doc/arm/Bv9ARM.ch01.html

	Bv9ARM.ch01.html revision f9ce6280cec79deb16ff6d9807aa493ff23e10d9
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<!--
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - Copyright (C) 2000-2003 Internet Software Consortium.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews -
4a14ce5ba00ab7bc55c99ffdcf59c7a4ab902721Automatic Updater - Permission to use, copy, modify, and/or distribute this software for any
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - purpose with or without fee is hereby granted, provided that the above
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - copyright notice and this permission notice appear in all copies.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews -
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - PERFORMANCE OF THIS SOFTWARE.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews-->
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User<html>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<head>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<title>Chapter�1.�Introduction</title>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
e21a2904f02a03fa06b6db04d348f65fe9c67b2bMark Andrews<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<link rel="prev" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater<link rel="next" href="Bv9ARM.ch02.html" title="Chapter�2.�BIND Resource Requirements">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</head>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="navheader">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<table width="100%" summary="Navigation header">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<tr><th colspan="3" align="center">Chapter�1.�Introduction</th></tr>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<tr>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td width="20%" align="left">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<a accesskey="p" href="Bv9ARM.html">Prev</a>�</td>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater<th width="60%" align="center">�</th>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch02.html">Next</a>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</tr>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</table>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<hr>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="chapter">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="titlepage"><div><div><h1 class="title">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<a name="Bv9ARM.ch01"></a>Chapter�1.�Introduction</h1></div></div></div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="toc">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<p><b>Table of Contents</b></p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dl class="toc">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dt><span class="section"><a href="Bv9ARM.ch01.html#doc_scope">Scope of Document</a></span></dt>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dt><span class="section"><a href="Bv9ARM.ch01.html#organization">Organization of This Document</a></span></dt>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dt><span class="section"><a href="Bv9ARM.ch01.html#conventions">Conventions Used in This Document</a></span></dt>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dt><span class="section"><a href="Bv9ARM.ch01.html#dns_overview">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dd><dl>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dt><span class="section"><a href="Bv9ARM.ch01.html#dns_fundamentals">DNS Fundamentals</a></span></dt>
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User<dt><span class="section"><a href="Bv9ARM.ch01.html#domain_names">Domains and Domain Names</a></span></dt>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dt><span class="section"><a href="Bv9ARM.ch01.html#zones">Zones</a></span></dt>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dt><span class="section"><a href="Bv9ARM.ch01.html#auth_servers">Authoritative Name Servers</a></span></dt>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dt><span class="section"><a href="Bv9ARM.ch01.html#cache_servers">Caching Name Servers</a></span></dt>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dt><span class="section"><a href="Bv9ARM.ch01.html#multi_role">Name Servers in Multiple Roles</a></span></dt>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</dl></dd>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</dl>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      The Internet Domain Name System (<acronym class="acronym">DNS</acronym>)
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      consists of the syntax
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User      to specify the names of entities in the Internet in a hierarchical
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User      manner, the rules used for delegating authority over names, and the
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User      system implementation that actually maps names to Internet
c247e3f281613fabe1af362e9f3157e35ebbe52cMark Andrews      addresses.  <acronym class="acronym">DNS</acronym> data is maintained in a
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User      group of distributed
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User      hierarchical databases.
