Bv9ARM.ch03.html revision 575e532437cf7f203707765e21767db92fa1e480
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson>Name Server Configuration</TITLE
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="GENERATOR"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark AndrewsCONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
fcc9f7f86c2fa2ceb8a5c16dc934fea7fa6887f2Andreas GustafssonTITLE="BIND 9 Administrator Reference Manual"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceREL="PREVIOUS"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceTITLE="BIND Resource Requirements"
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas GustafssonTITLE="Advanced DNS Features"
fcc9f7f86c2fa2ceb8a5c16dc934fea7fa6887f2Andreas GustafssonCLASS="chapter"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceBGCOLOR="#FFFFFF"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceTEXT="#000000"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceLINK="#0000FF"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVLINK="#840084"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceALINK="#0000FF"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="NAVHEADER"
3970098dcd2a7122541667b4b56cea8abce8ccf2Mark AndrewsSUMMARY="Header navigation table"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCELLPADDING="0"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCELLSPACING="0"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceALIGN="center"
fcc9f7f86c2fa2ceb8a5c16dc934fea7fa6887f2Andreas Gustafsson>BIND 9 Administrator Reference Manual</TH
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="bottom"
3970098dcd2a7122541667b4b56cea8abce8ccf2Mark AndrewsACCESSKEY="P"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceALIGN="center"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="bottom"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceALIGN="right"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceVALIGN="bottom"
3970098dcd2a7122541667b4b56cea8abce8ccf2Mark AndrewsACCESSKEY="N"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="chapter"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>Chapter 3. Name Server Configuration</H1
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Table of Contents</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch03.html#sample_configuration"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Sample Configurations</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Load Balancing</A
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson>Name Server Operations</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>In this section we provide some suggested configurations along
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewith guidelines for their use. We also address the topic of reasonable
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceoption setting.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect1"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect1"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNAME="sample_configuration"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>3.1. Sample Configurations</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
0707a8c04f0d350cb964ce9db07c3ed66f7442eaMark AndrewsNAME="AEN257"
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson>3.1.1. A Caching-only Name Server</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The following sample configuration is appropriate for a caching-only
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucename server for use by clients internal to a corporation. All queries
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafssonfrom outside clients are refused using the <B
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas GustafssonCLASS="command"
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson>allow-query</B
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafssonoption. Alternatively, the same effect could be achieved using suitable
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafssonfirewall rules.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> // Two corporate subnets we wish to allow queries from.
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafssonacl corpnets { 192.168.4.0/24; 192.168.7.0/24; };
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafsson directory "/etc/namedb"; // Working directory
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson allow-query { corpnets; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce// Provide a reverse mapping for the loopback address 127.0.0.1
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce type master;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
0707a8c04f0d350cb964ce9db07c3ed66f7442eaMark AndrewsNAME="AEN262"
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson>3.1.2. An Authoritative-only Name Server</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>This sample configuration is for an authoritative-only server
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethat is the master server for "<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand a slave for the subdomain "<TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> options {
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafsson directory "/etc/namedb"; // Working directory
575e532437cf7f203707765e21767db92fa1e480Mark Andrews allow-query-cache { none; }; // Do not allow access to cache
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafsson allow-query { any; }; // This is the default
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafsson recursion no; // Do not provide recursive service
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce// Provide a reverse mapping for the loopback address 127.0.0.1
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce type master;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce// We are the master server for example.com
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce type master;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce // IP addresses of slave servers allowed to transfer example.com
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce allow-transfer {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce 192.168.4.14;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce 192.168.5.53;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce// We are a slave server for eng.example.com
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce // IP address of eng.example.com master server
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce masters { 192.168.4.12; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect1"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect1"
0707a8c04f0d350cb964ce9db07c3ed66f7442eaMark AndrewsNAME="AEN268"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>3.2. Load Balancing</A
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson>A primitive form of load balancing can be achieved in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>DNS</ACRONYM
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson> by using multiple A records for one name.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>For example, if you have three WWW servers with network addresses
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof 10.0.0.1, 10.0.0.2 and 10.0.0.3, a set of records such as the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefollowing means that clients will connect to each machine one third
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof the time:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
0707a8c04f0d350cb964ce9db07c3ed66f7442eaMark AndrewsNAME="AEN273"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Resource Record (RR) Data</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>10.0.0.1</VAR
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>10.0.0.2</VAR
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>10.0.0.3</VAR
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>When a resolver queries for these records, <ACRONYM
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>BIND</ACRONYM
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> will rotate
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce them and respond to the query with the records in a different
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce order. In the example above, clients will randomly receive
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce records in the order 1, 2, 3; 2, 3, 1; and 3, 1, 2. Most clients
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce will use the first record returned and discard the rest.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>For more detail on ordering responses, check the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>rrset-order</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> substatement in the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
56f1285ca5d97d3205b74c32dc4de1ea7b69fea1Michael Sawyer> statement, see
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceHREF="Bv9ARM.ch06.html#rrset_ordering"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>RRset Ordering</I
56f1285ca5d97d3205b74c32dc4de1ea7b69fea1Michael Sawyer This substatement is not supported in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>BIND</ACRONYM
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> 9, and only the ordering scheme described above is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce available.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect1"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect1"
0707a8c04f0d350cb964ce9db07c3ed66f7442eaMark AndrewsNAME="AEN345"
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson>3.3. Name Server Operations</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
0707a8c04f0d350cb964ce9db07c3ed66f7442eaMark AndrewsNAME="AEN347"
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson>3.3.1. Tools for Use With the Name Server Daemon</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>There are several indispensable diagnostic, administrative
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand monitoring tools available to the system administrator for controlling
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafssonand debugging the name server daemon. We describe several in this
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect3"
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas GustafssonNAME="diagnostic_tools"
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson>3.3.1.1. Diagnostic Tools</A
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas GustafssonCLASS="command"
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas GustafssonCLASS="command"
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas GustafssonCLASS="command"
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson> programs are all command line tools
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafssonfor manually querying name servers. They differ in style and
fcc9f7f86c2fa2ceb8a5c16dc934fea7fa6887f2Andreas GustafssonCLASS="variablelist"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The domain information groper (<B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafssonis the most versatile and complete of these lookup tools.
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas GustafssonIt has two modes: simple interactive
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemode for a single query, and batch mode which executes a query for
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceeach in a list of several query lines. All query options are accessible
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefrom the command line.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>query-type</VAR
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>query-class</VAR
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>query-option</VAR
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>dig-option</VAR
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>comment</VAR
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The usual simple use of dig will take the form</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>dig @server domain query-type query-class</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>For more information and a list of available commands and
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceoptions, see the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> man page.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson> utility emphasizes simplicity
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafssonand ease of use. By default, it converts
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebetween host names and Internet addresses, but its functionality
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecan be extended with the use of options.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews> [-aCdlrTwv] [-c <VAR
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>timeout</VAR
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>retries</VAR
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>hostname</VAR
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>For more information and a list of available commands and
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceoptions, see the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> man page.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> has two modes: interactive
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafssonand non-interactive. Interactive mode allows the user to query name servers
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefor information about various hosts and domains or to print a list
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof hosts in a domain. Non-interactive mode is used to print just
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe name and requested information for a host or domain.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews> [-option...] [<VAR
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>host-to-find</VAR
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> | - [server]]</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Interactive mode is entered when no arguments are given (the
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafssondefault name server will be used) or when the first argument is a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucehyphen (`-') and the second argument is the host name or Internet address
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafssonof a name server.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Non-interactive mode is used when the name or Internet address
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceof the host to be looked up is given as the first argument. The
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafssonoptional second argument specifies the host name or address of a name server.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Due to its arcane user interface and frequently inconsistent
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebehavior, we do not recommend the use of <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> instead.</P
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas GustafssonNAME="admin_tools"
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson>3.3.1.2. Administrative Tools</A
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson>Administrative tools play an integral part in the management
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafssonof a server.</P
fcc9f7f86c2fa2ceb8a5c16dc934fea7fa6887f2Andreas GustafssonCLASS="variablelist"
cebe3ec7c5ba5003acc05142d4368af2a3a261e9Andreas GustafssonNAME="named-checkconf"
f1fd37f759991616d454ce371a2390da45141593Andreas GustafssonCLASS="command"
cebe3ec7c5ba5003acc05142d4368af2a3a261e9Andreas Gustafsson>named-checkconf</B
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas GustafssonCLASS="command"
cebe3ec7c5ba5003acc05142d4368af2a3a261e9Andreas Gustafsson>named-checkconf</B
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafsson checks the syntax of a <TT
f1fd37f759991616d454ce371a2390da45141593Andreas GustafssonCLASS="filename"
f1fd37f759991616d454ce371a2390da45141593Andreas GustafssonCLASS="command"
cebe3ec7c5ba5003acc05142d4368af2a3a261e9Andreas Gustafsson>named-checkconf</B
cebe3ec7c5ba5003acc05142d4368af2a3a261e9Andreas GustafssonCLASS="replaceable"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>directory</VAR
f1fd37f759991616d454ce371a2390da45141593Andreas GustafssonCLASS="replaceable"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>filename</VAR
cebe3ec7c5ba5003acc05142d4368af2a3a261e9Andreas GustafssonNAME="named-checkzone"
f1fd37f759991616d454ce371a2390da45141593Andreas GustafssonCLASS="command"
cebe3ec7c5ba5003acc05142d4368af2a3a261e9Andreas Gustafsson>named-checkzone</B
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas GustafssonCLASS="command"
cebe3ec7c5ba5003acc05142d4368af2a3a261e9Andreas Gustafsson>named-checkzone</B
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson> program checks a master file for
8e245ec21beee31a780de9b89ba1e8bb2b9f4c9aAndreas Gustafsson syntax and consistency.</P
f1fd37f759991616d454ce371a2390da45141593Andreas GustafssonCLASS="command"
d510e8695ebcce64e515ce756b1cfe8fc3e531efAndreas Gustafsson>named-checkzone</B
5b5f4cca7833343cac382387ad86ff573b185d17Mark Andrews> [-djqvD] [-c <VAR
f1fd37f759991616d454ce371a2390da45141593Andreas GustafssonCLASS="replaceable"
5b5f4cca7833343cac382387ad86ff573b185d17Mark AndrewsCLASS="replaceable"
5b5f4cca7833343cac382387ad86ff573b185d17Mark AndrewsCLASS="replaceable"
