Initial shuffle of the DHCP section. This patch does the following:
- fixes acronym tags for DHCP, IP, and UDP - removes superfluous headings - shuffles existing content to organize it into a client section and a server section - replaces deprecated dhcp.org address Subsequent patches will clean up the white space and then move on to review and clarify the content in this section.
This commit is contained in:
parent
28378719d4
commit
7f49336cd6
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=42976
1 changed files with 126 additions and 182 deletions
|
@ -200,7 +200,7 @@
|
|||
<literal>inetd_flags</literal> is set to
|
||||
<literal>-wW -C 60</literal>, which turns on TCP wrapping for
|
||||
<application>inetd</application>'s services, and prevents any
|
||||
single IP address from requesting any service more than 60
|
||||
single <acronym>IP</acronym> address from requesting any service more than 60
|
||||
times in any given minute.</para>
|
||||
|
||||
<para>Although we mention rate-limiting options below, novice
|
||||
|
@ -227,7 +227,7 @@
|
|||
|
||||
<listitem>
|
||||
<para>Specify the default maximum number of times a
|
||||
service can be invoked from a single IP address in one
|
||||
service can be invoked from a single <acronym>IP</acronym> address in one
|
||||
minute; the default is unlimited. May be overridden on
|
||||
a per-service basis with the
|
||||
<option>max-connections-per-ip-per-minute</option>
|
||||
|
@ -250,7 +250,7 @@
|
|||
|
||||
<listitem>
|
||||
<para>Specify the maximum number of times a service can be
|
||||
invoked from a single IP address at any one time; the
|
||||
invoked from a single <acronym>IP</acronym> address at any one time; the
|
||||
default is unlimited. May be overridden on a
|
||||
per-service basis with the
|
||||
<option>max-child-per-ip</option> parameter.</para>
|
||||
|
@ -347,7 +347,7 @@ server-program-arguments</programlisting>
|
|||
|
||||
<row>
|
||||
<entry>udp, udp4</entry>
|
||||
<entry>UDP IPv4</entry>
|
||||
<entry><acronym>UDP</acronym> IPv4</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
|
@ -357,7 +357,7 @@ server-program-arguments</programlisting>
|
|||
|
||||
<row>
|
||||
<entry>udp6</entry>
|
||||
<entry>UDP IPv6</entry>
|
||||
<entry><acronym>UDP</acronym> IPv6</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
|
@ -367,7 +367,7 @@ server-program-arguments</programlisting>
|
|||
|
||||
<row>
|
||||
<entry>udp46</entry>
|
||||
<entry>Both UDP IPv4 and v6</entry>
|
||||
<entry>Both <acronym>UDP</acronym> IPv4 and v6</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
|
@ -403,12 +403,12 @@ server-program-arguments</programlisting>
|
|||
options which limit the maximum connections from a
|
||||
single place to a particular daemon can be enabled.
|
||||
<option>max-connections-per-ip-per-minute</option>
|
||||
limits the number of connections from any particular IP
|
||||
limits the number of connections from any particular <acronym>IP</acronym>
|
||||
address per minutes, e.g., a value of ten would limit
|
||||
any particular IP address connecting to a particular
|
||||
any particular <acronym>IP</acronym> address connecting to a particular
|
||||
service to ten attempts per minute.
|
||||
<option>max-child-per-ip</option> limits the number of
|
||||
children that can be started on behalf on any single IP
|
||||
children that can be started on behalf on any single <acronym>IP</acronym>
|
||||
address at any moment. These options are useful to
|
||||
prevent intentional or unintentional excessive resource
|
||||
consumption and Denial of Service (DoS) attacks to a
|
||||
|
@ -430,7 +430,7 @@ server-program-arguments</programlisting>
|
|||
would read: <literal>nowait/10</literal>.</para>
|
||||
|
||||
<para>The same setup with a limit of twenty connections
|
||||
per IP address per minute and a maximum total limit of
|
||||
per <acronym>IP</acronym> address per minute and a maximum total limit of
|
||||
ten child daemons would read:
|
||||
<literal>nowait/10/20</literal>.</para>
|
||||
|
||||
|
@ -442,7 +442,7 @@ server-program-arguments</programlisting>
|
|||
|
||||
<para>Finally, an example of this field with a maximum of
|
||||
100 children in total, with a maximum of 5 for any one
|
||||
IP address would read:
|
||||
<acronym>IP</acronym> address would read:
|
||||
<literal>nowait/100/0/5</literal>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -723,7 +723,7 @@ mountd_flags="-r"</programlisting>
|
|||
|
||||
<para>The next example exports
|
||||
<filename class="directory">/home</filename> to three clients
|
||||
by IP address. This can be useful for networks without
|
||||
by <acronym>IP</acronym> address. This can be useful for networks without
|
||||
<acronym>DNS</acronym>. Optionally,
|
||||
<filename>/etc/hosts</filename> could be configured for
|
||||
internal hostnames; please review &man.hosts.5; for more
|
||||
|
@ -953,7 +953,7 @@ rpc_statd_enable="YES"</programlisting>
|
|||
<application>amd</application> looks up the corresponding
|
||||
remote mount and automatically mounts it.
