Bv9ARM.ch01.html revision f9ce6280cec79deb16ff6d9807aa493ff23e10d9
a3f8c8e20780e488141d200acdfea6c5f3303513Automatic Updater - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
75c0816e8295e180f4bc7f10db3d0d880383bc1cMark Andrews - Copyright (C) 2000-2003 Internet Software Consortium.
4a14ce5ba00ab7bc55c99ffdcf59c7a4ab902721Automatic Updater - Permission to use, copy, modify, and/or distribute this software for any
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington - purpose with or without fee is hereby granted, provided that the above
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington - copyright notice and this permission notice appear in all copies.
9016767f4e15191b7c763b8a4ad36a57dc2705a2Mark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9016767f4e15191b7c763b8a4ad36a57dc2705a2Mark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
9016767f4e15191b7c763b8a4ad36a57dc2705a2Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
9016767f4e15191b7c763b8a4ad36a57dc2705a2Mark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
9016767f4e15191b7c763b8a4ad36a57dc2705a2Mark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
9016767f4e15191b7c763b8a4ad36a57dc2705a2Mark Andrews - PERFORMANCE OF THIS SOFTWARE.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
ca67ebfe9eef0b8f04179f7e511a19e0337a5422Automatic Updater<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="prev" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<link rel="next" href="Bv9ARM.ch02.html" title="Chapter�2.�BIND Resource Requirements">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr><th colspan="3" align="center">Chapter�1.�Introduction</th></tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a accesskey="p" href="Bv9ARM.html">Prev</a>�</td>
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch02.html">Next</a>
ad671240d635376dd8681550eebee799d2e3d1fdAutomatic Updater<div class="titlepage"><div><div><h1 class="title">
ad671240d635376dd8681550eebee799d2e3d1fdAutomatic Updater<a name="Bv9ARM.ch01"></a>Chapter�1.�Introduction</h1></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="section"><a href="Bv9ARM.ch01.html#doc_scope">Scope of Document</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="section"><a href="Bv9ARM.ch01.html#organization">Organization of This Document</a></span></dt>
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User<dt><span class="section"><a href="Bv9ARM.ch01.html#conventions">Conventions Used in This Document</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="section"><a href="Bv9ARM.ch01.html#dns_overview">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="section"><a href="Bv9ARM.ch01.html#dns_fundamentals">DNS Fundamentals</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="section"><a href="Bv9ARM.ch01.html#domain_names">Domains and Domain Names</a></span></dt>
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater<dt><span class="section"><a href="Bv9ARM.ch01.html#zones">Zones</a></span></dt>
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater<dt><span class="section"><a href="Bv9ARM.ch01.html#auth_servers">Authoritative Name Servers</a></span></dt>
aaaf8d4f4873d21e55c3ffb4f656203d08339865Mark Andrews<dt><span class="section"><a href="Bv9ARM.ch01.html#cache_servers">Caching Name Servers</a></span></dt>
aaaf8d4f4873d21e55c3ffb4f656203d08339865Mark Andrews<dt><span class="section"><a href="Bv9ARM.ch01.html#multi_role">Name Servers in Multiple Roles</a></span></dt>
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater The Internet Domain Name System (<acronym class="acronym">DNS</acronym>)
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater consists of the syntax
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater to specify the names of entities in the Internet in a hierarchical
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater manner, the rules used for delegating authority over names, and the
8e821eea5f57ac47a94305aa7ab0c3570d92a311Automatic Updater system implementation that actually maps names to Internet
8e821eea5f57ac47a94305aa7ab0c3570d92a311Automatic Updater addresses. <acronym class="acronym">DNS</acronym> data is maintained in a
8e821eea5f57ac47a94305aa7ab0c3570d92a311Automatic Updater group of distributed
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein hierarchical databases.
731cc132f22dbc9e0ecd7035dce314a61076d31bAutomatic Updater<div class="titlepage"><div><div><h2 class="title" style="clear: both">
731cc132f22dbc9e0ecd7035dce314a61076d31bAutomatic Updater<a name="doc_scope"></a>Scope of Document</h2></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The Berkeley Internet Name Domain
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater (<acronym class="acronym">BIND</acronym>) implements a
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater domain name server for a number of operating systems. This
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein document provides basic information about the installation and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein care of the Internet Systems Consortium (<acronym class="acronym">ISC</acronym>)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <acronym class="acronym">BIND</acronym> version 9 software package for
b272d38cc5d24f64c0647a9afb340c21c4b9aaf7Evan Hunt system administrators.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>This version of the manual corresponds to BIND version 9.11.</p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h2 class="title" style="clear: both">
8e821eea5f57ac47a94305aa7ab0c3570d92a311Automatic Updater<a name="organization"></a>Organization of This Document</h2></div></div></div>
aaaf8d4f4873d21e55c3ffb4f656203d08339865Mark Andrews In this document, <span class="emphasis"><em>Chapter 1</em></span> introduces
b272d38cc5d24f64c0647a9afb340c21c4b9aaf7Evan Hunt the basic <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym> concepts. <span class="emphasis"><em>Chapter 2</em></span>
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater describes resource requirements for running <acronym class="acronym">BIND</acronym> in various
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater environments. Information in <span class="emphasis"><em>Chapter 3</em></span> is
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater <span class="emphasis"><em>task-oriented</em></span> in its presentation and is
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater organized functionally, to aid in the process of installing the
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater <acronym class="acronym">BIND</acronym> 9 software. The task-oriented
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater section is followed by
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater <span class="emphasis"><em>Chapter 4</em></span>, which contains more advanced
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater concepts that the system administrator may need for implementing
b272d38cc5d24f64c0647a9afb340c21c4b9aaf7Evan Hunt certain options. <span class="emphasis"><em>Chapter 5</em></span>
b272d38cc5d24f64c0647a9afb340c21c4b9aaf7Evan Hunt describes the <acronym class="acronym">BIND</acronym> 9 lightweight
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein resolver. The contents of <span class="emphasis"><em>Chapter 6</em></span> are
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein organized as in a reference manual to aid in the ongoing
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein maintenance of the software. <span class="emphasis"><em>Chapter 7</em></span> addresses
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein security considerations, and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="emphasis"><em>Chapter 8</em></span> contains troubleshooting help. The
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein main body of the document is followed by several
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="emphasis"><em>appendices</em></span> which contain useful reference
2f8d63983c297c62630044d28a6f66676b4d339dMark Andrews information, such as a <span class="emphasis"><em>bibliography</em></span> and
2f8d63983c297c62630044d28a6f66676b4d339dMark Andrews historic information related to <acronym class="acronym">BIND</acronym>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein and the Domain Name
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater<div class="titlepage"><div><div><h2 class="title" style="clear: both">
aaaf8d4f4873d21e55c3ffb4f656203d08339865Mark Andrews<a name="conventions"></a>Conventions Used in This Document</h2></div></div></div>
8e821eea5f57ac47a94305aa7ab0c3570d92a311Automatic Updater In this document, we use the following general typographic
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater<div class="informaltable"><table border="1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="emphasis"><em>To describe:</em></span>
8ec3c085233cedb22b05da36e2773c8f357a7e45Automatic Updater <span class="emphasis"><em>We use the style:</em></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein a pathname, filename, URL, hostname,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein mailing list name, or new term or concept
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <strong class="userinput"><code>Fixed Width Bold</code></strong>
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater program output
a3f8c8e20780e488141d200acdfea6c5f3303513Automatic Updater The following conventions are used in descriptions of the
a3f8c8e20780e488141d200acdfea6c5f3303513Automatic Updater <acronym class="acronym">BIND</acronym> configuration file:</p>
a3f8c8e20780e488141d200acdfea6c5f3303513Automatic Updater<div class="informaltable"><table border="1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="emphasis"><em>To describe:</em></span>
575e15fed997a3ad1cb35c5b9ef34ab24ce47e72Automatic Updater <span class="emphasis"><em>We use the style:</em></span>
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater Optional input
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [<span class="optional">Text is enclosed in square brackets</span>]
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater<div class="titlepage"><div><div><h2 class="title" style="clear: both">
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater<a name="dns_overview"></a>The Domain Name System (<acronym class="acronym">DNS</acronym>)</h2></div></div></div>
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater The purpose of this document is to explain the installation
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater and upkeep of the <acronym class="acronym">BIND</acronym> (Berkeley Internet
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater Name Domain) software package, and we
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater begin by reviewing the fundamentals of the Domain Name System
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein (<acronym class="acronym">DNS</acronym>) as they relate to <acronym class="acronym">BIND</acronym>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="dns_fundamentals"></a>DNS Fundamentals</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The Domain Name System (DNS) is a hierarchical, distributed
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein database. It stores information for mapping Internet host names to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein addresses and vice versa, mail routing information, and other data
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein used by Internet applications.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Clients look up information in the DNS by calling a
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User <span class="emphasis"><em>resolver</em></span> library, which sends queries to one or
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater more <span class="emphasis"><em>name servers</em></span> and interprets the responses.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater The <acronym class="acronym">BIND</acronym> 9 software distribution
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater name server, <span class="command"><strong>named</strong></span>, and a resolver
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater library, <span class="command"><strong>liblwres</strong></span>. The older
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater <span class="command"><strong>libbind</strong></span> resolver library is also available
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater from ISC as a separate download.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater<div class="titlepage"><div><div><h3 class="title">
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater<a name="domain_names"></a>Domains and Domain Names</h3></div></div></div>
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater The data stored in the DNS is identified by <span class="emphasis"><em>domain names</em></span> that are organized as a tree according to
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater organizational or administrative boundaries. Each node of the tree,
f8e3e03cacd16ffb923a9603fca23a9e1a1fee07Automatic Updater called a <span class="emphasis"><em>domain</em></span>, is given a label. The domain
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater node is the concatenation of all the labels on the path from the
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater node to the <span class="emphasis"><em>root</em></span> node. This is represented
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater in written form as a string of labels listed from right to left and
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater separated by dots. A label need only be unique within its parent
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater For example, a domain name for a host at the
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater company <span class="emphasis"><em>Example, Inc.</em></span> could be
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater <code class="literal">ourhost.example.com</code>,
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater where <code class="literal">com</code> is the
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater top level domain to which
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater <code class="literal">ourhost.example.com</code> belongs,
f8e3e03cacd16ffb923a9603fca23a9e1a1fee07Automatic Updater a subdomain of <code class="literal">com</code>, and
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater <code class="literal">ourhost</code> is the
f8e3e03cacd16ffb923a9603fca23a9e1a1fee07Automatic Updater name of the host.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater For administrative purposes, the name space is partitioned into
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater areas called <span class="emphasis"><em>zones</em></span>, each starting at a node and
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater extending down to the leaf nodes or to nodes where other zones
f8e3e03cacd16ffb923a9603fca23a9e1a1fee07Automatic Updater The data for each zone is stored in a <span class="emphasis"><em>name server</em></span>, which answers queries about the zone using the
f8e3e03cacd16ffb923a9603fca23a9e1a1fee07Automatic Updater <span class="emphasis"><em>DNS protocol</em></span>.
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater The data associated with each domain name is stored in the
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater form of <span class="emphasis"><em>resource records</em></span> (<acronym class="acronym">RR</acronym>s).
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater Some of the supported resource record types are described in
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater <a class="xref" href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them" title="Types of Resource Records and When to Use Them">the section called “Types of Resource Records and When to Use Them”</a>.
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater For more detailed information about the design of the DNS and
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater the DNS protocol, please refer to the standards documents listed in
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater <a class="xref" href="Bv9ARM.ch11.html#rfcs" title="Request for Comments (RFCs)">the section called “Request for Comments (RFCs)”</a>.
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater<div class="titlepage"><div><div><h3 class="title">
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater<a name="zones"></a>Zones</h3></div></div></div>
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater To properly operate a name server, it is important to understand
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater the difference between a <span class="emphasis"><em>zone</em></span>
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater and a <span class="emphasis"><em>domain</em></span>.
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater As stated previously, a zone is a point of delegation in
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater the <acronym class="acronym">DNS</acronym> tree. A zone consists of
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater those contiguous parts of the domain
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater tree for which a name server has complete information and over which
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater it has authority. It contains all domain names from a certain point
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater downward in the domain tree except those which are delegated to
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User other zones. A delegation point is marked by one or more
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="emphasis"><em>NS records</em></span> in the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein parent zone, which should be matched by equivalent NS records at
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the root of the delegated zone.
90153b6536f7a5078e1c157c980110dbcd7fe205Mark Andrews For instance, consider the <code class="literal">example.com</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein domain which includes names
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein such as <code class="literal">host.aaa.example.com</code> and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="literal">host.bbb.example.com</code> even though
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the <code class="literal">example.com</code> zone includes
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein only delegations for the <code class="literal">aaa.example.com</code> and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="literal">bbb.example.com</code> zones. A zone can
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein exactly to a single domain, but could also include only part of a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein domain, the rest of which could be delegated to other
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein name servers. Every name in the <acronym class="acronym">DNS</acronym>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="emphasis"><em>domain</em></span>, even if it is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="emphasis"><em>terminal</em></span>, that is, has no
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews <span class="emphasis"><em>subdomains</em></span>. Every subdomain is a domain and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein every domain except the root is also a subdomain. The terminology is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein not intuitive and we suggest that you read RFCs 1033, 1034 and 1035
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein gain a complete understanding of this difficult and subtle
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Though <acronym class="acronym">BIND</acronym> is called a "domain name
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein it deals primarily in terms of zones. The master and slave
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein declarations in the <code class="filename">named.conf</code> file
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein zones, not domains. When you ask some other site if it is willing to
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews be a slave server for your <span class="emphasis"><em>domain</em></span>, you are
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews actually asking for slave service for some collection of zones.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="auth_servers"></a>Authoritative Name Servers</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Each zone is served by at least
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein one <span class="emphasis"><em>authoritative name server</em></span>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein which contains the complete data for the zone.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein To make the DNS tolerant of server and network failures,
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User most zones have two or more authoritative servers, on
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein different networks.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Responses from authoritative servers have the "authoritative
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein answer" (AA) bit set in the response packets. This makes them
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein easy to identify when debugging DNS configurations using tools like
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="command"><strong>dig</strong></span> (<a class="xref" href="Bv9ARM.ch03.html#diagnostic_tools" title="Diagnostic Tools">the section called “Diagnostic Tools”</a>).
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h4 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="primary_master"></a>The Primary Master</h4></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The authoritative server where the master copy of the zone
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein data is maintained is called the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="emphasis"><em>primary master</em></span> server, or simply the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="emphasis"><em>primary</em></span>. Typically it loads the zone
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews contents from some local file edited by humans or perhaps
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein generated mechanically from some other local file which is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein edited by humans. This file is called the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="emphasis"><em>zone file</em></span> or
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User <span class="emphasis"><em>master file</em></span>.
c6c78f699b55b3344fb6b17ddc854cbae4610468Automatic Updater In some cases, however, the master file may not be edited
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein by humans at all, but may instead be the result of
8e821eea5f57ac47a94305aa7ab0c3570d92a311Automatic Updater <span class="emphasis"><em>dynamic update</em></span> operations.
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User<div class="titlepage"><div><div><h4 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="slave_server"></a>Slave Servers</h4></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The other authoritative servers, the <span class="emphasis"><em>slave</em></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein servers (also known as <span class="emphasis"><em>secondary</em></span> servers)
at the <span class="emphasis"><em>top level</em></span> or <span class="emphasis"><em>apex</em></span>
that can do it, and that server would query the Internet <acronym class="acronym">DNS</acronym> servers