Attack of the spelling and grammar police. Things like nameserver and
mailserver are two words, folks.
This commit is contained in:
Jim Mock
parent
017cb38c08
commit
f43590590d
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=10309
1 changed files with 39 additions and 39 deletions
|
|
@ -1,7 +1,7 @@
|
|||
<!--
|
||||
The FreeBSD Documentation Project
|
||||
|
||||
$FreeBSD: doc/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml,v 1.77 2001/08/10 01:06:45 murray Exp $
|
||||
$FreeBSD: doc/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml,v 1.78 2001/08/10 22:58:09 chern Exp $
|
||||
-->
|
||||
|
||||
<chapter id="advanced-networking">
|
||||
|
|
@ -292,7 +292,7 @@ Local1 (10.20.30.1, 10.9.9.30) --> T1-GW (10.9.9.1)
|
|||
|
||||
<sect2>
|
||||
<title>Routing Propagation</title>
|
||||
<indexterm><primary>routing propogation</primary></indexterm>
|
||||
<indexterm><primary>routing propagation</primary></indexterm>
|
||||
<para>We have already talked about how we define our routes to the
|
||||
outside world, but not about how the outside world finds us.</para>
|
||||
|
||||
|
|
@ -734,7 +734,7 @@ nfs_client_flags="-n 4"</programlisting>
|
|||
server's name will be <literal>server</literal> and the client's
|
||||
name will be <literal>client</literal>. If you just want to
|
||||
temporarily mount a remote file system or just want to test out
|
||||
your config you can run a command like this as root on the
|
||||
your configuration you can run a command like this as root on the
|
||||
client:</para>
|
||||
<indexterm>
|
||||
<primary>NFS</primary>
|
||||
|
|
@ -813,7 +813,7 @@ nfs_client_flags="-n 4"</programlisting>
|
|||
<indexterm><primary>AMD</primary></indexterm>
|
||||
<indexterm><primary>automatic mounter daemon</primary></indexterm>
|
||||
|
||||
<para>AMD is a usefull utility used for automatically mounting a
|
||||
<para>AMD is a useful utility used for automatically mounting a
|
||||
filesystem whenever a file or directory within that filesystem is
|
||||
accessed. It will also unmount that filesystem when it has not
|
||||
been used for a time.</para>
|
||||
|
|
@ -829,10 +829,10 @@ nfs_client_flags="-n 4"</programlisting>
|
|||
this:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>Someone cd's into
|
||||
<listitem><para>Someone <command>cd</command>'s into
|
||||
<filename>/host/${HOSTNAME}/exported_filesystem</filename>.</para></listitem>
|
||||
|
||||
<listitem><para>AMD recieves the lookup request, and takes the
|
||||
<listitem><para>AMD receives the lookup request, and takes the
|
||||
<varname>${HOSTNAME}</varname> token.</para></listitem>
|
||||
|
||||
<listitem><para>AMD attempts to resolve the HOSTNAME
|
||||
|
|
@ -840,7 +840,7 @@ nfs_client_flags="-n 4"</programlisting>
|
|||
<filename>/host/${HOSTNAME}/</filename> directory.</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>Setting up amd is actually quite simple, perhaps deceptively
|
||||
<para>Setting up <application>amd</application> is actually quite simple, perhaps deceptively
|
||||
so:</para>
|
||||
|
||||
<para>Put <varname>amd_enable="YES"</varname> in the
|
||||
|
|
@ -2891,7 +2891,7 @@ lrwxr-xr-x 1 root wheel 14 Nov 8 14:27 libscrypt.so@ -> libscrypt.so.2
|
|||
</indexterm>
|
||||
<para>DHCP is supported by <application>sysinstall</application>.
|
||||
When configuring a network interface within sysinstall,
|
||||
the first question asked is, "Do you want to try dhcp
|
||||
the first question asked is, "Do you want to try DHCP
|
||||
configuration of this interface?" Answering affirmatively will
|
||||
execute dhclient, and if successful, will fill in the network
|
||||
configuration information automatically.</para>
|
||||
|
|
@ -3031,17 +3031,17 @@ dhcp_flags=""</programlisting>
|
|||
IP addresses, and vice versa. For example, a query for
|
||||
<hostid>www.freebsd.org</hostid>
|
||||
will receive a reply with the IP address of The FreeBSD Project's
|
||||
webpage, whereas, a query for <hostid>ftp.freebsd.org</hostid>
|
||||
web server, whereas, a query for <hostid>ftp.freebsd.org</hostid>
|
||||
will return the IP
|
||||
address of the corresponding FTP machine. Likewise, the opposite can
|
||||
happen. A query for an IP address can resolve its hostname. It is
|
||||
not necessary to run a nameserver to perform DNS lookups on a system.
|
||||
not necessary to run a name server to perform DNS lookups on a system.
|
||||
</para>
|
||||
|
||||
<indexterm><primary>DNS</primary></indexterm>
|
||||
<para>DNS is coordinated across the Internet through a somewhat
|
||||
complex system of authoritative root name servers, and other
|
||||
smaller-scale nameservers who host and cache individual domain
|
||||
smaller-scale name servers who host and cache individual domain
|
||||
information.
|
||||
</para>
|
||||
|
||||
|
|
@ -3079,7 +3079,7 @@ dhcp_flags=""</programlisting>
|
|||
|
||||
<tbody>
|
||||
<row>
|
||||
<entry>forward dns</entry>
|
||||
<entry>forward DNS</entry>
|
||||
<entry>mapping of hostnames to IP addresses</entry>
|
||||
</row>
|
||||
|
||||
|
|
@ -3099,10 +3099,10 @@ dhcp_flags=""</programlisting>
|
|||
<row>
|
||||
<entry>resolver</entry>
|
||||
<entry>a system process through which a
|
||||
machine queries a nameserver for zone information</entry>
|
||||
machine queries a name server for zone information</entry>
|
||||
</row>
|
||||
|
||||
<indexterm><primary>reverse dns</primary></indexterm>
|
||||
<indexterm><primary>reverse DNS</primary></indexterm>
|
||||
<row>
|
||||
<entry>reverse DNS</entry>
|
||||
<entry>the opposite of forward DNS, mapping of IP addresses to
|
||||
|
|
@ -3172,7 +3172,7 @@ dhcp_flags=""</programlisting>
|
|||
<title>Reasons to Run a Name Server</title>
|
||||
|
||||
<para>Name servers usually come in two forms: an authoritative
|
||||
name server, and a caching nameserver.</para>
|
||||
name server, and a caching name server.</para>
|
||||
|
||||
<para>An authoritative name server is needed when:</para>
|
||||
|
||||
|
|
@ -3296,7 +3296,7 @@ dhcp_flags=""</programlisting>
|
|||
</para>
|
||||
<screen>&prompt.root; <userinput>cd /etc/namedb</userinput>
|
||||
&prompt.root; <userinput>sh make-localhost</userinput></screen>
|
||||
<para>to properly create the local reverse dns zone file in
|
||||
<para>to properly create the local reverse DNS zone file in
|
||||
<filename>/etc/namedb/localhost.rev</filename>.
|
||||
</para>
|
||||
</sect3>
|
||||
|
|
@ -3334,20 +3334,20 @@ Internet.
|
|||
<para>
|
||||
Just as the comment says, to benefit from an uplink's cache,
|
||||
<literal>forwarders</literal> can be enabled here. Under normal
|
||||
circumstances, a nameserver will recursively query the Internet
|
||||
looking at certain nameservers until it finds the answer it is
|
||||
circumstances, a name server will recursively query the Internet
|
||||
looking at certain name servers until it finds the answer it is
|
||||
looking for. Having this enabled will have it query the uplink's
|
||||
nameserver (or nameserver provided) first, taking advantage of
|
||||
its cache. If the uplink nameserver in question is a heavily
|
||||
trafficked, fast nameserver, enabling this may be worthwhile.
|
||||
name server (or name server provided) first, taking advantage of
|
||||
its cache. If the uplink name server in question is a heavily
|
||||
trafficked, fast name server, enabling this may be worthwhile.
|
||||
</para>
|
||||
|
||||
<warning><para>127.0.0.1 will <emphasis>not</emphasis> work here.
|
||||
Change this IP address to a nameserver at your uplink.</para>
|
||||
Change this IP address to a name server at your uplink.</para>
|
||||
</warning>
|
||||
|
||||
<programlisting> /*
|
||||
* If there is a firewall between you and nameservers you want
|
||||
* If there is a firewall between you and name servers you want
|
||||
* to talk to, you might need to uncomment the query-source
|
||||
* directive below. Previous versions of BIND always asked
|
||||
* questions using port 53, but BIND 8.1 uses an unprivileged
|
||||
|
|
@ -3467,9 +3467,9 @@ zone "0.168.192.in-addr.arpa" {
|
|||
};</programlisting>
|
||||
|
||||
<para>In the slave case, the zone information is transferred from
|
||||
the master nameserver for the particular zone, and saved in the
|
||||
the master name server for the particular zone, and saved in the
|
||||
file specified. If and when the master server dies or is
|
||||
unreachable, the slave nameserver will have the transferred
|
||||
unreachable, the slave name server will have the transferred
|
||||
zone information and will be able to serve it.</para>
|
||||
</sect3>
|
||||
|
||||
|
|
@ -3541,7 +3541,7 @@ www IN CNAME @
|
|||
<varlistentry>
|
||||
<term>NS</term>
|
||||
|
||||
<listitem><para>an authoritative nameserver</para></listitem>
|
||||
<listitem><para>an authoritative name server</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
|
@ -3565,7 +3565,7 @@ www IN CNAME @
|
|||
<varlistentry>
|
||||
<term>PTR</term>
|
||||
|
||||
<listitem><para>a domain name pointer (used in reverse dns)
|
||||
<listitem><para>a domain name pointer (used in reverse DNS)
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
|
@ -3591,7 +3591,7 @@ foobardomain.org. IN SOA ns1.foobardomain.org. admin.foobardomain.org. (
|
|||
<varlistentry>
|
||||
<term><hostid>ns1.foobardomain.org.</hostid></term>
|
||||
|
||||
<listitem><para>the primary/authoritative nameserver for this
|
||||
<listitem><para>the primary/authoritative name server for this
|
||||
zone</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
|
@ -3615,7 +3615,7 @@ foobardomain.org. IN SOA ns1.foobardomain.org. admin.foobardomain.org. (
|
|||
number. 2001041002 would mean last modified 04/10/2001,
|
||||
the latter 02 being the second time the zone file has
|
||||
been modified this day. The serial number is important
|
||||
as it alerts slave nameservers for a zone when it is
|
||||
as it alerts slave name servers for a zone when it is
|
||||
updated.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
|
@ -3625,7 +3625,7 @@ foobardomain.org. IN SOA ns1.foobardomain.org. admin.foobardomain.org. (
|
|||
@ IN NS ns1.foobardomain.org.</programlisting>
|
||||
|
||||
<para>
|
||||
This is an <varname>NS</varname> entry. Every nameserver that is going to reply
|
||||
This is an <varname>NS</varname> entry. Every name server that is going to reply
|
||||
authoritatively for the zone must have one of these entries.
|
||||
The <literal>@</literal> as seen here could have been
|
||||
<literal>foobardomain.org.</literal>
|
||||
|
|
@ -3667,18 +3667,18 @@ www IN CNAME @</programlisting>
|
|||
The <varname>MX</varname> record indicates which mail servers are responsible
|
||||
for handling incoming mail for the zone.
|
||||
mail.foobardomain.org is the hostname of the mail server,
|
||||
and 10 being the priority of that mailserver.
|
||||
and 10 being the priority of that mail server.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
One can have several mailservers, with priorities of 3, 2,
|
||||
One can have several mail servers, with priorities of 3, 2,
|
||||
1. A mail server attempting to deliver to foobardomain.org
|
||||
would first try the highest priority MX, then the second
|
||||
highest, etc, until the mail can be properly delivered.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
For in-addr.arpa zone files (reverse dns), the same format is
|
||||
For in-addr.arpa zone files (reverse DNS), the same format is
|
||||
used, except with <varname>PTR</varname> entries instead of
|
||||
<varname>A</varname> or <varname>CNAME</varname>.
|
||||
</para>
|
||||
|
|
@ -3713,7 +3713,7 @@ www IN CNAME @</programlisting>
|
|||
<secondary>caching name server</secondary>
|
||||
</indexterm>
|
||||
<para>
|
||||
A caching nameserver is a nameserver that is not
|
||||
A caching name server is a name server that is not
|
||||
authoritative for any zones. It simply asks queries of its own,
|
||||
and remembers them for later use. To set one up, just configure
|
||||
the name server as usual, omitting any inclusions of zones.
|
||||
|
|
@ -3828,15 +3828,15 @@ www IN CNAME @</programlisting>
|
|||
<sect2>
|
||||
<title>How to Use the Name Server</title>
|
||||
|
||||
<para>If setup properly, the nameserver should be accessible through
|
||||
<para>If setup properly, the name server should be accessible through
|
||||
the network and locally. <filename>/etc/resolv.conf</filename> must
|
||||
contain a nameserver entry with the local IP address so it will query the
|
||||
contain a name server entry with the local IP address so it will query the
|
||||
local name server first.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
To access it over the network, the machine must have the
|
||||
nameserver's IP address set properly in its own nameserver
|
||||
name server's IP address set properly in its own name server
|
||||
configuration options.
|
||||
</para>
|
||||
</sect2>
|
||||
|
|
@ -3932,7 +3932,7 @@ www IN CNAME @</programlisting>
|
|||
|
||||
<sect2 id="setup">
|
||||
<title>Setup</title>
|
||||
<para>Due to the diminishing IP space in ipv4, and the increased number
|
||||
<para>Due to the diminishing IP space in IPv4, and the increased number
|
||||
of users on high-speed consumer lines such as cable or DSL, people are
|
||||
in more and more need of an Internet Connection Sharing solution. The
|
||||
ability to connect several computers online through one connection and
|
||||
|
|
@ -4553,7 +4553,7 @@ server-program-arguments</programlisting>
|
|||
not be desired at all because they provide an attacker with too
|
||||
much information.</para>
|
||||
|
||||
<para>Some daemons are not security-concious and have long, or
|
||||
<para>Some daemons are not security-conscious and have long, or
|
||||
non-existent timeouts for connection attempts. This allows an
|
||||
attacker to slowly send connections to a particular daemon, thus
|
||||
saturating available resources. It may be a good idea to place
|
||||
|
|
|
|||
Loading…
Reference in a new issue