doc/arm/Bv9ARM.ch03.html

	Bv9ARM.ch03.html revision 5a4557e8de2951a2796676b5ec4b6a90caa5be14
ad53c2449238379699243be05926645262e9581eChristian Maeder<!--
306763c67bb99228487345b32ab8c5c6cd41f23cChristian Maeder - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
7968d3a131e5a684ec1ff0c6d88aae638549153dChristian Maeder - Copyright (C) 2000-2003 Internet Software Consortium.
97018cf5fa25b494adffd7e9b4e87320dae6bf47Christian Maeder -
306763c67bb99228487345b32ab8c5c6cd41f23cChristian Maeder - Permission to use, copy, modify, and distribute this software for any
b4fbc96e05117839ca409f5f20f97b3ac872d1edTill Mossakowski - purpose with or without fee is hereby granted, provided that the above
306763c67bb99228487345b32ab8c5c6cd41f23cChristian Maeder - copyright notice and this permission notice appear in all copies.
306763c67bb99228487345b32ab8c5c6cd41f23cChristian Maeder -
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
f3a94a197960e548ecd6520bb768cb0d547457bbChristian Maeder - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
679d3f541f7a9ede4079e045f7758873bb901872Till Mossakowski - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
306763c67bb99228487345b32ab8c5c6cd41f23cChristian Maeder - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
306763c67bb99228487345b32ab8c5c6cd41f23cChristian Maeder - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
306763c67bb99228487345b32ab8c5c6cd41f23cChristian Maeder - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder - PERFORMANCE OF THIS SOFTWARE.
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder-->
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder<!-- $Id: Bv9ARM.ch03.html,v 1.48 2005/07/19 06:12:17 marka Exp $ -->
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder<html>
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder<head>
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder<title>Chapter�3.�Name Server Configuration</title>
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder<meta name="generator" content="DocBook XSL Stylesheets V1.68.1">
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
b09c4ce9ee62d8b62f6c7bb12956a3dea4defd95Till Mossakowski<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
b09c4ce9ee62d8b62f6c7bb12956a3dea4defd95Till Mossakowski<link rel="prev" href="Bv9ARM.ch02.html" title="Chapter�2.�BIND Resource Requirements">
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder<link rel="next" href="Bv9ARM.ch04.html" title="Chapter�4.�Advanced DNS Features">
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder</head>
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder<div class="navheader">
1549f3abf73c1122acff724f718b615c82fa3648Till Mossakowski<table width="100%" summary="Navigation header">
db44129e456bdfdb1044845dd0c64dbcb6c1f7d8Klaus Luettich<tr><th colspan="3" align="center">Chapter�3.�Name Server Configuration</th></tr>
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder<tr>
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder<td width="20%" align="left">
ba904a15082557e939db689fcfba0c68c9a4f740Christian Maeder<a accesskey="p" href="Bv9ARM.ch02.html">Prev</a>�</td>
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder<th width="60%" align="center">�</th>
ba904a15082557e939db689fcfba0c68c9a4f740Christian Maeder<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch04.html">Next</a>
ba904a15082557e939db689fcfba0c68c9a4f740Christian Maeder</td>
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder</tr>
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken</table>
7bf4436b6f9987b070033a323757b206c898c1beChristian Maeder<hr>
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder</div>
ba904a15082557e939db689fcfba0c68c9a4f740Christian Maeder<div class="chapter" lang="en">
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder<div class="titlepage"><div><div><h2 class="title">
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder<a name="Bv9ARM.ch03"></a>Chapter�3.�Name Server Configuration</h2></div></div></div>
0799b5dc3f06d2640e66e9ab54b8b217348fd719Christian Maeder<div class="toc">
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder<p><b>Table of Contents</b></p>
95932c57191afb21b59187129e4fed66250500ecMaciek Makowski<dl>
9603ad7198b72e812688ad7970e4eac4b553837aKlaus Luettich<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
4ea99e115bbade1632815267d5e0dcb9931aac1eChristian Maeder<dd><dl>
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2537924">A Caching-only Name Server</a></span></dt>
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2537940">An Authoritative-only Name Server</a></span></dt>
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder</dl></dd>
ba904a15082557e939db689fcfba0c68c9a4f740Christian Maeder<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2538030">Load Balancing</a></span></dt>
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2538454">Name Server Operations</a></span></dt>
58b671de3fe578346fef9642ffa3c5a0a0edb3cbTill Mossakowski<dd><dl>
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2538459">Tools for Use With the Name Server Daemon</a></span></dt>
95932c57191afb21b59187129e4fed66250500ecMaciek Makowski<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2540208">Signals</a></span></dt>
0206ab93ef846e4e0885996d052b9b73b9dc66b0Christian Maeder</dl></dd>
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder</dl>
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder</div>
ea22277038f87c1e12539f8917d61248015e80d8Christian Maeder<p>
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder      In this section we provide some suggested configurations along
0799b5dc3f06d2640e66e9ab54b8b217348fd719Christian Maeder      with guidelines for their use.  We suggest reasonable values for
ad53c2449238379699243be05926645262e9581eChristian Maeder      certain option settings.
0799b5dc3f06d2640e66e9ab54b8b217348fd719Christian Maeder    </p>
ad53c2449238379699243be05926645262e9581eChristian Maeder<div class="sect1" lang="en">
9fa5b06733fe318e18d9b8e0ef58e5d1ec953f7cMaciek Makowski<div class="titlepage"><div><div><h2 class="title" style="clear: both">
9fa5b06733fe318e18d9b8e0ef58e5d1ec953f7cMaciek Makowski<a name="sample_configuration"></a>Sample Configurations</h2></div></div></div>
9fa5b06733fe318e18d9b8e0ef58e5d1ec953f7cMaciek Makowski<div class="sect2" lang="en">
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder<div class="titlepage"><div><div><h3 class="title">
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder<a name="id2537924"></a>A Caching-only Name Server</h3></div></div></div>
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder<p>
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder          The following sample configuration is appropriate for a caching-only
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski          name server for use by clients internal to a corporation.  All
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski          queries
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski          from outside clients are refused using the <span><strong class="command">allow-query</strong></span>
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowski          option.  Alternatively, the same effect could be achieved using
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowski          suitable
ad53c2449238379699243be05926645262e9581eChristian Maeder          firewall rules.
ad53c2449238379699243be05926645262e9581eChristian Maeder        </p>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski<pre class="programlisting">
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski// Two corporate subnets we wish to allow queries from.
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowskiacl corpnets { 192.168.4.0/24; 192.168.7.0/24; };
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowskioptions {
ad53c2449238379699243be05926645262e9581eChristian Maeder     directory "/etc/namedb";           // Working directory
5d812ccb300d5ca8b6e9474d2a644b964faf2d28Jorina Freya Gerken     allow-query { corpnets; };
5d812ccb300d5ca8b6e9474d2a644b964faf2d28Jorina Freya Gerken};
5d812ccb300d5ca8b6e9474d2a644b964faf2d28Jorina Freya Gerken// Provide a reverse mapping for the loopback address 127.0.0.1
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowskizone "0.0.127.in-addr.arpa" {
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski     type master;
aebf36d7483e5c012eff154d0b76de400d8fe3fcTill Mossakowski     file "localhost.rev";
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski     notify no;
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski};
aebf36d7483e5c012eff154d0b76de400d8fe3fcTill Mossakowski</pre>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski</div>
ad53c2449238379699243be05926645262e9581eChristian Maeder<div class="sect2" lang="en">
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski<div class="titlepage"><div><div><h3 class="title">
8a8880f1b6a0681e636480991d45dfea11d62ff8Christian Maeder<a name="id2537940"></a>An Authoritative-only Name Server</h3></div></div></div>
8a8880f1b6a0681e636480991d45dfea11d62ff8Christian Maeder<p>
8a8880f1b6a0681e636480991d45dfea11d62ff8Christian Maeder          This sample configuration is for an authoritative-only server
8a8880f1b6a0681e636480991d45dfea11d62ff8Christian Maeder          that is the master server for "<code class="filename">example.com</code>"
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder          and a slave for the subdomain "<code class="filename">eng.example.com</code>".