5b5f4cca7833343cac382387ad86ff573b185d17Mark Andrews>directory</VAR
5b5f4cca7833343cac382387ad86ff573b185d17Mark AndrewsCLASS="replaceable"
5b5f4cca7833343cac382387ad86ff573b185d17Mark Andrews>directory</VAR
5b5f4cca7833343cac382387ad86ff573b185d17Mark AndrewsCLASS="replaceable"
5b5f4cca7833343cac382387ad86ff573b185d17Mark Andrews>(ignore|warn|fail)</VAR
5b5f4cca7833343cac382387ad86ff573b185d17Mark AndrewsCLASS="replaceable"
5b5f4cca7833343cac382387ad86ff573b185d17Mark Andrews>(ignore|warn|fail)</VAR
f1fd37f759991616d454ce371a2390da45141593Andreas GustafssonCLASS="replaceable"
f1fd37f759991616d454ce371a2390da45141593Andreas GustafssonCLASS="replaceable"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>filename</VAR
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The remote name daemon control
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>) program allows the system
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson administrator to control the operation of a name server.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce If you run <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> without any options
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce it will display a usage message as follows:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>command</VAR
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="replaceable"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>command</VAR
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson> is one of the following:</P
f37eb9482057adf62de35e634bfd574e59676950Andreas GustafssonCLASS="variablelist"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>Reload configuration file and zones.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCLASS="replaceable"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCLASS="optional"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCLASS="replaceable"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCLASS="optional"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCLASS="replaceable"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>Reload the given zone.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>refresh <VAR
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCLASS="replaceable"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCLASS="optional"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCLASS="replaceable"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCLASS="optional"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCLASS="replaceable"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>Schedule zone maintenance for the given zone.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>retransfer <VAR
33a1b09738baba43edb02ff7d09ef510c73802d0Andreas GustafssonCLASS="replaceable"
33a1b09738baba43edb02ff7d09ef510c73802d0Andreas GustafssonCLASS="optional"
33a1b09738baba43edb02ff7d09ef510c73802d0Andreas GustafssonCLASS="replaceable"
33a1b09738baba43edb02ff7d09ef510c73802d0Andreas GustafssonCLASS="optional"
33a1b09738baba43edb02ff7d09ef510c73802d0Andreas GustafssonCLASS="replaceable"
33a1b09738baba43edb02ff7d09ef510c73802d0Andreas Gustafsson>Retransfer the given zone from the master.</P
33a1b09738baba43edb02ff7d09ef510c73802d0Andreas GustafssonCLASS="userinput"
a9f5be43488d374aeb222e8870d6b522f07530bbBrian WellingtonCLASS="replaceable"
a9f5be43488d374aeb222e8870d6b522f07530bbBrian WellingtonCLASS="optional"
a9f5be43488d374aeb222e8870d6b522f07530bbBrian WellingtonCLASS="replaceable"
a9f5be43488d374aeb222e8870d6b522f07530bbBrian WellingtonCLASS="optional"
a9f5be43488d374aeb222e8870d6b522f07530bbBrian WellingtonCLASS="replaceable"
a9f5be43488d374aeb222e8870d6b522f07530bbBrian Wellington>Suspend updates to a dynamic zone. This allows manual
a9f5be43488d374aeb222e8870d6b522f07530bbBrian Wellington edits to be made to a zone normally updated by dynamic update. It
a9f5be43488d374aeb222e8870d6b522f07530bbBrian Wellington also causes changes in the journal file to be synced into the master
a9f5be43488d374aeb222e8870d6b522f07530bbBrian Wellington and the journal file to be removed. All dynamic update attempts will
a9f5be43488d374aeb222e8870d6b522f07530bbBrian Wellington be refused while the zone is frozen.</P
a9f5be43488d374aeb222e8870d6b522f07530bbBrian WellingtonCLASS="userinput"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>unfreeze <VAR
a9f5be43488d374aeb222e8870d6b522f07530bbBrian WellingtonCLASS="replaceable"
a9f5be43488d374aeb222e8870d6b522f07530bbBrian WellingtonCLASS="optional"
a9f5be43488d374aeb222e8870d6b522f07530bbBrian WellingtonCLASS="replaceable"
a9f5be43488d374aeb222e8870d6b522f07530bbBrian WellingtonCLASS="optional"
a9f5be43488d374aeb222e8870d6b522f07530bbBrian WellingtonCLASS="replaceable"
a9f5be43488d374aeb222e8870d6b522f07530bbBrian Wellington>Enable updates to a frozen dynamic zone. This causes
a9f5be43488d374aeb222e8870d6b522f07530bbBrian Wellington the server to reload the zone from disk, and re-enables dynamic updates
a9f5be43488d374aeb222e8870d6b522f07530bbBrian Wellington after the load has completed. After a zone is unfrozen, dynamic updates
a9f5be43488d374aeb222e8870d6b522f07530bbBrian Wellington will no longer be refused.</P
a9f5be43488d374aeb222e8870d6b522f07530bbBrian WellingtonCLASS="userinput"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>reconfig</KBD
9dafd058e3cfdd8218247811cea792588ec19052Andreas Gustafsson>Reload the configuration file and load new zones,
9dafd058e3cfdd8218247811cea792588ec19052Andreas Gustafsson but do not reload existing zone files even if they have changed.
9dafd058e3cfdd8218247811cea792588ec19052Andreas Gustafsson This is faster than a full <B
9dafd058e3cfdd8218247811cea792588ec19052Andreas GustafssonCLASS="command"
9dafd058e3cfdd8218247811cea792588ec19052Andreas Gustafsson is a large number of zones because it avoids the need to examine the
9dafd058e3cfdd8218247811cea792588ec19052Andreas Gustafsson modification times of the zones files.
9dafd058e3cfdd8218247811cea792588ec19052Andreas GustafssonCLASS="userinput"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>Write server statistics to the statistics file.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>querylog</KBD
4e99bcb0603f3270ff89323d149a1fbc668e7da0Andreas Gustafsson>Toggle query logging. Query logging can also be enabled
3970098dcd2a7122541667b4b56cea8abce8ccf2Mark Andrews by explicitly directing the <B
4e99bcb0603f3270ff89323d149a1fbc668e7da0Andreas GustafssonCLASS="command"
4e99bcb0603f3270ff89323d149a1fbc668e7da0Andreas GustafssonCLASS="command"
4e99bcb0603f3270ff89323d149a1fbc668e7da0Andreas GustafssonCLASS="command"
4e99bcb0603f3270ff89323d149a1fbc668e7da0Andreas GustafssonCLASS="command"
4e99bcb0603f3270ff89323d149a1fbc668e7da0Andreas GustafssonCLASS="filename"
f37eb9482057adf62de35e634bfd574e59676950Andreas GustafssonCLASS="userinput"
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafsson>Dump the server's caches to the dump file. </P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafsson>Stop the server,
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafsson making sure any recent changes
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafsson made through dynamic update or IXFR are first saved to the master files
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafsson of the updated zones.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
aeb8fffc841865c3336383eadfd9987332a03286Andreas Gustafsson>Stop the server immediately. Recent changes
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafsson made through dynamic update or IXFR are not saved to the master files,
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafsson but will be rolled forward from the journal files when the server
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafsson is restarted.</P
f37eb9482057adf62de35e634bfd574e59676950Andreas GustafssonCLASS="userinput"
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafsson>Increment the servers debugging level by one. </P
f37eb9482057adf62de35e634bfd574e59676950Andreas GustafssonCLASS="userinput"
f37eb9482057adf62de35e634bfd574e59676950Andreas GustafssonCLASS="replaceable"
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafsson>Sets the server's debugging level to an explicit
f37eb9482057adf62de35e634bfd574e59676950Andreas GustafssonCLASS="userinput"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>notrace</KBD
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafsson>Sets the server's debugging level to 0.</P
f37eb9482057adf62de35e634bfd574e59676950Andreas GustafssonCLASS="userinput"
f37eb9482057adf62de35e634bfd574e59676950Andreas Gustafsson>Flushes the server's cache.</P
fcb841430010baef50b1fc137fec109138bf0f78Andreas GustafssonCLASS="userinput"
3970098dcd2a7122541667b4b56cea8abce8ccf2Mark Andrews>Display status of the server.
3970098dcd2a7122541667b4b56cea8abce8ccf2Mark AndrewsNote the number of zones includes the internal <B
3970098dcd2a7122541667b4b56cea8abce8ccf2Mark AndrewsCLASS="command"
3970098dcd2a7122541667b4b56cea8abce8ccf2Mark Andrewsand the default <B
3970098dcd2a7122541667b4b56cea8abce8ccf2Mark AndrewsCLASS="command"
3970098dcd2a7122541667b4b56cea8abce8ccf2Mark Andrews> hint zone if there is not a
3970098dcd2a7122541667b4b56cea8abce8ccf2Mark Andrewsexplicit root zone configured.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>BIND</ACRONYM
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCLASS="command"
ff5760e233f6ab75e33783b6dd48f961ce04d933Andreas Gustafssonsupports all the commands of the BIND 8 <B
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCLASS="command"
ff5760e233f6ab75e33783b6dd48f961ce04d933Andreas Gustafssonutility except <B
fcb841430010baef50b1fc137fec109138bf0f78Andreas GustafssonCLASS="command"
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas GustafssonCLASS="command"
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson>ndc restart</B
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson>, which were also
ff5760e233f6ab75e33783b6dd48f961ce04d933Andreas Gustafssonnot supported in <B
fcb841430010baef50b1fc137fec109138bf0f78Andreas GustafssonCLASS="command"
fcb841430010baef50b1fc137fec109138bf0f78Andreas Gustafsson>'s channel mode.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>A configuration file is required, since all
ff5760e233f6ab75e33783b6dd48f961ce04d933Andreas Gustafssoncommunication with the server is authenticated with
ff5760e233f6ab75e33783b6dd48f961ce04d933Andreas Gustafssondigital signatures that rely on a shared secret, and
ff5760e233f6ab75e33783b6dd48f961ce04d933Andreas Gustafssonthere is no way to provide that secret other than with a
ff5760e233f6ab75e33783b6dd48f961ce04d933Andreas Gustafssonconfiguration file. The default location for the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> configuration file is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>, but an alternate
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrewslocation can be specified with the <VAR
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
ff5760e233f6ab75e33783b6dd48f961ce04d933Andreas Gustafssonoption. If the configuration file is not found,
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="command"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington> will also look in
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="filename"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="varname"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>sysconfdir</VAR
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington> was defined when
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="acronym"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>BIND</ACRONYM
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington> build was configured).
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="filename"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington> file is generated by
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonCLASS="command"
33682c92e96b39c395cdb2c3feb8eb5914e7d5a8Andreas Gustafsson>rndc-confgen -a</B
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington> as described in
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian WellingtonHREF="Bv9ARM.ch06.html#controls_statement_definition_and_usage"
116dd27475e0521a033139ad5ac2355cf4b3e29bBrian Wellington>Section 6.2.4</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>The format of the configuration file is similar to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>, but limited to
ff5760e233f6ab75e33783b6dd48f961ce04d933Andreas Gustafssononly four statements, the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
adc714a24a1ae71bfcfe8833d9f314864c3f073bAndreas GustafssonCLASS="command"
ff5760e233f6ab75e33783b6dd48f961ce04d933Andreas Gustafssonstatements. These statements are what associate the
ff5760e233f6ab75e33783b6dd48f961ce04d933Andreas Gustafssonsecret keys to the servers with which they are meant to
ff5760e233f6ab75e33783b6dd48f961ce04d933Andreas Gustafssonbe shared. The order of statements is not
ff5760e233f6ab75e33783b6dd48f961ce04d933Andreas Gustafssonsignificant.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
2aca7f657de7002f8144a322148fa42c0a0c1eddAndreas Gustafsson> statement has three clauses:
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>default-server</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>default-key</B
2aca7f657de7002f8144a322148fa42c0a0c1eddAndreas GustafssonCLASS="command"
2aca7f657de7002f8144a322148fa42c0a0c1eddAndreas Gustafsson>default-port</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>default-server</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucehost name or address argument and represents the server that will
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrewsbe contacted if no <VAR
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="option"
2aca7f657de7002f8144a322148fa42c0a0c1eddAndreas Gustafssonoption is provided on the command line.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>default-key</B
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafssonthe name of a key as its argument, as defined by a <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>default-port</B
2aca7f657de7002f8144a322148fa42c0a0c1eddAndreas Gustafsson> specifies the port to which
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
2aca7f657de7002f8144a322148fa42c0a0c1eddAndreas Gustafsson> should connect if no
2aca7f657de7002f8144a322148fa42c0a0c1eddAndreas Gustafssonport is given on the command line or in a
2aca7f657de7002f8144a322148fa42c0a0c1eddAndreas GustafssonCLASS="command"
2aca7f657de7002f8144a322148fa42c0a0c1eddAndreas Gustafsson> statement.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson> statement defines an key to be used
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas GustafssonCLASS="command"
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson> when authenticating with
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas GustafssonCLASS="command"
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson>. Its syntax is identical to the
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas GustafssonCLASS="command"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark AndrewsThe keyword <KBD
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas GustafssonCLASS="userinput"
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafssonfollowed by a key name, which must be a valid
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedomain name, though it need not actually be hierarchical; thus,
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrewsa string like "<KBD
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>rndc_key</KBD
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>" is a valid name.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
2aca7f657de7002f8144a322148fa42c0a0c1eddAndreas Gustafsson> statement has two clauses:
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>algorithm</B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
2aca7f657de7002f8144a322148fa42c0a0c1eddAndreas GustafssonWhile the configuration parser will accept any string as the argument
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrewsto algorithm, currently only the string "<KBD
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>hmac-md5</KBD
2f2b07670505f41fe5743373512ae4ec719f85c3Andreas Gustafssonhas any meaning. The secret is a base-64 encoded string.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson> statement associates a key
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafssondefined using the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson> statement with a server.
2cd182921e1b04ccda0a56995c4cc491c882af04Mark AndrewsThe keyword <KBD
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas GustafssonCLASS="userinput"
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson> is followed by a
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafssonhost name or address. The <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafssonhas two clauses: <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas GustafssonCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson> clause specifies the name of the key
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafssonto be used when communicating with this server, and the
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas GustafssonCLASS="command"
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson> clause can be used to
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafssonspecify the port <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> should connect
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafssonto on the server.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>A sample minimal configuration file is as follows:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> key rndc_key {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce algorithm "hmac-md5";
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson default-server 127.0.0.1;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce default-key rndc_key;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>This file, if installed as <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewould allow the command:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="prompt"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="userinput"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>rndc reload</KBD
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson>to connect to 127.0.0.1 port 953 and cause the name server
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafssonto reload, if a name server on the local machine were running with
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefollowing controls statements:</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="programlisting"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> controls {
33682c92e96b39c395cdb2c3feb8eb5914e7d5a8Andreas Gustafsson inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>and it had an identical key statement for
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="literal"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>rndc_key</VAR
33682c92e96b39c395cdb2c3feb8eb5914e7d5a8Andreas Gustafsson>Running the <B
33682c92e96b39c395cdb2c3feb8eb5914e7d5a8Andreas GustafssonCLASS="command"
33682c92e96b39c395cdb2c3feb8eb5914e7d5a8Andreas Gustafsson>rndc-confgen</B
33682c92e96b39c395cdb2c3feb8eb5914e7d5a8Andreas Gustafssonconveniently create a <TT
33682c92e96b39c395cdb2c3feb8eb5914e7d5a8Andreas GustafssonCLASS="filename"
33682c92e96b39c395cdb2c3feb8eb5914e7d5a8Andreas Gustafssonfile for you, and also display the
33682c92e96b39c395cdb2c3feb8eb5914e7d5a8Andreas Gustafssoncorresponding <B
33682c92e96b39c395cdb2c3feb8eb5914e7d5a8Andreas GustafssonCLASS="command"
33682c92e96b39c395cdb2c3feb8eb5914e7d5a8Andreas Gustafsson> statement that you need to
33682c92e96b39c395cdb2c3feb8eb5914e7d5a8Andreas GustafssonCLASS="filename"
33682c92e96b39c395cdb2c3feb8eb5914e7d5a8Andreas Gustafsson>. Alternatively,
33682c92e96b39c395cdb2c3feb8eb5914e7d5a8Andreas GustafssonCLASS="command"
33682c92e96b39c395cdb2c3feb8eb5914e7d5a8Andreas Gustafsson>rndc-confgen -a</B
33682c92e96b39c395cdb2c3feb8eb5914e7d5a8Andreas GustafssonCLASS="filename"
33682c92e96b39c395cdb2c3feb8eb5914e7d5a8Andreas Gustafsson> file and not modify
33682c92e96b39c395cdb2c3feb8eb5914e7d5a8Andreas GustafssonCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="sect2"
5b5f4cca7833343cac382387ad86ff573b185d17Mark AndrewsNAME="AEN689"
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson>3.3.2. Signals</A
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Certain UNIX signals cause the name server to take specific
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceactions, as described in the following table. These signals can
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebe sent using the <B
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> command.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="informaltable"
5b5f4cca7833343cac382387ad86ff573b185d17Mark AndrewsNAME="AEN693"
aeb8fffc841865c3336383eadfd9987332a03286Andreas GustafssonCELLPADDING="3"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="CALSTABLE"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Causes the server to read <TT
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="filename"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucereload the database. </P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Causes the server to clean up and exit.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="command"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce>Causes the server to clean up and exit.</P
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="NAVFOOTER"
3970098dcd2a7122541667b4b56cea8abce8ccf2Mark AndrewsSUMMARY="Footer navigation table"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCELLPADDING="0"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCELLSPACING="0"
3970098dcd2a7122541667b4b56cea8abce8ccf2Mark AndrewsACCESSKEY="P"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceALIGN="center"
3970098dcd2a7122541667b4b56cea8abce8ccf2Mark AndrewsACCESSKEY="H"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceALIGN="right"
3970098dcd2a7122541667b4b56cea8abce8ccf2Mark AndrewsACCESSKEY="N"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCLASS="acronym"
2cd182921e1b04ccda0a56995c4cc491c882af04Mark Andrews>BIND</ACRONYM
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce> Resource Requirements</TD
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceALIGN="center"
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceALIGN="right"
727f5b8846457a33d06f515a10a7e1aa849ddf18Andreas Gustafsson>Advanced DNS Features</TD