doc/arm/Bv9ARM.ch03.html

d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<!--
71cef386fae61275b03e203825680b39fedaa8c6Tinderbox User - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein -
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - This Source Code Form is subject to the terms of the Mozilla Public
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - License, v. 2.0. If a copy of the MPL was not distributed with this
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - file, You can obtain one at http://mozilla.org/MPL/2.0/.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein-->
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews<html lang="en">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<head>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<title>Chapter�3.�Name Server Configuration</title>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="prev" href="Bv9ARM.ch02.html" title="Chapter�2.�BIND Resource Requirements">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="next" href="Bv9ARM.ch04.html" title="Chapter�4.�Advanced DNS Features">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</head>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="navheader">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<table width="100%" summary="Navigation header">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr><th colspan="3" align="center">Chapter�3.�Name Server Configuration</th></tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="left">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a accesskey="p" href="Bv9ARM.ch02.html">Prev</a>�</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<th width="60%" align="center">�</th>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch04.html">Next</a>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</table>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<hr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="chapter">
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="titlepage"><div><div><h1 class="title">
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<a name="Bv9ARM.ch03"></a>Chapter�3.�Name Server Configuration</h1></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="toc">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p><b>Table of Contents</b></p>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<dl class="toc">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="section"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd><dl>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<dt><span class="section"><a href="Bv9ARM.ch03.html#cache_only_sample">A Caching-only Name Server</a></span></dt>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<dt><span class="section"><a href="Bv9ARM.ch03.html#auth_only_sample">An Authoritative-only Name Server</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dl></dd>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<dt><span class="section"><a href="Bv9ARM.ch03.html#load_balancing">Load Balancing</a></span></dt>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<dt><span class="section"><a href="Bv9ARM.ch03.html#ns_operations">Name Server Operations</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd><dl>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<dt><span class="section"><a href="Bv9ARM.ch03.html#tools">Tools for Use With the Name Server Daemon</a></span></dt>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<dt><span class="section"><a href="Bv9ARM.ch03.html#signals">Signals</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dl></dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dl>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    <p>
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater      In this chapter we provide some suggested configurations along
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      with guidelines for their use.  We suggest reasonable values for
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      certain option settings.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    <div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h2 class="title" style="clear: both">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="sample_configuration"></a>Sample Configurations</h2></div></div></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      <div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<a name="cache_only_sample"></a>A Caching-only Name Server</h3></div></div></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User        <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          The following sample configuration is appropriate for a caching-only
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          name server for use by clients internal to a corporation.  All
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          queries
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          from outside clients are refused using the <span class="command"><strong>allow-query</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          option.  Alternatively, the same effect could be achieved using
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          suitable
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          firewall rules.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<pre class="programlisting">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein// Two corporate subnets we wish to allow queries from.
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafssonacl corpnets { 192.168.4.0/24; 192.168.7.0/24; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceoptions {
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater     // Working directory
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater     directory "/etc/namedb";
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson     allow-query { corpnets; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce};
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater// Provide a reverse mapping for the loopback
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater// address 127.0.0.1
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucezone "0.0.127.in-addr.arpa" {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce     type master;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce     file "localhost.rev";
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce     notify no;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce};
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</pre>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      </div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      <div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<a name="auth_only_sample"></a>An Authoritative-only Name Server</h3></div></div></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User        <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          This sample configuration is for an authoritative-only server
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          that is the master server for "<code class="filename">example.com</code>"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          and a slave for the subdomain "<code class="filename">eng.example.com</code>".
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<pre class="programlisting">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinoptions {
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater     // Working directory
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater     directory "/etc/namedb";
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater     // Do not allow access to cache
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater     allow-query-cache { none; };
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater     // This is the default
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater     allow-query { any; };
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater     // Do not provide recursive service
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater     recursion no;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce};
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater// Provide a reverse mapping for the loopback
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater// address 127.0.0.1
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucezone "0.0.127.in-addr.arpa" {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce     type master;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce     file "localhost.rev";
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce     notify no;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce};
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce// We are the master server for example.com
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucezone "example.com" {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce     type master;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce     file "example.com.db";
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater     // IP addresses of slave servers allowed to
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater     // transfer example.com
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce     allow-transfer {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce          192.168.4.14;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce          192.168.5.53;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce     };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce};
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce// We are a slave server for eng.example.com
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucezone "eng.example.com" {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce     type slave;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce     file "eng.example.com.bk";
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce     // IP address of eng.example.com master server
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce     masters { 192.168.4.12; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce};
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</pre>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      </div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    </div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    <div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h2 class="title" style="clear: both">
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<a name="load_balancing"></a>Load Balancing</h2></div></div></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        A primitive form of load balancing can be achieved in
1224c3b69b3d18f7127aa042644936af25a2d679Mark Andrews        the <acronym class="acronym">DNS</acronym> by using multiple records
1224c3b69b3d18f7127aa042644936af25a2d679Mark Andrews        (such as multiple A records) for one name.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        For example, if you have three WWW servers with network addresses
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        of 10.0.0.1, 10.0.0.2 and 10.0.0.3, a set of records such as the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        following means that clients will connect to each machine one third
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        of the time:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      <div class="informaltable">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User        <table border="1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<colgroup>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<col width="0.875in" class="1">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<col width="0.500in" class="2">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<col width="0.750in" class="3">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<col width="0.750in" class="4">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<col width="2.028in" class="5">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</colgroup>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tbody>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  Name
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  TTL
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  CLASS
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  TYPE
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  Resource Record (RR) Data
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="literal">www</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="literal">600</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="literal">IN</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="literal">A</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="literal">10.0.0.1</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p></p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="literal">600</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="literal">IN</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="literal">A</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="literal">10.0.0.2</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p></p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="literal">600</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="literal">IN</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="literal">A</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="literal">10.0.0.3</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tbody>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User</table>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      </div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      <p>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews        When a resolver queries for these records, <acronym class="acronym">BIND</acronym> will rotate
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        them and respond to the query with the records in a different
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        order.  In the example above, clients will randomly receive
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        records in the order 1, 2, 3; 2, 3, 1; and 3, 1, 2. Most clients
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        will use the first record returned and discard the rest.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        For more detail on ordering responses, check the
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt        <span class="command"><strong>rrset-order</strong></span> sub-statement in the
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt        <span class="command"><strong>options</strong></span> statement, see
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt        <a class="xref" href="Bv9ARM.ch06.html#rrset_ordering" title="RRset Ordering">RRset Ordering</a>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    </div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    <div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h2 class="title" style="clear: both">
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<a name="ns_operations"></a>Name Server Operations</h2></div></div></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      <div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<a name="tools"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User        <p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          This section describes several indispensable diagnostic,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          administrative and monitoring tools available to the system
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          administrator for controlling and debugging the name server
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          daemon.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User        <div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h4 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="diagnostic_tools"></a>Diagnostic Tools</h4></div></div></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          <p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt            The <span class="command"><strong>dig</strong></span>, <span class="command"><strong>host</strong></span>, and
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt            <span class="command"><strong>nslookup</strong></span> programs are all command
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            line tools
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            for manually querying name servers.  They differ in style and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            output format.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          <div class="variablelist"><dl class="variablelist">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term"><a name="dig"></a><span class="command"><strong>dig</strong></span></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <p>
d95b19f839f5bad2d1c25577fd334907bd90656cTinderbox User                  <span class="command"><strong>dig</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  is the most versatile and complete of these lookup tools.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  It has two modes: simple interactive
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  mode for a single query, and batch mode which executes a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  query for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  each in a list of several query lines. All query options are
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  accessible
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  from the command line.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <div class="cmdsynopsis"><p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                  <code class="command">dig</code>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [@<em class="replaceable"><code>server</code></em>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                    <em class="replaceable"><code>domain</code></em>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [<em class="replaceable"><code>query-type</code></em>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [<em class="replaceable"><code>query-class</code></em>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [+<em class="replaceable"><code>query-option</code></em>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [-<em class="replaceable"><code>dig-option</code></em>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [%<em class="replaceable"><code>comment</code></em>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                </p></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  The usual simple use of <span class="command"><strong>dig</strong></span> will take the form
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <p class="simpara">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  <span class="command"><strong>dig @server domain query-type query-class</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  For more information and a list of available commands and
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  options, see the <span class="command"><strong>dig</strong></span> man
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  page.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User              </dd>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term"><span class="command"><strong>host</strong></span></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  The <span class="command"><strong>host</strong></span> utility emphasizes
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  simplicity
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  and ease of use.  By default, it converts
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  between host names and Internet addresses, but its
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  functionality
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  can be extended with the use of options.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <div class="cmdsynopsis"><p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                  <code class="command">host</code>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [-aCdlnrsTwv]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [-c <em class="replaceable"><code>class</code></em>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [-N <em class="replaceable"><code>ndots</code></em>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [-t <em class="replaceable"><code>type</code></em>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [-W <em class="replaceable"><code>timeout</code></em>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [-R <em class="replaceable"><code>retries</code></em>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [-m <em class="replaceable"><code>flag</code></em>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [-4]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [-6]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                    <em class="replaceable"><code>hostname</code></em>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [<em class="replaceable"><code>server</code></em>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                </p></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  For more information and a list of available commands and
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  options, see the <span class="command"><strong>host</strong></span> man
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  page.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User              </dd>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term"><span class="command"><strong>nslookup</strong></span></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <p><span class="command"><strong>nslookup</strong></span>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  has two modes: interactive and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  non-interactive. Interactive mode allows the user to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  query name servers for information about various
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  hosts and domains or to print a list of hosts in a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  domain. Non-interactive mode is used to print just
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  the name and requested information for a host or
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  domain.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <div class="cmdsynopsis"><p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                  <code class="command">nslookup</code>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [-option...]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                    [<em class="replaceable"><code>host-to-find</code></em>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                     |  [- [server]]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                  ]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                </p></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  Interactive mode is entered when no arguments are given (the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  default name server will be used) or when the first argument
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  is a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  hyphen (`-') and the second argument is the host name or
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  Internet address
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  of a name server.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  Non-interactive mode is used when the name or Internet
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  address
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  of the host to be looked up is given as the first argument.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  The
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  optional second argument specifies the host name or address
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  of a name server.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  Due to its arcane user interface and frequently inconsistent
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  behavior, we do not recommend the use of <span class="command"><strong>nslookup</strong></span>.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  Use <span class="command"><strong>dig</strong></span> instead.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User              </dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dl></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User        </div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User        <div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h4 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="admin_tools"></a>Administrative Tools</h4></div></div></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Administrative tools play an integral part in the management
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            of a server.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          <div class="variablelist"><dl class="variablelist">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<a name="named-checkconf"></a><span class="term"><span class="command"><strong>named-checkconf</strong></span></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  The <span class="command"><strong>named-checkconf</strong></span> program
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  checks the syntax of a <code class="filename">named.conf</code> file.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <div class="cmdsynopsis"><p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                  <code class="command">named-checkconf</code>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [-jvz]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [-t <em class="replaceable"><code>directory</code></em>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [<em class="replaceable"><code>filename</code></em>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                </p></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User              </dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<a name="named-checkzone"></a><span class="term"><span class="command"><strong>named-checkzone</strong></span></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  The <span class="command"><strong>named-checkzone</strong></span> program
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  checks a master file for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  syntax and consistency.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <div class="cmdsynopsis"><p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                  <code class="command">named-checkzone</code>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [-djqvD]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [-c <em class="replaceable"><code>class</code></em>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [-o <em class="replaceable"><code>output</code></em>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [-t <em class="replaceable"><code>directory</code></em>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [-w <em class="replaceable"><code>directory</code></em>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [-k <em class="replaceable"><code>(ignore|warn|fail)</code></em>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [-n <em class="replaceable"><code>(ignore|warn|fail)</code></em>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [-W <em class="replaceable"><code>(ignore|warn)</code></em>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                    <em class="replaceable"><code>zone</code></em>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [<em class="replaceable"><code>filename</code></em>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                </p></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User              </dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<a name="named-compilezone"></a><span class="term"><span class="command"><strong>named-compilezone</strong></span></span>
7208386cd37a2092c70eddf80cf29519b16c4c80Mark Andrews</dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  Similar to <span class="command"><strong>named-checkzone,</strong></span> but
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  it always dumps the zone content to a specified file
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  (typically in a different format).
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User              </dd>
7208386cd37a2092c70eddf80cf29519b16c4c80Mark Andrews<dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<a name="rndc"></a><span class="term"><span class="command"><strong>rndc</strong></span></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  The remote name daemon control
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  (<span class="command"><strong>rndc</strong></span>) program allows the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  system
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  administrator to control the operation of a name server.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  Since <acronym class="acronym">BIND</acronym> 9.2, <span class="command"><strong>rndc</strong></span>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  supports all the commands of the BIND 8 <span class="command"><strong>ndc</strong></span>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  utility except <span class="command"><strong>ndc start</strong></span> and
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  <span class="command"><strong>ndc restart</strong></span>, which were also
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  not supported in <span class="command"><strong>ndc</strong></span>'s
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews                  channel mode.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  If you run <span class="command"><strong>rndc</strong></span> without any
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  options
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  it will display a usage message as follows:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <div class="cmdsynopsis"><p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                  <code class="command">rndc</code>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [-c <em class="replaceable"><code>config</code></em>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [-s <em class="replaceable"><code>server</code></em>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [-p <em class="replaceable"><code>port</code></em>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [-y <em class="replaceable"><code>key</code></em>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                    <em class="replaceable"><code>command</code></em>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                   [<em class="replaceable"><code>command</code></em>...]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                </p></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <p>See <a class="xref" href="man.rndc.html" title="rndc"><span class="refentrytitle"><span class="application">rndc</span></span>(8)</a> for details of
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  the available <span class="command"><strong>rndc</strong></span> commands.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  <span class="command"><strong>rndc</strong></span> requires a configuration file,
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User                  since all
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  communication with the server is authenticated with
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  digital signatures that rely on a shared secret, and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  there is no way to provide that secret other than with a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  configuration file.  The default location for the
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  <span class="command"><strong>rndc</strong></span> configuration file is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="filename">/etc/rndc.conf</code>, but an
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  alternate
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  location can be specified with the <code class="option">-c</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  option.  If the configuration file is not found,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  <span class="command"><strong>rndc</strong></span> will also look in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="filename">/etc/rndc.key</code> (or whatever
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="varname">sysconfdir</code> was defined when
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews                  the <acronym class="acronym">BIND</acronym> build was
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  configured).
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  The <code class="filename">rndc.key</code> file is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  generated by
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  running <span class="command"><strong>rndc-confgen -a</strong></span> as
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  described in
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  <a class="xref" href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and Usage">the section called &#8220;<span class="command"><strong>controls</strong></span> Statement Definition and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          Usage&#8221;</a>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  The format of the configuration file is similar to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  that of <code class="filename">named.conf</code>, but
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  limited to
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  only four statements, the <span class="command"><strong>options</strong></span>,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  <span class="command"><strong>key</strong></span>, <span class="command"><strong>server</strong></span> and
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  <span class="command"><strong>include</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  statements.  These statements are what associate the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  secret keys to the servers with which they are meant to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  be shared.  The order of statements is not
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  significant.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  The <span class="command"><strong>options</strong></span> statement has
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  three clauses:
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  <span class="command"><strong>default-server</strong></span>, <span class="command"><strong>default-key</strong></span>,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  and <span class="command"><strong>default-port</strong></span>.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  <span class="command"><strong>default-server</strong></span> takes a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  host name or address argument  and represents the server
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  that will
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  be contacted if no <code class="option">-s</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  option is provided on the command line.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  <span class="command"><strong>default-key</strong></span> takes
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  the name of a key as its argument, as defined by a <span class="command"><strong>key</strong></span> statement.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  <span class="command"><strong>default-port</strong></span> specifies the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  port to which
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  <span class="command"><strong>rndc</strong></span> should connect if no
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  port is given on the command line or in a
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  <span class="command"><strong>server</strong></span> statement.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  The <span class="command"><strong>key</strong></span> statement defines a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  key to be used
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  by <span class="command"><strong>rndc</strong></span> when authenticating
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  with
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  <span class="command"><strong>named</strong></span>.  Its syntax is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  identical to the
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  <span class="command"><strong>key</strong></span> statement in <code class="filename">named.conf</code>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  The keyword <strong class="userinput"><code>key</code></strong> is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  followed by a key name, which must be a valid
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  domain name, though it need not actually be hierarchical;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  thus,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  a string like "<strong class="userinput"><code>rndc_key</code></strong>" is a valid
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  name.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  The <span class="command"><strong>key</strong></span> statement has two
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  clauses:
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  <span class="command"><strong>algorithm</strong></span> and <span class="command"><strong>secret</strong></span>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  While the configuration parser will accept any string as the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  argument
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User                  to algorithm, currently only the strings
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User                  "<strong class="userinput"><code>hmac-md5</code></strong>",
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User                  "<strong class="userinput"><code>hmac-sha1</code></strong>",
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User                  "<strong class="userinput"><code>hmac-sha224</code></strong>",
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User                  "<strong class="userinput"><code>hmac-sha256</code></strong>",
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User                  "<strong class="userinput"><code>hmac-sha384</code></strong>"
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User                  and "<strong class="userinput"><code>hmac-sha512</code></strong>"
58400e502ee439c8171ad7a2834e6b3d21a1702dTinderbox User                  have any meaning.  The secret is a Base64 encoded string
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  as specified in RFC 3548.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  The <span class="command"><strong>server</strong></span> statement
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  associates a key
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  defined using the <span class="command"><strong>key</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  statement with a server.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  The keyword <strong class="userinput"><code>server</code></strong> is followed by a
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  host name or address.  The <span class="command"><strong>server</strong></span> statement
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  has two clauses: <span class="command"><strong>key</strong></span> and <span class="command"><strong>port</strong></span>.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  The <span class="command"><strong>key</strong></span> clause specifies the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  name of the key
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  to be used when communicating with this server, and the
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  <span class="command"><strong>port</strong></span> clause can be used to
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  specify the port <span class="command"><strong>rndc</strong></span> should
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  connect
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  to on the server.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  A sample minimal configuration file is as follows:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<pre class="programlisting">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinkey rndc_key {
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User     algorithm "hmac-sha256";
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater     secret
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater       "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce};
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceoptions {
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson     default-server 127.0.0.1;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce     default-key    rndc_key;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce};
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</pre>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  This file, if installed as <code class="filename">/etc/rndc.conf</code>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  would allow the command:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="prompt">$ </code><strong class="userinput"><code>rndc reload</code></strong>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  to connect to 127.0.0.1 port 953 and cause the name server
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  to reload, if a name server on the local machine were
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  running with
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  following controls statements:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<pre class="programlisting">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeincontrols {
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater        inet 127.0.0.1
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater            allow { localhost; } keys { rndc_key; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce};
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</pre>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  and it had an identical key statement for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="literal">rndc_key</code>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                <p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  Running the <span class="command"><strong>rndc-confgen</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  program will
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  conveniently create a <code class="filename">rndc.conf</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  file for you, and also display the
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  corresponding <span class="command"><strong>controls</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  statement that you need to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  add to <code class="filename">named.conf</code>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  Alternatively,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  you can run <span class="command"><strong>rndc-confgen -a</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  to set up
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  a <code class="filename">rndc.key</code> file and not
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  modify
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <code class="filename">named.conf</code> at all.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User              </dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dl></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User        </div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      </div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      <div class="section">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<a name="signals"></a>Signals</h3></div></div></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User        <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          Certain UNIX signals cause the name server to take specific
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          actions, as described in the following table.  These signals can
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          be sent using the <span class="command"><strong>kill</strong></span> command.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User        <div class="informaltable">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          <table border="1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<colgroup>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<col width="1.125in" class="1">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<col width="4.000in" class="2">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</colgroup>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tbody>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  <p><span class="command"><strong>SIGHUP</strong></span></p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                    Causes the server to read <code class="filename">named.conf</code> and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                    reload the database.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  <p><span class="command"><strong>SIGTERM</strong></span></p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                    Causes the server to clean up and exit.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt                  <p><span class="command"><strong>SIGINT</strong></span></p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  <p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                    Causes the server to clean up and exit.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                  </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein                </td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tbody>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User</table>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User        </div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      </div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    </div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User  </div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="navfooter">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<hr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<table width="100%" summary="Navigation footer">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="40%" align="left">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a accesskey="p" href="Bv9ARM.ch02.html">Prev</a>�</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="center">�</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="40%" align="right">�<a accesskey="n" href="Bv9ARM.ch04.html">Next</a>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews<td width="40%" align="left" valign="top">Chapter�2.�<acronym class="acronym">BIND</acronym> Resource Requirements�</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="40%" align="right" valign="top">�Chapter�4.�Advanced DNS Features</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</table>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
c313914d0e66b20969215e519bbf2ab4ecf39512Tinderbox User<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</body>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</html>