Bv9ARM.ch01.html revision 9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdff
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson<!--
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
75c0816e8295e180f4bc7f10db3d0d880383bc1cMark Andrews - Copyright (C) 2000-2003 Internet Software Consortium.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein -
4a14ce5ba00ab7bc55c99ffdcf59c7a4ab902721Automatic Updater - Permission to use, copy, modify, and distribute this software for any
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson - purpose with or without fee is hereby granted, provided that the above
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson - copyright notice and this permission notice appear in all copies.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein -
8a66318e41ed14c5a88130e8c362610e8faa2121Mark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
8a66318e41ed14c5a88130e8c362610e8faa2121Mark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
8a66318e41ed14c5a88130e8c362610e8faa2121Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
8a66318e41ed14c5a88130e8c362610e8faa2121Mark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
8a66318e41ed14c5a88130e8c362610e8faa2121Mark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
8a66318e41ed14c5a88130e8c362610e8faa2121Mark Andrews - PERFORMANCE OF THIS SOFTWARE.
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson-->
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<!-- $Id: Bv9ARM.ch01.html,v 1.45 2009/02/26 01:12:16 tbox Exp $ -->
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<html>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<head>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<title>Chapter�1.�Introduction</title>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<link rel="prev" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<link rel="next" href="Bv9ARM.ch02.html" title="Chapter�2.�BIND Resource Requirements">
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User</head>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<div class="navheader">
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<table width="100%" summary="Navigation header">
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<tr><th colspan="3" align="center">Chapter�1.�Introduction</th></tr>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="left">
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<a accesskey="p" href="Bv9ARM.html">Prev</a>�</td>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<th width="60%" align="center">�</th>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch02.html">Next</a>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User</table>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<hr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<div class="chapter" lang="en">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h2 class="title">
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<a name="Bv9ARM.ch01"></a>Chapter�1.�Introduction</h2></div></div></div>
e21a2904f02a03fa06b6db04d348f65fe9c67b2bMark Andrews<div class="toc">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p><b>Table of Contents</b></p>
e21a2904f02a03fa06b6db04d348f65fe9c67b2bMark Andrews<dl>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563409">Scope of Document</a></span></dt>
e21a2904f02a03fa06b6db04d348f65fe9c67b2bMark Andrews<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564388">Organization of This Document</a></span></dt>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564528">Conventions Used in This Document</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564641">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<dd><dl>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564662">DNS Fundamentals</a></span></dt>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564696">Domains and Domain Names</a></span></dt>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567170">Zones</a></span></dt>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567246">Authoritative Name Servers</a></span></dt>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567419">Caching Name Servers</a></span></dt>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567549">Name Servers in Multiple Roles</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dl></dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dl>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The Internet Domain Name System (<acronym class="acronym">DNS</acronym>)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein consists of the syntax
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein to specify the names of entities in the Internet in a hierarchical
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User manner, the rules used for delegating authority over names, and the
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User system implementation that actually maps names to Internet
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein addresses. <acronym class="acronym">DNS</acronym> data is maintained in a
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User group of distributed
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User hierarchical databases.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<div class="sect1" lang="en">
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<div class="titlepage"><div><div><h2 class="title" style="clear: both">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="id2563409"></a>Scope of Document</h2></div></div></div>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<p>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User The Berkeley Internet Name Domain
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein (<acronym class="acronym">BIND</acronym>) implements a
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User domain name server for a number of operating systems. This
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User document provides basic information about the installation and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein care of the Internet Systems Consortium (<acronym class="acronym">ISC</acronym>)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <acronym class="acronym">BIND</acronym> version 9 software package for
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User system administrators.
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User This version of the manual corresponds to BIND version 9.6.
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<div class="sect1" lang="en">
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<div class="titlepage"><div><div><h2 class="title" style="clear: both">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="id2564388"></a>Organization of This Document</h2></div></div></div>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<p>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User In this document, <span class="emphasis"><em>Chapter 1</em></span> introduces
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User the basic <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym> concepts. <span class="emphasis"><em>Chapter 2</em></span>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User describes resource requirements for running <acronym class="acronym">BIND</acronym> in various
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein environments. Information in <span class="emphasis"><em>Chapter 3</em></span> is
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User <span class="emphasis"><em>task-oriented</em></span> in its presentation and is
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User organized functionally, to aid in the process of installing the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <acronym class="acronym">BIND</acronym> 9 software. The task-oriented
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User section is followed by
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User <span class="emphasis"><em>Chapter 4</em></span>, which contains more advanced
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein concepts that the system administrator may need for implementing
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User certain options. <span class="emphasis"><em>Chapter 5</em></span>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User describes the <acronym class="acronym">BIND</acronym> 9 lightweight
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein resolver. The contents of <span class="emphasis"><em>Chapter 6</em></span> are
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User organized as in a reference manual to aid in the ongoing
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User maintenance of the software. <span class="emphasis"><em>Chapter 7</em></span> addresses
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein security considerations, and
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User <span class="emphasis"><em>Chapter 8</em></span> contains troubleshooting help. The
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User main body of the document is followed by several
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="emphasis"><em>appendices</em></span> which contain useful reference
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User information, such as a <span class="emphasis"><em>bibliography</em></span> and
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User historic information related to <acronym class="acronym">BIND</acronym>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein and the Domain Name
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User System.
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<div class="sect1" lang="en">
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<div class="titlepage"><div><div><h2 class="title" style="clear: both">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="id2564528"></a>Conventions Used in This Document</h2></div></div></div>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<p>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User In this document, we use the following general typographic
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User conventions:
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="informaltable"><table border="1">
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<colgroup>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<col>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<col>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User</colgroup>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<tbody>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="emphasis"><em>To describe:</em></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </td>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="emphasis"><em>We use the style:</em></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <p>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User a pathname, filename, URL, hostname,
61e1dc26d62c2a0059e3ca7efe2ad0f4a5b8df92Mark Andrews mailing list name, or new term or concept
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User </p>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User </td>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<td>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User <p>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User <code class="filename">Fixed width</code>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User </p>
61e1dc26d62c2a0059e3ca7efe2ad0f4a5b8df92Mark Andrews </td>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User</tr>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<tr>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<td>
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson <p>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User literal user
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User input
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User </p>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User </td>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<td>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User <p>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User <strong class="userinput"><code>Fixed Width Bold</code></strong>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </p>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
<td>
<p>
program output
</p>
</td>
<td>
<p>
<code class="computeroutput">Fixed Width</code>
</p>
</td>
</tr>
</tbody>
</table></div>
<p>
The following conventions are used in descriptions of the
<acronym class="acronym">BIND</acronym> configuration file:</p>
<div class="informaltable"><table border="1">
<colgroup>
<col>
<col>
</colgroup>
<tbody>
<tr>
<td>
<p>
<span class="emphasis"><em>To describe:</em></span>
</p>
</td>
<td>
<p>
<span class="emphasis"><em>We use the style:</em></span>
</p>
</td>
</tr>
<tr>
<td>
<p>
keywords
</p>
</td>
<td>
<p>
<code class="literal">Fixed Width</code>
</p>
</td>
</tr>
<tr>
<td>
<p>
variables
</p>
</td>
<td>
<p>
<code class="varname">Fixed Width</code>
</p>
</td>
</tr>
<tr>
<td>
<p>
Optional input
</p>
</td>
<td>
<p>
[<span class="optional">Text is enclosed in square brackets</span>]
</p>
</td>
</tr>
</tbody>
</table></div>
<p>
</p>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2564641"></a>The Domain Name System (<acronym class="acronym">DNS</acronym>)</h2></div></div></div>
<p>
The purpose of this document is to explain the installation
and upkeep of the <acronym class="acronym">BIND</acronym> (Berkeley Internet
Name Domain) software package, and we
begin by reviewing the fundamentals of the Domain Name System
(<acronym class="acronym">DNS</acronym>) as they relate to <acronym class="acronym">BIND</acronym>.
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2564662"></a>DNS Fundamentals</h3></div></div></div>
<p>
The Domain Name System (DNS) is a hierarchical, distributed
database. It stores information for mapping Internet host names to
IP
addresses and vice versa, mail routing information, and other data
used by Internet applications.
</p>
<p>
Clients look up information in the DNS by calling a
<span class="emphasis"><em>resolver</em></span> library, which sends queries to one or
more <span class="emphasis"><em>name servers</em></span> and interprets the responses.
The <acronym class="acronym">BIND</acronym> 9 software distribution
contains a
name server, <span><strong class="command">named</strong></span>, and a resolver
library, <span><strong class="command">liblwres</strong></span>. The older
<span><strong class="command">libbind</strong></span> resolver library is also available
from ISC as a separate download.
</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2564696"></a>Domains and Domain Names</h3></div></div></div>
<p>
The data stored in the DNS is identified by <span class="emphasis"><em>domain names</em></span> that are organized as a tree according to
organizational or administrative boundaries. Each node of the tree,
called a <span class="emphasis"><em>domain</em></span>, is given a label. The domain
name of the
node is the concatenation of all the labels on the path from the
node to the <span class="emphasis"><em>root</em></span> node. This is represented
in written form as a string of labels listed from right to left and
separated by dots. A label need only be unique within its parent
domain.