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User    </p>
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User<div class="section">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="titlepage"><div><div><h2 class="title" style="clear: both">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<a name="doc_scope"></a>Scope of Document</h2></div></div></div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        The Berkeley Internet Name Domain
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        (<acronym class="acronym">BIND</acronym>) implements a
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        domain name server for a number of operating systems. This
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        document provides basic information about the installation and
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        care of the Internet Systems Consortium (<acronym class="acronym">ISC</acronym>)
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        <acronym class="acronym">BIND</acronym> version 9 software package for
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        system administrators.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<p>This version of the manual corresponds to BIND version 9.11.</p>
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User</div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="section">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="titlepage"><div><div><h2 class="title" style="clear: both">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<a name="organization"></a>Organization of This Document</h2></div></div></div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        In this document, <span class="emphasis"><em>Chapter 1</em></span> introduces
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        the basic <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym> concepts. <span class="emphasis"><em>Chapter 2</em></span>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        describes resource requirements for running <acronym class="acronym">BIND</acronym> in various
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        environments. Information in <span class="emphasis"><em>Chapter 3</em></span> is
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        <span class="emphasis"><em>task-oriented</em></span> in its presentation and is
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        organized functionally, to aid in the process of installing the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        <acronym class="acronym">BIND</acronym> 9 software. The task-oriented
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        section is followed by
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        <span class="emphasis"><em>Chapter 4</em></span>, which contains more advanced
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        concepts that the system administrator may need for implementing
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        certain options. <span class="emphasis"><em>Chapter 5</em></span>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        describes the <acronym class="acronym">BIND</acronym> 9 lightweight
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        resolver.  The contents of <span class="emphasis"><em>Chapter 6</em></span> are
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        organized as in a reference manual to aid in the ongoing
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        maintenance of the software. <span class="emphasis"><em>Chapter 7</em></span> addresses
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        security considerations, and
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        <span class="emphasis"><em>Chapter 8</em></span> contains troubleshooting help. The
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        main body of the document is followed by several
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        <span class="emphasis"><em>appendices</em></span> which contain useful reference
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        information, such as a <span class="emphasis"><em>bibliography</em></span> and
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        historic information related to <acronym class="acronym">BIND</acronym>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        and the Domain Name
1224c3b69b3d18f7127aa042644936af25a2d679Mark Andrews        System.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      </p>
1224c3b69b3d18f7127aa042644936af25a2d679Mark Andrews</div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="section">
1224c3b69b3d18f7127aa042644936af25a2d679Mark Andrews<div class="titlepage"><div><div><h2 class="title" style="clear: both">
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User<a name="conventions"></a>Conventions Used in This Document</h2></div></div></div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        In this document, we use the following general typographic
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        conventions:
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="informaltable"><table border="1">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<colgroup>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<col width="3.000in" class="1">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<col width="2.625in" class="2">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</colgroup>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<tbody>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<tr>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td>
c247e3f281613fabe1af362e9f3157e35ebbe52cMark Andrews                <p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  <span class="emphasis"><em>To describe:</em></span>
c247e3f281613fabe1af362e9f3157e35ebbe52cMark Andrews                </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews              </td>
c247e3f281613fabe1af362e9f3157e35ebbe52cMark Andrews<td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                <p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  <span class="emphasis"><em>We use the style:</em></span>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                </p>
c247e3f281613fabe1af362e9f3157e35ebbe52cMark Andrews              </td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</tr>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<tr>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                <p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  a pathname, filename, URL, hostname,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  mailing list name, or new term or concept
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews              </td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                <p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                  <code class="filename">Fixed width</code>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                </p>
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User              </td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</tr>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<tr>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                <p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                  literal user
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                  input
