| Previous | Table of Contents | Next |
The local resolver libraries are configured via a file named host.conf that’s located in the /etc directory. This file tells the resolver what services to use and in what order. This file is a plain ASCII file that lists resolver options, one per line. Fields in this file may be separated by spaces or tabs. The # character indicates the start of a comment.
Several options may be specified in the host.conf file, as shown in Table 25.2.
| Option | Description |
|---|---|
| order | Specifies in what order different name resolution mechanisms are tried. The specified resolving services are tried in the order listed. The following name resolution mechanisms are supported: hosts (attempts to resolve the name by looking in the local /etc/host file), bind (queries a DNS name server to resolve the name), and nis (uses the Network Information Service—NIS—protocol to try to resolve the host name). |
| alert | Takes off or on as arguments. If turned on, any attempt to spoof an IP address is logged via the syslog facility. |
| nospoof | If reverse resolution is used to match a host name to a specified address, resolves the host name that’s returned to verify that it does match the address that you queried. Prevents “spoofing” of IP addresses. Enabled by specifying nospoof on. Caution: Using this option can cause a noticeably additional load on the server. |
| trim | Takes a domain name as an argument. trim removes the domain name before performing an /etc/hosts lookup on the name. This allows you to put just the base host name in /etc/hosts without specifying the domain name. |
| multi | Takes off or on as arguments. Used only with host queries to determine whether a host is allowed to have more than one IP address specified in /etc/hosts. This option has no effect on NIS or DNS queries. |
The following is an example of an /etc/host.conf configuration file that uses these options:
# Sample /etc/host.conf file # # Lookup names via DNS first then fall back to /etc/hosts order bind hosts # We don’t have machines with multiple addresses multi off # check for IP address spoofing nospoof on # and warn us if someone attempts to spoof alert on # Trim the tristar.com domain name for host lookups trim tristar.com
This example shows a general resolver configuration for the domain tristar.com. The resolver looks up the host names by using DNS first and then tries the local /etc/hosts file.
NOTE: Specifying the local /etc/hosts file in the resolution search is a good idea. If for some reason your name servers should be unavailable, you can still resolve the names for hosts listed in your local hosts file. You should also keep a list of all your local hosts in your /etc/hosts files on each of your local computers.
Multiple IP addresses for a single machine are disabled. This host checks for IP address spoofing by re-resolving the host name that a reverse IP address lookup returns. This is a bit of a performance hit, but it helps make sure that no one is pretending to be a different host than they really are. Also, you’ve set up the resolver to warn you if an attempt to spoof is detected. Finally, the resolver trims the domain tristar.com from any host names that are looked up in the local /etc/hosts file.
Now that you’ve configured the basic behavior of the resolver library, you need to set up some information for the DNS portion of the resolver. You need to do this only if you’re using DNS for host name resolution—that is, by specifying bind in the order statement of the /etc/host.conf file. But then you wouldn’t be reading this chapter if you weren’t going to use DNS, would you?
The /etc/resolv.conf controls the way the resolver uses DNS to resolve host names. It specifies the DNS name servers to contact when resolving a host name and in what order to contact them. It also provides the local domain name and some clues as to how to guess at the domain name of hosts that are specified without a domain name.
Table 25.3 lists the valid options for the /etc/resolv.conf file.
| Option | Description |
|---|---|
| domain | Specifies the local domain name of this host. If it’s not given, the resolver tries to get the local domain name from the getdomainname() system call. |
| nameserver | Specifies the IP address of a DNS name server to contact for name resolution. You can list up to three name servers by using the nameserver option multiple times. The name servers are tried in the order listed. You should put your most reliable name server first so that queries don’t time out on a server that’s likely to be down. |
| search | Lists domains to try if no domain name is specified as part of a query host name. If no search option is given, the list of domains is created by using the local domain plus each parent domain of the local domain. |
| Previous | Table of Contents | Next |