</p>
<p>
For example, a domain name for a host at the
company <span class="emphasis"><em>Example, Inc.</em></span> could be
<code class="literal">ourhost.example.com</code>,
where <code class="literal">com</code> is the
top level domain to which
<code class="literal">ourhost.example.com</code> belongs,
<code class="literal">example</code> is
a subdomain of <code class="literal">com</code>, and
<code class="literal">ourhost</code> is the
name of the host.
</p>
<p>
For administrative purposes, the name space is partitioned into
areas called <span class="emphasis"><em>zones</em></span>, each starting at a node and
extending down to the leaf nodes or to nodes where other zones
start.
The data for each zone is stored in a <span class="emphasis"><em>name server</em></span>, which answers queries about the zone using the
<span class="emphasis"><em>DNS protocol</em></span>.
</p>
<p>
The data associated with each domain name is stored in the
form of <span class="emphasis"><em>resource records</em></span> (<acronym class="acronym">RR</acronym>s).
Some of the supported resource record types are described in
<a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them" title="Types of Resource Records and When to Use Them">the section called &#8220;Types of Resource Records and When to Use Them&#8221;</a>.
</p>
<p>
For more detailed information about the design of the DNS and
the DNS protocol, please refer to the standards documents listed in
<a href="Bv9ARM.ch09.html#rfcs" title="Request for Comments (RFCs)">the section called &#8220;Request for Comments (RFCs)&#8221;</a>.
</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2567170"></a>Zones</h3></div></div></div>
<p>
To properly operate a name server, it is important to understand
the difference between a <span class="emphasis"><em>zone</em></span>
and a <span class="emphasis"><em>domain</em></span>.
</p>
<p>
As stated previously, a zone is a point of delegation in
the <acronym class="acronym">DNS</acronym> tree. A zone consists of
those contiguous parts of the domain
tree for which a name server has complete information and over which
it has authority. It contains all domain names from a certain point
downward in the domain tree except those which are delegated to
other zones. A delegation point is marked by one or more
<span class="emphasis"><em>NS records</em></span> in the
parent zone, which should be matched by equivalent NS records at
the root of the delegated zone.
</p>
<p>
For instance, consider the <code class="literal">example.com</code>
domain which includes names
such as <code class="literal">host.aaa.example.com</code> and
<code class="literal">host.bbb.example.com</code> even though
the <code class="literal">example.com</code> zone includes
only delegations for the <code class="literal">aaa.example.com</code> and
<code class="literal">bbb.example.com</code> zones. A zone can
map
exactly to a single domain, but could also include only part of a
domain, the rest of which could be delegated to other
name servers. Every name in the <acronym class="acronym">DNS</acronym>
tree is a
<span class="emphasis"><em>domain</em></span>, even if it is
<span class="emphasis"><em>terminal</em></span>, that is, has no
<span class="emphasis"><em>subdomains</em></span>. Every subdomain is a domain and
every domain except the root is also a subdomain. The terminology is
not intuitive and we suggest that you read RFCs 1033, 1034 and 1035
to
gain a complete understanding of this difficult and subtle
topic.
</p>
<p>
Though <acronym class="acronym">BIND</acronym> is called a "domain name
server",
it deals primarily in terms of zones. The master and slave
declarations in the <code class="filename">named.conf</code> file
specify
zones, not domains. When you ask some other site if it is willing to
be a slave server for your <span class="emphasis"><em>domain</em></span>, you are
actually asking for slave service for some collection of zones.
</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2567246"></a>Authoritative Name Servers</h3></div></div></div>
<p>
Each zone is served by at least
one <span class="emphasis"><em>authoritative name server</em></span>,
which contains the complete data for the zone.
To make the DNS tolerant of server and network failures,
most zones have two or more authoritative servers, on
different networks.
</p>
<p>
Responses from authoritative servers have the "authoritative
answer" (AA) bit set in the response packets. This makes them
easy to identify when debugging DNS configurations using tools like
<span><strong class="command">dig</strong></span> (<a href="Bv9ARM.ch03.html#diagnostic_tools" title="Diagnostic Tools">the section called &#8220;Diagnostic Tools&#8221;</a>).
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2567270"></a>The Primary Master</h4></div></div></div>
<p>
The authoritative server where the master copy of the zone
data is maintained is called the
<span class="emphasis"><em>primary master</em></span> server, or simply the
<span class="emphasis"><em>primary</em></span>. Typically it loads the zone
contents from some local file edited by humans or perhaps
generated mechanically from some other local file which is
edited by humans. This file is called the
<span class="emphasis"><em>zone file</em></span> or
<span class="emphasis"><em>master file</em></span>.
</p>
<p>
In some cases, however, the master file may not be edited
by humans at all, but may instead be the result of
<span class="emphasis"><em>dynamic update</em></span> operations.
</p>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2567300"></a>Slave Servers</h4></div></div></div>
<p>
The other authoritative servers, the <span class="emphasis"><em>slave</em></span>
servers (also known as <span class="emphasis"><em>secondary</em></span> servers)
load
the zone contents from another server using a replication process
known as a <span class="emphasis"><em>zone transfer</em></span>. Typically the data
are
transferred directly from the primary master, but it is also
possible
to transfer it from another slave. In other words, a slave server
may itself act as a master to a subordinate slave server.
</p>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2567389"></a>Stealth Servers</h4></div></div></div>
<p>
Usually all of the zone's authoritative servers are listed in
NS records in the parent zone. These NS records constitute
a <span class="emphasis"><em>delegation</em></span> of the zone from the parent.
The authoritative servers are also listed in the zone file itself,
at the <span class="emphasis"><em>top level</em></span> or <span class="emphasis"><em>apex</em></span>
of the zone. You can list servers in the zone's top-level NS
records that are not in the parent's NS delegation, but you cannot
list servers in the parent's delegation that are not present at
the zone's top level.
</p>
<p>
A <span class="emphasis"><em>stealth server</em></span> is a server that is
authoritative for a zone but is not listed in that zone's NS
records. Stealth servers can be used for keeping a local copy of
a
zone to speed up access to the zone's records or to make sure that
the
zone is available even if all the "official" servers for the zone
are
inaccessible.
</p>
<p>
A configuration where the primary master server itself is a
stealth server is often referred to as a "hidden primary"
configuration. One use for this configuration is when the primary
master
is behind a firewall and therefore unable to communicate directly
with the outside world.
</p>
</div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2567419"></a>Caching Name Servers</h3></div></div></div>
<p>
The resolver libraries provided by most operating systems are
<span class="emphasis"><em>stub resolvers</em></span>, meaning that they are not
capable of
performing the full DNS resolution process by themselves by talking
directly to the authoritative servers. Instead, they rely on a
local
name server to perform the resolution on their behalf. Such a
server
is called a <span class="emphasis"><em>recursive</em></span> name server; it performs
<span class="emphasis"><em>recursive lookups</em></span> for local clients.
</p>
<p>
To improve performance, recursive servers cache the results of
the lookups they perform. Since the processes of recursion and
caching are intimately connected, the terms
<span class="emphasis"><em>recursive server</em></span> and
<span class="emphasis"><em>caching server</em></span> are often used synonymously.
</p>
<p>
The length of time for which a record may be retained in
the cache of a caching name server is controlled by the
Time To Live (TTL) field associated with each resource record.
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2567523"></a>Forwarding</h4></div></div></div>
<p>
Even a caching name server does not necessarily perform
the complete recursive lookup itself. Instead, it can
<span class="emphasis"><em>forward</em></span> some or all of the queries
that it cannot satisfy from its cache to another caching name
server,
commonly referred to as a <span class="emphasis"><em>forwarder</em></span>.
</p>
<p>
There may be one or more forwarders,
and they are queried in turn until the list is exhausted or an
answer
is found. Forwarders are typically used when you do not
wish all the servers at a given site to interact directly with the
rest of
the Internet servers. A typical scenario would involve a number
of internal <acronym class="acronym">DNS</acronym> servers and an
Internet firewall. Servers unable
to pass packets through the firewall would forward to the server
that can do it, and that server would query the Internet <acronym class="acronym">DNS</acronym> servers
on the internal server's behalf.
</p>
</div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2567549"></a>Name Servers in Multiple Roles</h3></div></div></div>
<p>
The <acronym class="acronym">BIND</acronym> name server can
simultaneously act as
a master for some zones, a slave for other zones, and as a caching
(recursive) server for a set of local clients.
</p>
<p>
However, since the functions of authoritative name service
and caching/recursive name service are logically separate, it is
often advantageous to run them on separate server machines.
A server that only provides authoritative name service
(an <span class="emphasis"><em>authoritative-only</em></span> server) can run with
recursion disabled, improving reliability and security.
A server that is not authoritative for any zones and only provides
recursive service to local
clients (a <span class="emphasis"><em>caching-only</em></span> server)
does not need to be reachable from the Internet at large and can
be placed inside a firewall.
</p>
</div>
</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left">
<a accesskey="p" href="Bv9ARM.html">Prev</a>�</td>
<td width="20%" align="center">�</td>
<td width="40%" align="right">�<a accesskey="n" href="Bv9ARM.ch02.html">Next</a>
</td>
</tr>
<tr>
<td width="40%" align="left" valign="top">BIND 9 Administrator Reference Manual�</td>
<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
<td width="40%" align="right" valign="top">�Chapter�2.�<acronym class="acronym">BIND</acronym> Resource Requirements</td>
</tr>
</table>
</div>
</body>
</html>