Bv9ARM.ch03.html revision 3b4098640dd85040270f39b9a5ee5e22de99d3d6
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
75c0816e8295e180f4bc7f10db3d0d880383bc1cMark Andrews - Copyright (C) 2000-2003 Internet Software Consortium.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - Permission to use, copy, modify, and distribute this software for any
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - purpose with or without fee is hereby granted, provided that the above
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - copyright notice and this permission notice appear in all copies.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - PERFORMANCE OF THIS SOFTWARE.
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews<!-- $Id: Bv9ARM.ch03.html,v 1.52 2006/01/06 01:55:39 marka Exp $ -->
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<title>Chapter�3.�Name Server Configuration</title>
cedb0bd0c1e3c461b7e479a16d3adfd5b150f1f4Mark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="prev" href="Bv9ARM.ch02.html" title="Chapter�2.�BIND Resource Requirements">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="next" href="Bv9ARM.ch04.html" title="Chapter�4.�Advanced DNS Features">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr><th colspan="3" align="center">Chapter�3.�Name Server Configuration</th></tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a accesskey="p" href="Bv9ARM.ch02.html">Prev</a>�</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch04.html">Next</a>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h2 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="Bv9ARM.ch03"></a>Chapter�3.�Name Server Configuration</h2></div></div></div>
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2549538">A Caching-only Name Server</a></span></dt>
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2549554">An Authoritative-only Name Server</a></span></dt>
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2549576">Load Balancing</a></span></dt>
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2550068">Name Server Operations</a></span></dt>
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2550073">Tools for Use With the Name Server Daemon</a></span></dt>
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2551642">Signals</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein In this section we provide some suggested configurations along
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein with guidelines for their use. We suggest reasonable values for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein certain option settings.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h2 class="title" style="clear: both">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="sample_configuration"></a>Sample Configurations</h2></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="id2549538"></a>A Caching-only Name Server</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The following sample configuration is appropriate for a caching-only
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews name server for use by clients internal to a corporation. All
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein from outside clients are refused using the <span><strong class="command">allow-query</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein option. Alternatively, the same effect could be achieved using
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein firewall rules.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews// Two corporate subnets we wish to allow queries from.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinacl corpnets { 192.168.4.0/24; 192.168.7.0/24; };
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein allow-query { corpnets; };
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein// Provide a reverse mapping for the loopback address 127.0.0.1
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews type master;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="id2549554"></a>An Authoritative-only Name Server</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein This sample configuration is for an authoritative-only server
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein that is the master server for "<code class="filename">example.com</code>"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein and a slave for the subdomain "<code class="filename">eng.example.com</code>".
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein allow-query-cache { none; }; // Do not allow access to cache
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein allow-query { any; }; // This is the default
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein recursion no; // Do not provide recursive service
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein// Provide a reverse mapping for the loopback address 127.0.0.1
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein type master;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein// We are the master server for example.com
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein type master;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein // IP addresses of slave servers allowed to transfer example.com
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein allow-transfer {
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein 192.168.4.14;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein 192.168.5.53;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein// We are a slave server for eng.example.com
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein // IP address of eng.example.com master server
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein masters { 192.168.4.12; };
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h2 class="title" style="clear: both">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="id2549576"></a>Load Balancing</h2></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein A primitive form of load balancing can be achieved in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the <span class="acronym">DNS</span> by using multiple A records for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein For example, if you have three WWW servers with network addresses
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein of 10.0.0.1, 10.0.0.2 and 10.0.0.3, a set of records such as the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein following means that clients will connect to each machine one third
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein of the time:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Resource Record (RR) Data
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein When a resolver queries for these records, <span class="acronym">BIND</span> will rotate
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein them and respond to the query with the records in a different
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein order. In the example above, clients will randomly receive
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein records in the order 1, 2, 3; 2, 3, 1; and 3, 1, 2. Most clients
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein will use the first record returned and discard the rest.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein For more detail on ordering responses, check the
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews <span><strong class="command">rrset-order</strong></span> substatement in the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">options</strong></span> statement, see
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <a href="Bv9ARM.ch06.html#rrset_ordering">RRset Ordering</a>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h2 class="title" style="clear: both">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="id2550068"></a>Name Server Operations</h2></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="id2550073"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein This section describes several indispensable diagnostic,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein administrative and monitoring tools available to the system
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein administrator for controlling and debugging the name server
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h4 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="diagnostic_tools"></a>Diagnostic Tools</h4></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The <span><strong class="command">dig</strong></span>, <span><strong class="command">host</strong></span>, and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">nslookup</strong></span> programs are all command
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein for manually querying name servers. They differ in style and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein output format.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><a name="dig"></a><span><strong class="command">dig</strong></span></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The domain information groper (<span><strong class="command">dig</strong></span>)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein is the most versatile and complete of these lookup tools.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein It has two modes: simple interactive
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein mode for a single query, and batch mode which executes a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein each in a list of several query lines. All query options are
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein from the command line.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="cmdsynopsis"><p><code class="command">dig</code> [@<em class="replaceable"><code>server</code></em>] <em class="replaceable"><code>domain</code></em> [<em class="replaceable"><code>query-type</code></em>] [<em class="replaceable"><code>query-class</code></em>] [+<em class="replaceable"><code>query-option</code></em>] [-<em class="replaceable"><code>dig-option</code></em>] [%<em class="replaceable"><code>comment</code></em>]</p></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The usual simple use of dig will take the form
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">dig @server domain query-type query-class</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein For more information and a list of available commands and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein options, see the <span><strong class="command">dig</strong></span> man
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dt><span class="term"><span><strong class="command">host</strong></span></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The <span><strong class="command">host</strong></span> utility emphasizes
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein and ease of use. By default, it converts
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein between host names and Internet addresses, but its
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein functionality
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein can be extended with the use of options.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="cmdsynopsis"><p><code class="command">host</code> [-aCdlrTwv] [-c <em class="replaceable"><code>class</code></em>] [-N <em class="replaceable"><code>ndots</code></em>] [-t <em class="replaceable"><code>type</code></em>] [-W <em class="replaceable"><code>timeout</code></em>] [-R <em class="replaceable"><code>retries</code></em>] <em class="replaceable"><code>hostname</code></em> [<em class="replaceable"><code>server</code></em>]</p></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein For more information and a list of available commands and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein options, see the <span><strong class="command">host</strong></span> man
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><span><strong class="command">nslookup</strong></span></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p><span><strong class="command">nslookup</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein has two modes: interactive and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein non-interactive. Interactive mode allows the user to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein query name servers for information about various
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein hosts and domains or to print a list of hosts in a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein domain. Non-interactive mode is used to print just
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the name and requested information for a host or
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="cmdsynopsis"><p><code class="command">nslookup</code> [-option...] [[<em class="replaceable"><code>host-to-find</code></em>] | [- [server]]]</p></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Interactive mode is entered when no arguments are given (the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein default name server will be used) or when the first argument
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein hyphen (`-') and the second argument is the host name or
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Internet address
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein of a name server.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Non-interactive mode is used when the name or Internet
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein of the host to be looked up is given as the first argument.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein optional second argument specifies the host name or address
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein of a name server.
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews Due to its arcane user interface and frequently inconsistent
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein behavior, we do not recommend the use of <span><strong class="command">nslookup</strong></span>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Use <span><strong class="command">dig</strong></span> instead.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h4 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="admin_tools"></a>Administrative Tools</h4></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Administrative tools play an integral part in the management
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein of a server.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="named-checkconf"></a><span class="term"><span><strong class="command">named-checkconf</strong></span></span>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews The <span><strong class="command">named-checkconf</strong></span> program
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews checks the syntax of a <code class="filename">named.conf</code> file.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [-jvz] [-t <em class="replaceable"><code>directory</code></em>] [<em class="replaceable"><code>filename</code></em>]</p></div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<a name="named-checkzone"></a><span class="term"><span><strong class="command">named-checkzone</strong></span></span>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews The <span><strong class="command">named-checkzone</strong></span> program
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews checks a master file for
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews syntax and consistency.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [-djqvD] [-c <em class="replaceable"><code>class</code></em>] [-o <em class="replaceable"><code>output</code></em>] [-t <em class="replaceable"><code>directory</code></em>] [-w <em class="replaceable"><code>directory</code></em>] [-k <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-n <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-W <em class="replaceable"><code>(ignore|warn)</code></em>] <em class="replaceable"><code>zone</code></em> [<em class="replaceable"><code>filename</code></em>]</p></div>
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews<a name="named-compilezone"></a><span class="term"><span><strong class="command">named-compilezone</strong></span></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Similar to <span><strong class="command">named-checkzone,</strong></span> but
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein it always dumps the zone content to a specified file
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein (typically in a different format).
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="rndc"></a><span class="term"><span><strong class="command">rndc</strong></span></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The remote name daemon control
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein (<span><strong class="command">rndc</strong></span>) program allows the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein administrator to control the operation of a name server.
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews If you run <span><strong class="command">rndc</strong></span> without any
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein it will display a usage message as follows:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="cmdsynopsis"><p><code class="command">rndc</code> [-c <em class="replaceable"><code>config</code></em>] [-s <em class="replaceable"><code>server</code></em>] [-p <em class="replaceable"><code>port</code></em>] [-y <em class="replaceable"><code>key</code></em>] <em class="replaceable"><code>command</code></em> [<em class="replaceable"><code>command</code></em>...]</p></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p><span><strong class="command">command</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein is one of the following:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>reload</code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Reload configuration file and zones.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>reload <em class="replaceable"><code>zone</code></em>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [<span class="optional"><em class="replaceable"><code>class</code></em>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Reload the given zone.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>refresh <em class="replaceable"><code>zone</code></em>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [<span class="optional"><em class="replaceable"><code>class</code></em>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Schedule zone maintenance for the given zone.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>retransfer <em class="replaceable"><code>zone</code></em>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [<span class="optional"><em class="replaceable"><code>class</code></em>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Retransfer the given zone from the master.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>freeze
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [<span class="optional"><em class="replaceable"><code>zone</code></em>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [<span class="optional"><em class="replaceable"><code>class</code></em>
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Suspend updates to a dynamic zone. If no zone is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein then all zones are suspended. This allows manual
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein edits to be made to a zone normally updated by dynamic
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein also causes changes in the journal file to be synced
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein into the master
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein and the journal file to be removed. All dynamic
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein update attempts will
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein be refused while the zone is frozen.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>thaw
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [<span class="optional"><em class="replaceable"><code>zone</code></em>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [<span class="optional"><em class="replaceable"><code>class</code></em>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Enable updates to a frozen dynamic zone. If no zone
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein specified then all frozen zones are enabled. This
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the server to reload the zone from disk, and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein re-enables dynamic updates
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein after the load has completed. After a zone is thawed,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dynamic updates
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein will no longer be refused.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>notify <em class="replaceable"><code>zone</code></em>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [<span class="optional"><em class="replaceable"><code>class</code></em>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Resend NOTIFY messages for the zone.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>reconfig</code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Reload the configuration file and load new zones,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein but do not reload existing zone files even if they
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein have changed.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein This is faster than a full <span><strong class="command">reload</strong></span> when there
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein is a large number of zones because it avoids the need
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein to examine the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein modification times of the zones files.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>stats</code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Write server statistics to the statistics file.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dt><span class="term"><strong class="userinput"><code>querylog</code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Toggle query logging. Query logging can also be enabled
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein by explicitly directing the <span><strong class="command">queries</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">category</strong></span> to a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">channel</strong></span> in the
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews <span><strong class="command">logging</strong></span> section of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="filename">named.conf</code> or by specifying
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">querylog yes;</strong></span> in the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">options</strong></span> section of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>dumpdb
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [<span class="optional">-all|-cache|-zone</span>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Dump the server's caches (default) and / or zones to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dump file for the specified views. If no view is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein specified all
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein views are dumped.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>stop [<span class="optional">-p</span>]</code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Stop the server, making sure any recent changes
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein made through dynamic update or IXFR are first saved to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the master files of the updated zones.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein If -p is specified named's process id is returned.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein This allows a external process to determine when named
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein had completed stopping.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>halt [<span class="optional">-p</span>]</code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Stop the server immediately. Recent changes
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein made through dynamic update or IXFR are not saved to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the master files, but will be rolled forward from the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein journal files when the server is restarted.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein If -p is specified named's process id is returned.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein This allows a external process to determine when named
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein had completed halting.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>trace</code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Increment the servers debugging level by one.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><strong class="userinput"><code>trace <em class="replaceable"><code>level</code></em></code></strong></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Sets the server's debugging level to an explicit
<dt><span class="term"><strong class="userinput"><code>flushname</code></strong> <em class="replaceable"><code>name</code></em></span></dt>
Note the number of zones includes the internal <span><strong class="command">bind/CH</strong></span> zone
<a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and
Usage">the section called “<span><strong class="command">controls</strong></span> Statement Definition and
<span><strong class="command">key</strong></span>, <span><strong class="command">server</strong></span> and
<span><strong class="command">default-server</strong></span>, <span><strong class="command">default-key</strong></span>,
the name of a key as its argument, as defined by a <span><strong class="command">key</strong></span> statement.
<span><strong class="command">algorithm</strong></span> and <span><strong class="command">secret</strong></span>.
has two clauses: <span><strong class="command">key</strong></span> and <span><strong class="command">port</strong></span>.