dns - the LCFG DNS component
This component starts the DNS service. It generates the DNS client
configuration (/etc/resolv.conf). If the resource dns.type
is set to server it also generates the server configuration
(/etc/named.conf) and starts the server.
The update method schedules immediate zone maintenance for some or
all of a server's configured zones.
The component implements a nagios translator. See below for monitoring instructions.
The type of DNS service. Valid options are client (the default)
and server.
This resource does not actually affect the operation of the component, but instead is included in some of its messages. Setting it to some lcfg context-specific value might therefore be useful to the user.
This resource defines the name of a log file, which will be processed when the logrotate method is called.
These resources provide a means for systems' SRV requirements to be
communicated to a zone master. Because of the limitations of the LCFG
spanning maps, srv entries have to be packaged up like so:
service.proto[.name[@domain]];port[;priority[;weight]]. srvDomain
will default to the value of ourdomain.
What domain do we live in? (We can't rely on hostname or domainname or dnsdomainname or the like for this, as they're likely to try to do some kind of address lookup and we can't rely on that working!)
A list of servers to place in the /etc/resolv.conf file. The order
of servers in the list can be randomized. If type is set to
server then servers will default to 127.0.0.1. Note that
while the object will translate names to the addresses required
in the configuration file, this will be done using the
/etc/resolv.conf file's previous contents. It might
therefore be thought better for this resource to contain explicit
addresses rather than names.
This resource, if set to yes, will randomize the dns.servers
list.
A list of servers to be used in extremis if servers happens not
to be set for some reason. Dotted-quads would probably be a good
idea here. The order of these won't be randomised.
A list of resolv.conf options.
A list of domains for the resolv.conf ``search'' list.
Sortlists to be included in the /etc/resolv.conf file. ``local''
entries come first, followed by the machine's attached wires,
with the ``global'' entries coming last.
A netmask to be applied to the machine's attached interfaces when constructing the sortlist.
If set, only the explicit sortlist resources are used when constructing the resover sortlist. The implicit list derived by the component from the configured interfaces is not used.
The addresses of forwarders which should be queried for unknown names before going out onto the Internet at large.
If forwarders are set, use them exclusively to answer for unknown names and don't ever ask on the Internet at large.
If set, limits the number of concurrent inbound or outbound zone transfers. If not set the compiled-in version-dependent default is used.
If defined, set an upper bound on the number of files which the server is allowed to have open at any one time. Usually this is set high as a back-stop.
Tell all the NS-listed nameservers when a zone is changed. They'll still eventually find out anyway through the usual zone-maintenance mechanisms, but this speeds things on a little. Note that it is also possible to specify this on a per-zone basis.
Contains a list of addresses of stealt-secondary nameservers which should be notified when a master zone changes.
What should the source address of queries made by the nameserver look like? (Normally this is used to fix the source port for firewalling; the default is to use an unspecified anonymous one.)
Specify the source address and/or port to be used for zone transfer requests. If not specified the default is to use any arbitrary port>1024.
Time (in seconds) which the component should sleep for after starting or stopping the nameserver daemon.
Specify the user and/or group which the server should run as so as to limit any security exposure which might arise. The component will attempt to chown any files and directories as necessary.
The umask which the component should use, and which will be inherited by any processes it starts.
The name of a file into which the nameserver's pid is written at startup.
How should the server answer ``version.bind txt chaos'' queries?
If this is blank then the compiled-in default (usually the software
version) is used. If it's ``RCS'' then the dns component's RCS ID is
used. Anything else is used verbatim.
If set, contains a list of interface addresses on which named
will listen for requests. (127.0.0.1 is the most likely value
for this resource to be set to.)
If set, causes normal zone maintenance to happen only at heartbeat intervals. This can avoid bringing up dialup lines or making large zone transfers over slow links.
How often to do ``dialup'' zone maintance. The compiled-in default is 60 (minutes). Setting this to zero disables automatic zone maintenance, so updates are only done after an explicit request.
How often should named scan for new or departing interfaces?
The compiled-in default is usually reasonble.
Define the logging done by the nameserver.
channels contains a list of channel tags. For each tag there's
a corresponding channel_whatever resource that contains the body
of the clause to be written to the configuration. Likewise,
categories contains a list of tags for category_whatever.
zones contains a list of zone tags for the zones carried on
this server For each tag in zones there are corresponding
type_..., file_... and masters_... resources. The component
applies ``reasonable'' rules as to whether these are required or not.
Each zone also has required zone_... and optional znotify_...,
zAllowNotify_..., zAllowTransfer_... and zAllowRecursion_...
resources.
updates contains a list of all the defined update-sets. For
each entry there's a corresponding update_thing which contains
a list of zone tags. The first entry in updates is used by
default if no user-supplied parameter is passed to the Update()
method.
acls contains a list of tags specifying which access control
list entries to configure in to the /etc/named.conf file.
For each tag there is a corresponding acl_... resource
containing a list of values, in one of bind's acceptable
formats, defining the contents of the acl entry. The tag value
is used as the name of the acl itself.
Contains a list of networks or acl-names, in standard bind
format, which are allowed to query this nameserver. An empty
list means no restriction.
Contains a list of networks or acl-names, in standard bind
format, which are allowed to do zone-transfers from this nameserver.
An empty list means no restriction.
Contains a list of networks or acl-names, in standard bind
format, which are allowed to make recursive queries through this
nameserver. An empty list means no restriction.
Contains a list of networks or acl-names, in standard bind
format, which are allowed to send notify messages to this
nameserver. An empty list means no restriction.
Enable or disable the nameserver from answering recursively at all.
Control how the ``additional data'' section in responses is filled in. See the bind documentation for details.
Where to look for the named binary itself.
Where to look for the rndc control program.
A list of IN-class files in named.conf
format, to be included in the generated server configuration file.
The pending method will rotate
any new versions of the files on this list into place. How
those new versions get there is outwith the scope of this component,
though an example expect script is distributed with it.
Used to limit the number of outstanding SOA queries during zone maintenance. The value is in queries/second.
Set to enable per-zone statistics.
Specifies the name of the file into which the server will dump its statistics on request.
Specifies the name of the file into which the server will dump its internal database on request.
Enable lightweight resolver support in the server.
The ``match'' rules which should apply to the IN-class
views which the component generates in the /etc/named.conf file.
The following resources are used only by the component's Install()
method, and therefore do not have any effect in during normal
operation.
A list of servers to use in addition to any passed in as parameters
to the Install() method.
The sortlist, if any, to be defined in the install-time
/etc/resolv.conf file.
The name of the interface whose address and netmask should be used
to compute the sortlist for the install-time /etc/resolv.conf
file if one is not specified explicitly.
The following resources should not normally have their values changed from the installation defaults. They define where the component's various helper programs have been installed, or to provide Solaris/Linux compatibility hooks. Setting them incorrectly may result in the component not functioning correctly. Refer to the component source itself for details as to their various functions.
The component implements some additional methods:
Reset all the permissions and ownerships of the directories and files under the control of the component. Typically this can be necessary after a system upgrade, as packages may not respect existing settings. It may be useful to call this method nightly from a cron job, for example.
Roll in a new list of zones.
Schedule a zone maintenance update, which will usually result in new versions being fetched.
The component implements a nagios translator, allowing nameservers to be
monitored. In addition to the usual nagios_client resources, this
requires that the check-lcfg-dns RR exists in the domain set as the value
of the ourdomain resource, with A value ``127.0.0.2''.
RedHat 7, RedHat 9. Fedora 3, Fedora 5, Scientific Linux 5. (Previous versions also ran on Solaris 2.6.)