doc/arm/Bv9ARM.ch01.html

	Bv9ARM.ch01.html revision 731cc132f22dbc9e0ecd7035dce314a61076d31b
9c49c394b4218cc9c743a372a8fcfb787f5ea8caAndreas Gustafsson<!--
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
9c49c394b4218cc9c743a372a8fcfb787f5ea8caAndreas Gustafsson - Copyright (C) 2000-2003 Internet Software Consortium.
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews -
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - Permission to use, copy, modify, and distribute this software for any
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - purpose with or without fee is hereby granted, provided that the above
9c49c394b4218cc9c743a372a8fcfb787f5ea8caAndreas Gustafsson - copyright notice and this permission notice appear in all copies.
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User -
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt - PERFORMANCE OF THIS SOFTWARE.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt-->
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<!-- $Id: Bv9ARM.ch01.html,v 1.42 2008/09/25 04:45:04 tbox Exp $ -->
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<html>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<head>
072440df4f65033eb058c06f2cc72be450606720Jeremy Reed<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
a8f6b2aa46f882c7c680b7bdab1dfb78a76787eaMark Andrews<title>Chapter�1.�Introduction</title>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
072440df4f65033eb058c06f2cc72be450606720Jeremy Reed<link rel="prev" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<link rel="next" href="Bv9ARM.ch02.html" title="Chapter�2.�BIND Resource Requirements">
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein</head>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<div class="navheader">
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<table width="100%" summary="Navigation header">
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<tr><th colspan="3" align="center">Chapter�1.�Introduction</th></tr>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<tr>
26e2a07a0b6a3b1eccef82ba31270d0c54ad4f06Mark Andrews<td width="20%" align="left">
c1a883f2e04d94e99c433b1f6cfd0c0338f4ed85Mark Andrews<a accesskey="p" href="Bv9ARM.html">Prev</a>�</td>
030aac3dbc57f99bad1d251b0783890ff0369952Automatic Updater<th width="60%" align="center">�</th>
d60212e03fbef1d3dd7f7eb05c0545cc373cb9fcAutomatic Updater<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch02.html">Next</a>
1b892cf691dd0907e0e75774df102dd4d92dd877Automatic Updater</td>
a9f68291c8db8111b88442635a04dfd35221411bAutomatic Updater</tr>
5fa46bc91672ef5737aee6f99763161511566c24Tinderbox User</table>
938440694b33cd752e9e4b71a526368b4811c177Tinderbox User<hr>
c10fda07d68c04221c2d552dc71a2de1352074cbTinderbox User</div>
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<div class="chapter" lang="en">
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<div class="titlepage"><div><div><h2 class="title">
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<a name="Bv9ARM.ch01"></a>Chapter�1.�Introduction</h2></div></div></div>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<div class="toc">
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<p><b>Table of Contents</b></p>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dl>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563405">Scope of Document</a></span></dt>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564385">Organization of This Document</a></span></dt>
f5d30e2864e048a42c4dc1134993ae7efdb5d6c3Mark Andrews<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564524">Conventions Used in This Document</a></span></dt>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564637">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dd><dl>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564659">DNS Fundamentals</a></span></dt>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564693">Domains and Domain Names</a></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564845">Zones</a></span></dt>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567243">Authoritative Name Servers</a></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567416">Caching Name Servers</a></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567546">Name Servers in Multiple Roles</a></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt</dl></dd>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt</dl>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt</div>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      The Internet Domain Name System (<acronym class="acronym">DNS</acronym>)
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      consists of the syntax
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      to specify the names of entities in the Internet in a hierarchical
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      manner, the rules used for delegating authority over names, and the
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      system implementation that actually maps names to Internet
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      addresses.  <acronym class="acronym">DNS</acronym> data is maintained in a
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      group of distributed
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      hierarchical databases.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    </p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="sect1" lang="en">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="titlepage"><div><div><h2 class="title" style="clear: both">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<a name="id2563405"></a>Scope of Document</h2></div></div></div>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<p>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        The Berkeley Internet Name Domain
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        (<acronym class="acronym">BIND</acronym>) implements a
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        domain name server for a number of operating systems. This
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt        document provides basic information about the installation and
30eec077db2bdcb6f2a0dc388a3cdde2ede75ec1Mark Andrews        care of the Internet Systems Consortium (<acronym class="acronym">ISC</acronym>)
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <acronym class="acronym">BIND</acronym> version 9 software package for
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt        system administrators.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      </p>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<p>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        This version of the manual corresponds to BIND version 9.4.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      </p>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein</div>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<div class="sect1" lang="en">
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<div class="titlepage"><div><div><h2 class="title" style="clear: both">
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<a name="id2564385"></a>Organization of This Document</h2></div></div></div>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<p>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        In this document, <span class="emphasis"><em>Section 1</em></span> introduces
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        the basic <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym> concepts. <span class="emphasis"><em>Section 2</em></span>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        describes resource requirements for running <acronym class="acronym">BIND</acronym> in various
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        environments. Information in <span class="emphasis"><em>Section 3</em></span> is
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <span class="emphasis"><em>task-oriented</em></span> in its presentation and is
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        organized functionally, to aid in the process of installing the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <acronym class="acronym">BIND</acronym> 9 software. The task-oriented
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        section is followed by
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <span class="emphasis"><em>Section 4</em></span>, which contains more advanced
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        concepts that the system administrator may need for implementing
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        certain options. <span class="emphasis"><em>Section 5</em></span>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        describes the <acronym class="acronym">BIND</acronym> 9 lightweight
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        resolver.  The contents of <span class="emphasis"><em>Section 6</em></span> are
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews        organized as in a reference manual to aid in the ongoing
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews        maintenance of the software. <span class="emphasis"><em>Section 7</em></span> addresses
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt        security considerations, and
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <span class="emphasis"><em>Section 8</em></span> contains troubleshooting help. The
