d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews<HTML

ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson><HEAD

5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User><TITLE

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Name Server Configuration</TITLE

5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User><META

ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson"><LINK

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinHREF="Bv9ARM.html"><LINK

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinHREF="Bv9ARM.ch02.html"><LINK

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserHREF="Bv9ARM.ch04.html"></HEAD

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><BODY

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><DIV

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><TABLE

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><TR

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><TH

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User>BIND 9 Administrator Reference Manual</TH

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein></TR

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><TR

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><TD

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><A

2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User>Prev</A

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein></TD

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><TD

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein></TD

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><TD

2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User><A

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Next</A

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein></TD

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein></TR

2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User></TABLE

e21a2904f02a03fa06b6db04d348f65fe9c67b2bMark Andrews><HR

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinWIDTH="100%"></DIV

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><DIV

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><H1

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><A

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Chapter 3. Name Server Configuration</A

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User></H1

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><DIV

8eea877894ea5bcf5cdd9ca124a8601ad421d753Andreas Gustafsson><DL

8eea877894ea5bcf5cdd9ca124a8601ad421d753Andreas Gustafsson><DT

8eea877894ea5bcf5cdd9ca124a8601ad421d753Andreas Gustafsson><B

8eea877894ea5bcf5cdd9ca124a8601ad421d753Andreas Gustafsson>Table of Contents</B

8eea877894ea5bcf5cdd9ca124a8601ad421d753Andreas Gustafsson></DT

8eea877894ea5bcf5cdd9ca124a8601ad421d753Andreas Gustafsson><DT

8eea877894ea5bcf5cdd9ca124a8601ad421d753Andreas Gustafsson>3.1. <A

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Sample Configurations</A

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein></DT

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><DT

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>3.2. <A

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>Load Balancing</A

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User></DT

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User><DT

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>3.3. <A

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>Name Server Operations</A

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein></DT

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein></DL

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein></DIV

ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson><P

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>In this section we provide some suggested configurations along

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinwith guidelines for their use. We also address the topic of reasonable

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinoption setting.</P

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><DIV

ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson><H1

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><A

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>3.1. Sample Configurations</A

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein></H1

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><DIV

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><H2

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><A

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>3.1.1. A Caching-only Name Server</A

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein></H2

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><P

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>The following sample configuration is appropriate for a caching-only

ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafssonname server for use by clients internal to a corporation. All queries

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinfrom outside clients are refused using the <B

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>allow-query</B

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox Useroption. Alternatively, the same effect could be achieved using suitable

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinfirewall rules.</P

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><PRE

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>&#13;// Two corporate subnets we wish to allow queries from.

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinacl corpnets { 192.168.4.0/24; 192.168.7.0/24; };

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinoptions {

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein directory "/etc/namedb"; // Working directory

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein allow-query { corpnets; };

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User};

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User// Provide a reverse mapping for the loopback address 127.0.0.1

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinzone "0.0.127.in-addr.arpa" {

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User type master;

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User file "localhost.rev";

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein notify no;

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein};

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</PRE

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein></DIV

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><DIV

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><H2

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><A

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>3.1.2. An Authoritative-only Name Server</A

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein></H2

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><P

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>This sample configuration is for an authoritative-only server

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthat is the master server for "<TT

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>example.com</TT

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>"

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinand a slave for the subdomain "<TT

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>eng.example.com</TT

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>".</P

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><PRE

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>&#13;options {

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein directory "/etc/namedb"; // Working directory

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein allow-query { any; }; // This is the default

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein recursion no; // Do not provide recursive service

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein};

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein// Provide a reverse mapping for the loopback address 127.0.0.1

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinzone "0.0.127.in-addr.arpa" {

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein type master;

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein file "localhost.rev";

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein notify no;

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein};

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein// We are the master server for example.com

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinzone "example.com" {

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein type master;

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein file "example.com.db";

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein // IP addresses of slave servers allowed to transfer example.com

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User allow-transfer {

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User 192.168.4.14;

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User 192.168.5.53;

ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson };

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein};

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein// We are a slave server for eng.example.com

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinzone "eng.example.com" {

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein type slave;

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein file "eng.example.com.bk";

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein // IP address of eng.example.com master server

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein masters { 192.168.4.12; };

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein};

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</PRE

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User></DIV

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein></DIV

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><DIV

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><H1

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><A

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>3.2. Load Balancing</A

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User></H1

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><P

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>A primitive form of load balancing can be achieved in

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox Userthe <SPAN

ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson>DNS</SPAN

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User> by using multiple A records for one name.</P

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><P

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>For example, if you have three WWW servers with network addresses

ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafssonof 10.0.0.1, 10.0.0.2 and 10.0.0.3, a set of records such as the

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinfollowing means that clients will connect to each machine one third

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox Userof the time:</P

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><DIV

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><A

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein></A

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><P

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein></P

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><TABLE

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><TBODY

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><TR

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><TD

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><P

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Name</P

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein></TD

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><TD

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><P

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>TTL</P

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein></TD

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><TD

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><P

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>CLASS</P

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User></TD

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><TD

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><P

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>TYPE</P

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein></TD

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><TD

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><P

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Resource Record (RR) Data</P

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein></TD

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein></TR

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><TR

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><TD

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><P

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><TT

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>www</TT

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein></P

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein></TD

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><TD

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><P

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><TT

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>600</TT

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User></P

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein></TD

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><TD

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><P

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><TT

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>IN</TT

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein></P

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein></TD

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><TD

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><P

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><TT

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>A</TT

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein></P

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein></TD

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><TD

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><P

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><TT

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>10.0.0.1</TT

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User></P

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User></TD

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User></TR

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><TR

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><TD

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><P

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein></P

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein></TD

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><TD

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User><P

ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson><TT

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>600</TT

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User></P

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User></TD

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><TD

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><P

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><TT

ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson>IN</TT

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User></P

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User></TD

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><TD

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><P

ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson><TT

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>A</TT

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User></P

ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson></TD

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><TD

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><P

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><TT

ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson>10.0.0.2</TT

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User></P

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User></TD

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User></TR

ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson><TR

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><TD

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><P

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User></P

7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User></TD

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><TD

60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein><P

><TT

>600</TT

></P

></TD

><TD

><P

><TT

>IN</TT

></P

></TD

><TD

><P

><TT

>A</TT

></P

></TD

><TD

><P

><TT

>10.0.0.3</TT

></P

></TD

></TR

></TBODY

></TABLE

><P

></P

></DIV

><P

>When a resolver queries for these records, <SPAN

>BIND</SPAN

> will rotate

them and respond to the query with the records in a different

order. In the example above, clients will randomly receive

records in the order 1, 2, 3; 2, 3, 1; and 3, 1, 2. Most clients

will use the first record returned and discard the rest.</P

><P

>For more detail on ordering responses, check the

<B

>rrset-order</B

> substatement in the

<B

>options</B

> statement, see

<A

><I

>RRset Ordering</I

></A

>.

This substatement is not supported in

<SPAN

>BIND</SPAN

> 9, and only the ordering scheme described above is

available.</P

></DIV

><DIV

><H1

><A

>3.3. Name Server Operations</A

></H1

><DIV

><H2

><A

>3.3.1. Tools for Use With the Name Server Daemon</A

></H2

><P

>There are several indispensable diagnostic, administrative

and monitoring tools available to the system administrator for controlling

and debugging the name server daemon. We describe several in this

section </P

><DIV

><H3

><A

>3.3.1.1. Diagnostic Tools</A

></H3

><P

>The <B

>dig</B

>, <B

>host</B

>, and

<B

>nslookup</B

> programs are all command line tools

for manually querying name servers. They differ in style and

output format.

</P

><P

></P

><DIV

><DL

><DT

><B

>dig</B

></DT

><DD

><P

>The domain information groper (<B

>dig</B

>)

is the most versatile and complete of these lookup tools.