|
||||
<filename class="directory">/net</filename> is used to mount
|
||||
an exported file system from an IP address, while
|
||||
an exported file system from an <acronym>IP</acronym> address, while
|
||||
<filename class="directory">/host</filename> is used to mount
|
||||
an export from a remote hostname.</para>
|
||||
|
||||
|
@ -1251,7 +1251,7 @@ Exports list on foobar:
|
|||
<thead>
|
||||
<row>
|
||||
<entry>Machine name</entry>
|
||||
<entry>IP address</entry>
|
||||
<entry><acronym>IP</acronym> address</entry>
|
||||
<entry>Machine role</entry>
|
||||
</row>
|
||||
</thead>
|
||||
|
@ -1768,7 +1768,7 @@ nis_client_enable="YES"</programlisting>
|
|||
for providing access control instead of
|
||||
<filename>securenets</filename>. While either access control
|
||||
mechanism adds some security, they are both vulnerable to
|
||||
<quote>IP spoofing</quote> attacks. All
|
||||
<quote><acronym>IP</acronym> spoofing</quote> attacks. All
|
||||
<acronym>NIS</acronym>-related traffic should be blocked at
|
||||
the firewall.</para>
|
||||
|
||||
|
@ -2617,92 +2617,55 @@ result: 0 Success
|
|||
</authorgroup>
|
||||
</sect1info>
|
||||
-->
|
||||
<title>Automatic Network Configuration (DHCP)</title>
|
||||
<title>Dynamic Host Configuration Protocol (<acronym>DHCP</acronym>)</title>
|
||||
|
||||
<indexterm>
|
||||
<primary>Dynamic Host Configuration Protocol</primary>
|
||||
<see>DHCP</see>
|
||||
<see><acronym>DHCP</acronym></see>
|
||||
</indexterm>
|
||||
<indexterm>
|
||||
<primary>Internet Systems Consortium (ISC)</primary>
|
||||
</indexterm>
|
||||
|
||||
<para>DHCP, the Dynamic Host Configuration Protocol, describes
|
||||
the means by which a system can connect to a network and
|
||||
obtain the necessary information for communication upon that
|
||||
network. &os; uses the OpenBSD <command>dhclient</command>
|
||||
taken from OpenBSD 3.7. All information here regarding
|
||||
<command>dhclient</command> is for use with either of the ISC
|
||||
or OpenBSD DHCP clients. The DHCP server is the one included
|
||||
in the ISC distribution.</para>
|
||||
<para>The Dynamic Host Configuration Protocol (<acronym>DHCP</acronym>) allows
|
||||
a system to connect to a network in order to be assigned
|
||||
the necessary addressing information for communication on that
|
||||
network. &os; includes the OpenBSD version of <command>dhclient</command>
|
||||
which is used by the client to obtain the addressing information.
|
||||
&os; does not install a <acronym>DHCP</acronym> server, but several
|
||||
servers are available in the &os; Ports Collection.
|
||||
The <acronym>DHCP</acronym> protocol is fully described in
|
||||
<ulink url="http://www.freesoft.org/CIE/RFC/2131/">RFC
|
||||
2131</ulink>. Informational resources are also available at
|
||||
<ulink url="http://www.isc.org/downloads/dhcp/">isc.org/downloads/dhcp/</ulink>.</para>
|
||||
|
||||
<para>This section describes both the client-side components of
|
||||
the ISC and OpenBSD DHCP client and server-side components of
|
||||
the ISC DHCP system. The client-side program,
|
||||
<command>dhclient</command>, comes integrated within &os;,
|
||||
and the server-side portion is available from the <filename
|
||||
role="package">net/isc-dhcp42-server</filename> port. Refer to
|
||||
&man.dhclient.8;, &man.dhcp-options.5;, and
|
||||
&man.dhclient.conf.5;, in addition to the
|
||||
references below, for more information.</para>
|
||||
<para>This section describes how to use the built-in <acronym>DHCP</acronym> client.
|
||||
It then describes how to install and configure a
|
||||
<acronym>DHCP</acronym> server.</para>
|
||||
|
||||
<sect2>
|
||||
<title>How It Works</title>
|
||||
<sect2>
|
||||
<title>Configuring a <acronym>DHCP</acronym> Client</title>
|
||||
|
||||
<indexterm><primary>UDP</primary></indexterm>
|
||||
<para>When <command>dhclient</command>, the DHCP client, is
|
||||
executed on the client machine, it begins broadcasting
|
||||
requests for configuration information. By default, these
|
||||
requests are on UDP port 68. The server replies on UDP 67,
|
||||
giving the client an IP address and other relevant network
|
||||
information such as netmask, router, and DNS servers. All of
|
||||
this information comes in the form of a DHCP
|
||||
<quote>lease</quote> and is only valid for a certain time
|
||||
(configured by the DHCP server maintainer). In this manner,
|
||||
stale IP addresses for clients no longer connected to the
|
||||
network can be automatically reclaimed.</para>
|
||||
<para><acronym>DHCP</acronym> client support is included in the &os;
|
||||
installer, making it easy to configure a system to automatically
|
||||
receive its networking addressing information from an existing
|
||||
<acronym>DHCP</acronym> server.</para>
|
||||
|
||||
<indexterm><primary><acronym>UDP</acronym></primary></indexterm>
|
||||
<para>When <command>dhclient</command> is
|
||||
executed on the client machine, it begins broadcasting
|
||||
requests for configuration information. By default, these
|
||||
requests use <acronym>UDP</acronym> port 68. The server replies on <acronym>UDP</acronym> port 67,
|
||||
giving the client an <acronym>IP</acronym> address and other relevant network
|
||||
information such as a subnet mask, default gateway, and <acronym>DNS</acronym> server addresses.
|
||||
This information is in the form of a <acronym>DHCP</acronym>
|
||||
<quote>lease</quote> and is valid for a configurable time. This allows
|
||||
stale <acronym>IP</acronym> addresses for clients no longer connected to the
|
||||
network to automatically be reused.</para>
|
||||
|
||||
<para>DHCP clients can obtain a great deal of information from
|
||||
the server. An exhaustive list may be found in
|
||||
&man.dhcp-options.5;.</para>
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>&os; Integration</title>
|
||||
|
||||
<para>&os; fully integrates the OpenBSD DHCP client,
|
||||
<command>dhclient</command>. DHCP client support is provided
|
||||
within both the installer and the base system, obviating the
|
||||
need for detailed knowledge of network configurations on any
|
||||
network that runs a DHCP server.</para>
|
||||
|
||||
<indexterm>
|
||||
<primary><application>sysinstall</application></primary>
|
||||
</indexterm>
|
||||
|
||||
<para>DHCP is supported by
|
||||
<application>sysinstall</application>. When configuring a
|
||||
network interface within
|
||||
<application>sysinstall</application>, the second question
|
||||
asked is: <quote>Do you want to try DHCP configuration of the
|
||||
interface?</quote>. Answering affirmatively will execute
|
||||
<command>dhclient</command>, and if successful, will fill in
|
||||
the network configuration information automatically.</para>
|
||||
|
||||
<para>There are two things required to have the system use
|
||||
DHCP upon startup:</para>
|
||||
<indexterm>
|
||||
<primary>DHCP</primary>
|
||||
<secondary>requirements</secondary>
|
||||
</indexterm>
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>Make sure that the <devicename>bpf</devicename> device
|
||||
is compiled into the kernel. To do this, add
|
||||
<literal>device bpf</literal> to the kernel configuration
|
||||
file, and rebuild the kernel. For more information about
|
||||
building kernels, see
|
||||
<xref linkend="kernelconfig"/>.</para>
|
||||
<para><acronym>DHCP</acronym> clients can obtain a great deal of information from
|
||||
the server. An exhaustive list may be found in
|
||||
&man.dhcp-options.5;.</para>
|
||||
|
||||
<para>The <devicename>bpf</devicename> device is already
|
||||
part of the <filename>GENERIC</filename> kernel that is
|
||||
|
@ -2719,37 +2682,35 @@ result: 0 Success
|
|||
(although they still have to be run as
|
||||
<username>root</username>).