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        main body of the document is followed by several
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <span class="emphasis"><em>appendices</em></span> which contain useful reference
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        information, such as a <span class="emphasis"><em>bibliography</em></span> and
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews        historic information related to <acronym class="acronym">BIND</acronym>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        and the Domain Name
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        System.
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews      </p>
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews</div>
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews<div class="sect1" lang="en">
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews<div class="titlepage"><div><div><h2 class="title" style="clear: both">
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<a name="id2564524"></a>Conventions Used in This Document</h2></div></div></div>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        In this document, we use the following general typographic
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        conventions:
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<div class="informaltable"><table border="1">
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<colgroup>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<col>
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews<col>
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews</colgroup>
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt<tbody>
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt<tr>
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt<td>
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt                <p>
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt                  <span class="emphasis"><em>To describe:</em></span>
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt                </p>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              </td>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                <p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  <span class="emphasis"><em>We use the style:</em></span>
30eec077db2bdcb6f2a0dc388a3cdde2ede75ec1Mark Andrews                </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt              </td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt</tr>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<tr>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                <p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                  a pathname, filename, URL, hostname,
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                  mailing list name, or new term or concept
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt              </td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                <p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                  <code class="filename">Fixed width</code>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt              </td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt</tr>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<tr>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                <p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                  literal user
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                  input
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt              </td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                <p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                  <strong class="userinput"><code>Fixed Width Bold</code></strong>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt              </td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt</tr>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<tr>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                <p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                  program output
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt              </td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                <p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                  <code class="computeroutput">Fixed Width</code>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt              </td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt</tr>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt</tbody>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt</table></div>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        The following conventions are used in descriptions of the
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <acronym class="acronym">BIND</acronym> configuration file:</p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<div class="informaltable"><table border="1">
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<colgroup>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<col>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<col>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt</colgroup>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<tbody>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<tr>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                  <p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                    <span class="emphasis"><em>To describe:</em></span>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                  </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                </td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                  <p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                    <span class="emphasis"><em>We use the style:</em></span>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                  </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                </td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt</tr>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<tr>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                  <p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                    keywords
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                  </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                </td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                  <p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                    <code class="literal">Fixed Width</code>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                  </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                </td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt</tr>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<tr>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                  <p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                    variables
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                  </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                </td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                  <p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                    <code class="varname">Fixed Width</code>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                  </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                </td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt</tr>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<tr>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                  <p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                    Optional input
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                  </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                </td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                  <p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                    [<span class="optional">Text is enclosed in square brackets</span>]
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                  </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt                </td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt</tr>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt</tbody>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt</table></div>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt</div>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<div class="sect1" lang="en">
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<div class="titlepage"><div><div><h2 class="title" style="clear: both">
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<a name="id2564637"></a>The Domain Name System (<acronym class="acronym">DNS</acronym>)</h2></div></div></div>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        The purpose of this document is to explain the installation
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        and upkeep of the <acronym class="acronym">BIND</acronym> (Berkeley Internet
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        Name Domain) software package, and we
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        begin by reviewing the fundamentals of the Domain Name System
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        (<acronym class="acronym">DNS</acronym>) as they relate to <acronym class="acronym">BIND</acronym>.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<div class="sect2" lang="en">
