Network Configuration Files

As previously stated, five network configuration files can be modified to make changes to basic network interaction of your system. The files are

/etc/hosts A listing of addresses, hostnames, and aliases

/etc/services Network service and port connections

/etc/nsswitch.conf Linux network information service configuration

/etc/resolv.conf Domain name service domain (search) settings

/etc/host.conf Network information search order (by default, /etc/hosts and then DNS)

After these files are modified, the changes are active. As with most configuration files, comments can be added with a hash mark (#) preceding the comment. All of these files have a man page written about them for more information.

Adding Hosts to /etc/hosts

The /etc/hosts file is a map of IP to hostnames. If you are not using DNS or another naming service, and you are connected to a large network, this file can get quite large and can be a real headache to manage. A small /etc/hosts file can look something like this:

127.0.0.1 localhost

127.0.1.1 optimus

# The following lines are desirable for IPv6 capable hosts

::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts

The first entry is for the loopback entry. The second is for the name of the machine. If no naming service is in use on the network, the only host that myhost will recognize by name is yourhost. (IP addresses on the network can still be used.)

Service Settings in /etc/services

The /etc/services file maps port numbers to services. The first few lines look similar to this (the /etc/services file can be quite long, more than 500 lines):

# Each line describes one service, and is of the form:

# service-name port/protocol [aliases ...] [# comment]

# Each line describes one service, and is of the form:

# service-name port/protocol [aliases ...] [# comment]

tcpmux

1/tcp

#

TCP port service

multiplexer

tcpmux

1/udp

#

TCP port service

multiplexer

rje

5/tcp

#

Remote Job Entry

rje

5/udp

#

Remote Job Entry

echo

7/tcp

echo

7/udp

discard

9/tcp

sink null

discard

9/udp

sink null

systat

11/tcp

users

Typically, there are two entries for each service because most services can use either TCP or UDP for their transmissions. Usually after /etc/services is initially configured, you will not need to change it.

Using /etc/nsswitch.conf After Changing Naming Services

This file was initially developed by Sun Microsystems to specify the order in which services are accessed on the system. A number of services are listed in the /etc/nsswitch.conf file, but the most commonly modified entry is the hosts entry. A portion of the file can look like this:

passwd: group:

shadow:

compat compat compat hosts: networks:

files dns mdns files protocols: services: ethers: rpc:

db files db files db files db files netgroup: nis

This tells services that they should consult standard Unix/Linux files for passwd, shadow, and group (/etc/passwd, /etc/shadow, /etc/group, respectively) lookups. For host lookups, the system checks /etc/hosts and if there is no entry, it checks DNS. The commented hosts enTRy lists the possible values for hosts. Edit this file only if your naming service has changed.

Setting a Name Server with /etc/resolv.conf

/etc/resoiv.conf is used by DNS, the domain name service. (DNS is covered in detail in Chapter 27, "Using Perl".) The following is an example of resoiv.conf :

nameserver 192.172.3.8 nameserver 192.172.3.9 search mydomain.com

This sets the nameservers and the order of domains for DNS to use. The contents of this file will be set automatically if you use Dynamic Host Configuration Protocol, or DHCP (see the section on "Dynamic Host Configuration Protocol" later in this chapter).

Setting DNS Search Order with /etc/host.conf

The /etc/host.conf file lists the order in which your machine will search for hostname resolution. The following is the default /etc/host.conf file:

order hosts, bind

In this example, the host checks the /etc/hosts file first and then performs a DNS lookup. A couple more options control how the name service is used. The only reason to modify this file is if you use NIS for your name service or you want one of the optional services. The nospoof option can be a good option for system security. It compares a standard DNS lookup to a reverse lookup (host-to-IP then IP-to-host) and fails if the two don't match. The drawback is that often when proxy services are used, the lookup fails, so you want to use this with caution.

Was this article helpful?

0 0

Post a comment