注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

天高云淡的博客

A bad beginning makes a bad ending.

 
 
 

日志

 
 

MyDNS 1.0.0 reference manual (2)  

2010-05-18 20:53:18|  分类: DNS |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |

3. Database

The default database name is `mydns'.

To specify a different name, edit the `database' variable in your `mydns.conf'.

You can freely add columns to the `mydns' database. You can also modify thecolumns that MyDNS uses, as long as you don't change their names.

The table layouts described here are for the tables created on a MySQLdatabase. If you're using PostgreSQL, the fields are pretty much the same;however, the field types are slightly different. You can runmydns --create-tables to see the exact table structures.

3.1 The `soa' table

The `soa' table contains one row for each zone for which the server isauthoritative.

The default values for the various timer fields are from RFC 1537.

`id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY' (MySQL)

`id SERIAL NOT NULL PRIMARY KEY' (PostgreSQL)
A unique number identifying this zone.

`origin CHAR(255) NOT NULL' (MySQL)

`origin VARCHAR(255) NOT NULL' (PostgreSQL)
The name of this zone. (Unique key)
ex: example.com.

`ns CHAR(255) NOT NULL' (MySQL)

`ns VARCHAR(255) NOT NULL' (PostgreSQL)
The name of the name server that was the original or primary source of datafor this zone. (meaningless to MyDNS)
ex: primary.example.com.

`mbox CHAR(255) NOT NULL' (MySQL)

`mbox VARCHAR(255) NOT NULL' (PostgreSQL)
A name which specifies the mailbox of the person responsible for this zone.This should be specified in the mailbox-as-domain-name format where the`@' character is replaced with a dot. (meaningless to MyDNS)
ex: postmaster.example.com.

`serial INT UNSIGNED NOT NULL DEFAULT '1'' (MySQL)

`serial INTEGER NOT NULL DEFAULT 1' (PostgreSQL)
A "version number" for this zone. DNS servers that rely on AXFR for zone transfersuse this to determine when updates have occurred. Popular values to use arethe Unix timestamp or a date in the form YYYYMMDD. (see section 4.4 Zone transfers).
ex: 20020529

`refresh INT UNSIGNED NOT NULL DEFAULT '28800'' (MySQL)

`refresh INTEGER NOT NULL DEFAULT 28800' (PostgreSQL)
The number of seconds after which slave nameservers should check to see ifthis zone has been changed. If the zone's serial number has changed, theslave nameserver initiates a zone transfer.(meaningless to MyDNS)
ex: 10800

`retry INT UNSIGNED NOT NULL DEFAULT '7200'' (MySQL)

`retry INTEGER NOT NULL DEFAULT 7200' (PostgreSQL)
This specifies the number of seconds a slave nameserver should wait beforeretrying if it attmepts to transfer this zone but fails.(meaningless to MyDNS)
ex: 3600

`expire INT UNSIGNED NOT NULL DEFAULT '604800'' (MySQL)

`expire INTEGER NOT NULL DEFAULT 604800' (PostgreSQL)
If for expire seconds the primary server cannot be reached,all information about the zone is invalidated on the secondaryservers (i.e., they are no longer authoritative for that zone).(meaningless to MyDNS)
ex: 60400

`minimum INT UNSIGNED NOT NULL DEFAULT '86400'' (MySQL)

`minimum INTEGER NOT NULL DEFAULT 86400' (PostgreSQL)
The minimum TTL field that should be exported with any RR from this zone. If anyRR in the database has a lower TTL, this TTL is sent instead.
ex: 86400

`ttl INT UNSIGNED NOT NULL DEFAULT '86400'' (MySQL)

`ttl INTEGER NOT NULL DEFAULT 86400' (PostgreSQL)
The number of seconds that this zone may be cached before thesource of the information should again be consulted. Zero values areinterpreted to mean that the zone should not be cached.
ex: 86400

3.2 The `rr' table

The `rr' table contains all non-SOA resource record types.

It has a unique key on the combination of zone, name, type, and data.

`id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY' (MySQL)

`id SERIAL NOT NULL PRIMARY KEY' (PostgreSQL)
A unique number identifying this record.

`zone INT UNSIGNED NOT NULL' (MySQL)

`zone INTEGER NOT NULL' (PostgreSQL)
The ID of the zone (from the `soa' table) to which this resource record belongs. (see section 3.1 The `soa' table).

For PostgreSQL databases, this column is also created with `FOREIGN KEY (zone) REFERENCES soa (id) ON DELETE CASCADE'.

`name CHAR(64) NOT NULL' (MySQL)

`name VARCHAR(64) NOT NULL' (PostgreSQL)
The name that this RR describes. Wildcard values such as `*' or `*.sub' aresupported, and this field can contain a FQDN or just a hostname. It may containout-of-zone data if this is a glue record.
ex: foo
ex: foo.example.com.

`type ENUM('A','AAAA','CNAME','HINFO','MX','NS','PTR','RP','SRV','TXT') NOT NULL' (MySQL)

`type VARCHAR(5) NOT NULL CHECK (type='A' ORtype='AAAA' OR type='CNAME' OR type='HINFO' OR type='MX' OR type='NS'OR type='PTR' OR type='RP' OR type='SRV' OR type='TXT')' (PostgreSQL)
The type of resource record. (see section 3.3 Supported RR types).

`data CHAR(128) NOT NULL' (MySQL)

`data VARCHAR(128) NOT NULL' (PostgreSQL)
The data associated with this resource record. See section 3.3 Supported RR types forspecifications and examples of the type of data each record type should contain.

`aux INT UNSIGNED NOT NULL' (MySQL)

`aux INTEGER NOT NULL default 0' (PostgreSQL)
An auxillary numeric value in addition to data. For `MX' records,this field specifies the preference. For `SRV' records, this fieldspecifies the priority.

`ttl INT UNSIGNED NOT NULL DEFAULT '86400'' (MySQL)

`ttl INTEGER NOT NULL default 86400' (PostgreSQL)
The time interval that this resource record may be cached before thesource of the information should again be consulted. Zero values areinterpreted to mean that the RR can only be used for the transactionin progress, and should not be cached.

3.3 Supported RR types

The `type' column in the `rr' table may contain any of the followingsupported resource record types:

`A'
A host address. The `data' column should contain the IP address (innumbers-and-dots format) associated with the `name'.

example: `192.168.1.88'

`AAAA'
An IPv6 host address. The `data' column should contain the IPv6 addressassociated with the `name'.

example: `3ffe:b00:c18:3::a'

`ALIAS'
A server side alias. An alias is like a CNAME, only it is handled entirelyby the server. The `data' column should contain the hostname aliasedby `name'. Aliases can be used in place of A records. The client willonly see A records and will not be able to tell that aliases are involved. The hostname specified by `data' must exist in the database.

It can be useful to use aliases for everything. Use A records for thecanonical name of the machine and use aliases for any additional names. This is especially useful when combined with automatic PTR records. If asingle IP address is only used for one A record, then there will never beany confusion over what the PTR record should be.

In order for server-side aliases to work, MyDNS must have been compiled withconfigure --enable-alias.

example: `albuquerque.example.com.' (FQDN)
example: `albuquerque' (hostname only)

`CNAME'
The canonical name for an alias. The `data' column should contain the real nameof the machine specified by `name'. `data' may be a hostname or an FQDN.

example: `porcini.example.com.' (FQDN)
example: `porcini' (hostname only)

`HINFO'
Host information. The `data' column should contain two strings which provide informationabout the host specified by `name'. The first string specifies the CPU type, and thesecond string describes the operating system type. The two strings should be separated bya space. If either string needs to contain a space, enclose it in quotation marks.

example: `"Pentium Pro" Linux'

`MX'
Mail exchange. The `data' column should contain the hostname or FQDN of a mail serverwhich will accept mail for the host specified by `name'. The `aux' column shouldcontain a preference for this mail server. Mail transfer agents prefer MX records withlower values in `aux'.

example: `ns0.example.com.' (FQDN)
example: `ns0' (hostname only)

`NS'
An authoritative nameserver. The `data' column should contain the hostname or FQDN of aserver which should be considered authoritative for the zone listed in `name'.

example: `france.example.com.' (FQDN)
example: `france' (hostname only)

`PTR'
A domain name pointer. These records, used only with IN-ADDR.ARPA zones, should contain thecanonical hostname of the machine referred to by `name' in `data'.

example: `webserver.example.com.'

`RP'
A responsible person. The `data' column should contain the DNS-encoded email address ofthe person responsible for the name requested, then a space, then a hostnamethat should return a TXT record containing additional information about the responsibleperson. If there is no such TXT record, the second value should contain a dot (`.').

example: `webmaster.example.com. contactinfo.example.com.'

`SRV'
Server location. Specifies the location of the server(s) for a specific protocol and domain. The `data'column must contain three space-separated values. The first value is a number specifying the weight forthis entry. The second field is a number specifying the port on the target host of this service. Thelast field is a name specifying the target host. The `aux' column should contain the priority ofthis target host. Targets with a lower priority are preferred.

For more information, read RFC 2782.

example: `0 9 server.example.com.' (FQDN)
example: `0 9 server' (hostname only)

`TXT'
A text string. The `data' column contains a text string that is returned only when a TXT queryis issued for the host specified by `name'.

example: `This is a string.'

3.4 Optional columns

Each of these columns is optional.

If these columns exist, MyDNS will notice this and enable additional codespecific to each optional field.

If you add any of these fields to your database, you must signal MyDNS torescan the tables by sending it a SIGHUP signal (see section 4.2 Signals).

3.4.1 any.active

Both the `soa' table and the `rr' table may contain a column called `active'.

If this column exists, it should contain a boolean value. This could be 0/1 (an integer),'Y'/'N', '1'/'0', or 'Active'/'Inactive'. For MySQL databases,an ENUM value is recommended.

If the active column is present, whenever records are retrieved fromthat table, the active column will be honored. If the row is inactive,it will be as if the row did not exist at all.

To create an `active' column on your `soa' table, for example, youmight issue SQL statements like this:

MySQL:

 
mysql> ALTER TABLE mydns.soa ADD COLUMN active ENUM('Y','N') NOT NULL;
mysql> ALTER TABLE mydns.soa ADD INDEX (active);

PostgreSQL:
 
mydns=# ALTER TABLE soa ADD COLUMN active INT;
mydns=# UPDATE soa SET active=1;
mydns=# ALTER TABLE soa ALTER COLUMN active SET NOT NULL;
mydns=# ALTER TABLE soa ALTER COLUMN active SET DEFAULT 1;

3.4.2 soa.xfer

If the `soa' table contains a column named `xfer' and DNS-basedzone transfers are enabled (see section 4.4 Zone transfers), the `xfer' columnwill be examined whenever a DNS-based zone transfer request is received.

The `xfer' column should contain one or more IP addresses separatedby commas. These IP addresses will be allowed to transfer the zone.

If the `xfer' column is empty, no DNS-based zone transfers will be allowedfor that zone.

The IP addresses in `xfer' may contain standard wildcard characters. Thus,if you want to grant zone transfer access for a particular zone to anyIP address, you would set `xfer' to `*'.

Addresses may also be specified in CIDR notation (i.e. 192.168.1.1/24)or in network/netmask notation (i.e. 192.168.1.1/255.255.0.0).

The `xfer' column may be any size you want, and whatever size you thinkwill be adequate for the IP address lists you intend to use.

To create an `xfer' column on your `soa' table, for example, youmight issue SQL statements like this:

MySQL:

 
mysql> ALTER TABLE mydns.soa ADD COLUMN xfer CHAR(255) NOT NULL;

PostgreSQL:
 
mydns=# ALTER TABLE soa ADD COLUMN xfer VARCHAR(255);
mydns=# UPDATE soa SET xfer='';
mydns=# ALTER TABLE soa ALTER COLUMN xfer SET NOT NULL;
mydns=# ALTER TABLE soa ALTER COLUMN xfer SET DEFAULT '';

4. Server


4.1 Caching

MyDNS uses a lightweight internal cache to speed up question resolution.When the DNS server receives a question, it descends through each labelin the name, looking for the first label that has any associatedresource records (see RFC 1034).

This means that a request for a name with lots of labels may require many databasequeries, most of which are likely to return no rows.

MyDNS stores positive results in its zone cache. The size of the zone cache isdetermined by the zone-cache-size variable in `mydns.conf'. Thezone-cache-size specifies the number of entries the zone cachemay contain at any given time. If the zone-cache-size is set to zero, thezone cache will be completely disabled, and the database will be queried everytime. Typically, the bigger your cache, the better MyDNS will perform. Largesites may consider a cache around 32768 entries. The default size is 8192entries.

The zone-cache-expire variable in `mydns.conf' specifies thenumber of seconds after which zone cache data expires. Most installationswill want to set this value fairly low, maybe 60 seconds or so. Thisway, the DNS data being served by MyDNS will never be more than 60 secondsbehind what is actually stored in the database. If your database changesinfrequently, set this value much higher.

If any RR stored in the zone data cache has a TTL that is shorter than thevalue of zone-cache-expire, the cached data will expire when the TTLexpires.

Once a complete reply has been constructed for a specific request (for example,IN A foo.example.com.), the completed reply will be stored in thereply cache. The size of the reply cache is determined by the reply-cache-sizevariable in `mydns.conf'. Entries in the reply cache expire afterreply-cache-expire seconds.

The reply cache is especially useful because if a match is found for a requestin the reply cache, MyDNS will not need to perform any database queries or evenvery much internal computation in order to return the reply.

A good way to check your cache configuration is to send SIGUSR2to your server:

 
# kill -USR2 `cat /var/run/mydns.pid`

The server will then output its cache status. For example

 
mydns: zone cache 47% useful (31385 hits, 15894 misses),
2143 collisions (5%), 100% full (8192 records),
12711624 bytes, avg life 27 sec
mydns: reply cache 84% useful (55200 hits, 10718 misses),
5707 collisions (14%), 100% full (8192 records),
3357269 bytes, avg life 38 sec

This tells you that MyDNS has been able to find the answer to a questionin the reply cache (avoiding all database queries) 84 percent of the time,and that the other 16 percent of the time, it was able to find the dataneeded in the zone cache 47 percent of the time.

When tweaking your cache sizes, the best clue in this output is the "avg life".This is the average amount of time an entry remains in the cache, between thetime it was first inserted and the time it was removed due to either expirationor because it was removed to make room for other, more commonly-requested entries.

If your "avg life" is extremely short (just a second or two) you should considerincreasing your cache size. Of course, if the average life is very short becauseyour zone data has extremely short TTL values, this is to be expected.

A very long zone-cache-expire/reply-cache-expire time meansthat the results returned by MyDNS are more likely to be out-of-date,especially if your database is constantly being updated. Most DNS datais not.


4.2 Signals

If you send `SIGHUP' to MyDNS, it empties its cache.

MyDNS responds to `SIGUSR1' by outputting some brief server statistics.

MyDNS responds to `SIGUSR2' by outputting cache statistics.

4.3 TCP support

MyDNS will process all TCP requests it receives if the configuration option`allow-tcp' is true. This is not usually necessary or recommended.TCP support will make the server run a little slower, and adenial-of-service attack is easier if TCP is allowed.

Some very large sites may require TCP support, however. If a response setwould exceed the UDP message size limit (512 bytes), MyDNS will set theTC (truncated) flag on its answer. Some clients will then fall back to TCP,which can handle such large answers. If TCP support is enabled, thoseclients can get their responses. Also, TCP support is required to performDNS-based zone transfers.

4.4 Zone transfers

MyDNS will allow zone transfers (via AXFR) if the configuration option`allow-axfr' is true. This is recommended only if you have anabsolute need for DNS-based zone transfers, such as if your secondaryname server is running BIND.

MyDNS does not support incremental zone transfers (IXFR).

If you need to support DNS-based zone transfers,you have to enable `allow-tcp'. (This is not true for BIND 9.)

You can specify IP access rules for DNS-based zone transfers by usingan optional column called `xfer' in the soa table.See section 3.4.2 soa.xfer.

4.5 Round robin

If your rr table contains more than one address record for the samename (but with different addresses, of course), MyDNS will serve them upin a random order each time.

Round robin is used only if all the address records found have an auxvalue of `0'. If any of the records have an aux value that isnon-zero, load balancing will be used instead. (See section 4.6 Load balancing.)

Note that MyDNS will also return multiple same-preference MX records inrandom order, to help equalize the load among same-preference MX hosts.

4.6 Load balancing

If your rr table contains more than one address record for the samename, and one or more of the records has an aux value greater thanzero, MyDNS will weight its response using the value in aux.

MyDNS uses the value in aux to determine the order in which addressesare listed. Clients usually start with the first address and work their waydown, so addresses that are usually listed first will bear the heaviestclient load.

A low value in aux makes an address record more likely to be listedfirst. The balancing algorithm causes servers with a lower aux to beselected more frequently than those with higher values, although all serverswill still be listed first occasionally, as the algorithm is partially random.

Records where aux is 0 (zero) will be listed first almost every time.Records where aux is 50,000 or greater will always be listed last.

Here's an example of how hosts were distributed on a 100,000 query testagainst ten hosts with aux values 10-100. The number shown is the number oftimes that host was listed first:

 
aux 10   51,211
aux 20 21,881
aux 30 10.983
aux 40 6,209
aux 50 3,661
aux 60 2,311
aux 70 1,526
aux 80 1,032
aux 90 675
aux 100 511

4.7 Logging queries

If MyDNS is started with the --verbose (-v) option, eachquery the server receives will be output via the logging mechanism specifiedin your configuration file (see section B.4 Miscellaneous configuration options.).

Each log line consists of the program name (and possibly the PID) followed by a colon,then seventeen fields separated by spaces. For example:

 
mydns: 25-Jul-2003 01:50:11+659583 #1 3987 UDP 192.168.1.1 IN ANY
bboy.net. NOERROR - 1 11 0 5 LOG Y

or

 
mydns: 25-Jul-2003 01:50:44+720684 #2 33848 UDP 192.168.1.1 IN ANY
bogus.example.com. NXDOMAIN No_matching_resource_records 1 0 1 0 LOG N

In order, here's what these fields mean:

  1. The date the query was received.

  2. The time the query was received, then a plus sign (`+'), then the numberof microseconds after the second the query was received.

  3. A pound sign (`#') followed by the server's internal ID number for thisquery. The internal ID numbers begin at 0 and advance sequentially.

  4. The query ID provided by the client. This is usually a seemingly-random 16-bitnumber used by the client to make sure the answer it receives matches the questionit asked.

  5. The transport used, always either TCP or UDP.

  6. The client IP address, in dotted-decimal notation.

  7. The query class, always IN.

  8. The query type, such as A, MX, NS, etc. (see section 3.3 Supported RR types).

  9. The name being requested.

  10. The result of the query. The following values are possible:
    NOERROR
    No error; the query was successful.

    FORMERR
    The server was unable to interpret the query.

    SERVFAIL
    MyDNS experienced an internal error, usually the result of some malformed data in the database.

    NXDOMAIN
    No resource records (of any type) exist matching the domain name requested.

    NOTIMP
    The requested type of query is not implemented.

    REFUSED
    The query was refused due to server policy. This usually happens because the client attemptedto AXFR a zone that they were not allowed to transfer, or because the client requesteda name within a zone for which the server is not authoritative.

  11. If the previous field was anything but NOERROR, this is a human-readable reasonwhy the query failed, with any space characters in the string converted into underscore (`_')characters. If the previous field was NOERROR, this field contains a dash (`-').

  12. The number of resource records included in the question section of the reply.

  13. The number of resource records included in the answer section of the reply.

  14. The number of resource records included in the authority section of the reply.

  15. The number of resource records included in the additional section of the reply.

  16. The word LOG.

  17. The character `Y' if this was a cached reply, `N' if it was not.

There is a script in the contrib/ directory of the source distribution calledstats.php that provides an example of how a script might read and parse these lines,in case you wanted to accumulate usage information or something.


  评论这张
 
阅读(868)| 评论(0)
推荐 转载

历史上的今天

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017