c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<html>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<head>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<title>Chapter�3.�Name Server Configuration</title>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<link rel="prev" href="Bv9ARM.ch02.html" title="Chapter�2.�BIND Resource Requirements">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<link rel="next" href="Bv9ARM.ch04.html" title="Chapter�4.�Advanced DNS Features">

dbb012765c735ee0d82dedb116cdc7cf18957814Evan Hunt</head>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="navheader">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<table width="100%" summary="Navigation header">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<tr><th colspan="3" align="center">Chapter�3.�Name Server Configuration</th></tr>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<tr>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td width="20%" align="left">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<a accesskey="p" href="Bv9ARM.ch02.html">Prev</a>�</td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<th width="60%" align="center">�</th>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch04.html">Next</a>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</tr>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</table>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<hr>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="chapter" lang="en">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="titlepage"><div><div><h2 class="title">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<a name="Bv9ARM.ch03"></a>Chapter�3.�Name Server Configuration</h2></div></div></div>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<div class="toc">

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<p><b>Table of Contents</b></p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dl>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><dl>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567774">A Caching-only Name Server</a></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567995">An Authoritative-only Name Server</a></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</dl></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568018">Load Balancing</a></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568372">Name Server Operations</a></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><dl>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568377">Tools for Use With the Name Server Daemon</a></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570695">Signals</a></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</dl></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</dl>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews In this chapter we provide some suggested configurations along

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews with guidelines for their use. We suggest reasonable values for

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews certain option settings.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="sect1" lang="en">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="titlepage"><div><div><h2 class="title" style="clear: both">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<a name="sample_configuration"></a>Sample Configurations</h2></div></div></div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="sect2" lang="en">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="titlepage"><div><div><h3 class="title">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<a name="id2567774"></a>A Caching-only Name Server</h3></div></div></div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The following sample configuration is appropriate for a caching-only

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews name server for use by clients internal to a corporation. All

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews queries

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews from outside clients are refused using the <span><strong class="command">allow-query</strong></span>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews option. Alternatively, the same effect could be achieved using

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews suitable

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews firewall rules.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt<pre class="programlisting">

ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt// Two corporate subnets we wish to allow queries from.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrewsacl corpnets { 192.168.4.0/24; 192.168.7.0/24; };

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrewsoptions {

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews // Working directory

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews directory "/etc/namedb";

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews allow-query { corpnets; };

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews};

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews// Provide a reverse mapping for the loopback

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews// address 127.0.0.1

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrewszone "0.0.127.in-addr.arpa" {

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews type master;

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews file "localhost.rev";

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews notify no;

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews};

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</pre>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="sect2" lang="en">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="titlepage"><div><div><h3 class="title">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<a name="id2567995"></a>An Authoritative-only Name Server</h3></div></div></div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews This sample configuration is for an authoritative-only server

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews that is the master server for "<code class="filename">example.com</code>"

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews and a slave for the subdomain "<code class="filename">eng.example.com</code>".

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<pre class="programlisting">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrewsoptions {

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews // Working directory

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews directory "/etc/namedb";

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews // Do not allow access to cache

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews allow-query-cache { none; };

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews // This is the default

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews allow-query { any; };

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews // Do not provide recursive service

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews recursion no;

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews};

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews// Provide a reverse mapping for the loopback

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews// address 127.0.0.1

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrewszone "0.0.127.in-addr.arpa" {

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews type master;

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews file "localhost.rev";

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews notify no;

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews};

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews// We are the master server for example.com

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrewszone "example.com" {

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews type master;

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews file "example.com.db";

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews // IP addresses of slave servers allowed to

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews // transfer example.com

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews allow-transfer {

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews 192.168.4.14;

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews 192.168.5.53;

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews };

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews};

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews// We are a slave server for eng.example.com

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrewszone "eng.example.com" {

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews type slave;

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews file "eng.example.com.bk";

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews // IP address of eng.example.com master server

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews masters { 192.168.4.12; };

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews};

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</pre>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="sect1" lang="en">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="titlepage"><div><div><h2 class="title" style="clear: both">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<a name="id2568018"></a>Load Balancing</h2></div></div></div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews A primitive form of load balancing can be achieved in

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews the <acronym class="acronym">DNS</acronym> by using multiple records

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews (such as multiple A records) for one name.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews For example, if you have three WWW servers with network addresses

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews of 10.0.0.1, 10.0.0.2 and 10.0.0.3, a set of records such as the

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews following means that clients will connect to each machine one third

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt of the time:

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="informaltable"><table border="1">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<colgroup>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<col>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<col>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<col>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<col>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<col>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</colgroup>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<tbody>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<tr>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<td>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt <p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt Name

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt </p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt </td>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<td>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt <p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt TTL

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt </p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt </td>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews CLASS

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews TYPE

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Resource Record (RR) Data

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</tr>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<tr>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="literal">www</code>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </td>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<td>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt <p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="literal">600</code>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="literal">IN</code>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="literal">A</code>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="literal">10.0.0.1</code>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</tr>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<tr>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <p></p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="literal">600</code>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="literal">IN</code>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="literal">A</code>

ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt </p>

ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt </td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="literal">10.0.0.2</code>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</tr>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<tr>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <p></p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="literal">600</code>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="literal">IN</code>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="literal">A</code>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="literal">10.0.0.3</code>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</tr>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</tbody>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</table></div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews When a resolver queries for these records, <acronym class="acronym">BIND</acronym> will rotate

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews them and respond to the query with the records in a different

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews order. In the example above, clients will randomly receive

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews records in the order 1, 2, 3; 2, 3, 1; and 3, 1, 2. Most clients

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews will use the first record returned and discard the rest.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews For more detail on ordering responses, check the

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">rrset-order</strong></span> sub-statement in the

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">options</strong></span> statement, see

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <a href="Bv9ARM.ch06.html#rrset_ordering">RRset Ordering</a>.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="sect1" lang="en">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="titlepage"><div><div><h2 class="title" style="clear: both">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<a name="id2568372"></a>Name Server Operations</h2></div></div></div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="sect2" lang="en">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="titlepage"><div><div><h3 class="title">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<a name="id2568377"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews This section describes several indispensable diagnostic,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews administrative and monitoring tools available to the system

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews administrator for controlling and debugging the name server

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews daemon.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="sect3" lang="en">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="titlepage"><div><div><h4 class="title">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<a name="diagnostic_tools"></a>Diagnostic Tools</h4></div></div></div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The <span><strong class="command">dig</strong></span>, <span><strong class="command">host</strong></span>, and

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">nslookup</strong></span> programs are all command

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews line tools

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews for manually querying name servers. They differ in style and

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews output format.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="variablelist"><dl>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><a name="dig"></a><span><strong class="command">dig</strong></span></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The domain information groper (<span><strong class="command">dig</strong></span>)

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt is the most versatile and complete of these lookup tools.

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt It has two modes: simple interactive

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews mode for a single query, and batch mode which executes a

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews query for

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews each in a list of several query lines. All query options are

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews accessible

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews from the command line.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="cmdsynopsis"><p><code class="command">dig</code> [@<em class="replaceable"><code>server</code></em>] <em class="replaceable"><code>domain</code></em> [<em class="replaceable"><code>query-type</code></em>] [<em class="replaceable"><code>query-class</code></em>] [+<em class="replaceable"><code>query-option</code></em>] [-<em class="replaceable"><code>dig-option</code></em>] [%<em class="replaceable"><code>comment</code></em>]</p></div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt The usual simple use of <span><strong class="command">dig</strong></span> will take the form

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt </p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt <span><strong class="command">dig @server domain query-type query-class</strong></span>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt </p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt For more information and a list of available commands and

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt options, see the <span><strong class="command">dig</strong></span> man

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt page.

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt </p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt</dd>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<dt><span class="term"><span><strong class="command">host</strong></span></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The <span><strong class="command">host</strong></span> utility emphasizes

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews simplicity

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews and ease of use. By default, it converts

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews between host names and Internet addresses, but its

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews functionality

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews can be extended with the use of options.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="cmdsynopsis"><p><code class="command">host</code> [-aCdlnrsTwv] [-c <em class="replaceable"><code>class</code></em>] [-N <em class="replaceable"><code>ndots</code></em>] [-t <em class="replaceable"><code>type</code></em>] [-W <em class="replaceable"><code>timeout</code></em>] [-R <em class="replaceable"><code>retries</code></em>] [-m <em class="replaceable"><code>flag</code></em>] [-4] [-6] <em class="replaceable"><code>hostname</code></em> [<em class="replaceable"><code>server</code></em>]</p></div>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt For more information and a list of available commands and

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews options, see the <span><strong class="command">host</strong></span> man

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews page.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><span><strong class="command">nslookup</strong></span></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p><span><strong class="command">nslookup</strong></span>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews has two modes: interactive and

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews non-interactive. Interactive mode allows the user to

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt query name servers for information about various

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews hosts and domains or to print a list of hosts in a

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt domain. Non-interactive mode is used to print just

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews the name and requested information for a host or

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews domain.

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="cmdsynopsis"><p><code class="command">nslookup</code> [-option...] [[<em class="replaceable"><code>host-to-find</code></em>] | [- [server]]]</p></div>

ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt<p>

ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt Interactive mode is entered when no arguments are given (the

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews default name server will be used) or when the first argument

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt is a

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt hyphen (`-') and the second argument is the host name or

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Internet address

12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt of a name server.

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt </p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Non-interactive mode is used when the name or Internet

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews address

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews of the host to be looked up is given as the first argument.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews optional second argument specifies the host name or address

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews of a name server.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Due to its arcane user interface and frequently inconsistent

1bb2f53b9f74a8ca9812cbe9243ef41190b4da14Evan Hunt behavior, we do not recommend the use of <span><strong class="command">nslookup</strong></span>.

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt Use <span><strong class="command">dig</strong></span> instead.

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt </p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt</dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</dl></div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="sect3" lang="en">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="titlepage"><div><div><h4 class="title">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<a name="admin_tools"></a>Administrative Tools</h4></div></div></div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Administrative tools play an integral part in the management

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews of a server.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="variablelist"><dl>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<a name="named-checkconf"></a><span class="term"><span><strong class="command">named-checkconf</strong></span></span>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The <span><strong class="command">named-checkconf</strong></span> program

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews checks the syntax of a <code class="filename">named.conf</code> file.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [-jvz] [-t <em class="replaceable"><code>directory</code></em>] [<em class="replaceable"><code>filename</code></em>]</p></div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<a name="named-checkzone"></a><span class="term"><span><strong class="command">named-checkzone</strong></span></span>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The <span><strong class="command">named-checkzone</strong></span> program

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews checks a master file for

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews syntax and consistency.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [-djqvD] [-c <em class="replaceable"><code>class</code></em>] [-o <em class="replaceable"><code>output</code></em>] [-t <em class="replaceable"><code>directory</code></em>] [-w <em class="replaceable"><code>directory</code></em>] [-k <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-n <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-W <em class="replaceable"><code>(ignore|warn)</code></em>] <em class="replaceable"><code>zone</code></em> [<em class="replaceable"><code>filename</code></em>]</p></div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<a name="named-compilezone"></a><span class="term"><span><strong class="command">named-compilezone</strong></span></span>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Similar to <span><strong class="command">named-checkzone,</strong></span> but

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews it always dumps the zone content to a specified file

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews (typically in a different format).

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<a name="rndc"></a><span class="term"><span><strong class="command">rndc</strong></span></span>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The remote name daemon control

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews (<span><strong class="command">rndc</strong></span>) program allows the

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews system

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews administrator to control the operation of a name server.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Since <acronym class="acronym">BIND</acronym> 9.2, <span><strong class="command">rndc</strong></span>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews supports all the commands of the BIND 8 <span><strong class="command">ndc</strong></span>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews utility except <span><strong class="command">ndc start</strong></span> and

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">ndc restart</strong></span>, which were also

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews not supported in <span><strong class="command">ndc</strong></span>'s

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews channel mode.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews If you run <span><strong class="command">rndc</strong></span> without any

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews options

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews it will display a usage message as follows:

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="cmdsynopsis"><p><code class="command">rndc</code> [-c <em class="replaceable"><code>config</code></em>] [-s <em class="replaceable"><code>server</code></em>] [-p <em class="replaceable"><code>port</code></em>] [-y <em class="replaceable"><code>key</code></em>] <em class="replaceable"><code>command</code></em> [<em class="replaceable"><code>command</code></em>...]</p></div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>The <span><strong class="command">command</strong></span>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews is one of the following:

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="variablelist"><dl>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>reload</code></strong></span></dt>

ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt<dd><p>

ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt Reload configuration file and zones.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>reload <em class="replaceable"><code>zone</code></em>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>class</code></em>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Reload the given zone.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>refresh <em class="replaceable"><code>zone</code></em>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>class</code></em>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Schedule zone maintenance for the given zone.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>retransfer <em class="replaceable"><code>zone</code></em>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>class</code></em>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt Retransfer the given zone from the master.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>sign <em class="replaceable"><code>zone</code></em>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>class</code></em>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Fetch all DNSSEC keys for the given zone

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews from the key directory (see

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">key-directory</strong></span> in

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <a href="Bv9ARM.ch06.html#options" title="options Statement Definition and

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Usage">the section called &#8220;<span><strong class="command">options</strong></span> Statement Definition and

ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt Usage&#8221;</a>). If they are within

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews their publication period, merge them into the

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews zone's DNSKEY RRset. If the DNSKEY RRset

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews is changed, then the zone is automatically

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt re-signed with the new key set.

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews This command requires that the

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">auto-dnssec</strong></span> zone option be set

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt to <code class="literal">allow</code> or

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt <code class="literal">maintain</code>,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews and also requires the zone to be configured to

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews allow dynamic DNS.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews See <a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called &#8220;Dynamic Update Policies&#8221;</a> for

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews more details.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>loadkeys <em class="replaceable"><code>zone</code></em>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>class</code></em>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Fetch all DNSSEC keys for the given zone

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt from the key directory (see

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt <span><strong class="command">key-directory</strong></span> in

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <a href="Bv9ARM.ch06.html#options" title="options Statement Definition and

98091cb21da79b0c7fd329fd64497dcb03402467Evan Hunt Usage">the section called &#8220;<span><strong class="command">options</strong></span> Statement Definition and

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Usage&#8221;</a>). If they are within

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews their publication period, merge them into the

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews zone's DNSKEY RRset. Unlike <span><strong class="command">rndc

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews sign</strong></span>, however, the zone is not

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews immediately re-signed by the new keys, but is

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews allowed to incrementally re-sign over time.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews This command requires that the

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">auto-dnssec</strong></span> zone option

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews be set to <code class="literal">maintain</code>,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews and also requires the zone to be configured to

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews allow dynamic DNS.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews See <a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called &#8220;Dynamic Update Policies&#8221;</a> for

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews more details.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>freeze

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>zone</code></em>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>class</code></em>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Suspend updates to a dynamic zone. If no zone is

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews specified, then all zones are suspended. This allows

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews manual edits to be made to a zone normally updated by

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews dynamic update. It also causes changes in the

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews journal file to be synced into the master file.

ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt All dynamic update attempts will be refused while

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt the zone is frozen.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>thaw

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>zone</code></em>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>class</code></em>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt Enable updates to a frozen dynamic zone. If no

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews zone is specified, then all frozen zones are

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews enabled. This causes the server to reload the zone

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews from disk, and re-enables dynamic updates after the

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt load has completed. After a zone is thawed,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews dynamic updates will no longer be refused. If

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews the zone has changed and the

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">ixfr-from-differences</strong></span> option is

12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt in use, then the journal file will be updated to

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt reflect changes in the zone. Otherwise, if the

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt zone has changed, any existing journal file will be

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews removed.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>sync

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional">-clean</span>]

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>zone</code></em>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>class</code></em>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>

ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt<dd><p>

98091cb21da79b0c7fd329fd64497dcb03402467Evan Hunt Sync changes in the journal file for a dynamic zone

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews to the master file. If the "-clean" option is

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews specified, the journal file is also removed. If

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews no zone is specified, then all zones are synced.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>notify <em class="replaceable"><code>zone</code></em>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>class</code></em>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Resend NOTIFY messages for the zone.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>reconfig</code></strong></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Reload the configuration file and load new zones,

ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt but do not reload existing zone files even if they

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt have changed.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews This is faster than a full <span><strong class="command">reload</strong></span> when there

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews is a large number of zones because it avoids the need

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews to examine the

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews modification times of the zones files.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>zonestatus

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt [<span class="optional"><em class="replaceable"><code>zone</code></em>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>class</code></em>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Displays the current status of the given zone,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews including the master file name and any include

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews files from which it was loaded, when it was most

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews recently loaded, the current serial number, the

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews number of nodes, whether the zone supports

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews dynamic updates, whether the zone is DNSSEC

12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt signed, whether it uses automatic DNSSEC key

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt management or inline signing, and the scheduled

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt refresh or expiry times for the zone.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>stats</code></strong></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Write server statistics to the statistics file.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>querylog</code></strong>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional">on|off</span>]

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Enable or disable query logging. (For backward

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews compatibility, this command can also be used without

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews an argument to toggle query logging on and off.)

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Query logging can also be enabled

98091cb21da79b0c7fd329fd64497dcb03402467Evan Hunt by explicitly directing the <span><strong class="command">queries</strong></span>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">category</strong></span> to a

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">channel</strong></span> in the

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">logging</strong></span> section of

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="filename">named.conf</code> or by specifying

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">querylog yes;</strong></span> in the

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">options</strong></span> section of

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="filename">named.conf</code>.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>dumpdb

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional">-all|-cache|-zone</span>]

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Dump the server's caches (default) and/or zones to

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews the

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews dump file for the specified views. If no view is

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews specified, all

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews views are dumped.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>secroots

f03747965c663e5d21af52dd111460efea9e8dd7Francis Dupont [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Dump the server's security roots to the secroots

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews file for the specified views. If no view is

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews specified, security roots for all

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews views are dumped.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>stop [<span class="optional">-p</span>]</code></strong></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Stop the server, making sure any recent changes

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews made through dynamic update or IXFR are first saved to

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews the master files of the updated zones.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews This allows an external process to determine when <span><strong class="command">named</strong></span>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews had completed stopping.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>halt [<span class="optional">-p</span>]</code></strong></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Stop the server immediately. Recent changes

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews made through dynamic update or IXFR are not saved to

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews the master files, but will be rolled forward from the

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews journal files when the server is restarted.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews This allows an external process to determine when <span><strong class="command">named</strong></span>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews had completed halting.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>trace</code></strong></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Increment the servers debugging level by one.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>trace <em class="replaceable"><code>level</code></em></code></strong></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Sets the server's debugging level to an explicit

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews value.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>notrace</code></strong></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Sets the server's debugging level to 0.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>flush</code></strong></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Flushes the server's cache.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>flushname</code></strong>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="replaceable"><code>name</code></em>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>view</code></em></span>]

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Flushes the given name from the server's DNS cache,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews and from the server's nameserver address database

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews if applicable.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>flushtree</code></strong>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="replaceable"><code>name</code></em>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>view</code></em></span>]

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Flushes the given name, and all of its subdomains,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews from the server's DNS cache. (The server's

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews nameserver address database is not affected.)

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>status</code></strong></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Display status of the server.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Note that the number of zones includes the internal <span><strong class="command">bind/CH</strong></span> zone

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews and the default <span><strong class="command">/IN</strong></span>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews hint zone if there is not an

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews explicit root zone configured.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>recursing</code></strong></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Dump the list of queries <span><strong class="command">named</strong></span> is currently recursing

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews on.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>validation

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional">on|off</span>]

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </code></strong></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Enable or disable DNSSEC validation.

ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt Note <span><strong class="command">dnssec-enable</strong></span> also needs to be

ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt set to <strong class="userinput"><code>yes</code></strong> to be effective.

ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt It defaults to enabled.

ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>tsig-list</code></strong></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews List the names of all TSIG keys currently configured

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt for use by <span><strong class="command">named</strong></span> in each view. The

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt list both statically configured keys and dynamic

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews TKEY-negotiated keys.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>tsig-delete</code></strong>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="replaceable"><code>keyname</code></em>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Delete a given TKEY-negotiated key from the server.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews (This does not apply to statically configured TSIG

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews keys.)

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>addzone

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="replaceable"><code>zone</code></em>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>class</code></em>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="replaceable"><code>configuration</code></em>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </code></strong></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Add a zone while the server is running. This

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews command requires the

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">allow-new-zones</strong></span> option to be set

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews to <strong class="userinput"><code>yes</code></strong>. The

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="replaceable"><code>configuration</code></em> string

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews specified on the command line is the zone

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews configuration text that would ordinarily be

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt placed in <code class="filename">named.conf</code>.

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt </p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt The configuration is saved in a file called

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="filename"><em class="replaceable"><code>hash</code></em>.nzf</code>,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews where <em class="replaceable"><code>hash</code></em> is a

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews cryptographic hash generated from the name of

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews the view. When <span><strong class="command">named</strong></span> is

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews restarted, the file will be loaded into the view

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews configuration, so that zones that were added

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews can persist after a restart.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews This sample <span><strong class="command">addzone</strong></span> command

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews would add the zone <code class="literal">example.com</code>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews to the default view:

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<code class="prompt">$ </code><strong class="userinput"><code>rndc addzone example.com '{ type master; file "example.com.db"; };'</code></strong>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews (Note the brackets and semi-colon around the zone

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews configuration text.)

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt </p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt</dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>delzone

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="replaceable"><code>zone</code></em>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>class</code></em>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </code></strong></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Delete a zone while the server is running.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Only zones that were originally added via

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">rndc addzone</strong></span> can be deleted

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews in this matter.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><strong class="userinput"><code>signing

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional">( -list | -clear <em class="replaceable"><code>keyid/algorithm</code></em> | -clear <code class="literal">all</code> | -nsec3param ( <em class="replaceable"><code>parameters</code></em> | <code class="literal">none</code> ) ) </span>]

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="replaceable"><code>zone</code></em>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>class</code></em>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </code></strong></span></dt>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<dd>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt List, edit, or remove the DNSSEC signing state for

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt the specified zone. The status of ongoing DNSSEC

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews operations (such as signing or generating

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews NSEC3 chains) is stored in the zone in the form

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews of DNS resource records of type

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">sig-signing-type</strong></span>.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">rndc signing -list</strong></span> converts

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews these records into a human-readable form,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews indicating which keys are currently signing

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews or have finished signing the zone, and which NSEC3

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews NSEC3 chains are being created or removed.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">rndc signing -clear</strong></span> can remove

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews a single key (specified in the same format that

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">rndc signing -list</strong></span> uses to

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews display it), or all keys. In either case, only

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews completed keys are removed; any record indicating

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews that a key has not yet finished signing the zone

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews will be retained.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">rndc signing -nsec3param</strong></span> sets

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews the NSEC3 parameters for a zone. This is the

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews only supported mechanism for using NSEC3 with

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">inline-signing</strong></span> zones.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Parameters are specified in the same format as

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews an NSEC3PARAM resource record: hash algorithm,

12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt flags, iterations, and salt, in that order.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt Currently, the only defined value for hash algorithm

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt is <code class="literal">1</code>, representing SHA-1.

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt The <code class="option">flags</code> may be set to

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt <code class="literal">0</code> or <code class="literal">1</code>,

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt depending on whether you wish to set the opt-out

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt bit in the NSEC3 chain. <code class="option">iterations</code>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt defines the number of additional times to apply

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews the algorithm when generating an NSEC3 hash. The

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="option">salt</code> is a string of data expressed

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews in hexidecimal, or a hyphen (`-') if no salt is

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews to be used.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews So, for example, to create an NSEC3 chain using

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews the SHA-1 hash algorithm, no opt-out flag,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews 10 iterations, and a salt value of "FFFF", use:

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">rndc signing -nsec3param 1 0 10 FFFF &lt;zone&gt;</strong></span>.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews To set the opt-out flag, 15 iterations, and no

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews salt, use:

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">rndc signing -nsec3param 1 1 15 - &lt;zone&gt;</strong></span>.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">rndc signing -nsec3param none</strong></span>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews removes an existing NSEC3 chain and replaces it

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews with NSEC.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</dl></div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews A configuration file is required, since all

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews communication with the server is authenticated with

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews digital signatures that rely on a shared secret, and

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews there is no way to provide that secret other than with a

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews configuration file. The default location for the

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">rndc</strong></span> configuration file is

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="filename">/etc/rndc.conf</code>, but an

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews alternate

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews location can be specified with the <code class="option">-c</code>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews option. If the configuration file is not found,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">rndc</strong></span> will also look in

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="filename">/etc/rndc.key</code> (or whatever

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="varname">sysconfdir</code> was defined when

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews the <acronym class="acronym">BIND</acronym> build was

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews configured).

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The <code class="filename">rndc.key</code> file is

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews generated by

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews running <span><strong class="command">rndc-confgen -a</strong></span> as

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews described in

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Usage">the section called &#8220;<span><strong class="command">controls</strong></span> Statement Definition and

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Usage&#8221;</a>.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The format of the configuration file is similar to

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews that of <code class="filename">named.conf</code>, but

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews limited to

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews only four statements, the <span><strong class="command">options</strong></span>,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">key</strong></span>, <span><strong class="command">server</strong></span> and

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">include</strong></span>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews statements. These statements are what associate the

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews secret keys to the servers with which they are meant to

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews be shared. The order of statements is not

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews significant.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The <span><strong class="command">options</strong></span> statement has

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews three clauses:

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">default-server</strong></span>, <span><strong class="command">default-key</strong></span>,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews and <span><strong class="command">default-port</strong></span>.

98091cb21da79b0c7fd329fd64497dcb03402467Evan Hunt <span><strong class="command">default-server</strong></span> takes a

98091cb21da79b0c7fd329fd64497dcb03402467Evan Hunt host name or address argument and represents the server

98091cb21da79b0c7fd329fd64497dcb03402467Evan Hunt that will

98091cb21da79b0c7fd329fd64497dcb03402467Evan Hunt be contacted if no <code class="option">-s</code>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews option is provided on the command line.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">default-key</strong></span> takes

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews the name of a key as its argument, as defined by a <span><strong class="command">key</strong></span> statement.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">default-port</strong></span> specifies the

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews port to which

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">rndc</strong></span> should connect if no

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews port is given on the command line or in a

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">server</strong></span> statement.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt The <span><strong class="command">key</strong></span> statement defines a

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt key to be used

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt by <span><strong class="command">rndc</strong></span> when authenticating

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt with

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt <span><strong class="command">named</strong></span>. Its syntax is

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt identical to the

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt <span><strong class="command">key</strong></span> statement in <code class="filename">named.conf</code>.

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt The keyword <strong class="userinput"><code>key</code></strong> is

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt followed by a key name, which must be a valid

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt domain name, though it need not actually be hierarchical;

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt thus,

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt a string like "<strong class="userinput"><code>rndc_key</code></strong>" is a valid

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt name.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The <span><strong class="command">key</strong></span> statement has two

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews clauses:

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">algorithm</strong></span> and <span><strong class="command">secret</strong></span>.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews While the configuration parser will accept any string as the

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews argument

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews to algorithm, currently only the string "<strong class="userinput"><code>hmac-md5</code></strong>"

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews has any meaning. The secret is a base-64 encoded string

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews as specified in RFC 3548.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The <span><strong class="command">server</strong></span> statement

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews associates a key

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews defined using the <span><strong class="command">key</strong></span>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews statement with a server.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The keyword <strong class="userinput"><code>server</code></strong> is followed by a

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews host name or address. The <span><strong class="command">server</strong></span> statement

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews has two clauses: <span><strong class="command">key</strong></span> and <span><strong class="command">port</strong></span>.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The <span><strong class="command">key</strong></span> clause specifies the

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews name of the key

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews to be used when communicating with this server, and the

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">port</strong></span> clause can be used to

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews specify the port <span><strong class="command">rndc</strong></span> should

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews connect

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews to on the server.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews A sample minimal configuration file is as follows:

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<pre class="programlisting">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrewskey rndc_key {

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews algorithm "hmac-md5";

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews secret

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews};

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrewsoptions {

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews default-server 127.0.0.1;

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews default-key rndc_key;

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews};

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</pre>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews This file, if installed as <code class="filename">/etc/rndc.conf</code>,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews would allow the command:

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="prompt">$ </code><strong class="userinput"><code>rndc reload</code></strong>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews to connect to 127.0.0.1 port 953 and cause the name server

ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt to reload, if a name server on the local machine were

ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt running with

ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt following controls statements:

ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt </p>

ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt<pre class="programlisting">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrewscontrols {

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews inet 127.0.0.1

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews allow { localhost; } keys { rndc_key; };

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews};

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</pre>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews and it had an identical key statement for

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="literal">rndc_key</code>.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Running the <span><strong class="command">rndc-confgen</strong></span>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews program will

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews conveniently create a <code class="filename">rndc.conf</code>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews file for you, and also display the

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews corresponding <span><strong class="command">controls</strong></span>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews statement that you need to

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews add to <code class="filename">named.conf</code>.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Alternatively,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews you can run <span><strong class="command">rndc-confgen -a</strong></span>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews to set up

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews a <code class="filename">rndc.key</code> file and not

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews modify

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="filename">named.conf</code> at all.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</dl></div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="sect2" lang="en">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="titlepage"><div><div><h3 class="title">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<a name="id2570695"></a>Signals</h3></div></div></div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Certain UNIX signals cause the name server to take specific

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews actions, as described in the following table. These signals can

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews be sent using the <span><strong class="command">kill</strong></span> command.

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt </p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<div class="informaltable"><table border="1">

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<colgroup>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<col>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<col>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt</colgroup>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<tbody>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<tr>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <p><span><strong class="command">SIGHUP</strong></span></p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Causes the server to read <code class="filename">named.conf</code> and

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews reload the database.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </td>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt</tr>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<tr>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <p><span><strong class="command">SIGTERM</strong></span></p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Causes the server to clean up and exit.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</tr>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<tr>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <p><span><strong class="command">SIGINT</strong></span></p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <p>

12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt Causes the server to clean up and exit.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt </td>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt</tr>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt</tbody>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt</table></div>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt</div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="navfooter">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<hr>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<table width="100%" summary="Navigation footer">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<tr>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td width="40%" align="left">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<a accesskey="p" href="Bv9ARM.ch02.html">Prev</a>�</td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td width="20%" align="center">�</td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td width="40%" align="right">�<a accesskey="n" href="Bv9ARM.ch04.html">Next</a>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</tr>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<tr>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td width="40%" align="left" valign="top">Chapter�2.�<acronym class="acronym">BIND</acronym> Resource Requirements�</td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td width="40%" align="right" valign="top">�Chapter�4.�Advanced DNS Features</td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</tr>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</table>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</body>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</html>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews