made-easy

早期freebsd实现

date.

NOTE:  If Chris had a very high profile and wanted his mac to appear like a
unix machine as far as internet services were concerned, he could simply
place an MX record such as 

	IN	MX	100  decel

after his machine and any mail sent to chris@chris-mac.ecel.uwa.edu.au
would be automatically rerouted to decel.

Reverse Name Lookups:

The reverse name lookup is handled in a most bizarre fashion.  Well it all
makes sense, but it is not immediately obvious.

All of the reverse name lookups are done by finding the PTR record
associated with the name w.x.y.z.in-addr.arpa.  So to find the name
associated with the IP number 1.2.3.4, we look for information stored in
the DNS under the name 4.3.2.1.in-addr.arpa.  They are organised this way
so that when you are allocated a B class subnet for example, you get all of
the IP numbers in the domain 130.95.  Now to turn that into a reverse name
lookup domain, you have to invert the numbers or your registered domains
will be spread all over the place.  It is a mess and you need not understand
the finer points of it all.  All you need to know is that you put the
reverse name lookup files back to front.

Here is the sample reverse name lookup files to go with our example.

0.0.127.in-addr.arpa
--
;  Reverse mapping of domain names 0.0.127.in-addr.arpa
;
@		IN	SOA decel.ecel.uwa.edu.au. postmaster.ecel.uwa.edu.au. (
				91061801	; Serial (yymmddxx)
				10800		; Refresh 3 hours
				3600		; Retry   1 hour
				3600000 	; Expire  1000 hours
				86400 )		; Minimum 24 hours
;
1		IN	PTR	    localhost.
--

4.95.130.in-addr.arpa
--
;	reverse mapping of domain names 4.95.130.in-addr.arpa
;
@		IN	SOA decel.ecel.uwa.edu.au. postmaster.ecel.uwa.edu.au. (
				92050300	; Serial (yymmddxx format)
				10800		; Refresh	3hHours
				3600		; Retry		1 hour
				3600000		; Expire	1000 hours
				86400 )		; Minimum	24 hours
2		IN	PTR	decel.ecel.uwa.edu.au.
3		IN	PTR	accfin.ecel.uwa.edu.au.
5		IN	PTR	chris-mac.ecel.uwa.edu.au.
--

It is important to remember that you must have a second start of authority
record for the reverse name lookups.  Each reverse name lookup file must
have its own SOA record.  The reverse name lookup on the 127 domain is
debatable seeing as there is likely to be only one number in the file and
it is blatantly obvious what it is going to map to.

The SOA details are the same as in the forward mapping.

Each of the numbers listed down the left hand side indicates that the line
contains information for that number of the subnet.  Each of the subnets
must be the more significant digits.  eg the 130.95.4 of an IP number
130.95.4.2 is implicit for all numbers mentioned in the file.

The PTR must point to a machine that can be found in the DNS.  If the name
is not in the DNS, some versions of named just bomb out at this point.

Reverse name lookups are not compulsory, but nice to have.  It means that
when people log into machines, they get names indicating where they are
logged in from.  It makes it easier for you to spot things that are wrong
and it is far less cryptic than having lots of numbers everywhere.

Troubleshooting your named:

Named doesn't work!  What is wrong?

Step 1:  Run nslookup and see what nameserver it tries to connect you to.
If nslookup connects you to the wrong nameserver, create a /etc/resolv.conf
file that points your machine at the correct nameserver.  If there is no
resolv.conf file, the the resolver uses the nameserver on the local
machine.

Step 2:  Make sure that named is actually running.

Step 3:  Restart named and see if you get any error messages on the
console.

Step 4:  If named is running, nslookup connects to the appropriate
nameserver and nslookup can answer simple questions, but other programs
such as 'ping' do not work with names, then you need to install resolv+
most likely.


I changed my named database and my local machine has noticed, but nobody
else has the new information?

Change the serial number in the SOA for any domains that you modified and
restart named.  Wait an hour and check again.  The information propogates
out.  It won't change immediately.


My local machine knows about all the name server information, but no other
sites know about me?

Find an upstream nameserver (one that has an SOA for something in your
domain) and ask them to be a secondary name server for you.  eg if you are
ecel.uwa.edu.au, ask someone who has an SOA for the domain uwa.edu.au.


My forward domain names work, but the backward names do not?

Make sure the numbers are back to front and have the in-addr.arpa on the
end.


How to get useful information from nslookup:

Nslookup is a very useful program but I'm sure there are less than 20
people worldwide who know how to use it to its full usefulness.  I'm most
certainly not one of them.  If you don't like using nslookup, there is at
least one other program called dig, that has most/all(?) of the
functionality of nslookup and is a hell of a lot easier to use.

To run nslookup, you usually just type nslookup.  It will tell you the
server it connects to.  You can specify a different server if you want.
This is useful when you want to tell if your named information is
consistent with other servers.

Getting name to number mappings.

