# AUTHOR , YEAR. # # neb , 2011. msgid "" msgstr "" "Project-Id-Version: Fedora Deployment Guide\n" "POT-Creation-Date: 2011-02-22T00:51:12\n" "PO-Revision-Date: 2011-06-29 22:59+0000\n" "Last-Translator: perplex \n" "Language-Team: Italian \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Language: it\n" "Plural-Forms: nplurals=2; plural=(n != 1)\n" #. Tag: title #, no-c-format msgid "The BIND DNS Server" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "DNS definition " "BIND" msgstr "" #. Tag: indexterm #, no-c-format msgid "nameserver DNS" msgstr "" #. Tag: para #, no-c-format msgid "" "DNS (Domain Name System), also " "known as a nameserver, is a network system that " "associates hostnames with their respective IP addresses. For users, this has" " the advantage that they can refer to machines on the network by names that " "are usually easier to remember than the numerical network addresses. For " "system administrators, using the nameserver allows them to change the IP " "address for a host without ever affecting the name-based queries, or to " "decide which machines handle these queries." msgstr "" #. Tag: indexterm #, no-c-format msgid "Berkeley Internet Name Domain BIND" msgstr "" #. Tag: para #, no-c-format msgid "" "This chapter covers BIND " "(Berkeley Internet Name Domain), the DNS server included in &MAJOROS;. It " "focuses on the structure of its configuration files, and describes how to " "administer it both locally and remotely." msgstr "" #. Tag: title #, no-c-format msgid "Introduction to DNS" msgstr "Introduzione a DNS" #. Tag: indexterm #, no-c-format msgid "root nameserver BIND" msgstr "" #. Tag: para #, no-c-format msgid "" "DNS is usually implemented using one or more centralized servers that are " "authoritative for certain domains. When a client host requests information " "from a nameserver, it usually connects to port 53. The nameserver then " "attempts to resolve the name requested. If it does not have an authoritative" " answer, or does not already have the answer cached from an earlier query, " "it queries other nameservers, called root " "nameservers, to determine which nameservers are authoritative " "for the name in question, and then queries them to get the requested name." msgstr "" #. Tag: title #, no-c-format msgid "Nameserver Zones" msgstr "Zone del server dei nomi" #. Tag: indexterm #, no-c-format msgid "BIND resource record" msgstr "" #. Tag: indexterm #, no-c-format msgid "resource record BIND" msgstr "" #. Tag: indexterm #, no-c-format msgid "fully qualified domain name" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "FQDN fully qualified domain " "name" msgstr "" #. Tag: para #, no-c-format msgid "" "In a DNS server such as BIND, all information is stored in basic data " "elements called resource records (RR). The resource " "record is usually a fully qualified domain name " "(FQDN) of a host, and is broken down into multiple sections organized into a" " tree-like hierarchy. This hierarchy consists of a main trunk, primary " "branches, secondary branches, and so on." msgstr "" #. Tag: title #, no-c-format msgid "A simple resource record" msgstr "" #. Tag: screen #, no-c-format msgid "bob.sales.example.com" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "BIND zones " "description" msgstr "" #. Tag: para #, no-c-format msgid "" "Each level of the hierarchy is divided by a period (that is, " ".). In , com defines the top-level " "domain, example its subdomain, and " "sales the subdomain of example. In " "this case, bob identifies a resource record that is part " "of the sales.example.com " "domain. With the exception of the part furthest to the left (that is, " "bob), each of these sections is called a " "zone and defines a specific " "namespace." msgstr "" #. Tag: indexterm #, no-c-format msgid "" "BIND types primary " "(master) nameserver" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "BIND types secondary " "(slave) nameserver" msgstr "" #. Tag: para #, no-c-format msgid "" "Zones are defined on authoritative nameservers through the use of " "zone files, which contain definitions of the resource" " records in each zone. Zone files are stored on primary " "nameservers (also called master " "nameservers), where changes are made to the files, and " "secondary nameservers (also called slave " "nameservers), which receive zone definitions from the primary " "nameservers. Both primary and secondary nameservers are authoritative for " "the zone and look the same to clients. Depending on the configuration, any " "nameserver can also serve as a primary or secondary server for multiple " "zones at the same time." msgstr "" #. Tag: title #, no-c-format msgid "Nameserver Types" msgstr "Tipi di server dei nomi" #. Tag: para #, no-c-format msgid "There are two nameserver configuration types:" msgstr "" #. Tag: term #, no-c-format msgid "" " BIND types " "authoritative nameserver " "authoritative nameserver BIND " " BIND types " "primary (master) nameserver " "primary nameserver BIND " " BIND types " "secondary (slave) nameserver " "secondary nameserver BIND " "authoritative" msgstr "" #. Tag: para #, no-c-format msgid "" "Authoritative nameservers answer to resource records that are part of their " "zones only. This category includes both primary (master) and secondary " "(slave) nameservers." msgstr "" #. Tag: term #, no-c-format msgid "" " BIND types " "recursive nameserver " "recursive nameserver BIND " "recursive" msgstr "" #. Tag: para #, no-c-format msgid "" "Recursive nameservers offer resolution services, but they are not " "authoritative for any zone. Answers for all resolutions are cached in a " "memory for a fixed period of time, which is specified by the retrieved " "resource record." msgstr "" #. Tag: para #, no-c-format msgid "" "Although a nameserver can be both authoritative and recursive at the same " "time, it is recommended not to combine the configuration types. To be able " "to perform their work, authoritative servers should be available to all " "clients all the time. On the other hand, since the recursive lookup takes " "far more time than authoritative responses, recursive servers should be " "available to a restricted number of clients only, otherwise they are prone " "to distributed denial of service (DDoS) attacks." msgstr "" #. Tag: title #, no-c-format msgid "BIND as a Nameserver" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "BIND utilities " "named" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "BIND utilities " "rndc" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "BIND utilities " "dig" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "named " "BIND" msgstr "" #. Tag: indexterm #, no-c-format msgid "rndc BIND" msgstr "" #. Tag: indexterm #, no-c-format msgid "dig BIND" msgstr "" #. Tag: para #, no-c-format msgid "" "BIND consists of a set of DNS-related programs. It contains a monolithic " "nameserver called named, an " "administration utility called rndc, and a debugging tool " "called dig. Refer to for more information on how to run a " "service in &MAJOROS;." msgstr "" #. Tag: title #, no-c-format msgid "Configuring the named Service" msgstr "" #. Tag: para #, no-c-format msgid "" "When the named service is " "started, it reads the configuration from the files as described in ." msgstr "" #. Tag: indexterm #, no-c-format msgid "" "/etc/named.conf BIND" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "BIND files " "/etc/named.conf" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "BIND directories " "/etc/named/" msgstr "" #. Tag: title #, no-c-format msgid "" "The named service configuration " "files" msgstr "" #. Tag: entry #, no-c-format msgid "Path" msgstr "" #. Tag: entry #, no-c-format msgid "Description" msgstr "" #. Tag: entry #, no-c-format msgid "/etc/named.conf" msgstr "" #. Tag: entry #, no-c-format msgid "The main configuration file." msgstr "" #. Tag: entry #, no-c-format msgid "/etc/named/" msgstr "" #. Tag: entry #, no-c-format msgid "" "An auxiliary directory for configuration files that are included in the main" " configuration file." msgstr "" #. Tag: para #, no-c-format msgid "" "The configuration file consists of a collection of statements with nested " "options surrounded by opening and closing curly brackets (that is, " "{ and }). Note that when editing the " "file, you have to be careful not to make any syntax error, otherwise the " "named service will not start. A " "typical /etc/named.conf file is organized as follows:" msgstr "" #. Tag: screen #, no-c-format msgid "" "statement-1 [\"statement-1-name\"] [statement-1-class] {\n" " option-1;\n" " option-2;\n" " option-N;\n" "};\n" "statement-2 [\"statement-2-name\"] [statement-2-class] {\n" " option-1;\n" " option-2;\n" " option-N;\n" "};\n" "statement-N [\"statement-N-name\"] [statement-N-class] {\n" " option-1;\n" " option-2;\n" " option-N;\n" "};" msgstr "" #. Tag: title #, no-c-format msgid "Note: Running BIND in a Chroot Environment" msgstr "" #. Tag: para #, no-c-format msgid "" "If you have installed the bind-chroot package, the BIND " "service will run in the /var/named/chroot environment. In that case, " "the initialization script will mount the above configuration files using the" " mount --bind command, so that you can manage the " "configuration outside this environment." msgstr "" #. Tag: title #, no-c-format msgid "Common Statement Types" msgstr "Tipo di istruzioni comuni" #. Tag: para #, no-c-format msgid "" "The following types of statements are commonly used in " "/etc/named.conf:" msgstr "" #. Tag: term #, no-c-format msgid "" " BIND configuration " " statement " "" msgstr "" #. Tag: para #, no-c-format msgid "" "The (Access Control List) statement allows you to " "define groups of hosts, so that they can be permitted or denied access to " "the nameserver. It takes the following form:" msgstr "" #. Tag: screen #, no-c-format msgid "" "acl acl-name {\n" " match-element;\n" " ...