Bv9ARM.ch01.html revision 116dd27475e0521a033139ad5ac2355cf4b3e29b
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Introduction </TITLE
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="GENERATOR"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCONTENT="Modular DocBook HTML Stylesheet Version 1.64
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinTITLE="BIND 9 Administrator Reference Manual"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinREL="PREVIOUS"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinTITLE="BIND 9 Administrator Reference Manual"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinTITLE="BIND Resource Requirements"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="chapter"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinBGCOLOR="#FFFFFF"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinTEXT="#000000"
e21a2904f02a03fa06b6db04d348f65fe9c67b2bMark AndrewsLINK="#0000FF"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVLINK="#840084"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinALINK="#0000FF"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="NAVHEADER"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCELLPADDING="0"
71c66a876ecca77923638d3f94cc0783152b2f03Mark AndrewsCELLSPACING="0"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinALIGN="center"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>BIND 9 Administrator Reference Manual</TH
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="bottom"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinALIGN="center"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="bottom"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinALIGN="right"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterVALIGN="bottom"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterCLASS="chapter"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater>Chapter 1. Introduction </A
98b5a9d1099f72169c90de39712fc4f63e9d990eAutomatic Updater>Table of Contents</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Scope of Document</A
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater>Organization of This Document</A
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater>Conventions Used in This Document</A
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater>The Domain Name System (<SPAN
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The Internet Domain Name System (<SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews>) consists of the syntax
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein to specify the names of entities in the Internet in a hierarchical
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews manner, the rules used for delegating authority over names, and the
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews system implementation that actually maps names to Internet
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein addresses. <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> data is maintained in a group of distributed
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein hierarchical databases.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect1"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect1"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>1.1. Scope of Document</A
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews>The Berkeley Internet Name Domain (<SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>) implements an
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein domain name server for a number of operating systems. This
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein document provides basic information about the installation and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein care of the Internet Software Consortium (<SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> version 9 software package for system
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein administrators.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>This version of the manual corresponds to BIND version 9.2.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect1"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect1"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>1.2. Organization of This Document</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>In this document, <I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Section 1</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the basic <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> concepts. <I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>Section 2</I
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews describes resource requirements for running <SPAN
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="acronym"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews environments. Information in <I
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="emphasis"
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews>Section 3</I
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="emphasis"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>task-oriented</I
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews> in its presentation and is
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews organized functionally, to aid in the process of installing the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> 9 software. The task-oriented section is followed by
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Section 4</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>, which contains more advanced
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein concepts that the system administrator may need for implementing
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein certain options. <I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Section 5</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein describes the <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> 9 lightweight
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein resolver. The contents of <I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Section 6</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein organized as in a reference manual to aid in the ongoing
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein maintenance of the software. <I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>addresses security considerations, and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Section 8</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> contains troubleshooting help. The
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein main body of the document is followed by several
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Appendices</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> which contain useful reference
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein information, such as a <I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Bibliography</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein historic information related to <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> and the Domain Name
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect1"
ceeb18e6907a10547859faa340ecad83bedae90cMark AndrewsCLASS="sect1"
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews>1.3. Conventions Used in This Document</A
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews>In this document, we use the following general typographic
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews conventions:</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="informaltable"
ceeb18e6907a10547859faa340ecad83bedae90cMark AndrewsCELLPADDING="3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="CALSTABLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>We use the style:</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>a pathname, filename, URL, hostname,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinmailing list name, or new term or concept</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Fixed width</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews>literal user
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Fixed Width Bold</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>program output</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="computeroutput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Fixed Width</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The following conventions are used in descriptions of the
b05bdb520d83f7ecaad708fe305268c3420be01dMark AndrewsCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> configuration file:<DIV
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="informaltable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCELLPADDING="3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="CALSTABLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterCLASS="emphasis"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterVALIGN="MIDDLE"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterCLASS="emphasis"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater>We use the style:</I
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Fixed Width</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>variables</P
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsVALIGN="MIDDLE"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="varname"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Fixed Width</TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Optional input</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="MIDDLE"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="optional"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Text is enclosed in square brackets</SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect1"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect1"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN105"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>1.4. The Domain Name System (<SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The purpose of this document is to explain the installation
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinand upkeep of the <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> software package, and we
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinbegin by reviewing the fundamentals of the Domain Name System
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>) as they relate to <SPAN
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>1.4.1. DNS Fundamentals</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The Domain Name System (DNS) is the hierarchical, distributed
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrewsdatabase. It stores information for mapping Internet host names to IP
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrewsaddresses and vice versa, mail routing information, and other data
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinused by Internet applications.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Clients look up information in the DNS by calling a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> library, which sends queries to one or
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>name servers</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> and interprets the responses.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>BIND 9</SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> software distribution contains both a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinname server and a resolver library.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN119"
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews>1.4.2. Domains and Domain Names</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The data stored in the DNS is identified by <I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews> that are organized as a tree according to
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrewsorganizational or administrative boundaries. Each node of the tree,
4556ad3a270bf049b3225433a402666aaffe3c36Mark AndrewsCLASS="emphasis"
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews>, is given a label. The domain name of the
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrewsnode is the concatenation of all the labels on the path from the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinnode to the <I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
035992291cb70ec3be4046fcea921b4a6acb1c77Mark Andrews> node. This is represented
035992291cb70ec3be4046fcea921b4a6acb1c77Mark Andrewsin written form as a string of labels listed from right to left and
035992291cb70ec3be4046fcea921b4a6acb1c77Mark Andrewsseparated by dots. A label need only be unique within its parent
035992291cb70ec3be4046fcea921b4a6acb1c77Mark Andrews>For example, a domain name for a host at the
035992291cb70ec3be4046fcea921b4a6acb1c77Mark AndrewsCLASS="emphasis"
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews>Example, Inc.</I
035992291cb70ec3be4046fcea921b4a6acb1c77Mark AndrewsCLASS="literal"
035992291cb70ec3be4046fcea921b4a6acb1c77Mark AndrewsCLASS="literal"
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updatertop level domain to which
4556ad3a270bf049b3225433a402666aaffe3c36Mark AndrewsCLASS="literal"
4556ad3a270bf049b3225433a402666aaffe3c36Mark AndrewsCLASS="literal"
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrewsa subdomain of <TT
4556ad3a270bf049b3225433a402666aaffe3c36Mark AndrewsCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinname of the host.</P
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater>For administrative purposes, the name space is partitioned into
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinareas called <I
71c66a876ecca77923638d3f94cc0783152b2f03Mark AndrewsCLASS="emphasis"
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews>, each starting at a node and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinextending down to the leaf nodes or to nodes where other zones start.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinThe data for each zone is stored in a <I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater>, which answers queries about the zone using the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews>DNS protocol</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The data associated with each domain name is stored in the
71c66a876ecca77923638d3f94cc0783152b2f03Mark AndrewsCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>resource records</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic UpdaterSome of the supported resource record types are described in
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark AndrewsHREF="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them"
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews>Section 6.3.1</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>For more detailed information about the design of the DNS and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe DNS protocol, please refer to the standards documents listed in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Section A.4.1</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN143"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>1.4.3. Zones</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>To properly operate a name server, it is important to understand
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe difference between a <I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>As we stated previously, a zone is a point of delegation in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> tree. A zone consists of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthose contiguous parts of the domain
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeintree for which a a name server has complete information and over which
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceit has authority. It contains all domain names from a certain point
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedownward in the domain tree except those which are delegated to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinother zones. A delegation point is marked by one or more
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>NS records</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinparent zone, which should be matched by equivalent NS records at
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe root of the delegated zone.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>For instance, consider the <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeindomain which includes names
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> even though
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> zone includes
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinonly delegations for the <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="literal"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> zones. A zone can map
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinexactly to a single domain, but could also include only part of a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeindomain, the rest of which could be delegated to other
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinname servers. Every name in the <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>, even if it is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>, that is, has no
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>subdomains</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>. Every subdomain is a domain and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinevery domain except the root is also a subdomain. The terminology is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinnot intuitive and we suggest that you read RFCs 1033, 1034 and 1035 to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeingain a complete understanding of this difficult and subtle
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Though <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> is called a "domain name server",
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinit deals primarily in terms of zones. The master and slave
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeindeclarations in the <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> file specify
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinzones, not domains. When you ask some other site if it is willing to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinbe a slave server for your <I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinactually asking for slave service for some collection of zones.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN166"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>1.4.4. Authoritative Name Servers</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Each zone is served by at least
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>authoritative name server</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinwhich contains the complete data for the zone.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinTo make the DNS tolerant of server and network failures,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinmost zones have two or more authoritative servers.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Responses from authoritative servers have the "authoritative
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinanswer" (AA) bit set in the response packets. This makes them
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeineasy to identify when debugging DNS configurations using tools like
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinHREF="Bv9ARM.ch03.html#diagnostic_tools"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Section 3.4.1.1</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN173"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>1.4.4.1. The Primary Master</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> The authoritative server where the master copy of the zone data is maintained is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeincalled the <I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>primary master</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> server, or simply the
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark AndrewsCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>. It loads the zone contents from some
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinlocal file edited by humans or perhaps generated mechanically from
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinsome other local file which is edited by humans. This file is called
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>zone file</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>master file</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN180"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>1.4.4.2. Slave Servers</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The other authoritative servers, the <I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinservers (also known as <I
c6d486af36165da7eb970354981d145249e342e4Mark AndrewsCLASS="emphasis"
c6d486af36165da7eb970354981d145249e342e4Mark Andrews>secondary</I
c6d486af36165da7eb970354981d145249e342e4Mark Andrews> servers) load
c6d486af36165da7eb970354981d145249e342e4Mark Andrewsthe zone contents from another server using a replication process
c6d486af36165da7eb970354981d145249e342e4Mark Andrewsknown as a <I
c6d486af36165da7eb970354981d145249e342e4Mark AndrewsCLASS="emphasis"
c6d486af36165da7eb970354981d145249e342e4Mark Andrews>zone transfer</I
c6d486af36165da7eb970354981d145249e342e4Mark Andrews>. Typically the data are
c6d486af36165da7eb970354981d145249e342e4Mark Andrewstransferred directly from the primary master, but it is also possible
c6d486af36165da7eb970354981d145249e342e4Mark Andrewsto transfer it from another slave. In other words, a slave server
c6d486af36165da7eb970354981d145249e342e4Mark Andrewsmay itself act as a master to a subordinate slave server.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN186"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>1.4.4.3. Stealth Servers</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Usually all of the zone's authoritative servers are listed in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNS records in the parent zone. These NS records constitute
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>delegation</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> of the zone from the parent.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinThe authoritative servers are also listed in the zone file itself,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>top level</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinof the zone. You can list servers in the zone's top-level NS
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinrecords that are not in the parent's NS delegation, but you cannot
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinlist servers in the parent's delegation that are not present at
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe zone's top level.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>stealth server</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> is a server that is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinauthoritative for a zone but is not listed in that zone's NS
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinrecords. Stealth servers can be used for keeping a local copy of a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinzone to speed up access to the zone's records or to make sure that the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinzone is available even if all the "official" servers for the zone are
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeininaccessible.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>A configuration where the primary master server itself is a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinstealth server is often referred to as a "hidden primary"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinconfiguration. One use for this configuration is when the primary master
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinis behind a firewall and therefore unable to communicate directly
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinwith the outside world.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsNAME="AEN195"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>1.4.5. Caching Name Servers</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The resolver libraries provided by most operating systems are
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>stub resolvers</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>, meaning that they are not capable of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinperforming the full DNS resolution process by themselves by talking
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeindirectly to the authoritative servers. Instead, they rely on a local
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinname server to perform the resolution on their behalf. Such a server
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinis called a <I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>recursive</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> name server; it performs
4556ad3a270bf049b3225433a402666aaffe3c36Mark AndrewsCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>recursive lookups</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> for local clients.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>To improve performance, recursive servers cache the results of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe lookups they perform. Since the processes of recursion and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeincaching are intimately connected, the terms
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>recursive server</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>caching server</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> are often used synonymously.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The length of time for which a record may be retained in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinin the cache of a caching name server is controlled by the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinTime To Live (TTL) field associated with each resource record.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect3"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN205"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>1.4.5.1. Forwarding</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Even a caching name server does not necessarily perform
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe complete recursive lookup itself. Instead, it can
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> some or all of the queries
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthat it cannot satisfy from its cache to another caching name server,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeincommonly referred to as a <I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>forwarder</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>There may be one or more forwarders,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinand they are queried in turn until the list is exhausted or an answer
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinis found. Forwarders are typically used when you do not
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinwish all the servers at a given site to interact directly with the rest of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe Internet servers. A typical scenario would involve a number
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinof internal <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> servers and an Internet firewall. Servers unable
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinto pass packets through the firewall would forward to the server
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthat can do it, and that server would query the Internet <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinon the internal server's behalf. An added benefit of using the forwarding
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinfeature is that the central machine develops a much more complete
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeincache of information that all the clients can take advantage
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsNAME="AEN213"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>1.4.6. Name Servers in Multiple Roles</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> name server can simultaneously act as
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeina master for some zones, a slave for other zones, and as a caching
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein(recursive) server for a set of local clients.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>However, since the functions of authoritative name service
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewsand caching/recursive name service are logically separate, it is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinoften advantageous to run them on separate server machines.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinA server that only provides authoritative name service
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>authoritative-only</I
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews> server) can run with
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewsrecursion disabled, improving reliability and security.
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark AndrewsA server that is not authoritative for any zones and only provides
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewsrecursive service to local
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewsclients (a <I
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>caching-only</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeindoes not need to be reachable from the Internet at large and can
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewsbe placed inside a firewall.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="NAVFOOTER"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCELLPADDING="0"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCELLSPACING="0"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinALIGN="center"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsALIGN="right"
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews>BIND 9 Administrator Reference Manual</TD
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinALIGN="center"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsALIGN="right"
71c66a876ecca77923638d3f94cc0783152b2f03Mark AndrewsCLASS="acronym"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews> Resource Requirements</TD