|
|
< Day Day Up > |
|
Each computer connected to a TCP/IP network, such as the Internet, is identified by its own IP address. IP addresses are difficult to remember, so a domain name version of each IP address is also used to identify a host. As described in Chapter 34, a domain name consists of two parts, the hostname and the domain. The hostname is the computer's specific name, and the domain identifies the network of which the computer is a part. The domains used for the United States usually have extensions that identify the type of host. For example, .edu is used for educational institutions and .com is used for businesses. International domains usually have extensions that indicate the country they are located in, such as .de for Germany or .au for Australia. The combination of a hostname, domain, and extension forms a unique name by which a computer can be referenced. The domain can, in turn, be split into further subdomains.
As you know, a computer on a network can still be identified only by its IP address, even if it has a hostname. You can use a hostname to reference a computer on a network, but this involves using the hostname to look up the corresponding IP address in a database. The network then uses the IP address, not the hostname, to access the computer. Before the advent of large TCP/IP networks, such as the Internet, it was feasible for each computer on a network to maintain a file with a list of all the hostnames and IP addresses of the computers connected on its network. Whenever a hostname was used, it was looked up in this file and the corresponding IP address was located. You can still do this on your own system for remote systems you access frequently.
As networks became larger, it became impractical-and, in the case of the Internet, impossible-for each computer to maintain its own list of all the domain names and IP addresses. To provide the service of translating domain addresses to IP addresses, databases of domain names were developed and placed on their own servers. To find the IP address of a domain name, you send a query to a name server, which then looks up the IP address for you and sends it back. In a large network, several name servers can cover different parts of the network. If a name server cannot find a particular IP address, it sends the query on to another name server that is more likely to have it.
If you are administering a network and you need to set up a name server for it, you can configure a Linux system to operate as a name server. To do so, you must start up a name server daemon and then wait for domain name queries. A name server makes use of several configuration files that enable it to answer requests. The name server software used on Linux systems is the Berkeley Internet Name Domain (BIND) server distributed by the Internet Software Consortium (www.isc.org). Chapter 34 describes the process of setting up a domain name server in detail.
Name servers are queried by resolvers. These are programs specially designed to obtain addresses from name servers. To use domain names on your system, you must configure your own resolver. Your local resolver is configured with your /etc/host.conf and /etc/resolv.conf files. You can use /etc/nsswitch in place of /etc/host.conf.
Your host.conf file lists resolver options (shown in Table 38-8). Each option can have several fields, separated by spaces or tabs. You can use a # at the beginning of a line to enter a comment. The options tell the resolver what services to use. The order of the list is important. The resolver begins with the first option listed and moves on to the next ones in turn. You can find the host.conf file in your /etc directory, along with other configuration files.
|
Options |
Description |
|---|---|
|
order |
Specifies sequence of name resolution methods: |
|
alert |
Checks addresses of remote sites attempting to access your system; you turn it on or off with the on and off options |
|
nospoof |
Confirms addresses of remote sites attempting to access your system |
|
trim |
Checks your local host's file; removes the domain name and checks only for the hostname; enables you to use only a hostname in your host file for an IP address |
|
multi |
Checks your local hosts file; allows a host to have several IP addresses; you turn it on or off with the on and off options |
In the next example of a host.conf file, the order option instructs your resolver first to look up names in your local /etc/hosts file, and then, if that fails, to query domain name servers. The system does not have multiple addresses.
Different functions in the standard C Library must be configured to operate on your Linux system. Previously, database-like services, such as password support and name services like NIS or DNS, directly accessed these functions, using a fixed search order. For GNU C Library 2.x, used on current versions of Linux, this configuration is carried out by a scheme called the Name Service Switch (NSS), which is based on the method of the same name used by Sun Microsystems Solaris 2 OS. The database sources and their lookup order are listed in the /etc/nsswitch.conf file.
The /etc/nsswitch.conf file holds entries for the different configuration files that can be controlled by NSS. The system configuration files that NSS supports are listed in Table 38-9. An entry consists of two fields: the service and the configuration specification. The service consists of the configuration file followed by a colon. The second field is the configuration specification for that file, which holds instructions on how the lookup procedure will work. The configuration specification can contain service specifications and action items. Service specifications are the services to search. Currently, valid service specifications are nis, nis-plus, files, db, dns, and compat (see Table 38-10). Not all are valid for each configuration file. For example, the dns service is valid only for the hosts file, whereas nis is valid for all files. The following example will first check the local /etc/password file and then NIS.
passwd: files nisplus
|
Files |
Description |
|---|---|
|
aliases |
Mail aliases, used by Sendmail |
|
ethers |
Ethernet numbers |
|
group |
Groups of users |
|
hosts |
Hostnames and numbers |
|
netgroup |
Network-wide list of hosts and users, used for access rules; C libraries before glibc 2.1 only support netgroups over NIS |
|
network |
Network names and numbers |
|
passwd |
User passwords |
|
protocols |
Network protocols |
|
publickey |
Public and secret keys for SecureRPC used by NFS and NIS+ |
|
rpc |
Remote procedure call names and numbers |
|
services |
Network services |
|
shadow |
Shadow user passwords |
|
Service |
Description |
|---|---|
|
files |
Checks corresponding /etc file for the configuration (for example, /etc/hosts for hosts); this service is valid for all files |
|
db |
Checks corresponding /var/db databases for the configuration; valid for all files except netgroup |
|
compat |
Valid only for passwd, group, and shadow files |
|
dns |
Checks the DNS service; valid only for hosts file |
|
nis |
Checks the NIS service; valid for all files |
|
nisplus |
NIS version 3 |
|
hesoid |
Uses Hesoid for lookup |
An action item specifies the action to take for a specific service. An action item is placed within brackets after a service. A configuration specification can list several services, each with its own action item. In the following example, the entry for the network file has a configuration specification that says to check the NIS service and, if not found, to check the /etc/protocols file:
protocols: nisplus [NOTFOUND=return] files
An action item consists of a status and an action. The status holds a possible result of a service lookup, and the action is the action to take if the status is true. Currently, the possible status values are SUCCESS, NOTFOUND, UNAVAIL, and TRYAGAIN (service temporarily unavailable). The possible actions are return and continue: return stops the lookup process for the configuration file, whereas continue continues on to the next listed service. In the preceding example, if the record is not found in NIS, the lookup process ends.
Shown here is a copy of the current Red Hat /etc/nsswitch.conf file, which lists commonly used entries. Comments and commented-out entries begin with a # sign.
 |
# # /etc/nsswitch.conf # # An example Name Service Switch config file. passwd: files nisplus shadow: files nisplus group: files nisplus hosts: files nisplus dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: nisplus publickey: nisplus automount: files nisplus aliases: files nisplus
|
|
|
< Day Day Up > |
|
| This HTML Help has been published using the chm2web software. |