[9] | 1 | .\" These numbers should match those in nonamed.c:
|
---|
| 2 | .ds ST "two seconds"
|
---|
| 3 | .ds MT "four seconds"
|
---|
| 4 | .ds LT "five minutes"
|
---|
| 5 | .ds HT "one hour"
|
---|
| 6 | .ds NI "256"
|
---|
| 7 | .TH NONAMED 8
|
---|
| 8 | .SH NAME
|
---|
| 9 | nonamed \- not a name daemon, but acts like one
|
---|
| 10 | .SH SYNOPSIS
|
---|
| 11 | .B nonamed
|
---|
| 12 | .RB [ \-qs ]
|
---|
| 13 | .RB [ \-d [\fIlevel\fP]]
|
---|
| 14 | .RB [ \-p
|
---|
| 15 | .IR port ]
|
---|
| 16 | .SH DESCRIPTION
|
---|
| 17 | .de SP
|
---|
| 18 | .if t .sp 0.4
|
---|
| 19 | .if n .sp
|
---|
| 20 | ..
|
---|
| 21 | .B Nonamed
|
---|
| 22 | is not a name daemon. It can answer simple queries from
|
---|
| 23 | .BR /etc/hosts ,
|
---|
| 24 | but anything else is relayed to a real name daemon.
|
---|
| 25 | .B Nonamed
|
---|
| 26 | maintaines a small cache of replies it has seen from a name daemon, and will
|
---|
| 27 | use this cache to minimize traffic if the machine is permanently connected
|
---|
| 28 | to the Internet, or to answer requests if the machine is often disconnected
|
---|
| 29 | from the Internet, i.e. a computer at home.
|
---|
| 30 | .PP
|
---|
| 31 | On startup
|
---|
| 32 | .B nonamed
|
---|
| 33 | sends a simple query to each of its name servers to see if one is up. This
|
---|
| 34 | is repeated every \*(LT in an "at home" situation, or when necessary if the
|
---|
| 35 | current name daemon doesn't respond. The first name server to answer is
|
---|
| 36 | used as the current name server to answer queries.
|
---|
| 37 | .PP
|
---|
| 38 | If no name servers are found in the DHCP data or
|
---|
| 39 | .BR /etc/hosts
|
---|
| 40 | then only the hosts file is used to answer queries, and any query for a name
|
---|
| 41 | not in that file gets a failure response.
|
---|
| 42 | .PP
|
---|
| 43 | .B Nonamed
|
---|
| 44 | accepts both UDP and TCP queries under Minix-vmd. Under standard MINIX 3
|
---|
| 45 | only UDP queries are accepted. \*(NI relayed UDP queries can be outstanding
|
---|
| 46 | before it forgets where the first one came from.
|
---|
| 47 | .PP
|
---|
| 48 | Using the hosts file,
|
---|
| 49 | .B nonamed
|
---|
| 50 | can answer simple DNS queries to translate a host name to an IP address, or
|
---|
| 51 | an IP address to a host name. Suppose
|
---|
| 52 | .B /etc/hosts
|
---|
| 53 | looks like this:
|
---|
| 54 | .PP
|
---|
| 55 | .RS
|
---|
| 56 | .ta +15n
|
---|
| 57 | .nf
|
---|
| 58 | 10.0.0.1 flotsam.cs.vu.nl\0www
|
---|
| 59 | 10.0.0.2 jetsam.cs.vu.nl
|
---|
| 60 | .fi
|
---|
| 61 | .RE
|
---|
| 62 | .PP
|
---|
| 63 | Then queries for the host names listed can be answered with the IP addresses
|
---|
| 64 | to the left of them. An alias like "www" above is seen as a CNAME for the
|
---|
| 65 | first host name on the line, in the same domain as the first host name if
|
---|
| 66 | unqualified (no dots). A reverse lookup for an IP address on the left is
|
---|
| 67 | answered by the first host name on the right. If more than one match is
|
---|
| 68 | possible then all matches are put in the answer, so all IP addresses of
|
---|
| 69 | multihomed hosts can be listed by multiple entries in the hosts file.
|
---|
| 70 | .PP
|
---|
| 71 | Requests for names like "flotsam.cs.vu.nl.cs.vu.nl" that are often generated
|
---|
| 72 | on a domain search for an already fully qualified domain name
|
---|
| 73 | are recognized and made to fail. This kludge avoids a lot of unnecessary
|
---|
| 74 | requests to possibly unreachable name servers and client timeouts.
|
---|
| 75 | .PP
|
---|
| 76 | The name "localhost" in any domain is given the IP address 127.0.0.1.
|
---|
| 77 | .PP
|
---|
| 78 | .B Nonamed
|
---|
| 79 | employs several timeouts for efficient operation:
|
---|
| 80 | .PP
|
---|
| 81 | If no UDP reply is seen in \*(MT then a new search is started for a name
|
---|
| 82 | server in the hope of finding one that does work.
|
---|
| 83 | A failing TCP connection will also invoke a search, the
|
---|
| 84 | TCP connection is then made to the new name server. A client using UDP will
|
---|
| 85 | retry eventually, a client using TCP will notice nothing but a short delay.
|
---|
| 86 | If a TCP connection fails after 5 tries then an answer is sought in the
|
---|
| 87 | hosts file, and failing that the connection is closed.
|
---|
| 88 | .PP
|
---|
| 89 | Any TCP operation is given \*(LT to show any action before the connection is
|
---|
| 90 | aborted.
|
---|
| 91 | .PP
|
---|
| 92 | UDP replies from a name server are put in a cache of by default 8 (16-bit
|
---|
| 93 | system) or 16 kilobytes (32-bit system). New queries are
|
---|
| 94 | first sought in the cache, and if found answered from the cache. An entry
|
---|
| 95 | in the cache is expired when the resource record with the smallest TTL (time
|
---|
| 96 | to live) expires, unless its expire time is artificially extended by the
|
---|
| 97 | "%stale" parameter (see below). An answer from the cache has all TTLs
|
---|
| 98 | appropriately lowered, and the AA bit ("answer authoritive") is cleared.
|
---|
| 99 | Any request answered by stale data is refreshed as soon as
|
---|
| 100 | .B nonamed
|
---|
| 101 | notices that one of the external name daemons is reachable.
|
---|
| 102 | .PP
|
---|
| 103 | Data is only cached if it is has "no error" result code, or a "no such
|
---|
| 104 | domain" result code with a SOA record in the name server section, and all
|
---|
| 105 | records have a nonzero TTL. The %stale parameter has no effect on the
|
---|
| 106 | decision to cache a result.
|
---|
| 107 | .PP
|
---|
| 108 | The cache is rewritten to the cache file \*(LT after a new entry has been
|
---|
| 109 | added. Mere changes to the order in the cache don't cause a rewrite.
|
---|
| 110 | .SS Configuration through /etc/hosts
|
---|
| 111 | The real name servers, stale data extension, and cache size can be
|
---|
| 112 | configured by special entries in the hosts file. For example:
|
---|
| 113 | .PP
|
---|
| 114 | .RS
|
---|
| 115 | .ta +\w'172.16.24.3'u+2m +\w'%nameserver'u+2m
|
---|
| 116 | .nf
|
---|
| 117 | 86400 %ttl # Answers from this file get this TTL
|
---|
| 118 | 2419200 %stale # Stale data may linger on for 4 weeks
|
---|
| 119 | 32768 %memory # 32k cache size
|
---|
| 120 | 10.0.0.1 %nameserver # flotsam
|
---|
| 121 | 172.16.24.3 %nameserver # dns1.example.com
|
---|
| 122 | 172.16.24.6 %nameserver # dns2.example.com
|
---|
| 123 | .SP
|
---|
| 124 | 10.0.0.1 flotsam.home.example.com\0www
|
---|
| 125 | 10.0.0.2 jetsam.home.example.com
|
---|
| 126 | .fi
|
---|
| 127 | .RE
|
---|
| 128 | .PP
|
---|
| 129 | In this example we have two machines, flotsam and jetsam, that are at home.
|
---|
| 130 | Answers from the hosts file get a TTL of one day, by default this is \*(HT.
|
---|
| 131 | Normally there is no connection to the Internet, so any stale data in the
|
---|
| 132 | cache is allowed to linger on for 2419200 seconds (4 weeks) before it is
|
---|
| 133 | finally discarded. The cache size is set to 32 kilobytes. The first name
|
---|
| 134 | server is the flotsam. On the flotsam itself this entry is ignored, but the
|
---|
| 135 | jetsam will now run its requests through flotsam if possible. This means
|
---|
| 136 | that both flotsam and jetsam use the cache of the flotsam. The other
|
---|
| 137 | nameserver entries are external name servers of the Internet provider.
|
---|
| 138 | .PP
|
---|
| 139 | If no nameservers are listed in the hosts file then they are obtained from
|
---|
| 140 | data gathered by DHCP. This is the preferred situation.
|
---|
| 141 | .PP
|
---|
| 142 | If the hosts file contains a line that says:
|
---|
| 143 | .PP
|
---|
| 144 | .RS
|
---|
| 145 | .BI include " file"
|
---|
| 146 | .RE
|
---|
| 147 | .PP
|
---|
| 148 | Then the current hosts file is closed and the file named is read next.
|
---|
| 149 | .SS "Automatic calling"
|
---|
| 150 | If your connection to the Internet is set up on demand, either in software
|
---|
| 151 | on the machine that has the modem, or by a special box such as an ISDN
|
---|
| 152 | router, then you need to filter the name server probes that
|
---|
| 153 | .B nonamed
|
---|
| 154 | sends out every \*(LT to see if a real name daemon is reachable. These
|
---|
| 155 | probes need to be recognized as packets that must not trigger a call, and
|
---|
| 156 | that must not keep the line up. You can either filter all IP packets
|
---|
| 157 | destined for port 53 decimal (the
|
---|
| 158 | .B domain
|
---|
| 159 | port). This may be a bit too much, the first packet out is often a normal
|
---|
| 160 | DNS request (not a probe), so you may want to do better. A probe by
|
---|
| 161 | .B nonamed
|
---|
| 162 | is a nonrecursive request for the name servers of the root domain. You
|
---|
| 163 | can recognize them by looking at the flags, they are all off. Here is a
|
---|
| 164 | typical probe in hex (twenty octets per line), followed by the names of
|
---|
| 165 | interesting fields, and the octets values you should look for:
|
---|
| 166 | .PP
|
---|
| 167 | .RS
|
---|
| 168 | .nf
|
---|
| 169 | 45 00 00 2D C8 19 00 00 1D 11 53 18 AC 10 66 41 AC 10 18 03
|
---|
| 170 | 00 35 00 35 00 19 79 93 00 00 00 00 00 01 00 00 00 00 00 00
|
---|
| 171 | 00 00 02 00 01
|
---|
| 172 | .SP
|
---|
| 173 | ip ip ip ip ip ip ip ip ip ip ip ip si si si si di di di di
|
---|
| 174 | sp sp dp dp xx xx xx xx id id fl fl qd qd an an ns ns ar ar
|
---|
| 175 | dn ty ty cl cl
|
---|
| 176 | .SP
|
---|
| 177 | 45 xx xx xx xx xx xx xx xx 11 xx xx xx xx xx xx xx xx xx xx
|
---|
| 178 | xx xx 00 35 xx xx xx xx xx xx 00 00 xx xx xx xx xx xx xx xx
|
---|
| 179 | xx xx xx xx xx
|
---|
| 180 | .SP
|
---|
| 181 | .fi
|
---|
| 182 | (ip = IP header, si = source IP, di = dest IP, sp = source port, dp = dest
|
---|
| 183 | port, id = DNS ID, fl = DNS flags, qd = query count, an = answer count, ns =
|
---|
| 184 | nameserver count, ar = additional records count, dn = domain (""), ty = type
|
---|
| 185 | (NS), cl = class (IN).)
|
---|
| 186 | .RE
|
---|
| 187 | .PP
|
---|
| 188 | So if a packet has octets 45, 11, 00 35, and 00 00 at the appropriate places
|
---|
| 189 | then don't let it cause a call. Read the documentation of your software/router
|
---|
| 190 | to find out how to do this. Hopefully it is possible to view the contents of
|
---|
| 191 | the packet that triggered the last call. If so you simply let
|
---|
| 192 | .B nonamed
|
---|
| 193 | bring up the line once with a probe.
|
---|
| 194 | .SS "Remote information"
|
---|
| 195 | The program version and name servers it is working with can be obtained with:
|
---|
| 196 | .PP
|
---|
| 197 | .RS
|
---|
| 198 | host \-r \-v \-c chaos \-t txt version.bind. \fIserver\fP
|
---|
| 199 | .RE
|
---|
| 200 | .PP
|
---|
| 201 | .I Server
|
---|
| 202 | is the name or IP address of the host whose name server you want to know
|
---|
| 203 | this of.
|
---|
| 204 | (This call is really an undocumented hack to ask the version numbers of the
|
---|
| 205 | BIND name daemon. It just had to be implemented for
|
---|
| 206 | .B nonamed
|
---|
| 207 | as well.)
|
---|
| 208 | .PP
|
---|
| 209 | The % variables in the hosts file can be viewed like this:
|
---|
| 210 | .PP
|
---|
| 211 | .RS
|
---|
| 212 | host \-r \-t a %nameserver. \fIserver\fP
|
---|
| 213 | .RE
|
---|
| 214 | .PP
|
---|
| 215 | Don't forget the dot at the end of the name. %ttl and %stale will be shown
|
---|
| 216 | as a dotted quad, e.g. 0.36.234.0. The proper value can be computed as 36 *
|
---|
| 217 | 65536 + 234 * 256 + 0 = 2419200.
|
---|
| 218 | .SH OPTIONS
|
---|
| 219 | The options are only useful when debugging
|
---|
| 220 | .BR nonamed ,
|
---|
| 221 | although it can be very instructive to watch DNS queries being done.
|
---|
| 222 | .TP
|
---|
| 223 | .BR \-d [\fIlevel\fP]
|
---|
| 224 | Set debugging level to
|
---|
| 225 | .I level
|
---|
| 226 | (by default
|
---|
| 227 | .BR 1 .)
|
---|
| 228 | Debug mode 1 makes
|
---|
| 229 | .B nonamed
|
---|
| 230 | decode and display the DNS queries and replies that it receives, sends and
|
---|
| 231 | relays. In debug mode 2 it prints tracing information about the internal
|
---|
| 232 | jobs it executes. In debug mode 3 it core dumps when an error causes it to
|
---|
| 233 | exit. The debugging level may also be increased by 1 at runtime by sending
|
---|
| 234 | signal
|
---|
| 235 | .B SIGUSR1
|
---|
| 236 | or turned off (set to 0) with
|
---|
| 237 | .BR SIGUSR2 .
|
---|
| 238 | .TP
|
---|
| 239 | .RB [ \-p " \fIport\fP]
|
---|
| 240 | Port to listen on instead of the normal
|
---|
| 241 | .B domain
|
---|
| 242 | port.
|
---|
| 243 | .TP
|
---|
| 244 | .RB [ \-q ]
|
---|
| 245 | Read the cache file with the debug level set to 2, causing its contents to
|
---|
| 246 | be printed, then exit.
|
---|
| 247 | .TP
|
---|
| 248 | .RB [ \-s ]
|
---|
| 249 | Run single: ignore hosts or cache file, only use the DHCP information. This
|
---|
| 250 | allows another
|
---|
| 251 | .B nonamed
|
---|
| 252 | to be run on a different interface to serve a few programs that run there.
|
---|
| 253 | .SH FILES
|
---|
| 254 | .TP 15n
|
---|
| 255 | /etc/hosts
|
---|
| 256 | Hosts to address translation table and configuration file.
|
---|
| 257 | .TP
|
---|
| 258 | /usr/run/nonamed.pid
|
---|
| 259 | Process ID of the currently running
|
---|
| 260 | .BR nonamed .
|
---|
| 261 | .TP
|
---|
| 262 | /usr/adm/nonamed.cache
|
---|
| 263 | Copy of the cache. Read when the program starts, written \*(LT after
|
---|
| 264 | something has been added to it, and written when a SIGTERM signal is
|
---|
| 265 | received, which is normally sent at system shutdown.
|
---|
| 266 | .TP
|
---|
| 267 | /usr/adm/dhcp.cache
|
---|
| 268 | Data gathered by the DHCP daemon. Among lots of other junk it lists name
|
---|
| 269 | servers that we should use.
|
---|
| 270 | .SH "SEE ALSO"
|
---|
| 271 | .BR gethostbyname (3),
|
---|
| 272 | .BR resolver (3),
|
---|
| 273 | .BR hosts (5),
|
---|
| 274 | .BR inet (8),
|
---|
| 275 | .BR boot (8),
|
---|
| 276 | .BR inetd (8),
|
---|
| 277 | .BR dhcpd (8).
|
---|
| 278 | .SP
|
---|
| 279 | .BR RFC-1034
|
---|
| 280 | and
|
---|
| 281 | .BR RFC-1035 .
|
---|
| 282 | .SH NOTES
|
---|
| 283 | Do not use the %stale parameter for a PC that is directly connected to the
|
---|
| 284 | Internet. You run the risk of getting wrong answers, a risk that is only
|
---|
| 285 | worth taking for a system that is mostly disconnected from the Internet.
|
---|
| 286 | .PP
|
---|
| 287 | You can specify one or more remote name servers in
|
---|
| 288 | .B /etc/resolv.conf
|
---|
| 289 | so that nonamed isn't needed. This will save memory, but you'll lose
|
---|
| 290 | .BR nonamed 's
|
---|
| 291 | cache and its "offline" tricks. That's no problem if you can use a
|
---|
| 292 | neighbouring name daemon on another PC at home.
|
---|
| 293 | .PP
|
---|
| 294 | The default cache size seems to be more than enough for normal use, but if
|
---|
| 295 | you do decide to make it larger then don't forget to increase the stack size
|
---|
| 296 | of the program under standard MINIX 3.
|
---|
| 297 | .PP
|
---|
| 298 | Don't let two
|
---|
| 299 | .BR nonamed 's
|
---|
| 300 | forward queries to each other. They will pingpong a query over the
|
---|
| 301 | network as fast as they can.
|
---|
| 302 | .SH BUGS
|
---|
| 303 | The idea of serving "stale DNS data" will probably make some purists
|
---|
| 304 | violently sick...
|
---|
| 305 | .SH AUTHOR
|
---|
| 306 | Kees J. Bot (kjb@cs.vu.nl)
|
---|