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User              </td>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<td>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                <p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                  <strong class="userinput"><code>Fixed Width Bold</code></strong>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User              </td>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User</tr>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<tr>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<td>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                <p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                  program output
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User              </td>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<td>
4f9cb7bd58e2c0a7407fee3758ea265aee329ac6Tinderbox User                <p>
4f9cb7bd58e2c0a7407fee3758ea265aee329ac6Tinderbox User                  <code class="computeroutput">Fixed Width</code>
4f9cb7bd58e2c0a7407fee3758ea265aee329ac6Tinderbox User                </p>
4f9cb7bd58e2c0a7407fee3758ea265aee329ac6Tinderbox User              </td>
4f9cb7bd58e2c0a7407fee3758ea265aee329ac6Tinderbox User</tr>
4f9cb7bd58e2c0a7407fee3758ea265aee329ac6Tinderbox User</tbody>
4f9cb7bd58e2c0a7407fee3758ea265aee329ac6Tinderbox User</table></div>
4f9cb7bd58e2c0a7407fee3758ea265aee329ac6Tinderbox User<p>
4f9cb7bd58e2c0a7407fee3758ea265aee329ac6Tinderbox User        The following conventions are used in descriptions of the
4f9cb7bd58e2c0a7407fee3758ea265aee329ac6Tinderbox User        <acronym class="acronym">BIND</acronym> configuration file:</p>
4f9cb7bd58e2c0a7407fee3758ea265aee329ac6Tinderbox User<div class="informaltable"><table border="1">
4f9cb7bd58e2c0a7407fee3758ea265aee329ac6Tinderbox User<colgroup>
4f9cb7bd58e2c0a7407fee3758ea265aee329ac6Tinderbox User<col width="3.000in" class="1">
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<col width="2.625in" class="2">
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User</colgroup>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<tbody>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<tr>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<td>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                  <p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                    <span class="emphasis"><em>To describe:</em></span>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                  </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                </td>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<td>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                  <p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                    <span class="emphasis"><em>We use the style:</em></span>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                  </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                </td>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User</tr>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<tr>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<td>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                  <p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                    keywords
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                  </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                </td>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<td>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                  <p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                    <code class="literal">Fixed Width</code>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                  </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                </td>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User</tr>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<tr>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<td>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                  <p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                    variables
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                  </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                </td>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<td>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                  <p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                    <code class="varname">Fixed Width</code>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                  </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                </td>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User</tr>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<tr>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<td>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                  <p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                    Optional input
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                  </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                </td>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<td>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                  <p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                    [<span class="optional">Text is enclosed in square brackets</span>]
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                  </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                </td>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User</tr>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User</tbody>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User</table></div>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User</div>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<div class="section">
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<div class="titlepage"><div><div><h2 class="title" style="clear: both">
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<a name="dns_overview"></a>The Domain Name System (<acronym class="acronym">DNS</acronym>)</h2></div></div></div>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        The purpose of this document is to explain the installation
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        and upkeep of the <acronym class="acronym">BIND</acronym> (Berkeley Internet
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        Name Domain) software package, and we
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        begin by reviewing the fundamentals of the Domain Name System
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        (<acronym class="acronym">DNS</acronym>) as they relate to <acronym class="acronym">BIND</acronym>.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<div class="section">
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<div class="titlepage"><div><div><h3 class="title">
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<a name="dns_fundamentals"></a>DNS Fundamentals</h3></div></div></div>
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User<p>
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User          The Domain Name System (DNS) is a hierarchical, distributed
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User          database.  It stores information for mapping Internet host names to
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User          IP
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User          addresses and vice versa, mail routing information, and other data
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User          used by Internet applications.
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User        </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          Clients look up information in the DNS by calling a
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          <span class="emphasis"><em>resolver</em></span> library, which sends queries to one or
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          more <span class="emphasis"><em>name servers</em></span> and interprets the responses.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          The <acronym class="acronym">BIND</acronym> 9 software distribution
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          contains a
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          name server, <span class="command"><strong>named</strong></span>, and a resolver
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          library, <span class="command"><strong>liblwres</strong></span>.  The older
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          <span class="command"><strong>libbind</strong></span> resolver library is also available
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          from ISC as a separate download.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User</div>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<div class="section">
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<div class="titlepage"><div><div><h3 class="title">
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<a name="domain_names"></a>Domains and Domain Names</h3></div></div></div>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          The data stored in the DNS is identified by <span class="emphasis"><em>domain names</em></span> that are organized as a tree according to
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          organizational or administrative boundaries. Each node of the tree,
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          called a <span class="emphasis"><em>domain</em></span>, is given a label. The domain
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          name of the
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          node is the concatenation of all the labels on the path from the
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          node to the <span class="emphasis"><em>root</em></span> node.  This is represented
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          in written form as a string of labels listed from right to left and
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          separated by dots. A label need only be unique within its parent
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          domain.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          For example, a domain name for a host at the
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          company <span class="emphasis"><em>Example, Inc.</em></span> could be
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          <code class="literal">ourhost.example.com</code>,
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          where <code class="literal">com</code> is the
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          top level domain to which
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          <code class="literal">ourhost.example.com</code> belongs,
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          <code class="literal">example</code> is
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          a subdomain of <code class="literal">com</code>, and
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          <code class="literal">ourhost</code> is the
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          name of the host.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          For administrative purposes, the name space is partitioned into
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          areas called <span class="emphasis"><em>zones</em></span>, each starting at a node and
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          extending down to the leaf nodes or to nodes where other zones
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          start.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          The data for each zone is stored in a <span class="emphasis"><em>name server</em></span>, which answers queries about the zone using the
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          <span class="emphasis"><em>DNS protocol</em></span>.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          The data associated with each domain name is stored in the
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          form of <span class="emphasis"><em>resource records</em></span> (<acronym class="acronym">RR</acronym>s).
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          Some of the supported resource record types are described in
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          <a class="xref" href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them" title="Types of Resource Records and When to Use Them">the section called &#8220;Types of Resource Records and When to Use Them&#8221;</a>.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          For more detailed information about the design of the DNS and
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          the DNS protocol, please refer to the standards documents listed in
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          <a class="xref" href="Bv9ARM.ch11.html#rfcs" title="Request for Comments (RFCs)">the section called &#8220;Request for Comments (RFCs)&#8221;</a>.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User</div>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<div class="section">
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<div class="titlepage"><div><div><h3 class="title">
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<a name="zones"></a>Zones</h3></div></div></div>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          To properly operate a name server, it is important to understand
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          the difference between a <span class="emphasis"><em>zone</em></span>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          and a <span class="emphasis"><em>domain</em></span>.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          As stated previously, a zone is a point of delegation in
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          the <acronym class="acronym">DNS</acronym> tree. A zone consists of
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          those contiguous parts of the domain
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          tree for which a name server has complete information and over which
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          it has authority. It contains all domain names from a certain point
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          downward in the domain tree except those which are delegated to
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          other zones. A delegation point is marked by one or more
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          <span class="emphasis"><em>NS records</em></span> in the
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          parent zone, which should be matched by equivalent NS records at
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          the root of the delegated zone.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          For instance, consider the <code class="literal">example.com</code>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          domain which includes names
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          such as <code class="literal">host.aaa.example.com</code> and
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          <code class="literal">host.bbb.example.com</code> even though
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          the <code class="literal">example.com</code> zone includes
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          only delegations for the <code class="literal">aaa.example.com</code> and
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          <code class="literal">bbb.example.com</code> zones.  A zone can
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          map
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          exactly to a single domain, but could also include only part of a
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          domain, the rest of which could be delegated to other
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          name servers. Every name in the <acronym class="acronym">DNS</acronym>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          tree is a
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          <span class="emphasis"><em>domain</em></span>, even if it is
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          <span class="emphasis"><em>terminal</em></span>, that is, has no
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          <span class="emphasis"><em>subdomains</em></span>.  Every subdomain is a domain and
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          every domain except the root is also a subdomain. The terminology is
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          not intuitive and we suggest that you read RFCs 1033, 1034 and 1035
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          to
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          gain a complete understanding of this difficult and subtle
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          topic.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          Though <acronym class="acronym">BIND</acronym> is called a "domain name
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          server",
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          it deals primarily in terms of zones. The master and slave
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          declarations in the <code class="filename">named.conf</code> file
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          specify
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          zones, not domains. When you ask some other site if it is willing to
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          be a slave server for your <span class="emphasis"><em>domain</em></span>, you are
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          actually asking for slave service for some collection of zones.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User</div>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<div class="section">
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<div class="titlepage"><div><div><h3 class="title">
94479b38340a00f0daf0ae0e1d3d673f845609ffTinderbox User<a name="auth_servers"></a>Authoritative Name Servers</h3></div></div></div>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          Each zone is served by at least
ccee3948124ab4c8bc3afa4369177913edb1fca2Tinderbox User          one <span class="emphasis"><em>authoritative name server</em></span>,
ccee3948124ab4c8bc3afa4369177913edb1fca2Tinderbox User          which contains the complete data for the zone.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          To make the DNS tolerant of server and network failures,
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          most zones have two or more authoritative servers, on
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          different networks.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          Responses from authoritative servers have the "authoritative
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          answer" (AA) bit set in the response packets.  This makes them
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          easy to identify when debugging DNS configurations using tools like
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          <span class="command"><strong>dig</strong></span> (<a class="xref" href="Bv9ARM.ch03.html#diagnostic_tools" title="Diagnostic Tools">the section called &#8220;Diagnostic Tools&#8221;</a>).
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<div class="section">
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<div class="titlepage"><div><div><h4 class="title">
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<a name="primary_master"></a>The Primary Master</h4></div></div></div>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            The authoritative server where the master copy of the zone
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            data is maintained is called the
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            <span class="emphasis"><em>primary master</em></span> server, or simply the
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            <span class="emphasis"><em>primary</em></span>.  Typically it loads the zone
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            contents from some local file edited by humans or perhaps
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            generated mechanically from some other local file which is
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            edited by humans.  This file is called the
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            <span class="emphasis"><em>zone file</em></span> or
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            <span class="emphasis"><em>master file</em></span>.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            In some cases, however, the master file may not be edited
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            by humans at all, but may instead be the result of
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            <span class="emphasis"><em>dynamic update</em></span> operations.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User</div>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<div class="section">
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<div class="titlepage"><div><div><h4 class="title">
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<a name="slave_server"></a>Slave Servers</h4></div></div></div>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            The other authoritative servers, the <span class="emphasis"><em>slave</em></span>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            servers (also known as <span class="emphasis"><em>secondary</em></span> servers)
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            load
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            the zone contents from another server using a replication process
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            known as a <span class="emphasis"><em>zone transfer</em></span>.  Typically the data
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            are
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            transferred directly from the primary master, but it is also
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            possible
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            to transfer it from another slave.  In other words, a slave server
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            may itself act as a master to a subordinate slave server.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User</div>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<div class="section">
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<div class="titlepage"><div><div><h4 class="title">
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<a name="stealth_server"></a>Stealth Servers</h4></div></div></div>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            Usually all of the zone's authoritative servers are listed in
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            NS records in the parent zone.  These NS records constitute
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            a <span class="emphasis"><em>delegation</em></span> of the zone from the parent.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            The authoritative servers are also listed in the zone file itself,
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            at the <span class="emphasis"><em>top level</em></span> or <span class="emphasis"><em>apex</em></span>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            of the zone.  You can list servers in the zone's top-level NS
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            records that are not in the parent's NS delegation, but you cannot
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            list servers in the parent's delegation that are not present at
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            the zone's top level.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            A <span class="emphasis"><em>stealth server</em></span> is a server that is
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            authoritative for a zone but is not listed in that zone's NS
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            records.  Stealth servers can be used for keeping a local copy of
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            a
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            zone to speed up access to the zone's records or to make sure that
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            the
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            zone is available even if all the "official" servers for the zone
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            are
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            inaccessible.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            A configuration where the primary master server itself is a
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            stealth server is often referred to as a "hidden primary"
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            configuration.  One use for this configuration is when the primary
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            master
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            is behind a firewall and therefore unable to communicate directly
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            with the outside world.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User</div>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User</div>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<div class="section">
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<div class="titlepage"><div><div><h3 class="title">
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<a name="cache_servers"></a>Caching Name Servers</h3></div></div></div>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          The resolver libraries provided by most operating systems are
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          <span class="emphasis"><em>stub resolvers</em></span>, meaning that they are not
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          capable of
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          performing the full DNS resolution process by themselves by talking
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          directly to the authoritative servers.  Instead, they rely on a
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          local
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          name server to perform the resolution on their behalf.  Such a
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          server
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          is called a <span class="emphasis"><em>recursive</em></span> name server; it performs
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          <span class="emphasis"><em>recursive lookups</em></span> for local clients.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          To improve performance, recursive servers cache the results of
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          the lookups they perform.  Since the processes of recursion and
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          caching are intimately connected, the terms
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          <span class="emphasis"><em>recursive server</em></span> and
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          <span class="emphasis"><em>caching server</em></span> are often used synonymously.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          The length of time for which a record may be retained in
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          the cache of a caching name server is controlled by the
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          Time To Live (TTL) field associated with each resource record.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<div class="section">
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<div class="titlepage"><div><div><h4 class="title">
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<a name="forwarder"></a>Forwarding</h4></div></div></div>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            Even a caching name server does not necessarily perform
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            the complete recursive lookup itself.  Instead, it can
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            <span class="emphasis"><em>forward</em></span> some or all of the queries
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            that it cannot satisfy from its cache to another caching name
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            server,
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            commonly referred to as a <span class="emphasis"><em>forwarder</em></span>.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            There may be one or more forwarders,
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            and they are queried in turn until the list is exhausted or an
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            answer
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            is found. Forwarders are typically used when you do not
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            wish all the servers at a given site to interact directly with the
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            rest of
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            the Internet servers. A typical scenario would involve a number
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            of internal <acronym class="acronym">DNS</acronym> servers and an
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            Internet firewall. Servers unable
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            to pass packets through the firewall would forward to the server
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            that can do it, and that server would query the Internet <acronym class="acronym">DNS</acronym> servers
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User            on the internal server's behalf.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          </p>
03c0efc6892ef2ed17338b2ecbb2c5f23fbad0c9Tinderbox User</div>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User</div>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<div class="section">
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<div class="titlepage"><div><div><h3 class="title">
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<a name="multi_role"></a>Name Servers in Multiple Roles</h3></div></div></div>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          The <acronym class="acronym">BIND</acronym> name server can
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          simultaneously act as
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          a master for some zones, a slave for other zones, and as a caching
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          (recursive) server for a set of local clients.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        </p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User<p>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          However, since the functions of authoritative name service
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          and caching/recursive name service are logically separate, it is
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          often advantageous to run them on separate server machines.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          A server that only provides authoritative name service
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          (an <span class="emphasis"><em>authoritative-only</em></span> server) can run with
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          recursion disabled, improving reliability and security.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          A server that is not authoritative for any zones and only provides
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User          recursive service to local
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          clients (a <span class="emphasis"><em>caching-only</em></span> server)
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          does not need to be reachable from the Internet at large and can
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          be placed inside a firewall.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="navfooter">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<hr>
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User<table width="100%" summary="Navigation footer">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<tr>
1d216bfaa764f2b40c57cf61987453c5a6fa9b0aMark Andrews<td width="40%" align="left">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<a accesskey="p" href="Bv9ARM.html">Prev</a>�</td>
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews<td width="20%" align="center">�</td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td width="40%" align="right">�<a accesskey="n" href="Bv9ARM.ch02.html">Next</a>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</tr>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<tr>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td width="40%" align="left" valign="top">BIND 9 Administrator Reference Manual�</td>
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td width="40%" align="right" valign="top">�Chapter�2.�<acronym class="acronym">BIND</acronym> Resource Requirements</td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</tr>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</table>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.0pre-alpha</p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</body>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</html>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews