Bv9ARM.ch03.html revision 1e126d80e1b8a0dd541a733283907656424634dc
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen<!--
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen - Copyright (C) 2000-2003 Internet Software Consortium.
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen -
70cb37c37e4dce8f57cd3f882f7444e76b918befTimo Sirainen - Permission to use, copy, modify, and/or distribute this software for any
ff487c974815bdaa2d05a3b834f4c2c841f4cc34Timo Sirainen - purpose with or without fee is hereby granted, provided that the above
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen - copyright notice and this permission notice appear in all copies.
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen -
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
98a711be68ba64e1cabf8cacc150af44421e2ac9Timo Sirainen - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
70cb37c37e4dce8f57cd3f882f7444e76b918befTimo Sirainen - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
70cb37c37e4dce8f57cd3f882f7444e76b918befTimo Sirainen - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
70cb37c37e4dce8f57cd3f882f7444e76b918befTimo Sirainen - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen - PERFORMANCE OF THIS SOFTWARE.
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen-->
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen<html>
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen<head>
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen<title>Chapter�3.�Name Server Configuration</title>
e82af44fe25ca9b88210f313548dc08538e4a677Timo Sirainen<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
e82af44fe25ca9b88210f313548dc08538e4a677Timo Sirainen<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen<link rel="prev" href="Bv9ARM.ch02.html" title="Chapter�2.�BIND Resource Requirements">
e82af44fe25ca9b88210f313548dc08538e4a677Timo Sirainen<link rel="next" href="Bv9ARM.ch04.html" title="Chapter�4.�Advanced DNS Features">
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen</head>
94a78eb438622fa53abef1e1726714dacad4b61cTimo Sirainen<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
6c07b8ddc5e894feead4d422075b079451721241Timo Sirainen<div class="navheader">
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen<table width="100%" summary="Navigation header">
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen<tr><th colspan="3" align="center">Chapter�3.�Name Server Configuration</th></tr>
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen<tr>
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen<td width="20%" align="left">
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen<a accesskey="p" href="Bv9ARM.ch02.html">Prev</a>�</td>
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen<th width="60%" align="center">�</th>
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch04.html">Next</a>
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen</td>
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen</tr>
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen</table>
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen<hr>
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen</div>
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen<div class="chapter">
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen<div class="titlepage"><div><div><h1 class="title">
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen<a name="Bv9ARM.ch03"></a>Chapter�3.�Name Server Configuration</h1></div></div></div>
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen<div class="toc">
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen<p><b>Table of Contents</b></p>
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen<dl class="toc">
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen<dt><span class="section"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen<dd><dl>
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen<dt><span class="section"><a href="Bv9ARM.ch03.html#cache_only_sample">A Caching-only Name Server</a></span></dt>
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen<dt><span class="section"><a href="Bv9ARM.ch03.html#auth_only_sample">An Authoritative-only Name Server</a></span></dt>
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen</dl></dd>
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen<dt><span class="section"><a href="Bv9ARM.ch03.html#load_balancing">Load Balancing</a></span></dt>
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen<dt><span class="section"><a href="Bv9ARM.ch03.html#ns_operations">Name Server Operations</a></span></dt>
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen<dd><dl>
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen<dt><span class="section"><a href="Bv9ARM.ch03.html#tools">Tools for Use With the Name Server Daemon</a></span></dt>
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen<dt><span class="section"><a href="Bv9ARM.ch03.html#signals">Signals</a></span></dt>
794ac3e4a22caba0297a1333b43e6bd47fc50b91Timo Sirainen</dl></dd>
794ac3e4a22caba0297a1333b43e6bd47fc50b91Timo Sirainen</dl>
ff487c974815bdaa2d05a3b834f4c2c841f4cc34Timo Sirainen</div>
ff487c974815bdaa2d05a3b834f4c2c841f4cc34Timo Sirainen<p>
ff487c974815bdaa2d05a3b834f4c2c841f4cc34Timo Sirainen In this chapter we provide some suggested configurations along
ff487c974815bdaa2d05a3b834f4c2c841f4cc34Timo Sirainen with guidelines for their use. We suggest reasonable values for
ff487c974815bdaa2d05a3b834f4c2c841f4cc34Timo Sirainen certain option settings.
ff487c974815bdaa2d05a3b834f4c2c841f4cc34Timo Sirainen </p>
ff487c974815bdaa2d05a3b834f4c2c841f4cc34Timo Sirainen<div class="section">
ff487c974815bdaa2d05a3b834f4c2c841f4cc34Timo Sirainen<div class="titlepage"><div><div><h2 class="title" style="clear: both">
ff487c974815bdaa2d05a3b834f4c2c841f4cc34Timo Sirainen<a name="sample_configuration"></a>Sample Configurations</h2></div></div></div>
ff487c974815bdaa2d05a3b834f4c2c841f4cc34Timo Sirainen<div class="section">
ff487c974815bdaa2d05a3b834f4c2c841f4cc34Timo Sirainen<div class="titlepage"><div><div><h3 class="title">
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen<a name="cache_only_sample"></a>A Caching-only Name Server</h3></div></div></div>
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen<p>
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen The following sample configuration is appropriate for a caching-only
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen name server for use by clients internal to a corporation. All
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen queries
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen from outside clients are refused using the <span class="command"><strong>allow-query</strong></span>
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen option. Alternatively, the same effect could be achieved using
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen suitable
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen firewall rules.
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen </p>
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen<pre class="programlisting">
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen// Two corporate subnets we wish to allow queries from.
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainenacl corpnets { 192.168.4.0/24; 192.168.7.0/24; };
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainenoptions {
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen // Working directory
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen directory "/etc/namedb";
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen allow-query { corpnets; };
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen};
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen// Provide a reverse mapping for the loopback
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen// address 127.0.0.1
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainenzone "0.0.127.in-addr.arpa" {
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen type master;
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen file "localhost.rev";
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen notify no;
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen};
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen</pre>
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen</div>
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen<div class="section">
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen<div class="titlepage"><div><div><h3 class="title">
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen<a name="auth_only_sample"></a>An Authoritative-only Name Server</h3></div></div></div>
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen<p>
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen This sample configuration is for an authoritative-only server
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen that is the master server for "<code class="filename">example.com</code>"
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen and a slave for the subdomain "<code class="filename">eng.example.com</code>".
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen </p>
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen<pre class="programlisting">
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainenoptions {
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen // Working directory
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen directory "/etc/namedb";
91e4199476cb2add8143c18583fa57e1decfea88Timo Sirainen // Do not allow access to cache
91e4199476cb2add8143c18583fa57e1decfea88Timo Sirainen allow-query-cache { none; };
0727e38ac12efb8963a339daf56255e2be1f29fcTimo Sirainen // This is the default
0727e38ac12efb8963a339daf56255e2be1f29fcTimo Sirainen allow-query { any; };
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen // Do not provide recursive service
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen recursion no;