\n" "};" msgstr "" #. Tag: para #, no-c-format msgid "" "The acl-name statement name is the name of the " "access control list, and the match-element option" " is usually an individual IP address (such as 10.0.1.1) " "or a CIDR network notation (for example, 10.0.1.0/24). " "For a list of already defined keywords, see ." msgstr "" #. Tag: title #, no-c-format msgid "Predefined access control lists" msgstr "" #. Tag: entry #, no-c-format msgid "Keyword" msgstr "" #. Tag: entry #, no-c-format msgid "" msgstr "" #. Tag: entry #, no-c-format msgid "Matches every IP address." msgstr "" #. Tag: entry #, no-c-format msgid "" msgstr "" #. Tag: entry #, no-c-format msgid "Matches any IP address that is in use by the local system." msgstr "" #. Tag: entry #, no-c-format msgid "" msgstr "" #. Tag: entry #, no-c-format msgid "" "Matches any IP address on any network to which the local system is " "connected." msgstr "" #. Tag: entry #, no-c-format msgid "" msgstr "" #. Tag: entry #, no-c-format msgid "Does not match any IP address." msgstr "" #. Tag: para #, no-c-format msgid "" "The statement can be especially useful with conjunction" " with other statements such as . defines two access control lists, " "black-hats and red-hats, and adds " "black-hats on the blacklist while granting red-" "hats a normal access." msgstr "" #. Tag: title #, no-c-format msgid "" "Using in conjunction with " msgstr "" #. Tag: screen #, no-c-format msgid "" "acl black-hats {\n" " 10.0.2.0/24;\n" " 192.168.0.0/24;\n" " 1234:5678::9abc/24;\n" "};\n" "acl red-hats {\n" " 10.0.1.0/24;\n" "};\n" "options {\n" " blackhole { black-hats; };\n" " allow-query { red-hats; };\n" " allow-query-cache { red-hats; };\n" "};" msgstr "" #. Tag: term #, no-c-format msgid "" " BIND configuration " " statement " "" msgstr "" #. Tag: para #, no-c-format msgid "" "The statement allows you to include files in the " "/etc/named.conf, so that potentially sensitive data can" " be placed in a separate file with restricted permissions. It takes the " "following form:" msgstr "" #. Tag: screen #, no-c-format msgid "include \"file-name\"" msgstr "" #. Tag: para #, no-c-format msgid "" "The file-name statement name is an absolute path " "to a file." msgstr "" #. Tag: title #, no-c-format msgid "Including a file to /etc/named.conf" msgstr "" #. Tag: screen #, no-c-format msgid "include \"/etc/named.rfc1912.zones\";" msgstr "" #. Tag: term #, no-c-format msgid "" " BIND configuration " " statement " "" msgstr "" #. Tag: para #, no-c-format msgid "" "The statement allows you to define global server " "configuration options as well as to set defaults for other statements. It " "can be used to specify the location of the named working directory, the types of queries" " allowed, and much more. It takes the following form:" msgstr "" #. Tag: screen #, no-c-format msgid "" "options {\n" " option;\n" " ...\n" "};" msgstr "" #. Tag: para #, no-c-format msgid "" "For a list of frequently used option directives, " "see below." msgstr "" #. Tag: title #, no-c-format msgid "Commonly used options" msgstr "" #. Tag: entry #, no-c-format msgid "Option" msgstr "" #. Tag: entry #, no-c-format msgid "" msgstr "" #. Tag: entry #, no-c-format msgid "" "Specifies which hosts are allowed to query the nameserver for authoritative " "resource records. It accepts an access control lists, a collection of IP " "addresses, or networks in the CIDR notation. All hosts are allowed by " "default." msgstr "" #. Tag: entry #, no-c-format msgid "" msgstr "" #. Tag: entry #, no-c-format msgid "" "Specifies which hosts are allowed to query the nameserver for non-" "authoritative data such as recursive queries. Only " "localhost and localnets are allowed by" " default." msgstr "" #. Tag: entry #, no-c-format msgid "" msgstr "" #. Tag: entry #, no-c-format msgid "" "Specifies which hosts are not allowed to query the " "nameserver. This option should be used when particular host or network " "floods the server with requests. The default option is " "none." msgstr "" #. Tag: entry #, no-c-format msgid "" msgstr "" #. Tag: entry #, no-c-format msgid "" "Specifies a working directory for the named service. The default option is " "/var/named/." msgstr "" #. Tag: entry #, no-c-format msgid "" msgstr "" #. Tag: entry #, no-c-format msgid "" "Specifies whether to return DNSSEC related resource records. The default " "option is yes." msgstr "" #. Tag: entry #, no-c-format msgid "" msgstr "" #. Tag: entry #, no-c-format msgid "" "Specifies whether to prove that resource records are authentic via DNSSEC. " "The default option is ." msgstr "" #. Tag: entry #, no-c-format msgid "" msgstr "" #. Tag: entry #, no-c-format msgid "" "Specifies a list of valid IP addresses for nameservers to which the requests" " should be forwarded for resolution." msgstr "" #. Tag: entry #, no-c-format msgid "" msgstr "" #. Tag: para #, no-c-format msgid "" "Specifies the behavior of the directive. It " "accepts the following options:" msgstr "" #. Tag: para #, no-c-format msgid "" "first — The server will query the nameservers listed in " "the directive before attempting to resolve the " "name on its own." msgstr "" #. Tag: para #, no-c-format msgid "" "only — When unable to query the nameservers listed in the" " directive, the server will not attempt to " "resolve the name on its own." msgstr "" #. Tag: entry #, no-c-format msgid "" msgstr "" #. Tag: entry #, no-c-format msgid "" "Specifies the IPv4 network interface on which to listen for queries. On a " "DNS server that also acts as a gateway, you can use this option to answer " "queries originating from a single network only. All IPv4 interfaces are used" " by default." msgstr "" #. Tag: entry #, no-c-format msgid "" msgstr "" #. Tag: entry #, no-c-format msgid "" "Specifies the IPv6 network interface on which to listen for queries. On a " "DNS server that also acts as a gateway, you can use this option to answer " "queries originating from a single network only. All IPv6 interfaces are used" " by default." msgstr "" #. Tag: entry #, no-c-format msgid "" msgstr "" #. Tag: entry #, no-c-format msgid "" "Specifies the maximum amount of memory to be used for server caches. When " "the limit is reached, the server causes records to expire prematurely so " "that the limit is not exceeded. In a server with multiple views, the limit " "applies separately to the cache of each view. The default option is " "32M." msgstr "" #. Tag: entry #, no-c-format msgid "" msgstr "" #. Tag: para #, no-c-format msgid "" "Specifies whether to notify the secondary nameservers when a zone is " "updated. It accepts the following options:" msgstr "" #. Tag: para #, no-c-format msgid "" " — The server will notify all secondary nameservers." msgstr "" #. Tag: para #, no-c-format msgid "" " — The server will not notify any " "secondary nameserver." msgstr "" #. Tag: para #, no-c-format msgid "" " — The server will notify primary server for the" " zone only." msgstr "" #. Tag: para #, no-c-format msgid "" " — The server will notify only the secondary " "servers that are specified in the list within a" " zone statement." msgstr "" #. Tag: entry #, no-c-format msgid "" msgstr "" #. Tag: entry #, no-c-format msgid "" "Specifies the location of the process ID file created by the named service." msgstr "" #. Tag: entry #, no-c-format msgid "" msgstr "" #. Tag: entry #, no-c-format msgid "" "Specifies whether to act as a recursive server. The default option is " "yes." msgstr "" #. Tag: entry #, no-c-format msgid "" msgstr "" #. Tag: entry #, no-c-format msgid "" "Specifies an alternate location for statistics files. The " "/var/named/named.stats file is used by default." msgstr "" #. Tag: title #, no-c-format msgid "Important: Restrict Recursive Servers to Selected Clients Only" msgstr "" #. Tag: para #, no-c-format msgid "" "To prevent distributed denial of service (DDoS) attacks, it is recommended " "that you use the option to restrict " "recursive DNS services for a particular subset of clients only." msgstr "" #. Tag: para #, no-c-format msgid "" "Refer to the BIND 9 Administrator Reference Manual " "referenced in , and the " "named.conf manual page for a complete list of available" " options." msgstr "" #. Tag: title #, no-c-format msgid "Using the statement" msgstr "" #. Tag: screen #, no-c-format msgid "" "options {\n" " allow-query { localhost; };\n" " listen-on port 53 { 127.0.0.1; };\n" " listen-on-v6 port 53 { ::1; };\n" " max-cache-size 256M;\n" " directory \"/var/named\";\n" " statistics-file \"/var/named/data/named_stats.txt\";\n" "\n" " recursion yes;\n" " dnssec-enable yes;\n" " dnssec-validation yes;\n" "};" msgstr "" #. Tag: term #, no-c-format msgid "" " BIND configuration " " statement " "" msgstr "" #. Tag: para #, no-c-format msgid "" "The statement allows you to define the characteristics" " of a zone, such as the location of its configuration file and zone-specific" " options, and can be used to override the global " "statements. It takes the following form:" msgstr "" #. Tag: screen #, no-c-format msgid "" "zone zone-name [zone-class] {\n" " option;\n" " ...\n" "};" msgstr "" #. Tag: para #, no-c-format msgid "" "The zone-name attribute is the name of the zone, " "zone-class is the optional class of the zone, and" " option is a statement " "option as described in ." msgstr "" #. Tag: para #, no-c-format msgid "" "The zone-name attribute is particularly " "important, as it is the default value assigned for the " " directive used within the corresponding zone file " "located in the /var/named/ directory. The named daemon appends the name of the zone to " "any non-fully qualified domain name listed in the zone file. For example, if" " a statement defines the namespace for " "example.com, use example.com as the " "zone-name so that it is placed at the end of " "hostnames within the example.com zone file." msgstr "" #. Tag: para #, no-c-format msgid "" "For more information about zone files, refer to ." msgstr "" #. Tag: entry #, no-c-format msgid "" "Specifies which clients are allowed to request information about this zone. " "This option overrides global option. All query " "requests are allowed by default." msgstr "" #. Tag: entry #, no-c-format msgid "" msgstr "" #. Tag: entry #, no-c-format msgid "" "Specifies which secondary servers are allowed to request a transfer of the " "zone's information. All transfer requests are allowed by default." msgstr "" #. Tag: entry #, no-c-format msgid "" msgstr "" #. Tag: para #, no-c-format msgid "" "Specifies which hosts are allowed to dynamically update information in their" " zone. The default option is to deny all dynamic update requests." msgstr "" #. Tag: para #, no-c-format msgid "" "Note that you should be careful when allowing hosts to update information " "about their zone. Do not set IP addresses in this option unless the server " "is in the trusted network. Instead, use TSIG key as described in ." msgstr "" #. Tag: entry #, no-c-format msgid "" msgstr "" #. Tag: entry #, no-c-format msgid "" "Specifies the name of the file in the named working directory that contains the " "zone's configuration data." msgstr "" #. Tag: entry #, no-c-format msgid "" msgstr "" #. Tag: entry #, no-c-format msgid "" "Specifies from which IP addresses to request authoritative zone information." " This option is used only if the zone is defined as " "." msgstr "" #. Tag: entry #, no-c-format msgid "" msgstr "" #. Tag: para #, no-c-format msgid "Specifies the zone type. It accepts the following options:" msgstr "" #. Tag: para #, no-c-format msgid "" " — Enforces the delegation status of " "infrastructure zones such as COM, NET, or ORG. Any answer that is received " "without an explicit or implicit delegation is treated as " "NXDOMAIN. This option is only applicable in TLDs or root " "zone files used in recursive or caching implementations." msgstr "" #. Tag: para #, no-c-format msgid "" " — Forwards all requests for information about this " "zone to other nameservers." msgstr "" #. Tag: para #, no-c-format msgid "" " — A special type of zone used to point to the root " "nameservers which resolve queries when a zone is not otherwise known. No " "configuration beyond the default is necessary with a " "zone." msgstr "" #. Tag: para #, no-c-format msgid "" " — Designates the nameserver as authoritative for " "this zone. A zone should be set as the if the zone's" " configuration files reside on the system." msgstr "" #. Tag: para #, no-c-format msgid "" " — Designates the nameserver as a slave server for " "this zone. Master server is specified in directive." msgstr "" #. Tag: para #, no-c-format msgid "" "Most changes to the /etc/named.conf file of a primary " "or secondary nameserver involve adding, modifying, or deleting " " statements, and only a small subset of " " statement options is usually needed for a nameserver " "to work efficiently." msgstr "" #. Tag: para #, no-c-format msgid "" "In , the zone" " is identified as example.com, the type is set to " "master, and the named service is instructed to read the " "/var/named/example.com.zone file. It also allows only a" " secondary nameserver (192.168.0.2) to transfer the zone." msgstr "" #. Tag: title #, no-c-format msgid "A statement for a primary nameserver" msgstr "" #. Tag: screen #, no-c-format msgid "" "zone \"example.com\" IN {\n" " type master;\n" " file \"example.com.zone\";\n" " allow-transfer { 192.168.0.2; };\n" "};" msgstr "" #. Tag: para #, no-c-format msgid "" "A secondary server's statement is slightly different. " "The type is set to slave, and the " "masters directive is telling named the IP address of the master server." msgstr "" #. Tag: para #, no-c-format msgid "" "In , the " "named service is configured to " "query the primary server at the 192.168.0.1 IP address " "for information about the example.com zone. The received " "information is then saved to the " "/var/named/slaves/example.com.zone file. Note that you " "have to put all slave zones to /var/named/slaves " "directory, otherwise the service will fail to transfer the zone." msgstr "" #. Tag: title #, no-c-format msgid "A statement for a secondary nameserver" msgstr "" #. Tag: screen #, no-c-format msgid "" "zone \"example.com\" {\n" " type slave;\n" " file \"slaves/example.com.zone\";\n" " masters { 192.168.0.1; };\n" "};" msgstr "" #. Tag: title #, no-c-format msgid "Other Statement Types" msgstr "Altri tipi di istruzione" #. Tag: para #, no-c-format msgid "" "The following types of statements are less commonly used in " "/etc/named.conf:" msgstr "" #. Tag: term #, no-c-format msgid "" " BIND configuration " " statement " "" msgstr "" #. Tag: para #, no-c-format msgid "" "The statement allows you to configure various " "security requirements necessary to use the rndc command " "to administer the named service." msgstr "" #. Tag: para #, no-c-format msgid "" "Refer to for more information on the " "rndc utility and its usage." msgstr "" #. Tag: term #, no-c-format msgid "" " BIND configuration " " statement " "" msgstr "" #. Tag: para #, no-c-format msgid "" "The statement allows you to define a particular key by " "name. Keys are used to authenticate various actions, such as secure updates " "or the use of the rndc command. Two options are used with" " :" msgstr "" #. Tag: para #, no-c-format msgid "" " — The " "type of algorithm to be used (for example, hmac-md5)." msgstr "" #. Tag: para #, no-c-format msgid "" " — The " "encrypted key." msgstr "" #. Tag: term #, no-c-format msgid "" " BIND configuration " " statement " "" msgstr "" #. Tag: para #, no-c-format msgid "" "The statement allows you to use multiple types of " "logs, so called channels. By using the " " option within the statement, you can construct a " "customized type of log with its own file name (), size " "limit (), versioning (), and " "level of importance (). Once a customized channel " "is defined, a option is used to categorize the " "channel and begin logging when the named service is restarted." msgstr "" #. Tag: para #, no-c-format msgid "" "By default, named sends standard " "messages to the rsyslog daemon, " "which places them in /var/log/messages. Several " "standard channels are built into BIND with various severity levels, such as " "default_syslog (which handles informational logging " "messages) and default_debug (which specifically handles " "debugging messages). A default category, called default, " "uses the built-in channels to do normal logging without any special " "configuration." msgstr "" #. Tag: para #, no-c-format msgid "" "Customizing the logging process can be a very detailed process and is beyond" " the scope of this chapter. For information on creating custom BIND logs, " "refer to the BIND 9 Administrator Reference Manual " "referenced in ." msgstr "" #. Tag: term #, no-c-format msgid "" " BIND configuration " " statement " "" msgstr "" #. Tag: para #, no-c-format msgid "" "The statement allows you to specify options that " "affect how the named service " "should respond to remote nameservers, especially with regard to " "notifications and zone transfers." msgstr "" #. Tag: para #, no-c-format msgid "" "The option controls the number of resource " "records that are sent with each message. It can be either one-" "answer (only one