doc/arm/Bv9ARM.ch01.html

	Bv9ARM.ch01.html revision b0e8629055a766d4555a005a283c2889a5974945
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User<!--
59602f2a7c4e4809941583bed3e94cd26e628f1aTinderbox User - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater - Copyright (C) 2000-2003 Internet Software Consortium.
c78c39caab4cf8b5daefc9c65878f7f5ed3eb7a0Tinderbox User -
f536382c59dd492a14667b753816d920f9981f1cTinderbox User - Permission to use, copy, modify, and distribute this software for any
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews - purpose with or without fee is hereby granted, provided that the above
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews - copyright notice and this permission notice appear in all copies.
c57668a2fbbe558c1bd21652813616f2f517c469Tinderbox User -
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
287a6a8f9040dc43560cd69cddf83bfc0f53b76fTinderbox User - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
8de3f14f1c300c3e1ed99084cc03485b42c92bf1Tinderbox User - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
e5a6871cd0635ecdb2bf792316a2d8c53206f4b2Tinderbox User - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
950d203b64f512b85fcc093ee1e9e3e531a1aea3Tinderbox User - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User - PERFORMANCE OF THIS SOFTWARE.
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User-->
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont<!-- $Id: Bv9ARM.ch01.html,v 1.35 2007/01/30 00:24:59 marka Exp $ -->
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews<html>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<head>
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
d5637bdbb931ff79fced3d4858d83212ea58ed15Tinderbox User<title>Chapter�1.�Introduction</title>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
d5637bdbb931ff79fced3d4858d83212ea58ed15Tinderbox User<link rel="prev" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<link rel="next" href="Bv9ARM.ch02.html" title="Chapter�2.�BIND Resource Requirements">
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User</head>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<div class="navheader">
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<table width="100%" summary="Navigation header">
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User<tr><th colspan="3" align="center">Chapter�1.�Introduction</th></tr>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<tr>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<td width="20%" align="left">
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews<a accesskey="p" href="Bv9ARM.html">Prev</a>�</td>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<th width="60%" align="center">�</th>
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch02.html">Next</a>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews</td>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User</tr>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews</table>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<hr>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews</div>
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User<div class="chapter" lang="en">
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<div class="titlepage"><div><div><h2 class="title">
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User<a name="Bv9ARM.ch01"></a>Chapter�1.�Introduction</h2></div></div></div>
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User<div class="toc">
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt<p><b>Table of Contents</b></p>
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User<dl>
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564115">Scope of Document</a></span></dt>
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564138">Organization of This Document</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563473">Conventions Used in This Document</a></span></dt>
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564746">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dd><dl>
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564768">DNS Fundamentals</a></span></dt>
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564802">Domains and Domain Names</a></span></dt>
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564886">Zones</a></span></dt>
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567284">Authoritative Name Servers</a></span></dt>
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567525">Caching Name Servers</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567587">Name Servers in Multiple Roles</a></span></dt>
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont</dl></dd>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater</dl>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews</div>
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater<p>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews      The Internet Domain Name System (<acronym class="acronym">DNS</acronym>)
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User      consists of the syntax
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews      to specify the names of entities in the Internet in a hierarchical
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews      manner, the rules used for delegating authority over names, and the
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater      system implementation that actually maps names to Internet
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews      addresses.  <acronym class="acronym">DNS</acronym> data is maintained in a
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews      group of distributed
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User      hierarchical databases.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews    </p>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<div class="sect1" lang="en">
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<div class="titlepage"><div><div><h2 class="title" style="clear: both">
eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews<a name="id2564115"></a>Scope of Document</h2></div></div></div>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<p>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews        The Berkeley Internet Name Domain
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User        (<acronym class="acronym">BIND</acronym>) implements a
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews        domain name server for a number of operating systems. This
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User        document provides basic information about the installation and
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User        care of the Internet Systems Consortium (<acronym class="acronym">ISC</acronym>)
294e9d4c34462d29a3e766c88f452b46aeb3702fTinderbox User        <acronym class="acronym">BIND</acronym> version 9 software package for
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User        system administrators.
4c6bae917bec70e1fc4d1b761a9765075af78441Tinderbox User      </p>
294e9d4c34462d29a3e766c88f452b46aeb3702fTinderbox User<p>
2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt        This version of the manual corresponds to BIND version 9.4.