It has two modes: simple interactive

mode for a single query, and batch mode which executes a query for

each in a list of several query lines. All query options are accessible

from the command line.</P

><P

><B

>dig</B

> [@<TT

><I

>server</I

></TT

>] <TT

><I

>domain</I

></TT

> [<TT

><I

>query-type</I

></TT

>] [<TT

><I

>query-class</I

></TT

>] [+<TT

><I

>query-option</I

></TT

>] [-<TT

><I

>dig-option</I

></TT

>] [%<TT

><I

>comment</I

></TT

>]</P

><P

>The usual simple use of dig will take the form</P

><P

><B

>dig @server domain query-type query-class</B

></P

><P

>For more information and a list of available commands and

options, see the <B

>dig</B

> man page.</P

></DD

><DT

><B

>host</B

></DT

><DD

><P

>The <B

>host</B

> utility emphasizes simplicity

and ease of use. By default, it converts

between host names and Internet addresses, but its functionality

can be extended with the use of options.</P

><P

><B

>host</B

> [-aCdlrTwv] [-c <TT

><I

>class</I

></TT

>] [-N <TT

><I

>ndots</I

></TT

>] [-t <TT

><I

>type</I

></TT

>] [-W <TT

><I

>timeout</I

></TT

>] [-R <TT

><I

>retries</I

></TT

>] <TT

><I

>hostname</I

></TT

> [<TT

><I

>server</I

></TT

>]</P

><P

>For more information and a list of available commands and

options, see the <B

>host</B

> man page.</P

></DD

><DT

><B

>nslookup</B

></DT

><DD

><P

><B

>nslookup</B

> has two modes: interactive

and non-interactive. Interactive mode allows the user to query name servers

for information about various hosts and domains or to print a list

of hosts in a domain. Non-interactive mode is used to print just

the name and requested information for a host or domain.</P

><P

><B

>nslookup</B

> [-option...] [<TT

><I

>host-to-find</I

></TT

> | - [server]]</P

><P

>Interactive mode is entered when no arguments are given (the

default name server will be used) or when the first argument is a

hyphen (`-') and the second argument is the host name or Internet address

of a name server.</P

><P

>Non-interactive mode is used when the name or Internet address

of the host to be looked up is given as the first argument. The

optional second argument specifies the host name or address of a name server.</P

><P

>Due to its arcane user interface and frequently inconsistent

behavior, we do not recommend the use of <B

>nslookup</B

>.

Use <B

>dig</B

> instead.</P

></DD

></DL

></DIV

></DIV

><DIV

><H3

><A

>3.3.1.2. Administrative Tools</A

></H3

><P

>Administrative tools play an integral part in the management

of a server.</P

><P

></P

><DIV

><DL

><DT

><A

><B

>named-checkconf</B

></A

></DT

><DD

><P

>The <B

>named-checkconf</B

> program

checks the syntax of a <TT

>named.conf</TT

> file.</P

><P

><B

>named-checkconf</B

> [-t <TT

><I

>directory</I

></TT

>] [<TT

><I

>filename</I

></TT

>]</P

></DD

><DT

><A

><B

>named-checkzone</B

></A

></DT

><DD

><P

>The <B

>named-checkzone</B

> program checks a master file for

syntax and consistency.</P

><P

><B

>named-checkzone</B

> [-dq] [-c <TT

><I

>class</I

></TT

>] <TT

><I

>zone</I

></TT

> [<TT

><I

>filename</I

></TT

>]</P

></DD

><DT

><A

><B

>rndc</B

></A

></DT

><DD

><P

>The remote name daemon control

(<B

>rndc</B

>) program allows the system

administrator to control the operation of a name server.

If you run <B

>rndc</B

> without any options

it will display a usage message as follows:</P

><P

><B

>rndc</B

> [-c <TT

><I

>config</I

></TT

>] [-s <TT

><I

>server</I

></TT

>] [-p <TT

><I

>port</I

></TT

>] [-y <TT

><I

>key</I

></TT

>] <TT

><I

>command</I

></TT

> [<TT

><I

>command</I

></TT

>...]</P

><P

><B

>command</B

> is one of the following:</P

><P

></P

><DIV

><DL

><DT

><TT

><B

>reload</B

></TT

></DT

><DD

><P

>Reload configuration file and zones.</P

></DD

><DT

><TT

><B

>reload <TT

><I

>zone</I

></TT

>

[<SPAN

><TT

><I

>class</I

></TT

>

[<SPAN

><TT

><I

>view</I

></TT

></SPAN

>]</SPAN

>]</B

></TT

></DT

><DD

><P

>Reload the given zone.</P

></DD

><DT

><TT

><B

>refresh <TT

><I

>zone</I

></TT

>

[<SPAN

><TT

><I

>class</I

></TT

>

[<SPAN

><TT

><I

>view</I

></TT

></SPAN

>]</SPAN

>]</B

></TT

></DT

><DD

><P

>Schedule zone maintenance for the given zone.</P

></DD

><DT

><TT

><B

>retransfer <TT

><I

>zone</I

></TT

>

[<SPAN

><TT

><I

>class</I

></TT

>

[<SPAN

><TT

><I

>view</I

></TT

></SPAN

>]</SPAN

>]</B

></TT

></DT

><DD

><P

>Retransfer the given zone from the master.</P

></DD

><DT

><TT

><B

>reconfig</B

></TT

></DT

><DD

><P

>Reload the configuration file and load new zones,

but do not reload existing zone files even if they have changed.

This is faster than a full <B

>reload</B

> when there

is a large number of zones because it avoids the need to examine the

modification times of the zones files.

</P

></DD

><DT

><TT

><B

>stats</B

></TT

></DT

><DD

><P

>Write server statistics to the statistics file.</P

></DD

><DT

><TT

><B

>querylog</B

></TT

></DT

><DD

><P

>Toggle query logging. Query logging can also be enabled

by explictly directing the <B

>queries</B

>

<B

>category</B

> to a <B

>channel</B

> in the

<B

>logging</B

> section of

<TT

>named.conf</TT

>.</P

></DD

><DT

><TT

><B

>dumpdb</B

></TT

></DT

><DD

><P

>Dump the server's caches to the dump file. </P

></DD

><DT

><TT

><B

>stop</B

></TT

></DT

><DD

><P

>Stop the server,

making sure any recent changes

made through dynamic update or IXFR are first saved to the master files

of the updated zones.</P

></DD

><DT

><TT

><B

>halt</B

></TT

></DT

><DD

><P

>Stop the server immediately. Recent changes

made through dynamic update or IXFR are not saved to the master files,

but will be rolled forward from the journal files when the server

is restarted.</P

></DD

><DT

><TT

><B

>trace</B

></TT

></DT

><DD

><P

>Increment the servers debugging level by one. </P

></DD

><DT

><TT

><B

>trace <TT

><I

>level</I

></TT

></B

></TT

></DT

><DD

><P

>Sets the server's debugging level to an explicit

value.</P

></DD

><DT

><TT

><B

>notrace</B

></TT

></DT

><DD

><P

>Sets the server's debugging level to 0.</P

></DD

><DT

><TT

><B

>flush</B

></TT

></DT

><DD

><P

>Flushes the server's cache.</P

></DD

><DT

><TT

><B

>status</B

></TT

></DT

><DD

><P

>Display status of the server.</P

></DD

></DL

></DIV

><P

>In <SPAN

>BIND</SPAN

> 9.2, <B

>rndc</B

>

supports all the commands of the BIND 8 <B

>ndc</B

>

utility except <B

>ndc start</B

> and

<B

>ndc restart</B

>, which were also

not supported in <B

>ndc</B

>'s channel mode.</P

><P

>A configuration file is required, since all

communication with the server is authenticated with

digital signatures that rely on a shared secret, and

there is no way to provide that secret other than with a

configuration file. The default location for the

<B

>rndc</B

> configuration file is

<TT

>/etc/rndc.conf</TT

>, but an alternate

location can be specified with the <TT

>-c</TT

>

option. If the configuration file is not found,

<B

>rndc</B

> will also look in

<TT

>/etc/rndc.key</TT

> (or whatever

<TT

>sysconfdir</TT

> was defined when

the <SPAN

>BIND</SPAN

> build was configured).

The <TT

>rndc.key</TT

> file is generated by

running <B

>rndc-confgen -a</B

> as described in

<A

>Section 6.2.4</A

>.</P

><P

>The format of the configuration file is similar to

that of <TT

>named.conf</TT

>, but limited to

only four statements, the <B

>options</B

>,

<B

>key</B

>, <B

>server</B

> and

<B

>include</B

>

statements. These statements are what associate the

secret keys to the servers with which they are meant to

be shared. The order of statements is not

significant.</P

><P

>The <B

>options</B

> statement has three clauses:

<B

>default-server</B

>, <B

>default-key</B

>,

and <B

>default-port</B

>.

<B

>default-server</B

> takes a

host name or address argument and represents the server that will

be contacted if no <TT

>-s</TT

>

option is provided on the command line.

<B

>default-key</B

> takes

the name of a key as its argument, as defined by a <B

>key</B

> statement.

<B

>default-port</B

> specifies the port to which

<B

>rndc</B

> should connect if no

port is given on the command line or in a

<B

>server</B

> statement.</P

><P

>The <B

>key</B

> statement defines an key to be used

by <B

>rndc</B

> when authenticating with

<B

>named</B

>. Its syntax is identical to the

<B

>key</B

> statement in named.conf.

The keyword <TT

><B

>key</B

></TT

> is

followed by a key name, which must be a valid

domain name, though it need not actually be hierarchical; thus,

a string like "<TT

><B

>rndc_key</B

></TT

>" is a valid name.

The <B

>key</B

> statement has two clauses:

<B

>algorithm</B

> and <B

>secret</B

>.

While the configuration parser will accept any string as the argument

to algorithm, currently only the string "<TT

><B

>hmac-md5</B

></TT

>"

has any meaning. The secret is a base-64 encoded string.</P

><P

>The <B

>server</B

> statement associates a key

defined using the <B

>key</B

> statement with a server.

The keyword <TT

><B

>server</B

></TT

> is followed by a

host name or address. The <B

>server</B

> statement

has two clauses: <B

>key</B

> and <B

>port</B

>.

The <B

>key</B

> clause specifies the name of the key

to be used when communicating with this server, and the

<B

>port</B

> clause can be used to

specify the port <B

>rndc</B

> should connect

to on the server.</P

><P

>A sample minimal configuration file is as follows:</P

><PRE

>&#13;key rndc_key {

algorithm "hmac-md5";

secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";

};

options {

default-server 127.0.0.1;

default-key rndc_key;

};

</PRE

><P

>This file, if installed as <TT

>/etc/rndc.conf</TT

>,

would allow the command:</P

><P

><TT

>$ </TT

><TT

><B

>rndc reload</B

></TT

></P

><P

>to connect to 127.0.0.1 port 953 and cause the name server

to reload, if a name server on the local machine were running with

following controls statements:</P

><PRE

>&#13;controls {

inet 127.0.0.1 allow { localhost; } keys { rndc_key; };

};

</PRE

><P

>and it had an identical key statement for

<TT

>rndc_key</TT

>.</P

><P

>Running the <B

>rndc-confgen</B

> program will

conveniently create a <TT

>rndc.conf</TT

>

file for you, and also display the

corresponding <B

>controls</B

> statement that you need to

add to <TT

>named.conf</TT

>. Alternatively,

you can run <B

>rndc-confgen -a</B

> to set up

a <TT

>rndc.key</TT

> file and not modify

<TT

>named.conf</TT

> at all.

</P

></DD

></DL

></DIV

></DIV

></DIV

><DIV

><H2

><A

>3.3.2. Signals</A

></H2

><P

>Certain UNIX signals cause the name server to take specific

actions, as described in the following table. These signals can

be sent using the <B

>kill</B

> command.</P

><DIV

><A

></A

><P

></P

><TABLE

><TBODY

><TR

><TD

><P

><B

>SIGHUP</B

></P

></TD

><TD

><P

>Causes the server to read <TT

>named.conf</TT

> and

reload the database. </P

></TD

></TR

><TR

><TD

><P

><B

>SIGTERM</B

></P

></TD

><TD

><P

>Causes the server to clean up and exit.</P

></TD

></TR

><TR

><TD

>&#13;<P

><B

>SIGINT</B

></P

>

</TD

><TD

><P

>Causes the server to clean up and exit.</P

></TD

></TR

></TBODY

></TABLE

><P

></P

></DIV

></DIV

></DIV

></DIV

><DIV

><HR

WIDTH="100%"><TABLE

><TR

><TD

><A

>Prev</A

></TD

><TD

><A

>Home</A

></TD

><TD

><A

>Next</A

></TD