Bv9ARM.ch01.html revision 9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdff
205c10066a0acfeac52d1a135671f41d207b8557Automatic Updater - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
205c10066a0acfeac52d1a135671f41d207b8557Automatic Updater - Copyright (C) 2000-2003 Internet Software Consortium.
0c39b3ed9409ecb277d5e32fa763a4e4d6598df8Automatic Updater - Permission to use, copy, modify, and distribute this software for any
46da3117812814a29432a8d9a9ccf8acdbfdadceAutomatic Updater - purpose with or without fee is hereby granted, provided that the above
2bb3422dc683c013db7042f5736240de6b86f182Automatic Updater - copyright notice and this permission notice appear in all copies.
90ff38a0d8deaf5f9c2aa5916d99b2e572d28738Automatic Updater - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
e171a4137c6ba348957e61b7c4c3541493c0da02Automatic Updater - PERFORMANCE OF THIS SOFTWARE.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<!-- $Id: Bv9ARM.ch01.html,v 1.45 2009/02/26 01:12:16 tbox Exp $ -->
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
e171a4137c6ba348957e61b7c4c3541493c0da02Automatic Updater<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
831f79c4310a7d38fc3475ccfff531b2b2535641Automatic Updater<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater<link rel="prev" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews<link rel="next" href="Bv9ARM.ch02.html" title="Chapter�2.�BIND Resource Requirements">
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater<table width="100%" summary="Navigation header">
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<tr><th colspan="3" align="center">Chapter�1.�Introduction</th></tr>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<a accesskey="p" href="Bv9ARM.html">Prev</a>�</td>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch02.html">Next</a>
2d2dc37599979c83495510f8af8d1756753aa2c5Automatic Updater<div class="titlepage"><div><div><h2 class="title">
2d2dc37599979c83495510f8af8d1756753aa2c5Automatic Updater<a name="Bv9ARM.ch01"></a>Chapter�1.�Introduction</h2></div></div></div>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563409">Scope of Document</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564388">Organization of This Document</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564528">Conventions Used in This Document</a></span></dt>
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564641">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564662">DNS Fundamentals</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564696">Domains and Domain Names</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567170">Zones</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567246">Authoritative Name Servers</a></span></dt>
eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567419">Caching Name Servers</a></span></dt>
eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567549">Name Servers in Multiple Roles</a></span></dt>
129090f0f6f91753b4a085ab635e28549fd018adAutomatic Updater The Internet Domain Name System (<acronym class="acronym">DNS</acronym>)
129090f0f6f91753b4a085ab635e28549fd018adAutomatic Updater consists of the syntax
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews to specify the names of entities in the Internet in a hierarchical
d7a77415c13bb2fc2d1acb857486d97e4466e3b8Automatic Updater manner, the rules used for delegating authority over names, and the
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews system implementation that actually maps names to Internet
db5b7e2cdf150c46e8242d3e2e3ad3f5c7300258Automatic Updater addresses. <acronym class="acronym">DNS</acronym> data is maintained in a
80faf1588895fd26490f82f95a7a1b771df1c324Automatic Updater group of distributed
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews hierarchical databases.
db5b7e2cdf150c46e8242d3e2e3ad3f5c7300258Automatic Updater<div class="titlepage"><div><div><h2 class="title" style="clear: both">
693c4232dfdffaff672197d4b9fea944c64cf80aAutomatic Updater<a name="id2563409"></a>Scope of Document</h2></div></div></div>
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater The Berkeley Internet Name Domain
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson (<acronym class="acronym">BIND</acronym>) implements a
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater domain name server for a number of operating systems. This
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater document provides basic information about the installation and
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews care of the Internet Systems Consortium (<acronym class="acronym">ISC</acronym>)
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater <acronym class="acronym">BIND</acronym> version 9 software package for
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson system administrators.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson This version of the manual corresponds to BIND version 9.6.
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews<div class="titlepage"><div><div><h2 class="title" style="clear: both">
b1265b5a06df36d490d4bdf54284fb133a1f5a84Automatic Updater<a name="id2564388"></a>Organization of This Document</h2></div></div></div>
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews In this document, <span class="emphasis"><em>Chapter 1</em></span> introduces
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont the basic <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym> concepts. <span class="emphasis"><em>Chapter 2</em></span>
0c39b3ed9409ecb277d5e32fa763a4e4d6598df8Automatic Updater describes resource requirements for running <acronym class="acronym">BIND</acronym> in various
0c39b3ed9409ecb277d5e32fa763a4e4d6598df8Automatic Updater environments. Information in <span class="emphasis"><em>Chapter 3</em></span> is
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont <span class="emphasis"><em>task-oriented</em></span> in its presentation and is
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews organized functionally, to aid in the process of installing the
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater <acronym class="acronym">BIND</acronym> 9 software. The task-oriented
e23256e740b238bddb4ba41ffac5f81a01c92245Automatic Updater section is followed by
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <span class="emphasis"><em>Chapter 4</em></span>, which contains more advanced
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews concepts that the system administrator may need for implementing
08e3b6797706a13054bad749dea04e94b514b8e7Automatic Updater certain options. <span class="emphasis"><em>Chapter 5</em></span>
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater describes the <acronym class="acronym">BIND</acronym> 9 lightweight
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews resolver. The contents of <span class="emphasis"><em>Chapter 6</em></span> are
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews organized as in a reference manual to aid in the ongoing
b29e5c56eb74a6de1a84c29879afc90ffc6b1436Automatic Updater maintenance of the software. <span class="emphasis"><em>Chapter 7</em></span> addresses
418cc932318b1d67f88a36904d88d8a5a0a2ba09Automatic Updater security considerations, and
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews <span class="emphasis"><em>Chapter 8</em></span> contains troubleshooting help. The
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews main body of the document is followed by several
0977f3f39ef6728516be7976452b9122c8f5607aAutomatic Updater <span class="emphasis"><em>appendices</em></span> which contain useful reference
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater information, such as a <span class="emphasis"><em>bibliography</em></span> and
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews historic information related to <acronym class="acronym">BIND</acronym>
0c39b3ed9409ecb277d5e32fa763a4e4d6598df8Automatic Updater and the Domain Name
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater<div class="titlepage"><div><div><h2 class="title" style="clear: both">
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater<a name="id2564528"></a>Conventions Used in This Document</h2></div></div></div>
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater In this document, we use the following general typographic
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<div class="informaltable"><table border="1">
133e6d43fa82e80d3798be4de00f4540f485ec6cAutomatic Updater <span class="emphasis"><em>To describe:</em></span>
27794bebe2634b5ac374e78972649c79300b876aAutomatic Updater <span class="emphasis"><em>We use the style:</em></span>
c453a50776145e9c1c3fc9c846cfa11f42505081Automatic Updater a pathname, filename, URL, hostname,
f4029eb7463e99df00618de89f0bee5ac062a237Automatic Updater mailing list name, or new term or concept
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>Fixed Width Bold</code></strong>
7f94d9a8162c9a96b56e66176702b66e79d8e1a2Automatic Updater program output
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <code class="computeroutput">Fixed Width</code>
bbb069be941f649228760edcc241122933c066d2Automatic Updater The following conventions are used in descriptions of the
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater <acronym class="acronym">BIND</acronym> configuration file:</p>
4cda4fd158d6ded5586bacea8c388445d99611eaAutomatic Updater<div class="informaltable"><table border="1">
c453a50776145e9c1c3fc9c846cfa11f42505081Automatic Updater <span class="emphasis"><em>To describe:</em></span>
957a8884fb712885cdd8ef0474f5ff95ddc46b20Automatic Updater <span class="emphasis"><em>We use the style:</em></span>
8292deab031e7599cd7622aa7675fbe139ca6095Mark Andrews Optional input
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews [<span class="optional">Text is enclosed in square brackets</span>]
7d12a6b412fe47e6d6582923fd6954ab8cd0baebAutomatic Updater<div class="titlepage"><div><div><h2 class="title" style="clear: both">
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews<a name="id2564641"></a>The Domain Name System (<acronym class="acronym">DNS</acronym>)</h2></div></div></div>
7d12a6b412fe47e6d6582923fd6954ab8cd0baebAutomatic Updater The purpose of this document is to explain the installation
0b57424d28c9a67018107133f9fbc0a7dcf057e2Mark Andrews and upkeep of the <acronym class="acronym">BIND</acronym> (Berkeley Internet
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater Name Domain) software package, and we
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater begin by reviewing the fundamentals of the Domain Name System
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater (<acronym class="acronym">DNS</acronym>) as they relate to <acronym class="acronym">BIND</acronym>.
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater<div class="titlepage"><div><div><h3 class="title">
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater<a name="id2564662"></a>DNS Fundamentals</h3></div></div></div>
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater The Domain Name System (DNS) is a hierarchical, distributed
7d12a6b412fe47e6d6582923fd6954ab8cd0baebAutomatic Updater database. It stores information for mapping Internet host names to
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater addresses and vice versa, mail routing information, and other data
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater used by Internet applications.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Clients look up information in the DNS by calling a
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <span class="emphasis"><em>resolver</em></span> library, which sends queries to one or
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews more <span class="emphasis"><em>name servers</em></span> and interprets the responses.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews The <acronym class="acronym">BIND</acronym> 9 software distribution
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews name server, <span><strong class="command">named</strong></span>, and a resolver
06f5acb11f1c32228d93eefd1eb841dbfb1c7f4dAutomatic Updater library, <span><strong class="command">liblwres</strong></span>. The older
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">libbind</strong></span> resolver library is also available
7f79131f9a8e804b93c57f3c679065cce878b726Automatic Updater from ISC as a separate download.
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews<div class="titlepage"><div><div><h3 class="title">
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews<a name="id2564696"></a>Domains and Domain Names</h3></div></div></div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The data stored in the DNS is identified by <span class="emphasis"><em>domain names</em></span> that are organized as a tree according to
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington organizational or administrative boundaries. Each node of the tree,
b109432c3a939bff66a463be86c371bd88efe3aaAutomatic Updater called a <span class="emphasis"><em>domain</em></span>, is given a label. The domain
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater node is the concatenation of all the labels on the path from the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater node to the <span class="emphasis"><em>root</em></span> node. This is represented
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater in written form as a string of labels listed from right to left and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater separated by dots. A label need only be unique within its parent
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington For example, a domain name for a host at the
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater company <span class="emphasis"><em>Example, Inc.</em></span> could be
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <code class="literal">ourhost.example.com</code>,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington where <code class="literal">com</code> is the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington top level domain to which
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <code class="literal">ourhost.example.com</code> belongs,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington a subdomain of <code class="literal">com</code>, and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <code class="literal">ourhost</code> is the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington name of the host.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington For administrative purposes, the name space is partitioned into
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington areas called <span class="emphasis"><em>zones</em></span>, each starting at a node and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington extending down to the leaf nodes or to nodes where other zones
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The data for each zone is stored in a <span class="emphasis"><em>name server</em></span>, which answers queries about the zone using the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span class="emphasis"><em>DNS protocol</em></span>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The data associated with each domain name is stored in the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington form of <span class="emphasis"><em>resource records</em></span> (<acronym class="acronym">RR</acronym>s).
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Some of the supported resource record types are described in
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them" title="Types of Resource Records and When to Use Them">the section called “Types of Resource Records and When to Use Them”</a>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington For more detailed information about the design of the DNS and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the DNS protocol, please refer to the standards documents listed in
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <a href="Bv9ARM.ch09.html#rfcs" title="Request for Comments (RFCs)">the section called “Request for Comments (RFCs)”</a>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="titlepage"><div><div><h3 class="title">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="id2567170"></a>Zones</h3></div></div></div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington To properly operate a name server, it is important to understand
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the difference between a <span class="emphasis"><em>zone</em></span>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington and a <span class="emphasis"><em>domain</em></span>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington As stated previously, a zone is a point of delegation in
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the <acronym class="acronym">DNS</acronym> tree. A zone consists of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington those contiguous parts of the domain
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington tree for which a name server has complete information and over which
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington it has authority. It contains all domain names from a certain point
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington downward in the domain tree except those which are delegated to
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington other zones. A delegation point is marked by one or more
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span class="emphasis"><em>NS records</em></span> in the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington parent zone, which should be matched by equivalent NS records at
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the root of the delegated zone.
a26b22914b7bf25f065afb8cdef983766dcd672bAutomatic Updater For instance, consider the <code class="literal">example.com</code>
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater domain which includes names
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater such as <code class="literal">host.aaa.example.com</code> and
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater <code class="literal">host.bbb.example.com</code> even though
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater the <code class="literal">example.com</code> zone includes
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater only delegations for the <code class="literal">aaa.example.com</code> and
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater <code class="literal">bbb.example.com</code> zones. A zone can
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater exactly to a single domain, but could also include only part of a
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater domain, the rest of which could be delegated to other
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater name servers. Every name in the <acronym class="acronym">DNS</acronym>
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater <span class="emphasis"><em>domain</em></span>, even if it is
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater <span class="emphasis"><em>terminal</em></span>, that is, has no
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater <span class="emphasis"><em>subdomains</em></span>. Every subdomain is a domain and
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater every domain except the root is also a subdomain. The terminology is
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater not intuitive and we suggest that you read RFCs 1033, 1034 and 1035
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington gain a complete understanding of this difficult and subtle
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Though <acronym class="acronym">BIND</acronym> is called a "domain name
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington it deals primarily in terms of zones. The master and slave
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews declarations in the <code class="filename">named.conf</code> file
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews zones, not domains. When you ask some other site if it is willing to
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater be a slave server for your <span class="emphasis"><em>domain</em></span>, you are
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington actually asking for slave service for some collection of zones.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="titlepage"><div><div><h3 class="title">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="id2567246"></a>Authoritative Name Servers</h3></div></div></div>
a26b22914b7bf25f065afb8cdef983766dcd672bAutomatic Updater Each zone is served by at least
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater one <span class="emphasis"><em>authoritative name server</em></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater which contains the complete data for the zone.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater To make the DNS tolerant of server and network failures,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater most zones have two or more authoritative servers, on
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater different networks.
c01dec514a81ecf8c17ca3ef8c3ba95e437295ebAutomatic Updater Responses from authoritative servers have the "authoritative
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater answer" (AA) bit set in the response packets. This makes them
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater easy to identify when debugging DNS configurations using tools like
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">dig</strong></span> (<a href="Bv9ARM.ch03.html#diagnostic_tools" title="Diagnostic Tools">the section called “Diagnostic Tools”</a>).
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h4 class="title">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="id2567270"></a>The Primary Master</h4></div></div></div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The authoritative server where the master copy of the zone
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington data is maintained is called the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span class="emphasis"><em>primary master</em></span> server, or simply the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span class="emphasis"><em>primary</em></span>. Typically it loads the zone
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington contents from some local file edited by humans or perhaps
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington generated mechanically from some other local file which is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington edited by humans. This file is called the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span class="emphasis"><em>zone file</em></span> or
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span class="emphasis"><em>master file</em></span>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington In some cases, however, the master file may not be edited
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington by humans at all, but may instead be the result of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span class="emphasis"><em>dynamic update</em></span> operations.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="titlepage"><div><div><h4 class="title">
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews<a name="id2567300"></a>Slave Servers</h4></div></div></div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The other authoritative servers, the <span class="emphasis"><em>slave</em></span>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington servers (also known as <span class="emphasis"><em>secondary</em></span> servers)
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater the zone contents from another server using a replication process
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington known as a <span class="emphasis"><em>zone transfer</em></span>. Typically the data
a26b22914b7bf25f065afb8cdef983766dcd672bAutomatic Updater transferred directly from the primary master, but it is also
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater to transfer it from another slave. In other words, a slave server
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater may itself act as a master to a subordinate slave server.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews<div class="titlepage"><div><div><h4 class="title">
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews<a name="id2567389"></a>Stealth Servers</h4></div></div></div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Usually all of the zone's authoritative servers are listed in
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington NS records in the parent zone. These NS records constitute
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington a <span class="emphasis"><em>delegation</em></span> of the zone from the parent.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The authoritative servers are also listed in the zone file itself,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington at the <span class="emphasis"><em>top level</em></span> or <span class="emphasis"><em>apex</em></span>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington of the zone. You can list servers in the zone's top-level NS
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington records that are not in the parent's NS delegation, but you cannot
b7aab05edae933e169d5f83c653935b17c7f0a8bMark Andrews list servers in the parent's delegation that are not present at
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the zone's top level.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews A <span class="emphasis"><em>stealth server</em></span> is a server that is
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews authoritative for a zone but is not listed in that zone's NS
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington records. Stealth servers can be used for keeping a local copy of
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews zone to speed up access to the zone's records or to make sure that
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington zone is available even if all the "official" servers for the zone
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington A configuration where the primary master server itself is a
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington stealth server is often referred to as a "hidden primary"
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington configuration. One use for this configuration is when the primary
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington is behind a firewall and therefore unable to communicate directly
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington with the outside world.
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2567419"></a>Caching Name Servers</h3></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The resolver libraries provided by most operating systems are
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span class="emphasis"><em>stub resolvers</em></span>, meaning that they are not
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater performing the full DNS resolution process by themselves by talking
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater directly to the authoritative servers. Instead, they rely on a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater name server to perform the resolution on their behalf. Such a
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater is called a <span class="emphasis"><em>recursive</em></span> name server; it performs
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span class="emphasis"><em>recursive lookups</em></span> for local clients.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews To improve performance, recursive servers cache the results of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the lookups they perform. Since the processes of recursion and
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews caching are intimately connected, the terms
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews <span class="emphasis"><em>recursive server</em></span> and
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews <span class="emphasis"><em>caching server</em></span> are often used synonymously.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The length of time for which a record may be retained in
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the cache of a caching name server is controlled by the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Time To Live (TTL) field associated with each resource record.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="titlepage"><div><div><h4 class="title">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="id2567523"></a>Forwarding</h4></div></div></div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Even a caching name server does not necessarily perform
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the complete recursive lookup itself. Instead, it can
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span class="emphasis"><em>forward</em></span> some or all of the queries
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington that it cannot satisfy from its cache to another caching name
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater commonly referred to as a <span class="emphasis"><em>forwarder</em></span>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater There may be one or more forwarders,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and they are queried in turn until the list is exhausted or an
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater is found. Forwarders are typically used when you do not
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater wish all the servers at a given site to interact directly with the
b0d566a2ce0f5a67f537ee7f8233f82f2584cc61Automatic Updater the Internet servers. A typical scenario would involve a number
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington of internal <acronym class="acronym">DNS</acronym> servers and an
b4cebdb6ccde66a8f3e397a1b90b0cf788519d69Automatic Updater Internet firewall. Servers unable
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to pass packets through the firewall would forward to the server
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater that can do it, and that server would query the Internet <acronym class="acronym">DNS</acronym> servers
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington on the internal server's behalf.
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater<div class="titlepage"><div><div><h3 class="title">
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater<a name="id2567549"></a>Name Servers in Multiple Roles</h3></div></div></div>
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater The <acronym class="acronym">BIND</acronym> name server can
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater simultaneously act as
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater a master for some zones, a slave for other zones, and as a caching
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater (recursive) server for a set of local clients.
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater However, since the functions of authoritative name service
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater and caching/recursive name service are logically separate, it is
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater often advantageous to run them on separate server machines.
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater A server that only provides authoritative name service
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater (an <span class="emphasis"><em>authoritative-only</em></span> server) can run with
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater recursion disabled, improving reliability and security.
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater A server that is not authoritative for any zones and only provides
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater recursive service to local
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater clients (a <span class="emphasis"><em>caching-only</em></span> server)
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater does not need to be reachable from the Internet at large and can
bf8c3776f1bf1a1270e5e0443ae5a8df022632a8Mark Andrews be placed inside a firewall.
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater<table width="100%" summary="Navigation footer">
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater<a accesskey="p" href="Bv9ARM.html">Prev</a>�</td>
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater<td width="40%" align="right">�<a accesskey="n" href="Bv9ARM.ch02.html">Next</a>
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater<td width="40%" align="left" valign="top">BIND 9 Administrator Reference Manual�</td>
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater<td width="40%" align="right" valign="top">�Chapter�2.�<acronym class="acronym">BIND</acronym> Resource Requirements</td>