in.named(1MTSOL) (Man Pages (1MTSOL): Maintenance and Administration Commands)

Skip to ContentSun and Oracle Channel Sun How to Buy Log In

Man Pages (1MTSOL): Maintenance and Administration Commands

内に含ま

Trusted Solaris 2.5.1 AnswerBook

その他のドキュメント

サポートリソース

PDF 文書ファイルをダウンロードする

NAME

in.named, named, named-xfer - Internet domain name server

SYNOPSIS

in.named [ -b bootfile ] [ -d level ] [ -p port ]

named-xfer

AVAILABILITY

SUNWcsu

DESCRIPTION

in.named is the Internet domain name server. It is used by hosts on the Internet to provide access to the Internet distributed naming database. See RFC 1034 and RFC 1035 for more details. With no arguments, in.named reads /etc/named.boot for any initial data, and listens for queries on a privileged port.

named-xfer is called by in.named whenever in.named needs to perform a Zone Transfer. named-xfer should not be called independently.

In a Trusted Solaris system, in.named listens for input requests on a multilevel port (MLP) and sends responses to the DNS client at the sensitivity label of the client's request. Thus, though in.named runs at the sensitivity label ADMIN_LOW, it can accept requests at any sensitivity label. in.named can also serve DNS clients and communicate with other DNS name servers on either Trusted Solaris hosts or non-trusted hosts.

The DNS name server running on a Trusted Solaris machine is viewed as a supplier of public information, and the name database that it maintains is considered trusted. in.named requires the trusted path attribute, and it requires that the /etc/named.boot file, zone files, and other configuration files that it uses be at the sensitivity label ADMIN_LOW. As part of the name database, these files and their contents are also considered trusted; thus in.named can query any DNS name server specified in the files. The DNS name servers specified in these files may reside on either Trusted Solaris hosts or non-trusted hosts.

/etc/named.boot File Entries

The following is a sample of /etc/named.boot file entries:

;
;       boot file for name server
;
; type          domain          source file or host
;
domain          berkeley.edu
primary         berkeley.edu   named.db
secondary       cc.berkeley.edu 10.2.0.78 128.32.0.10
cache           .       named.ca

The domain line specifies that berkeley.edu is the domain of the given server.

The primary line states that the file named.db contains authoritative data for berkeley.edu. The file named.db contains data in the Zone file format, described in RFC 1035, except that all domain names are relative to the origin; in this case, berkeley.edu (see Zone File Format below for a more detailed description).

The secondary line specifies that all authoritative data under cc.berkeley.edu is to be transferred from the name server at 10.2.0.78 . If the transfer fails it will try 128.32.0.10 , and continue for up to ten tries at that address. The secondary copy is also authoritative for the domain.

The cache line specifies that data in named.ca is to be placed in the cache (typically such data as the locations of root domain servers). The file named.ca is in the same format as named.db.

Zone File Format

The Zone file consists of entries of the form:

$INCLUDE < filename >
$ORIGIN < domain >
< domain > < opt_ttl > < opt_class > < type > < resource_record_data >

where domain is ". " for the root, "@" for the current origin, or a standard domain name. If domain is a standard domain name that does not end with ". ",the current origin is appended to the domain. Domain names ending with ". " are unmodified.

The opt_ttl field is an optional integer number for the time-to-live field. It defaults to zero.

The opt_class field is currently one token, IN for the Internet.

The type field is one of the following tokens; the data expected in the resource_record_data field is in parentheses.

A: A host address (dotted quad).

CNAME: The canonical name for an alias (domain).

HINFO: Host information (cpu_type OS_type).

MB: A mailbox domain name (domain).

MG: A mail group member (domain).

MINFO: Mailbox or mail list information (request_domain

error_domain).

MR: A mail rename domain name (domain).

MX: A mail exchanger (domain).

NS: An authoritative name server (domain).

NULL: A null resource record (no format or data).

PTR: A domain name pointer (domain).

SOA: Marks the start of a zone of authority (5 numbers). See

RFC 1035.

TXT: Arbitrary number of strings.

WKS: A well know service description (not implemented yet).

OPTIONS

-b bootfile: Use bootfile rather than /etc/named.boot.

-d level: Print debugging information. level is a number indicating the level of messages printed.

-p port: Use a different port number.

SUMMARY OF TRUSTED

in.named accepts requests at any sensitivity label and replies at the sensitivity label of the client's request. in.named can serve DNS clients and can communicate with other DNS servers that are on Trusted Solaris hosts or non-trusted hosts.

SOLARIS CHANGES

Files used by in.named should be protected from unauthorized access by having the sensitivity label ADMIN_LOW.

Invoking in.named requires the trusted path attribute, an effective uid of 0, a process sensitivity label of ADMIN_LOW, and the following privileges: net_mac_read, net_privaddr, net_upgrade_sl, proc_nofloat, proc_setclr, sys_trans_label, sys_net_config, and sys_config.

FILES

/etc/named.boot: name server configuration boot file

/etc/named.pid: the process ID

/var/tmp/named.run: debug output

/var/tmp/named_dump.db: dump of the name servers database

These files have a sensitivity label of ADMIN_LOW.

NOTES

The following signals have the specified effect when sent to the server process using the kill(1) command.

SIGHUP: Reads /etc/named.boot and reloads database.

SIGINT: Dumps the current database and cache to

/var/tmp/named_dump.db.

SIGUSR1: Turns on debugging; each subsequent SIGUSR1 increments debug

                      level.
SIGUSR2               Turns off debugging completely.