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowski        </p>
5d812ccb300d5ca8b6e9474d2a644b964faf2d28Jorina Freya Gerken<pre class="programlisting">
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowskioptions {
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowski     directory "/etc/namedb";           // Working directory
3c6d4005240e070a2b9fe9aaf28631328a1b0884Till Mossakowski     allow-query-cache { none; };       // Do not allow access to cache
3c6d4005240e070a2b9fe9aaf28631328a1b0884Till Mossakowski     allow-query { any; };              // This is the default
3c6d4005240e070a2b9fe9aaf28631328a1b0884Till Mossakowski     recursion no;                      // Do not provide recursive service
3c6d4005240e070a2b9fe9aaf28631328a1b0884Till Mossakowski};
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowski
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowski// Provide a reverse mapping for the loopback address 127.0.0.1
e509b6f97f98f96ef258c1c3f7968241da8bde5dTill Mossakowskizone "0.0.127.in-addr.arpa" {
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowski     type master;
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder     file "localhost.rev";
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder     notify no;
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowski};
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowski// We are the master server for example.com
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowskizone "example.com" {
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowski     type master;
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowski     file "example.com.db";
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowski     // IP addresses of slave servers allowed to transfer example.com
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowski     allow-transfer {
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowski          192.168.4.14;
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowski          192.168.5.53;
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowski     };
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowski};
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowski// We are a slave server for eng.example.com
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowskizone "eng.example.com" {
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowski     type slave;
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowski     file "eng.example.com.bk";
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder     // IP address of eng.example.com master server
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowski     masters { 192.168.4.12; };
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowski};
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowski</pre>
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowski</div>
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowski</div>
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowski<div class="sect1" lang="en">
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowski<div class="titlepage"><div><div><h2 class="title" style="clear: both">
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowski<a name="id2538030"></a>Load Balancing</h2></div></div></div>
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowski<p>
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowski        A primitive form of load balancing can be achieved in
db7143998eee23e3d781f1f1e97e953bb831df1fTill Mossakowski        the <span class="acronym">DNS</span> by using multiple A records for
e73be37c05d01fc538553efbf77c1d330cf11542Till Mossakowski        one name.
5d812ccb300d5ca8b6e9474d2a644b964faf2d28Jorina Freya Gerken      </p>
aebf36d7483e5c012eff154d0b76de400d8fe3fcTill Mossakowski<p>
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder        For example, if you have three WWW servers with network addresses
e73be37c05d01fc538553efbf77c1d330cf11542Till Mossakowski        of 10.0.0.1, 10.0.0.2 and 10.0.0.3, a set of records such as the
ad53c2449238379699243be05926645262e9581eChristian Maeder        following means that clients will connect to each machine one third
aebf36d7483e5c012eff154d0b76de400d8fe3fcTill Mossakowski        of the time:
aebf36d7483e5c012eff154d0b76de400d8fe3fcTill Mossakowski      </p>
ad53c2449238379699243be05926645262e9581eChristian Maeder<div class="informaltable"><table border="1">
ad53c2449238379699243be05926645262e9581eChristian Maeder<colgroup>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski<col>
ad53c2449238379699243be05926645262e9581eChristian Maeder<col>
e73be37c05d01fc538553efbf77c1d330cf11542Till Mossakowski<col>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski<col>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski<col>
b03274844ecd270f9e9331f51cc4236a33e2e671Christian Maeder</colgroup>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski<tbody>
f3d423459bc87648370ba5d78e8e6acd5f18473dChristian Maeder<tr>
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder<td>
38f350357e92da312d2c344352180b3dc5c1fc8aTill Mossakowski                <p>
38f350357e92da312d2c344352180b3dc5c1fc8aTill Mossakowski                  Name
878d0086bd0aae2d7ad64451035c4e78047b1cffChristian Maeder                </p>
38f350357e92da312d2c344352180b3dc5c1fc8aTill Mossakowski              </td>
38f350357e92da312d2c344352180b3dc5c1fc8aTill Mossakowski<td>
a6a23b6c37e231b4893abc461531a492a0902d37Till Mossakowski                <p>
857bdae4b78b949be5e905fb3e93f531b61a155cTill Mossakowski                  TTL
857bdae4b78b949be5e905fb3e93f531b61a155cTill Mossakowski                </p>
857bdae4b78b949be5e905fb3e93f531b61a155cTill Mossakowski              </td>
857bdae4b78b949be5e905fb3e93f531b61a155cTill Mossakowski<td>
857bdae4b78b949be5e905fb3e93f531b61a155cTill Mossakowski                <p>
857bdae4b78b949be5e905fb3e93f531b61a155cTill Mossakowski                  CLASS
a6a23b6c37e231b4893abc461531a492a0902d37Till Mossakowski                </p>
a6a23b6c37e231b4893abc461531a492a0902d37Till Mossakowski              </td>
a6a23b6c37e231b4893abc461531a492a0902d37Till Mossakowski<td>
a6a23b6c37e231b4893abc461531a492a0902d37Till Mossakowski                <p>
a6a23b6c37e231b4893abc461531a492a0902d37Till Mossakowski                  TYPE
a6a23b6c37e231b4893abc461531a492a0902d37Till Mossakowski                </p>
a6a23b6c37e231b4893abc461531a492a0902d37Till Mossakowski              </td>
a059fb5629939bb0d74da56094b12bb793759f0cChristian Maeder<td>
a059fb5629939bb0d74da56094b12bb793759f0cChristian Maeder                <p>
a059fb5629939bb0d74da56094b12bb793759f0cChristian Maeder                  Resource Record (RR) Data
a059fb5629939bb0d74da56094b12bb793759f0cChristian Maeder                </p>
a6a23b6c37e231b4893abc461531a492a0902d37Till Mossakowski              </td>
857bdae4b78b949be5e905fb3e93f531b61a155cTill Mossakowski</tr>
709653bffee501341e2fdc55b9223e4921047c65Till Mossakowski<tr>
7968d3a131e5a684ec1ff0c6d88aae638549153dChristian Maeder<td>
7968d3a131e5a684ec1ff0c6d88aae638549153dChristian Maeder                <p>
7968d3a131e5a684ec1ff0c6d88aae638549153dChristian Maeder                  <code class="literal">www</code>
7968d3a131e5a684ec1ff0c6d88aae638549153dChristian Maeder                </p>
709653bffee501341e2fdc55b9223e4921047c65Till Mossakowski              </td>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski<td>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski                <p>
ad53c2449238379699243be05926645262e9581eChristian Maeder                  <code class="literal">600</code>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski                </p>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski              </td>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski<td>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski                <p>
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder                  <code class="literal">IN</code>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski                </p>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski              </td>
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder<td>
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder                <p>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski                  <code class="literal">A</code>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski                </p>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski              </td>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski<td>
a6a23b6c37e231b4893abc461531a492a0902d37Till Mossakowski                <p>
a6a23b6c37e231b4893abc461531a492a0902d37Till Mossakowski                  <code class="literal">10.0.0.1</code>
4b90b9ff831e2c5b7ecbff6e18dff45646571e35Till Mossakowski                </p>
4b90b9ff831e2c5b7ecbff6e18dff45646571e35Till Mossakowski              </td>
4b90b9ff831e2c5b7ecbff6e18dff45646571e35Till Mossakowski</tr>
4b90b9ff831e2c5b7ecbff6e18dff45646571e35Till Mossakowski<tr>
4b90b9ff831e2c5b7ecbff6e18dff45646571e35Till Mossakowski<td>
4b90b9ff831e2c5b7ecbff6e18dff45646571e35Till Mossakowski                <p></p>
a6a23b6c37e231b4893abc461531a492a0902d37Till Mossakowski              </td>
857bdae4b78b949be5e905fb3e93f531b61a155cTill Mossakowski<td>
a6a23b6c37e231b4893abc461531a492a0902d37Till Mossakowski                <p>
a6a23b6c37e231b4893abc461531a492a0902d37Till Mossakowski                  <code class="literal">600</code>
a6a23b6c37e231b4893abc461531a492a0902d37Till Mossakowski                </p>
a6a23b6c37e231b4893abc461531a492a0902d37Till Mossakowski              </td>
a6a23b6c37e231b4893abc461531a492a0902d37Till Mossakowski<td>
a6a23b6c37e231b4893abc461531a492a0902d37Till Mossakowski                <p>
a6a23b6c37e231b4893abc461531a492a0902d37Till Mossakowski                  <code class="literal">IN</code>
a6a23b6c37e231b4893abc461531a492a0902d37Till Mossakowski                </p>
a6a23b6c37e231b4893abc461531a492a0902d37Till Mossakowski              </td>
857bdae4b78b949be5e905fb3e93f531b61a155cTill Mossakowski<td>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski                <p>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski                  <code class="literal">A</code>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski                </p>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski              </td>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski<td>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski                <p>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski                  <code class="literal">10.0.0.2</code>
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder                </p>
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder              </td>
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder</tr>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski<tr>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski<td>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski                <p></p>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski              </td>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski<td>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski                <p>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski                  <code class="literal">600</code>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski                </p>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski              </td>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski<td>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski                <p>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski                  <code class="literal">IN</code>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski                </p>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski              </td>
ad53c2449238379699243be05926645262e9581eChristian Maeder<td>
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken                <p>
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken                  <code class="literal">A</code>
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken                </p>
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken              </td>
ad53c2449238379699243be05926645262e9581eChristian Maeder<td>
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken                <p>
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken                  <code class="literal">10.0.0.3</code>
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken                </p>
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken              </td>
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken</tr>
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken</tbody>
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken</table></div>
ef3c4d0483a81254f785bdbd3e5448fdabac7a84Till Mossakowski<p>
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken        When a resolver queries for these records, <span class="acronym">BIND</span> will rotate
acb3844d61260407a69d8efda471b31423e3b143Jorina Freya Gerken        them and respond to the query with the records in a different
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken        order.  In the example above, clients will randomly receive
33fc94b09b906329ca7505caa1ddcddf67e3f8daTill Mossakowski        records in the order 1, 2, 3; 2, 3, 1; and 3, 1, 2. Most clients
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken        will use the first record returned and discard the rest.
f3d423459bc87648370ba5d78e8e6acd5f18473dChristian Maeder      </p>
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken<p>
1e3b2aa088419ed127f1fbf5741aaa09ffdf1dafTill Mossakowski        For more detail on ordering responses, check the
ad53c2449238379699243be05926645262e9581eChristian Maeder        <span><strong class="command">rrset-order</strong></span> substatement in the
1e3b2aa088419ed127f1fbf5741aaa09ffdf1dafTill Mossakowski        <span><strong class="command">options</strong></span> statement, see
ad53c2449238379699243be05926645262e9581eChristian Maeder        <a href="Bv9ARM.ch06.html#rrset_ordering">RRset Ordering</a>.
ad53c2449238379699243be05926645262e9581eChristian Maeder      </p>
1e3b2aa088419ed127f1fbf5741aaa09ffdf1dafTill Mossakowski</div>
1e3b2aa088419ed127f1fbf5741aaa09ffdf1dafTill Mossakowski<div class="sect1" lang="en">
1e3b2aa088419ed127f1fbf5741aaa09ffdf1dafTill Mossakowski<div class="titlepage"><div><div><h2 class="title" style="clear: both">
1e3b2aa088419ed127f1fbf5741aaa09ffdf1dafTill Mossakowski<a name="id2538454"></a>Name Server Operations</h2></div></div></div>
1e3b2aa088419ed127f1fbf5741aaa09ffdf1dafTill Mossakowski<div class="sect2" lang="en">
1e3b2aa088419ed127f1fbf5741aaa09ffdf1dafTill Mossakowski<div class="titlepage"><div><div><h3 class="title">
1e3b2aa088419ed127f1fbf5741aaa09ffdf1dafTill Mossakowski<a name="id2538459"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
1e3b2aa088419ed127f1fbf5741aaa09ffdf1dafTill Mossakowski<p>
ad53c2449238379699243be05926645262e9581eChristian Maeder          This section describes several indispensable diagnostic,
ad53c2449238379699243be05926645262e9581eChristian Maeder          administrative and monitoring tools available to the system
ad53c2449238379699243be05926645262e9581eChristian Maeder          administrator for controlling and debugging the name server
ad53c2449238379699243be05926645262e9581eChristian Maeder          daemon.
ad53c2449238379699243be05926645262e9581eChristian Maeder        </p>
ad53c2449238379699243be05926645262e9581eChristian Maeder<div class="sect3" lang="en">
ad53c2449238379699243be05926645262e9581eChristian Maeder<div class="titlepage"><div><div><h4 class="title">
ad53c2449238379699243be05926645262e9581eChristian Maeder<a name="diagnostic_tools"></a>Diagnostic Tools</h4></div></div></div>
ad53c2449238379699243be05926645262e9581eChristian Maeder<p>
1e3b2aa088419ed127f1fbf5741aaa09ffdf1dafTill Mossakowski            The <span><strong class="command">dig</strong></span>, <span><strong class="command">host</strong></span>, and
1e3b2aa088419ed127f1fbf5741aaa09ffdf1dafTill Mossakowski            <span><strong class="command">nslookup</strong></span> programs are all command
ad53c2449238379699243be05926645262e9581eChristian Maeder            line tools
ad53c2449238379699243be05926645262e9581eChristian Maeder            for manually querying name servers.  They differ in style and
ad53c2449238379699243be05926645262e9581eChristian Maeder            output format.
ad53c2449238379699243be05926645262e9581eChristian Maeder          </p>
1e3b2aa088419ed127f1fbf5741aaa09ffdf1dafTill Mossakowski<div class="variablelist"><dl>
1e3b2aa088419ed127f1fbf5741aaa09ffdf1dafTill Mossakowski<dt><span class="term"><a name="dig"></a><span><strong class="command">dig</strong></span></span></dt>
ad53c2449238379699243be05926645262e9581eChristian Maeder<dd>
1e3b2aa088419ed127f1fbf5741aaa09ffdf1dafTill Mossakowski<p>
1e3b2aa088419ed127f1fbf5741aaa09ffdf1dafTill Mossakowski                  The domain information groper (<span><strong class="command">dig</strong></span>)
1e3b2aa088419ed127f1fbf5741aaa09ffdf1dafTill Mossakowski                  is the most versatile and complete of these lookup tools.
1e3b2aa088419ed127f1fbf5741aaa09ffdf1dafTill Mossakowski                  It has two modes: simple interactive
1e3b2aa088419ed127f1fbf5741aaa09ffdf1dafTill Mossakowski                  mode for a single query, and batch mode which executes a
1e3b2aa088419ed127f1fbf5741aaa09ffdf1dafTill Mossakowski                  query for
1e3b2aa088419ed127f1fbf5741aaa09ffdf1dafTill Mossakowski                  each in a list of several query lines. All query options are
ad53c2449238379699243be05926645262e9581eChristian Maeder                  accessible
1e3b2aa088419ed127f1fbf5741aaa09ffdf1dafTill Mossakowski                  from the command line.
1e3b2aa088419ed127f1fbf5741aaa09ffdf1dafTill Mossakowski                </p>
1e3b2aa088419ed127f1fbf5741aaa09ffdf1dafTill Mossakowski<div class="cmdsynopsis"><p><code class="command">dig</code>  [@<em class="replaceable"><code>server</code></em>]  <em class="replaceable"><code>domain</code></em>  [<em class="replaceable"><code>query-type</code></em>] [<em class="replaceable"><code>query-class</code></em>] [+<em class="replaceable"><code>query-option</code></em>] [-<em class="replaceable"><code>dig-option</code></em>] [%<em class="replaceable"><code>comment</code></em>]</p></div>
1e3b2aa088419ed127f1fbf5741aaa09ffdf1dafTill Mossakowski<p>
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken                  The usual simple use of dig will take the form
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken                </p>
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken<p>
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken                  <span><strong class="command">dig @server domain query-type query-class</strong></span>
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken                </p>
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken<p>
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken                  For more information and a list of available commands and
629300741b3f601a33c107d1d1b3afdac9384434Christian Maeder                  options, see the <span><strong class="command">dig</strong></span> man
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken                  page.
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken                </p>
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken</dd>
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken<dt><span class="term"><span><strong class="command">host</strong></span></span></dt>
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken<dd>
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken<p>
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken                  The <span><strong class="command">host</strong></span> utility emphasizes
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken                  simplicity
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken                  and ease of use.  By default, it converts
7bf4436b6f9987b070033a323757b206c898c1beChristian Maeder                  between host names and Internet addresses, but its
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken                  functionality
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken                  can be extended with the use of options.
fae66ee8fb289b3d7c611ecf55d5824fe2cf2d1bKlaus Luettich                </p>
fae66ee8fb289b3d7c611ecf55d5824fe2cf2d1bKlaus Luettich<div class="cmdsynopsis"><p><code class="command">host</code>  [-aCdlrTwv] [-c <em class="replaceable"><code>class</code></em>] [-N <em class="replaceable"><code>ndots</code></em>] [-t <em class="replaceable"><code>type</code></em>] [-W <em class="replaceable"><code>timeout</code></em>] [-R <em class="replaceable"><code>retries</code></em>]  <em class="replaceable"><code>hostname</code></em>  [<em class="replaceable"><code>server</code></em>]</p></div>
fae66ee8fb289b3d7c611ecf55d5824fe2cf2d1bKlaus Luettich<p>
fae66ee8fb289b3d7c611ecf55d5824fe2cf2d1bKlaus Luettich                  For more information and a list of available commands and
fae66ee8fb289b3d7c611ecf55d5824fe2cf2d1bKlaus Luettich                  options, see the <span><strong class="command">host</strong></span> man
fae66ee8fb289b3d7c611ecf55d5824fe2cf2d1bKlaus Luettich                  page.
fae66ee8fb289b3d7c611ecf55d5824fe2cf2d1bKlaus Luettich                </p>
fae66ee8fb289b3d7c611ecf55d5824fe2cf2d1bKlaus Luettich</dd>
fae66ee8fb289b3d7c611ecf55d5824fe2cf2d1bKlaus Luettich<dt><span class="term"><span><strong class="command">nslookup</strong></span></span></dt>
ad53c2449238379699243be05926645262e9581eChristian Maeder<dd>
fae66ee8fb289b3d7c611ecf55d5824fe2cf2d1bKlaus Luettich<p><span><strong class="command">nslookup</strong></span>
ad53c2449238379699243be05926645262e9581eChristian Maeder                  has two modes: interactive and
fae66ee8fb289b3d7c611ecf55d5824fe2cf2d1bKlaus Luettich                  non-interactive. Interactive mode allows the user to
fae66ee8fb289b3d7c611ecf55d5824fe2cf2d1bKlaus Luettich                  query name servers for information about various
fae66ee8fb289b3d7c611ecf55d5824fe2cf2d1bKlaus Luettich                  hosts and domains or to print a list of hosts in a
fae66ee8fb289b3d7c611ecf55d5824fe2cf2d1bKlaus Luettich                  domain. Non-interactive mode is used to print just
fae66ee8fb289b3d7c611ecf55d5824fe2cf2d1bKlaus Luettich                  the name and requested information for a host or
fae66ee8fb289b3d7c611ecf55d5824fe2cf2d1bKlaus Luettich                  domain.
fae66ee8fb289b3d7c611ecf55d5824fe2cf2d1bKlaus Luettich                </p>
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken<div class="cmdsynopsis"><p><code class="command">nslookup</code>  [-option...] [[<em class="replaceable"><code>host-to-find</code></em>] |  [-  [server]]]</p></div>
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken<p>
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken                  Interactive mode is entered when no arguments are given (the
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken                  default name server will be used) or when the first argument
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken                  is a
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken                  hyphen (`-') and the second argument is the host name or
9603ad7198b72e812688ad7970e4eac4b553837aKlaus Luettich                  Internet address
9603ad7198b72e812688ad7970e4eac4b553837aKlaus Luettich                  of a name server.
9603ad7198b72e812688ad7970e4eac4b553837aKlaus Luettich                </p>
9603ad7198b72e812688ad7970e4eac4b553837aKlaus Luettich<p>
9603ad7198b72e812688ad7970e4eac4b553837aKlaus Luettich                  Non-interactive mode is used when the name or Internet
9603ad7198b72e812688ad7970e4eac4b553837aKlaus Luettich                  address
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken                  of the host to be looked up is given as the first argument.
f3d423459bc87648370ba5d78e8e6acd5f18473dChristian Maeder                  The
e220b2051a2342a9291721e6c7f408860bed01b7Jorina Freya Gerken                  optional second argument specifies the host name or address
ad53c2449238379699243be05926645262e9581eChristian Maeder                  of a name server.
321c5296f803b7b0d3662d0080b79e1e6da5ea13Till Mossakowski                </p>
f3d423459bc87648370ba5d78e8e6acd5f18473dChristian Maeder<p>
878d0086bd0aae2d7ad64451035c4e78047b1cffChristian Maeder                  Due to its arcane user interface and frequently inconsistent
878d0086bd0aae2d7ad64451035c4e78047b1cffChristian Maeder                  behavior, we do not recommend the use of <span><strong class="command">nslookup</strong></span>.
ad53c2449238379699243be05926645262e9581eChristian Maeder                  Use <span><strong class="command">dig</strong></span> instead.
878d0086bd0aae2d7ad64451035c4e78047b1cffChristian Maeder                </p>
1e3b2aa088419ed127f1fbf5741aaa09ffdf1dafTill Mossakowski</dd>
1e3b2aa088419ed127f1fbf5741aaa09ffdf1dafTill Mossakowski</dl></div>
bd1c99a7b30ceaad831559d0a4b386bd167c71c3Jorina Freya Gerken</div>
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder<div class="sect3" lang="en">
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski<div class="titlepage"><div><div><h4 class="title">
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski<a name="admin_tools"></a>Administrative Tools</h4></div></div></div>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski<p>
ad53c2449238379699243be05926645262e9581eChristian Maeder            Administrative tools play an integral part in the management
ad53c2449238379699243be05926645262e9581eChristian Maeder            of a server.
ad53c2449238379699243be05926645262e9581eChristian Maeder          </p>
ad53c2449238379699243be05926645262e9581eChristian Maeder<div class="variablelist"><dl>
ad53c2449238379699243be05926645262e9581eChristian Maeder<dt>
58b671de3fe578346fef9642ffa3c5a0a0edb3cbTill Mossakowski<a name="named-checkconf"></a><span class="term"><span><strong class="command">named-checkconf</strong></span></span>
58b671de3fe578346fef9642ffa3c5a0a0edb3cbTill Mossakowski</dt>
4fb6b13fb547e3fb7303a1b9ca55c97447c6cd26Klaus Luettich<dd>
878d0086bd0aae2d7ad64451035c4e78047b1cffChristian Maeder<p>
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder                  The <span><strong class="command">named-checkconf</strong></span> program
0799b5dc3f06d2640e66e9ab54b8b217348fd719Christian Maeder                  checks the syntax of a <code class="filename">named.conf</code> file.