|
||||
<devicename>bpf</devicename> <emphasis>is</emphasis>
|
||||
required to use DHCP; however, the security sensitive
|
||||
required to use <acronym>DHCP</acronym>; however, the security sensitive
|
||||
types should probably not add
|
||||
<devicename>bpf</devicename> to the kernel in the
|
||||
expectation that at some point in the future the system
|
||||
will be using DHCP.</para>
|
||||
will be using <acronym>DHCP</acronym>.</para>
|
||||
</note>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>By default, DHCP configuration on &os; runs in the
|
||||
<para>By default, <acronym>DHCP</acronym> configuration on &os; runs in the
|
||||
background, or <firstterm>asynchronously</firstterm>.
|
||||
Other startup scripts continue to run while DHCP
|
||||
Other startup scripts continue to run while <acronym>DHCP</acronym>
|
||||
completes, speeding up system startup.</para>
|
||||
|
||||
<para>Background DHCP works well when the DHCP server
|
||||
responds quickly to requests and the DHCP configuration
|
||||
process goes quickly. However, DHCP may take a long time
|
||||
<para>Background <acronym>DHCP</acronym> works well when the <acronym>DHCP</acronym> server
|
||||
responds quickly to requests and the <acronym>DHCP</acronym> configuration
|
||||
process goes quickly. However, <acronym>DHCP</acronym> may take a long time
|
||||
to complete on some systems. If network services attempt
|
||||
to run before DHCP has completed, they will fail. Using
|
||||
DHCP in <firstterm>synchronous</firstterm> mode prevents
|
||||
the problem, pausing startup until DHCP configuration has
|
||||
to run before <acronym>DHCP</acronym> has completed, they will fail. Using
|
||||
<acronym>DHCP</acronym> in <firstterm>synchronous</firstterm> mode prevents
|
||||
the problem, pausing startup until <acronym>DHCP</acronym> configuration has
|
||||
completed.</para>
|
||||
|
||||
<para>To connect to a DHCP server in the background while
|
||||
<para>To connect to a <acronym>DHCP</acronym> server in the background while
|
||||
other startup continues (asynchronous mode), use the
|
||||
<quote><literal>DHCP</literal></quote> value in
|
||||
<filename>/etc/rc.conf</filename>:</para>
|
||||
|
||||
<programlisting>ifconfig_<replaceable>fxp0</replaceable>="DHCP"</programlisting>
|
||||
|
||||
<para>To pause startup while DHCP completes, use
|
||||
<para>To pause startup while <acronym>DHCP</acronym> completes, use
|
||||
synchronous mode with the
|
||||
<quote><literal>SYNCDHCP</literal></quote> value:</para>
|
||||
|
||||
|
@ -2769,27 +2730,14 @@ result: 0 Success
|
|||
|
||||
<programlisting>dhclient_program="/sbin/dhclient"
|
||||
dhclient_flags=""</programlisting>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<indexterm>
|
||||
<primary>DHCP</primary>
|
||||
<secondary>server</secondary>
|
||||
</indexterm>
|
||||
<para>The DHCP server, <application>dhcpd</application>, is
|
||||
included as part of the
|
||||
<filename role="package">net/isc-dhcp42-server</filename> port
|
||||
in the ports collection. This port contains the ISC DHCP
|
||||
server and documentation.</para>
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Files</title>
|
||||
|
||||
<indexterm>
|
||||
<primary>DHCP</primary>
|
||||
<primary><acronym>DHCP</acronym></primary>
|
||||
<secondary>configuration files</secondary>
|
||||
</indexterm>
|
||||
|
||||
<para>The <acronym>DHCP</acronym> client uses the following files:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para><filename>/etc/dhclient.conf</filename></para>
|
||||
|
@ -2812,7 +2760,7 @@ dhclient_flags=""</programlisting>
|
|||
<para><filename>/sbin/dhclient-script</filename></para>
|
||||
|
||||
<para><command>dhclient-script</command> is the
|
||||
&os;-specific DHCP client configuration script. It
|
||||
&os;-specific <acronym>DHCP</acronym> client configuration script. It
|
||||
is described in &man.dhclient-script.8;, but should not
|
||||
need any user modification to function properly.</para>
|
||||
</listitem>
|
||||
|
@ -2820,50 +2768,47 @@ dhclient_flags=""</programlisting>
|
|||
<listitem>
|
||||
<para><filename>/var/db/dhclient.leases.<replaceable>interface</replaceable></filename></para>
|
||||
|
||||
<para>The DHCP client keeps a database of valid leases in
|
||||
<para>The <acronym>DHCP</acronym> client keeps a database of valid leases in
|
||||
this file, which is written as a log.
|
||||
&man.dhclient.leases.5; gives a slightly longer
|
||||
description.</para>
|
||||
description. Refer to
|
||||
&man.dhclient.8;, &man.dhcp-options.5;, and
|
||||
&man.dhclient.conf.5;, in addition to the
|
||||
references below, for more information.</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Further Reading</title>
|
||||
|
||||
<para>The DHCP protocol is fully described in
|
||||
<ulink url="http://www.freesoft.org/CIE/RFC/2131/">RFC
|
||||
2131</ulink>. An informational resource has also been set
|
||||
up at <ulink url="http://www.dhcp.org/"></ulink>.</para>
|
||||
</sect2>
|
||||
|
||||
<sect2 id="network-dhcp-server">
|
||||
<title>Installing and Configuring a DHCP Server</title>
|
||||
|
||||
<sect3>
|
||||
<title>What This Section Covers</title>
|
||||
<title>Installing and Configuring a <acronym>DHCP</acronym> Server</title>
|
||||
|
||||
<para>This section provides information on how to configure a
|
||||
&os; system to act as a DHCP server using the ISC
|
||||
(Internet Systems Consortium) implementation of the DHCP
|
||||
&os; system to act as a <acronym>DHCP</acronym> server using the ISC
|
||||
(Internet Systems Consortium) implementation of the <acronym>DHCP</acronym>
|
||||
server.</para>
|
||||
|
||||
<indexterm>
|
||||
<primary><acronym>DHCP</acronym></primary>
|
||||
<secondary>server</secondary>
|
||||
</indexterm>
|
||||
|
||||
<para>The <acronym>DHCP</acronym> server, <application>dhcpd</application>, is
|
||||
included as part of the
|
||||
<filename role="package">net/isc-dhcp42-server</filename> port
|
||||
in the ports collection. This port contains the ISC <acronym>DHCP</acronym>
|
||||
server and documentation.</para>
|
||||
<para>The server is not provided as part of &os;, and so the
|
||||
<filename role="package">net/isc-dhcp42-server</filename>
|
||||
port must be installed to provide this service. See
|
||||
<xref linkend="ports"/> for more information on using the
|
||||
Ports Collection.</para>
|
||||
</sect3>
|
||||
|
||||
<sect3>
|
||||
<title>DHCP Server Installation</title>
|
||||
|
||||
<indexterm>
|
||||
<primary>DHCP</primary>
|
||||
<primary><acronym>DHCP</acronym></primary>
|
||||
<secondary>installation</secondary>
|
||||
</indexterm>
|
||||
|
||||
<para>In order to configure the &os; system as a DHCP server,
|
||||
<para>In order to configure the &os; system as a <acronym>DHCP</acronym> server,
|
||||
first ensure that the &man.bpf.4; device is compiled into
|
||||
the kernel. To do this, add <literal>device bpf</literal>
|
||||
to the kernel configuration file, and rebuild the kernel.
|
||||
|
@ -2881,7 +2826,7 @@ dhclient_flags=""</programlisting>
|
|||
that allows packet sniffers to function correctly
|
||||
(although such programs still need privileged access).
|
||||
The <devicename>bpf</devicename> device
|
||||
<emphasis>is</emphasis> required to use DHCP, but if the
|
||||
<emphasis>is</emphasis> required to use <acronym>DHCP</acronym>, but if the
|
||||
sensitivity of the system's security is high, this device
|
||||
should not be included in the kernel purely because the
|
||||
use of <acronym>DHCP</acronym> may, at some point in the
|
||||
|
@ -2895,13 +2840,12 @@ dhclient_flags=""</programlisting>
|
|||
to the actual configuration file,
|
||||
<filename>/usr/local/etc/dhcpd.conf</filename>. Edits
|
||||
will be made to this new file.</para>
|
||||
</sect3>
|
||||
|
||||
<sect3>
|
||||
<title>Configuring the DHCP Server</title>
|
||||
<title>Configuring the <acronym>DHCP</acronym> Server</title>
|
||||
|
||||
<indexterm>
|
||||
<primary>DHCP</primary>
|
||||
<primary><acronym>DHCP</acronym></primary>
|
||||
<secondary>dhcpd.conf</secondary>
|
||||
</indexterm>
|
||||
<para><filename>dhcpd.conf</filename> is comprised of
|
||||
|
@ -2936,7 +2880,7 @@ host mailhost {
|
|||
|
||||
<callout arearefs="domain-name-servers">
|
||||
<para>This option specifies a comma separated list of
|
||||
DNS servers that the client should use.</para>
|
||||
<acronym>DNS</acronym> servers that the client should use.</para>
|
||||
</callout>
|
||||
|
||||
<callout arearefs="subnet-mask">
|
||||
|
@ -2960,15 +2904,15 @@ host mailhost {
|
|||
</callout>
|
||||
|
||||
<callout arearefs="ddns-update-style">
|
||||
<para>This option specifies whether the DHCP server
|
||||
should attempt to update DNS when a lease is accepted
|
||||
<para>This option specifies whether the <acronym>DHCP</acronym> server
|
||||
should attempt to update <acronym>DNS</acronym> when a lease is accepted
|
||||
or released. In the ISC implementation, this option
|
||||
is <emphasis>required</emphasis>.</para>
|
||||
</callout>
|
||||
|
||||
<callout arearefs="range">
|
||||
<para>This denotes which IP addresses should be used in
|
||||
the pool reserved for allocating to clients. IP
|
||||
<para>This denotes which <acronym>IP</acronym> addresses should be used in
|
||||
the pool reserved for allocating to clients. <acronym>IP</acronym>
|
||||
addresses between, and including, the ones stated are
|
||||
handed out to clients.</para>
|
||||
</callout>
|
||||
|
@ -2980,14 +2924,14 @@ host mailhost {
|
|||
|
||||
<callout arearefs="hardware">
|
||||
<para>The hardware MAC address of a host (so that the
|
||||
DHCP server can recognize a host when it makes a
|
||||
<acronym>DHCP</acronym> server can recognize a host when it makes a
|
||||
request).</para>
|
||||
</callout>
|
||||
|
||||
<callout arearefs="fixed-address">
|
||||
<para>Specifies that the host should always be given the
|
||||
same IP address. Note that using a hostname is
|
||||
correct here, since the DHCP server will resolve the
|
||||
same <acronym>IP</acronym> address. Note that using a hostname is
|
||||
correct here, since the <acronym>DHCP</acronym> server will resolve the
|
||||
hostname itself before returning the lease
|
||||
information.</para>
|
||||
</callout>
|
||||
|
@ -2995,7 +2939,7 @@ host mailhost {
|
|||
|
||||
<para>Once the configuration of
|
||||
<filename>dhcpd.conf</filename> has been completed,
|
||||
enable the DHCP server in
|
||||
enable the <acronym>DHCP</acronym> server in
|
||||
<filename>/etc/rc.conf</filename>, i.e., by adding:</para>
|
||||
|
||||
<programlisting>dhcpd_enable="YES"
|
||||
|
@ -3003,7 +2947,7 @@ dhcpd_ifaces="dc0"</programlisting>
|
|||
|
||||
<para>Replace the <literal>dc0</literal> interface name with
|
||||
the interface (or interfaces, separated by whitespace)
|
||||
that the DHCP server should listen on for DHCP client
|
||||
that the <acronym>DHCP</acronym> server should listen on for <acronym>DHCP</acronym> client
|
||||
requests.</para>
|
||||
|
||||
<para>Proceed to start the server by issuing
|
||||
|
@ -3023,7 +2967,7 @@ dhcpd_ifaces="dc0"</programlisting>
|
|||
<title>Files</title>
|
||||
|
||||
<indexterm>
|
||||
<primary>DHCP</primary>
|
||||
<primary><acronym>DHCP</acronym></primary>
|
||||
<secondary>configuration files</secondary>
|
||||
</indexterm>
|
||||
<itemizedlist>
|
||||
|
@ -3056,7 +3000,7 @@ dhcpd_ifaces="dc0"</programlisting>
|
|||
<listitem>
|
||||
<para><filename>/var/db/dhcpd.leases</filename></para>
|
||||
|
||||
<para>The DHCP server keeps a database of leases it has
|
||||
<para>The <acronym>DHCP</acronym> server keeps a database of leases it has
|
||||
issued in this file, which is written as a log. The
|
||||
port installs &man.dhcpd.leases.5;, which gives a
|
||||
slightly longer description.</para>
|
||||
|
@ -3066,8 +3010,8 @@ dhcpd_ifaces="dc0"</programlisting>
|
|||
<para><filename>/usr/local/sbin/dhcrelay</filename></para>
|
||||
|
||||
<para><application>dhcrelay</application> is used in
|
||||
advanced environments where one DHCP server forwards a
|
||||
request from a client to another DHCP server on a
|
||||
advanced environments where one <acronym>DHCP</acronym> server forwards a
|
||||
request from a client to another <acronym>DHCP</acronym> server on a
|
||||
separate network. If this functionality is required,
|
||||
then install the
|
||||
<filename role="package">net/isc-dhcp42-relay</filename>
|
||||
|
@ -3150,7 +3094,7 @@ dhcpd_ifaces="dc0"</programlisting>
|
|||
<acronym>DNS</acronym> must be understood.</para>
|
||||
|
||||
<indexterm><primary>resolver</primary></indexterm>
|
||||
<indexterm><primary>reverse DNS</primary></indexterm>
|
||||
<indexterm><primary>reverse <acronym>DNS</acronym></primary></indexterm>
|
||||
<indexterm><primary>root zone</primary></indexterm>
|
||||
|
||||
<informaltable frame="none" pgwide="1">
|
||||
|
@ -3168,7 +3112,7 @@ dhcpd_ifaces="dc0"</programlisting>
|
|||
<tbody>
|
||||
<row>
|
||||
<entry>Forward <acronym>DNS</acronym></entry>
|
||||
<entry>Mapping of hostnames to IP addresses.</entry>
|
||||
<entry>Mapping of hostnames to <acronym>IP</acronym> addresses.</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
|
@ -3492,7 +3436,7 @@ options {
|
|||
</warning>
|
||||
|
||||
<programlisting> /*
|
||||
Modern versions of BIND use a random UDP port for each outgoing
|
||||
Modern versions of BIND use a random <acronym>UDP</acronym> port for each outgoing
|
||||
query by default in order to dramatically reduce the possibility
|
||||
of cache poisoning. All users are strongly encouraged to utilize
|
||||
this feature, and to configure their firewalls to accommodate it.
|
||||
|
@ -3817,11 +3761,11 @@ www IN CNAME example.org.</programlisting>
|
|||
<programlisting>recordname IN recordtype value</programlisting>
|
||||
|
||||
<indexterm>
|
||||
<primary>DNS</primary>
|
||||
<primary><acronym>DNS</acronym></primary>
|
||||
<secondary>records</secondary>
|
||||
</indexterm>
|
||||
|
||||
<para>The most commonly used DNS records:</para>
|
||||
<para>The most commonly used <acronym>DNS</acronym> records:</para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
|
@ -3861,7 +3805,7 @@ www IN CNAME example.org.</programlisting>
|
|||
|
||||
<listitem>
|
||||
<para>a domain name pointer (used in reverse
|
||||
DNS)</para>
|
||||
<acronym>DNS</acronym>)</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
@ -3940,7 +3884,7 @@ mail IN A 192.168.1.5</programlisting>
|
|||
|
||||
<programlisting> IN A 192.168.1.1</programlisting>
|
||||
|
||||
<para>This line assigns IP address
|
||||
<para>This line assigns <acronym>IP</acronym> address
|
||||
<hostid role="ipaddr">192.168.1.1</hostid> to the current
|
||||
origin, in this case
|
||||
<hostid role="domainname">example.org</hostid>.</para>
|
||||
|
@ -3975,7 +3919,7 @@ mail IN A 192.168.1.5</programlisting>
|
|||
priority number), then the second highest, etc, until the
|
||||
mail can be properly delivered.</para>
|
||||
|
||||
<para>For in-addr.arpa zone files (reverse DNS), the same
|
||||
<para>For in-addr.arpa zone files (reverse <acronym>DNS</acronym>), the same
|
||||
format is used, except with PTR entries instead of A or
|
||||
CNAME.</para>
|
||||
|
||||
|
@ -3997,7 +3941,7 @@ mail IN A 192.168.1.5</programlisting>
|
|||
4 IN PTR mx.example.org.
|
||||
5 IN PTR mail.example.org.</programlisting>
|
||||
|
||||
<para>This file gives the proper IP address to hostname
|
||||
<para>This file gives the proper <acronym>IP</acronym> address to hostname
|
||||
mappings for the above fictitious domain.</para>
|
||||
|
||||
<para>It is worth noting that all names on the right side
|
||||
|
@ -4026,7 +3970,7 @@ mail IN A 192.168.1.5</programlisting>
|
|||
|
||||
<indexterm>
|
||||
<primary>BIND</primary>
|
||||
<secondary>DNS security extensions</secondary>
|
||||
<secondary><acronym>DNS</acronym> security extensions</secondary>
|
||||
</indexterm>
|
||||
|
||||
<para>Domain Name System Security Extensions, or <acronym
|
||||
|
@ -4391,7 +4335,7 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
|
|||
<sect2>
|
||||
<title>Security</title>
|
||||
|
||||
<para>Although BIND is the most common implementation of DNS,
|
||||
<para>Although BIND is the most common implementation of <acronym>DNS</acronym>,
|
||||
there is always the issue of security. Possible and
|
||||
exploitable security holes are sometimes found.</para>
|
||||
|
||||
|
@ -4437,7 +4381,7 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
|
|||
<listitem>
|
||||
<para><ulink
|
||||
url="http://www.oreilly.com/catalog/dns5/">O'Reilly
|
||||
DNS and BIND 5th Edition</ulink></para>
|
||||
<acronym>DNS</acronym> and BIND 5th Edition</ulink></para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
|
@ -4469,21 +4413,21 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
|
|||
<listitem>
|
||||
<para><ulink
|
||||
url="http://tools.ietf.org/html/rfc4033">RFC4033
|
||||
- DNS Security Introduction and
|
||||
- <acronym>DNS</acronym> Security Introduction and
|
||||
Requirements</ulink></para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para><ulink
|
||||
url="http://tools.ietf.org/html/rfc4034">RFC4034
|
||||
- Resource Records for the DNS Security
|
||||
- Resource Records for the <acronym>DNS</acronym> Security
|
||||
Extensions</ulink></para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para><ulink
|
||||
url="http://tools.ietf.org/html/rfc4035">RFC4035
|
||||
- Protocol Modifications for the DNS Security
|
||||
- Protocol Modifications for the <acronym>DNS</acronym> Security
|
||||
Extensions</ulink></para>
|
||||
</listitem>
|
||||
|
||||
|
@ -4496,7 +4440,7 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
|
|||
<listitem>
|
||||
<para><ulink
|
||||
url="http://tools.ietf.org/html/rfc5011">RFC 5011
|
||||
- Automated Updates of DNS Security
|
||||
- Automated Updates of <acronym>DNS</acronym> Security
|
||||
(<acronym>DNSSEC</acronym>
|
||||
Trust Anchors</ulink></para>
|
||||
</listitem>
|
||||
|
@ -4686,7 +4630,7 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
|
|||
types of Virtual Hosting. The first method is Name-based
|
||||
Virtual Hosting. Name-based virtual hosting uses the clients
|
||||
HTTP/1.1 headers to figure out the hostname. This allows many
|
||||
different domains to share the same IP address.</para>
|
||||
different domains to share the same <acronym>IP</acronym> address.</para>
|
||||
|
||||
<para>To setup <application>Apache</application> to use
|
||||
Name-based Virtual Hosting add an entry like the following to
|
||||
|
@ -5252,7 +5196,7 @@ DocumentRoot /www/someotherdomain.tld
|
|||
<para>This sets the NetBIOS name by which a
|
||||
<application>Samba</application> server is known.
|
||||
By default it is the same as the first component of
|
||||
the host's DNS name.</para>
|
||||
the host's <acronym>DNS</acronym> name.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
@ -5580,7 +5524,7 @@ driftfile /var/db/ntp.drift</programlisting>
|
|||
<programlisting>restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap</programlisting>
|
||||
|
||||
<para>instead, where
|
||||
<hostid role="ipaddr">192.168.1.0</hostid> is an IP address
|
||||
<hostid role="ipaddr">192.168.1.0</hostid> is an <acronym>IP</acronym> address
|
||||
on the network and
|
||||
<hostid role="netmask">255.255.255.0</hostid> is the
|
||||
network's netmask.</para>
|
||||
|
@ -6207,7 +6151,7 @@ iqn.2012-06.com.example:target0 10.10.10.10 Connected: da0</
|
|||
iqn.2012-06.com.example:target0 10.10.10.10 Waiting for iscsid(8)</programlisting>
|
||||
|
||||
<para>The following suggests network-level problem, such as
|
||||
wrong IP address or port:</para>
|
||||
wrong <acronym>IP</acronym> address or port:</para>
|
||||
|
||||
<programlisting>Target name Target addr State
|
||||
iqn.2012-06.com.example:target0 10.10.10.11 Connection refused</programlisting>
|
||||
|
|
Loading…
Reference in a new issue