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen};
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen
217f3ed9ef654c1f19c505d9acf14ab1e298d707Timo Sirainen// Provide a reverse mapping for the loopback
217f3ed9ef654c1f19c505d9acf14ab1e298d707Timo Sirainen// address 127.0.0.1
217f3ed9ef654c1f19c505d9acf14ab1e298d707Timo Sirainenzone "0.0.127.in-addr.arpa" {
217f3ed9ef654c1f19c505d9acf14ab1e298d707Timo Sirainen type master;
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen file "localhost.rev";
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen notify no;
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen};
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen// We are the master server for example.com
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainenzone "example.com" {
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen type master;
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen file "example.com.db";
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen // IP addresses of slave servers allowed to
ac339d4c51420417887bbe1880f9687d8c3b2d4cTimo Sirainen // transfer example.com
ac339d4c51420417887bbe1880f9687d8c3b2d4cTimo Sirainen allow-transfer {
ac339d4c51420417887bbe1880f9687d8c3b2d4cTimo Sirainen 192.168.4.14;
ac339d4c51420417887bbe1880f9687d8c3b2d4cTimo Sirainen 192.168.5.53;
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen };
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen};
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen// We are a slave server for eng.example.com
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainenzone "eng.example.com" {
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen type slave;
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen file "eng.example.com.bk";
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen // IP address of eng.example.com master server
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen masters { 192.168.4.12; };
ae13f46498f5890e9c83830309d0dde7d56f419bTimo Sirainen};
e82af44fe25ca9b88210f313548dc08538e4a677Timo Sirainen</pre>
e82af44fe25ca9b88210f313548dc08538e4a677Timo Sirainen</div>
e82af44fe25ca9b88210f313548dc08538e4a677Timo Sirainen</div>
3bbda557c0dfa45edf81c6686807ff199110dbcaTimo Sirainen<div class="section">
6d239203867965ad42f38747f0b84e7314d215d3Timo Sirainen<div class="titlepage"><div><div><h2 class="title" style="clear: both">
6d239203867965ad42f38747f0b84e7314d215d3Timo Sirainen<a name="load_balancing"></a>Load Balancing</h2></div></div></div>
d1997e794893ce52fce4d2a0cfa46d2f18e26e67Timo Sirainen<p>
d1997e794893ce52fce4d2a0cfa46d2f18e26e67Timo Sirainen A primitive form of load balancing can be achieved in
d1997e794893ce52fce4d2a0cfa46d2f18e26e67Timo Sirainen the <acronym class="acronym">DNS</acronym> by using multiple records
d1997e794893ce52fce4d2a0cfa46d2f18e26e67Timo Sirainen (such as multiple A records) for one name.
3bbda557c0dfa45edf81c6686807ff199110dbcaTimo Sirainen </p>
98a711be68ba64e1cabf8cacc150af44421e2ac9Timo Sirainen<p>
6d239203867965ad42f38747f0b84e7314d215d3Timo Sirainen For example, if you have three WWW servers with network addresses
70cb37c37e4dce8f57cd3f882f7444e76b918befTimo Sirainen of 10.0.0.1, 10.0.0.2 and 10.0.0.3, a set of records such as the
70cb37c37e4dce8f57cd3f882f7444e76b918befTimo Sirainen following means that clients will connect to each machine one third
70cb37c37e4dce8f57cd3f882f7444e76b918befTimo Sirainen of the time:
70cb37c37e4dce8f57cd3f882f7444e76b918befTimo Sirainen </p>
70cb37c37e4dce8f57cd3f882f7444e76b918befTimo Sirainen<div class="informaltable"><table border="1">
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen<colgroup>
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen<col width="0.875in" class="1">
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen<col width="0.500in" class="2">
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen<col width="0.750in" class="3">
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen<col width="0.750in" class="4">
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen<col width="2.028in" class="5">
0727e38ac12efb8963a339daf56255e2be1f29fcTimo Sirainen</colgroup>
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen<tbody>
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen<tr>
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen<td>
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen <p>
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen Name
