Page 178 - DCAP106_OPERATING_SYSTEM_TOOLS
P. 178

Unit 10: Servers




                                                                                                Notes
                                  Table 10.1: Keywords in /etc/resolv.conf
             Keyword      Value
             Nameserver   IP address of your DNS nameserver. There should be only one entry per
                          "nameserver" keyword. If there is more than one nameserver, you’ll need to
                          have multiple "nameserver" lines.
             Domain       The local domain name to be used by default. If the server is bigboy.my-web-
                          site.org, then the entry would just be my-web-site.org
             Search       If you refer to another server just by its name without the domain added on,
                          DNS on your client will append the server name to each domain in this list and
                          do a DNS lookup on each to get the remote servers’ IP address. This is a handy
                          time saving feature to have so that you can refer to servers in the same domain
                          by only their server name without having to specify the domain. The domains
                          in this list must separated by spaces.


          Obtain a sample configuration in which the client server’s main domain is my-site.com, but it also
          is a member of domains my-site.net and my-site.org, which should be searched for shorthand
          references  to other servers. Two name servers, 192.168.1.100 and  192.168.1.102, provide  DNS
          name resolution:

          search my-site.com my-site.net my-site.org
          nameserver 192.168.1.100
          nameserver 192.168.1.102
          The first domain scheduled after the search directive must be the home domain of your network,
          in our case ignou.ac.in. Placing a domain and search entry in the /etc/resolv.conf is redundant,
          therefore.

          Important File Locations

          The locations of the BIND configuration files vary by Linux distribution, as you will soon see.

          z z  RedHat/Fedora:
               RedHat/Fedora BIND normally runs as the named process owned by the unprivileged
               named user.
               Sometimes BIND is also installed using Linux’s chroot characteristic to not only run named
               as user named, but also to limit the files named can see. When installed, named is fooled
               into thinking that the directory /var/named/chroot is actually the root or / directory.
               Therefore, named files normally found in the /etc directory are found in /var/named/
               chroot/etc directory instead, and those you’d expect to find in /var/named are actually
               located in /var/named/chroot/var/named.
               The benefit of the chroot feature is that if a hacker enters your system via a BIND exploit, the
               hacker’s access to the rest of your system is isolated to the files under the chroot directory
               and nothing else. This type of security is also known as a chroot jail.
               You can determine whether you have the chroot add-on RPM by using this command,
               which returns the name of the RPM.
               [root@bigboy tmp]# rpm -q bind-chroot
               bind-chroot-9.2.3-13
               [root@bigboy tmp]#





                                           LOVELY PROFESSIONAL UNIVERSITY                                   171
   173   174   175   176   177   178   179   180   181   182   183