os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add ~96 index entries

Browse source
This commit is contained in:
Murray Stokely 2001-06-26 00:09:52 +00:00
parent 620d344d8f
commit a04cbb22cc
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=9721
1 changed files with 105 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

129
en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml
View file

@ -1,7 +1,7 @@
<!--
The FreeBSD Documentation Project
$FreeBSD: doc/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml,v 1.47 2001/06/24 03:06:38 murray Exp $
$FreeBSD: doc/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml,v 1.48 2001/06/24 03:22:48 murray Exp $
-->
<chapter id="advanced-networking">
@ -21,6 +21,10 @@
<para><emphasis>Contributed by &a.gryphon;. 6 October
1995.</emphasis></para>
<indexterm><primary>route</primary></indexterm>
<indexterm><primary>routing</primary></indexterm>
<indexterm><primary>gateway</primary></indexterm>
<indexterm><primary>subnet</primary></indexterm>
<para>For one machine to be able to find another, there must be a
mechanism in place to describe how to get from one to the other. This is
called Routing. A <quote>route</quote> is a defined pair of addresses: a
@ -53,9 +57,11 @@ host2 0:e0:a8:37:8:1e UHLW 0 5 lo0 =>
host2.foobar.com link#1 UC 0 0
224 link#1 UC 0 0</screen>
<indexterm><primary>default route</primary></indexterm>
<para>The first two lines specify the default route (which we will cover
in the next section) and the <hostid>localhost</hostid> route.</para>
<indexterm><primary>loopback device</primary></indexterm>
<para>The interface (<literal>Netif</literal> column) that it specifies
to use for <literal>localhost</literal> is
<devicename>lo0</devicename>, also known as the loopback device. This
@ -63,6 +69,7 @@ host2.foobar.com link#1 UC 0 0
sending it out over the LAN, since it will only end up back where it
started anyway.</para>
<indexterm><primary>Ethernet</primary><secondary>MAC address</secondary></indexterm>
<para>The next thing that stands out are the <hostid
role="mac">0:e0:...</hostid> addresses. These are ethernet hardware
addresses. FreeBSD will automatically identify any hosts
@ -76,6 +83,7 @@ host2.foobar.com link#1 UC 0 0
Information Protocol), which figures out routes to local hosts based
upon a shortest path determination.</para>
<indexterm><primary>subnet</primary></indexterm>
<para>FreeBSD will also add subnet routes for the local subnet (<hostid
role="ipaddr">10.20.30.255</hostid> is the broadcast address for the
subnet <hostid role="ipaddr">10.20.30</hostid>, and <hostid
@ -164,6 +172,7 @@ host2.foobar.com link#1 UC 0 0
<sect2>
<title>Default routes</title>
<indexterm><primary>default route</primary></indexterm>
<para>When the local system needs to make a connection to remote host,
it checks the routing table to determine if a known path exists. If
the remote host falls into a subnet that we know how to reach (Cloned
@ -250,7 +259,7 @@ Local1 (10.20.30.1, 10.9.9.30) --&gt; T1-GW (10.9.9.1)
<sect2>
<title>Dual homed hosts</title>
<indexterm><primary>dual homed hosts</primary></indexterm>
<para>There is one other type of configuration that we should cover, and
that is a host that sits on two different networks. Technically, any
machine functioning as a gateway (in the example above, using a PPP
@ -275,7 +284,7 @@ Local1 (10.20.30.1, 10.9.9.30) --&gt; T1-GW (10.9.9.1)
<sect2>
<title>Routing propagation</title>
<indexterm><primary>routing propogation</primary></indexterm>
<para>We have already talked about how we define our routes to the
outside world, but not about how the outside world finds us.</para>
@ -306,7 +315,7 @@ Local1 (10.20.30.1, 10.9.9.30) --&gt; T1-GW (10.9.9.1)
<sect2>
<title>Troubleshooting</title>
<indexterm><primary>traceroute</primary></indexterm>
<para>Sometimes, there is a problem with routing propagation, and some
sites are unable to connect to you. Perhaps the most useful command
for trying to figure out where a routing is breaking down is the
@ -332,7 +341,8 @@ Local1 (10.20.30.1, 10.9.9.30) --&gt; T1-GW (10.9.9.1)
<sect2>
<title>Introduction</title>
<indexterm><primary>IP subnet</primary></indexterm>
<indexterm><primary>bridge</primary></indexterm>
<para>It is sometimes useful to divide one physical network (i.e., an
Ethernet segment) into two separate network segments, without having
to create IP subnets and use a router to connect the segments
@ -379,6 +389,8 @@ Local1 (10.20.30.1, 10.9.9.30) --&gt; T1-GW (10.9.9.1)
<sect3>
<title>Filtering/traffic shaping firewall</title>
<indexterm><primary>firewall</primary></indexterm>
<indexterm><primary>IP Masquerading</primary></indexterm>
<para>The second common situation is where firewall functionality is
needed without IP Masquerading (NAT).</para>
@ -389,6 +401,9 @@ Local1 (10.20.30.1, 10.9.9.30) --&gt; T1-GW (10.9.9.1)
router-based firewall is difficult because of subnetting
issues.</para>
<indexterm><primary>router</primary></indexterm>
<indexterm><primary>DSL</primary></indexterm>
<indexterm><primary>ISDN</primary></indexterm>
<para>A bridge-based firewall can be configured and dropped into the
path just downstream of their DSL/ISDN router without any IP
numbering issues.</para>
@ -411,6 +426,8 @@ Local1 (10.20.30.1, 10.9.9.30) --&gt; T1-GW (10.9.9.1)
<sect3>
<title>Kernel configuration changes</title>
<indexterm><primary>kernel configuration</primary></indexterm>
<indexterm><primary>kernel configuration</primary><secondary>options BRIDGE</secondary></indexterm>
<para>To enable kernel support for bridging, add the</para>
@ -422,7 +439,7 @@ Local1 (10.20.30.1, 10.9.9.30) --&gt; T1-GW (10.9.9.1)
<sect3>
<title>Firewall support</title>
<indexterm><primary>firewall</primary></indexterm>
<para>If you are planning to use the bridge as a firewall, you will
need to add the IPFIREWALL option as well. Read <xref
linkend="firewalls"> for general information on configuring the
@ -492,7 +509,7 @@ Local1 (10.20.30.1, 10.9.9.30) --&gt; T1-GW (10.9.9.1)
<title>NFS</title>
<para><emphasis>Written by &a.unfurl;, 4 March 2000.</emphasis></para>
<indexterm><primary>NFS</primary></indexterm>
<para>Among the many different file systems that FreeBSD supports is
a very unique type, the Network File System or NFS. NFS allows you
to share directories and files on one machine with one or more other
@ -534,7 +551,10 @@ Local1 (10.20.30.1, 10.9.9.30) --&gt; T1-GW (10.9.9.1)
processes have to be configured and running properly.</para>
<para>The server has to be running the following daemons:</para>
<indexterm><primary>NFS</primary><secondary>server</secondary></indexterm>
<indexterm><primary>portmap</primary></indexterm>
<indexterm><primary>mountd</primary></indexterm>
<indexterm><primary>nfsd</primary></indexterm>
<itemizedlist>
<listitem>
<para><command>nfsd</command> - The NFS Daemon which services
@ -555,7 +575,8 @@ Local1 (10.20.30.1, 10.9.9.30) --&gt; T1-GW (10.9.9.1)
</itemizedlist>
<para>The client side only needs to run a single daemon:</para>
<indexterm><primary>NFS</primary><secondary>client</secondary></indexterm>
<indexterm><primary>nfsiod</primary></indexterm>
<itemizedlist>
<listitem>
<para><command>nfsiod</command> - The NFS async I/O Daemon which
@ -566,6 +587,7 @@ Local1 (10.20.30.1, 10.9.9.30) --&gt; T1-GW (10.9.9.1)
<sect2>
<title>Configuring NFS</title>
<indexterm><primary>NFS</primary><secondary>configuration</secondary></indexterm>
<para>Luckily for us, on a FreeBSD system this setup is a snap. The
processes that need to be running can all be run at boot time with
@ -605,6 +627,7 @@ nfs_client_flags="-n 4"</programlisting>
<para>Here are a few example <filename>/etc/exports</filename>
entries:</para>
<indexterm><primary>NFS</primary><secondary>exporting filesystems</secondary></indexterm>
<para>The following line exports <filename>/cdrom</filename> to
three silly machines that have the same domain name as the server
(hence the lack of a domain name for each) or have entries in your
@ -665,7 +688,7 @@ nfs_client_flags="-n 4"</programlisting>
temporarily mount a remote file system or just want to test out
your config you can run a command like this as root on the
client:</para>
<indexterm><primary>NFS</primary><secondary>mounting filesystems</secondary></indexterm>
<screen>&prompt.root; <userinput>mount server:/home /mnt</userinput></screen>
<para>This will mount <filename>/home</filename> on the server on
@ -688,7 +711,7 @@ nfs_client_flags="-n 4"</programlisting>
<para>There are many very cool uses for NFS. Some of the more common
ones are listed below.</para>
<indexterm><primary>NFS</primary><secondary>uses</secondary></indexterm>
<itemizedlist>
<listitem>
<para>Have several machines on a network and share a CD-ROM or
@ -833,7 +856,7 @@ nfs_client_flags="-n 4"</programlisting>
<title>Diskless Operation</title>
<para><emphasis>Contributed by &a.martin;.</emphasis></para>
<indexterm><primary>diskless workstation</primary></indexterm>
<para><filename>netboot.com</filename>/<filename>netboot.rom</filename>
allow you to boot your FreeBSD machine over the network and run FreeBSD
without having a disk on your client. Under 2.0 it is now possible to
@ -854,11 +877,12 @@ nfs_client_flags="-n 4"</programlisting>
machines:</para>
<itemizedlist>
<indexterm><primary>HP-UX</primary></indexterm>
<listitem>
<para>HP9000/8xx running HP-UX 9.04 or later (pre 9.04 doesn't
work)</para>
</listitem>
<indexterm><primary>Solaris</primary></indexterm>
<listitem>
<para>Sun/Solaris 2.3. (you may need to get bootp)</para>
</listitem>
@ -881,6 +905,8 @@ nfs_client_flags="-n 4"</programlisting>
</step>
<step>
<indexterm><primary>TFTP</primary></indexterm>
<indexterm><primary>bootp</primary></indexterm>
<para>Set up a TFTP server (on same machine as bootp server) to
provide booting information to client. The name of this file is
<filename>cfg.<replaceable>X.X.X.X</replaceable></filename> (or
@ -1000,6 +1026,7 @@ hostname myclient.mydomain</programlisting>
</step>
<step>
<indexterm><primary>NFS</primary><secondary>swapping over</secondary></indexterm>
<para>If you are swapping over NFS (completely diskless
configuration) create a swap file for your client using
<command>dd</command>. If your <command>swapfs</command> command
@ -1109,6 +1136,7 @@ hostname myclient.mydomain</programlisting>
<para><emphasis>Contributed by &a.hm;.</emphasis></para>
<indexterm><primary>ISDN</primary><secondary>cards</secondary></indexterm>
<para>This section is really only relevant to ISDN users in countries
where the DSS1/Q.931 ISDN standard is supported.</para>
@ -1117,6 +1145,7 @@ hostname myclient.mydomain</programlisting>
development but the reports show that it is successfully used all over
Europe.</para>
<indexterm><primary>isdn4bsd</primary></indexterm>
<para>The latest isdn4bsd version is available from <ulink
url="ftp://isdn4bsd@ftp.consol.de/pub/">ftp://isdn4bsd@ftp.consol.de/pub/</ulink>,
the main isdn4bsd ftp site (you have to log in as user
@ -1154,7 +1183,7 @@ hostname myclient.mydomain</programlisting>
<para>Terminal adapters(TA), are to ISDN what modems are to regular
phone lines.</para>
<indexterm><primary>modem</primary></indexterm>
<para>Most TA's use the standard hayes modem AT command set, and can be
used as a drop in replacement for a modem.</para>
@ -1163,7 +1192,7 @@ hostname myclient.mydomain</programlisting>
will need to configure <link linkend="ppp">PPP</link> exactly the same
as for a modem setup. Make sure you set your serial speed as high as
possible.</para>
<indexterm><primary>PPP</primary></indexterm>
<para>The main advantage of using a TA to connect to an Internet
Provider is that you can do Dynamic PPP. As IP address space becomes
more and more scarce, most providers are not willing to provide you
@ -1228,7 +1257,7 @@ hostname myclient.mydomain</programlisting>
<sect2>
<title>Stand-alone ISDN Bridges/Routers</title>
<indexterm><primary>ISDN</primary><secondary>stand-alone bridges/routers</secondary></indexterm>
<para>ISDN bridges or routers are not at all specific to FreeBSD
or any other operating system. For a more complete
description of routing and bridging technology, please refer
@ -1266,6 +1295,7 @@ hostname myclient.mydomain</programlisting>
<example>
<title>Branch office or Home network</title>
<indexterm><primary>10 base 2</primary></indexterm>
<para>Network uses a bus based topology with 10 base 2
Ethernet ("thinnet"). Connect router to network cable with
AUI/10BT transceiver, if necessary.</para>
@ -1300,6 +1330,7 @@ ISDN BRI line</literallayout>
<example>
<title>Head office or other LAN</title>
<indexterm><primary>10 base T</primary></indexterm>
<para>Network uses a star topology with 10 base T Ethernet
("Twisted Pair").</para>
@ -1344,6 +1375,7 @@ ISDN BRI line</literallayout>
dial-in, dial-out or dynamically bond(MPP etc.) with the first B channel
for more bandwidth.</para>
<indexterm><primary>IPX/SPX</primary></indexterm>
<para>An Ethernet bridge will also allow you to transmit more than just
IP traffic, you can also send IPX/SPX or whatever other protocols you
use.</para>
@ -1360,16 +1392,24 @@ ISDN BRI line</literallayout>
<sect2>
<title>What is it?</title>
<indexterm><primary>NIS</primary></indexterm>
<indexterm><primary>Solaris</primary></indexterm>
<indexterm><primary>HP-UX</primary></indexterm>
<indexterm><primary>AIX</primary></indexterm>
<indexterm><primary>Linux</primary></indexterm>
<indexterm><primary>NetBSD</primary></indexterm>
<indexterm><primary>OpenBSD</primary></indexterm>
<para>NIS, which stands for Network Information Services, was
developed by Sun Microsystems to centralize administration of Unix
(originally SunOS) systems. It has now essentially become an
industry standard; all major Unices (Solaris, HP-UX, AIX, Linux,
NetBSD, OpenBSD, FreeBSD, etc) support NIS.</para>
<indexterm><primary>yellow pages (see NIS)</primary></indexterm>
<para>NIS was formerly known as Yellow Pages (or yp), but due to
copyright violations, Sun was forced to change the name.</para>
<indexterm><primary>NIS</primary><secondary>domains</secondary></indexterm>
<para>It is a RPC-based client/server system that allows a group
of machines within an NIS domain to share a common set of
configuration files. This permits a system administrator to set
@ -1377,6 +1417,7 @@ ISDN BRI line</literallayout>
add, remove or modify configuration data from a single
location.</para>
<indexterm><primary>Windows NT</primary></indexterm>
<para>It is similar to Windows NT's domain system; although the
internal implementation of the two aren't at all similar,
the basic functionality can be compared.</para>
@ -1397,6 +1438,7 @@ ISDN BRI line</literallayout>
a NIS domainname. Similar to an NT domain name, the NIS
domainname does not have anything to do with DNS.</para>
</listitem>
<indexterm><primary>portmap</primary></indexterm>
<listitem>
<para><emphasis>portmap</emphasis>. <command>portmap</command>
must be running in order to enable RPC (Remote Procedure Call, a
@ -1462,6 +1504,7 @@ ISDN BRI line</literallayout>
<title>Machine types</title>
<itemizedlist>
<indexterm><primary>NIS</primary><secondary>master server</secondary></indexterm>
<listitem>
<para>A <emphasis>NIS master server</emphasis>.
This server, analogous to a Windows
@ -1475,6 +1518,7 @@ ISDN BRI line</literallayout>
not be covered in this introduction, which assumes a relatively
small-scale NIS environment.</para></note>
</listitem>
<indexterm><primary>NIS</primary><secondary>slave server</secondary></indexterm>
<listitem>
<para><emphasis>NIS slave servers</emphasis>.
Similar to NT's backup domain
@ -1485,6 +1529,7 @@ ISDN BRI line</literallayout>
attach to the NIS server whose response they get first, and
this includes slave-server-replies.</para>
</listitem>
<indexterm><primary>NIS</primary><secondary>client</secondary></indexterm>
<listitem>
<para><emphasis>NIS clients</emphasis>. NIS clients, like most
NT workstations, authenticate against the NIS server (or the NT
@ -1571,6 +1616,7 @@ ISDN BRI line</literallayout>
<sect4>
<title>Choosing a NIS Domain Name</title>
<indexterm><primary>NIS</primary><secondary>domainname</secondary></indexterm>
<para>This might not be the <quote>domainname</quote> that you
are used to. It is more accurately called the
<quote>NIS domainname</quote>. When a client broadcasts its
@ -1589,6 +1635,7 @@ ISDN BRI line</literallayout>
"acme-art" NIS domain. For this example, assume you have
chosen the name <emphasis>test-domain</emphasis>.</para>
<indexterm><primary>SunOS</primary></indexterm>
<para>However, some operating systems (notably SunOS) use their
NIS domain name as their Internet domain name.
If one or more machines on your network have this restriction,
@ -1640,7 +1687,7 @@ ISDN BRI line</literallayout>
<sect4>
<title>Setting up a NIS master server</title>
<indexterm><primary>NIS</primary><secondary>server configuration</secondary></indexterm>
<para>Setting up a master NIS server can be relatively straight
forward, depending on your needs. FreeBSD comes with support
for NIS out-of-the-box. All you need is to add the following
@ -1675,7 +1722,7 @@ ISDN BRI line</literallayout>
<sect4>
<title>Initializing the NIS maps</title>
<indexterm><primary>NIS maps</primary></indexterm>
<para>The <emphasis>NIS maps</emphasis> are database files,
that are kept in the <filename>/var/yp</filename> directory.
They are generated from configuration files in the
@ -1702,6 +1749,7 @@ ISDN BRI line</literallayout>
nor world readable (mode 600)! Use the
<command>chmod</command> command, if appropriate.</para></note>
<indexterm><primary>Tru64 Unix</primary></indexterm>
<para>When you have finished, it's time to initialize the NIS
maps! FreeBSD includes a script named
<command>ypinit</command> to do this for you
@ -1760,7 +1808,8 @@ ellington&prompt.root; <userinput>vi /var/yp/Makefile</userinput>
<sect4>
<title>Setting up a NIS slave server</title>
<indexterm><primary>NIS</primary><secondary>configuring a
slave server</secondary></indexterm>
<para>Setting up an NIS slave server is even more simple than
setting up the master. Log on to the slave server and edit the
file <filename>/etc/rc.conf</filename> as you did before.
@ -1881,7 +1930,7 @@ Don't forget to update map ypservers on ellington.</screen>
<sect4>
<title>Setting up an NIS client</title>
<indexterm><primary>NIS</primary><secondary>client configuration</secondary></indexterm>
<para>Setting up a FreeBSD machine to be a NIS client is fairly
straightforward.</para>
@ -1994,6 +2043,7 @@ nis_client_enable="YES"</programlisting>
really bad idea and will lead to loss of NIS functionality
for large parts of your network.</para>
<indexterm><primary>tcpwrapper</primary></indexterm>
<para>The use of the <application>tcpwrapper</application>
package increases the latency of your NIS server. The
additional delay may be long enough to cause timeouts in
@ -2060,6 +2110,7 @@ basie&prompt.root;</screen>
<sect2 id="netgroups">
<title>Using netgroups</title>
<indexterm><primary>netgroups</primary></indexterm>
<para><emphasis>The netgroups part was contributed by
Udo Erdelhoff <email>ue@nathan.ruhr.de</email> in July
@ -2240,6 +2291,7 @@ INTERNS (,able,test-domain) (,baker,test-domain)</programlisting>
&man.netgroup.5; for details.</para>
<note>
<indexterm><primary>netgroups</primary></indexterm>
<para>Netgroup names longer than 8 characters should not be
used, especially if you have machines running other
operating systems within your NIS domain. The names are
@ -2539,7 +2591,7 @@ TWO (,hotel,test-domain)
<sect2>
<title>libscrypt v.s. libdescrypt</title>
<indexterm><primary>NIS</primary><secondary>crypto library</secondary></indexterm>
<para>One of the most common issues that people run into when trying
to implement NIS is crypt library compatibility. If your NIS
server is using the DES crypt libraries, it will only support
@ -2588,6 +2640,8 @@ lrwxr-xr-x 1 root wheel 14 Nov 8 14:27 /usr/lib/libscrypt.so@ -> libscryp
<sect2>
<title>What is DHCP?</title>
<indexterm><primary>Dynamic Host Configuration Protocol (DHCP)</primary></indexterm>
<indexterm><primary>Internet Software Consortium (ISC)</primary></indexterm>
<para>DHCP, the Dynamic Host Configuration Protocol, describes
the means by which a system can connect to a network and obtain the
@ -2609,7 +2663,7 @@ lrwxr-xr-x 1 root wheel 14 Nov 8 14:27 /usr/lib/libscrypt.so@ -> libscryp
<sect2>
<title>How it Works</title>
<indexterm><primary>UDP</primary></indexterm>
<para>When dhclient, the DHCP client, is executed on the client
machine, it begins broadcasting requests for configuration
information. By default, these requests are on UDP port 68. The
@ -2635,7 +2689,7 @@ lrwxr-xr-x 1 root wheel 14 Nov 8 14:27 /usr/lib/libscrypt.so@ -> libscryp
for detailed knowledge of network configurations on any network
that runs a DHCP server. <command>dhclient</command> has been
included in all FreeBSD distributions since 3.2.</para>
<indexterm><primary>sysinstall</primary></indexterm>
<para>DHCP is supported by <application>sysinstall</application>.
When configuring a network interface within sysinstall,
the first question asked is, "Do you want to try dhcp
@ -2645,7 +2699,7 @@ lrwxr-xr-x 1 root wheel 14 Nov 8 14:27 /usr/lib/libscrypt.so@ -> libscryp
<para>There are two things you must do to have your system use
DHCP upon startup:</para>
<indexterm><primary>DHCP</primary><secondary>requirements</secondary></indexterm>
<itemizedlist>
<listitem>
<para>Make sure that the <devicename>bpf</devicename>
@ -2694,6 +2748,7 @@ dhcp_flags=""</programlisting>
</listitem>
</itemizedlist>
<indexterm><primary>DHCP</primary><secondary>server</secondary></indexterm>
<para>The DHCP server, <command>dhcpd</command>, is included
as part of the <literal>isc-dhcp2</literal> port in the ports
collection. This port contains the full ISC DHCP distribution,
@ -2703,7 +2758,7 @@ dhcp_flags=""</programlisting>
<sect2>
<title>Files</title>
<indexterm><primary>DHCP</primary><secondary>configuration files</secondary></indexterm>
<itemizedlist>
<listitem><para><filename>/etc/dhclient.conf</filename></para>
<para><command>dhclient</command> requires a configuration file,
@ -2754,6 +2809,8 @@ dhcp_flags=""</programlisting>
<sect2>
<title>Overview</title>
<indexterm><primary>BIND</primary></indexterm>
<para>FreeBSD utilizes, by default, a version of BIND (Berkeley
Internet Name Domain), which is the most common implementation of the
DNS protocol. DNS is the protocol through which names are mapped to
@ -2764,6 +2821,7 @@ dhcp_flags=""</programlisting>
happen. A query for an IP address can resolve its hostname.
</para>
<indexterm><primary>DNS</primary></indexterm>
<para>DNS is coordinated across the Internet through a somewhat
complex system of authoritative root name servers, and other
smaller-scale nameservers who host and relay individual domain
@ -2789,6 +2847,7 @@ dhcp_flags=""</programlisting>
<sect2>
<title>Terminology</title>
<indexterm><primary>zones</primary></indexterm>
<para><emphasis>zone</emphasis> - Each individual domain, subdomain,
or 'area' dictated by DNS is considered a zone.
</para>
@ -2822,10 +2881,12 @@ dhcp_flags=""</programlisting>
common names for the BIND name server package within FreeBSD.
</para>
<indexterm><primary>resolver</primary></indexterm>
<para><emphasis>resolver</emphasis> - a network process by which a
system queries a nameserver for answers
</para>
<indexterm><primary>root zone</primary></indexterm>
<para><emphasis>root zone</emphasis> - literally, a '.', refers to
the root, or beginning zone. All zones fall under this, as do all
files in fall under the root directory. It is the beginning of the
@ -2840,6 +2901,7 @@ dhcp_flags=""</programlisting>
addresses
</para>
<indexterm><primary>reverse DNS</primary></indexterm>
<para><emphasis>reverse dns</emphasis> - the opposite, mapping of ip
addresses to hostnames
</para>
@ -2940,6 +3002,7 @@ dhcp_flags=""</programlisting>
<sect2>
<title>Starting BIND</title>
<indexterm><primary>BIND</primary><secondary>starting</secondary></indexterm>
<para>
Since bind is installed by default, configuring it all is
relatively simple.
@ -2955,6 +3018,7 @@ dhcp_flags=""</programlisting>
<sect2>
<title>Configuration files</title>
<indexterm><primary>BIND</primary><secondary>configuration files</secondary></indexterm>
<sect3>
<title>make-localhost</title>
<para>Be sure to
@ -2970,7 +3034,7 @@ dhcp_flags=""</programlisting>
<sect3>
<title><filename>/etc/namedb/named.conf</filename></title>
<programlisting>// $FreeBSD: doc/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml,v 1.47 2001/06/24 03:06:38 murray Exp $
<programlisting>// $FreeBSD: doc/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml,v 1.48 2001/06/24 03:22:48 murray Exp $
//
// Refer to the named(8) man page for details. If you are ever going
// to setup a primary server, make sure you've understood the hairy
@ -3181,6 +3245,7 @@ www IN CNAME @
</para>
<programlisting>recordname IN recordtype value</programlisting>
<indexterm><primary>DNS</primary><secondary>records</secondary></indexterm>
<para>
The most commonly used DNS records:
</para>
@ -3305,6 +3370,7 @@ www IN CNAME @
<sect2>
<title>Caching Name Server</title>
<indexterm><primary>BIND</primary><secondary>caching name server</secondary></indexterm>
<para>
A caching nameserver is simply a nameserver that is not
authoritative for any zones. It simply asks queries of its own,
@ -3315,11 +3381,12 @@ www IN CNAME @
<sect2 id="named-sandbox">
<title>Running named in a Sandbox</title>
<indexterm><primary>BIND</primary><secondary>running in a sandbox</secondary></indexterm>
<para><emphasis>Contributed by Mike Makonnen
<email>mike_makonnen@yahoo.com</email>, May 1, 2001</emphasis>
</para>
<indexterm><primary>chroot</primary></indexterm>
<para>For added security you may want to run &man.named.8; in a
sandbox. This will reduce the potential damage should it be
compromised. If you include a sandbox directory in its command
@ -3485,6 +3552,7 @@ www IN CNAME @
<sect2 id="overview">
<title>Overview</title>
<indexterm><primary>natd</primary></indexterm>
<para>FreeBSD's Network Address Translation daemon, commonly known as
&man.natd.8; is a daemon that accepts incoming raw IP packets,
changes the source to the local machine and re-injects these packets
@ -3492,7 +3560,8 @@ www IN CNAME @
the source ip and port such that when data is received back, it is
able to determine the original location of the data and forward it
back to its original requestor.</para>
<indexterm><primary>Internet connection sharing</primary></indexterm>
<indexterm><primary>IP masquerading</primary></indexterm>
<para>The most common use of NAT is to perform what is commonly known as
Internet Connection Sharing.</para>
</sect2>
@ -3542,6 +3611,7 @@ www IN CNAME @
</sect2>
<sect2 id="configuration">
<indexterm><primary>kernel</primary><secondary>configuration</secondary></indexterm>
<title>Configuration</title>
<para>The following options must be in the kernel configuration
file:</para>
@ -3657,6 +3727,7 @@ natd_flags=""</programlisting>
<sect2 id="address-redirection">
<title>Address Redirection</title>
<indexterm><primary>address redirection</primary></indexterm>
<para>Address redirection is useful if several ips are available, yet
they must be on one machine. With this, &man.natd.8; can assign each
LAN client its own external ip. &man.natd.8; then rewrites outgoing