<HTML

><HEAD

><TITLE

>Introduction </TITLE

><META

CONTENT="Modular DocBook HTML Stylesheet Version 1.41"><LINK

HREF="Bv9ARM.html"><LINK

HREF="Bv9ARM.html"><LINK

HREF="Bv9ARM.ch02.html"></HEAD

><BODY

><DIV

><TABLE

><TR

><TH

></TH

></TR

><TR

><TD

><A

>Prev</A

></TD

><TD

></TD

><TD

><A

>Next</A

></TD

></TR

></TABLE

><HR

WIDTH="100%"></DIV

><DIV

><H1

><A

>Chapter 1. Introduction </A

></H1

><DIV

><DL

><DT

><B

>Table of Contents</B

></DT

><DT

>1.1. <A

>Scope of Document</A

></DT

><DT

>1.2. <A

>Organization of This Document</A

></DT

><DT

>1.3. <A

>Conventions Used in This Document</A

></DT

><DT

>1.4. <A

>Discussion of Domain Name System (<SPAN

>DNS</SPAN

>) Basics and

<SPAN

>BIND</SPAN

></A

></DT

></DL

></DIV

><P

>The Internet Domain Name System (<SPAN

>DNS</SPAN

>) consists of the syntax

to specify the names of entities in the Internet in a hierarchical

manner, the rules used for delegating authority over names, and the

system implementation that actually maps names to Internet

addresses. <SPAN

>DNS</SPAN

> data is maintained in a group of distributed

hierarchical databases.</P

><DIV

><H1

><A

>1.1. Scope of Document</A

></H1

><P

>The Berkeley Internet Name Domain (<SPAN

>BIND</SPAN

>) implements an

Internet nameserver for a number of operating systems. This

document provides basic information about the installation and

care of the Internet Software Consortium (<SPAN

>ISC</SPAN

>) <SPAN

>BIND</SPAN

> version 9

software package for system administrators.</P

></DIV

><DIV

><H1

><A

>1.2. Organization of This Document</A

></H1

><P

>In this document, <I

>Section 1</I

> introduces

the basic <SPAN

>DNS</SPAN

> and <SPAN

>BIND</SPAN

> concepts. <I

>Section 2</I

>

describes resource requirements for running <SPAN

>BIND</SPAN

> in various

environments. Information in <I

>Section 3</I

> is

<I

>task-oriented</I

> in its presentation and is

organized functionally, to aid in the process of installing the

<SPAN

>BIND</SPAN

> 9 software. The task-oriented section is followed by

<I

>Section 4</I

>, which contains more advanced

concepts that the system administrator may need for implementing

certain options. Section 5 describes the <SPAN

>BIND</SPAN

> 9 lightweight

resolver. The contents of <I

>Section 6</I

> are

organized as in a reference manual to aid in the ongoing

maintenance of the software. <I

>Section 7

</I

>addresses security considerations, and

<I

>Section 8</I

> contains troubleshooting help. The

main body of the document is followed by several

<I

>Appendices</I

> which contain useful reference

information, such as a <I

>Bibliography</I

> and

historic information related to <SPAN

>BIND</SPAN

> and the Domain Name

System.</P

></DIV

><DIV

><H1

><A

>1.3. Conventions Used in This Document</A

></H1

><P

>In this document, we use the following general typographic

conventions:</P

><DIV

><P

></P

><TABLE

><TR

><TD

>&#13;<P

><I

>To

describe:</I

></P

></TD

><TD

>&#13;<P

><I

>We use the style:</I

></P

></TD

></TR

><TR

><TD

>&#13;<P

>a pathname, filename, URL, hostname,

mailing list name, or new term or concept</P

></TD

><TD

><P

><TT

>Italic</TT

></P

></TD

></TR

><TR

><TD

><P

>literal user

input</P

></TD

><TD

><P

><TT

><B

>Fixed Width Bold</B

></TT

></P

></TD

></TR

><TR

><TD

><P

>variable user

input</P

></TD

><TD

><P

>[<SPAN

>Fixed Width Italic</SPAN

>]</P

></TD

></TR

><TR

><TD

><P

>program output</P

></TD

><TD

><P

><TT

>Fixed Width Bold</TT

></P

></TD

></TR

></TABLE

><P

></P

></DIV

><P

>The following conventions are used in descriptions of the

<SPAN

>BIND</SPAN

> configuration file:<DIV

><P

></P

><TABLE

><TR

><TD

><P

><I

>To

describe:</I

></P

></TD

><TD

><P

><I

>We use the style:</I

></P

></TD

></TR

><TR

><TD

><P

>keywords</P

></TD

><TD

><P

><TT

>Sans Serif Bold</TT

></P

></TD

></TR

><TR

><TD

><P

>variables</P

></TD

><TD

><P

><TT

>Sans Serif Italic</TT

></P

></TD

></TR

><TR

><TD

><P

>"meta-syntactic"

information (within brackets when optional)</P

></TD

><TD

><P

>[<SPAN

>Fixed Width Italic</SPAN

>]</P

></TD

></TR

><TR

><TD

><P

>Command line

input</P

></TD

><TD

><P

><TT

><B

>Fixed Width Bold</B

></TT

></P

></TD

></TR

><TR

><TD

><P

>Program output</P

></TD

><TD

><P

><TT

>Fixed Width</TT

></P

></TD

></TR

><TR

><TD

><P

>Optional input</P

></TD

><TD

><P

>[<SPAN

>Text is enclosed in square brackets</SPAN

>]</P

></TD

></TR

></TABLE

><P

></P

></DIV

></P

></DIV

><DIV

><H1

><A

>1.4. Discussion of Domain Name System (<SPAN

>DNS</SPAN

>) Basics and

<SPAN

>BIND</SPAN

></A

></H1

><P

>The purpose of this document is to explain the installation

and basic upkeep of the <SPAN

>BIND</SPAN

> software package, and we begin by reviewing

the fundamentals of the domain naming system as they relate to <SPAN

>BIND</SPAN

>.

<SPAN

>BIND</SPAN

> consists of a <I

>nameserver</I

> (or "daemon")

called <B

>named</B

> and a <B

>resolver</B

> library.

The <SPAN

>BIND</SPAN

> server runs in the background, servicing queries on a well

known network port. The standard port for the User Datagram Protocol

(UDP) and Transmission Control Protocol (TCP), usually port 53,

is specified in<B

> </B

><TT

>/etc/services</TT

>.

The <I

>resolver</I

> is a set of routines residing

in a system library that provides the interface that programs can

use to access the domain name services.</P

><DIV

><H2

><A

>1.4.1. Nameservers</A

></H2

><P

>A nameserver (NS) is a program that stores information about

named resources and responds to queries from programs called <I

>resolvers</I

> which

act as client processes. The basic function of an NS is to provide

information about network objects by answering queries.</P

><P

>With the nameserver, the network can be broken into a hierarchy

of domains. The name space is organized as a tree according to organizational

or administrative boundaries. Each node of the tree, called a domain,

is given a label. The name of the domain is the concatenation of

all the labels of the domains from the root to the current domain.

This is represented in written form as a string of labels listed

from right to left and separated by dots. A label need only be unique

within its domain. The whole name space is partitioned into areas

called <I

>zones</I

>, each starting at a domain and

extending down to the leaf domains or to domains where other zones

start. Zones usually represent administrative boundaries. For example,

a domain name for a host at the company <I

>Example, Inc.</I

> would

be:</P

><P

><SPAN

>ourhost.example.com</SPAN

></P

><P

>where <SPAN

>com</SPAN

> is the top level domain to which <SPAN

>ourhost.example.com</SPAN

> belongs, <SPAN

>example</SPAN

> is

a subdomain of <SPAN

>com</SPAN

>, and <SPAN

>ourhost</SPAN

> is the

name of the host.</P

><P

>The specifications for the domain nameserver are defined in

the RFC 1034, RFC 1035 and RFC 974. These documents can be found

in

<TT

>/usr/src/etc/named/doc</TT

> in 4.4BSD or are available

via File Transfer Protocol (FTP) from

<A

>ftp://www.isi.edu/in-notes/</A

> or via the Web at <A

>http://www.ietf.org/rfc/</A

>.

(See Appendix C for complete information on finding and retrieving

RFCs.) It is also recommended that you read the related man pages: <B

>named</B

> and <B

>resolver</B

>.</P

></DIV

><DIV

><H2

><A

>1.4.2. Types of Zones</A

></H2

><P

>As we stated previously, a zone is a point of delegation in

the <SPAN

>DNS</SPAN

> tree. A zone consists of those contiguous parts of the domain

tree for which a domain server has complete information and over which

it has authority. It contains all domain names from a certain point

downward in the domain tree except those which are delegated to

other zones. A delegation point has one or more NS records in the

parent zone, which should be matched by equivalent NS records at

the root of the delegated zone.</P

><P

>To properly operate a nameserver, it is important to understand

the difference between a <I

>zone</I

> and a <I

>domain</I

>.</P

><P

>For instance, consider the <SPAN

>example.com</SPAN

> domain

which includes names such as <SPAN

>host.aaa.example.com </SPAN

>and <SPAN

>host.bbb.example.com</SPAN

> even

though the <SPAN

>example.com</SPAN

> zone includes only delegations

for the <SPAN

>aaa.example.com</SPAN

> and <SPAN

>bbb.example.com</SPAN

> zones.

A zone can map exactly to a single domain, but could also include

only part of a domain, the rest of which could be delegated to other

nameservers. Every name in the <SPAN

>DNS</SPAN

> tree is a <I

>domain</I

>,

even if it is <I

>terminal</I

>, that is, has no <I

>subdomains</I

>.

Every subdomain is a domain and every domain except the root is

also a subdomain. The terminology is not intuitive and we suggest

that you read RFCs 1033, 1034 and 1035 to gain a complete understanding

of this difficult and subtle topic.</P

><P

>Though <SPAN

>BIND</SPAN

> is a Domain Nameserver, it deals primarily in

terms of zones. The master and slave declarations in the <TT

>named.conf</TT

> file

specify zones, not domains. When you ask some other site if it is willing

to be a slave server for your <I

>domain</I

>, you are

actually asking for slave service for some collection of zones.</P

><P

>Each zone will have one <I

>primary master</I

> (also

called <I

>primary</I

>) server which loads the zone

contents from some local file edited by humans or perhaps generated

mechanically from some other local file which is edited by humans.

There there will be some number of <I

>slave</I

> (also

called <I

>secondary) </I

>servers, which load the zone

contents using the <SPAN

>DNS</SPAN

> protocol (that is, the secondary servers

will contact the primary and fetch the zone data using TCP). This

set of servers &#8212; the primary and all of its secondaries &#8212; should be

listed in the NS records in the parent zone and will constitute a <I

>delegation</I

>.

This set of servers must also be listed in the zone file itself,

usually under the <B

>@</B

> name which indicates the <I

>top

level</I

> or <I

>root</I

> of the current zone.

You can list servers in the zone's top-level <B

>@</B

> NS

records that are not in the parent's NS delegation, but you cannot

list servers in the parent's delegation that are not present in

the zone's <B

>@</B

>.</P

><P

>Any servers listed in the NS records must be configured as <I

>authoritative</I

> for

the zone. A server is authoritative for a zone when it has been

configured to answer questions for that zone with authority, which

it does by setting the "authoritative answer" (AA) bit in reply

packets. A server may be authoritative for more than one zone. The

authoritative data for a zone is composed of all of the Resource

Records (RRs) &#8212; the data associated with names in a tree-structured

name space &#8212; attached to all of the nodes from the top node of the

zone down to leaf nodes or nodes above cuts around the bottom edge

of the zone.</P

><P

>Adding a zone as a type master or type slave will tell the

server to answer questions for the zone authoritatively. If the

server is able to load the zone into memory without any errors it

will set the AA bit when it replies to queries for the zone. See

RFCs 1034 and 1035 for more information about the AA bit.</P

></DIV

><DIV

><H2

><A

>1.4.3. Servers</A

></H2

><P

>A <SPAN

>DNS</SPAN

> server can be master for some zones and slave for others

or can be only a master, or only a slave, or can serve no zones

and just answer queries via its <I

>cache</I

>. Master

servers are often also called <I

>primaries</I

> and

slave servers are often also called <I

>secondaries</I

>.

Both master/primary and slave/secondary servers are authoritative

for a zone.</P

><P

>All servers keep data in their cache until the data expires,

based on a Time To Live (TTL) field which is maintained for all

resource records.</P

><DIV

><H3

><A

>1.4.3.1. Master Server</A

></H3

><P

>The <I

>primary master server</I

> is the ultimate

source of information about a domain. The primary master is an authoritative

server configured to be the source of zone transfer for one or more

secondary servers. The primary master server obtains data for the

zone from a file on disk.</P

></DIV

><DIV

><H3

><A

>1.4.3.2. Slave Server</A

></H3

><P

>A <I

>slave server</I

>, also called a <I

>secondary

server</I

>, is an authoritative server that uses zone transfers from

the primary master server to retrieve the zone data. Optionally,

the slave server obtains zone data from a cache on disk. Slave servers

provide necessary redundancy. All secondary/slave servers are named

in the NS RRs for the zone.</P

></DIV

><DIV

><H3

><A

>1.4.3.3. Caching Only Server</A

></H3

><P

>Some servers are <I

>caching only servers</I

>.

This means that the server caches the information that it receives

and uses it until the data expires. A caching only server is a server

that is not authoritative for any zone. This server services queries

and asks other servers, who have the authority, for the information

it needs.</P

></DIV

><DIV

><H3

><A

>1.4.3.4. Forwarding Server</A

></H3

><P

>Instead of interacting with the nameservers for the root and

other domains, a <I

>forwarding server</I

> always forwards

queries it cannot satisfy from its authoritative data or cache to

a fixed list of other servers. The forwarded queries are also known

as <I

>recursive queries</I

>, the same type as a client would

send to a server. There may be one or more servers forwarded to,

and they are queried in turn until the list is exhausted or an answer

is found. A forwarding server is typically used when you do not

wish all the servers at a given site to interact with the rest of

the Internet servers. A typical scenario would involve a number

of internal <SPAN

>DNS</SPAN

> servers and an Internet firewall. Servers unable

to pass packets through the firewall would forward to the server

that can do it, and that server would query the Internet <SPAN

>DNS</SPAN

> servers

on the internal server's behalf. An added benefit of using the forwarding

feature is that the central machine develops a much more complete

cache of information that all the workstations can take advantage

of.</P

><P

>There is no prohibition against declaring a server to be a

forwarder even though it has master and/or slave zones as well;

the effect will still be that anything in the local server's cache

or zones will be answered, and anything else will be forwarded using

the forwarders list.</P

></DIV

><DIV

><H3

><A

>1.4.3.5. Stealth Server</A

></H3

><P

>A <I

>stealth server</I

> is a server that answers

authoritatively for a zone, but is not listed in that zone's NS

records. Stealth servers can be used as a way to centralize distribution

of a zone, without having to edit the zone on a remote nameserver.

Where the master file for a zone resides on a stealth server in

this way, it is often referred to as a "hidden primary" configuration.

Stealth servers can also be a way to keep a local copy of a zone

for rapid access to the zone's records, even if all "official" nameservers

for the zone are inaccessible.</P

></DIV

></DIV

></DIV

></DIV

><DIV

><HR

WIDTH="100%"><TABLE

><TR

><TD

><A

>Prev</A

></TD

><TD

><A

>Home</A

></TD

><TD

><A

>Next</A

></TD

></TR

><TR

><TD

></TD

><TD

>&nbsp;</TD

><TD

><SPAN

>BIND</SPAN

> Resource Requirements</TD

></TR

></TABLE

></DIV

></BODY

></HTML

>