> 的则是相对于原点的主机名。 例如, - <literal>www</literal> 将被转换为 - <literal>www.<replaceable>原点</replaceable></literal>. - 在这个假想的域信息文件中, 我们的原点是 - <hostid>example.org.</hostid>, 因此 <literal>www</literal> - 将被当作 <hostid>www.example.org.</hostid>。 - </para> - - <para> - 域信息文件的格式如下: - </para> + <literal>ns1</literal> 将被转换为 + <literal>ns1.<replaceable>example.org.</replaceable></literal></para> + + <para>域信息文件的格式如下:</para> + <programlisting>记录名 IN 记录类型 值</programlisting> <indexterm> <primary>DNS</primary> <secondary>记录</secondary> </indexterm> - <para> - 最常用的 DNS 记录: - </para> + + <para>最常用的 DNS 记录:</para> <variablelist> <varlistentry> @@ -3185,35 +3317,37 @@ www IN CNAME @</programlisting> </varlistentry> </variablelist> - <programlisting> -example.org. IN SOA ns1.example.org. admin.example.org. ( + <programlisting>example.org. IN SOA ns1.example.org. admin.example.org. ( 2006051501 ; Serial 10800 ; Refresh after 3 hours 3600 ; Retry after 1 hour 604800 ; Expire after 1 week - 86400 ) ; Minimum TTL of 1 day</programlisting> - - + 300 ) ; Negative Reponse TTL</programlisting> <variablelist> <varlistentry> <term><hostid role="domainname">example.org.</hostid></term> - <listitem><para>域名, 同时也是这个域信息文件的原点。</para></listitem> + <listitem> + <para>域名, 同时也是这个域信息文件的原点。</para> + </listitem> </varlistentry> <varlistentry> <term><hostid role="fqdn">ns1.example.org.</hostid></term> - <listitem><para>该域的主/权威域名服务器。</para></listitem> + <listitem> + <para>该域的主/权威域名服务器。</para> + </listitem> </varlistentry> <varlistentry> <term><literal>admin.example.org.</literal></term> - <listitem><para>此域的负责人的电子邮件地址, - 其中 <quote>@</quote> 被换掉了。 - (<email>admin@example.org</email> 对应 + <listitem> + <para>此域的负责人的电子邮件地址, + 其中 <quote>@</quote> + 需要换掉 (<email>admin@example.org</email> 对应 <literal>admin.example.org</literal>)</para> </listitem> </varlistentry> @@ -3221,82 +3355,66 @@ example.org. IN SOA ns1.example.org. admin.example.org. ( <varlistentry> <term><literal>2006051501</literal></term> - <listitem><para>文件的序号。 每次修改域文件时都必须增加这个数字。 - 现今, 许多管理员会考虑使用 - <literal>yyyymmddrr</literal> 这样的格式来表示序号。 - <literal>2006051501</literal> 通常表示上次修改于 - 05/15/2006, 而后面的 - <literal>01</literal> 则表示在那天的第一次修改。 - 序号非常重要, 它用于通知从域服务器更新数据。</para> - </listitem> + <listitem> + <para>文件的序号。 每次修改域文件时都必须增加这个数字。 + 现今, 许多管理员会考虑使用 + <literal>yyyymmddrr</literal> 这样的格式来表示序号。 + <literal>2006051501</literal> 通常表示上次修改于 + 05/15/2006, 而后面的 + <literal>01</literal> 则表示在那天的第一次修改。 + 序号非常重要, 它用于通知从域服务器更新数据。</para> + </listitem> </varlistentry> </variablelist> - <programlisting> - IN NS ns1.example.org.</programlisting> + <programlisting> IN NS ns1.example.org.</programlisting> - <para> - 这是一个 NS 项。 每个准备提供权威应答的服务器都必须有一个对应项。 - </para> + <para>这是一个 NS 项。 每个准备提供权威应答的服务器都必须有一个对应项。</para> - <programlisting> -localhost IN A 127.0.0.1 + <programlisting>localhost IN A 127.0.0.1 ns1 IN A 192.168.1.2 ns2 IN A 192.168.1.3 mx IN A 192.168.1.4 mail IN A 192.168.1.5</programlisting> - <para> - A 记录指明了机器名。 正如在前面所按倒的, + <para>A 记录指明了机器名。 正如在前面所看到的, <hostid role="fqdn">ns1.example.org</hostid> 将解析为 - <hostid role="ipaddr">192.168.1.2</hostid>。 - </para> + <hostid role="ipaddr">192.168.1.2</hostid>。</para> - <programlisting> - IN A 192.168.1.1</programlisting> + <programlisting> IN A 192.168.1.1</programlisting> <para>这一行把当前原点 <hostid role="domainname">example.org</hostid> 指定为使用 IP 地址 <hostid role="ipaddr">192.168.1.1</hostid>。</para> - <programlisting> -www IN CNAME @</programlisting> + <programlisting>www IN CNAME @</programlisting> - <para> - 正规名 (CNAME) 记录通常用于为某台机器指定别名。 + <para>正规名 (CNAME) 记录通常用于为某台机器指定别名。 在这个例子中, 将 <hostid>www</hostid> 指定成了 <quote>主</quote> 机器的一个别名, - 后者的名字与域名 <hostid role="domainname">example.org</hostid> 相同 - (<hostid role="ipaddr">192.168.1.1</hostid>)。 - CNAME 也可以用来提供主机别名, - 或将一个主机名以轮转 (round robin) 方式指定到多台服务器。 - </para> + 后者的名字与域名 + <hostid role="domainname">example.org</hostid> + (<hostid role="ipaddr">192.168.1.1</hostid>) 相同。 + CNAME 不能同与之有相同名字的任何其它记录并存。</para> <indexterm> <primary>MX 记录</primary> </indexterm> - <programlisting> - IN MX 10 mail.example.org.</programlisting> + <programlisting> IN MX 10 mail.example.org.</programlisting> - <para> - MX 记录表示哪个邮件服务器负责接收发到这个域的邮件。 + <para>MX 记录表示哪个邮件服务器负责接收发到这个域的邮件。 <hostid role="fqdn">mail.example.org</hostid> 是邮件服务器的主机名, - 而 10 则是它的优先级。 - </para> + 而 10 则是它的优先级。</para> - <para> - 可以有多台邮件服务器, 其优先级分别是 10、 + <para>可以有多台邮件服务器, 其优先级分别是 10、 20 等等。 尝试向 <hostid - role="domainname">example.org</hostid> 投递邮件的服务器, - 会首先尝试优先级最高的 MX (优先级数值最低的记录)、 - 接着尝试次高的, 并重复这一过程直到邮件递送到达为止。 - </para> + role="domainname">example.org</hostid> 投递邮件的服务器, + 会首先尝试优先级最高的 MX (优先级数值最小的记录)、 + 接着尝试次高的, 并重复这一过程直到邮件递达为止。</para> - <para> - 对于 in-addr.arpa 域名信息文件 (反向 DNS), 使用了同样的格式, - 只是 PTR 项代替了 A 或 CNAME 的位置。 - </para> + <para>in-addr.arpa 域名信息文件 (反向 DNS), 采用的格式是同样的, + 只是 PTR 项代替了 A 或 CNAME 的位置。</para> <programlisting>$TTL 3600 @@ -3305,7 +3423,7 @@ www IN CNAME @</programlisting> 10800 ; Refresh 3600 ; Retry 604800 ; Expire - 3600 ) ; Minimum + 300 ) ; Negative Reponse TTL IN NS ns1.example.org. IN NS ns2.example.org. @@ -3317,6 +3435,9 @@ www IN CNAME @</programlisting> 5 IN PTR mail.example.org.</programlisting> <para>这个文件给出了上述假想域中 IP 地址到域名的映射关系。</para> + + <para>需要说明的是, 在 PTR 记录右侧的名字必须是全称域名 + (也就是必须以 <quote>.</quote> 结束)。</para> </sect3> </sect2> @@ -3327,10 +3448,8 @@ www IN CNAME @</programlisting> <secondary>缓存域名服务器</secondary> </indexterm> - <para>缓存域名服务器是对任何域都不提供权威解析的域名服务器。 - 它自己简单地完成查询, 并记住这些查询以备后续使用。 - 要建立这样的服务器, 只需像平时一样配置一个域名服务器, - 而不配置域就可以了。</para> + <para>缓存域名服务器是一种主要承担解析递归查询角色的域名服务器。 + 它简单地自行进行查询, 并将查询结果记住以备后续使用。</para> </sect2> <sect2> @@ -3365,36 +3484,30 @@ www IN CNAME @</programlisting> <itemizedlist> <listitem> <para><ulink - url="http://www.isc.org/products/BIND/">官方的 ISC BIND + url="https://www.isc.org/software/bind">官方的 ISC BIND 页面</ulink></para> </listitem> <listitem> <para><ulink - url="http://www.isc.org/sw/guild/bf/">Official ISC BIND + url="https://www.isc.org/software/guild">Official ISC BIND Forum</ulink></para> </listitem> <listitem> - <para><ulink - url="http://www.isc.org/index.pl?/sw/bind/FAQ.php"> - BIND9 FAQ</ulink></para> - </listitem> - - <listitem> <para><ulink url="http://www.oreilly.com/catalog/dns5/">O'Reilly DNS 和 BIND 第 5 版</ulink></para> </listitem> <listitem> <para><ulink - url="ftp://ftp.isi.edu/in-notes/rfc1034.txt">RFC1034 + url="http://www.rfc-editor.org/rfc/rfc1034.txt">RFC1034 - 域名 - 概念和工具</ulink></para> </listitem> <listitem> <para><ulink - url="ftp://ftp.isi.edu/in-notes/rfc1035.txt">RFC1035 + url="http://www.rfc-editor.org/rfc/rfc1035.txt">RFC1035 - 域名 - 实现及其标准</ulink></para> </listitem> </itemizedlist> @@ -3728,7 +3841,7 @@ DocumentRoot /www/someotherdomain.tld 它能非常容易的从 posts 系统安装。</para> <screen>&prompt.root; <userinput>cd /usr/ports/www/rubygem-rails; make all install clean</userinput></screen> - </sect3> + </sect3> <sect3> <title>mod_perl</title> @@ -4578,8 +4691,8 @@ syslogd_flags="-a logclient.example.com -vv"</programlisting> <para>日志客户端是一台发送日志信息到日志服务器的机器, 并在本地保存拷贝。</para> - <para>类似于日志服务器, 客户端也必须满足一些最基本的条件:</para> - + <para>与日志服务器类似, 客户端也需要满足一些最基本的条件:</para> + <itemizedlist> <listitem> <para>&man.syslogd.8; |