Bv9ARM.ch01.html revision 71c66a876ecca77923638d3f94cc0783152b2f03
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews - Copyright (C) 2000-2003 Internet Software Consortium.
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews - Permission to use, copy, modify, and distribute this software for any
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews - purpose with or without fee is hereby granted, provided that the above
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews - copyright notice and this permission notice appear in all copies.
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews - PERFORMANCE OF THIS SOFTWARE.
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<!-- $Id: Bv9ARM.ch01.html,v 1.30 2006/06/29 13:03:32 marka Exp $ -->
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<link rel="prev" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<link rel="next" href="Bv9ARM.ch02.html" title="Chapter�2.�BIND Resource Requirements">
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<table width="100%" summary="Navigation header">
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<tr><th colspan="3" align="center">Chapter�1.�Introduction</th></tr>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<a accesskey="p" href="Bv9ARM.html">Prev</a>�</td>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch02.html">Next</a>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<div class="titlepage"><div><div><h2 class="title">
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<a name="Bv9ARM.ch01"></a>Chapter�1.�Introduction</h2></div></div></div>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2569838">Scope of Document</a></span></dt>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2568778">Organization of This Document</a></span></dt>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2569737">Conventions Used in This Document</a></span></dt>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2570192">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2570213">DNS Fundamentals</a></span></dt>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2570247">Domains and Domain Names</a></span></dt>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2570331">Zones</a></span></dt>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2572661">Authoritative Name Servers</a></span></dt>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2572970">Caching Name Servers</a></span></dt>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2573032">Name Servers in Multiple Roles</a></span></dt>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews The Internet Domain Name System (<acronym class="acronym">DNS</acronym>)
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews consists of the syntax
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews to specify the names of entities in the Internet in a hierarchical
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews manner, the rules used for delegating authority over names, and the
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews system implementation that actually maps names to Internet
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews addresses. <acronym class="acronym">DNS</acronym> data is maintained in a
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews group of distributed
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews hierarchical databases.
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<div class="titlepage"><div><div><h2 class="title" style="clear: both">
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<a name="id2569838"></a>Scope of Document</h2></div></div></div>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews The Berkeley Internet Name Domain
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews (<acronym class="acronym">BIND</acronym>) implements an
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews domain name server for a number of operating systems. This
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews document provides basic information about the installation and
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews care of the Internet Systems Consortium (<acronym class="acronym">ISC</acronym>)
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews <acronym class="acronym">BIND</acronym> version 9 software package for
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews system administrators.
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews This version of the manual corresponds to BIND version 9.4.
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<div class="titlepage"><div><div><h2 class="title" style="clear: both">
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<a name="id2568778"></a>Organization of This Document</h2></div></div></div>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews In this document, <span class="emphasis"><em>Section 1</em></span> introduces
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews the basic <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym> concepts. <span class="emphasis"><em>Section 2</em></span>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews describes resource requirements for running <acronym class="acronym">BIND</acronym> in various
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews environments. Information in <span class="emphasis"><em>Section 3</em></span> is
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews <span class="emphasis"><em>task-oriented</em></span> in its presentation and is
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews organized functionally, to aid in the process of installing the
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews <acronym class="acronym">BIND</acronym> 9 software. The task-oriented
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews section is followed by
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews <span class="emphasis"><em>Section 4</em></span>, which contains more advanced
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews concepts that the system administrator may need for implementing
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews certain options. <span class="emphasis"><em>Section 5</em></span>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews describes the <acronym class="acronym">BIND</acronym> 9 lightweight
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews resolver. The contents of <span class="emphasis"><em>Section 6</em></span> are
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews organized as in a reference manual to aid in the ongoing
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews maintenance of the software. <span class="emphasis"><em>Section 7</em></span> addresses
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews security considerations, and
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews <span class="emphasis"><em>Section 8</em></span> contains troubleshooting help. The
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews main body of the document is followed by several
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews <span class="emphasis"><em>Appendices</em></span> which contain useful reference
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews information, such as a <span class="emphasis"><em>Bibliography</em></span> and
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews historic information related to <acronym class="acronym">BIND</acronym>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews and the Domain Name
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<div class="titlepage"><div><div><h2 class="title" style="clear: both">
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<a name="id2569737"></a>Conventions Used in This Document</h2></div></div></div>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews In this document, we use the following general typographic
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews conventions:
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews <span class="emphasis"><em>To describe:</em></span>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews <span class="emphasis"><em>We use the style:</em></span>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews a pathname, filename, URL, hostname,
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews mailing list name, or new term or concept
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews literal user
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews <strong class="userinput"><code>Fixed Width Bold</code></strong>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews program output
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews <code class="computeroutput">Fixed Width</code>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews The following conventions are used in descriptions of the
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews <acronym class="acronym">BIND</acronym> configuration file:</p>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews <span class="emphasis"><em>To describe:</em></span>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews <span class="emphasis"><em>We use the style:</em></span>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews Optional input
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews [<span class="optional">Text is enclosed in square brackets</span>]
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<div class="titlepage"><div><div><h2 class="title" style="clear: both">
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<a name="id2570192"></a>The Domain Name System (<acronym class="acronym">DNS</acronym>)</h2></div></div></div>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews The purpose of this document is to explain the installation
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews and upkeep of the <acronym class="acronym">BIND</acronym> software
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews package, and we
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews begin by reviewing the fundamentals of the Domain Name System
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews (<acronym class="acronym">DNS</acronym>) as they relate to <acronym class="acronym">BIND</acronym>.
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<div class="titlepage"><div><div><h3 class="title">
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<a name="id2570213"></a>DNS Fundamentals</h3></div></div></div>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews The Domain Name System (DNS) is a hierarchical, distributed
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews database. It stores information for mapping Internet host names to
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews addresses and vice versa, mail routing information, and other data
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews used by Internet applications.
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews Clients look up information in the DNS by calling a
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews <span class="emphasis"><em>resolver</em></span> library, which sends queries to one or
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews more <span class="emphasis"><em>name servers</em></span> and interprets the responses.
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews The <acronym class="acronym">BIND</acronym> 9 software distribution
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews name server, <span><strong class="command">named</strong></span>, and two resolver
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews libraries, <span><strong class="command">liblwres</strong></span> and <span><strong class="command">libbind</strong></span>.
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<div class="titlepage"><div><div><h3 class="title">
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<a name="id2570247"></a>Domains and Domain Names</h3></div></div></div>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews The data stored in the DNS is identified by <span class="emphasis"><em>domain names</em></span> that are organized as a tree according to
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews organizational or administrative boundaries. Each node of the tree,
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews called a <span class="emphasis"><em>domain</em></span>, is given a label. The domain
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews node is the concatenation of all the labels on the path from the
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews node to the <span class="emphasis"><em>root</em></span> node. This is represented
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews in written form as a string of labels listed from right to left and
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews separated by dots. A label need only be unique within its parent
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews For example, a domain name for a host at the
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews company <span class="emphasis"><em>Example, Inc.</em></span> could be
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews <code class="literal">ourhost.example.com</code>,
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews top level domain to which
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews <code class="literal">ourhost.example.com</code> belongs,
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews a subdomain of <code class="literal">com</code>, and
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews name of the host.
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews For administrative purposes, the name space is partitioned into
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews areas called <span class="emphasis"><em>zones</em></span>, each starting at a node and
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews extending down to the leaf nodes or to nodes where other zones
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews The data for each zone is stored in a <span class="emphasis"><em>name server</em></span>, which answers queries about the zone using the
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews <span class="emphasis"><em>DNS protocol</em></span>.
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews The data associated with each domain name is stored in the
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews form of <span class="emphasis"><em>resource records</em></span> (<acronym class="acronym">RR</acronym>s).
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews Some of the supported resource record types are described in
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews <a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them" title="Types of Resource Records and When to Use Them">the section called “Types of Resource Records and When to Use Them”</a>.
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews For more detailed information about the design of the DNS and
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews the DNS protocol, please refer to the standards documents listed in
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews <a href="Bv9ARM.ch09.html#rfcs" title="Request for Comments (RFCs)">the section called “Request for Comments (RFCs)”</a>.
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<div class="titlepage"><div><div><h3 class="title">
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews<a name="id2570331"></a>Zones</h3></div></div></div>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews To properly operate a name server, it is important to understand
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews the difference between a <span class="emphasis"><em>zone</em></span>
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews and a <span class="emphasis"><em>domain</em></span>.
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews As stated previously, a zone is a point of delegation in
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews the <acronym class="acronym">DNS</acronym> tree. A zone consists of
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews those contiguous parts of the domain
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews tree for which a name server has complete information and over which
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews it has authority. It contains all domain names from a certain point
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews downward in the domain tree except those which are delegated to
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews other zones. A delegation point is marked by one or more
ac0680e9ebb2dc4235e4381232c457876fae792fMark Andrews <span class="emphasis"><em>NS records</em></span> in the
<span><strong class="command">dig</strong></span> (<a href="Bv9ARM.ch03.html#diagnostic_tools" title="Diagnostic Tools">the section called “Diagnostic Tools”</a>).
at the <span class="emphasis"><em>top level</em></span> or <span class="emphasis"><em>apex</em></span>
that can do it, and that server would query the Internet <acronym class="acronym">DNS</acronym> servers