Hence the logs will appear wherever your syslog. I'd look in the default system log. There are two verification tools, one for the configuration file itself, and one for zone files. In Debian, they are called:. There is a number of DNS validation tools. NSLint is one such tool, which checks zone files on disk. You can use the website or download a copy to use locally. There's also a configurable log file. With the default settings, the content of the named. Sign up to join this community.
The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams? Learn more. Ask Question. Asked 12 years, 6 months ago. Active 8 months ago. Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells!
With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use. Click here for more info. I tried to log the activity of the bind9 server using the following commands Code:. Last edited by dijetlo; at AM. Reason: edit. Thread Tools. BB code is On. Smilies are On. All times are GMT The time now is PM.
Twitter: linuxquestions. Open Source Consulting Domain Registration. This allows some hosts to receive one answer regarding a zone while other hosts receive totally different information. Alternatively, certain zones may only be made available to particular trusted hosts while non-trusted hosts can only make queries for other zones.
Multiple views can be used as long as their names are unique. The match-clients option allows you to specify the IP addresses that apply to a particular view. If the options statement is used within a view, it overrides the already configured global options. Finally, most view statements contain multiple zone statements that apply to the match-clients list.
Note that the order in which the view statements are listed is important, as the first statement that matches a particular client's IP address is used. For more information on this topic, see Section Comment Tags. Comments are ignored by the named service, but can prove useful when providing additional information to a user.
The following are valid comment tags:. For example:. Any text after the character to the end of the line is considered a comment. Editing Zone Files. As outlined in Section Each zone file is named according to the file option in the zone statement, usually in a way that relates to the domain in and identifies the file as containing zone data, such as example.
The nameserver is not allowed to write to this directory. This directory is writable by the named service. A zone file consists of directives and resource records. Directives tell the nameserver to perform tasks or apply special settings to the zone, resource records define the parameters of the zone and assign identities to individual hosts. While the directives are optional, the resource records are required in order to provide name service to a zone.
Common Directives. The following directives are commonly used in zone files:. Each resource record can contain its own TTL value, which overrides this directive. Increasing this value allows remote nameservers to cache the zone information for a longer period of time, reducing the number of queries for the zone and lengthening the amount of time required to propagate resource record changes.
Common Resource Records. A The Address record specifies an IP address to be assigned to a name. If the hostname value is omitted, the record will point to the last specified hostname. The Canonical Name record maps one name to another.
Because of this, this type of record is sometimes referred to as an alias record. CNAME records are most commonly used to point to services that use a common naming scheme, such as www for Web servers. However, there are multiple restrictions for their usage:. This is mainly to avoid possible infinite loops. The Mail Exchange record specifies where the mail sent to a particular namespace controlled by this zone should go. The email-server-name is a fully qualified domain name FQDN.
The preference-value allows numerical ranking of the email servers for a namespace, giving preference to some email systems over others. The MX resource record with the lowest preference-value is preferred over the others. However, multiple email servers can possess the same value to distribute email traffic evenly among them. Using the MX Resource Record example. IN MX 10 mail. IN MX 20 mail2. The Nameserver record announces authoritative nameservers for a particular zone.
The nameserver-name should be a fully qualified domain name FQDN. Note that when two nameservers are listed as authoritative for the domain, it is not important whether these nameservers are secondary nameservers, or if one of them is a primary server.
They are both still considered authoritative. IN NS dns2. The Pointer record points to another part of the namespace. PTR records are primarily used for reverse name resolution, as they point IP addresses back to a particular name. The Start of Authority record announces important authoritative information about a namespace to the nameserver. Located after the directives, it is the first resource record in a zone file.
The primary-name-server directive is the host name of the primary nameserver that is authoritative for this domain. The hostmaster-email directive is the email of the person to contact about the namespace.
The serial-number directive is a numerical value incremented every time the zone file is altered to indicate it is time for the named service to reload the zone. The time-to-refresh directive is the numerical value secondary nameservers use to determine how long to wait before asking the primary nameserver if any changes have been made to the zone.
The time-to-retry directive is a numerical value used by secondary nameservers to determine the length of time to wait before issuing a refresh request in the event that the primary nameserver is not answering. If the primary server has not replied to a refresh request before the amount of time specified in the time-to-expire directive elapses, the secondary servers stop responding as an authority for requests concerning that namespace.
In BIND 9, it defines how long negative answers are cached for. Caching of negative answers can be set to a maximum of 3 hours 3H. When configuring BIND, all times are specified in seconds. However, it is possible to use abbreviations when specifying units of time other than seconds, such as minutes M , hours H , days D , and weeks W.
Additionally to resource records and directives, a zone file can also contain comments. Comments are ignored by the named service, but can prove useful when providing additional information to the user. Any text after the semicolon character to the end of the line is considered a comment. Example Usage.
A Simple Zone File. In this example, the authoritative nameservers are set as dns1. The email servers configured with the MX records point to mail and mail2 through A records. Services available at the standard names, such as www.
A reverse name resolution zone file is used to translate an IP address in a particular namespace into a fully qualified domain name FQDN. It looks very similar to a standard zone file, except that the PTR resource records are used to link the IP addresses to a fully qualified domain name as shown in Example In this example, IP addresses There is very little difference between this example and a standard zone statement, except for the zone name.
Note that a reverse name resolution zone requires the first three blocks of the IP address reversed followed by. This allows the single block of IP numbers used in the reverse name resolution zone file to be associated with the zone.
Using the rndc Utility. The rndc utility is a command-line tool that allows you to administer the named service, both locally and from a remote machine. Its usage is as follows:.
Configuring the Utility. To prevent unauthorized access to the service, named must be configured to listen on the selected port by default , and an identical key must be used by both the service and the rndc utility.
Unless this statement is present, only the connections from the loopback address Checking the Service Status.
0コメント