Type the name of the machine.  Simple 'decel' is enough.  One curious quirk
of some name resolvers is that if you type a machine name, they will try a
number of permutations.  For example if my machine is in the domain
ecel.uwa.edu.au and I try to find a machine called fred, the resolver will
try the following.

  fred.ecel.uwa.edu.au.
  fred.uwa.edu.au.
  fred.edu.au.
  fred.au.
  fred.

This can be useful, but more often than not, you would simply prefer a good
way to make aliases for machines that are commonly referenced.  If you are
running resolv+, you should just be able to put common machines into the
host file.

Getting number to name mappings.

Nslookup defaults to finding you the Address of the name specified.  For
reverse lookups you already have the address and you want to find the
name that goes with it.  If you read and understood the bit above where it
describes how to create the number to name mapping file, you would guess
that you need to find the PTR record instead of the A record.  So you do
the following.

> set type=ptr
> 2.4.95.130.in-addr.arpa
Server:  decel.ecel.uwa.edu.au
Address:  130.95.4.2

2.4.95.130.in-addr.arpa host name = decel.ecel.uwa.edu.au
>

nslookup tells you that the ptr for the machine name
2.4.95.130.in-addr.arpa points to the host decel.ecel.uwa.edu.au.


Finding where mail goes when a machine has no IP number.

When a machine is not IP connected, it needs to specify to the world, where
to send the mail so that it can dial up and collect it every now and then.
This is accomplished by setting up an MX record for the site and not giving
it an IP number.  To get the information out of nslookup as to where the
mail goes, do the following.

> set type=mx
> dialix.oz.au
Server:  decel.ecel.uwa.oz.au
Address:  130.95.4.2

Non-authoritative answer:
dialix.oz.au    preference = 100, mail exchanger = uniwa.uwa.OZ.AU
dialix.oz.au    preference = 200, mail exchanger = munnari.OZ.AU
Authoritative answers can be found from:
uniwa.uwa.OZ.AU inet address = 130.95.128.1
munnari.OZ.AU   inet address = 128.250.1.21
munnari.OZ.AU   inet address = 192.43.207.1
mulga.cs.mu.OZ.AU       inet address = 128.250.35.21
mulga.cs.mu.OZ.AU       inet address = 192.43.207.2
dmssyd.syd.dms.CSIRO.AU inet address = 130.155.16.1
ns.UU.NET       inet address = 137.39.1.3

You tell nslookup that you want to search for mx records and then you give
it the name of the machine.  It tells you the preference for the mail
(small means more preferable), and who the mail should be sent to.  It also
includes sites that are authorative (have this name in their named database
files) for this MX record.  There are multiple sites as a backup.  As can
be seen, our local public internet access company dialix would like all of
their mail to be sent to uniwa, where they collect it from.  If uniwa is
not up, send it to munnari and munnari will get it to uniwa eventually.

NOTE: For historical reasons Australia used to be .oz which was changed to
.oz.au to move to the ISO standard extensions upon the advent of IP.  We
are now moving to a more normal heirarchy which is where the .edu.au comes
from.  Pity, I liked having oz.

Getting a list of machines in a domain from nslookup.

Find a server that is authorative for the domain or just generally all
knowing.  To find a good server, find all the soa records for a given
domain.  To do this, you set type=soa and enter the domain just like in the
two previous examples.

Once you have a server type 

> ls gu.uwa.edu.au.
[uniwa.uwa.edu.au]
Host or domain name            Internet address
 gu                             server = mackerel.gu.uwa.edu.au
 gu                             server = uniwa.uwa.edu.au
 gu                             130.95.100.3
 snuffle-upagus                 130.95.100.131
 mullet                         130.95.100.2
 mackerel                       130.95.100.3
 marlin                         130.95.100.4
 gugate                         130.95.100.1
 gugate                         130.95.100.129
 helpdesk                       130.95.100.180
 lan                            130.95.100.0
 big-bird                       130.95.100.130

to get a list of all the machines in the domain.

If you wanted to find a list of all of the MX records for the domain, you
can put a -m flag in the ls command.

> ls -m gu.uwa.edu.au.
[uniwa.uwa.edu.au]
Host or domain name            Metric Host
 gu                             100  mackerel.gu.uwa.edu.au
 gu                             200  uniwa.uwa.edu.au

This only works for a limited selection of the different types.



Well that about wraps it up.  If anyone else has any questions or answers
or comments they think should be in here, mail me and I'll add them.  I'll
also probably set up an automated posting thing so that this file gets
posted to the newsgroup once a month or so.  Hope all of this information
helps someone.  I had to learn it all the hard way and if I can save
someone that trouble it will have been worth it.

(P.S. I haven't proof read this so if there are any gaping holes, let me
know ASAP so I can fix them)

Craig
--
Craig Richmond.  Computer Officer -  Dept of Economics (morning) 380 3860
  University of Western Australia    Dept of Education (afternoon)   2388
craig@ecel.uwa.edu.au Dvorak Keyboards RULE!  "Messes are only acceptable
if users make them.  Applications aren't allowed this freedom" I.M.VI 2-4