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen </p>
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen </td>
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen<td>
98a711be68ba64e1cabf8cacc150af44421e2ac9Timo Sirainen <p>
70cb37c37e4dce8f57cd3f882f7444e76b918befTimo Sirainen TTL
70cb37c37e4dce8f57cd3f882f7444e76b918befTimo Sirainen </p>
70cb37c37e4dce8f57cd3f882f7444e76b918befTimo Sirainen </td>
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen<td>
<p>
CLASS
</p>
</td>
<td>
<p>
TYPE
</p>
</td>
<td>
<p>
Resource Record (RR) Data
</p>
</td>
</tr>
<tr>
<td>
<p>
<code class="literal">www</code>
</p>
</td>
<td>
<p>
<code class="literal">600</code>
</p>
</td>
<td>
<p>
<code class="literal">IN</code>
</p>
</td>
<td>
<p>
<code class="literal">A</code>
</p>
</td>
<td>
<p>
<code class="literal">10.0.0.1</code>
</p>
</td>
</tr>
<tr>
<td>
<p></p>
</td>
<td>
<p>
<code class="literal">600</code>
</p>
</td>
<td>
<p>
<code class="literal">IN</code>
</p>
</td>
<td>
<p>
<code class="literal">A</code>
</p>
</td>
<td>
<p>
<code class="literal">10.0.0.2</code>
</p>
</td>
</tr>
<tr>
<td>
<p></p>
</td>
<td>
<p>
<code class="literal">600</code>
</p>
</td>
<td>
<p>
<code class="literal">IN</code>
</p>
</td>
<td>
<p>
<code class="literal">A</code>
</p>
</td>
<td>
<p>
<code class="literal">10.0.0.3</code>
</p>
</td>
</tr>
</tbody>
</table></div>
<p>
When a resolver queries for these records, <acronym class="acronym">BIND</acronym> will rotate
them and respond to the query with the records in a different
order. In the example above, clients will randomly receive
records in the order 1, 2, 3; 2, 3, 1; and 3, 1, 2. Most clients
will use the first record returned and discard the rest.
</p>
<p>
For more detail on ordering responses, check the
<span class="command"><strong>rrset-order</strong></span> sub-statement in the
<span class="command"><strong>options</strong></span> statement, see
<a class="xref" href="Bv9ARM.ch06.html#rrset_ordering" title="RRset Ordering">RRset Ordering</a>.
</p>
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="ns_operations"></a>Name Server Operations</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="tools"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
<p>
This section describes several indispensable diagnostic,
administrative and monitoring tools available to the system
administrator for controlling and debugging the name server
daemon.
</p>
<div class="section">
<div class="titlepage"><div><div><h4 class="title">
<a name="diagnostic_tools"></a>Diagnostic Tools</h4></div></div></div>
<p>
The <span class="command"><strong>dig</strong></span>, <span class="command"><strong>host</strong></span>, and
<span class="command"><strong>nslookup</strong></span> programs are all command
line tools
for manually querying name servers. They differ in style and
output format.
</p>
<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><a name="dig"></a><span class="command"><strong>dig</strong></span></span></dt>
<dd>
<p>
The domain information groper (<span class="command"><strong>dig</strong></span>)
is the most versatile and complete of these lookup tools.
It has two modes: simple interactive
mode for a single query, and batch mode which executes a
query for
each in a list of several query lines. All query options are
accessible
from the command line.
</p>
<div class="cmdsynopsis"><p><code class="command">dig</code> [@<em class="replaceable"><code>server</code></em>] <em class="replaceable"><code>domain</code></em> [<em class="replaceable"><code>query-type</code></em>] [<em class="replaceable"><code>query-class</code></em>] [+<em class="replaceable"><code>query-option</code></em>] [-<em class="replaceable"><code>dig-option</code></em>] [%<em class="replaceable"><code>comment</code></em>]</p></div>
<p>
The usual simple use of <span class="command"><strong>dig</strong></span> will take the form
</p>
<p class="simpara">
<span class="command"><strong>dig @server domain query-type query-class</strong></span>
</p>
<p>
For more information and a list of available commands and
options, see the <span class="command"><strong>dig</strong></span> man
page.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>host</strong></span></span></dt>
<dd>
<p>
The <span class="command"><strong>host</strong></span> utility emphasizes
simplicity
and ease of use. By default, it converts
between host names and Internet addresses, but its
functionality
can be extended with the use of options.
</p>
<div class="cmdsynopsis"><p><code class="command">host</code> [-aCdlnrsTwv] [-c <em class="replaceable"><code>class</code></em>] [-N <em class="replaceable"><code>ndots</code></em>] [-t <em class="replaceable"><code>type</code></em>] [-W <em class="replaceable"><code>timeout</code></em>] [-R <em class="replaceable"><code>retries</code></em>] [-m <em class="replaceable"><code>flag</code></em>] [-4] [-6] <em class="replaceable"><code>hostname</code></em> [<em class="replaceable"><code>server</code></em>]</p></div>
<p>
For more information and a list of available commands and
options, see the <span class="command"><strong>host</strong></span> man
page.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>nslookup</strong></span></span></dt>
<dd>
<p><span class="command"><strong>nslookup</strong></span>
has two modes: interactive and
non-interactive. Interactive mode allows the user to
query name servers for information about various
hosts and domains or to print a list of hosts in a
domain. Non-interactive mode is used to print just
the name and requested information for a host or
domain.
</p>
<div class="cmdsynopsis"><p><code class="command">nslookup</code> [-option...] [[<em class="replaceable"><code>host-to-find</code></em>] | [- [server]]]</p></div>
<p>
Interactive mode is entered when no arguments are given (the
default name server will be used) or when the first argument
is a
hyphen (`-') and the second argument is the host name or
Internet address
of a name server.
</p>
<p>
Non-interactive mode is used when the name or Internet
address
of the host to be looked up is given as the first argument.
The
optional second argument specifies the host name or address
of a name server.
</p>
<p>
Due to its arcane user interface and frequently inconsistent
behavior, we do not recommend the use of <span class="command"><strong>nslookup</strong></span>.
Use <span class="command"><strong>dig</strong></span> instead.
</p>
</dd>
</dl></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h4 class="title">
<a name="admin_tools"></a>Administrative Tools</h4></div></div></div>
<p>
Administrative tools play an integral part in the management
of a server.
</p>
<div class="variablelist"><dl class="variablelist">
<dt>
<a name="named-checkconf"></a><span class="term"><span class="command"><strong>named-checkconf</strong></span></span>
</dt>
<dd>
<p>
The <span class="command"><strong>named-checkconf</strong></span> program
checks the syntax of a <code class="filename">named.conf</code> file.
</p>
<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [-jvz] [-t <em class="replaceable"><code>directory</code></em>] [<em class="replaceable"><code>filename</code></em>]</p></div>
</dd>
<dt>
<a name="named-checkzone"></a><span class="term"><span class="command"><strong>named-checkzone</strong></span></span>
</dt>
<dd>
<p>
The <span class="command"><strong>named-checkzone</strong></span> program
checks a master file for
syntax and consistency.
</p>
<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [-djqvD] [-c <em class="replaceable"><code>class</code></em>] [-o <em class="replaceable"><code>output</code></em>] [-t <em class="replaceable"><code>directory</code></em>] [-w <em class="replaceable"><code>directory</code></em>] [-k <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-n <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-W <em class="replaceable"><code>(ignore|warn)</code></em>] <em class="replaceable"><code>zone</code></em> [<em class="replaceable"><code>filename</code></em>]</p></div>
</dd>
<dt>
<a name="named-compilezone"></a><span class="term"><span class="command"><strong>named-compilezone</strong></span></span>
</dt>
<dd><p>
Similar to <span class="command"><strong>named-checkzone,</strong></span> but
it always dumps the zone content to a specified file
(typically in a different format).
</p></dd>
<dt>
<a name="rndc"></a><span class="term"><span class="command"><strong>rndc</strong></span></span>
</dt>
<dd>
<p>
The remote name daemon control
(<span class="command"><strong>rndc</strong></span>) program allows the
system
administrator to control the operation of a name server.
Since <acronym class="acronym">BIND</acronym> 9.2, <span class="command"><strong>rndc</strong></span>
supports all the commands of the BIND 8 <span class="command"><strong>ndc</strong></span>
utility except <span class="command"><strong>ndc start</strong></span> and
<span class="command"><strong>ndc restart</strong></span>, which were also
not supported in <span class="command"><strong>ndc</strong></span>'s
channel mode.
If you run <span class="command"><strong>rndc</strong></span> without any
options
it will display a usage message as follows:
</p>
<div class="cmdsynopsis"><p><code class="command">rndc</code> [-c <em class="replaceable"><code>config</code></em>] [-s <em class="replaceable"><code>server</code></em>] [-p <em class="replaceable"><code>port</code></em>] [-y <em class="replaceable"><code>key</code></em>] <em class="replaceable"><code>command</code></em> [<em class="replaceable"><code>command</code></em>...]</p></div>
<p>See <a class="xref" href="man.rndc.html" title="rndc"><span class="refentrytitle"><span class="application">rndc</span></span>(8)</a> for details of
the available <span class="command"><strong>rndc</strong></span> commands.
</p>
<p>
<span class="command"><strong>rndc</strong></span> requires a configuration file,
since all
communication with the server is authenticated with
digital signatures that rely on a shared secret, and
there is no way to provide that secret other than with a
configuration file. The default location for the
<span class="command"><strong>rndc</strong></span> configuration file is
<code class="filename">/etc/rndc.conf</code>, but an
alternate
location can be specified with the <code class="option">-c</code>
option. If the configuration file is not found,
<span class="command"><strong>rndc</strong></span> will also look in
<code class="filename">/etc/rndc.key</code> (or whatever
<code class="varname">sysconfdir</code> was defined when
the <acronym class="acronym">BIND</acronym> build was
configured).
The <code class="filename">rndc.key</code> file is
generated by
running <span class="command"><strong>rndc-confgen -a</strong></span> as
described in
<a class="xref" href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and Usage">the section called &#8220;<span class="command"><strong>controls</strong></span> Statement Definition and
Usage&#8221;</a>.
</p>
<p>
The format of the configuration file is similar to
that of <code class="filename">named.conf</code>, but
limited to
only four statements, the <span class="command"><strong>options</strong></span>,
<span class="command"><strong>key</strong></span>, <span class="command"><strong>server</strong></span> and
<span class="command"><strong>include</strong></span>
statements. These statements are what associate the
secret keys to the servers with which they are meant to
be shared. The order of statements is not
significant.
</p>
<p>
The <span class="command"><strong>options</strong></span> statement has
three clauses:
<span class="command"><strong>default-server</strong></span>, <span class="command"><strong>default-key</strong></span>,
and <span class="command"><strong>default-port</strong></span>.
<span class="command"><strong>default-server</strong></span> takes a
host name or address argument and represents the server
that will
be contacted if no <code class="option">-s</code>
option is provided on the command line.
<span class="command"><strong>default-key</strong></span> takes
the name of a key as its argument, as defined by a <span class="command"><strong>key</strong></span> statement.
<span class="command"><strong>default-port</strong></span> specifies the
port to which
<span class="command"><strong>rndc</strong></span> should connect if no
port is given on the command line or in a
<span class="command"><strong>server</strong></span> statement.
</p>
<p>
The <span class="command"><strong>key</strong></span> statement defines a
key to be used
by <span class="command"><strong>rndc</strong></span> when authenticating
with
<span class="command"><strong>named</strong></span>. Its syntax is
identical to the
<span class="command"><strong>key</strong></span> statement in <code class="filename">named.conf</code>.
The keyword <strong class="userinput"><code>key</code></strong> is
followed by a key name, which must be a valid
domain name, though it need not actually be hierarchical;
thus,
a string like "<strong class="userinput"><code>rndc_key</code></strong>" is a valid
name.
The <span class="command"><strong>key</strong></span> statement has two
clauses:
<span class="command"><strong>algorithm</strong></span> and <span class="command"><strong>secret</strong></span>.
While the configuration parser will accept any string as the
argument
to algorithm, currently only the strings
"<strong class="userinput"><code>hmac-md5</code></strong>",
"<strong class="userinput"><code>hmac-sha1</code></strong>",
"<strong class="userinput"><code>hmac-sha224</code></strong>",
"<strong class="userinput"><code>hmac-sha256</code></strong>",
"<strong class="userinput"><code>hmac-sha384</code></strong>"
and "<strong class="userinput"><code>hmac-sha512</code></strong>"
have any meaning. The secret is a base-64 encoded string
as specified in RFC 3548.
</p>
<p>
The <span class="command"><strong>server</strong></span> statement
associates a key
defined using the <span class="command"><strong>key</strong></span>
statement with a server.
The keyword <strong class="userinput"><code>server</code></strong> is followed by a
host name or address. The <span class="command"><strong>server</strong></span> statement
has two clauses: <span class="command"><strong>key</strong></span> and <span class="command"><strong>port</strong></span>.
The <span class="command"><strong>key</strong></span> clause specifies the
name of the key
to be used when communicating with this server, and the
<span class="command"><strong>port</strong></span> clause can be used to
specify the port <span class="command"><strong>rndc</strong></span> should
connect
to on the server.
</p>
<p>
A sample minimal configuration file is as follows:
</p>
<pre class="programlisting">
key rndc_key {
algorithm "hmac-sha256";
secret
"c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};
options {
default-server 127.0.0.1;
default-key rndc_key;
};
</pre>
<p>
This file, if installed as <code class="filename">/etc/rndc.conf</code>,
would allow the command:
</p>
<p>
<code class="prompt">$ </code><strong class="userinput"><code>rndc reload</code></strong>
</p>
<p>
to connect to 127.0.0.1 port 953 and cause the name server
to reload, if a name server on the local machine were
running with
following controls statements:
</p>
<pre class="programlisting">
controls {
inet 127.0.0.1
allow { localhost; } keys { rndc_key; };
};
</pre>
<p>
and it had an identical key statement for
<code class="literal">rndc_key</code>.
</p>
<p>
Running the <span class="command"><strong>rndc-confgen</strong></span>
program will
conveniently create a <code class="filename">rndc.conf</code>
file for you, and also display the
corresponding <span class="command"><strong>controls</strong></span>
statement that you need to
add to <code class="filename">named.conf</code>.
Alternatively,
you can run <span class="command"><strong>rndc-confgen -a</strong></span>
to set up
a <code class="filename">rndc.key</code> file and not
modify
<code class="filename">named.conf</code> at all.
</p>
</dd>
</dl></div>
</div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="signals"></a>Signals</h3></div></div></div>
<p>
Certain UNIX signals cause the name server to take specific
actions, as described in the following table. These signals can
be sent using the <span class="command"><strong>kill</strong></span> command.
</p>
<div class="informaltable"><table border="1">
<colgroup>
<col width="1.125in" class="1">
<col width="4.000in" class="2">
</colgroup>
<tbody>
<tr>
<td>
<p><span class="command"><strong>SIGHUP</strong></span></p>
</td>
<td>
<p>
Causes the server to read <code class="filename">named.conf</code> and
reload the database.
</p>
</td>
</tr>
<tr>
<td>
<p><span class="command"><strong>SIGTERM</strong></span></p>
</td>
<td>
<p>
Causes the server to clean up and exit.
</p>
</td>
</tr>
<tr>
<td>
<p><span class="command"><strong>SIGINT</strong></span></p>
</td>
<td>
<p>
Causes the server to clean up and exit.
</p>
</td>
</tr>
</tbody>
</table></div>
</div>
</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left">
<a accesskey="p" href="Bv9ARM.ch02.html">Prev</a>�</td>
<td width="20%" align="center">�</td>
<td width="40%" align="right">�<a accesskey="n" href="Bv9ARM.ch04.html">Next</a>
</td>
</tr>
<tr>
<td width="40%" align="left" valign="top">Chapter�2.�<acronym class="acronym">BIND</acronym> Resource Requirements�</td>
<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
<td width="40%" align="right" valign="top">�Chapter�4.�Advanced DNS Features</td>
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.0a3</p>
</body>
</html>