Bv9ARM.ch01.html revision 14a656f94b1fd0ababd84a772228dfa52276ba15
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
7a2a1b8b14fc804ac80612d7b98064095e445be5Automatic Updater - Copyright (C) 2000-2003 Internet Software Consortium.
1167fc7904c5f0a472f8df207ac46dd52c7f1ec8Automatic Updater - Permission to use, copy, modify, and/or distribute this software for any
0c39b3ed9409ecb277d5e32fa763a4e4d6598df8Automatic Updater - purpose with or without fee is hereby granted, provided that the above
46da3117812814a29432a8d9a9ccf8acdbfdadceAutomatic Updater - copyright notice and this permission notice appear in all copies.
0519188c8e1ae76978fc4e0f799620cd36eba07aAutomatic Updater - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
79b273c187a4aa1016a62181983dfdd0521681aeMark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
90ff38a0d8deaf5f9c2aa5916d99b2e572d28738Automatic Updater - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - PERFORMANCE OF THIS SOFTWARE.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
3cc98b8ecedcbc8465f1cf2740b966b315662430Automatic Updater<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
bbde8dc56605130058a1540609264fa109da3b63Automatic Updater<link rel="prev" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
bbde8dc56605130058a1540609264fa109da3b63Automatic Updater<link rel="next" href="Bv9ARM.ch02.html" title="Chapter�2.�BIND Resource Requirements">
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater<table width="100%" summary="Navigation header">
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<tr><th colspan="3" align="center">Chapter�1.�Introduction</th></tr>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<a accesskey="p" href="Bv9ARM.html">Prev</a>�</td>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch02.html">Next</a>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<div class="titlepage"><div><div><h1 class="title">
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<a name="Bv9ARM.ch01"></a>Chapter�1.�Introduction</h1></div></div></div>
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt<dt><span class="section"><a href="Bv9ARM.ch01.html#id-1.2.4">Scope of Document</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="section"><a href="Bv9ARM.ch01.html#id-1.2.5">Organization of This Document</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="section"><a href="Bv9ARM.ch01.html#id-1.2.6">Conventions Used in This Document</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="section"><a href="Bv9ARM.ch01.html#id-1.2.7">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="section"><a href="Bv9ARM.ch01.html#id-1.2.7.4">DNS Fundamentals</a></span></dt>
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater<dt><span class="section"><a href="Bv9ARM.ch01.html#id-1.2.7.5">Domains and Domain Names</a></span></dt>
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater<dt><span class="section"><a href="Bv9ARM.ch01.html#id-1.2.7.6">Zones</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="section"><a href="Bv9ARM.ch01.html#id-1.2.7.7">Authoritative Name Servers</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="section"><a href="Bv9ARM.ch01.html#id-1.2.7.8">Caching Name Servers</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="section"><a href="Bv9ARM.ch01.html#id-1.2.7.9">Name Servers in Multiple Roles</a></span></dt>
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater The Internet Domain Name System (<acronym class="acronym">DNS</acronym>)
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews consists of the syntax
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater to specify the names of entities in the Internet in a hierarchical
8e9f3b69914ee02a80b87c97b1f8093edb3e9ae0Automatic Updater manner, the rules used for delegating authority over names, and the
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews system implementation that actually maps names to Internet
930f6069e5aa157cf6987cdafd412f5757a5a558Automatic Updater addresses. <acronym class="acronym">DNS</acronym> data is maintained in a
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews group of distributed
930f6069e5aa157cf6987cdafd412f5757a5a558Automatic Updater hierarchical databases.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<div class="titlepage"><div><div><h2 class="title" style="clear: both">
930f6069e5aa157cf6987cdafd412f5757a5a558Automatic Updater<a name="id-1.2.4"></a>Scope of Document</h2></div></div></div>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson The Berkeley Internet Name Domain
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater (<acronym class="acronym">BIND</acronym>) implements a
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater domain name server for a number of operating systems. This
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews document provides basic information about the installation and
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater care of the Internet Systems Consortium (<acronym class="acronym">ISC</acronym>)
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson <acronym class="acronym">BIND</acronym> version 9 software package for
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater system administrators.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson <p>This version of the manual corresponds to BIND version 9.11.</p>
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews<div class="titlepage"><div><div><h2 class="title" style="clear: both">
11af78f7dc35741bdab68dbab11b03daab005b28Automatic Updater<a name="id-1.2.5"></a>Organization of This Document</h2></div></div></div>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont In this document, <span class="emphasis"><em>Chapter 1</em></span> introduces
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater the basic <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym> concepts. <span class="emphasis"><em>Chapter 2</em></span>
8ccd7da886e93cd490fcb6f4c4e98a6514f35820Automatic Updater describes resource requirements for running <acronym class="acronym">BIND</acronym> in various
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont environments. Information in <span class="emphasis"><em>Chapter 3</em></span> is
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <span class="emphasis"><em>task-oriented</em></span> in its presentation and is
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater organized functionally, to aid in the process of installing the
a308b69ac66fadf66863484f301314d6e6a3f1d2Automatic Updater <acronym class="acronym">BIND</acronym> 9 software. The task-oriented
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews section is followed by
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews <span class="emphasis"><em>Chapter 4</em></span>, which contains more advanced
24bf1e02f03577db0feb50b80238c4150c96d05dAutomatic Updater concepts that the system administrator may need for implementing
24bf1e02f03577db0feb50b80238c4150c96d05dAutomatic Updater certain options. <span class="emphasis"><em>Chapter 5</em></span>
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews describes the <acronym class="acronym">BIND</acronym> 9 lightweight
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews resolver. The contents of <span class="emphasis"><em>Chapter 6</em></span> are
a308b69ac66fadf66863484f301314d6e6a3f1d2Automatic Updater organized as in a reference manual to aid in the ongoing
a308b69ac66fadf66863484f301314d6e6a3f1d2Automatic Updater maintenance of the software. <span class="emphasis"><em>Chapter 7</em></span> addresses
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews security considerations, and
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <span class="emphasis"><em>Chapter 8</em></span> contains troubleshooting help. The
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater main body of the document is followed by several
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater <span class="emphasis"><em>appendices</em></span> which contain useful reference
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews information, such as a <span class="emphasis"><em>bibliography</em></span> and
24bf1e02f03577db0feb50b80238c4150c96d05dAutomatic Updater historic information related to <acronym class="acronym">BIND</acronym>
24bf1e02f03577db0feb50b80238c4150c96d05dAutomatic Updater and the Domain Name
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater<div class="titlepage"><div><div><h2 class="title" style="clear: both">
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater<a name="id-1.2.6"></a>Conventions Used in This Document</h2></div></div></div>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson In this document, we use the following general typographic
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater <span class="emphasis"><em>To describe:</em></span>
f132a836c4e386b1af045dd8fe7106ae61b90bffAutomatic Updater <span class="emphasis"><em>We use the style:</em></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater a pathname, filename, URL, hostname,
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater mailing list name, or new term or concept
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater <strong class="userinput"><code>Fixed Width Bold</code></strong>
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater program output
96ea71632887c58a9d00f47eb318bf76b35903c3Mark Andrews <code class="computeroutput">Fixed Width</code>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews The following conventions are used in descriptions of the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <acronym class="acronym">BIND</acronym> configuration file:</p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span class="emphasis"><em>To describe:</em></span>
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater <span class="emphasis"><em>We use the style:</em></span>
dc11390a658e02e1a03accd4dbe14c94fa9de556Automatic Updater Optional input
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews [<span class="optional">Text is enclosed in square brackets</span>]
0b57424d28c9a67018107133f9fbc0a7dcf057e2Mark Andrews<div class="titlepage"><div><div><h2 class="title" style="clear: both">
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater<a name="id-1.2.7"></a>The Domain Name System (<acronym class="acronym">DNS</acronym>)</h2></div></div></div>
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater The purpose of this document is to explain the installation
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater and upkeep of the <acronym class="acronym">BIND</acronym> (Berkeley Internet
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater Name Domain) software package, and we
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater begin by reviewing the fundamentals of the Domain Name System
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater (<acronym class="acronym">DNS</acronym>) as they relate to <acronym class="acronym">BIND</acronym>.
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<div class="titlepage"><div><div><h3 class="title">
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater<a name="id-1.2.7.4"></a>DNS Fundamentals</h3></div></div></div>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews The Domain Name System (DNS) is a hierarchical, distributed
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews database. It stores information for mapping Internet host names to
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews addresses and vice versa, mail routing information, and other data
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews used by Internet applications.
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater Clients look up information in the DNS by calling a
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson <span class="emphasis"><em>resolver</em></span> library, which sends queries to one or
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater more <span class="emphasis"><em>name servers</em></span> and interprets the responses.
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews The <acronym class="acronym">BIND</acronym> 9 software distribution
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews name server, <span class="command"><strong>named</strong></span>, and a resolver
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington library, <span class="command"><strong>liblwres</strong></span>. The older
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span class="command"><strong>libbind</strong></span> resolver library is also available
b13d89bd89878137c81b36a36596cca3920f27a4Automatic Updater from ISC as a separate download.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id-1.2.7.5"></a>Domains and Domain Names</h3></div></div></div>
d6317350b1180aa4517f2e8a92fa8fbcbf904ad8Automatic Updater The data stored in the DNS is identified by <span class="emphasis"><em>domain names</em></span> that are organized as a tree according to
bc0a4c01beede169df81a3ee5b614ed9e82339dbAutomatic Updater organizational or administrative boundaries. Each node of the tree,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington called a <span class="emphasis"><em>domain</em></span>, is given a label. The domain
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington node is the concatenation of all the labels on the path from the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington node to the <span class="emphasis"><em>root</em></span> node. This is represented
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington in written form as a string of labels listed from right to left and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington separated by dots. A label need only be unique within its parent
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington For example, a domain name for a host at the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington company <span class="emphasis"><em>Example, Inc.</em></span> could be
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <code class="literal">ourhost.example.com</code>,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington where <code class="literal">com</code> is the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington top level domain to which
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <code class="literal">ourhost.example.com</code> belongs,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington a subdomain of <code class="literal">com</code>, and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <code class="literal">ourhost</code> is the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington name of the host.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington For administrative purposes, the name space is partitioned into
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington areas called <span class="emphasis"><em>zones</em></span>, each starting at a node and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington extending down to the leaf nodes or to nodes where other zones
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The data for each zone is stored in a <span class="emphasis"><em>name server</em></span>, which answers queries about the zone using the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span class="emphasis"><em>DNS protocol</em></span>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The data associated with each domain name is stored in the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington form of <span class="emphasis"><em>resource records</em></span> (<acronym class="acronym">RR</acronym>s).
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Some of the supported resource record types are described in
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <a class="xref" href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them" title="Types of Resource Records and When to Use Them">the section called “Types of Resource Records and When to Use Them”</a>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington For more detailed information about the design of the DNS and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the DNS protocol, please refer to the standards documents listed in
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <a class="xref" href="Bv9ARM.ch11.html#rfcs" title="Request for Comments (RFCs)">the section called “Request for Comments (RFCs)”</a>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="titlepage"><div><div><h3 class="title">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="id-1.2.7.6"></a>Zones</h3></div></div></div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington To properly operate a name server, it is important to understand
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the difference between a <span class="emphasis"><em>zone</em></span>
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater and a <span class="emphasis"><em>domain</em></span>.
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater As stated previously, a zone is a point of delegation in
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater the <acronym class="acronym">DNS</acronym> tree. A zone consists of
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater those contiguous parts of the domain
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater tree for which a name server has complete information and over which
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater it has authority. It contains all domain names from a certain point
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater downward in the domain tree except those which are delegated to
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater other zones. A delegation point is marked by one or more
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater <span class="emphasis"><em>NS records</em></span> in the
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater parent zone, which should be matched by equivalent NS records at
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater the root of the delegated zone.
0d3490f93bb980fde704055e74c1b508987a5fe4Mark Andrews For instance, consider the <code class="literal">example.com</code>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington domain which includes names
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington such as <code class="literal">host.aaa.example.com</code> and
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington <code class="literal">host.bbb.example.com</code> even though
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington the <code class="literal">example.com</code> zone includes
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews only delegations for the <code class="literal">aaa.example.com</code> and
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <code class="literal">bbb.example.com</code> zones. A zone can
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews exactly to a single domain, but could also include only part of a
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington domain, the rest of which could be delegated to other
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews name servers. Every name in the <acronym class="acronym">DNS</acronym>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span class="emphasis"><em>domain</em></span>, even if it is
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater <span class="emphasis"><em>terminal</em></span>, that is, has no
099b86fb8136a7dff81df85cf395978c16eb254cAutomatic Updater <span class="emphasis"><em>subdomains</em></span>. Every subdomain is a domain and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington every domain except the root is also a subdomain. The terminology is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington not intuitive and we suggest that you read RFCs 1033, 1034 and 1035
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington gain a complete understanding of this difficult and subtle
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Though <acronym class="acronym">BIND</acronym> is called a "domain name
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater it deals primarily in terms of zones. The master and slave
765c97d56ccddc9d7904c7d9ff2e2d825d9687e4Automatic Updater declarations in the <code class="filename">named.conf</code> file
e01f44b37ba11c9d34f4a8394f950efae5c07f33Automatic Updater zones, not domains. When you ask some other site if it is willing to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater be a slave server for your <span class="emphasis"><em>domain</em></span>, you are
c01dec514a81ecf8c17ca3ef8c3ba95e437295ebAutomatic Updater actually asking for slave service for some collection of zones.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id-1.2.7.7"></a>Authoritative Name Servers</h3></div></div></div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Each zone is served by at least
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington one <span class="emphasis"><em>authoritative name server</em></span>,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington which contains the complete data for the zone.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington To make the DNS tolerant of server and network failures,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington most zones have two or more authoritative servers, on
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington different networks.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Responses from authoritative servers have the "authoritative
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington answer" (AA) bit set in the response packets. This makes them
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington easy to identify when debugging DNS configurations using tools like
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span class="command"><strong>dig</strong></span> (<a class="xref" href="Bv9ARM.ch03.html#diagnostic_tools" title="Diagnostic Tools">the section called “Diagnostic Tools”</a>).
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="titlepage"><div><div><h4 class="title">
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews<a name="id-1.2.7.7.5"></a>The Primary Master</h4></div></div></div>
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater The authoritative server where the master copy of the zone
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater data is maintained is called the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span class="emphasis"><em>primary master</em></span> server, or simply the
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater <span class="emphasis"><em>primary</em></span>. Typically it loads the zone
a26b22914b7bf25f065afb8cdef983766dcd672bAutomatic Updater contents from some local file edited by humans or perhaps
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater generated mechanically from some other local file which is
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater edited by humans. This file is called the
79cea03ba823e2d3a34895f0ba91d7fb5ad799e7Automatic Updater <span class="emphasis"><em>zone file</em></span> or
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span class="emphasis"><em>master file</em></span>.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews In some cases, however, the master file may not be edited
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington by humans at all, but may instead be the result of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span class="emphasis"><em>dynamic update</em></span> operations.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="titlepage"><div><div><h4 class="title">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="id-1.2.7.7.6"></a>Slave Servers</h4></div></div></div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The other authoritative servers, the <span class="emphasis"><em>slave</em></span>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington servers (also known as <span class="emphasis"><em>secondary</em></span> servers)
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews the zone contents from another server using a replication process
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington known as a <span class="emphasis"><em>zone transfer</em></span>. Typically the data
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews transferred directly from the primary master, but it is also
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington to transfer it from another slave. In other words, a slave server
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington may itself act as a master to a subordinate slave server.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="titlepage"><div><div><h4 class="title">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="id-1.2.7.7.7"></a>Stealth Servers</h4></div></div></div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Usually all of the zone's authoritative servers are listed in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater NS records in the parent zone. These NS records constitute
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater a <span class="emphasis"><em>delegation</em></span> of the zone from the parent.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The authoritative servers are also listed in the zone file itself,
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater at the <span class="emphasis"><em>top level</em></span> or <span class="emphasis"><em>apex</em></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater of the zone. You can list servers in the zone's top-level NS
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater records that are not in the parent's NS delegation, but you cannot
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater list servers in the parent's delegation that are not present at
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the zone's top level.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater A <span class="emphasis"><em>stealth server</em></span> is a server that is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater authoritative for a zone but is not listed in that zone's NS
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington records. Stealth servers can be used for keeping a local copy of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington zone to speed up access to the zone's records or to make sure that
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington zone is available even if all the "official" servers for the zone
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington inaccessible.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews A configuration where the primary master server itself is a
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews stealth server is often referred to as a "hidden primary"
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington configuration. One use for this configuration is when the primary
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington is behind a firewall and therefore unable to communicate directly
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington with the outside world.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="titlepage"><div><div><h3 class="title">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="id-1.2.7.8"></a>Caching Name Servers</h3></div></div></div>
8ccd7da886e93cd490fcb6f4c4e98a6514f35820Automatic Updater The resolver libraries provided by most operating systems are
8ccd7da886e93cd490fcb6f4c4e98a6514f35820Automatic Updater <span class="emphasis"><em>stub resolvers</em></span>, meaning that they are not
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater performing the full DNS resolution process by themselves by talking
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater directly to the authoritative servers. Instead, they rely on a
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater name server to perform the resolution on their behalf. Such a
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington is called a <span class="emphasis"><em>recursive</em></span> name server; it performs
b4cebdb6ccde66a8f3e397a1b90b0cf788519d69Automatic Updater <span class="emphasis"><em>recursive lookups</em></span> for local clients.
cc5a9ce75af9870f2cb9e2bf00548c2f7e6398d6Automatic Updater To improve performance, recursive servers cache the results of
d630ef2ff74445949a482660938e9fa9da52ca14Automatic Updater the lookups they perform. Since the processes of recursion and
cc5a9ce75af9870f2cb9e2bf00548c2f7e6398d6Automatic Updater caching are intimately connected, the terms
cc5a9ce75af9870f2cb9e2bf00548c2f7e6398d6Automatic Updater <span class="emphasis"><em>recursive server</em></span> and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span class="emphasis"><em>caching server</em></span> are often used synonymously.
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater The length of time for which a record may be retained in
47ff70af9e842bf0f69d209433995216f560fe4aAutomatic Updater the cache of a caching name server is controlled by the
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater Time To Live (TTL) field associated with each resource record.
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater<div class="titlepage"><div><div><h4 class="title">
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater<a name="id-1.2.7.8.6"></a>Forwarding</h4></div></div></div>
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater Even a caching name server does not necessarily perform
9c446b72069d0ab9f710502f4d7048e50875fccbAutomatic Updater the complete recursive lookup itself. Instead, it can
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater <span class="emphasis"><em>forward</em></span> some or all of the queries
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater that it cannot satisfy from its cache to another caching name
9c446b72069d0ab9f710502f4d7048e50875fccbAutomatic Updater commonly referred to as a <span class="emphasis"><em>forwarder</em></span>.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater There may be one or more forwarders,
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater and they are queried in turn until the list is exhausted or an
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater is found. Forwarders are typically used when you do not
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater wish all the servers at a given site to interact directly with the
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater the Internet servers. A typical scenario would involve a number
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater of internal <acronym class="acronym">DNS</acronym> servers and an
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater Internet firewall. Servers unable
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater to pass packets through the firewall would forward to the server
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater that can do it, and that server would query the Internet <acronym class="acronym">DNS</acronym> servers
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater on the internal server's behalf.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater<div class="titlepage"><div><div><h3 class="title">
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater<a name="id-1.2.7.9"></a>Name Servers in Multiple Roles</h3></div></div></div>
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater The <acronym class="acronym">BIND</acronym> name server can
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater simultaneously act as
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater a master for some zones, a slave for other zones, and as a caching
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater (recursive) server for a set of local clients.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater However, since the functions of authoritative name service
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater and caching/recursive name service are logically separate, it is
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater often advantageous to run them on separate server machines.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater A server that only provides authoritative name service
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater (an <span class="emphasis"><em>authoritative-only</em></span> server) can run with
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater recursion disabled, improving reliability and security.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater A server that is not authoritative for any zones and only provides
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater recursive service to local
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater clients (a <span class="emphasis"><em>caching-only</em></span> server)
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater does not need to be reachable from the Internet at large and can
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater be placed inside a firewall.
bf8c3776f1bf1a1270e5e0443ae5a8df022632a8Mark Andrews<table width="100%" summary="Navigation footer">
bf8c3776f1bf1a1270e5e0443ae5a8df022632a8Mark Andrews<a accesskey="p" href="Bv9ARM.html">Prev</a>�</td>
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater<td width="40%" align="right">�<a accesskey="n" href="Bv9ARM.ch02.html">Next</a>
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater<td width="40%" align="left" valign="top">BIND 9 Administrator Reference Manual�</td>
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
75333ed9bf283dc5f93deea43460149937402985Automatic Updater<td width="40%" align="right" valign="top">�Chapter�2.�<acronym class="acronym">BIND</acronym> Resource Requirements</td>
40072ce70bc4125329addb4aaa56d18a1230bc17Automatic Updater<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.0pre-alpha</p>