resource record), or many-" "answers (multiple resource records). Note that while the many-answers option is more efficient, it is not supported by " "older versions of BIND." msgstr "" #. Tag: term #, no-c-format msgid "" " BIND configuration " " statement " "" msgstr "" #. Tag: para #, no-c-format msgid "" "The statement allows you to specify assorted " "public keys used for secure DNS (DNSSEC). Refer to for more information on this topic." msgstr "" #. Tag: term #, no-c-format msgid "" " BIND configuration " " statement " "" msgstr "" #. Tag: para #, no-c-format msgid "" "The statement allows you to create special views " "depending upon which network the host querying the nameserver is on. This " "allows some hosts to receive one answer regarding a zone while other hosts " "receive totally different information. Alternatively, certain zones may only" " be made available to particular trusted hosts while non-trusted hosts can " "only make queries for other zones." msgstr "" #. Tag: para #, no-c-format msgid "" "Multiple views can be used as long as their names are unique. The match-clients option allows you to specify the IP addresses that " "apply to a particular view. If the statement is " "used within a view, it overrides the already configured global options. " "Finally, most statements contain multiple " " statements that apply to the list." msgstr "" #. Tag: para #, no-c-format msgid "" "Note that the order in which the statements are listed" " is important, as the first statement that matches a particular client's IP " "address is used. For more information on this topic, refer to ." msgstr "" #. Tag: title #, no-c-format msgid "Comment Tags" msgstr "Tag di commento" #. Tag: indexterm #, no-c-format msgid "" "BIND configuration " "comment tags" msgstr "" #. Tag: para #, no-c-format msgid "" "Additionally to statements, the /etc/named.conf file " "can also contain comments. Comments are ignored by the named service, but can prove useful when " "providing additional information to a user. The following are valid comment " "tags:" msgstr "" #. Tag: term #, no-c-format msgid "//" msgstr "" #. Tag: para #, no-c-format msgid "" "Any text after the // characters to the end of the line " "is considered a comment. For example:" msgstr "" #. Tag: screen #, no-c-format msgid "notify yes; // notify all secondary nameservers" msgstr "" #. Tag: term #, no-c-format msgid "#" msgstr "" #. Tag: para #, no-c-format msgid "" "Any text after the # character to the end of the line is " "considered a comment. For example:" msgstr "" #. Tag: screen #, no-c-format msgid "notify yes; # notify all secondary nameservers" msgstr "" #. Tag: term #, no-c-format msgid "/* and */" msgstr "" #. Tag: para #, no-c-format msgid "" "Any block of text enclosed in /* and " "*/ is considered a comment. For example:" msgstr "" #. Tag: screen #, no-c-format msgid "notify yes; /* notify all secondary nameservers */" msgstr "" #. Tag: title #, no-c-format msgid "Editing Zone Files" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "BIND directories " "/var/named/" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "BIND directories " "/var/named/slaves/" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "BIND directories " "/var/named/dynamic/" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "BIND directories " "/var/named/data/" msgstr "" #. Tag: para #, no-c-format msgid "" "As outlined in , zone files " "contain information about a namespace. They are stored in the named working directory located in /var/named/ by default, and each zone file is" " named according to the option in the " " statement, usually in a way that relates to the domain" " in question and identifies the file as containing zone data, such as " "example.com.zone." msgstr "" #. Tag: title #, no-c-format msgid "The named service zone files" msgstr "" #. Tag: entry #, no-c-format msgid "/var/named/" msgstr "" #. Tag: entry #, no-c-format msgid "" "The working directory for the named service. The nameserver is " "not allowed to write to this directory." msgstr "" #. Tag: entry #, no-c-format msgid "/var/named/slaves/" msgstr "" #. Tag: entry #, no-c-format msgid "" "The directory for secondary zones. This directory is writable by the " "named service." msgstr "" #. Tag: entry #, no-c-format msgid "/var/named/dynamic/" msgstr "" #. Tag: entry #, no-c-format msgid "" "The directory for other files, such as dynamic DNS (DDNS) zones or managed " "DNSSEC keys. This directory is writable by the named service." msgstr "" #. Tag: entry #, no-c-format msgid "/var/named/data/" msgstr "" #. Tag: entry #, no-c-format msgid "" "The directory for various statistics and debugging files. This directory is " "writable by the named service." msgstr "" #. Tag: para #, no-c-format msgid "" "A zone file consists of directives and resource records. Directives tell the" " nameserver to perform tasks or apply special settings to the zone, resource" " records define the parameters of the zone and assign identities to " "individual hosts. While the directives are optional, the resource records " "are required in order to provide name service to a zone." msgstr "" #. Tag: para #, no-c-format msgid "" "All directives and resource records should be entered on individual lines." msgstr "" "Tutte le direttive ed i record dovrebbero essere inseriti su righe diverse." #. Tag: title #, no-c-format msgid "Common Directives" msgstr "" #. Tag: para #, no-c-format msgid "" "Directives begin with the dollar sign character (that is, " "$) followed by the name of the directive, and usually " "appear at the top of the file. The following directives are commonly used in" " zone files:" msgstr "" #. Tag: term #, no-c-format msgid "" " BIND zones " "$INCLUDE directive " "$INCLUDE" msgstr "" #. Tag: para #, no-c-format msgid "" "The $INCLUDE directive allows you to include another file" " at the place where it appears, so that other zone settings can be stored in" " a separate zone file." msgstr "" #. Tag: title #, no-c-format msgid "Using the $INCLUDE directive" msgstr "" #. Tag: screen #, no-c-format msgid "$INCLUDE /var/named/penguin.example.com" msgstr "" #. Tag: term #, no-c-format msgid "" " BIND zones " "$ORIGIN directive " "$ORIGIN" msgstr "" #. Tag: para #, no-c-format msgid "" "The $ORIGIN directive allows you to append the domain " "name to unqualified records, such as those with the hostname only. Note that" " the use of this directive is not necessary if the zone is specified in " "/etc/named.conf, since the zone name is used by " "default." msgstr "" #. Tag: para #, no-c-format msgid "" "In , any names used " "in resource records that do not end in a trailing period (that is, the " ". character) are appended with " "example.com." msgstr "" #. Tag: title #, no-c-format msgid "Using the $ORIGIN directive" msgstr "" #. Tag: screen #, no-c-format msgid "$ORIGIN example.com." msgstr "" #. Tag: term #, no-c-format msgid "" " BIND zones " "$TTL directive " "$TTL" msgstr "" #. Tag: para #, no-c-format msgid "" "The $TTL directive allows you to set the default " "Time to Live (TTL) value for the zone, that is, how " "long is a zone record valid. Each resource record can contain its own TTL " "value, which overrides this directive." msgstr "" #. Tag: para #, no-c-format msgid "" "Increasing this value allows remote nameservers to cache the zone " "information for a longer period of time, reducing the number of queries for " "the zone and lengthening the amount of time required to proliferate resource" " record changes." msgstr "" "Impostando un valore più alto si indica ai server dei nomi di " "conservare in memoria queste informazioni di zona per un periodo di tempo " "maggiore. Ciò riduce il numero di richieste relative a questa zona, " "ma allunga anche il tempo necessario per modificare il record di risorse." #. Tag: title #, no-c-format msgid "Using the $TTL directive" msgstr "" #. Tag: screen #, no-c-format msgid "$TTL 1D" msgstr "" #. Tag: title #, no-c-format msgid "Common Resource Records" msgstr "" #. Tag: para #, no-c-format msgid "The following resource records are commonly used in zone files:" msgstr "" #. Tag: term #, no-c-format msgid "" " BIND zones " "A (Address) resource record " " A" msgstr "" #. Tag: para #, no-c-format msgid "" "The Address record specifies an IP address to be " "assigned to a name. It takes the following form:" msgstr "" #. Tag: screen #, no-c-format msgid "" "hostname IN A IP-" "address" msgstr "" #. Tag: para #, no-c-format msgid "" "If the hostname value is omitted, the record will" " point to the last specified hostname." msgstr "" #. Tag: para #, no-c-format msgid "" "In , the requests for server1.example.com are pointed to " "10.0.1.3 or 10.0.1.5." msgstr "" #. Tag: title #, no-c-format msgid "Using the A resource record" msgstr "" #. Tag: screen #, no-c-format msgid "" "server1 IN A 10.0.1.3\n" " IN A 10.0.1.5" msgstr "" #. Tag: term #, no-c-format msgid "" " BIND zones " "CNAME (Canonical Name) resource " "record CNAME" msgstr "" #. Tag: para #, no-c-format msgid "" "The Canonical Name record maps one name to another. " "Because of this, this type of record is sometimes referred to as an " "alias record. It takes the following form:" msgstr "" #. Tag: screen #, no-c-format msgid "" "alias-name IN CNAME real-" "name" msgstr "" #. Tag: para #, no-c-format msgid "" "CNAME records are most commonly used to point to services" " that use a common naming scheme, such as www for Web " "servers. However, there are multiple restrictions for their usage:" msgstr "" #. Tag: para #, no-c-format msgid "" "CNAME records should not point to other CNAME records. This is mainly to " "avoid possible infinite loops." msgstr "" #. Tag: para #, no-c-format msgid "" "CNAME records should not contain other resource record types (such as A, NS," " MX, etc.). The only exception are DNSSEC related records (that is, RRSIG, " "NSEC, etc.) when the zone is signed." msgstr "" #. Tag: para #, no-c-format msgid "" "Other resource record that point to the fully qualified domain name (FQDN) " "of a host (that is, NS, MX, PTR) should not point to a CNAME record." msgstr "" #. Tag: para #, no-c-format msgid "" "In , the A" " record binds a hostname to an IP address, while the " "CNAME record points the commonly used " "www hostname to it." msgstr "" #. Tag: title #, no-c-format msgid "Using the CNAME resource record" msgstr "" #. Tag: screen #, no-c-format msgid "" "server1 IN A 10.0.1.5\n" "www IN CNAME server1" msgstr "" #. Tag: term #, no-c-format msgid "" " BIND zones " "MX (Mail Exchange) resource record " " MX" msgstr "" #. Tag: para #, no-c-format msgid "" "The Mail Exchange record specifies where the mail " "sent to a particular namespace controlled by this zone should go. It takes " "the following form:" msgstr "" #. Tag: screen #, no-c-format msgid "" "IN MX preference-value email-server-" "name" msgstr "" #. Tag: para #, no-c-format msgid "" "The email-server-name is a fully qualified domain" " name (FQDN). The preference-value allows " "numerical ranking of the email servers for a namespace, giving preference to" " some email systems over others. The MX resource record " "with the lowest preference-value is preferred " "over the others. However, multiple email servers can possess the same value " "to distribute email traffic evenly among them." msgstr "" #. Tag: para #, no-c-format msgid "" "In , the first mail.example.com email server is preferred" " to the mail2.example.com " "email server when receiving email destined for the example.com domain." msgstr "" #. Tag: title #, no-c-format msgid "Using the MX resource record" msgstr "" #. Tag: screen #, no-c-format msgid "" "example.com. IN MX 10 mail.example.com.\n" " IN MX 20 mail2.example.com." msgstr "" #. Tag: term #, no-c-format msgid "" " BIND zones " "NS (Nameserver) resource record " " NS" msgstr "" #. Tag: para #, no-c-format msgid "" "The Nameserver record announces authoritative " "nameservers for a particular zone. It takes the following form:" msgstr "" #. Tag: screen #, no-c-format msgid "IN NS nameserver-name" msgstr "" #. Tag: para #, no-c-format msgid "" "The nameserver-name should be a fully qualified " "domain name (FQDN). Note that when two nameservers are listed as " "authoritative for the domain, it is not important whether these nameservers " "are secondary nameservers, or if one of them is a primary server. They are " "both still considered authoritative." msgstr "" #. Tag: title #, no-c-format msgid "Using the NS resource record" msgstr "" #. Tag: screen #, no-c-format msgid "" "IN NS dns1.example.com.\n" "IN NS dns2.example.com." msgstr "" #. Tag: term #, no-c-format msgid "" " BIND zones " "PTR (Pointer) resource record " " PTR" msgstr "" #. Tag: para #, no-c-format msgid "" "The Pointer record points to another part of the " "namespace. It takes the following form:" msgstr "" #. Tag: screen #, no-c-format msgid "" "last-IP-digit IN PTR FQDN-of-" "system" msgstr "" #. Tag: para #, no-c-format msgid "" "The last-IP-digit directive is the last number in" " an IP address, and the FQDN-of-system is a fully" " qualified domain name (FQDN)." msgstr "" #. Tag: para #, no-c-format msgid "" "PTR records are primarily used for reverse name " "resolution, as they point IP addresses back to a particular name. Refer to " " for more examples of" " PTR records in use." msgstr "" #. Tag: term #, no-c-format msgid "" " BIND zones " "SOA (Start of Authority) resource " "record SOA" msgstr "" #. Tag: para #, no-c-format msgid "" "The Start of Authority record announces important " "authoritative information about a namespace to the nameserver. Located after" " the directives, it is the first resource record in a zone file. It takes " "the following form:" msgstr "" #. Tag: screen #, no-c-format msgid "" "@ IN SOA primary-name-server hostmaster-email (\n" " serial-number\n" " time-to-refresh\n" " time-to-retry\n" " time-to-expire\n" " minimum-TTL )" msgstr "" #. Tag: para #, no-c-format msgid "The directives are as follows:" msgstr "" #. Tag: para #, no-c-format msgid "" "The @ symbol places the $ORIGIN " "directive (or the zone's name if the $ORIGIN directive is" " not set) as the namespace being defined by this SOA " "resource record." msgstr "" #. Tag: para #, no-c-format msgid "" "The primary-name-server directive is the hostname" " of the primary nameserver that is authoritative for this domain." msgstr "" #. Tag: para #, no-c-format msgid "" "The hostmaster-email directive is the email of " "the person to contact about the namespace." msgstr "" #. Tag: para #, no-c-format msgid "" "The serial-number directive is a numerical value " "incremented every time the zone file is altered to indicate it is time for " "the named service to reload the " "zone." msgstr "" #. Tag: para #, no-c-format msgid "" "The time-to-refresh directive is the numerical " "value secondary nameservers use to determine how long to wait before asking " "the primary nameserver if any changes have been made to the zone." msgstr "" #. Tag: para #, no-c-format msgid "" "The time-to-retry directive is a numerical value " "used by secondary nameservers to determine the length of time to wait before" " issuing a refresh request in the event that the primary nameserver is not " "answering. If the primary server has not replied to a refresh request before" " the amount of time specified in the time-to-" "expire directive elapses, the secondary servers stop " "responding as an authority for requests concerning that namespace." msgstr "" #. Tag: para #, no-c-format msgid "" "In BIND 4 and 8, the minimum-TTL directive is the" " amount of time other nameservers cache the zone's information. In BIND 9, " "it defines how long negative answers are cached for. Caching of negative " "answers can be set to a maximum of 3 hours (that is, )." msgstr "" #. Tag: para #, no-c-format msgid "" "When configuring BIND, all times are specified in seconds. However, it is " "possible to use abbreviations when specifying units of time other than " "seconds, such as minutes (M), hours " "(H), days (D), and weeks " "(W). shows an amount" " of time in seconds and the equivalent time in another format." msgstr "" #. Tag: title #, no-c-format msgid "Seconds compared to other time units" msgstr "Secondi paragonati ad altre unità di tempo" #. Tag: entry #, no-c-format msgid "Seconds" msgstr "Secondi" #. Tag: entry #, no-c-format msgid "Other Time Units" msgstr "Altre unità di tempo" #. Tag: entry #, no-c-format msgid "60" msgstr "" #. Tag: entry #, no-c-format msgid "1M" msgstr "" #. Tag: entry #, no-c-format msgid "1800" msgstr "1800" #. Tag: entry #, no-c-format msgid "30M" msgstr "" #. Tag: entry #, no-c-format msgid "3600" msgstr "3600" #. Tag: entry #, no-c-format msgid "1H" msgstr "" #. Tag: entry #, no-c-format msgid "10800" msgstr "10800" #. Tag: entry #, no-c-format msgid "3H" msgstr "" #. Tag: entry #, no-c-format msgid "21600" msgstr "21600" #. Tag: entry #, no-c-format msgid "6H" msgstr "" #. Tag: entry #, no-c-format msgid "43200" msgstr "43200" #. Tag: entry #, no-c-format msgid "12H" msgstr "" #. Tag: entry #, no-c-format msgid "86400" msgstr "86400" #. Tag: entry #, no-c-format msgid "1D" msgstr "" #. Tag: entry #, no-c-format msgid "259200" msgstr "259200" #. Tag: entry #, no-c-format msgid "3D" msgstr "" #. Tag: entry #, no-c-format msgid "604800" msgstr "604800" #. Tag: entry #, no-c-format msgid "1W" msgstr "" #. Tag: entry #, no-c-format msgid "31536000" msgstr "31536000" #. Tag: entry #, no-c-format msgid "365D" msgstr "" #. Tag: title #, no-c-format msgid "Using the SOA resource record" msgstr "" #. Tag: screen #, no-c-format msgid "" "@ IN SOA dns1.example.com. hostmaster.example.com. (\n" " 2001062501 ; serial\n" " 21600 ; refresh after 6 hours\n" " 3600 ; retry after 1 hour\n" " 604800 ; expire after 1 week\n" " 86400 ) ; minimum TTL of 1 day" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "BIND zones comment " "tags" msgstr "" #. Tag: para #, no-c-format msgid "" "Additionally to resource records and directives, a zone file can also " "contain comments. Comments are ignored by the named service, but can prove useful when " "providing additional information to the user. Any text after the semicolon " "character (that is, ;) to the end of the line is " "considered a comment. For example:" msgstr "" #. Tag: screen #, no-c-format msgid " 604800 ; expire after 1 week" msgstr "" #. Tag: title #, no-c-format msgid "Example Usage" msgstr "" #. Tag: para #, no-c-format msgid "The following examples show the basic usage of zone files." msgstr "" #. Tag: title #, no-c-format msgid "A Simple Zone File" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "BIND zones example " "usage" msgstr "" #. Tag: para #, no-c-format msgid "" " demonstrates the use " "of standard directives and SOA values." msgstr "" #. Tag: title #, no-c-format msgid "A simple zone file" msgstr "" #. Tag: screen #, no-c-format msgid "" "$ORIGIN example.com.\n" "$TTL 86400\n" "@ IN SOA dns1.example.com. hostmaster.example.com. (\n" " 2001062501 ; serial\n" " 21600 ; refresh after 6 hours\n" " 3600 ; retry after 1 hour\n" " 604800 ; expire after 1 week\n" " 86400 ) ; minimum TTL of 1 day\n" ";\n" ";\n" " IN NS dns1.example.com.\n" " IN NS dns2.example.com.\n" "dns1 IN A 10.0.1.1\n" " IN AAAA aaaa:bbbb::1\n" "dns2 IN A 10.0.1.2\n" " IN AAAA aaaa:bbbb::2\n" ";\n" ";\n" "@ IN MX 10 mail.example.com.\n" " IN MX 20 mail2.example.com.\n" "mail IN A 10.0.1.5\n" " IN AAAA aaaa:bbbb::5\n" "mail2 IN A 10.0.1.6\n" " IN AAAA aaaa:bbbb::6\n" ";\n" ";\n" "; This sample zone file illustrates sharing the same IP addresses\n" "; for multiple services:\n" ";\n" "services IN A 10.0.1.10\n" " IN AAAA aaaa:bbbb::10\n" " IN A 10.0.1.11\n" " IN AAAA aaaa:bbbb::11\n" "\n" "ftp IN CNAME services.example.com.\n" "www IN CNAME services.example.com.\n" ";\n" ";" msgstr "" #. Tag: para #, no-c-format msgid "" "In this example, the authoritative nameservers are set as dns1.example.com and dns2.example.com, and are tied to the " "10.0.1.1 and 10.0.1.2 IP addresses respectively using " "the A record." msgstr "" #. Tag: para #, no-c-format msgid "" "The email servers configured with the MX records point to" " mail and mail2 via A records. " "Since these names do not end in a trailing period (that is, the " ". character), the $ORIGIN domain is " "placed after them, expanding them to mail.example.com and mail2.example.com." msgstr "" #. Tag: para #, no-c-format msgid "" "Services available at the standard names, such as www.example.com (WWW), " "are pointed at the appropriate servers using the CNAME " "record." msgstr "" #. Tag: para #, no-c-format msgid "" "This zone file would be called into service with a zone " "statement in the /etc/named.conf similar to the " "following:" msgstr "" #. Tag: screen #, no-c-format msgid "" "zone \"example.com\" IN {\n" " type master;\n" " file \"example.com.zone\";\n" " allow-update { none; };\n" "};" msgstr "" #. Tag: title #, no-c-format msgid "A Reverse Name Resolution Zone File" msgstr "" #. Tag: para #, no-c-format msgid "" "A reverse name resolution zone file is used to translate an IP address in a " "particular namespace into an fully qualified domain name (FQDN). It looks " "very similar to a standard zone file, except that the PTR" " resource records are used to link the IP addresses to a fully qualified " "domain name as shown in ." msgstr "" #. Tag: title #, no-c-format msgid "A reverse name resolution zone file" msgstr "" #. Tag: screen #, no-c-format msgid "" "$ORIGIN 1.0.10.in-addr.arpa.\n" "$TTL 86400\n" "@ IN SOA dns1.example.com. hostmaster.example.com. (\n" " 2001062501 ; serial\n" " 21600 ; refresh after 6 hours\n" " 3600 ; retry after 1 hour\n" " 604800 ; expire after 1 week\n" " 86400 ) ; minimum TTL of 1 day\n" ";\n" "@ IN NS dns1.example.com.\n" ";\n" "1 IN PTR dns1.example.com.\n" "2 IN PTR dns2.example.com.\n" ";\n" "5 IN PTR server1.example.com.\n" "6 IN PTR server2.example.com.\n" ";\n" "3 IN PTR ftp.example.com.\n" "4 IN PTR ftp.example.com." msgstr "" #. Tag: para #, no-c-format msgid "" "In this example, IP addresses 10.0.1.1 through 10.0.1.6 are pointed to the corresponding " "fully qualified domain name." msgstr "" #. Tag: para #, no-c-format msgid "" "This zone file would be called into service with a " "statement in the /etc/named.conf file similar to the " "following:" msgstr "" #. Tag: screen #, no-c-format msgid "" "zone \"1.0.10.in-addr.arpa\" IN {\n" " type master;\n" " file \"example.com.rr.zone\";\n" " allow-update { none; };\n" "};" msgstr "" #. Tag: para #, no-c-format msgid "" "There is very little difference between this example and a standard " "zone statement, except for the zone name. Note that a " "reverse name resolution zone requires the first three blocks of the IP " "address reversed followed by .in-addr.arpa. This allows " "the single block of IP numbers used in the reverse name resolution zone file" " to be associated with the zone." msgstr "" #. Tag: title #, no-c-format msgid "Using the rndc Utility" msgstr "" #. Tag: para #, no-c-format msgid "" "The rndc utility is a command line tool that allows you " "to administer the named service, " "both locally and from a remote machine. Its usage is as follows:" msgstr "" #. Tag: screen #, no-c-format msgid "" "rndc [option...] " "command [command-" "option]" msgstr "" #. Tag: title #, no-c-format msgid "Configuring the Utility" msgstr "" #. Tag: para #, no-c-format msgid "" "To prevent unauthorized access to the service, named must be configured to listen on the " "selected port (that is, 953 by default), and an identical" " key must be used by both the service and the rndc " "utility." msgstr "" #. Tag: title #, no-c-format msgid "Relevant files" msgstr "" #. Tag: entry #, no-c-format msgid "" " BIND files " "/etc/named.conf " "/etc/named.conf" msgstr "" #. Tag: entry #, no-c-format msgid "" "The default configuration file for the named service." msgstr "" #. Tag: entry #, no-c-format msgid "" " BIND files " "/etc/rndc.conf " "/etc/rndc.conf" msgstr "" #. Tag: entry #, no-c-format msgid "" "The default configuration file for the rndc utility." msgstr "" #. Tag: entry #, no-c-format msgid "" " BIND files " "/etc/rndc.key " "/etc/rndc.key" msgstr "" #. Tag: entry #, no-c-format msgid "The default key location." msgstr "" #. Tag: para #, no-c-format msgid "" "The rndc configuration is located in " "/etc/rndc.conf. If the file does not exist, the utility" " will use the key located in /etc/rndc.key, which was " "generated automatically during the installation process using the rndc-confgen -a command." msgstr "" #. Tag: para #, no-c-format msgid "" "The named service is configured " "using the statement in the " "/etc/named.conf configuration file as described in " ". Unless this statement is" " present, only the connections from the loopback address (that is, " "127.0.0.1) will be allowed, and" " the key located in /etc/rndc.key will be used." msgstr "" #. Tag: para #, no-c-format msgid "" "For more information on this topic, refer to manual pages and the " "BIND 9 Administrator Reference Manual listed in ." msgstr "" #. Tag: title #, no-c-format msgid "Important: Set the Correct Permissions" msgstr "" #. Tag: para #, no-c-format msgid "" "To prevent unprivileged users from sending control commands to the service, " "make sure only root is allowed to read the " "/etc/rndc.key file:" msgstr "" #. Tag: screen #, no-c-format msgid "~]# chmod o-rwx /etc/rndc.key" msgstr "" #. Tag: title #, no-c-format msgid "Checking the Service Status" msgstr "" #. Tag: para #, no-c-format msgid "" "To check the current status of the named service, use the following command:" msgstr "" #. Tag: screen #, no-c-format msgid "" "~]# rndc status\n" "version: 9.7.0-P2-RedHat-9.7.0-5.P2.el6\n" "CPUs found: 1\n" "worker threads: 1\n" "number of zones: 16\n" "debug level: 0\n" "xfers running: 0\n" "xfers deferred: 0\n" "soa queries in progress: 0\n" "query logging is OFF\n" "recursive clients: 0/0/1000\n" "tcp clients: 0/100\n" "server is up and running" msgstr "" #. Tag: title #, no-c-format msgid "Reloading the Configuration and Zones" msgstr "" #. Tag: para #, no-c-format msgid "" "To reload both the configuration file and zones, type the following at a " "shell prompt:" msgstr "" #. Tag: screen #, no-c-format msgid "" "~]# rndc reload\n" "server reload successful" msgstr "" #. Tag: para #, no-c-format msgid "" "This will reload the zones while keeping all previously cached responses, so" " that you can make changes to the zone files without losing all stored name " "resolutions." msgstr "" #. Tag: para #, no-c-format msgid "" "To reload a single zone, specify its name after the " "reload command, for example:" msgstr "" #. Tag: screen #, no-c-format msgid "" "~]# rndc reload localhost\n" "zone reload up-to-date" msgstr "" #. Tag: para #, no-c-format msgid "" "Finally, to reload the configuration file and newly added zones only, type:" msgstr "" #. Tag: screen #, no-c-format msgid "~]# rndc reconfig" msgstr "" #. Tag: title #, no-c-format msgid "Note: Modyfying Zones with Dynamic DNS" msgstr "" #. Tag: para #, no-c-format msgid "" "If you intend to manually modify a zone that uses Dynamic DNS (DDNS), make " "sure you run the freeze command first:" msgstr "" #. Tag: screen #, no-c-format msgid "~]# rndc freeze localhost" msgstr "" #. Tag: para #, no-c-format msgid "" "Once you are finished, run the thaw command to allow the " "DDNS again and reload the zone:" msgstr "" #. Tag: screen #, no-c-format msgid "" "~]# rndc thaw localhost\n" "The zone reload and thaw was successful." msgstr "" #. Tag: title #, no-c-format msgid "Updating Zone Keys" msgstr "" #. Tag: para #, no-c-format msgid "" "To update the DNSSEC keys and sign the zone, use the sign" " command. For example:" msgstr "" #. Tag: screen #, no-c-format msgid "~]# rndc sign localhost" msgstr "" #. Tag: para #, no-c-format msgid "" "Note that to sign a zone with the above command, the option has to be set to maintain in the " "zone statement. For instance:" msgstr "" #. Tag: screen #, no-c-format msgid "" "zone \"localhost\" IN {\n" " type master;\n" " file \"named.localhost\";\n" " allow-update { none; };\n" " auto-dnssec maintain;\n" "};" msgstr "" #. Tag: title #, no-c-format msgid "Enabling the DNSSEC Validation" msgstr "" #. Tag: para #, no-c-format msgid "To enable the DNSSEC validation, type the following at a shell prompt:" msgstr "" #. Tag: screen #, no-c-format msgid "~]# rndc validation on" msgstr "" #. Tag: para #, no-c-format msgid "Similarly, to disable this option, type:" msgstr "" #. Tag: screen #, no-c-format msgid "~]# rndc validation off" msgstr "" #. Tag: para #, no-c-format msgid "" "Refer to the statement described in for information on how configure this" " option in /etc/named.conf." msgstr "" #. Tag: title #, no-c-format msgid "Enabling the Query Logging" msgstr "" #. Tag: para #, no-c-format msgid "" "To enable (or disable in case it is currently enabled) the query logging, " "run the following command:" msgstr "" #. Tag: screen #, no-c-format msgid "~]# rndc querylog" msgstr "" #. Tag: para #, no-c-format msgid "" "To check the current setting, use the status command as " "described in ." msgstr "" #. Tag: title #, no-c-format msgid "Using the dig Utility" msgstr "" #. Tag: para #, no-c-format msgid "" "The dig utility is a command line tool that allows you to" " perform DNS lookups and debug a nameserver configuration. Its typical usage" " is as follows:" msgstr "" #. Tag: screen #, no-c-format msgid "" "dig [@server] " "[option...] name " "type" msgstr "" #. Tag: para #, no-c-format msgid "" "Refer to for a list of common " "types." msgstr "" #. Tag: title #, no-c-format msgid "Looking Up a Nameserver" msgstr "" #. Tag: para #, no-c-format msgid "" "To look up a nameserver for a particular domain, use the command in the " "following form:" msgstr "" #. Tag: screen #, no-c-format msgid "dig name NS" msgstr "" #. Tag: para #, no-c-format msgid "" "In , the dig " "utility is used to display nameservers for example.com." msgstr "" #. Tag: title #, no-c-format msgid "A Sample Nameserver Lookup" msgstr "" #. Tag: screen #, no-c-format msgid "" "~]$ dig example.com NS\n" "\n" "; <<>> DiG 9.7.1-P2-RedHat-9.7.1-2.P2.fc13 <<>> example.com NS\n" ";; global options: +cmd\n" ";; Got answer:\n" ";; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57883\n" ";; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0\n" "\n" ";; QUESTION SECTION:\n" ";example.com. IN NS\n" "\n" ";; ANSWER SECTION:\n" "example.com. 99374 IN NS a.iana-servers.net.\n" "example.com. 99374 IN NS b.iana-servers.net.\n" "\n" ";; Query time: 1 msec\n" ";; SERVER: 10.34.255.7#53(10.34.255.7)\n" ";; WHEN: Wed Aug 18 18:04:06 2010\n" ";; MSG SIZE rcvd: 77" msgstr "" #. Tag: title #, no-c-format msgid "Looking Up an IP Address" msgstr "" #. Tag: para #, no-c-format msgid "" "To look up an IP address assigned to a particular domain, use the command in" " the following form:" msgstr "" #. Tag: screen #, no-c-format msgid "dig name A" msgstr "" #. Tag: para #, no-c-format msgid "" "In , the dig " "utility is used to display the IP address of example.com." msgstr "" #. Tag: title #, no-c-format msgid "A Sample IP Address Lookup" msgstr "" #. Tag: screen #, no-c-format msgid "" "~]$ dig example.com A\n" "\n" "; <<>> DiG 9.7.1-P2-RedHat-9.7.1-2.P2.fc13 <<>> example.com A\n" ";; global options: +cmd\n" ";; Got answer:\n" ";; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4849\n" ";; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0\n" "\n" ";; QUESTION SECTION:\n" ";example.com. IN A\n" "\n" ";; ANSWER SECTION:\n" "example.com. 155606 IN A 192.0.32.10\n" "\n" ";; AUTHORITY SECTION:\n" "example.com. 99175 IN NS a.iana-servers.net.\n" "example.com. 99175 IN NS b.iana-servers.net.\n" "\n" ";; Query time: 1 msec\n" ";; SERVER: 10.34.255.7#53(10.34.255.7)\n" ";; WHEN: Wed Aug 18 18:07:25 2010\n" ";; MSG SIZE rcvd: 93" msgstr "" #. Tag: title #, no-c-format msgid "Looking Up a Hostname" msgstr "" #. Tag: para #, no-c-format msgid "" "To look up a hostname for a particular IP address, use the command in the " "following form:" msgstr "" #. Tag: screen #, no-c-format msgid "" "dig " "address" msgstr "" #. Tag: para #, no-c-format msgid "" "In , the dig " "utility is used to display the hostname assigned to 192.0.32.10." msgstr "" #. Tag: title #, no-c-format msgid "A Sample Hostname Lookup" msgstr "" #. Tag: screen #, no-c-format msgid "" "~]$ dig -x 192.0.32.10\n" "\n" "; <<>> DiG 9.7.1-P2-RedHat-9.7.1-2.P2.fc13 <<>> -x 192.0.32.10\n" ";; global options: +cmd\n" ";; Got answer:\n" ";; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29683\n" ";; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 6\n" "\n" ";; QUESTION SECTION:\n" ";10.32.0.192.in-addr.arpa. IN PTR\n" "\n" ";; ANSWER SECTION:\n" "10.32.0.192.in-addr.arpa. 21600 IN PTR www.example.com.\n" "\n" ";; AUTHORITY SECTION:\n" "32.0.192.in-addr.arpa. 21600 IN NS b.iana-servers.org.\n" "32.0.192.in-addr.arpa. 21600 IN NS c.iana-servers.net.\n" "32.0.192.in-addr.arpa. 21600 IN NS d.iana-servers.net.\n" "32.0.192.in-addr.arpa. 21600 IN NS ns.icann.org.\n" "32.0.192.in-addr.arpa. 21600 IN NS a.iana-servers.net.\n" "\n" ";; ADDITIONAL SECTION:\n" "a.iana-servers.net. 13688 IN A 192.0.34.43\n" "b.iana-servers.org. 5844 IN A 193.0.0.236\n" "b.iana-servers.org. 5844 IN AAAA 2001:610:240:2::c100:ec\n" "c.iana-servers.net. 12173 IN A 139.91.1.10\n" "c.iana-servers.net. 12173 IN AAAA 2001:648:2c30::1:10\n" "ns.icann.org. 12884 IN A 192.0.34.126\n" "\n" ";; Query time: 156 msec\n" ";; SERVER: 10.34.255.7#53(10.34.255.7)\n" ";; WHEN: Wed Aug 18 18:25:15 2010\n" ";; MSG SIZE rcvd: 310" msgstr "" #. Tag: title #, no-c-format msgid "Advanced Features of BIND" msgstr "BIND: caratteristiche avanzate" #. Tag: para #, no-c-format msgid "" "Most BIND implementations only use the named service to provide name resolution " "services or to act as an authority for a particular domain. However, BIND " "version 9 has a number of advanced features that allow for a more secure and" " efficient DNS service." msgstr "" #. Tag: title #, no-c-format msgid "Important: Make Sure the Feature is Supported" msgstr "" #. Tag: para #, no-c-format msgid "" "Before attempting to use advanced features like DNSSEC, TSIG, or IXFR, make " "sure that the particular feature is supported by all nameservers in the " "network environment, especially when you use older versions of BIND or non-" "BIND servers." msgstr "" #. Tag: para #, no-c-format msgid "" "All of the features mentioned are discussed in greater detail in the " "BIND 9 Administrator Reference Manual referenced in " "." msgstr "" #. Tag: title #, no-c-format msgid "Multiple Views" msgstr "Visualizzazioni multiple" #. Tag: indexterm #, no-c-format msgid "" "BIND features multiple " "views" msgstr "" #. Tag: para #, no-c-format msgid "" "Optionally, different information can be presented to a client depending on " "the network a request originates from. This is primarily used to deny " "sensitive DNS entries from clients outside of the local network, while " "allowing queries from clients inside the local network." msgstr "" #. Tag: para #, no-c-format msgid "" "To configure multiple views, add the view statement to " "the /etc/named.conf configuration file. Use the match-clients option to match IP addresses or entire networks and " "give them special options and zone data." msgstr "" #. Tag: title #, no-c-format msgid "Incremental Zone Transfers (IXFR)" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "BIND features " "Incremental Zone Transfer (IXFR)" msgstr "" #. Tag: para #, no-c-format msgid "" "Incremental Zone Transfers " "(IXFR) allow a secondary nameserver to only download " "the updated portions of a zone modified on a primary nameserver. Compared to" " the standard transfer process, this makes the notification and update " "process much more efficient." msgstr "" #. Tag: indexterm #, no-c-format msgid "" "BIND features Automatic " "Zone Transfer (AXFR)" msgstr "" #. Tag: para #, no-c-format msgid "" "Note that IXFR is only available when using dynamic updating to make changes" " to master zone records. If manually editing zone files to make changes, " "Automatic Zone Transfer (AXFR)" " is used." msgstr "" #. Tag: title #, no-c-format msgid "Transaction SIGnatures (TSIG)" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "BIND features " "Transaction SIGnature (TSIG)" msgstr "" #. Tag: para #, no-c-format msgid "" "Transaction SIGnatures (TSIG) ensure that a shared " "secret key exists on both primary and secondary nameserver before allowing a" " transfer. This strengthens the standard IP address-based method of transfer" " authorization, since attackers would not only need to have access to the IP" " address to transfer the zone, but they would also need to know the secret " "key." msgstr "" #. Tag: para #, no-c-format msgid "" "Since version 9, BIND also supports TKEY, which is " "another shared secret key method of authorizing zone transfers." msgstr "" #. Tag: title #, no-c-format msgid "Important: Secure the Transfer" msgstr "" #. Tag: para #, no-c-format msgid "" "When communicating over an insecure network, do not rely on IP address-based" " authentication only." msgstr "" #. Tag: title #, no-c-format msgid "DNS Security Extensions (DNSSEC)" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "BIND features DNS " "Security Extensions (DNSSEC)" msgstr "" #. Tag: para #, no-c-format msgid "" "Domain Name System Security Extensions " "(DNSSEC) provide origin authentication of DNS data, " "authenticated denial of existence, and data integrity. When a particular " "domain is marked as secure, the SERFVAIL response is " "returned for each resource record that fails the validation." msgstr "" #. Tag: para #, no-c-format msgid "" "Note that to debug a DNSSEC-signed domain or a DNSSEC-aware resolver, you " "can use the dig utility as described in . Useful options are " "(requests DNSSEC-related resource records by setting the DNSSEC OK bit), " " (tells recursive nameserver not to validate the " "response), and (changes the packet size to " "512B to get through some firewalls)." msgstr "" #. Tag: title #, no-c-format msgid "Internet Protocol version 6 (IPv6)" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "BIND features Internet " "Protocol version 6 (IPv6)" msgstr "" #. Tag: para #, no-c-format msgid "" "Internet Protocol version 6 " "(IPv6) is supported through the use of " " resource records, and the directive as described in ." msgstr "" #. Tag: title #, no-c-format msgid "Common Mistakes to Avoid" msgstr "Errori comuni da evitare" #. Tag: indexterm #, no-c-format msgid "BIND common mistakes" msgstr "" #. Tag: para #, no-c-format msgid "" "The following is a list of advices how to avoid common mistakes users make " "when configuring a nameserver:" msgstr "" #. Tag: term #, no-c-format msgid "Use semicolons and curly brackets correctly" msgstr "" #. Tag: para #, no-c-format msgid "" "An omitted semicolon or unmatched curly bracket in the " "/etc/named.conf file can prevent the named service from starting." msgstr "" #. Tag: term #, no-c-format msgid "Use period (that is, the . character) correctly" msgstr "" #. Tag: para #, no-c-format msgid "" "In zone files, a period at the end of a domain name denotes a fully " "qualified domain name. If omitted, the named service will append the name of the " "zone or the value of to complete it." msgstr "" #. Tag: term #, no-c-format msgid "Increment the serial number when editing a zone file" msgstr "" #. Tag: para #, no-c-format msgid "" "If the serial number is not incremented, the primary nameserver will have " "the correct, new information, but the secondary nameservers will never be " "notified of the change, and will not attempt to refresh their data of that " "zone." msgstr "" #. Tag: term #, no-c-format msgid "Configure the firewall" msgstr "" #. Tag: para #, no-c-format msgid "" "If a firewall is blocking connections from the named service to other nameservers, the " "recommended best practice is to change the firewall settings whenever " "possible." msgstr "" #. Tag: title #, no-c-format msgid "Warning: Avoid Using Fixed UDP Source Ports" msgstr "" #. Tag: para #, no-c-format msgid "" "According to the recent research in DNS security, using a fixed UDP source " "port for DNS queries is a potential security vulnerability that could allow " "an attacker to conduct cache-poisoning attacks more easily. To prevent this," " configure your firewall to allow queries from a random UDP source port." msgstr "" #. Tag: title #, no-c-format msgid "Additional Resources" msgstr "Risorse aggiuntive" #. Tag: para #, no-c-format msgid "" "The following sources of information provide additional resources regarding " "BIND." msgstr "" "Le seguenti fonti potranno fornirvi ulteriori informazioni relative all'uso " "di BIND." #. Tag: title #, no-c-format msgid "Installed Documentation" msgstr "Documentazione installata" #. Tag: indexterm #, no-c-format msgid "" "BIND additional resources " "installed documentation" msgstr "" #. Tag: para #, no-c-format msgid "" "BIND features a full range of installed documentation covering many " "different topics, each placed in its own subject directory. For each item " "below, replace version with the version of the " "bind package installed on the system:" msgstr "" #. Tag: term #, no-c-format msgid "" "/usr/share/doc/bind-version/" msgstr "" #. Tag: para #, no-c-format msgid "The main directory containing the most recent documentation." msgstr "" #. Tag: term #, no-c-format msgid "" "/usr/share/doc/bind-version/arm/" msgstr "" #. Tag: para #, no-c-format msgid "" "The directory containing the BIND 9 Administrator Reference " "Manual in HTML and SGML formats, which details BIND resource " "requirements, how to configure different types of nameservers, how to " "perform load balancing, and other advanced topics. For most new users of " "BIND, this is the best place to start." msgstr "" #. Tag: term #, no-c-format msgid "" "/usr/share/doc/bind-version/draft/" msgstr "" #. Tag: para #, no-c-format msgid "" "The directory containing assorted technical documents that review issues " "related to the DNS service, and propose some methods to address them." msgstr "" #. Tag: term #, no-c-format msgid "" "/usr/share/doc/bind-version/misc/" msgstr "" #. Tag: para #, no-c-format msgid "" "The directory designed to address specific advanced issues. Users of BIND " "version 8 should consult the migration document for " "specific changes they must make when moving to BIND 9. The " "options file lists all of the options implemented in " "BIND 9 that are used in /etc/named.conf." msgstr "" #. Tag: term #, no-c-format msgid "" "/usr/share/doc/bind-version/rfc/" msgstr "" #. Tag: para #, no-c-format msgid "The directory providing every RFC document related to BIND." msgstr "" #. Tag: para #, no-c-format msgid "" "There is also a number of man pages for the various applications and " "configuration files involved with BIND:" msgstr "" #. Tag: term #, no-c-format msgid "man rndc" msgstr "" #. Tag: para #, no-c-format msgid "" "The manual page for rndc containing the full " "documentation on its usage." msgstr "" #. Tag: term #, no-c-format msgid "man named" msgstr "" #. Tag: para #, no-c-format msgid "" "The manual page for named " "containing the documentation on assorted arguments that can be used to " "control the BIND nameserver daemon." msgstr "" #. Tag: term #, no-c-format msgid "man lwresd" msgstr "" #. Tag: para #, no-c-format msgid "" "The manual page for lwresd " "containing the full documentation on the lightweight resolver daemon and its" " usage." msgstr "" #. Tag: term #, no-c-format msgid "man named.conf" msgstr "" #. Tag: para #, no-c-format msgid "" "The manual page with a comprehensive list of options available within the " "named configuration file." msgstr "" #. Tag: term #, no-c-format msgid "man rndc.conf" msgstr "" #. Tag: para #, no-c-format msgid "" "The manual page with a comprehensive list of options available within the " "rndc configuration file." msgstr "" #. Tag: title #, no-c-format msgid "Useful Websites" msgstr "Siti Web utili" #. Tag: indexterm #, no-c-format msgid "" "BIND additional resources " "useful websites" msgstr "" #. Tag: term #, no-c-format msgid "" msgstr "" #. Tag: para #, no-c-format msgid "" "The home page of the BIND project containing information about current " "releases as well as a PDF version of the BIND 9 Administrator " "Reference Manual." msgstr "" #. Tag: title #, no-c-format msgid "Related Books" msgstr "Libri correlati" #. Tag: indexterm #, no-c-format msgid "" "BIND additional resources " "related books" msgstr "" #. Tag: term #, no-c-format msgid "" "DNS and BIND by Paul Albitz and Cricket Liu; O'Reilly" " & Associates" msgstr "" #. Tag: para #, no-c-format msgid "" "A popular reference that explains both common and esoteric BIND " "configuration options, and provides strategies for securing a DNS server." msgstr "" #. Tag: term #, no-c-format msgid "" "The Concise Guide to DNS and BIND by Nicolai " "Langfeldt; Que" msgstr "" #. Tag: para #, no-c-format msgid "" "Looks at the connection between multiple network services and BIND, with an " "emphasis on task-oriented, technical topics." msgstr ""