2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt      </p>
2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt</div>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<div class="sect1" lang="en">
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User<div class="titlepage"><div><div><h2 class="title" style="clear: both">
2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt<a name="id2564138"></a>Organization of This Document</h2></div></div></div>
7cc0a5d21ef046bfd630c4769943d896a7d7472cTinderbox User<p>
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User        In this document, <span class="emphasis"><em>Section 1</em></span> introduces
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews        the basic <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym> concepts. <span class="emphasis"><em>Section 2</em></span>
ee11dfc481f2ef6a032a715454f6290961a722d2Tinderbox User        describes resource requirements for running <acronym class="acronym">BIND</acronym> in various
ee11dfc481f2ef6a032a715454f6290961a722d2Tinderbox User        environments. Information in <span class="emphasis"><em>Section 3</em></span> is
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews        <span class="emphasis"><em>task-oriented</em></span> in its presentation and is
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User        organized functionally, to aid in the process of installing the
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews        <acronym class="acronym">BIND</acronym> 9 software. The task-oriented
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User        section is followed by
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews        <span class="emphasis"><em>Section 4</em></span>, which contains more advanced
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews        concepts that the system administrator may need for implementing
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User        certain options. <span class="emphasis"><em>Section 5</em></span>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews        describes the <acronym class="acronym">BIND</acronym> 9 lightweight
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User        resolver.  The contents of <span class="emphasis"><em>Section 6</em></span> are
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews        organized as in a reference manual to aid in the ongoing
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews        maintenance of the software. <span class="emphasis"><em>Section 7</em></span> addresses
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User        security considerations, and
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson        <span class="emphasis"><em>Section 8</em></span> contains troubleshooting help. The
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User        main body of the document is followed by several
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews        <span class="emphasis"><em>Appendices</em></span> which contain useful reference
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User        information, such as a <span class="emphasis"><em>Bibliography</em></span> and
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews        historic information related to <acronym class="acronym">BIND</acronym>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User        and the Domain Name
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews        System.
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews      </p>
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User</div>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<div class="sect1" lang="en">
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<div class="titlepage"><div><div><h2 class="title" style="clear: both">
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<a name="id2563473"></a>Conventions Used in This Document</h2></div></div></div>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<p>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews        In this document, we use the following general typographic
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User        conventions:
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews      </p>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<div class="informaltable"><table border="1">
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<colgroup>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<col>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<col>
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User</colgroup>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<tbody>
28a5dd720187fddb16055a0f64b63a7b66f29f64Mark Andrews<tr>
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User<td>
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews                <p>
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User                  <span class="emphasis"><em>To describe:</em></span>
a450977e98155f6e828fe6f8d52cf24674231831Mark Andrews                </p>
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews              </td>
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews<td>
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User                <p>
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews                  <span class="emphasis"><em>We use the style:</em></span>
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews                </p>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont              </td>
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User</tr>
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews<tr>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<td>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews                <p>
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User                  a pathname, filename, URL, hostname,
5747235bf35e7398984fd6b4632743396895ea7aTinderbox User                  mailing list name, or new term or concept
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews                </p>
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews              </td>
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark Andrews<td>
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews                <p>
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews                  <code class="filename">Fixed width</code>
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews                </p>
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User              </td>
5747235bf35e7398984fd6b4632743396895ea7aTinderbox User</tr>
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews<tr>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<td>
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User                <p>
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews                  literal user
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews                  input
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews                </p>
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User              </td>
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews<td>
01a5c5503482fb3ba52088bf0178a7213273bf96Mark Andrews                <p>
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User                  <strong class="userinput"><code>Fixed Width Bold</code></strong>
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User                </p>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User              </td>
