Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 467 — #493
i
i
i
i
i
i
i
i
21
Linux in the Network
Line 2: The configuration file should activate reverse lookup for
the network 192.168.1.0. Given that the zone is called
1.168.192.in-addr.arpa, should not be added to the host
names. Therefore, all host names are entered in their complete form
— with their domain and with a . at the end. The remaining entries
correspond to those described for the previous world.cosmos ex-
ample.
Lines 3–7: See the previous example for world.cosmos.
Line 9: Again this line specifies the name server responsible for this zone.
This time, however, the name is entered in its complete form with the
domain and a . at the end.
Lines 11–13: These are the pointer records hinting at the IP addresses on
the respective hosts. Only the last part of the IP address is entered at
the beginning of the line, without the . at the end. Appending the
zone to this (without the .in-addr.arpa) results in the complete IP
address in reverse order.
Normally, zone transfers between different versions of BIND should be
possible without any problem.
21.7.7 Secure Transactions
Secure transactions can be made with the help of transaction signatures
(TSIGs) based on shared secret keys (also called TSIG keys). This section
describes how to generate and use such keys.
Secure transactions are needed for the communication between different
servers and for the dynamic update of zone data. Making the access con-
trol dependent on keys is much more secure than merely relying on IP ad-
dresses.
Generate a TSIG key with the following command (for details, see
man dnssec-keygen):
dnssec-keygen -a hmac-md5 -b 128 -n HOST host1-host2
This creates two files with names similar to these:
Khost1-host2.+157+34265.private Khost1-host2.+157+34265.key
467SUSE LINUX Enterprise Server