04d04d19fdd5320953c78ad5b6d2d11f85bc4bcfChristian Maeder<HTML

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder><HEAD

e6d40133bc9f858308654afb1262b8b483ec5922Till Mossakowski><TITLE

333780eae2be9f20fe46dedbf5eb46ffa0cbfd02Christian Maeder>Nameserver Configuration</TITLE

97018cf5fa25b494adffd7e9b4e87320dae6bf47Christian Maeder><META

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder"><LINK

e6d40133bc9f858308654afb1262b8b483ec5922Till MossakowskiHREF="Bv9ARM.html"><LINK

120eec9ff1748e1ae786e2ab073234198bc0f701Christian MaederHREF="Bv9ARM.ch02.html"><LINK

846286f96bb7bd5d2b9db834561a815f832a8d90Christian MaederHREF="Bv9ARM.ch04.html"></HEAD

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder><BODY

54a0a1e10bd93721cf52dbd9b816c8f108997ec0Christian Maeder><DIV

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder><TABLE

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder><TR

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder><TH

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder>BIND 9 Administrator Reference Manual</TH

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder></TR

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder><TR

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder><TD

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian><A

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian>Prev</A

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian></TD

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian><TD

6948b7295a0521212803f15cf919395d2073e2c9Christian Maeder></TD

6948b7295a0521212803f15cf919395d2073e2c9Christian Maeder><TD

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder><A

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder>Next</A

d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jian></TD

d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jian></TR

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian></TABLE

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian><HR

99e6fb75f064189db8f26fe74eb8f01af353e58eCui JianWIDTH="100%"></DIV

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian><DIV

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian><H1

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian><A

17d4f8c5576d93f36cafe68161cdb960ec49ce7cChristian Maeder>Chapter 3. Nameserver Configuration</A

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian></H1

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder><DIV

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder><DL

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian><DT

17d4f8c5576d93f36cafe68161cdb960ec49ce7cChristian Maeder><B

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian>Table of Contents</B

d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jian></DT

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder><DT

d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jian>3.1. <A

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian>Sample Configurations</A

17d4f8c5576d93f36cafe68161cdb960ec49ce7cChristian Maeder></DT

17d4f8c5576d93f36cafe68161cdb960ec49ce7cChristian Maeder><DT

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian>3.2. <A

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder>Load Balancing</A

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder></DT

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder><DT

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder>3.3. <A

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian>Notify</A

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian></DT

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian><DT

17d4f8c5576d93f36cafe68161cdb960ec49ce7cChristian Maeder>3.4. <A

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian>Nameserver Operations</A

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder></DT

d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jian></DL

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian></DIV

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian><P

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian>In this section we provide some suggested configurations along

d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jianwith guidelines for their use. We also address the topic of reasonable

d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jianoption setting.</P

d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jian><DIV

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian><H1

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian><A

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian>3.1. Sample Configurations</A

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian></H1

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian><DIV

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian><H2

d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jian><A

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder>3.1.1. A Caching-only Nameserver</A

5efed683fd173e9d53bd5f1929ba5b0c8a228710Christian Maeder></H2

d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jian><P

d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jian>The following sample configuration is appropriate for a caching-only

d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jianname server for use by clients internal to a corporation. All queries

d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jianfrom outside clients are refused.</P

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder><PRE

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian>&#13;// Two corporate subnets we wish to allow queries from.

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jianacl "corpnets" { 192.168.4.0/24; 192.168.7.0/24; };

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jianoptions {

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian directory "/etc/namedb"; // Working directory

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian pid-file "named.pid"; // Put pid file in working dir

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian allow-query { "corpnets"; };

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian};

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian// Root server hints

17d4f8c5576d93f36cafe68161cdb960ec49ce7cChristian Maederzone "." { type hint; file "root.hint"; };

17d4f8c5576d93f36cafe68161cdb960ec49ce7cChristian Maeder// Provide a reverse mapping for the loopback address 127.0.0.1

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jianzone "0.0.127.in-addr.arpa" {

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder type master;

d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jian file "localhost.rev";

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder notify no;

d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jian};

d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jian</PRE

d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jian></DIV

d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jian><DIV

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder><H2

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian><A

17d4f8c5576d93f36cafe68161cdb960ec49ce7cChristian Maeder>3.1.2. An Authoritative-only Nameserver</A

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian></H2

d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jian><P

d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jian>This sample configuration is for an authoritative-only server

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jianthat is the master server for "<TT

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian>example.com</TT

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian>"

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jianand a slave for the subdomain "<TT

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder>eng.example.com</TT

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder>".</P

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder><PRE

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder>&#13;options {

5efed683fd173e9d53bd5f1929ba5b0c8a228710Christian Maeder directory "/etc/namedb"; // Working directory

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder pid-file "named.pid"; // Put pid file in working dir

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian allow-query { any; }; // This is the default

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian recursion no; // Do not provide recursive service

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian};

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian// Root server hints

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jianzone "." { type hint; file "root.hint"; };

d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jian

d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jian// Provide a reverse mapping for the loopback address 127.0.0.1

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jianzone "0.0.127.in-addr.arpa" {

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian type master;

12368e292c1abf7eaf975f20ee30ef7820ac5dd5Christian Maeder file "localhost.rev";

84a30e66aef85cc54d3dd6f8e408729007fe8809Christian Maeder notify no;

84a30e66aef85cc54d3dd6f8e408729007fe8809Christian Maeder};

17d4f8c5576d93f36cafe68161cdb960ec49ce7cChristian Maeder// We are the master server for example.com

d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jianzone "example.com" {

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian type master;

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian file "example.com.db";

84a30e66aef85cc54d3dd6f8e408729007fe8809Christian Maeder // IP addresses of slave servers allowed to transfer example.com

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder allow-transfer {

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder 192.168.4.14;

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder 192.168.5.53;

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder };

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder};

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder// We are a slave server for eng.example.com

12368e292c1abf7eaf975f20ee30ef7820ac5dd5Christian Maederzone "eng.example.com" {

12368e292c1abf7eaf975f20ee30ef7820ac5dd5Christian Maeder type slave;

84a30e66aef85cc54d3dd6f8e408729007fe8809Christian Maeder file "eng.example.com.bk";

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder // IP address of eng.example.com master server

d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jian masters { 192.168.4.12; };

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian};

99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian</PRE

d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jian></DIV

d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jian></DIV

f45fad43ee1673ab280fbc700821d5d20a493eaaChristian Maeder><DIV

f45fad43ee1673ab280fbc700821d5d20a493eaaChristian Maeder><H1

afddef51d985ac2ea76a6bd846f04cbbc4311305Razvan Pascanu><A

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder>3.2. Load Balancing</A

afddef51d985ac2ea76a6bd846f04cbbc4311305Razvan Pascanu></H1

333780eae2be9f20fe46dedbf5eb46ffa0cbfd02Christian Maeder><P

6948b7295a0521212803f15cf919395d2073e2c9Christian Maeder>Primitive load balancing can be achieved in <SPAN

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder>DNS</SPAN

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder> using multiple

120eec9ff1748e1ae786e2ab073234198bc0f701Christian MaederA records for one name.</P

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder><P

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder>For example, if you have three WWW servers with network addresses

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maederof 10.0.0.1, 10.0.0.2 and 10.0.0.3, a set of records such as the

e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maederfollowing means that clients will connect to each machine one third

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maederof the time:</P

e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken><DIV

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder><A

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder></A

e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder><P

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder></P

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder><TABLE

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder><TBODY

e482d85bc68c1ef56fbf0371b7287271b9857165Christian Maeder><TR

e482d85bc68c1ef56fbf0371b7287271b9857165Christian Maeder><TD

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder><P

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder>Name</P

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder></TD

3fe83d4c932a8266edcf0304a97814c59821d91fChristian Maeder><TD

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder><P

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder>TTL</P

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder></TD

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder><TD

e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder><P

04d04d19fdd5320953c78ad5b6d2d11f85bc4bcfChristian Maeder>CLASS</P

94d9a4cf9aca9662f2a35f1d53170e86739baf24Cui Jian></TD

e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder><TD

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder><P

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder>TYPE</P

94d9a4cf9aca9662f2a35f1d53170e86739baf24Cui Jian></TD

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder><TD

7656c4eb1576d6703f4f42d759e34b09d5ab409dCui Jian><P

3fe83d4c932a8266edcf0304a97814c59821d91fChristian Maeder>Resource Record (RR) Data</P

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder></TD

3fe83d4c932a8266edcf0304a97814c59821d91fChristian Maeder></TR

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder><TR

fae411b64578a883e1ac8b5d51b6f88b2a210c0dChristian Maeder><TD

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder><P

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder><TT

e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder>www</TT

bbf1f54798b97ba0b10621692001d29314028d48Jorina Freya Gerken></P

fae411b64578a883e1ac8b5d51b6f88b2a210c0dChristian Maeder></TD

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder><TD

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder><P

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder><TT

8528053a6a766c3614276df0f59fb2a2e8ab6d18Christian Maeder>600</TT

3fe83d4c932a8266edcf0304a97814c59821d91fChristian Maeder></P

bbf1f54798b97ba0b10621692001d29314028d48Jorina Freya Gerken></TD

e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder><TD

8528053a6a766c3614276df0f59fb2a2e8ab6d18Christian Maeder><P

3fe83d4c932a8266edcf0304a97814c59821d91fChristian Maeder><TT

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder>IN</TT

e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder></P

e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder></TD

e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder><TD

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder><P

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder><TT

3fe83d4c932a8266edcf0304a97814c59821d91fChristian Maeder>A</TT

3fe83d4c932a8266edcf0304a97814c59821d91fChristian Maeder></P

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder></TD

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder><TD

6948b7295a0521212803f15cf919395d2073e2c9Christian Maeder><P

6948b7295a0521212803f15cf919395d2073e2c9Christian Maeder><TT

6948b7295a0521212803f15cf919395d2073e2c9Christian Maeder>10.0.0.1</TT

afddef51d985ac2ea76a6bd846f04cbbc4311305Razvan Pascanu></P

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder></TD

04d04d19fdd5320953c78ad5b6d2d11f85bc4bcfChristian Maeder></TR

04d04d19fdd5320953c78ad5b6d2d11f85bc4bcfChristian Maeder><TR

6948b7295a0521212803f15cf919395d2073e2c9Christian Maeder><TD

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder><P

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder></P

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder></TD

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder><TD

94d9a4cf9aca9662f2a35f1d53170e86739baf24Cui Jian><P

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder><TT

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder>600</TT

f45fad43ee1673ab280fbc700821d5d20a493eaaChristian Maeder></P

94d9a4cf9aca9662f2a35f1d53170e86739baf24Cui Jian></TD

846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder><TD

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder><P

1788a1325a425375f05ca01f62903d748718e3efChristian Maeder><TT

3fe83d4c932a8266edcf0304a97814c59821d91fChristian Maeder>IN</TT

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder></P

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder></TD

e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder><TD

e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder><P

8528053a6a766c3614276df0f59fb2a2e8ab6d18Christian Maeder><TT

120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder>A</TT

f45fad43ee1673ab280fbc700821d5d20a493eaaChristian Maeder></P

></TD

><TD

><P

><TT

>10.0.0.2</TT

></P

></TD

></TR

><TR

><TD

><P

></P

></TD

><TD

><P

><TT

>600</TT

></P

></TD

><TD

><P

><TT

>IN</TT

></P

></TD

><TD

><P

><TT

>A</TT

></P

></TD

><TD

><P

><TT

>10.0.0.3</TT

></P

></TD

></TR

></TBODY

></TABLE

><P

></P

></DIV

><P

>When a resolver queries for these records, <SPAN

>BIND</SPAN

> will rotate

them and respond to the query with the records in a different

order. In the example above, clients will randomly receive

records in the order 1, 2, 3; 2, 3, 1; and 3, 1, 2. Most clients

will use the first record returned and discard the rest.</P

><P

>For more detail on ordering responses, check the

<B

>rrset-order</B

> substatement in the

<B

>options</B

> statement, see

<A

><I

>RRset Ordering</I

></A

>.

This substatement is not supported in

<SPAN

>BIND</SPAN

> 9, and only the ordering scheme described above is

available.</P

></DIV

><DIV

><H1

><A

>3.3. Notify</A

></H1

><P

><SPAN

>DNS</SPAN

> Notify is a mechanism that allows master nameservers to

notify their slave servers of changes to a zone's data. In

response to a <B

>NOTIFY</B

> from a master server, the

slave will check to see that its version of the zone is the

current version and, if not, initiate a transfer.</P

><P

><SPAN

>DNS</SPAN

>

Notify is fully documented in RFC 1996. See also the description

of the zone option <B

>also-notify</B

>, see

<A

>Section 6.2.14.6</A

>. For more information about

<B

>notify</B

>, see <A

>Section 6.2.14.1</A

>.</P

></DIV

><DIV

><H1

><A

>3.4. Nameserver Operations</A

></H1

><DIV

><H2

><A

>3.4.1. Tools for Use With the Nameserver Daemon</A

></H2

><P

>There are several indispensable diagnostic, administrative

and monitoring tools available to the system administrator for controlling

and debugging the nameserver daemon. We describe several in this

section </P

><DIV

><H3

><A

>3.4.1.1. Diagnostic Tools</A

></H3

><P

></P

><DIV

><DL

><DT

><B

>dig</B

></DT

><DD

><P

>The domain information groper (<B

>dig</B

>) is

a command line tool that can be used to gather information from

the Domain Name System servers. Dig has two modes: simple interactive

mode for a single query, and batch mode which executes a query for

each in a list of several query lines. All query options are accessible

from the command line.</P

><P

><B

>dig</B

> [@<TT

><I

>server</I

></TT

>] <TT

><I

>domain</I

></TT

> [<TT

><I

>query-type</I

></TT

>] [<TT

><I

>query-class</I

></TT

>] [+<TT

><I

>query-option</I

></TT

>] [-<TT

><I

>dig-option</I

></TT

>] [%<TT

><I

>comment</I

></TT

>]</P

><P

>The usual simple use of dig will take the form</P

><P

><B

>dig @server domain query-type query-class</B

></P

><P

>For more information and a list of available commands and

options, see the <B

>dig</B

> man page.</P

></DD

><DT

><B

>host</B

></DT

><DD

><P

>The <B

>host</B

> utility

provides a simple <SPAN

>DNS</SPAN

> lookup using a command-line interface for

looking up Internet hostnames. By default, the utility converts

between host names and Internet addresses, but its functionality

can be extended with the use of options.</P

><P

><B

>host</B

> [-aCdlrTwv] [-c <TT

><I

>class</I

></TT

>] [-N <TT

><I

>ndots</I

></TT

>] [-t <TT

><I

>type</I

></TT

>] [-W <TT

><I

>timeout</I

></TT

>] [-R <TT

><I

>retries</I

></TT

>] <TT

><I

>hostname</I

></TT

> [<TT

><I

>server</I

></TT

>]</P

><P

>For more information and a list of available commands and

options, see the <B

>host</B

> man page.</P

></DD

><DT

><B

>nslookup</B

></DT

><DD

><P

><B

>nslookup</B

> is a program used to query Internet

domain nameservers. <B

>nslookup</B

> has two modes: interactive

and non-interactive. Interactive mode allows the user to query nameservers

for information about various hosts and domains or to print a list

of hosts in a domain. Non-interactive mode is used to print just

the name and requested information for a host or domain.</P

><P

><B

>nslookup</B

> [-option...] [<TT

><I

>host-to-find</I

></TT

> | - [server]]</P

><P

>Interactive mode is entered when no arguments are given (the

default nameserver will be used) or when the first argument is a

hyphen (`-') and the second argument is the host name or Internet address

of a nameserver.</P

><P

>Non-interactive mode is used when the name or Internet address

of the host to be looked up is given as the first argument. The

optional second argument specifies the host name or address of a nameserver.</P

><P

>Due to its arcane user interface and frequently inconsistent

behavior, we do not recommend the use of <B

>nslookup</B

>.

Use <B

>dig</B

> instead.</P

></DD

></DL

></DIV

></DIV

><DIV

><H3

><A

>3.4.1.2. Administrative Tools</A

></H3

><P

>Administrative tools play an integral part in the management

of a server.</P

><P

></P

><DIV

><DL

><DT

><A

><B

>named-checkconf</B

></A

></DT

><DD

><P

>The <B

>named-checkconf</B

> program

checks the syntax of a <TT

>named.conf</TT

> file.</P

><P

><B

>named-checkconf</B

> [-t <TT

><I

>directory</I

></TT

>] [<TT

><I

>filename</I

></TT

>]</P

></DD

><DT

><A

><B

>named-checkzone</B

></A

></DT

><DD

><P

>The <B

>named-checkzone</B

> program checks a master file for

syntax and consistency.</P

><P

><B

>check-zone</B

> [-dq] [-c <TT

><I

>class</I

></TT

>] <TT

><I

>zone</I

></TT

> [<TT

><I

>filename</I

></TT

>]</P

></DD

><DT

><A

><B

>rndc</B

></A

></DT

><DD

><P

>The remote name daemon control

(<B

>rndc</B

>) program allows the system

administrator to control the operation of a nameserver.

If you run <B

>rndc</B

> without any options

it will display a usage message as follows:</P

><P

><B

>rndc</B

> [-c <TT

><I

>config</I

></TT

>] [-s <TT

><I

>server</I

></TT

>] [-p <TT

><I

>port</I

></TT

>] [-y <TT

><I

>key</I

></TT

>] <TT

><I

>command</I

></TT

> [<TT

><I

>command</I

></TT

>...]</P

><P

><B

>command</B

> is one of the following:</P

><P

></P

><DIV

><DL

><DT

><TT

><B

>reload</B

></TT

></DT

><DD

><P

>Reload configuration file and zones.</P

></DD

><DT

><TT

><B

>reload <TT

><I

>zone</I

></TT

>

[<SPAN

><TT

><I

>class</I

></TT

>

[<SPAN

><TT

><I

>view</I

></TT

></SPAN

>]</SPAN

>]</B

></TT

></DT

><DD

><P

>Reload the given zone.</P

></DD

><DT

><TT

><B

>refresh <TT

><I

>zone</I

></TT

>

[<SPAN

><TT

><I

>class</I

></TT

>

[<SPAN

><TT

><I

>view</I

></TT

></SPAN

>]</SPAN

>]</B

></TT

></DT

><DD

><P

>Schedule zone maintenance for the given zone.</P

></DD

><DT

><TT

><B

>retransfer <TT

><I

>zone</I

></TT

>

[<SPAN

><TT

><I

>class</I

></TT

>

[<SPAN

><TT

><I

>view</I

></TT

></SPAN

>]</SPAN

>]</B

></TT

></DT

><DD

><P

>Retransfer the given zone from the master.</P

></DD

><DT

><TT

><B

>reconfig</B

></TT

></DT

><DD

><P

>Reload the configuration file and load new zones,

but do not reload existing zone files even if they have changed.

This is faster than a full <B

>reload</B

> when there

is a large number of zones because it avoids the need to examine the

modification times of the zones files.

</P

></DD

><DT

><TT

><B

>stats</B

></TT

></DT

><DD

><P

>Write server statistics to the statistics file.</P

></DD

><DT

><TT

><B

>querylog</B

></TT

></DT

><DD

><P

>Toggle query logging.</P

></DD

><DT

><TT

><B

>dumpdb</B

></TT

></DT

><DD

><P

>Dump the server's caches to the dump file. </P

></DD

><DT

><TT

><B

>stop</B

></TT

></DT

><DD

><P

>Stop the server,

making sure any recent changes

made through dynamic update or IXFR are first saved to the master files

of the updated zones.</P

></DD

><DT

><TT

><B

>halt</B

></TT

></DT

><DD

><P

>Stop the server immediately. Recent changes

made through dynamic update or IXFR are not saved to the master files,

but will be rolled forward from the journal files when the server

is restarted.</P

></DD

><DT

><TT

><B

>trace</B

></TT

></DT

><DD

><P

>Increment the servers debugging level by one. </P

></DD

><DT

><TT

><B

>trace <TT

><I

>level</I

></TT

></B

></TT

></DT

><DD

><P

>Sets the server's debugging level to an explicit

value.</P

></DD

><DT

><TT

><B

>notrace</B

></TT

></DT

><DD

><P

>Sets the server's debugging level to 0.</P

></DD

><DT

><TT

><B

>flush</B

></TT

></DT

><DD

><P

>Flushes the server's cache.</P

></DD

><DT

><TT

><B

>status</B

></TT

></DT

><DD

><P

>Display status of the server.</P

></DD

></DL

></DIV

><P

>In <SPAN

>BIND</SPAN

> 9.2, <B

>rndc</B

>

supports all the commands of the BIND 8 <B

>ndc</B

>

utility except <B

>ndc start</B

>, which was also

not supported in <B

>ndc</B

>'s channel mode.</P

><P

>A configuration file is required, since all

communication with the server is authenticated with

digital signatures that rely on a shared secret, and

there is no way to provide that secret other than with a

configuration file. The default location for the

<B

>rndc</B

> configuration file is

<TT

>/etc/rndc.conf</TT

>, but an alternate

location can be specified with the <TT

>-c</TT

>

option. If the configuration file is not found,

<B

>rndc</B

> will also look in

<TT

>/etc/rndc.key</TT

> (or whatever

<TT

>sysconfdir</TT

> was defined when

the <SPAN

>BIND</SPAN

> build was configured).

The <TT

>rndc.key</TT

> file is generated by

running <B

>rndc-confgen -a</B

> as described in

<A

>Section 6.2.4</A

>.</P

><P

>The format of the configuration file is similar to

that of <TT

>named.conf</TT

>, but limited to

only four statements, the <B

>options</B

>,

<B

>key</B

>, <B

>server</B

> and

<B

>include</B

>

statements. These statements are what associate the

secret keys to the servers with which they are meant to

be shared. The order of statements is not

significant.</P

><P

>The <B

>options</B

> statement has three clauses:

<B

>default-server</B

>, <B

>default-key</B

>,

and <B

>default-port</B

>.

<B

>default-server</B

> takes a

host name or address argument and represents the server that will

be contacted if no <TT

>-s</TT

>

option is provided on the command line.

<B

>default-key</B

> takes

the name of key as its argument, as defined by a <B

>key</B

> statement.

<B

>default-port</B

> specifies the port to which

<B

>rndc</B

> should connect if no

port is given on the command line or in a

<B

>server</B

> statement.</P

><P

>The <B

>key</B

> statement names a key with its

string argument. The string is required by the server to be a valid

domain name, though it need not actually be hierarchical; thus,

a string like "<TT

><B

>rndc_key</B

></TT

>" is a valid name.

The <B

>key</B

> statement has two clauses:

<B

>algorithm</B

> and <B

>secret</B

>.

While the configuration parser will accept any string as the argument

to algorithm, currently only the string "<TT

><B

>hmac-md5</B

></TT

>"

has any meaning. The secret is a base-64 encoded string.</P

><P

>The <B

>server</B

> statement uses the key clause

to associate a <B

>key</B

>-defined key with a server.

The argument to the <B

>server</B

> statement is a

host name or address (addresses must be double quoted). The argument

to the key clause is the name of the key as defined by the <B

>key</B

> statement.

The <B

>port</B

> clause can be used to

specify the port to which <B

>rndc</B

> should connect

on the given server.</P

><P

>A sample minimal configuration file is as follows:</P

><PRE

>&#13;key rndc_key {

algorithm "hmac-md5";

secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";

};

options {

default-server localhost;

default-key rndc_key;

};

</PRE

><P

>This file, if installed as <TT

>/etc/rndc.conf</TT

>,

would allow the command:</P

><P

><TT

>$ </TT

><TT

><B

>rndc reload</B

></TT

></P

><P

>to connect to 127.0.0.1 port 953 and cause the nameserver

to reload, if a nameserver on the local machine were running with

following controls statements:</P

><PRE

>&#13;controls {

inet 127.0.0.1 allow { localhost; } keys { rndc_key; };

};

</PRE

><P

>and it had an identical key statement for

<TT

>rndc_key</TT

>.</P

><P

>Running the <B

>rndc-confgen</B

> program will

conveniently create a <TT

>rndc.conf</TT

>

file for you, and also display the

corresponding <B

>controls</B

> statement that you need to

add to <TT

>named.conf</TT

>. Alternatively,

you can run <B

>rndc-confgen -a</B

> to set up

a <TT

>rndc.key</TT

> file and not modify

<TT

>named.conf</TT

> at all.

</P

></DD

></DL

></DIV

></DIV

></DIV

><DIV

><H2

><A

>3.4.2. Signals</A

></H2

><P

>Certain UNIX signals cause the name server to take specific

actions, as described in the following table. These signals can

be sent using the <B

>kill</B

> command.</P

><DIV

><A

></A

><P

></P

><TABLE

><TBODY

><TR

><TD

><P

><B

>SIGHUP</B

></P

></TD

><TD

><P

>Causes the server to read <TT

>named.conf</TT

> and

reload the database. </P

></TD

></TR

><TR

><TD

><P

><B

>SIGTERM</B

></P

></TD

><TD

><P

>Causes the server to clean up and exit.</P

></TD

></TR

><TR

><TD

>&#13;<P

><B

>SIGINT</B

></P

>

</TD

><TD

><P

>Causes the server to clean up and exit.</P

></TD

></TR

></TBODY

></TABLE

><P

></P

></DIV

></DIV

></DIV

></DIV

><DIV

><HR

WIDTH="100%"><TABLE

><TR

><TD

><A

>Prev</A

></TD

><TD

><A

>Home</A

></TD

><TD

><A

>Next</A

></TD

></TR

><TR

><TD

><SPAN

>BIND</SPAN

> Resource Requirements</TD

><TD