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater</tr>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<tr>
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User<td>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews                <p>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User                  program output
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater                </p>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User              </td>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<td>
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User                <p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews                  <code class="computeroutput">Fixed Width</code>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User                </p>
fa0326cc2cf428f67575b6ba3b97b528a31b0010Tinderbox User              </td>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User</tr>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews</tbody>
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User</table></div>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<p>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User        The following conventions are used in descriptions of the
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater        <acronym class="acronym">BIND</acronym> configuration file:</p>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<div class="informaltable"><table border="1">
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<colgroup>
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User<col>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<col>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User</colgroup>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<tbody>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<tr>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<td>
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User                  <p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews                    <span class="emphasis"><em>To describe:</em></span>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User                  </p>
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater                </td>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<td>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews                  <p>
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User                    <span class="emphasis"><em>We use the style:</em></span>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews                  </p>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User                </td>
133e6d43fa82e80d3798be4de00f4540f485ec6cAutomatic Updater</tr>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<tr>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<td>
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User                  <p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews                    keywords
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User                  </p>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson                </td>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<td>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews                  <p>
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User                    <code class="literal">Fixed Width</code>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews                  </p>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User                </td>
5f7586ddbd3edd11272cdd30ed613d936129328bTinderbox User</tr>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<tr>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<td>
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User                  <p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews                    variables
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User                  </p>
ac2e2800b4ac9cbe4cb756d967f4583c611eb75eMark Andrews                </td>
70d987def5a58ebeb8243017c0ec2e9b2c326cf4Evan Hunt<td>
70d987def5a58ebeb8243017c0ec2e9b2c326cf4Evan Hunt                  <p>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews                    <code class="varname">Fixed Width</code>
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User                  </p>
bac4435d473c9a0281507524f084480c34aa942aTinderbox User                </td>
933799f3641f4f78445d015008bad0038900a82aTinderbox User</tr>
f0c5e918974bf778af6cd1e25309ad13e30a79a6Tinderbox User<tr>
a7c412f37cc73d0332887a746e81220cbf09dd00Mark Andrews<td>
7ca715ad1587a68a531ea1cdea07515d7232567eTinderbox User                  <p>
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User                    Optional input
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater                  </p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater                </td>
bac4435d473c9a0281507524f084480c34aa942aTinderbox User<td>
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews                  <p>
933799f3641f4f78445d015008bad0038900a82aTinderbox User                    [<span class="optional">Text is enclosed in square brackets</span>]
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews                  </p>
933799f3641f4f78445d015008bad0038900a82aTinderbox User                </td>
4151211e6649332f7b5a55870cbe37128bcc7b29Tinderbox User</tr>
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews</tbody>
ac2e2800b4ac9cbe4cb756d967f4583c611eb75eMark Andrews</table></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater      </p>
f525041ae26958385b697cf82a30f108577024b6Tinderbox User</div>
b02be031b9ff37b042adc8e68e36b8bbc1f672b7Tinderbox User<div class="sect1" lang="en">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h2 class="title" style="clear: both">
ba8b771c371967dd1254c7fa82ebe4158ee04b24Tinderbox User<a name="id2564746"></a>The Domain Name System (<acronym class="acronym">DNS</acronym>)</h2></div></div></div>
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater<p>
3ec8f7777ea2b04fc1ebb63077f0916f63b1011aTinderbox User        The purpose of this document is to explain the installation
c218e22e3e6cbd409b61a14f1480b5ce5c70bfc1Tinderbox User        and upkeep of the <acronym class="acronym">BIND</acronym> software
b02be031b9ff37b042adc8e68e36b8bbc1f672b7Tinderbox User        package, and we
933799f3641f4f78445d015008bad0038900a82aTinderbox User        begin by reviewing the fundamentals of the Domain Name System
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater        (<acronym class="acronym">DNS</acronym>) as they relate to <acronym class="acronym">BIND</acronym>.
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater      </p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="sect2" lang="en">
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<div class="titlepage"><div><div><h3 class="title">
ecbc7ebb243a1f8a5dc6f28185ffe9e61d3b2102Mark Andrews<a name="id2564768"></a>DNS Fundamentals</h3></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater          The Domain Name System (DNS) is a hierarchical, distributed
bac4435d473c9a0281507524f084480c34aa942aTinderbox User          database.  It stores information for mapping Internet host names to
39ae0eafed076ef769fef5c18b22a8051df5c93aTinderbox User          IP
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews          addresses and vice versa, mail routing information, and other data
c2abd6efeb9affa70aabb63da2acb23e135cf7f2Mark Andrews          used by Internet applications.
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont        </p>
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User<p>
f525041ae26958385b697cf82a30f108577024b6Tinderbox User          Clients look up information in the DNS by calling a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater          <span class="emphasis"><em>resolver</em></span> library, which sends queries to one or
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater          more <span class="emphasis"><em>name servers</em></span> and interprets the responses.
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User          The <acronym class="acronym">BIND</acronym> 9 software distribution
5e82fe9a56d17bfbd120817d00d28c5952ab4ddcTinderbox User          contains a
4cda4fd158d6ded5586bacea8c388445d99611eaAutomatic Updater          name server, <span><strong class="command">named</strong></span>, and two resolver
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews          libraries, <span><strong class="command">liblwres</strong></span> and <span><strong class="command">libbind</strong></span>.
f2f7a53ba0ba69cfe8c505eea16f71bad9d8d449Tinderbox User        </p>
c26604a73c4ce907ef6392f38b3fac838b1873a9Tinderbox User</div>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<div class="sect2" lang="en">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h3 class="title">
e08cdffb3ae4ad409f37e3e5a218fe4b7e0e3904Tinderbox User<a name="id2564802"></a>Domains and Domain Names</h3></div></div></div>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<p>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews          The data stored in the DNS is identified by <span class="emphasis"><em>domain names</em></span> that are organized as a tree according to
bac4435d473c9a0281507524f084480c34aa942aTinderbox User          organizational or administrative boundaries. Each node of the tree,
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews          called a <span class="emphasis"><em>domain</em></span>, is given a label. The domain
ba8b771c371967dd1254c7fa82ebe4158ee04b24Tinderbox User          name of the
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews          node is the concatenation of all the labels on the path from the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater          node to the <span class="emphasis"><em>root</em></span> node.  This is represented
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User          in written form as a string of labels listed from right to left and
933799f3641f4f78445d015008bad0038900a82aTinderbox User          separated by dots. A label need only be unique within its parent
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater          domain.
e64202536ea72d8f371dd0df9fc763f8d70bf886Tinderbox User        </p>
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews<p>
da59e63e7af147a8bcef985b98b04443e04c3a0eTinderbox User          For example, a domain name for a host at the
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User          company <span class="emphasis"><em>Example, Inc.</em></span> could be
757ff043760e4743dda1a10e7d58349275934902Tinderbox User          <code class="literal">ourhost.example.com</code>,
ae454ec746d1d4db8d04e107d4d25ff13158c37fMark Andrews          where <code class="literal">com</code> is the
f520803b46dc189fdaf84adc87ef327d3587b435Mark Andrews          top level domain to which
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark Andrews          <code class="literal">ourhost.example.com</code> belongs,
757ff043760e4743dda1a10e7d58349275934902Tinderbox User          <code class="literal">example</code> is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater          a subdomain of <code class="literal">com</code>, and
ae454ec746d1d4db8d04e107d4d25ff13158c37fMark Andrews          <code class="literal">ourhost</code> is the
1bcc3273a80c256f11d9098a00ba2c041939e233Mark Andrews          name of the host.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson        </p>
1bcc3273a80c256f11d9098a00ba2c041939e233Mark Andrews<p>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews          For administrative purposes, the name space is partitioned into
1bcc3273a80c256f11d9098a00ba2c041939e233Mark Andrews          areas called <span class="emphasis"><em>zones</em></span>, each starting at a node and
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          extending down to the leaf nodes or to nodes where other zones
ba8b771c371967dd1254c7fa82ebe4158ee04b24Tinderbox User          start.
bac4435d473c9a0281507524f084480c34aa942aTinderbox User          The data for each zone is stored in a <span class="emphasis"><em>name server</em></span>, which answers queries about the zone using the
f520803b46dc189fdaf84adc87ef327d3587b435Mark Andrews          <span class="emphasis"><em>DNS protocol</em></span>.
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User        </p>
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User<p>
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User          The data associated with each domain name is stored in the
3857cb6fcabeb79d85de4b3e3e4ab99912b701f8Mark Andrews          form of <span class="emphasis"><em>resource records</em></span> (<acronym class="acronym">RR</acronym>s).
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User          Some of the supported resource record types are described in
e64202536ea72d8f371dd0df9fc763f8d70bf886Tinderbox User          <a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them" title="Types of Resource Records and When to Use Them">the section called &#8220;Types of Resource Records and When to Use Them&#8221;</a>.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews        </p>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<p>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson          For more detailed information about the design of the DNS and
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User          the DNS protocol, please refer to the standards documents listed in
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews          <a href="Bv9ARM.ch09.html#rfcs" title="Request for Comments (RFCs)">the section called &#8220;Request for Comments (RFCs)&#8221;</a>.
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User        </p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews</div>
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User<div class="sect2" lang="en">
ebdf202f2198158ab4d30f22c370a9c63760d071Tinderbox User<div class="titlepage"><div><div><h3 class="title">
8292deab031e7599cd7622aa7675fbe139ca6095Mark Andrews<a name="id2564886"></a>Zones</h3></div></div></div>
caaff35375fba833f156f952aeca689e5bc7cddfFrancis Dupont<p>
caaff35375fba833f156f952aeca689e5bc7cddfFrancis Dupont          To properly operate a name server, it is important to understand
caaff35375fba833f156f952aeca689e5bc7cddfFrancis Dupont          the difference between a <span class="emphasis"><em>zone</em></span>
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews          and a <span class="emphasis"><em>domain</em></span>.
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont        </p>
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews<p>
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews          As stated previously, a zone is a point of delegation in
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews          the <acronym class="acronym">DNS</acronym> tree. A zone consists of
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont          those contiguous parts of the domain
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews          tree for which a name server has complete information and over which
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews          it has authority. It contains all domain names from a certain point
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews          downward in the domain tree except those which are delegated to
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont          other zones. A delegation point is marked by one or more
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews          <span class="emphasis"><em>NS records</em></span> in the
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews          parent zone, which should be matched by equivalent NS records at
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews          the root of the delegated zone.
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont        </p>
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews<p>
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews          For instance, consider the <code class="literal">example.com</code>
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews          domain which includes names
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater          such as <code class="literal">host.aaa.example.com</code> and
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews          <code class="literal">host.bbb.example.com</code> even though
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews          the <code class="literal">example.com</code> zone includes
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User          only delegations for the <code class="literal">aaa.example.com</code> and
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          <code class="literal">bbb.example.com</code> zones.  A zone can
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews          map
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater          exactly to a single domain, but could also include only part of a
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews          domain, the rest of which could be delegated to other
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews          name servers. Every name in the <acronym class="acronym">DNS</acronym>
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User          tree is a
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          <span class="emphasis"><em>domain</em></span>, even if it is
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews          <span class="emphasis"><em>terminal</em></span>, that is, has no
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater          <span class="emphasis"><em>subdomains</em></span>.  Every subdomain is a domain and
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews          every domain except the root is also a subdomain. The terminology is
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews          not intuitive and we suggest that you read RFCs 1033, 1034 and 1035
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User          to
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          gain a complete understanding of this difficult and subtle
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews          topic.
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews        </p>
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews<p>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews          Though <acronym class="acronym">BIND</acronym> is called a "domain name
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User          server",
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews          it deals primarily in terms of zones. The master and slave
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews          declarations in the <code class="filename">named.conf</code> file
39cad8fb7d7ff3436bb24ce761354afcb80d295aMark Andrews          specify
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews          zones, not domains. When you ask some other site if it is willing to
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews          be a slave server for your <span class="emphasis"><em>domain</em></span>, you are
01a5c5503482fb3ba52088bf0178a7213273bf96Mark Andrews          actually asking for slave service for some collection of zones.
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User        </p>
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews</div>
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews<div class="sect2" lang="en">
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews<div class="titlepage"><div><div><h3 class="title">
e64202536ea72d8f371dd0df9fc763f8d70bf886Tinderbox User<a name="id2567284"></a>Authoritative Name Servers</h3></div></div></div>
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User<p>
03ebc228ee3725738b067b6bd7082a9a731822a1Tinderbox User          Each zone is served by at least
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater          one <span class="emphasis"><em>authoritative name server</em></span>,
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews          which contains the complete data for the zone.
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User          To make the DNS tolerant of server and network failures,
757ff043760e4743dda1a10e7d58349275934902Tinderbox User          most zones have two or more authoritative servers, on
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews          different networks.
827f8cccb5280f4da66c46186e792d1cb9d73503Mark Andrews        </p>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<p>
933799f3641f4f78445d015008bad0038900a82aTinderbox User          Responses from authoritative servers have the "authoritative
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews          answer" (AA) bit set in the response packets.  This makes them
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont          easy to identify when debugging DNS configurations using tools like
7f79131f9a8e804b93c57f3c679065cce878b726Automatic Updater          <span><strong class="command">dig</strong></span> (<a href="Bv9ARM.ch03.html#diagnostic_tools" title="Diagnostic Tools">the section called &#8220;Diagnostic Tools&#8221;</a>).
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews        </p>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<div class="sect3" lang="en">
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<div class="titlepage"><div><div><h4 class="title">
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<a name="id2567307"></a>The Primary Master</h4></div></div></div>
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User<p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews            The authoritative server where the master copy of the zone
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews            data is maintained is called the
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews            <span class="emphasis"><em>primary master</em></span> server, or simply the
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews            <span class="emphasis"><em>primary</em></span>.  Typically it loads the zone
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User            contents from some local file edited by humans or perhaps
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews            generated mechanically from some other local file which is
3a988722ad9e209ba4064604d482dc4efe0e19ebTinderbox User            edited by humans.  This file is called the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            <span class="emphasis"><em>zone file</em></span> or
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            <span class="emphasis"><em>master file</em></span>.
a3ffa9ab0644ae2b52f2e13a00b5e85b879f612fTinderbox User          </p>
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont<p>
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews            In some cases, however, the master file may not be edited
1bf507ca635310b340aea42d6c3e567819974a99Tinderbox User            by humans at all, but may instead be the result of
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews            <span class="emphasis"><em>dynamic update</em></span> operations.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          </p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews</div>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<div class="sect3" lang="en">
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User<div class="titlepage"><div><div><h4 class="title">
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<a name="id2567337"></a>Slave Servers</h4></div></div></div>
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User<p>
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User            The other authoritative servers, the <span class="emphasis"><em>slave</em></span>
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont            servers (also known as <span class="emphasis"><em>secondary</em></span> servers)
a5636b773fa05a272b6876afd99309c0b3090e2fMark Andrews            load
a5636b773fa05a272b6876afd99309c0b3090e2fMark Andrews            the zone contents from another server using a replication process
a5636b773fa05a272b6876afd99309c0b3090e2fMark Andrews            known as a <span class="emphasis"><em>zone transfer</em></span>.  Typically the data
a5636b773fa05a272b6876afd99309c0b3090e2fMark Andrews            are
a5636b773fa05a272b6876afd99309c0b3090e2fMark Andrews            transferred directly from the primary master, but it is also
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont            possible
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont            to transfer it from another slave.  In other words, a slave server
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont            may itself act as a master to a subordinate slave server.
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews          </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="sect3" lang="en">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="titlepage"><div><div><h4 class="title">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="id2567358"></a>Stealth Servers</h4></div></div></div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            Usually all of the zone's authoritative servers are listed in
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            NS records in the parent zone.  These NS records constitute
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            a <span class="emphasis"><em>delegation</em></span> of the zone from the parent.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            The authoritative servers are also listed in the zone file itself,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            at the <span class="emphasis"><em>top level</em></span> or <span class="emphasis"><em>apex</em></span>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            of the zone.  You can list servers in the zone's top-level NS
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            records that are not in the parent's NS delegation, but you cannot
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            list servers in the parent's delegation that are not present at
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            the zone's top level.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            A <span class="emphasis"><em>stealth server</em></span> is a server that is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            authoritative for a zone but is not listed in that zone's NS
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            records.  Stealth servers can be used for keeping a local copy of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            a
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            zone to speed up access to the zone's records or to make sure that
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            zone is available even if all the "official" servers for the zone
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            are
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            inaccessible.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            A configuration where the primary master server itself is a
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            stealth server is often referred to as a "hidden primary"
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            configuration.  One use for this configuration is when the primary
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            master
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            is behind a firewall and therefore unable to communicate directly
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            with the outside world.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="sect2" lang="en">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="titlepage"><div><div><h3 class="title">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="id2567525"></a>Caching Name Servers</h3></div></div></div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          The resolver libraries provided by most operating systems are
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          <span class="emphasis"><em>stub resolvers</em></span>, meaning that they are not
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          capable of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          performing the full DNS resolution process by themselves by talking
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          directly to the authoritative servers.  Instead, they rely on a
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          local
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          name server to perform the resolution on their behalf.  Such a
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          server
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          is called a <span class="emphasis"><em>recursive</em></span> name server; it performs
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          <span class="emphasis"><em>recursive lookups</em></span> for local clients.
f520803b46dc189fdaf84adc87ef327d3587b435Mark Andrews        </p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          To improve performance, recursive servers cache the results of
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          the lookups they perform.  Since the processes of recursion and
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews          caching are intimately connected, the terms
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User          <span class="emphasis"><em>recursive server</em></span> and
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          <span class="emphasis"><em>caching server</em></span> are often used synonymously.
646fed0d28be4387e3e32fb0f5732a1f58b572baTinderbox User        </p>
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater<p>
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater          The length of time for which a record may be retained in
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater          the cache of a caching name server is controlled by the
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater          Time To Live (TTL) field associated with each resource record.
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater        </p>
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater<div class="sect3" lang="en">
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User<div class="titlepage"><div><div><h4 class="title">
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater<a name="id2567560"></a>Forwarding</h4></div></div></div>
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater<p>
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater            Even a caching name server does not necessarily perform
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater            the complete recursive lookup itself.  Instead, it can
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater            <span class="emphasis"><em>forward</em></span> some or all of the queries
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater            that it cannot satisfy from its cache to another caching name
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater            server,
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater            commonly referred to as a <span class="emphasis"><em>forwarder</em></span>.
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews          </p>
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User<p>
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User            There may be one or more forwarders,
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User            and they are queried in turn until the list is exhausted or an
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User            answer
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User            is found. Forwarders are typically used when you do not
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User            wish all the servers at a given site to interact directly with the
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User            rest of
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User            the Internet servers. A typical scenario would involve a number
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User            of internal <acronym class="acronym">DNS</acronym> servers and an
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User            Internet firewall. Servers unable
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews            to pass packets through the firewall would forward to the server
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User            that can do it, and that server would query the Internet <acronym class="acronym">DNS</acronym> servers
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont            on the internal server's behalf.
a450977e98155f6e828fe6f8d52cf24674231831Mark Andrews          </p>
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User</div>
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User</div>
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User<div class="sect2" lang="en">
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User<div class="titlepage"><div><div><h3 class="title">
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews<a name="id2567587"></a>Name Servers in Multiple Roles</h3></div></div></div>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          The <acronym class="acronym">BIND</acronym> name server can
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          simultaneously act as
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          a master for some zones, a slave for other zones, and as a caching
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews          (recursive) server for a set of local clients.
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User        </p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<p>
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont          However, since the functions of authoritative name service
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont          and caching/recursive name service are logically separate, it is
a3ffa9ab0644ae2b52f2e13a00b5e85b879f612fTinderbox User          often advantageous to run them on separate server machines.
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont          A server that only provides authoritative name service
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont          (an <span class="emphasis"><em>authoritative-only</em></span> server) can run with
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont          recursion disabled, improving reliability and security.
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          A server that is not authoritative for any zones and only provides
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          recursive service to local
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          clients (a <span class="emphasis"><em>caching-only</em></span> server)
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          does not need to be reachable from the Internet at large and can
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews          be placed inside a firewall.
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User        </p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews</div>
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User</div>
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont</div>
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont<div class="navfooter">
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont<hr>
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont<table width="100%" summary="Navigation footer">
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont<tr>
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont<td width="40%" align="left">
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont<a accesskey="p" href="Bv9ARM.html">Prev</a>�</td>
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont<td width="20%" align="center">�</td>
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews<td width="40%" align="right">�<a accesskey="n" href="Bv9ARM.ch02.html">Next</a>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</td>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</tr>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<tr>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<td width="40%" align="left" valign="top">BIND 9 Administrator Reference Manual�</td>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<td width="40%" align="right" valign="top">�Chapter�2.�<acronym class="acronym">BIND</acronym> Resource Requirements</td>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</tr>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</table>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</body>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</html>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington