doc/arm/Bv9ARM.ch03.html

	Bv9ARM.ch03.html revision 1238b38c9f0ab563b762dc0fd00ac6c34c2b7295
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<!--
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - Copyright (C) 2000-2003 Internet Software Consortium.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews -
4a14ce5ba00ab7bc55c99ffdcf59c7a4ab902721Automatic Updater - Permission to use, copy, modify, and/or distribute this software for any
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - purpose with or without fee is hereby granted, provided that the above
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - copyright notice and this permission notice appear in all copies.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews -
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - PERFORMANCE OF THIS SOFTWARE.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews-->
4a14ce5ba00ab7bc55c99ffdcf59c7a4ab902721Automatic Updater<!-- $Id: Bv9ARM.ch03.html,v 1.79 2010/06/26 01:14:18 tbox Exp $ -->
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<html>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<head>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<title>Chapter�3.�Name Server Configuration</title>
e21a2904f02a03fa06b6db04d348f65fe9c67b2bMark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
2cbb4ab75757fbb656997a82c14ca07db37d481aAutomatic Updater<link rel="prev" href="Bv9ARM.ch02.html" title="Chapter�2.�BIND Resource Requirements">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<link rel="next" href="Bv9ARM.ch04.html" title="Chapter�4.�Advanced DNS Features">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</head>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="navheader">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<table width="100%" summary="Navigation header">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<tr><th colspan="3" align="center">Chapter�3.�Name Server Configuration</th></tr>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<tr>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td width="20%" align="left">
2cbb4ab75757fbb656997a82c14ca07db37d481aAutomatic Updater<a accesskey="p" href="Bv9ARM.ch02.html">Prev</a>�</td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<th width="60%" align="center">�</th>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch04.html">Next</a>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</tr>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</table>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<hr>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="chapter" lang="en">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="titlepage"><div><div><h2 class="title">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<a name="Bv9ARM.ch03"></a>Chapter�3.�Name Server Configuration</h2></div></div></div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="toc">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<p><b>Table of Contents</b></p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dl>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dd><dl>
6283056805887de88040698685b8e1936a1f7a2dAutomatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567764">A Caching-only Name Server</a></span></dt>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567780">An Authoritative-only Name Server</a></span></dt>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</dl></dd>
4a14ce5ba00ab7bc55c99ffdcf59c7a4ab902721Automatic Updater<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568007">Load Balancing</a></span></dt>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568361">Name Server Operations</a></span></dt>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dd><dl>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568366">Tools for Use With the Name Server Daemon</a></span></dt>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570146">Signals</a></span></dt>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</dl></dd>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</dl>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      In this chapter we provide some suggested configurations along
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      with guidelines for their use.  We suggest reasonable values for
4a14ce5ba00ab7bc55c99ffdcf59c7a4ab902721Automatic Updater      certain option settings.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="sect1" lang="en">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="titlepage"><div><div><h2 class="title" style="clear: both">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<a name="sample_configuration"></a>Sample Configurations</h2></div></div></div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="sect2" lang="en">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="titlepage"><div><div><h3 class="title">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<a name="id2567764"></a>A Caching-only Name Server</h3></div></div></div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          The following sample configuration is appropriate for a caching-only
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          name server for use by clients internal to a corporation.  All
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          queries
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          from outside clients are refused using the <span><strong class="command">allow-query</strong></span>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          option.  Alternatively, the same effect could be achieved using
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          suitable
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          firewall rules.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<pre class="programlisting">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews// Two corporate subnets we wish to allow queries from.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewsacl corpnets { 192.168.4.0/24; 192.168.7.0/24; };
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewsoptions {
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews     // Working directory
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews     directory "/etc/namedb";
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews     allow-query { corpnets; };
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews};
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews// Provide a reverse mapping for the loopback
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews// address 127.0.0.1
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewszone "0.0.127.in-addr.arpa" {
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews     type master;
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews     file "localhost.rev";
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews     notify no;
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews};
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</pre>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="sect2" lang="en">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="titlepage"><div><div><h3 class="title">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<a name="id2567780"></a>An Authoritative-only Name Server</h3></div></div></div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          This sample configuration is for an authoritative-only server
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          that is the master server for "<code class="filename">example.com</code>"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          and a slave for the subdomain "<code class="filename">eng.example.com</code>".
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<pre class="programlisting">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewsoptions {
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews     // Working directory
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews     directory "/etc/namedb";
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews     // Do not allow access to cache
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews     allow-query-cache { none; };
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews     // This is the default
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews     allow-query { any; };
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews     // Do not provide recursive service
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews     recursion no;
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews};
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews// Provide a reverse mapping for the loopback
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews// address 127.0.0.1
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewszone "0.0.127.in-addr.arpa" {
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews     type master;
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews     file "localhost.rev";
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews     notify no;
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews};
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews// We are the master server for example.com
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewszone "example.com" {
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews     type master;
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews     file "example.com.db";
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews     // IP addresses of slave servers allowed to
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews     // transfer example.com
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews     allow-transfer {
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          192.168.4.14;
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          192.168.5.53;
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews     };
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews};
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews// We are a slave server for eng.example.com
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewszone "eng.example.com" {
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews     type slave;
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews     file "eng.example.com.bk";
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews     // IP address of eng.example.com master server
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews     masters { 192.168.4.12; };
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews};
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</pre>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="sect1" lang="en">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="titlepage"><div><div><h2 class="title" style="clear: both">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<a name="id2568007"></a>Load Balancing</h2></div></div></div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        A primitive form of load balancing can be achieved in
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        the <acronym class="acronym">DNS</acronym> by using multiple records
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        (such as multiple A records) for one name.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        For example, if you have three WWW servers with network addresses
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        of 10.0.0.1, 10.0.0.2 and 10.0.0.3, a set of records such as the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        following means that clients will connect to each machine one third
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        of the time:
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="informaltable"><table border="1">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<colgroup>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<col>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<col>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<col>
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews<col>
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews<col>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</colgroup>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<tbody>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<tr>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                <p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  Name
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews              </td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                <p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  TTL
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews              </td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                <p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  CLASS
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews              </td>
52ece689e0265f9a3e518de5b2539e749f6d35acMark Andrews<td>
52ece689e0265f9a3e518de5b2539e749f6d35acMark Andrews                <p>
52ece689e0265f9a3e518de5b2539e749f6d35acMark Andrews                  TYPE
52ece689e0265f9a3e518de5b2539e749f6d35acMark Andrews                </p>
52ece689e0265f9a3e518de5b2539e749f6d35acMark Andrews              </td>
52ece689e0265f9a3e518de5b2539e749f6d35acMark Andrews<td>
52ece689e0265f9a3e518de5b2539e749f6d35acMark Andrews                <p>
52ece689e0265f9a3e518de5b2539e749f6d35acMark Andrews                  Resource Record (RR) Data
52ece689e0265f9a3e518de5b2539e749f6d35acMark Andrews                </p>
52ece689e0265f9a3e518de5b2539e749f6d35acMark Andrews              </td>
52ece689e0265f9a3e518de5b2539e749f6d35acMark Andrews</tr>
52ece689e0265f9a3e518de5b2539e749f6d35acMark Andrews<tr>
52ece689e0265f9a3e518de5b2539e749f6d35acMark Andrews<td>
52ece689e0265f9a3e518de5b2539e749f6d35acMark Andrews                <p>
52ece689e0265f9a3e518de5b2539e749f6d35acMark Andrews                  <code class="literal">www</code>
52ece689e0265f9a3e518de5b2539e749f6d35acMark Andrews                </p>
52ece689e0265f9a3e518de5b2539e749f6d35acMark Andrews              </td>
52ece689e0265f9a3e518de5b2539e749f6d35acMark Andrews<td>
52ece689e0265f9a3e518de5b2539e749f6d35acMark Andrews                <p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  <code class="literal">600</code>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews              </td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                <p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  <code class="literal">IN</code>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews              </td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                <p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  <code class="literal">A</code>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews              </td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                <p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  <code class="literal">10.0.0.1</code>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews              </td>
6283056805887de88040698685b8e1936a1f7a2dAutomatic Updater</tr>
6283056805887de88040698685b8e1936a1f7a2dAutomatic Updater<tr>
6283056805887de88040698685b8e1936a1f7a2dAutomatic Updater<td>
6283056805887de88040698685b8e1936a1f7a2dAutomatic Updater                <p></p>
6283056805887de88040698685b8e1936a1f7a2dAutomatic Updater              </td>
6283056805887de88040698685b8e1936a1f7a2dAutomatic Updater<td>
6283056805887de88040698685b8e1936a1f7a2dAutomatic Updater                <p>
1c51f79aba598e5e20bde66aea0237e347f6d5ceAutomatic Updater                  <code class="literal">600</code>
1c51f79aba598e5e20bde66aea0237e347f6d5ceAutomatic Updater                </p>
6283056805887de88040698685b8e1936a1f7a2dAutomatic Updater              </td>
1c51f79aba598e5e20bde66aea0237e347f6d5ceAutomatic Updater<td>
6283056805887de88040698685b8e1936a1f7a2dAutomatic Updater                <p>
6283056805887de88040698685b8e1936a1f7a2dAutomatic Updater                  <code class="literal">IN</code>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews              </td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                <p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  <code class="literal">A</code>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews              </td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                <p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  <code class="literal">10.0.0.2</code>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews              </td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</tr>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<tr>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                <p></p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews              </td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                <p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  <code class="literal">600</code>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews              </td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                <p>
731cc132f22dbc9e0ecd7035dce314a61076d31bAutomatic Updater                  <code class="literal">IN</code>
731cc132f22dbc9e0ecd7035dce314a61076d31bAutomatic Updater                </p>
731cc132f22dbc9e0ecd7035dce314a61076d31bAutomatic Updater              </td>
731cc132f22dbc9e0ecd7035dce314a61076d31bAutomatic Updater<td>
731cc132f22dbc9e0ecd7035dce314a61076d31bAutomatic Updater                <p>
731cc132f22dbc9e0ecd7035dce314a61076d31bAutomatic Updater                  <code class="literal">A</code>
731cc132f22dbc9e0ecd7035dce314a61076d31bAutomatic Updater                </p>
731cc132f22dbc9e0ecd7035dce314a61076d31bAutomatic Updater              </td>
731cc132f22dbc9e0ecd7035dce314a61076d31bAutomatic Updater<td>
731cc132f22dbc9e0ecd7035dce314a61076d31bAutomatic Updater                <p>
731cc132f22dbc9e0ecd7035dce314a61076d31bAutomatic Updater                  <code class="literal">10.0.0.3</code>
731cc132f22dbc9e0ecd7035dce314a61076d31bAutomatic Updater                </p>
731cc132f22dbc9e0ecd7035dce314a61076d31bAutomatic Updater              </td>
731cc132f22dbc9e0ecd7035dce314a61076d31bAutomatic Updater</tr>
731cc132f22dbc9e0ecd7035dce314a61076d31bAutomatic Updater</tbody>
731cc132f22dbc9e0ecd7035dce314a61076d31bAutomatic Updater</table></div>
731cc132f22dbc9e0ecd7035dce314a61076d31bAutomatic Updater<p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        When a resolver queries for these records, <acronym class="acronym">BIND</acronym> will rotate
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        them and respond to the query with the records in a different
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        order.  In the example above, clients will randomly receive
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        records in the order 1, 2, 3; 2, 3, 1; and 3, 1, 2. Most clients
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        will use the first record returned and discard the rest.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      </p>
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews<p>
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews        For more detail on ordering responses, check the
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews        <span><strong class="command">rrset-order</strong></span> substatement in the
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews        <span><strong class="command">options</strong></span> statement, see
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews        <a href="Bv9ARM.ch06.html#rrset_ordering">RRset Ordering</a>.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="sect1" lang="en">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="titlepage"><div><div><h2 class="title" style="clear: both">
4a14ce5ba00ab7bc55c99ffdcf59c7a4ab902721Automatic Updater<a name="id2568361"></a>Name Server Operations</h2></div></div></div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="sect2" lang="en">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="titlepage"><div><div><h3 class="title">
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews<a name="id2568366"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews<p>
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews          This section describes several indispensable diagnostic,
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews          administrative and monitoring tools available to the system
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews          administrator for controlling and debugging the name server
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          daemon.
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews        </p>
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews<div class="sect3" lang="en">
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews<div class="titlepage"><div><div><h4 class="title">
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews<a name="diagnostic_tools"></a>Diagnostic Tools</h4></div></div></div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<p>
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews            The <span><strong class="command">dig</strong></span>, <span><strong class="command">host</strong></span>, and
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews            <span><strong class="command">nslookup</strong></span> programs are all command
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews            line tools
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews            for manually querying name servers.  They differ in style and
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews            output format.
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews          </p>
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews<div class="variablelist"><dl>
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews<dt><span class="term"><a name="dig"></a><span><strong class="command">dig</strong></span></span></dt>
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews<dd>
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews<p>
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews                  The domain information groper (<span><strong class="command">dig</strong></span>)
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews                  is the most versatile and complete of these lookup tools.
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews                  It has two modes: simple interactive
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  mode for a single query, and batch mode which executes a
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  query for
4a14ce5ba00ab7bc55c99ffdcf59c7a4ab902721Automatic Updater                  each in a list of several query lines. All query options are
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  accessible
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  from the command line.
c6c78f699b55b3344fb6b17ddc854cbae4610468Automatic Updater                </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="cmdsynopsis"><p><code class="command">dig</code>  [@<em class="replaceable"><code>server</code></em>]  <em class="replaceable"><code>domain</code></em>  [<em class="replaceable"><code>query-type</code></em>] [<em class="replaceable"><code>query-class</code></em>] [+<em class="replaceable"><code>query-option</code></em>] [-<em class="replaceable"><code>dig-option</code></em>] [%<em class="replaceable"><code>comment</code></em>]</p></div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  The usual simple use of <span><strong class="command">dig</strong></span> will take the form
4a14ce5ba00ab7bc55c99ffdcf59c7a4ab902721Automatic Updater                </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  <span><strong class="command">dig @server domain query-type query-class</strong></span>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  For more information and a list of available commands and
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  options, see the <span><strong class="command">dig</strong></span> man
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  page.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                </p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</dd>
2cbb4ab75757fbb656997a82c14ca07db37d481aAutomatic Updater<dt><span class="term"><span><strong class="command">host</strong></span></span></dt>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dd>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  The <span><strong class="command">host</strong></span> utility emphasizes
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  simplicity
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  and ease of use.  By default, it converts
4abdfc917e6635a7c81d1f931a0c79227e72d025Mark Andrews                  between host names and Internet addresses, but its
2cbb4ab75757fbb656997a82c14ca07db37d481aAutomatic Updater                  functionality
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  can be extended with the use of options.
4abdfc917e6635a7c81d1f931a0c79227e72d025Mark Andrews                </p>
4abdfc917e6635a7c81d1f931a0c79227e72d025Mark Andrews<div class="cmdsynopsis"><p><code class="command">host</code>  [-aCdlnrsTwv] [-c <em class="replaceable"><code>class</code></em>] [-N <em class="replaceable"><code>ndots</code></em>] [-t <em class="replaceable"><code>type</code></em>] [-W <em class="replaceable"><code>timeout</code></em>] [-R <em class="replaceable"><code>retries</code></em>] [-m <em class="replaceable"><code>flag</code></em>] [-4] [-6]  <em class="replaceable"><code>hostname</code></em>  [<em class="replaceable"><code>server</code></em>]</p></div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  For more information and a list of available commands and
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  options, see the <span><strong class="command">host</strong></span> man
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                  page.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews                </p>
</dd>
<dt><span class="term"><span><strong class="command">nslookup</strong></span></span></dt>
<dd>
<p><span><strong class="command">nslookup</strong></span>
                  has two modes: interactive and
                  non-interactive. Interactive mode allows the user to
                  query name servers for information about various
                  hosts and domains or to print a list of hosts in a
                  domain. Non-interactive mode is used to print just
                  the name and requested information for a host or
                  domain.
                </p>
<div class="cmdsynopsis"><p><code class="command">nslookup</code>  [-option...] [[<em class="replaceable"><code>host-to-find</code></em>] |  [- [server]]]</p></div>
<p>
                  Interactive mode is entered when no arguments are given (the
                  default name server will be used) or when the first argument
                  is a
                  hyphen (`-') and the second argument is the host name or
                  Internet address
                  of a name server.
                </p>
<p>
                  Non-interactive mode is used when the name or Internet
                  address
                  of the host to be looked up is given as the first argument.
                  The
                  optional second argument specifies the host name or address
                  of a name server.
                </p>
<p>
                  Due to its arcane user interface and frequently inconsistent
                  behavior, we do not recommend the use of <span><strong class="command">nslookup</strong></span>.
                  Use <span><strong class="command">dig</strong></span> instead.
                </p>
</dd>
</dl></div>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="admin_tools"></a>Administrative Tools</h4></div></div></div>
<p>
            Administrative tools play an integral part in the management
            of a server.
          </p>
<div class="variablelist"><dl>
<dt>
<a name="named-checkconf"></a><span class="term"><span><strong class="command">named-checkconf</strong></span></span>
</dt>
<dd>
<p>
                  The <span><strong class="command">named-checkconf</strong></span> program
                  checks the syntax of a <code class="filename">named.conf</code> file.
                </p>
<div class="cmdsynopsis"><p><code class="command">named-checkconf</code>  [-jvz] [-t <em class="replaceable"><code>directory</code></em>] [<em class="replaceable"><code>filename</code></em>]</p></div>
</dd>
<dt>
<a name="named-checkzone"></a><span class="term"><span><strong class="command">named-checkzone</strong></span></span>
</dt>
<dd>
<p>
                  The <span><strong class="command">named-checkzone</strong></span> program
                  checks a master file for
                  syntax and consistency.
                </p>
<div class="cmdsynopsis"><p><code class="command">named-checkzone</code>  [-djqvD] [-c <em class="replaceable"><code>class</code></em>] [-o <em class="replaceable"><code>output</code></em>] [-t <em class="replaceable"><code>directory</code></em>] [-w <em class="replaceable"><code>directory</code></em>] [-k <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-n <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-W <em class="replaceable"><code>(ignore|warn)</code></em>]  <em class="replaceable"><code>zone</code></em>  [<em class="replaceable"><code>filename</code></em>]</p></div>
</dd>
<dt>
<a name="named-compilezone"></a><span class="term"><span><strong class="command">named-compilezone</strong></span></span>
</dt>
<dd><p>
                  Similar to <span><strong class="command">named-checkzone,</strong></span> but
                  it always dumps the zone content to a specified file
                  (typically in a different format).
                </p></dd>
<dt>
<a name="rndc"></a><span class="term"><span><strong class="command">rndc</strong></span></span>
</dt>
<dd>
<p>
                  The remote name daemon control
                  (<span><strong class="command">rndc</strong></span>) program allows the
                  system
                  administrator to control the operation of a name server.
                  Since <acronym class="acronym">BIND</acronym> 9.2, <span><strong class="command">rndc</strong></span>
                  supports all the commands of the BIND 8 <span><strong class="command">ndc</strong></span>
                  utility except <span><strong class="command">ndc start</strong></span> and
                  <span><strong class="command">ndc restart</strong></span>, which were also
                  not supported in <span><strong class="command">ndc</strong></span>'s
                  channel mode.
                  If you run <span><strong class="command">rndc</strong></span> without any
                  options
                  it will display a usage message as follows:
                </p>
<div class="cmdsynopsis"><p><code class="command">rndc</code>  [-c <em class="replaceable"><code>config</code></em>] [-s <em class="replaceable"><code>server</code></em>] [-p <em class="replaceable"><code>port</code></em>] [-y <em class="replaceable"><code>key</code></em>]  <em class="replaceable"><code>command</code></em>  [<em class="replaceable"><code>command</code></em>...]</p></div>
<p>The <span><strong class="command">command</strong></span>
                  is one of the following:
                </p>
<div class="variablelist"><dl>
<dt><span class="term"><strong class="userinput"><code>reload</code></strong></span></dt>
<dd><p>
                        Reload configuration file and zones.
                      </p></dd>
<dt><span class="term"><strong class="userinput"><code>reload <em class="replaceable"><code>zone</code></em>
                        [<span class="optional"><em class="replaceable"><code>class</code></em>
           [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
<dd><p>
                        Reload the given zone.
                      </p></dd>
<dt><span class="term"><strong class="userinput"><code>refresh <em class="replaceable"><code>zone</code></em>
                        [<span class="optional"><em class="replaceable"><code>class</code></em>
           [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
<dd><p>
                        Schedule zone maintenance for the given zone.
                      </p></dd>
<dt><span class="term"><strong class="userinput"><code>retransfer <em class="replaceable"><code>zone</code></em>

                        [<span class="optional"><em class="replaceable"><code>class</code></em>
           [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
<dd><p>
                        Retransfer the given zone from the master.
                      </p></dd>
<dt><span class="term"><strong class="userinput"><code>sign <em class="replaceable"><code>zone</code></em>
                        [<span class="optional"><em class="replaceable"><code>class</code></em>
           [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
<dd>
<p>
                        Fetch all DNSSEC keys for the given zone
                        from the key directory (see
                        <span><strong class="command">key-directory</strong></span> in
                        <a href="Bv9ARM.ch06.html#options" title="options Statement Definition and
          Usage">the section called &#8220;<span><strong class="command">options</strong></span> Statement Definition and
          Usage&#8221;</a>), and merge them
                        into the zone's DNSKEY RRset.  If the DNSKEY RRset
                        is changed as a result of this, then the zone is
                        automatically re-signed with the new key set.
                      </p>
<p>
                        This command requires that the
                        <span><strong class="command">auto-dnssec</strong></span> zone option to be set
                        to <code class="literal">allow</code>,
                        <code class="literal">maintain</code>, or
                        <code class="literal">create</code>,  and also requires
                        the zone to be configured to allow dynamic DNS.
                        See <a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called &#8220;Dynamic Update Policies&#8221;</a> for
                        more details.
                      </p>
</dd>
<dt><span class="term"><strong class="userinput"><code>freeze
                        [<span class="optional"><em class="replaceable"><code>zone</code></em>
       [<span class="optional"><em class="replaceable"><code>class</code></em>
           [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
<dd><p>
                        Suspend updates to a dynamic zone.  If no zone is
                        specified,
                        then all zones are suspended.  This allows manual
                        edits to be made to a zone normally updated by dynamic
                        update.  It
                        also causes changes in the journal file to be synced
                        into the master
                        and the journal file to be removed.  All dynamic
                        update attempts will
                        be refused while the zone is frozen.
                      </p></dd>
<dt><span class="term"><strong class="userinput"><code>thaw
                        [<span class="optional"><em class="replaceable"><code>zone</code></em>
       [<span class="optional"><em class="replaceable"><code>class</code></em>
           [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
<dd><p>
                        Enable updates to a frozen dynamic zone.  If no zone
                        is
                        specified, then all frozen zones are enabled.  This
                        causes
                        the server to reload the zone from disk, and
                        re-enables dynamic updates
                        after the load has completed.  After a zone is thawed,
                        dynamic updates
                        will no longer be refused.
                      </p></dd>
<dt><span class="term"><strong class="userinput"><code>notify <em class="replaceable"><code>zone</code></em>
                        [<span class="optional"><em class="replaceable"><code>class</code></em>
           [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
<dd><p>
                        Resend NOTIFY messages for the zone.
                      </p></dd>
<dt><span class="term"><strong class="userinput"><code>reconfig</code></strong></span></dt>
<dd><p>
                        Reload the configuration file and load new zones,
                        but do not reload existing zone files even if they
                        have changed.
                        This is faster than a full <span><strong class="command">reload</strong></span> when there
                        is a large number of zones because it avoids the need
                        to examine the
                        modification times of the zones files.
                      </p></dd>
<dt><span class="term"><strong class="userinput"><code>stats</code></strong></span></dt>
<dd><p>
                        Write server statistics to the statistics file.
                      </p></dd>
<dt><span class="term"><strong class="userinput"><code>querylog</code></strong></span></dt>
<dd><p>
                        Toggle query logging. Query logging can also be enabled
                        by explicitly directing the <span><strong class="command">queries</strong></span>
                        <span><strong class="command">category</strong></span> to a
                        <span><strong class="command">channel</strong></span> in the
                        <span><strong class="command">logging</strong></span> section of
                        <code class="filename">named.conf</code> or by specifying
                        <span><strong class="command">querylog yes;</strong></span> in the
                        <span><strong class="command">options</strong></span> section of
                        <code class="filename">named.conf</code>.
                      </p></dd>
<dt><span class="term"><strong class="userinput"><code>dumpdb
                        [<span class="optional">-all|-cache|-zone</span>]
                        [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>
<dd><p>
                        Dump the server's caches (default) and/or zones to
                        the
                        dump file for the specified views.  If no view is
                        specified, all
                        views are dumped.
                      </p></dd>
<dt><span class="term"><strong class="userinput"><code>secroots
                        [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>
<dd><p>
                        Dump the server's security roots to the secroots
                        file for the specified views.  If no view is
                        specified, security roots for all
                        views are dumped.
                      </p></dd>
<dt><span class="term"><strong class="userinput"><code>stop [<span class="optional">-p</span>]</code></strong></span></dt>
<dd><p>
                        Stop the server, making sure any recent changes
                        made through dynamic update or IXFR are first saved to
                        the master files of the updated zones.
                        If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned.
                        This allows an external process to determine when <span><strong class="command">named</strong></span>
                        had completed stopping.
                      </p></dd>
<dt><span class="term"><strong class="userinput"><code>halt [<span class="optional">-p</span>]</code></strong></span></dt>
<dd><p>
                        Stop the server immediately.  Recent changes
                        made through dynamic update or IXFR are not saved to
                        the master files, but will be rolled forward from the
                        journal files when the server is restarted.
                        If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned.
                        This allows an external process to determine when <span><strong class="command">named</strong></span>
                        had completed halting.
                      </p></dd>
<dt><span class="term"><strong class="userinput"><code>trace</code></strong></span></dt>
<dd><p>
                        Increment the servers debugging level by one.
                      </p></dd>
<dt><span class="term"><strong class="userinput"><code>trace <em class="replaceable"><code>level</code></em></code></strong></span></dt>
<dd><p>
                        Sets the server's debugging level to an explicit
                        value.
                      </p></dd>
<dt><span class="term"><strong class="userinput"><code>notrace</code></strong></span></dt>
<dd><p>
                        Sets the server's debugging level to 0.
                      </p></dd>
<dt><span class="term"><strong class="userinput"><code>flush</code></strong></span></dt>
<dd><p>
                        Flushes the server's cache.
                      </p></dd>
<dt><span class="term"><strong class="userinput"><code>flushname</code></strong> <em class="replaceable"><code>name</code></em></span></dt>
<dd><p>
                        Flushes the given name from the server's cache.
                      </p></dd>
<dt><span class="term"><strong class="userinput"><code>status</code></strong></span></dt>
<dd><p>
                        Display status of the server.
                        Note that the number of zones includes the internal <span><strong class="command">bind/CH</strong></span> zone
                        and the default <span><strong class="command">/IN</strong></span>
                        hint zone if there is not an
                        explicit root zone configured.
                      </p></dd>
<dt><span class="term"><strong class="userinput"><code>recursing</code></strong></span></dt>
<dd><p>
                        Dump the list of queries <span><strong class="command">named</strong></span> is currently recursing
                        on.
                      </p></dd>
<dt><span class="term"><strong class="userinput"><code>validation
                        [<span class="optional">on|off</span>]
                        [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]
                    </code></strong></span></dt>
<dd><p>
                        Enable or disable DNSSEC validation.
                        Note <span><strong class="command">dnssec-enable</strong></span> also needs to be
                        set to <strong class="userinput"><code>yes</code></strong> to be effective.
                        It defaults to enabled.
                      </p></dd>
</dl></div>
<p>
                  A configuration file is required, since all
                  communication with the server is authenticated with
                  digital signatures that rely on a shared secret, and
                  there is no way to provide that secret other than with a
                  configuration file.  The default location for the
                  <span><strong class="command">rndc</strong></span> configuration file is
                  <code class="filename">/etc/rndc.conf</code>, but an
                  alternate
                  location can be specified with the <code class="option">-c</code>
                  option.  If the configuration file is not found,
                  <span><strong class="command">rndc</strong></span> will also look in
                  <code class="filename">/etc/rndc.key</code> (or whatever
                  <code class="varname">sysconfdir</code> was defined when
                  the <acronym class="acronym">BIND</acronym> build was
                  configured).
                  The <code class="filename">rndc.key</code> file is
                  generated by
                  running <span><strong class="command">rndc-confgen -a</strong></span> as
                  described in
                  <a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and
          Usage">the section called &#8220;<span><strong class="command">controls</strong></span> Statement Definition and
          Usage&#8221;</a>.
                </p>
<p>
                  The format of the configuration file is similar to
                  that of <code class="filename">named.conf</code>, but
                  limited to
                  only four statements, the <span><strong class="command">options</strong></span>,
                  <span><strong class="command">key</strong></span>, <span><strong class="command">server</strong></span> and
                  <span><strong class="command">include</strong></span>
                  statements.  These statements are what associate the
                  secret keys to the servers with which they are meant to
                  be shared.  The order of statements is not
                  significant.
                </p>
<p>
                  The <span><strong class="command">options</strong></span> statement has
                  three clauses:
                  <span><strong class="command">default-server</strong></span>, <span><strong class="command">default-key</strong></span>,
                  and <span><strong class="command">default-port</strong></span>.
                  <span><strong class="command">default-server</strong></span> takes a
                  host name or address argument  and represents the server
                  that will
                  be contacted if no <code class="option">-s</code>
                  option is provided on the command line.
                  <span><strong class="command">default-key</strong></span> takes
                  the name of a key as its argument, as defined by a <span><strong class="command">key</strong></span> statement.
                  <span><strong class="command">default-port</strong></span> specifies the
                  port to which
                  <span><strong class="command">rndc</strong></span> should connect if no
                  port is given on the command line or in a
                  <span><strong class="command">server</strong></span> statement.
                </p>
<p>
                  The <span><strong class="command">key</strong></span> statement defines a
                  key to be used
                  by <span><strong class="command">rndc</strong></span> when authenticating
                  with
                  <span><strong class="command">named</strong></span>.  Its syntax is
                  identical to the
                  <span><strong class="command">key</strong></span> statement in <code class="filename">named.conf</code>.
                  The keyword <strong class="userinput"><code>key</code></strong> is
                  followed by a key name, which must be a valid
                  domain name, though it need not actually be hierarchical;
                  thus,
                  a string like "<strong class="userinput"><code>rndc_key</code></strong>" is a valid
                  name.
                  The <span><strong class="command">key</strong></span> statement has two
                  clauses:
                  <span><strong class="command">algorithm</strong></span> and <span><strong class="command">secret</strong></span>.
                  While the configuration parser will accept any string as the
                  argument
                  to algorithm, currently only the string "<strong class="userinput"><code>hmac-md5</code></strong>"
                  has any meaning.  The secret is a base-64 encoded string
                  as specified in RFC 3548.
                </p>
<p>
                  The <span><strong class="command">server</strong></span> statement
                  associates a key
                  defined using the <span><strong class="command">key</strong></span>
                  statement with a server.
                  The keyword <strong class="userinput"><code>server</code></strong> is followed by a
                  host name or address.  The <span><strong class="command">server</strong></span> statement
                  has two clauses: <span><strong class="command">key</strong></span> and <span><strong class="command">port</strong></span>.
                  The <span><strong class="command">key</strong></span> clause specifies the
                  name of the key
                  to be used when communicating with this server, and the
                  <span><strong class="command">port</strong></span> clause can be used to
                  specify the port <span><strong class="command">rndc</strong></span> should
                  connect
                  to on the server.
                </p>
<p>
                  A sample minimal configuration file is as follows:
                </p>
<pre class="programlisting">
key rndc_key {
     algorithm "hmac-md5";
     secret
       "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};
options {
     default-server 127.0.0.1;
     default-key    rndc_key;
};
</pre>
<p>
                  This file, if installed as <code class="filename">/etc/rndc.conf</code>,
                  would allow the command:
                </p>
<p>
                  <code class="prompt">$ </code><strong class="userinput"><code>rndc reload</code></strong>
                </p>
<p>
                  to connect to 127.0.0.1 port 953 and cause the name server
                  to reload, if a name server on the local machine were
                  running with
                  following controls statements:
                </p>
<pre class="programlisting">
controls {
        inet 127.0.0.1
            allow { localhost; } keys { rndc_key; };
};
</pre>
<p>
                  and it had an identical key statement for
                  <code class="literal">rndc_key</code>.
                </p>
<p>
                  Running the <span><strong class="command">rndc-confgen</strong></span>
                  program will
                  conveniently create a <code class="filename">rndc.conf</code>
                  file for you, and also display the
                  corresponding <span><strong class="command">controls</strong></span>
                  statement that you need to
                  add to <code class="filename">named.conf</code>.
                  Alternatively,
                  you can run <span><strong class="command">rndc-confgen -a</strong></span>
                  to set up
                  a <code class="filename">rndc.key</code> file and not
                  modify
                  <code class="filename">named.conf</code> at all.
                </p>
</dd>
</dl></div>
</div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2570146"></a>Signals</h3></div></div></div>
<p>
          Certain UNIX signals cause the name server to take specific
          actions, as described in the following table.  These signals can
          be sent using the <span><strong class="command">kill</strong></span> command.
        </p>
<div class="informaltable"><table border="1">
<colgroup>
<col>
<col>
</colgroup>
<tbody>
<tr>
<td>
                  <p><span><strong class="command">SIGHUP</strong></span></p>
                </td>
<td>
                  <p>
                    Causes the server to read <code class="filename">named.conf</code> and
                    reload the database.
                  </p>
                </td>
</tr>
<tr>
<td>
                  <p><span><strong class="command">SIGTERM</strong></span></p>
                </td>
<td>
                  <p>
                    Causes the server to clean up and exit.
                  </p>
                </td>
</tr>
<tr>
<td>
                  <p><span><strong class="command">SIGINT</strong></span></p>
                </td>
<td>
                  <p>
                    Causes the server to clean up and exit.
                  </p>
                </td>
</tr>
</tbody>
</table></div>
</div>
</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left">
<a accesskey="p" href="Bv9ARM.ch02.html">Prev</a>�</td>
<td width="20%" align="center">�</td>
<td width="40%" align="right">�<a accesskey="n" href="Bv9ARM.ch04.html">Next</a>
</td>
</tr>
<tr>
<td width="40%" align="left" valign="top">Chapter�2.�<acronym class="acronym">BIND</acronym> Resource Requirements�</td>
<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
<td width="40%" align="right" valign="top">�Chapter�4.�Advanced DNS Features</td>
</tr>
</table>
</div>
</body>
</html>