5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<html>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<head>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<title>Chapter�3.�Name Server Configuration</title>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.68.1">

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<link rel="prev" href="Bv9ARM.ch02.html" title="Chapter�2.�BIND Resource Requirements">

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<link rel="next" href="Bv9ARM.ch04.html" title="Chapter�4.�Advanced DNS Features">

9b469e3c59015b1a4899c9d8395168126fe094fdAutomatic Updater</head>

9b469e3c59015b1a4899c9d8395168126fe094fdAutomatic Updater<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="navheader">

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<table width="100%" summary="Navigation header">

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<tr><th colspan="3" align="center">Chapter�3.�Name Server Configuration</th></tr>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<tr>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<td width="20%" align="left">

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<a accesskey="p" href="Bv9ARM.ch02.html">Prev</a>�</td>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<th width="60%" align="center">�</th>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch04.html">Next</a>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</td>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</tr>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</table>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<hr>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="chapter" lang="en">

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="titlepage"><div><div><h2 class="title">

7e71f05d8643aca84914437c900cb716444507e4Tinderbox User<a name="Bv9ARM.ch03"></a>Chapter�3.�Name Server Configuration</h2></div></div></div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="toc">

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<p><b>Table of Contents</b></p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dl>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dd><dl>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2537305">A Caching-only Name Server</a></span></dt>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2537321">An Authoritative-only Name Server</a></span></dt>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</dl></dd>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2537412">Load Balancing</a></span></dt>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2537906">Name Server Operations</a></span></dt>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dd><dl>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2537911">Tools for Use With the Name Server Daemon</a></span></dt>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2539635">Signals</a></span></dt>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</dl></dd>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</dl>

7e71f05d8643aca84914437c900cb716444507e4Tinderbox User</div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews In this section we provide some suggested configurations along

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews with guidelines for their use. We also address the topic of reasonable

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User option setting.

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </p>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="sect1" lang="en">

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="titlepage"><div><div><h2 class="title" style="clear: both">

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<a name="sample_configuration"></a>Sample Configurations</h2></div></div></div>

71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews<div class="sect2" lang="en">

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="titlepage"><div><div><h3 class="title">

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<a name="id2537305"></a>A Caching-only Name Server</h3></div></div></div>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<p>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews The following sample configuration is appropriate for a caching-only

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews name server for use by clients internal to a corporation. All

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt queries

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt from outside clients are refused using the <span><strong class="command">allow-query</strong></span>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews option. Alternatively, the same effect could be achieved using

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews suitable

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User firewall rules.

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<pre class="programlisting">

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews// Two corporate subnets we wish to allow queries from.

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Huntacl corpnets { 192.168.4.0/24; 192.168.7.0/24; };

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewsoptions {

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews directory "/etc/namedb"; // Working directory

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews allow-query { corpnets; };

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User};

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews// Provide a reverse mapping for the loopback address 127.0.0.1

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Huntzone "0.0.127.in-addr.arpa" {

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews type master;

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt file "localhost.rev";

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews notify no;

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt};

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</pre>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</div>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="sect2" lang="en">

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="titlepage"><div><div><h3 class="title">

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<a name="id2537321"></a>An Authoritative-only Name Server</h3></div></div></div>

b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User<p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User This sample configuration is for an authoritative-only server

b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User that is the master server for "<code class="filename">example.com</code>"

b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User and a slave for the subdomain "<code class="filename">eng.example.com</code>".

281ed127e3ed6c7e07792c19c3bc4562f71cfa90Tinderbox User </p>

281ed127e3ed6c7e07792c19c3bc4562f71cfa90Tinderbox User<pre class="programlisting">

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox Useroptions {

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews directory "/etc/namedb"; // Working directory

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User allow-query-cache { none; }; // Do not allow access to cache

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews allow-query { any; }; // This is the default

b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User recursion no; // Do not provide recursive service

b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User};

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews// Provide a reverse mapping for the loopback address 127.0.0.1

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox Userzone "0.0.127.in-addr.arpa" {

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt type master;

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews file "localhost.rev";

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User notify no;

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews};

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User// We are the master server for example.com

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewszone "example.com" {

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt type master;

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User file "example.com.db";

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews // IP addresses of slave servers allowed to transfer example.com

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User allow-transfer {

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews 192.168.4.14;

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews 192.168.5.53;

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews };

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User};

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews// We are a slave server for eng.example.com

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox Userzone "eng.example.com" {

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt type slave;

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt file "eng.example.com.bk";

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews // IP address of eng.example.com master server

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User masters { 192.168.4.12; };

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews};

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</pre>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</div>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</div>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="sect1" lang="en">

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="titlepage"><div><div><h2 class="title" style="clear: both">

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<a name="id2537412"></a>Load Balancing</h2></div></div></div>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<p>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews A primitive form of load balancing can be achieved in

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews the <span class="acronym">DNS</span> by using multiple A records for

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews one name.

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews For example, if you have three WWW servers with network addresses

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User of 10.0.0.1, 10.0.0.2 and 10.0.0.3, a set of records such as the

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt following means that clients will connect to each machine one third

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews of the time:

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </p>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<div class="informaltable"><table border="1">

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<colgroup>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<col>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<col>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<col>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<col>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<col>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</colgroup>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<tbody>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<tr>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Name

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </p>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </td>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <p>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews TTL

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </td>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User CLASS

7e71f05d8643aca84914437c900cb716444507e4Tinderbox User </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </td>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<td>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <p>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews TYPE

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </td>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<td>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <p>

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Resource Record (RR) Data

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </p>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </td>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews</tr>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<tr>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <code class="literal">www</code>

7e71f05d8643aca84914437c900cb716444507e4Tinderbox User </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </td>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<td>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <p>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <code class="literal">600</code>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </td>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <p>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <code class="literal">IN</code>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </p>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </td>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <p>

cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User <code class="literal">A</code>

9b469e3c59015b1a4899c9d8395168126fe094fdAutomatic Updater </p>

9b469e3c59015b1a4899c9d8395168126fe094fdAutomatic Updater </td>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <p>

4abdfc917e6635a7c81d1f931a0c79227e72d025Mark Andrews <code class="literal">10.0.0.1</code>

4abdfc917e6635a7c81d1f931a0c79227e72d025Mark Andrews </p>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </td>

9b469e3c59015b1a4899c9d8395168126fe094fdAutomatic Updater</tr>

9b469e3c59015b1a4899c9d8395168126fe094fdAutomatic Updater<tr>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <p></p>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </td>

1ca759b3f5c0672b2a66bc02288fe010cabbfe37Tinderbox User<td>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <p>

5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <code class="literal">600</code>

</p>

</td>

<td>

<p>

<code class="literal">IN</code>

</p>

</td>

<td>

<p>

<code class="literal">A</code>

</p>

</td>

<td>

<p>

<code class="literal">10.0.0.2</code>

</p>

</td>

</tr>

<tr>

<td>

<p></p>

</td>

<td>

<p>

<code class="literal">600</code>

</p>

</td>

<td>

<p>

<code class="literal">IN</code>

</p>

</td>

<td>

<p>

<code class="literal">A</code>

</p>

</td>

<td>

<p>

<code class="literal">10.0.0.3</code>

</p>

</td>

</tr>

</tbody>

</table></div>

<p>

When a resolver queries for these records, <span class="acronym">BIND</span> will rotate

them and respond to the query with the records in a different

order. In the example above, clients will randomly receive

records in the order 1, 2, 3; 2, 3, 1; and 3, 1, 2. Most clients

will use the first record returned and discard the rest.

</p>

<p>

For more detail on ordering responses, check the

<span><strong class="command">rrset-order</strong></span> substatement in the

<span><strong class="command">options</strong></span> statement, see

<a href="Bv9ARM.ch06.html#rrset_ordering">RRset Ordering</a>.

This substatement is not supported in

<span class="acronym">BIND</span> 9, and only the ordering scheme

described above is

available.

</p>

</div>

<div class="sect1" lang="en">

<div class="titlepage"><div><div><h2 class="title" style="clear: both">

<a name="id2537906"></a>Name Server Operations</h2></div></div></div>

<div class="sect2" lang="en">

<div class="titlepage"><div><div><h3 class="title">

<a name="id2537911"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>

<p>

There are several indispensable diagnostic, administrative

and monitoring tools available to the system administrator for

controlling

and debugging the name server daemon. We describe several in this

section

</p>

<div class="sect3" lang="en">

<div class="titlepage"><div><div><h4 class="title">

<a name="diagnostic_tools"></a>Diagnostic Tools</h4></div></div></div>

<p>

The <span><strong class="command">dig</strong></span>, <span><strong class="command">host</strong></span>, and

<span><strong class="command">nslookup</strong></span> programs are all command

line tools

for manually querying name servers. They differ in style and

output format.

</p>

<div class="variablelist"><dl>

<dt><span class="term"><a name="dig"></a><span><strong class="command">dig</strong></span></span></dt>

<dd>

<p>

The domain information groper (<span><strong class="command">dig</strong></span>)

is the most versatile and complete of these lookup tools.

It has two modes: simple interactive

mode for a single query, and batch mode which executes a

query for

each in a list of several query lines. All query options are

accessible

from the command line.

</p>

<div class="cmdsynopsis"><p><code class="command">dig</code> [@<em class="replaceable"><code>server</code></em>] <em class="replaceable"><code>domain</code></em> [<em class="replaceable"><code>query-type</code></em>] [<em class="replaceable"><code>query-class</code></em>] [+<em class="replaceable"><code>query-option</code></em>] [-<em class="replaceable"><code>dig-option</code></em>] [%<em class="replaceable"><code>comment</code></em>]</p></div>

<p>

The usual simple use of dig will take the form

</p>

<p>

<span><strong class="command">dig @server domain query-type query-class</strong></span>

</p>

<p>

For more information and a list of available commands and

options, see the <span><strong class="command">dig</strong></span> man

page.

</p>

</dd>

<dt><span class="term"><span><strong class="command">host</strong></span></span></dt>

<dd>

<p>

The <span><strong class="command">host</strong></span> utility emphasizes

simplicity

and ease of use. By default, it converts

between host names and Internet addresses, but its

functionality

can be extended with the use of options.

</p>

<div class="cmdsynopsis"><p><code class="command">host</code> [-aCdlrTwv] [-c <em class="replaceable"><code>class</code></em>] [-N <em class="replaceable"><code>ndots</code></em>] [-t <em class="replaceable"><code>type</code></em>] [-W <em class="replaceable"><code>timeout</code></em>] [-R <em class="replaceable"><code>retries</code></em>] <em class="replaceable"><code>hostname</code></em> [<em class="replaceable"><code>server</code></em>]</p></div>

<p>

For more information and a list of available commands and

options, see the <span><strong class="command">host</strong></span> man

page.

</p>

</dd>

<dt><span class="term"><span><strong class="command">nslookup</strong></span></span></dt>

<dd>

<p><span><strong class="command">nslookup</strong></span>

has two modes: interactive and

non-interactive. Interactive mode allows the user to

query name servers for information about various

hosts and domains or to print a list of hosts in a

domain. Non-interactive mode is used to print just

the name and requested information for a host or

domain.

</p>

<div class="cmdsynopsis"><p><code class="command">nslookup</code> [-option...] [[<em class="replaceable"><code>host-to-find</code></em>] | [- [server]]]</p></div>

<p>

Interactive mode is entered when no arguments are given (the

default name server will be used) or when the first argument

is a

hyphen (`-') and the second argument is the host name or

Internet address

of a name server.

</p>

<p>

Non-interactive mode is used when the name or Internet

address

of the host to be looked up is given as the first argument.

The

optional second argument specifies the host name or address

of a name server.

</p>

<p>

Due to its arcane user interface and frequently inconsistent

behavior, we do not recommend the use of <span><strong class="command">nslookup</strong></span>.

Use <span><strong class="command">dig</strong></span> instead.

</p>

</dd>

</dl></div>

</div>

<div class="sect3" lang="en">

<div class="titlepage"><div><div><h4 class="title">

<a name="admin_tools"></a>Administrative Tools</h4></div></div></div>

<p>

Administrative tools play an integral part in the management

of a server.

</p>

<div class="variablelist"><dl>

<dt>

<a name="named-checkconf"></a><span class="term"><span><strong class="command">named-checkconf</strong></span></span>

</dt>

<dd>

<p>

The <span><strong class="command">named-checkconf</strong></span> program

checks the syntax of a <code class="filename">named.conf</code> file.

</p>

<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [-jvz] [-t <em class="replaceable"><code>directory</code></em>] [<em class="replaceable"><code>filename</code></em>]</p></div>

</dd>

<dt>

<a name="named-checkzone"></a><span class="term"><span><strong class="command">named-checkzone</strong></span></span>

</dt>

<dd>

<p>

The <span><strong class="command">named-checkzone</strong></span> program

checks a master file for

syntax and consistency.

</p>

<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [-djqvD] [-c <em class="replaceable"><code>class</code></em>] [-o <em class="replaceable"><code>output</code></em>] [-t <em class="replaceable"><code>directory</code></em>] [-w <em class="replaceable"><code>directory</code></em>] [-k <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-n <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-W <em class="replaceable"><code>(ignore|warn)</code></em>] <em class="replaceable"><code>zone</code></em> [<em class="replaceable"><code>filename</code></em>]</p></div>

</dd>

<dt>

<a name="named-compilezone"></a><span class="term"><span><strong class="command">named-compilezone</strong></span></span>

</dt>

<dd><p>

Similar to <span><strong class="command">named-checkzone,</strong></span> but

it always dumps the zone content to a specified file

(typically in a different format).

</p></dd>

<dt>

<a name="rndc"></a><span class="term"><span><strong class="command">rndc</strong></span></span>

</dt>

<dd>

<p>

The remote name daemon control

(<span><strong class="command">rndc</strong></span>) program allows the

system

administrator to control the operation of a name server.

If you run <span><strong class="command">rndc</strong></span> without any

options

it will display a usage message as follows:

</p>

<div class="cmdsynopsis"><p><code class="command">rndc</code> [-c <em class="replaceable"><code>config</code></em>] [-s <em class="replaceable"><code>server</code></em>] [-p <em class="replaceable"><code>port</code></em>] [-y <em class="replaceable"><code>key</code></em>] <em class="replaceable"><code>command</code></em> [<em class="replaceable"><code>command</code></em>...]</p></div>

<p><span><strong class="command">command</strong></span>

is one of the following:

</p>

<div class="variablelist"><dl>

<dt><span class="term"><strong class="userinput"><code>reload</code></strong></span></dt>

<dd><p>

Reload configuration file and zones.

</p></dd>

<dt><span class="term"><strong class="userinput"><code>reload <em class="replaceable"><code>zone</code></em>

[<span class="optional"><em class="replaceable"><code>class</code></em>

[<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>

<dd><p>

Reload the given zone.

</p></dd>

<dt><span class="term"><strong class="userinput"><code>refresh <em class="replaceable"><code>zone</code></em>

[<span class="optional"><em class="replaceable"><code>class</code></em>

[<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>

<dd><p>

Schedule zone maintenance for the given zone.

</p></dd>

<dt><span class="term"><strong class="userinput"><code>retransfer <em class="replaceable"><code>zone</code></em>

[<span class="optional"><em class="replaceable"><code>class</code></em>

[<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>

<dd><p>

Retransfer the given zone from the master.

</p></dd>

<dt><span class="term"><strong class="userinput"><code>freeze

[<span class="optional"><em class="replaceable"><code>zone</code></em>

[<span class="optional"><em class="replaceable"><code>class</code></em>

[<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>

<dd><p>

Suspend updates to a dynamic zone. If no zone is

specified

then all zones are suspended. This allows manual

edits to be made to a zone normally updated by dynamic

update. It

also causes changes in the journal file to be synced

into the master

and the journal file to be removed. All dynamic

update attempts will

be refused while the zone is frozen.

</p></dd>

<dt><span class="term"><strong class="userinput"><code>thaw

[<span class="optional"><em class="replaceable"><code>zone</code></em>

[<span class="optional"><em class="replaceable"><code>class</code></em>

[<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>

<dd><p>

Enable updates to a frozen dynamic zone. If no zone

is

specified then all frozen zones are enabled. This

causes

the server to reload the zone from disk, and

re-enables dynamic updates

after the load has completed. After a zone is thawed,

dynamic updates

will no longer be refused.

</p></dd>

<dt><span class="term"><strong class="userinput"><code>notify <em class="replaceable"><code>zone</code></em>

[<span class="optional"><em class="replaceable"><code>class</code></em>

[<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>

<dd><p>

Resend NOTIFY messages for the zone

</p></dd>

<dt><span class="term"><strong class="userinput"><code>reconfig</code></strong></span></dt>

<dd><p>

Reload the configuration file and load new zones,

but do not reload existing zone files even if they

have changed.

This is faster than a full <span><strong class="command">reload</strong></span> when there

is a large number of zones because it avoids the need

to examine the

modification times of the zones files.

</p></dd>

<dt><span class="term"><strong class="userinput"><code>stats</code></strong></span></dt>

<dd><p>

Write server statistics to the statistics file.

</p></dd>

<dt><span class="term"><strong class="userinput"><code>querylog</code></strong></span></dt>

<dd><p>

Toggle query logging. Query logging can also be

enabled

by explicitly directing the <span><strong class="command">queries</strong></span>

<span><strong class="command">category</strong></span> to a <span><strong class="command">channel</strong></span> in the

<span><strong class="command">logging</strong></span> section of

<code class="filename">named.conf</code>.

</p></dd>

<dt><span class="term"><strong class="userinput"><code>dumpdb

[<span class="optional">-all|-cache|-zone</span>]

[<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>

<dd><p>

Dump the server's caches (default) and / or zones to

the

dump file for the specified views. If no view is

specified all

views are dumped.

</p></dd>

<dt><span class="term"><strong class="userinput"><code>stop [<span class="optional">-p</span>]</code></strong></span></dt>

<dd><p>

Stop the server, making sure any recent changes

made through dynamic update or IXFR are first saved to

the master files

of the updated zones. If -p is specified named's

process id is returned.

</p></dd>

<dt><span class="term"><strong class="userinput"><code>halt [<span class="optional">-p</span>]</code></strong></span></dt>

<dd><p>

Stop the server immediately. Recent changes

made through dynamic update or IXFR are not saved to

the master files,

but will be rolled forward from the journal files when

the server

is restarted. If -p is specified named's process id

is returned.

</p></dd>

<dt><span class="term"><strong class="userinput"><code>trace</code></strong></span></dt>

<dd><p>

Increment the servers debugging level by one.

</p></dd>

<dt><span class="term"><strong class="userinput"><code>trace <em class="replaceable"><code>level</code></em></code></strong></span></dt>

<dd><p>

Sets the server's debugging level to an explicit

value.

</p></dd>

<dt><span class="term"><strong class="userinput"><code>notrace</code></strong></span></dt>

<dd><p>

Sets the server's debugging level to 0.

</p></dd>

<dt><span class="term"><strong class="userinput"><code>flush</code></strong></span></dt>

<dd><p>

Flushes the server's cache.

</p></dd>

<dt><span class="term"><strong class="userinput"><code>flushname</code></strong> <em class="replaceable"><code>name</code></em></span></dt>

<dd><p>

Flushes the given name from the server's cache.

</p></dd>

<dt><span class="term"><strong class="userinput"><code>flushname</code></strong> <em class="replaceable"><code>name</code></em></span></dt>

<dd><p>

Flushes the given name from the server's cache.

</p></dd>

<dt><span class="term"><strong class="userinput"><code>status</code></strong></span></dt>

<dd><p>

Display status of the server.

Note the number of zones includes the internal <span><strong class="command">bind/CH</strong></span> zone

and the default <span><strong class="command">/IN</strong></span>

hint zone if there is not a

explicit root zone configured.

</p></dd>

<dt><span class="term"><strong class="userinput"><code>recursing</code></strong></span></dt>

<dd><p>

Dump the list of queries named is currently recursing

on.

</p></dd>

<dt><span class="term"><strong class="userinput"><code>recursing</code></strong></span></dt>

<dd><p>

Dump the list of queries named is currently recursing

on.

</p></dd>

</dl></div>

<p>

In <span class="acronym">BIND</span> 9.2, <span><strong class="command">rndc</strong></span>

supports all the commands of the BIND 8 <span><strong class="command">ndc</strong></span>

utility except <span><strong class="command">ndc start</strong></span> and

<span><strong class="command">ndc restart</strong></span>, which were also

not supported in <span><strong class="command">ndc</strong></span>'s

channel mode.

</p>

<p>

A configuration file is required, since all

communication with the server is authenticated with

digital signatures that rely on a shared secret, and

there is no way to provide that secret other than with a

configuration file. The default location for the

<span><strong class="command">rndc</strong></span> configuration file is

<code class="filename">/etc/rndc.conf</code>, but an

alternate

location can be specified with the <code class="option">-c</code>

option. If the configuration file is not found,

<span><strong class="command">rndc</strong></span> will also look in

<code class="filename">/etc/rndc.key</code> (or whatever

<code class="varname">sysconfdir</code> was defined when

the <span class="acronym">BIND</span> build was

configured).

The <code class="filename">rndc.key</code> file is

generated by

running <span><strong class="command">rndc-confgen -a</strong></span> as

described in

<a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and

Usage">the section called &#8220;<span><strong class="command">controls</strong></span> Statement Definition and

Usage&#8221;</a>.

</p>

<p>

The format of the configuration file is similar to

that of <code class="filename">named.conf</code>, but

limited to

only four statements, the <span><strong class="command">options</strong></span>,

<span><strong class="command">key</strong></span>, <span><strong class="command">server</strong></span> and

<span><strong class="command">include</strong></span>

statements. These statements are what associate the

secret keys to the servers with which they are meant to

be shared. The order of statements is not

significant.

</p>

<p>

The <span><strong class="command">options</strong></span> statement has

three clauses:

<span><strong class="command">default-server</strong></span>, <span><strong class="command">default-key</strong></span>,

and <span><strong class="command">default-port</strong></span>.

<span><strong class="command">default-server</strong></span> takes a

host name or address argument and represents the server

that will

be contacted if no <code class="option">-s</code>

option is provided on the command line.

<span><strong class="command">default-key</strong></span> takes

the name of a key as its argument, as defined by a <span><strong class="command">key</strong></span> statement.

<span><strong class="command">default-port</strong></span> specifies the

port to which

<span><strong class="command">rndc</strong></span> should connect if no

port is given on the command line or in a

<span><strong class="command">server</strong></span> statement.

</p>

<p>

The <span><strong class="command">key</strong></span> statement defines an

key to be used

by <span><strong class="command">rndc</strong></span> when authenticating

with

<span><strong class="command">named</strong></span>. Its syntax is

identical to the

<span><strong class="command">key</strong></span> statement in named.conf.

The keyword <strong class="userinput"><code>key</code></strong> is

followed by a key name, which must be a valid

domain name, though it need not actually be hierarchical;

thus,

a string like "<strong class="userinput"><code>rndc_key</code></strong>" is a valid

name.

The <span><strong class="command">key</strong></span> statement has two

clauses:

<span><strong class="command">algorithm</strong></span> and <span><strong class="command">secret</strong></span>.

While the configuration parser will accept any string as the

argument

to algorithm, currently only the string "<strong class="userinput"><code>hmac-md5</code></strong>"

has any meaning. The secret is a base-64 encoded string.

</p>

<p>

The <span><strong class="command">server</strong></span> statement

associates a key

defined using the <span><strong class="command">key</strong></span>

statement with a server.

The keyword <strong class="userinput"><code>server</code></strong> is followed by a

host name or address. The <span><strong class="command">server</strong></span> statement

has two clauses: <span><strong class="command">key</strong></span> and <span><strong class="command">port</strong></span>.

The <span><strong class="command">key</strong></span> clause specifies the

name of the key

to be used when communicating with this server, and the

<span><strong class="command">port</strong></span> clause can be used to

specify the port <span><strong class="command">rndc</strong></span> should

connect

to on the server.

</p>

<p>

A sample minimal configuration file is as follows:

</p>

<pre class="programlisting">

key rndc_key {

algorithm "hmac-md5";

secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";

};

options {

default-server 127.0.0.1;

default-key rndc_key;

};

</pre>

<p>

This file, if installed as <code class="filename">/etc/rndc.conf</code>,

would allow the command:

</p>

<p>

<code class="prompt">$ </code><strong class="userinput"><code>rndc reload</code></strong>

</p>

<p>

to connect to 127.0.0.1 port 953 and cause the name server

to reload, if a name server on the local machine were

running with

following controls statements:

</p>

<pre class="programlisting">

controls {

inet 127.0.0.1 allow { localhost; } keys { rndc_key; };

};

</pre>

<p>

and it had an identical key statement for

<code class="literal">rndc_key</code>.

</p>

<p>

Running the <span><strong class="command">rndc-confgen</strong></span>

program will

conveniently create a <code class="filename">rndc.conf</code>

file for you, and also display the

corresponding <span><strong class="command">controls</strong></span>

statement that you need to

add to <code class="filename">named.conf</code>.

Alternatively,

you can run <span><strong class="command">rndc-confgen -a</strong></span>

to set up

a <code class="filename">rndc.key</code> file and not

modify

<code class="filename">named.conf</code> at all.

</p>

</dd>

</dl></div>

</div>

</div>

<div class="sect2" lang="en">

<div class="titlepage"><div><div><h3 class="title">

<a name="id2539635"></a>Signals</h3></div></div></div>

<p>

Certain UNIX signals cause the name server to take specific

actions, as described in the following table. These signals can

be sent using the <span><strong class="command">kill</strong></span> command.

</p>

<div class="informaltable"><table border="1">

<colgroup>

<col>

<col>

</colgroup>

<tbody>

<tr>

<td>

<p><span><strong class="command">SIGHUP</strong></span></p>

</td>

<td>

<p>

Causes the server to read <code class="filename">named.conf</code> and

reload the database.

</p>

</td>

</tr>

<tr>

<td>

<p><span><strong class="command">SIGTERM</strong></span></p>

</td>

<td>

<p>

Causes the server to clean up and exit.

</p>

</td>

</tr>

<tr>

<td>

<p><span><strong class="command">SIGINT</strong></span></p>

</td>

<td>

<p>

Causes the server to clean up and exit.

</p>

</td>

</tr>

</tbody>

</table></div>

</div>

</div>

</div>

<div class="navfooter">

<hr>

<table width="100%" summary="Navigation footer">

<tr>

<td width="40%" align="left">

<a accesskey="p" href="Bv9ARM.ch02.html">Prev</a>�</td>

<td width="20%" align="center">�</td>

<td width="40%" align="right">�<a accesskey="n" href="Bv9ARM.ch04.html">Next</a>

</td>

</tr>

<tr>

<td width="40%" align="left" valign="top">Chapter�2.�<span class="acronym">BIND</span> Resource Requirements�</td>

<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>

<td width="40%" align="right" valign="top">�Chapter�4.�Advanced DNS Features</td>

</tr>

</table>

</div>

</body>

</html>