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<div class="titlepage"><div><div><h3 class="title">
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<a name="id2564659"></a>DNS Fundamentals</h3></div></div></div>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          The Domain Name System (DNS) is a hierarchical, distributed
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          database.  It stores information for mapping Internet host names to
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          IP
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          addresses and vice versa, mail routing information, and other data
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          used by Internet applications.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          Clients look up information in the DNS by calling a
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <span class="emphasis"><em>resolver</em></span> library, which sends queries to one or
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          more <span class="emphasis"><em>name servers</em></span> and interprets the responses.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          The <acronym class="acronym">BIND</acronym> 9 software distribution
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          contains a
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          name server, <span><strong class="command">named</strong></span>, and a resolver
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          library, <span><strong class="command">liblwres</strong></span>.  The older
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <span><strong class="command">libbind</strong></span> resolver library is also available
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          from ISC as a separate download.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt</div>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<div class="sect2" lang="en">
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<div class="titlepage"><div><div><h3 class="title">
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<a name="id2564693"></a>Domains and Domain Names</h3></div></div></div>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          The data stored in the DNS is identified by <span class="emphasis"><em>domain names</em></span> that are organized as a tree according to
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          organizational or administrative boundaries. Each node of the tree,
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          called a <span class="emphasis"><em>domain</em></span>, is given a label. The domain
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          name of the
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          node is the concatenation of all the labels on the path from the
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          node to the <span class="emphasis"><em>root</em></span> node.  This is represented
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          in written form as a string of labels listed from right to left and
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          separated by dots. A label need only be unique within its parent
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          domain.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          For example, a domain name for a host at the
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          company <span class="emphasis"><em>Example, Inc.</em></span> could be
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <code class="literal">ourhost.example.com</code>,
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          where <code class="literal">com</code> is the
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          top level domain to which
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <code class="literal">ourhost.example.com</code> belongs,
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <code class="literal">example</code> is
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          a subdomain of <code class="literal">com</code>, and
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <code class="literal">ourhost</code> is the
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          name of the host.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          For administrative purposes, the name space is partitioned into
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          areas called <span class="emphasis"><em>zones</em></span>, each starting at a node and
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          extending down to the leaf nodes or to nodes where other zones
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          start.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          The data for each zone is stored in a <span class="emphasis"><em>name server</em></span>, which answers queries about the zone using the
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <span class="emphasis"><em>DNS protocol</em></span>.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          The data associated with each domain name is stored in the
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          form of <span class="emphasis"><em>resource records</em></span> (<acronym class="acronym">RR</acronym>s).
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          Some of the supported resource record types are described in
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them" title="Types of Resource Records and When to Use Them">the section called &#8220;Types of Resource Records and When to Use Them&#8221;</a>.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          For more detailed information about the design of the DNS and
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          the DNS protocol, please refer to the standards documents listed in
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <a href="Bv9ARM.ch09.html#rfcs" title="Request for Comments (RFCs)">the section called &#8220;Request for Comments (RFCs)&#8221;</a>.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt</div>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<div class="sect2" lang="en">
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<div class="titlepage"><div><div><h3 class="title">
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<a name="id2564845"></a>Zones</h3></div></div></div>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          To properly operate a name server, it is important to understand
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          the difference between a <span class="emphasis"><em>zone</em></span>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          and a <span class="emphasis"><em>domain</em></span>.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          As stated previously, a zone is a point of delegation in
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          the <acronym class="acronym">DNS</acronym> tree. A zone consists of
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          those contiguous parts of the domain
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          tree for which a name server has complete information and over which
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          it has authority. It contains all domain names from a certain point
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          downward in the domain tree except those which are delegated to
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          other zones. A delegation point is marked by one or more
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <span class="emphasis"><em>NS records</em></span> in the
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          parent zone, which should be matched by equivalent NS records at
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          the root of the delegated zone.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          For instance, consider the <code class="literal">example.com</code>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          domain which includes names
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          such as <code class="literal">host.aaa.example.com</code> and
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <code class="literal">host.bbb.example.com</code> even though
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          the <code class="literal">example.com</code> zone includes
30eec077db2bdcb6f2a0dc388a3cdde2ede75ec1Mark Andrews          only delegations for the <code class="literal">aaa.example.com</code> and
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <code class="literal">bbb.example.com</code> zones.  A zone can
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          map
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          exactly to a single domain, but could also include only part of a
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          domain, the rest of which could be delegated to other
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          name servers. Every name in the <acronym class="acronym">DNS</acronym>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          tree is a
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <span class="emphasis"><em>domain</em></span>, even if it is
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <span class="emphasis"><em>terminal</em></span>, that is, has no
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <span class="emphasis"><em>subdomains</em></span>.  Every subdomain is a domain and
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          every domain except the root is also a subdomain. The terminology is
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          not intuitive and we suggest that you read RFCs 1033, 1034 and 1035
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          to
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          gain a complete understanding of this difficult and subtle
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          topic.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </p>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<p>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          Though <acronym class="acronym">BIND</acronym> is called a "domain name
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          server",
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          it deals primarily in terms of zones. The master and slave
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          declarations in the <code class="filename">named.conf</code> file
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          specify
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          zones, not domains. When you ask some other site if it is willing to
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          be a slave server for your <span class="emphasis"><em>domain</em></span>, you are
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          actually asking for slave service for some collection of zones.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </p>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein</div>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<div class="sect2" lang="en">
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<div class="titlepage"><div><div><h3 class="title">
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<a name="id2567243"></a>Authoritative Name Servers</h3></div></div></div>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          Each zone is served by at least
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          one <span class="emphasis"><em>authoritative name server</em></span>,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          which contains the complete data for the zone.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          To make the DNS tolerant of server and network failures,
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          most zones have two or more authoritative servers, on
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          different networks.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          Responses from authoritative servers have the "authoritative
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          answer" (AA) bit set in the response packets.  This makes them
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          easy to identify when debugging DNS configurations using tools like
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <span><strong class="command">dig</strong></span> (<a href="Bv9ARM.ch03.html#diagnostic_tools" title="Diagnostic Tools">the section called &#8220;Diagnostic Tools&#8221;</a>).
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<div class="sect3" lang="en">
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<div class="titlepage"><div><div><h4 class="title">
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<a name="id2567267"></a>The Primary Master</h4></div></div></div>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            The authoritative server where the master copy of the zone
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            data is maintained is called the
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            <span class="emphasis"><em>primary master</em></span> server, or simply the
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            <span class="emphasis"><em>primary</em></span>.  Typically it loads the zone
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            contents from some local file edited by humans or perhaps
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            generated mechanically from some other local file which is
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            edited by humans.  This file is called the
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            <span class="emphasis"><em>zone file</em></span> or
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            <span class="emphasis"><em>master file</em></span>.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt            In some cases, however, the master file may not be edited
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt            by humans at all, but may instead be the result of
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            <span class="emphasis"><em>dynamic update</em></span> operations.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt</div>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<div class="sect3" lang="en">
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<div class="titlepage"><div><div><h4 class="title">
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<a name="id2567297"></a>Slave Servers</h4></div></div></div>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            The other authoritative servers, the <span class="emphasis"><em>slave</em></span>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            servers (also known as <span class="emphasis"><em>secondary</em></span> servers)
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            load
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            the zone contents from another server using a replication process
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            known as a <span class="emphasis"><em>zone transfer</em></span>.  Typically the data
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            are
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            transferred directly from the primary master, but it is also
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            possible
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            to transfer it from another slave.  In other words, a slave server
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            may itself act as a master to a subordinate slave server.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt</div>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<div class="sect3" lang="en">
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<div class="titlepage"><div><div><h4 class="title">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<a name="id2567386"></a>Stealth Servers</h4></div></div></div>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            Usually all of the zone's authoritative servers are listed in
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            NS records in the parent zone.  These NS records constitute
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            a <span class="emphasis"><em>delegation</em></span> of the zone from the parent.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            The authoritative servers are also listed in the zone file itself,
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            at the <span class="emphasis"><em>top level</em></span> or <span class="emphasis"><em>apex</em></span>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            of the zone.  You can list servers in the zone's top-level NS
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            records that are not in the parent's NS delegation, but you cannot
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            list servers in the parent's delegation that are not present at
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            the zone's top level.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            A <span class="emphasis"><em>stealth server</em></span> is a server that is
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            authoritative for a zone but is not listed in that zone's NS
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            records.  Stealth servers can be used for keeping a local copy of
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            a
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            zone to speed up access to the zone's records or to make sure that
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            the
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt            zone is available even if all the "official" servers for the zone
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            are
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            inaccessible.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            A configuration where the primary master server itself is a
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            stealth server is often referred to as a "hidden primary"
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            configuration.  One use for this configuration is when the primary
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            master
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            is behind a firewall and therefore unable to communicate directly
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            with the outside world.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt</div>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt</div>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<div class="sect2" lang="en">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="titlepage"><div><div><h3 class="title">
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<a name="id2567416"></a>Caching Name Servers</h3></div></div></div>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          The resolver libraries provided by most operating systems are
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <span class="emphasis"><em>stub resolvers</em></span>, meaning that they are not
21d493fc392d472086ad3c7c4563b7cadcb06788Mark Andrews          capable of
21d493fc392d472086ad3c7c4563b7cadcb06788Mark Andrews          performing the full DNS resolution process by themselves by talking
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          directly to the authoritative servers.  Instead, they rely on a
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          local
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          name server to perform the resolution on their behalf.  Such a
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          server
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          is called a <span class="emphasis"><em>recursive</em></span> name server; it performs
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <span class="emphasis"><em>recursive lookups</em></span> for local clients.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          To improve performance, recursive servers cache the results of
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          the lookups they perform.  Since the processes of recursion and
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          caching are intimately connected, the terms
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <span class="emphasis"><em>recursive server</em></span> and
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <span class="emphasis"><em>caching server</em></span> are often used synonymously.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          The length of time for which a record may be retained in
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          the cache of a caching name server is controlled by the
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          Time To Live (TTL) field associated with each resource record.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<div class="sect3" lang="en">
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<div class="titlepage"><div><div><h4 class="title">
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<a name="id2567520"></a>Forwarding</h4></div></div></div>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            Even a caching name server does not necessarily perform
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            the complete recursive lookup itself.  Instead, it can
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            <span class="emphasis"><em>forward</em></span> some or all of the queries
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            that it cannot satisfy from its cache to another caching name
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            server,
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            commonly referred to as a <span class="emphasis"><em>forwarder</em></span>.
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt          </p>
6ad1eab597456687386f5e41d17d0bceeacef2d2Jeremy C. Reed<p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            There may be one or more forwarders,
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            and they are queried in turn until the list is exhausted or an
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            answer
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            is found. Forwarders are typically used when you do not
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            wish all the servers at a given site to interact directly with the
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            rest of
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            the Internet servers. A typical scenario would involve a number
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            of internal <acronym class="acronym">DNS</acronym> servers and an
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            Internet firewall. Servers unable
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt            to pass packets through the firewall would forward to the server
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt            that can do it, and that server would query the Internet <acronym class="acronym">DNS</acronym> servers
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt            on the internal server's behalf.
6ad1eab597456687386f5e41d17d0bceeacef2d2Jeremy C. Reed          </p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt</div>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt</div>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<div class="sect2" lang="en">
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<div class="titlepage"><div><div><h3 class="title">
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<a name="id2567546"></a>Name Servers in Multiple Roles</h3></div></div></div>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<p>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          The <acronym class="acronym">BIND</acronym> name server can
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          simultaneously act as
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          a master for some zones, a slave for other zones, and as a caching
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          (recursive) server for a set of local clients.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </p>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt<p>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt          However, since the functions of authoritative name service
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt          and caching/recursive name service are logically separate, it is
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          often advantageous to run them on separate server machines.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          A server that only provides authoritative name service
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          (an <span class="emphasis"><em>authoritative-only</em></span> server) can run with
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          recursion disabled, improving reliability and security.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          A server that is not authoritative for any zones and only provides
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          recursive service to local
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          clients (a <span class="emphasis"><em>caching-only</em></span> server)
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrews          does not need to be reachable from the Internet at large and can
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrews          be placed inside a firewall.
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrews        </p>
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrews</div>
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrews</div>
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrews</div>
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrews<div class="navfooter">
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrews<hr>
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrews<table width="100%" summary="Navigation footer">
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrews<tr>
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrews<td width="40%" align="left">
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<a accesskey="p" href="Bv9ARM.html">Prev</a>�</td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<td width="20%" align="center">�</td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<td width="40%" align="right">�<a accesskey="n" href="Bv9ARM.ch02.html">Next</a>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt</td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt</tr>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<tr>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<td width="40%" align="left" valign="top">BIND 9 Administrator Reference Manual�</td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt<td width="40%" align="right" valign="top">�Chapter�2.�<acronym class="acronym">BIND</acronym> Resource Requirements</td>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt</tr>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt</table>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt</div>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt</body>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt</html>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt