📄 rfc1713.txt
字号:
necessity of dedicating an entire section to any of them. This doesn't mean they are not valuable contributions, in some cases they may be just what you are looking for, without having to install a complete package to do some testings on your domain. The reference taken was the contrib directory in the latest BIND distribution (where some of the above programs can also be found). There you will find tools for creating your DNS configuration files and NIS maps from /etc/hosts and vice-versa or generate PTR from A records (these things may be important as a means of avoiding common typing errors and inconsistencies between those tables), syntax checkers for zone files, programs for querying and monitoring name servers, all the small programs presented in [8], and more. It is worth spending some time looking at them, maybe you'll find thatRomao [Page 9]
RFC 1713 Tools for DNS debugging November 1994 program you were planning to write yourself. The latest public version of BIND can be found at ftp://gatekeeper.dec.com/pub/misc/vixie/4.9.2-940221.tar.gz. As of this writing BIND-4.9.3 is in its final beta stages and a public release is expected soon, also at gatekeeper.dec.com. You may also want to consider using a version control system like SCCS or RCS to maintain your configuration files consistent through updates, or use tools like M4 macros to generate those files. As stated above, it's important to avoid human-generated errors, creating problems that are difficult to track down, since they're often hidden behind some mistyped name. Errors like this may end up in many queries for a non-existing name, just to mention the less serious kind. See [9] for a description of the most common errors made while configuring domains.3. Why look after DNS? Several pieces of software were presented to help people administer and debug their name services. They exhibit many differences in their way of doing things, scope and requirements and it may be difficult just to choose one of them to work with. For one thing, people's expectations from these tools vary according to their kind of involvement with DNS. If you are responsible for a big domain, e.g., a top-level one or a big institution with many hosts and sub- domains, you probably want to see how well is the tree below your node organized, since the consequences of errors tend to propagate upwards, thus affecting your own domain and servers. For that you need some program that recursively descends the domain tree and analyzes each domain per se and the interdependencies between them all. You will have to consider how deep you want your analysis to be, the effects it will have on the network infrastructure, i.e., will it generate traffic only inside a campus network, no matter how big it is, or will it be spread over, say, a whole country (of course, your kind of connectivity plays an important role here). You may simply want to perform some sanity checks on your own domain, without any further concerns. Or you may want to participate in some kind of global effort to monitor name server traffic, either for research purposes or just to point out the "trouble-queries" that flow around. Whatever your interest may be, you can almost surely find a tool to suit it. Eliminating problems like those described in this document is a major contribution for the efficiency of an important piece of the Internet mechanism. Just to have an idea of this importance, think of all the applications that depend on it, not just to get addresses out of names. Many systems rely on DNS to store, retrieveRomao [Page 10]
RFC 1713 Tools for DNS debugging November 1994 and spread the information they need: Internet electronic mail was already mentioned (see [10] for details) and work is in progress to integrate X.400 operations with DNS [11]; others include "remote printing" services [12], distributed file systems and network routing purposes, among others. These features may be accomplished by some standard, well-known resource records [13], or by new, experimental ones [14, 15]. Even if some of them won't succeed, one may well expect some more load on the DNS burden. The ubiquitous DNS thus deserves a great deal of attention, perhaps much more than it generally has. One may say that it is a victim of its own success: if a user triggers an excessive amount of queries only to have one request satisfied, he won't worry about it (in fact, he won't notice it), won't complain to his system administrator, and things will just go on like this. Of course, DNS was designed to resist and provide its services despite all these anomalies. But by doing so it is frequently forgotten, as long as people can Telnet or ftp. As DNS will be given new responsibilities, as pointed in the above paragraph, the problems described in this text will grow more serious and new ones may appear (notably security ones [16], with a lot of work being presently in progress addressing security in DNS), if nothing is done to purge them.References [1] Lottor, M., "Internet Domain Survey, October 1994", http://www.nw.com/zone/WWW/report.html, October 1994. [2] Beecher, B., "Dealing With Lame Delegations", Univ. Michigan, LISA VI, October 1992. [3] Frazao, J. and J. L. Martins, "Ddt - Domain Debug Tools, A Package to Debug the DNS Tree", Dept. Informatica Faculdade Ciencias Univ. Lisboa, DI-FCUL-1992-04, January 1992. [4] Danzig, P., "Probabilistic Error Checkers: Fixing DNS", Univ. Southern California, Technical Report, February 1992. [5] Kumar, A., J. Postel, C. Neuman, P. Danzig and S. Miller, "Common DNS Implementation Errors and Suggested Fixes", RFC 1536, USC/Information Sciences Institute, October 1993. [6] Miller, S. and P. Danzig, "The Checker Project, Installation and Operator's Manual", Univ. Southern California, TR CS94-560, 1994. [7] Danzig, P., K. Obraczka and A. Kumar, "An Analisys of Wide-Area Name Server Traffic", Univ. Southern California, TR 92-504, 1992.Romao [Page 11]
RFC 1713 Tools for DNS debugging November 1994 [8] Albitz, P. and C. Liu, "DNS and BIND", O'Reilly and Associates Inc., October 1992. [9] Beertema, P., "Common DNS Data File Configuration Errors", RFC 1537, CWI, October 1993. [10] Partridge, C., "Mail Routing and the Domain System", STD 14, RFC 974, CSNET CIC BBN Laboratories Inc., January 1986. [11] Allocchio, C., A. Bonito, B. Cole, S. Giordano and R. Hagens, "Using the Internet DNS to Distribute RFC1327 Mail Address Mapping Tables", RFC 1664, GARR, Cisco Systems Inc., Centro Svizzero Calcolo Scientifico, ANS, August 1994. [12] Malamud, C. and M. Rose, "Principles of Operation for the TPC.INT Subdomain: General Principles and Policy", RFC 1530, Internet Multicasting Service, Dover Beach Consulting Inc., October 1993. [13] Rosenbaum, R., "Using the Domain Name System to Store Arbitrary String Attributes", RFC 1464, Digital Equipment Corporation, May 1993. [14] Everhart, C., L. Mamakos, R. Ullmann and P. Mockapetris (Ed.), "New DNS RR Definitions", RFC 1183, Transarc, Univ. Maryland, Prime Computer, Information Sciences Institute, October 1990. [15] Manning, B., and R. Colella, "DNS NSAP Resource Records", RFC 1706, USC/Information Sciences Institute, NIST, October 1994. [16] Gavron, E., "A Security Problem and Proposed Correction With Widely Deployed DNS Software", RFC 1535, ACES Research Inc., October 1993Romao [Page 12]
RFC 1713 Tools for DNS debugging November 1994Security Considerations Security issues are not discussed in this memo (although security is briefly mentioned at the end of section 3).Author's Address Artur Romao DI - Faculdade de Ciencias e Tecnologia Universidade Nova de Lisboa Quinta da Torre P-2825 Monte de Caparica Portugal Phone: +351 1 294 28 44 Fax: +351 1 295 77 86 EMail: artur@fct.unl.ptRomao [Page 13]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -