os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

White space fix only. Translators can ignore.

Browse source
This commit is contained in:
Dru Lavigne 2013-10-21 22:51:19 +00:00
parent b69ebce38c
commit 420435f8e6
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=43018
1 changed files with 200 additions and 186 deletions

386
en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
View file

@ -3006,134 +3006,136 @@ dhcpd_ifaces="dc0"</programlisting>
-->
<title>Domain Name System (<acronym>DNS</acronym>)</title>
<indexterm><primary>BIND</primary></indexterm>
<indexterm><primary>BIND</primary></indexterm>
<para>Domain Name System (<acronym>DNS</acronym>) is the protocol through which domain names are
mapped to <acronym>IP</acronym> addresses, and vice versa. By default, &os; installs the Berkeley
Internet Name Domain (<acronym>BIND</acronym>), which is the most common implementation
of the <acronym>DNS</acronym> protocol. The &os; version provides enhanced security features, a new file
system layout, and automated &man.chroot.8;
configuration. BIND is maintained by the
<ulink url="https://www.isc.org/">isc.org</ulink>.
It is not necessary to run a name
server to perform <acronym>DNS</acronym> lookups on a
system.</para>
<para>Domain Name System (<acronym>DNS</acronym>) is the protocol
through which domain names are mapped to <acronym>IP</acronym>
addresses, and vice versa. By default, &os; installs the
Berkeley Internet Name Domain (<acronym>BIND</acronym>), which
is the most common implementation of the <acronym>DNS</acronym>
protocol. The &os; version provides enhanced security features,
a new file system layout, and automated &man.chroot.8;
configuration. BIND is maintained by the <ulink
url="https://www.isc.org/">isc.org</ulink>. It is not
necessary to run a name server to perform <acronym>DNS</acronym>
lookups on a system.</para>
<indexterm><primary>DNS</primary></indexterm>
<para><acronym>DNS</acronym> is coordinated across the Internet
through a somewhat complex system of authoritative root, Top
Level Domain (<acronym>TLD</acronym>), and other smaller-scale
name servers, which host and cache individual domain
information. Table 28.4 describes some of the terms associated with <acronym>DNS</acronym>:</para>
<indexterm><primary>DNS</primary></indexterm>
<para><acronym>DNS</acronym> is coordinated across the Internet
through a somewhat complex system of authoritative root, Top
Level Domain (<acronym>TLD</acronym>), and other smaller-scale
name servers, which host and cache individual domain
information. Table 28.4 describes some of the terms associated
with <acronym>DNS</acronym>:</para>
<indexterm><primary>resolver</primary></indexterm>
<indexterm><primary>reverse
<acronym>DNS</acronym></primary></indexterm>
<indexterm><primary>root zone</primary></indexterm>
<indexterm><primary>resolver</primary></indexterm>
<indexterm><primary>reverse
<acronym>DNS</acronym></primary></indexterm>
<indexterm><primary>root zone</primary></indexterm>
<table frame="none" pgwide="1">
<title><acronym>DNS</acronym> Terminology</title>
<tgroup cols="2">
<colspec colwidth="1*"/>
<colspec colwidth="3*"/>
<table frame="none" pgwide="1">
<title><acronym>DNS</acronym> Terminology</title>
<thead>
<row>
<entry>Term</entry>
<entry>Definition</entry>
</row>
</thead>
<tgroup cols="2">
<colspec colwidth="1*"/>
<colspec colwidth="3*"/>
<tbody>
<row>
<entry>Forward <acronym>DNS</acronym></entry>
<entry>Mapping of hostnames to <acronym>IP</acronym>
addresses.</entry>
</row>
<thead>
<row>
<entry>Term</entry>
<entry>Definition</entry>
</row>
</thead>
<row>
<entry>Origin</entry>
<entry>Refers to the domain covered in a particular zone
file.</entry>
</row>
<tbody>
<row>
<entry>Forward <acronym>DNS</acronym></entry>
<entry>Mapping of hostnames to <acronym>IP</acronym>
addresses.</entry>
</row>
<row>
<entry><application>named</application>, BIND</entry>
<entry>Common names for the BIND name server package
within &os;.</entry>
</row>
<row>
<entry>Origin</entry>
<entry>Refers to the domain covered in a particular zone
file.</entry>
</row>
<row>
<entry>Resolver</entry>
<entry>A system process through which a machine queries
a name server for zone information.</entry>
</row>
<row>
<entry><application>named</application>, BIND</entry>
<entry>Common names for the BIND name server package
within &os;.</entry>
</row>
<row>
<entry>Reverse <acronym>DNS</acronym></entry>
<entry>Mapping of <acronym>IP</acronym> addresses to
hostnames.</entry>
</row>
<row>
<entry>Resolver</entry>
<entry>A system process through which a machine queries
a name server for zone information.</entry>
</row>
<row>
<entry>Root zone</entry>
<row>
<entry>Reverse <acronym>DNS</acronym></entry>
<entry>Mapping of <acronym>IP</acronym> addresses to
hostnames.</entry>
</row>
<entry>The beginning of the Internet zone hierarchy.
All zones fall under the root zone, similar to how
all files in a file system fall under the root
directory.</entry>
</row>
<row>
<entry>Root zone</entry>
<row>
<entry>Zone</entry>
<entry>An individual domain, subdomain, or portion of
the <acronym>DNS</acronym> administered by the same
authority.</entry>
</row>
</tbody>
</tgroup>
</table>
<entry>The beginning of the Internet zone hierarchy. All
zones fall under the root zone, similar to how all files
in a file system fall under the root directory.</entry>
</row>
<indexterm>
<primary>zones</primary>
<secondary>examples</secondary>
</indexterm>
<row>
<entry>Zone</entry>
<entry>An individual domain, subdomain, or portion of the
<acronym>DNS</acronym> administered by the same
authority.</entry>
</row>
</tbody>
</tgroup>
</table>
<para>Examples of zones:</para>
<indexterm>
<primary>zones</primary>
<secondary>examples</secondary>
</indexterm>
<itemizedlist>
<listitem>
<para><hostid>.</hostid> is how the root zone is usually
referred to in documentation.</para>
</listitem>
<para>Examples of zones:</para>
<listitem>
<para><hostid>org.</hostid> is a Top Level Domain
(<acronym>TLD</acronym>) under the root zone.</para>
</listitem>
<itemizedlist>
<listitem>
<para><hostid>.</hostid> is how the root zone is usually
referred to in documentation.</para>
</listitem>
<listitem>
<para><hostid role="domainname">example.org.</hostid> is a
zone under the <hostid>org.</hostid>
<acronym>TLD</acronym>.</para>
</listitem>
<listitem>
<para><hostid>org.</hostid> is a Top Level Domain
(<acronym>TLD</acronym>) under the root zone.</para>
</listitem>
<listitem>
<para><hostid>1.168.192.in-addr.arpa</hostid> is a zone
referencing all <acronym>IP</acronym> addresses which fall
under the <hostid role="ipaddr">192.168.1.*</hostid>
<acronym>IP</acronym> address space.</para>
</listitem>
</itemizedlist>
<listitem>
<para><hostid role="domainname">example.org.</hostid> is a
zone under the <hostid>org.</hostid>
<acronym>TLD</acronym>.</para>
</listitem>
<para>As one can see, the more specific part of a hostname
appears to its left. For example,
<hostid role="domainname">example.org.</hostid> is more
specific than <hostid>org.</hostid>, as <hostid>org.</hostid>
is more specific than the root zone. The layout of each part
of a hostname is much like a file system: the
<filename class="directory">/dev</filename> directory falls
within the root, and so on.</para>
<listitem>
<para><hostid>1.168.192.in-addr.arpa</hostid> is a zone
referencing all <acronym>IP</acronym> addresses which fall
under the <hostid role="ipaddr">192.168.1.*</hostid>
<acronym>IP</acronym> address space.</para>
</listitem>
</itemizedlist>
<para>As one can see, the more specific part of a hostname
appears to its left. For example, <hostid
role="domainname">example.org.</hostid> is more specific than
<hostid>org.</hostid>, as <hostid>org.</hostid> is more specific
than the root zone. The layout of each part of a hostname is
much like a file system: the <filename
class="directory">/dev</filename> directory falls within the
root, and so on.</para>
<sect2>
<title>Reasons to Run a Name Server</title>
@ -4405,18 +4407,19 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
<secondary>setting up</secondary></indexterm>
<indexterm><primary>Apache</primary></indexterm>
<para>The open source
<application>Apache HTTP Server</application> is the most widely
used web server. &os; does not install this web server by default,
but it can be installed from the
<filename role="package">www/apache24</filename> package or port.</para>
<para>The open source <application>Apache HTTP Server
</application> is the most widely used web server. &os; does
not install this web server by default, but it can be installed
from the <filename
role="package">www/apache24</filename> package or port.</para>
<para>This section summarizes how to configure and start version 2.<replaceable>x</replaceable> of the
<application>Apache HTTP Server</application>, the
most widely used version, on &os;. For more detailed
information about
<application>Apache</application>&nbsp;2.X and its configuration directives, refer to
<ulink url="http://httpd.apache.org/">httpd.apache.org</ulink>.</para>
<para>This section summarizes how to configure and start version
2.<replaceable>x</replaceable> of the <application>Apache HTTP
Server</application>, the most widely used version, on &os;.
For more detailed information about
<application>Apache</application>&nbsp;2.X and its configuration
directives, refer to <ulink
url="http://httpd.apache.org/">httpd.apache.org</ulink>.</para>
<sect2>
<title>Configuring and Starting Apache</title>
@ -4424,20 +4427,20 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
<indexterm><primary>Apache</primary>
<secondary>configuration file</secondary></indexterm>
<para>In &os;, the main <application>Apache HTTP Server</application>
configuration file is installed as
<para>In &os;, the main <application>Apache HTTP
Server</application> configuration file is installed as
<filename>/usr/local/etc/apache2<replaceable>x</replaceable>/httpd.conf</filename>.
This ASCII text file begins
comment lines with the <literal>#</literal>. The
most frequently modified directives are:</para>
This ASCII text file begins comment lines with the
<literal>#</literal>. The most frequently modified directives
are:</para>
<variablelist>
<varlistentry>
<term><literal>ServerRoot "/usr/local"</literal></term>
<listitem>
<para>Specifies the default directory hierarchy for
the <application>Apache</application> installation.
<para>Specifies the default directory hierarchy for the
<application>Apache</application> installation.
Binaries are stored in the
<filename class="directory">bin</filename> and
<filename class="directory">sbin</filename>
@ -4451,7 +4454,8 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
<term><literal>ServerAdmin you@your.address</literal></term>
<listitem>
<para>The email address to receive problems with the server. This address also appears on some
<para>The email address to receive problems with the
server. This address also appears on some
server-generated pages, such as error documents.</para>
</listitem>
</varlistentry>
@ -4463,8 +4467,8 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
<para>Allows an
administrator to set a host name which is sent back to
clients for the server. For example,
<hostid>www</hostid> can be used instead of the actual host
name.</para>
<hostid>www</hostid> can be used instead of the actual
host name.</para>
</listitem>
</varlistentry>
@ -4487,8 +4491,8 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
making changes. When the configuration of
<application>Apache</application>, is complete, save the
file and verify the configuration using apachectl(8).
Running <command>apachectl configtest</command>
should return <literal>Syntax OK</literal>.</para>
Running <command>apachectl configtest</command> should return
<literal>Syntax OK</literal>.</para>
<indexterm><primary>Apache</primary>
<secondary>starting or stopping</secondary></indexterm>
@ -4507,16 +4511,17 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
<para>If <application>Apache</application> should be started
with non-default options, the following line may be added to
<filename>/etc/rc.conf</filename> to specify the needed flags:</para>
<filename>/etc/rc.conf</filename> to specify the needed
flags:</para>
<programlisting>apache24_flags=""</programlisting>
<para>The <application>Apache</application> configuration can be
tested for errors after making subsequent
configuration changes while <command>httpd</command> is
running. This can be done by the &man.rc.8; script directly,
or by the &man.service.8; utility by issuing one of the
following commands:</para>
tested for errors after making subsequent configuration
changes while <command>httpd</command> is running. This can
be done by the &man.rc.8; script directly, or by the
&man.service.8; utility by issuing one of the following
commands:</para>
<screen>&prompt.root; <userinput>service apache24 configtest</userinput></screen>
@ -4873,66 +4878,72 @@ DocumentRoot /www/someotherdomain.tld
-->
<title>File Transfer Protocol (<acronym>FTP</acronym>)</title>
<indexterm><primary><acronym>FTP</acronym> servers</primary></indexterm>
<indexterm><primary><acronym>FTP</acronym>
servers</primary></indexterm>
<para>The File Transfer Protocol (<acronym>FTP</acronym>) provides users with a
simple way to transfer files to and from an
<acronym>FTP</acronym> server.
&os; includes <acronym>FTP</acronym> server
software, <application>ftpd</application>, in the base system.</para>
<para>&os; provides several configuration files for controlling access
to the <acronym>FTP</acronym> server. This section summarizes
these files. Refer to &man.ftpd.8; for more details about the
built-in <acronym>FTP</acronym> server.</para>
<para>The File Transfer Protocol (<acronym>FTP</acronym>) provides
users with a simple way to transfer files to and from an
<acronym>FTP</acronym> server. &os; includes
<acronym>FTP</acronym> server software,
<application>ftpd</application>, in the base system.</para>
<sect2>
<title>Configuration</title>
<para>&os; provides several configuration files for controlling
access to the <acronym>FTP</acronym> server. This section
summarizes these files. Refer to &man.ftpd.8; for more details
about the built-in <acronym>FTP</acronym> server.</para>
<sect2>
<title>Configuration</title>
<para>The most important configuration step is deciding which
accounts will be allowed access to the <acronym>FTP</acronym> server. A
&os; system has a number of system accounts which
should not be allowed <acronym>FTP</acronym> access.
The list of users disallowed any <acronym>FTP</acronym> access
can be found in <filename>/etc/ftpusers</filename>.
By
default, it includes system accounts. Additional
users that should not be
accounts will be allowed access to the <acronym>FTP</acronym>
server. A &os; system has a number of system accounts which
should not be allowed <acronym>FTP</acronym> access. The list
of users disallowed any <acronym>FTP</acronym> access can be
found in <filename>/etc/ftpusers</filename>. By default, it
includes system accounts. Additional users that should not be
allowed access to <acronym>FTP</acronym> can be added.</para>
<para>In some cases it may be desirable to restrict the access
of some users without preventing them completely from using
<acronym>FTP</acronym>. This can be accomplished be creating
<filename>/etc/ftpchroot</filename> as described in &man.ftpchroot.5;. This file lists
users and groups subject to <acronym>FTP</acronym> access restrictions.</para>
<filename>/etc/ftpchroot</filename> as described in
&man.ftpchroot.5;. This file lists users and groups subject
to <acronym>FTP</acronym> access restrictions.</para>
<indexterm>
<primary><acronym>FTP</acronym></primary>
<secondary>anonymous</secondary>
</indexterm>
<para>To enable anonymous <acronym>FTP</acronym> access to the server, create a
user named <username>ftp</username> on the &os; system. Users
will then be able to log on to the <acronym>FTP</acronym> server with a username
of <username>ftp</username> or <username>anonymous</username>. When prompted for the password,
any input will be accepted, but by convention, an email address
should be used as the password. The <acronym>FTP</acronym> server will
call &man.chroot.2; when an anonymous user logs in, to
restrict access to only the home directory of the
<para>To enable anonymous <acronym>FTP</acronym> access to the
server, create a user named <username>ftp</username> on the
&os; system. Users will then be able to log on to the
<acronym>FTP</acronym> server with a username of
<username>ftp</username> or <username>anonymous</username>.
When prompted for the password, any input will be accepted,
but by convention, an email address should be used as the
password. The <acronym>FTP</acronym> server will call
&man.chroot.2; when an anonymous user logs in, to restrict
access to only the home directory of the
<username>ftp</username> user.</para>
<para>There are two text files that can be created to specify welcome messages to
be displayed to <acronym>FTP</acronym> clients. The contents of
<para>There are two text files that can be created to specify
welcome messages to be displayed to <acronym>FTP</acronym>
clients. The contents of
<filename>/etc/ftpwelcome</filename> will be displayed to
users before they reach the login prompt. After a successful
login, the contents of
<filename>/etc/ftpmotd</filename> will be displayed. Note
that the path to this file is relative to the login
environment, so the contents of <filename>~ftp/etc/ftpmotd</filename>
would be displayed for anonymous users.</para>
environment, so the contents of
<filename>~ftp/etc/ftpmotd</filename> would be displayed for
anonymous users.</para>
<para>Once the <acronym>FTP</acronym> server has been configured, set the appropriate variable in
<filename>/etc/rc.conf</filename> to start the service during boot:</para>
<para>Once the <acronym>FTP</acronym> server has been
configured, set the appropriate variable in
<filename>/etc/rc.conf</filename> to start the service during
boot:</para>
<programlisting>ftpd_enable="YES"</programlisting>
@ -4940,7 +4951,8 @@ DocumentRoot /www/someotherdomain.tld
<screen>&prompt.root; <userinput>service ftpd start</userinput></screen>
<para>Test the connection to the <acronym>FTP</acronym> server by typing:</para>
<para>Test the connection to the <acronym>FTP</acronym> server
by typing:</para>
<screen>&prompt.user; <userinput>ftp localhost</userinput></screen>
@ -4950,9 +4962,10 @@ DocumentRoot /www/someotherdomain.tld
<para>The <application>ftpd</application> daemon uses
&man.syslog.3; to log messages. By default, the system log
daemon will write messages related to <acronym>FTP</acronym> in
<filename>/var/log/xferlog</filename>. The location of
the <acronym>FTP</acronym> log can be modified by changing the following line in
daemon will write messages related to <acronym>FTP</acronym>
in <filename>/var/log/xferlog</filename>. The location of
the <acronym>FTP</acronym> log can be modified by changing the
following line in
<filename>/etc/syslog.conf</filename>:</para>
<programlisting>ftp.info /var/log/xferlog</programlisting>
@ -4963,14 +4976,15 @@ DocumentRoot /www/someotherdomain.tld
</indexterm>
<note>
<para>Be aware of the potential problems involved with running
an anonymous <acronym>FTP</acronym> server. In particular, think twice about
allowing anonymous users to upload files. It may turn out
that the <acronym>FTP</acronym> site becomes a forum for the trade of unlicensed
commercial software or worse. If anonymous <acronym>FTP</acronym> uploads are
required, then verify the permissions so that these files can
not be read by other anonymous users until they have been
reviewed by an administrator.</para>
<para>Be aware of the potential problems involved with running
an anonymous <acronym>FTP</acronym> server. In particular,
think twice about allowing anonymous users to upload files.
It may turn out that the <acronym>FTP</acronym> site becomes
a forum for the trade of unlicensed commercial software or
worse. If anonymous <acronym>FTP</acronym> uploads are
required, then verify the permissions so that these files
can not be read by other anonymous users until they have
been reviewed by an administrator.</para>
</note>
</sect2>
</sect1>