321c5296f803b7b0d3662d0080b79e1e6da5ea13Till Mossakowski                </p>
321c5296f803b7b0d3662d0080b79e1e6da5ea13Till Mossakowski<div class="cmdsynopsis"><p><code class="command">named-checkconf</code>  [-jvz] [-t <em class="replaceable"><code>directory</code></em>] [<em class="replaceable"><code>filename</code></em>]</p></div>
321c5296f803b7b0d3662d0080b79e1e6da5ea13Till Mossakowski</dd>
321c5296f803b7b0d3662d0080b79e1e6da5ea13Till Mossakowski<dt>
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder<a name="named-checkzone"></a><span class="term"><span><strong class="command">named-checkzone</strong></span></span>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski</dt>
d081c2ff9a2f658a98e816a8a2e5d3239ffefa8aChristian Maeder<dd>
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder<p>
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski                  The <span><strong class="command">named-checkzone</strong></span> program
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski                  checks a master file for
8c0c8034bdf3688904ed4f40e255c09ddba63a6bTill Mossakowski                  syntax and consistency.
f3d423459bc87648370ba5d78e8e6acd5f18473dChristian Maeder                </p>
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder<div class="cmdsynopsis"><p><code class="command">named-checkzone</code>  [-djqvD] [-c <em class="replaceable"><code>class</code></em>] [-o <em class="replaceable"><code>output</code></em>] [-t <em class="replaceable"><code>directory</code></em>] [-w <em class="replaceable"><code>directory</code></em>] [-k <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-n <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-W <em class="replaceable"><code>(ignore|warn)</code></em>]  <em class="replaceable"><code>zone</code></em>  [<em class="replaceable"><code>filename</code></em>]</p></div>
58b671de3fe578346fef9642ffa3c5a0a0edb3cbTill Mossakowski</dd>
ad53c2449238379699243be05926645262e9581eChristian Maeder<dt>
7968d3a131e5a684ec1ff0c6d88aae638549153dChristian Maeder<a name="named-compilezone"></a><span class="term"><span><strong class="command">named-compilezone</strong></span></span>
58b671de3fe578346fef9642ffa3c5a0a0edb3cbTill Mossakowski</dt>
452a5aa4c71034740812eb4fec56ccd516d34b62Maciek Makowski<dd><p>
452a5aa4c71034740812eb4fec56ccd516d34b62Maciek Makowski                  Similar to <span><strong class="command">named-checkzone,</strong></span> but
452a5aa4c71034740812eb4fec56ccd516d34b62Maciek Makowski                  it always dumps the zone content to a specified file
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                  (typically in a different format).
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                </p></dd>
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder<dt>
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder<a name="rndc"></a><span class="term"><span><strong class="command">rndc</strong></span></span>
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder</dt>
b10d6cef708b7a659f2d3b367e8e0db0d03ae3f5Till Mossakowski<dd>
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder<p>
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                  The remote name daemon control
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                  (<span><strong class="command">rndc</strong></span>) program allows the
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                  system
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                  administrator to control the operation of a name server.
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                  If you run <span><strong class="command">rndc</strong></span> without any
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder                  options
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder                  it will display a usage message as follows:
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                </p>
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder<div class="cmdsynopsis"><p><code class="command">rndc</code>  [-c <em class="replaceable"><code>config</code></em>] [-s <em class="replaceable"><code>server</code></em>] [-p <em class="replaceable"><code>port</code></em>] [-y <em class="replaceable"><code>key</code></em>]  <em class="replaceable"><code>command</code></em>  [<em class="replaceable"><code>command</code></em>...]</p></div>
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder<p><span><strong class="command">command</strong></span>
95932c57191afb21b59187129e4fed66250500ecMaciek Makowski                  is one of the following:
878d0086bd0aae2d7ad64451035c4e78047b1cffChristian Maeder                </p>
878d0086bd0aae2d7ad64451035c4e78047b1cffChristian Maeder<div class="variablelist"><dl>
95932c57191afb21b59187129e4fed66250500ecMaciek Makowski<dt><span class="term"><strong class="userinput"><code>reload</code></strong></span></dt>
ad53c2449238379699243be05926645262e9581eChristian Maeder<dd><p>
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                        Reload configuration file and zones.
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                      </p></dd>
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder<dt><span class="term"><strong class="userinput"><code>reload <em class="replaceable"><code>zone</code></em>
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder                        [<span class="optional"><em class="replaceable"><code>class</code></em>
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder           [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder<dd><p>
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder                        Reload the given zone.
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder                      </p></dd>
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder<dt><span class="term"><strong class="userinput"><code>refresh <em class="replaceable"><code>zone</code></em>
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder                        [<span class="optional"><em class="replaceable"><code>class</code></em>
ad53c2449238379699243be05926645262e9581eChristian Maeder           [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder<dd><p>
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder                        Schedule zone maintenance for the given zone.
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder                      </p></dd>
ad53c2449238379699243be05926645262e9581eChristian Maeder<dt><span class="term"><strong class="userinput"><code>retransfer <em class="replaceable"><code>zone</code></em>
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder
ad53c2449238379699243be05926645262e9581eChristian Maeder                        [<span class="optional"><em class="replaceable"><code>class</code></em>
8a8880f1b6a0681e636480991d45dfea11d62ff8Christian Maeder           [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder<dd><p>
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder                        Retransfer the given zone from the master.
95932c57191afb21b59187129e4fed66250500ecMaciek Makowski                      </p></dd>
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder<dt><span class="term"><strong class="userinput"><code>freeze
95932c57191afb21b59187129e4fed66250500ecMaciek Makowski                        [<span class="optional"><em class="replaceable"><code>zone</code></em>
34bf36a3bd43cd7b078191f11bedda71299d7e63Maciek Makowski       [<span class="optional"><em class="replaceable"><code>class</code></em>
34bf36a3bd43cd7b078191f11bedda71299d7e63Maciek Makowski           [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
34bf36a3bd43cd7b078191f11bedda71299d7e63Maciek Makowski<dd><p>
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder                        Suspend updates to a dynamic zone.  If no zone is
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder                        specified
ad53c2449238379699243be05926645262e9581eChristian Maeder                        then all zones are suspended.  This allows manual
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder                        edits to be made to a zone normally updated by dynamic
629300741b3f601a33c107d1d1b3afdac9384434Christian Maeder                        update.  It
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                        also causes changes in the journal file to be synced
ad53c2449238379699243be05926645262e9581eChristian Maeder                        into the master
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                        and the journal file to be removed.  All dynamic
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder                        update attempts will
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder                        be refused while the zone is frozen.
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder                      </p></dd>
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder<dt><span class="term"><strong class="userinput"><code>thaw
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder                        [<span class="optional"><em class="replaceable"><code>zone</code></em>
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder       [<span class="optional"><em class="replaceable"><code>class</code></em>
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder           [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder<dd><p>
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder                        Enable updates to a frozen dynamic zone.  If no zone
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder                        is
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder                        specified then all frozen zones are enabled.  This
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder                        causes
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                        the server to reload the zone from disk, and
34bf36a3bd43cd7b078191f11bedda71299d7e63Maciek Makowski                        re-enables dynamic updates
ad53c2449238379699243be05926645262e9581eChristian Maeder                        after the load has completed.  After a zone is thawed,
845d5d286c34819057628dd8c3fafaf6e8578786Maciek Makowski                        dynamic updates
845d5d286c34819057628dd8c3fafaf6e8578786Maciek Makowski                        will no longer be refused.
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder                      </p></dd>
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder<dt><span class="term"><strong class="userinput"><code>notify <em class="replaceable"><code>zone</code></em>
ad53c2449238379699243be05926645262e9581eChristian Maeder                        [<span class="optional"><em class="replaceable"><code>class</code></em>
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder           [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
ad53c2449238379699243be05926645262e9581eChristian Maeder<dd><p>
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                        Resend NOTIFY messages for the zone.
8a8880f1b6a0681e636480991d45dfea11d62ff8Christian Maeder                      </p></dd>
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder<dt><span class="term"><strong class="userinput"><code>reconfig</code></strong></span></dt>
9603ad7198b72e812688ad7970e4eac4b553837aKlaus Luettich<dd><p>
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder                        Reload the configuration file and load new zones,
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder                        but do not reload existing zone files even if they
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder                        have changed.
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder                        This is faster than a full <span><strong class="command">reload</strong></span> when there
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder                        is a large number of zones because it avoids the need
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder                        to examine the
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder                        modification times of the zones files.
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder                      </p></dd>
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder<dt><span class="term"><strong class="userinput"><code>stats</code></strong></span></dt>
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder<dd><p>
e953bea49e7f0e1a43bccf2a66c5e2a2b50848e0Christian Maeder                        Write server statistics to the statistics file.
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                      </p></dd>
845d5d286c34819057628dd8c3fafaf6e8578786Maciek Makowski<dt><span class="term"><strong class="userinput"><code>querylog</code></strong></span></dt>
04d04d19fdd5320953c78ad5b6d2d11f85bc4bcfChristian Maeder<dd><p>
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                        Toggle query logging. Query logging can also be enabled
503e836b34d3abed34520eb4a0a345b5e13f248dTill Mossakowski                        by explicitly directing the <span><strong class="command">queries</strong></span>
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder                        <span><strong class="command">category</strong></span> to a
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                        <span><strong class="command">channel</strong></span> in the
95932c57191afb21b59187129e4fed66250500ecMaciek Makowski                        <span><strong class="command">logging</strong></span> section of
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder                        <code class="filename">named.conf</code> or by specifying
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder                        <span><strong class="command">querylog yes;</strong></span> in the
95932c57191afb21b59187129e4fed66250500ecMaciek Makowski                        <span><strong class="command">options</strong></span> section of
95932c57191afb21b59187129e4fed66250500ecMaciek Makowski                        <code class="filename">named.conf</code>.
34bf36a3bd43cd7b078191f11bedda71299d7e63Maciek Makowski                      </p></dd>
9fa5b06733fe318e18d9b8e0ef58e5d1ec953f7cMaciek Makowski<dt><span class="term"><strong class="userinput"><code>dumpdb
95932c57191afb21b59187129e4fed66250500ecMaciek Makowski                        [<span class="optional">-all|-cache|-zone</span>]
ad53c2449238379699243be05926645262e9581eChristian Maeder                        [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>
d081c2ff9a2f658a98e816a8a2e5d3239ffefa8aChristian Maeder<dd><p>
3468a2292bb3a53a252df0f916e4034e8e6f9dccMaciek Makowski                        Dump the server's caches (default) and / or zones to
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                        the
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                        dump file for the specified views.  If no view is
d081c2ff9a2f658a98e816a8a2e5d3239ffefa8aChristian Maeder                        specified all
3468a2292bb3a53a252df0f916e4034e8e6f9dccMaciek Makowski                        views are dumped.
95932c57191afb21b59187129e4fed66250500ecMaciek Makowski                      </p></dd>
95932c57191afb21b59187129e4fed66250500ecMaciek Makowski<dt><span class="term"><strong class="userinput"><code>stop [<span class="optional">-p</span>]</code></strong></span></dt>
95932c57191afb21b59187129e4fed66250500ecMaciek Makowski<dd><p>
95932c57191afb21b59187129e4fed66250500ecMaciek Makowski                        Stop the server, making sure any recent changes
d081c2ff9a2f658a98e816a8a2e5d3239ffefa8aChristian Maeder                        made through dynamic update or IXFR are first saved to
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder                        the master files of the updated zones.
9fa5b06733fe318e18d9b8e0ef58e5d1ec953f7cMaciek Makowski                        If -p is specified named's process id is returned.
9fa5b06733fe318e18d9b8e0ef58e5d1ec953f7cMaciek Makowski                        This allows a external process to determine when named
ad53c2449238379699243be05926645262e9581eChristian Maeder                        had completed stopping.
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder                      </p></dd>
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder<dt><span class="term"><strong class="userinput"><code>halt [<span class="optional">-p</span>]</code></strong></span></dt>
ad53c2449238379699243be05926645262e9581eChristian Maeder<dd><p>
878d0086bd0aae2d7ad64451035c4e78047b1cffChristian Maeder                        Stop the server immediately.  Recent changes
d081c2ff9a2f658a98e816a8a2e5d3239ffefa8aChristian Maeder                        made through dynamic update or IXFR are not saved to
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder                        the master files, but will be rolled forward from the
95932c57191afb21b59187129e4fed66250500ecMaciek Makowski                        journal files when the server is restarted.
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder                        If -p is specified named's process id is returned.
333780eae2be9f20fe46dedbf5eb46ffa0cbfd02Christian Maeder                        This allows a external process to determine when named
333780eae2be9f20fe46dedbf5eb46ffa0cbfd02Christian Maeder                        had completed halting.
333780eae2be9f20fe46dedbf5eb46ffa0cbfd02Christian Maeder                      </p></dd>
333780eae2be9f20fe46dedbf5eb46ffa0cbfd02Christian Maeder<dt><span class="term"><strong class="userinput"><code>trace</code></strong></span></dt>
b03274844ecd270f9e9331f51cc4236a33e2e671Christian Maeder<dd><p>
b03274844ecd270f9e9331f51cc4236a33e2e671Christian Maeder                        Increment the servers debugging level by one.
b03274844ecd270f9e9331f51cc4236a33e2e671Christian Maeder                      </p></dd>
b03274844ecd270f9e9331f51cc4236a33e2e671Christian Maeder<dt><span class="term"><strong class="userinput"><code>trace <em class="replaceable"><code>level</code></em></code></strong></span></dt>
9df2d5aa580dbe126ccdab057084d19cce33a6beChristian Maeder<dd><p>
9df2d5aa580dbe126ccdab057084d19cce33a6beChristian Maeder                        Sets the server's debugging level to an explicit
9df2d5aa580dbe126ccdab057084d19cce33a6beChristian Maeder                        value.
333780eae2be9f20fe46dedbf5eb46ffa0cbfd02Christian Maeder                      </p></dd>
b03274844ecd270f9e9331f51cc4236a33e2e671Christian Maeder<dt><span class="term"><strong class="userinput"><code>notrace</code></strong></span></dt>
b03274844ecd270f9e9331f51cc4236a33e2e671Christian Maeder<dd><p>
b03274844ecd270f9e9331f51cc4236a33e2e671Christian Maeder                        Sets the server's debugging level to 0.
b03274844ecd270f9e9331f51cc4236a33e2e671Christian Maeder                      </p></dd>
9df2d5aa580dbe126ccdab057084d19cce33a6beChristian Maeder<dt><span class="term"><strong class="userinput"><code>flush</code></strong></span></dt>
9df2d5aa580dbe126ccdab057084d19cce33a6beChristian Maeder<dd><p>
9df2d5aa580dbe126ccdab057084d19cce33a6beChristian Maeder                        Flushes the server's cache.
9df2d5aa580dbe126ccdab057084d19cce33a6beChristian Maeder                      </p></dd>
9df2d5aa580dbe126ccdab057084d19cce33a6beChristian Maeder<dt><span class="term"><strong class="userinput"><code>flushname</code></strong> <em class="replaceable"><code>name</code></em></span></dt>
9df2d5aa580dbe126ccdab057084d19cce33a6beChristian Maeder<dd><p>
9df2d5aa580dbe126ccdab057084d19cce33a6beChristian Maeder                        Flushes the given name from the server's cache.
9df2d5aa580dbe126ccdab057084d19cce33a6beChristian Maeder                      </p></dd>
1b05bdb88b90d3c947351f262d7ae7d68f0a4a6fTill Mossakowski<dt><span class="term"><strong class="userinput"><code>status</code></strong></span></dt>
95932c57191afb21b59187129e4fed66250500ecMaciek Makowski<dd><p>
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder                        Display status of the server.
04d04d19fdd5320953c78ad5b6d2d11f85bc4bcfChristian Maeder                        Note the number of zones includes the internal <span><strong class="command">bind/CH</strong></span> zone
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder                        and the default <span><strong class="command">/IN</strong></span>
c616e681da8c052b62e14247fea522da099ac0e4Christian Maeder                        hint zone if there is not a
95c3e5d11dcee331dc3876a9bf0c1d6daa38e2caChristian Maeder                        explicit root zone configured.
04d04d19fdd5320953c78ad5b6d2d11f85bc4bcfChristian Maeder                      </p></dd>
04d04d19fdd5320953c78ad5b6d2d11f85bc4bcfChristian Maeder<dt><span class="term"><strong class="userinput"><code>recursing</code></strong></span></dt>
04d04d19fdd5320953c78ad5b6d2d11f85bc4bcfChristian Maeder<dd><p>
04d04d19fdd5320953c78ad5b6d2d11f85bc4bcfChristian Maeder                        Dump the list of queries named is currently recursing
04d04d19fdd5320953c78ad5b6d2d11f85bc4bcfChristian Maeder                        on.
04d04d19fdd5320953c78ad5b6d2d11f85bc4bcfChristian Maeder                      </p></dd>
04d04d19fdd5320953c78ad5b6d2d11f85bc4bcfChristian Maeder</dl></div>
04d04d19fdd5320953c78ad5b6d2d11f85bc4bcfChristian Maeder<p>
04d04d19fdd5320953c78ad5b6d2d11f85bc4bcfChristian Maeder                  In <span class="acronym">BIND</span> 9.2, <span><strong class="command">rndc</strong></span>
47af295501ed5f407848f61b9943d58ccb43be29Till Mossakowski                  supports all the commands of the BIND 8 <span><strong class="command">ndc</strong></span>
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                  utility except <span><strong class="command">ndc start</strong></span> and
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                  <span><strong class="command">ndc restart</strong></span>, which were also
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                  not supported in <span><strong class="command">ndc</strong></span>'s
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                  channel mode.
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                </p>
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder<p>
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                  A configuration file is required, since all
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                  communication with the server is authenticated with
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                  digital signatures that rely on a shared secret, and
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                  there is no way to provide that secret other than with a
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                  configuration file.  The default location for the
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                  <span><strong class="command">rndc</strong></span> configuration file is
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                  <code class="filename">/etc/rndc.conf</code>, but an
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                  alternate
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                  location can be specified with the <code class="option">-c</code>
ad53c2449238379699243be05926645262e9581eChristian Maeder                  option.  If the configuration file is not found,
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                  <span><strong class="command">rndc</strong></span> will also look in
ad53c2449238379699243be05926645262e9581eChristian Maeder                  <code class="filename">/etc/rndc.key</code> (or whatever
ad53c2449238379699243be05926645262e9581eChristian Maeder                  <code class="varname">sysconfdir</code> was defined when
ad53c2449238379699243be05926645262e9581eChristian Maeder                  the <span class="acronym">BIND</span> build was
ad53c2449238379699243be05926645262e9581eChristian Maeder                  configured).
ad53c2449238379699243be05926645262e9581eChristian Maeder                  The <code class="filename">rndc.key</code> file is
ad53c2449238379699243be05926645262e9581eChristian Maeder                  generated by
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                  running <span><strong class="command">rndc-confgen -a</strong></span> as
b9804822fb178b0fc27ce967a6a8cedc42c5bf90Christian Maeder                  described in
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                  <a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and
9603ad7198b72e812688ad7970e4eac4b553837aKlaus Luettich          Usage">the section called &#8220;<span><strong class="command">controls</strong></span> Statement Definition and
4ea99e115bbade1632815267d5e0dcb9931aac1eChristian Maeder          Usage&#8221;</a>.
9603ad7198b72e812688ad7970e4eac4b553837aKlaus Luettich                </p>
4ea99e115bbade1632815267d5e0dcb9931aac1eChristian Maeder<p>
9603ad7198b72e812688ad7970e4eac4b553837aKlaus Luettich                  The format of the configuration file is similar to
42626cd6acc59504dff56b5b81043c272778c5fbTill Mossakowski                  that of <code class="filename">named.conf</code>, but
ad53c2449238379699243be05926645262e9581eChristian Maeder                  limited to
42626cd6acc59504dff56b5b81043c272778c5fbTill Mossakowski                  only four statements, the <span><strong class="command">options</strong></span>,
33fc94b09b906329ca7505caa1ddcddf67e3f8daTill Mossakowski                  <span><strong class="command">key</strong></span>, <span><strong class="command">server</strong></span> and
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                  <span><strong class="command">include</strong></span>
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                  statements.  These statements are what associate the
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                  secret keys to the servers with which they are meant to
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                  be shared.  The order of statements is not
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                  significant.
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                </p>
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder<p>
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                  The <span><strong class="command">options</strong></span> statement has
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                  three clauses:
9603ad7198b72e812688ad7970e4eac4b553837aKlaus Luettich                  <span><strong class="command">default-server</strong></span>, <span><strong class="command">default-key</strong></span>,
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                  and <span><strong class="command">default-port</strong></span>.
ad53c2449238379699243be05926645262e9581eChristian Maeder                  <span><strong class="command">default-server</strong></span> takes a
7bf4436b6f9987b070033a323757b206c898c1beChristian Maeder                  host name or address argument  and represents the server
7bf4436b6f9987b070033a323757b206c898c1beChristian Maeder                  that will
7bf4436b6f9987b070033a323757b206c898c1beChristian Maeder                  be contacted if no <code class="option">-s</code>
7bf4436b6f9987b070033a323757b206c898c1beChristian Maeder                  option is provided on the command line.
9603ad7198b72e812688ad7970e4eac4b553837aKlaus Luettich                  <span><strong class="command">default-key</strong></span> takes
ad53c2449238379699243be05926645262e9581eChristian Maeder                  the name of a key as its argument, as defined by a <span><strong class="command">key</strong></span> statement.
9603ad7198b72e812688ad7970e4eac4b553837aKlaus Luettich                  <span><strong class="command">default-port</strong></span> specifies the
7bf4436b6f9987b070033a323757b206c898c1beChristian Maeder                  port to which
7bf4436b6f9987b070033a323757b206c898c1beChristian Maeder                  <span><strong class="command">rndc</strong></span> should connect if no
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                  port is given on the command line or in a
ad53c2449238379699243be05926645262e9581eChristian Maeder                  <span><strong class="command">server</strong></span> statement.
7bf4436b6f9987b070033a323757b206c898c1beChristian Maeder                </p>
7bf4436b6f9987b070033a323757b206c898c1beChristian Maeder<p>
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                  The <span><strong class="command">key</strong></span> statement defines an
d081c2ff9a2f658a98e816a8a2e5d3239ffefa8aChristian Maeder                  key to be used
d081c2ff9a2f658a98e816a8a2e5d3239ffefa8aChristian Maeder                  by <span><strong class="command">rndc</strong></span> when authenticating
d081c2ff9a2f658a98e816a8a2e5d3239ffefa8aChristian Maeder                  with
d081c2ff9a2f658a98e816a8a2e5d3239ffefa8aChristian Maeder                  <span><strong class="command">named</strong></span>.  Its syntax is
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                  identical to the
ad53c2449238379699243be05926645262e9581eChristian Maeder                  <span><strong class="command">key</strong></span> statement in named.conf.
ad53c2449238379699243be05926645262e9581eChristian Maeder                  The keyword <strong class="userinput"><code>key</code></strong> is
ad53c2449238379699243be05926645262e9581eChristian Maeder                  followed by a key name, which must be a valid
4ea99e115bbade1632815267d5e0dcb9931aac1eChristian Maeder                  domain name, though it need not actually be hierarchical;
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                  thus,
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                  a string like "<strong class="userinput"><code>rndc_key</code></strong>" is a valid
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                  name.
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                  The <span><strong class="command">key</strong></span> statement has two
ad53c2449238379699243be05926645262e9581eChristian Maeder                  clauses:
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                  <span><strong class="command">algorithm</strong></span> and <span><strong class="command">secret</strong></span>.
ad53c2449238379699243be05926645262e9581eChristian Maeder                  While the configuration parser will accept any string as the
ad53c2449238379699243be05926645262e9581eChristian Maeder                  argument
4ea99e115bbade1632815267d5e0dcb9931aac1eChristian Maeder                  to algorithm, currently only the string "<strong class="userinput"><code>hmac-md5</code></strong>"
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                  has any meaning.  The secret is a base-64 encoded string
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                  as specified in RFC 3548.
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                </p>
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder<p>
ad53c2449238379699243be05926645262e9581eChristian Maeder                  The <span><strong class="command">server</strong></span> statement
9603ad7198b72e812688ad7970e4eac4b553837aKlaus Luettich                  associates a key
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                  defined using the <span><strong class="command">key</strong></span>
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                  statement with a server.
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                  The keyword <strong class="userinput"><code>server</code></strong> is followed by a
ad53c2449238379699243be05926645262e9581eChristian Maeder                  host name or address.  The <span><strong class="command">server</strong></span> statement
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                  has two clauses: <span><strong class="command">key</strong></span> and <span><strong class="command">port</strong></span>.
ad53c2449238379699243be05926645262e9581eChristian Maeder                  The <span><strong class="command">key</strong></span> clause specifies the
7bf4436b6f9987b070033a323757b206c898c1beChristian Maeder                  name of the key
7bf4436b6f9987b070033a323757b206c898c1beChristian Maeder                  to be used when communicating with this server, and the
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                  <span><strong class="command">port</strong></span> clause can be used to
4ea99e115bbade1632815267d5e0dcb9931aac1eChristian Maeder                  specify the port <span><strong class="command">rndc</strong></span> should
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                  connect
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                  to on the server.
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                </p>
ea22277038f87c1e12539f8917d61248015e80d8Christian Maeder<p>
7bf4436b6f9987b070033a323757b206c898c1beChristian Maeder                  A sample minimal configuration file is as follows:
26f412afa1c1d693af2d9575a5778656fc9974d8Christian Maeder                </p>
9b8c63ff208e064b99d4feeb87fd21a7b2df7e30Heng Jiang<pre class="programlisting">
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maederkey rndc_key {
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder     algorithm "hmac-md5";
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder     secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder};
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maederoptions {
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder     default-server 127.0.0.1;
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder     default-key    rndc_key;
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder};
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder</pre>
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder<p>
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                  This file, if installed as <code class="filename">/etc/rndc.conf</code>,
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                  would allow the command:
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                </p>
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder<p>
e1abb0a8a17632e11db927958ab8cf58635bdf96Christian Maeder                  <code class="prompt">$ </code><strong class="userinput"><code>rndc reload</code></strong>
ad53c2449238379699243be05926645262e9581eChristian Maeder                </p>
ad53c2449238379699243be05926645262e9581eChristian Maeder<p>
ad53c2449238379699243be05926645262e9581eChristian Maeder                  to connect to 127.0.0.1 port 953 and cause the name server
ad53c2449238379699243be05926645262e9581eChristian Maeder                  to reload, if a name server on the local machine were
                  running with
                  following controls statements:
                </p>
<pre class="programlisting">
controls {
        inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};
</pre>
<p>
                  and it had an identical key statement for
                  <code class="literal">rndc_key</code>.
                </p>
<p>
                  Running the <span><strong class="command">rndc-confgen</strong></span>
                  program will
                  conveniently create a <code class="filename">rndc.conf</code>
                  file for you, and also display the
                  corresponding <span><strong class="command">controls</strong></span>
                  statement that you need to
                  add to <code class="filename">named.conf</code>.
                  Alternatively,
                  you can run <span><strong class="command">rndc-confgen -a</strong></span>
                  to set up
                  a <code class="filename">rndc.key</code> file and not
                  modify
                  <code class="filename">named.conf</code> at all.
                </p>
</dd>
<dt>
<span class="term"><span><strong class="command">clients-per-query</strong></span>, </span><span class="term"><span><strong class="command">max-clients-per-query</strong></span></span>
</dt>
<dd>
<p><span><strong class="command">clients-per-query</strong></span>
                  and <span><strong class="command">max-clients-per-query</strong></span> set the
                  initial value (minimum) and maximum number of recursive
                  simultanious clients for any given query
                  (&lt;qname,qtype,qclass&gt;) that the server will accept
                  before dropping additional clients.  named will attempt to
                  self tune this value and changes will be logged.  The
                  default values are 10 and 100.
                </p>
<p>
                  This value should reflect how many queries come in for
                  a given name in the time it takes to resolve that name.
                  If the number of queries exceed this value named will
                  assume that it is dealing with a non-responsive zone
                  and will drop additional queries.  If it gets a response
                  after dropping queries it will raise the estimate.  The
                  estimate will then be lowered in 20 minutes if it has
                  remained unchanged.
                </p>
<p>
                  If <span><strong class="command">clients-per-query</strong></span> is set to zero
                  then there is no limit on the number of clients per query
                  and no queries will be dropped.
                </p>
<p>
                  If <span><strong class="command">max-clients-per-query</strong></span> is set to zero
                  then there is no upper bound other than imposed by
                  <span><strong class="command">recurive-clients</strong></span>.
                </p>
</dd>
</dl></div>
</div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2540208"></a>Signals</h3></div></div></div>
<p>
          Certain UNIX signals cause the name server to take specific
          actions, as described in the following table.  These signals can
          be sent using the <span><strong class="command">kill</strong></span> command.
        </p>
<div class="informaltable"><table border="1">
<colgroup>
<col>
<col>
</colgroup>
<tbody>
<tr>
<td>
                  <p><span><strong class="command">SIGHUP</strong></span></p>
                </td>
<td>
                  <p>
                    Causes the server to read <code class="filename">named.conf</code> and
                    reload the database.
                  </p>
                </td>
</tr>
<tr>
<td>
                  <p><span><strong class="command">SIGTERM</strong></span></p>
                </td>
<td>
                  <p>
                    Causes the server to clean up and exit.
                  </p>
                </td>
</tr>
<tr>
<td>
                  <p><span><strong class="command">SIGINT</strong></span></p>
                </td>
<td>
                  <p>
                    Causes the server to clean up and exit.
                  </p>
                </td>
</tr>
</tbody>
</table></div>
</div>
</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left">
<a accesskey="p" href="Bv9ARM.ch02.html">Prev</a>�</td>
<td width="20%" align="center">�</td>
<td width="40%" align="right">�<a accesskey="n" href="Bv9ARM.ch04.html">Next</a>
</td>
</tr>
<tr>
<td width="40%" align="left" valign="top">Chapter�2.�<span class="acronym">BIND</span> Resource Requirements�</td>
<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
<td width="40%" align="right" valign="top">�Chapter�4.�Advanced DNS Features</td>
</tr>
</table>
</div>
</body>
</html>