Bv9ARM.ch03.html revision 32098293b78922a5fbd10906afa28624820d3756
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater - Copyright (C) 2000-2017 Internet Systems Consortium, Inc. ("ISC")
1167fc7904c5f0a472f8df207ac46dd52c7f1ec8Automatic Updater - This Source Code Form is subject to the terms of the Mozilla Public
0c39b3ed9409ecb277d5e32fa763a4e4d6598df8Automatic Updater - License, v. 2.0. If a copy of the MPL was not distributed with this
46da3117812814a29432a8d9a9ccf8acdbfdadceAutomatic Updater - file, You can obtain one at http://mozilla.org/MPL/2.0/.
90ff38a0d8deaf5f9c2aa5916d99b2e572d28738Automatic Updater<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<title>Chapter�3.�Name Server Configuration</title>
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater<link rel="prev" href="Bv9ARM.ch02.html" title="Chapter�2.�BIND Resource Requirements">
e171a4137c6ba348957e61b7c4c3541493c0da02Automatic Updater<link rel="next" href="Bv9ARM.ch04.html" title="Chapter�4.�Advanced DNS Features">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
3cc98b8ecedcbc8465f1cf2740b966b315662430Automatic Updater<table width="100%" summary="Navigation header">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<tr><th colspan="3" align="center">Chapter�3.�Name Server Configuration</th></tr>
831f79c4310a7d38fc3475ccfff531b2b2535641Automatic Updater<a accesskey="p" href="Bv9ARM.ch02.html">Prev</a>�</td>
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch04.html">Next</a>
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater<div class="titlepage"><div><div><h1 class="title">
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<a name="Bv9ARM.ch03"></a>Chapter�3.�Name Server Configuration</h1></div></div></div>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="section"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="section"><a href="Bv9ARM.ch03.html#cache_only_sample">A Caching-only Name Server</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="section"><a href="Bv9ARM.ch03.html#auth_only_sample">An Authoritative-only Name Server</a></span></dt>
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt<dt><span class="section"><a href="Bv9ARM.ch03.html#load_balancing">Load Balancing</a></span></dt>
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater<dt><span class="section"><a href="Bv9ARM.ch03.html#ns_operations">Name Server Operations</a></span></dt>
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt<dt><span class="section"><a href="Bv9ARM.ch03.html#tools">Tools for Use With the Name Server Daemon</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="section"><a href="Bv9ARM.ch03.html#signals">Signals</a></span></dt>
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater In this chapter we provide some suggested configurations along
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater with guidelines for their use. We suggest reasonable values for
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater certain option settings.
eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews<div class="titlepage"><div><div><h2 class="title" style="clear: both">
eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews<a name="sample_configuration"></a>Sample Configurations</h2></div></div></div>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<div class="titlepage"><div><div><h3 class="title">
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater<a name="cache_only_sample"></a>A Caching-only Name Server</h3></div></div></div>
930f6069e5aa157cf6987cdafd412f5757a5a558Automatic Updater The following sample configuration is appropriate for a caching-only
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews name server for use by clients internal to a corporation. All
80faf1588895fd26490f82f95a7a1b771df1c324Automatic Updater from outside clients are refused using the <span class="command"><strong>allow-query</strong></span>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews option. Alternatively, the same effect could be achieved using
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews firewall rules.
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater// Two corporate subnets we wish to allow queries from.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafssonacl corpnets { 192.168.4.0/24; 192.168.7.0/24; };
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater // Working directory
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson allow-query { corpnets; };
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater// Provide a reverse mapping for the loopback
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson// address 127.0.0.1
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<div class="titlepage"><div><div><h3 class="title">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<a name="auth_only_sample"></a>An Authoritative-only Name Server</h3></div></div></div>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews This sample configuration is for an authoritative-only server
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews that is the master server for "<code class="filename">example.com</code>"
08e3b6797706a13054bad749dea04e94b514b8e7Automatic Updater and a slave for the subdomain "<code class="filename">eng.example.com</code>".
a308b69ac66fadf66863484f301314d6e6a3f1d2Automatic Updater // Working directory
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews // Do not allow access to cache
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater allow-query-cache { none; };
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater // This is the default
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews allow-query { any; };
0c39b3ed9409ecb277d5e32fa763a4e4d6598df8Automatic Updater // Do not provide recursive service
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater// Provide a reverse mapping for the loopback
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater// address 127.0.0.1
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson// We are the master server for example.com
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews type master;
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater // IP addresses of slave servers allowed to
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater allow-transfer {
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson// We are a slave server for eng.example.com
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater // IP address of eng.example.com master server
0ce87e5749aabb8eef1e0a37e4bd6e6ffa1d7196Automatic Updater masters { 192.168.4.12; };
d145b64cacc8d9cda51f9924ec70cd4661c3e2cfAutomatic Updater<div class="titlepage"><div><div><h2 class="title" style="clear: both">
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater<a name="load_balancing"></a>Load Balancing</h2></div></div></div>
9c446b72069d0ab9f710502f4d7048e50875fccbAutomatic Updater A primitive form of load balancing can be achieved in
e85565067cf73f8cc21ee29b11761659f1d47ee9Automatic Updater the <acronym class="acronym">DNS</acronym> by using multiple records
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater (such as multiple A records) for one name.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater For example, if you have three WWW servers with network addresses
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater of 10.0.0.1, 10.0.0.2 and 10.0.0.3, a set of records such as the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater following means that clients will connect to each machine one third
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Resource Record (RR) Data
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington When a resolver queries for these records, <acronym class="acronym">BIND</acronym> will rotate
b13d89bd89878137c81b36a36596cca3920f27a4Automatic Updater them and respond to the query with the records in a different
5ecad47f69b3fd945472ab2900a9ff826a7ce2f6Automatic Updater order. In the example above, clients will randomly receive
b13d89bd89878137c81b36a36596cca3920f27a4Automatic Updater records in the order 1, 2, 3; 2, 3, 1; and 3, 1, 2. Most clients
b13d89bd89878137c81b36a36596cca3920f27a4Automatic Updater will use the first record returned and discard the rest.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater For more detail on ordering responses, check the
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater <span class="command"><strong>rrset-order</strong></span> sub-statement in the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span class="command"><strong>options</strong></span> statement, see
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater <a class="xref" href="Bv9ARM.ch06.html#rrset_ordering" title="RRset Ordering">RRset Ordering</a>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="titlepage"><div><div><h2 class="title" style="clear: both">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="ns_operations"></a>Name Server Operations</h2></div></div></div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="titlepage"><div><div><h3 class="title">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="tools"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington This section describes several indispensable diagnostic,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington administrative and monitoring tools available to the system
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington administrator for controlling and debugging the name server
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="titlepage"><div><div><h4 class="title">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="diagnostic_tools"></a>Diagnostic Tools</h4></div></div></div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The <span class="command"><strong>dig</strong></span>, <span class="command"><strong>host</strong></span>, and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span class="command"><strong>nslookup</strong></span> programs are all command
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington for manually querying name servers. They differ in style and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington output format.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <div class="variablelist"><dl class="variablelist">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><a name="dig"></a><span class="command"><strong>dig</strong></span></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The domain information groper (<span class="command"><strong>dig</strong></span>)
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington is the most versatile and complete of these lookup tools.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington It has two modes: simple interactive
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington mode for a single query, and batch mode which executes a
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington each in a list of several query lines. All query options are
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington from the command line.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [@<em class="replaceable"><code>server</code></em>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <em class="replaceable"><code>domain</code></em>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [<em class="replaceable"><code>query-type</code></em>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [<em class="replaceable"><code>query-class</code></em>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [+<em class="replaceable"><code>query-option</code></em>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [-<em class="replaceable"><code>dig-option</code></em>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [%<em class="replaceable"><code>comment</code></em>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The usual simple use of <span class="command"><strong>dig</strong></span> will take the form
56effd2e3f579fd77b1fb37d47871d1bf1286bc4Automatic Updater <span class="command"><strong>dig @server domain query-type query-class</strong></span>
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater For more information and a list of available commands and
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater options, see the <span class="command"><strong>dig</strong></span> man
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater<dt><span class="term"><span class="command"><strong>host</strong></span></span></dt>
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater The <span class="command"><strong>host</strong></span> utility emphasizes
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater and ease of use. By default, it converts
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater between host names and Internet addresses, but its
0d3490f93bb980fde704055e74c1b508987a5fe4Mark Andrews can be extended with the use of options.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington [-aCdlnrsTwv]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [-c <em class="replaceable"><code>class</code></em>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [-N <em class="replaceable"><code>ndots</code></em>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [-t <em class="replaceable"><code>type</code></em>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [-W <em class="replaceable"><code>timeout</code></em>]
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington [-R <em class="replaceable"><code>retries</code></em>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [-m <em class="replaceable"><code>flag</code></em>]
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater <em class="replaceable"><code>hostname</code></em>
099b86fb8136a7dff81df85cf395978c16eb254cAutomatic Updater [<em class="replaceable"><code>server</code></em>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington For more information and a list of available commands and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington options, see the <span class="command"><strong>host</strong></span> man
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span class="command"><strong>nslookup</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span class="command"><strong>nslookup</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater has two modes: interactive and
765c97d56ccddc9d7904c7d9ff2e2d825d9687e4Automatic Updater non-interactive. Interactive mode allows the user to
e01f44b37ba11c9d34f4a8394f950efae5c07f33Automatic Updater query name servers for information about various
e01f44b37ba11c9d34f4a8394f950efae5c07f33Automatic Updater hosts and domains or to print a list of hosts in a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater domain. Non-interactive mode is used to print just
c01dec514a81ecf8c17ca3ef8c3ba95e437295ebAutomatic Updater the name and requested information for a host or
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [<em class="replaceable"><code>host-to-find</code></em>]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater | [- [server]]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Interactive mode is entered when no arguments are given (the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington default name server will be used) or when the first argument
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington hyphen (`-') and the second argument is the host name or
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Internet address
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington of a name server.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Non-interactive mode is used when the name or Internet
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington of the host to be looked up is given as the first argument.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington optional second argument specifies the host name or address
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington of a name server.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews Due to its arcane user interface and frequently inconsistent
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington behavior, we do not recommend the use of <span class="command"><strong>nslookup</strong></span>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Use <span class="command"><strong>dig</strong></span> instead.
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater<div class="titlepage"><div><div><h4 class="title">
79cea03ba823e2d3a34895f0ba91d7fb5ad799e7Automatic Updater<a name="admin_tools"></a>Administrative Tools</h4></div></div></div>
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater Administrative tools play an integral part in the management
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews <div class="variablelist"><dl class="variablelist">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="named-checkconf"></a><span class="term"><span class="command"><strong>named-checkconf</strong></span></span>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The <span class="command"><strong>named-checkconf</strong></span> program
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington checks the syntax of a <code class="filename">named.conf</code> file.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <code class="command">named-checkconf</code>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [-t <em class="replaceable"><code>directory</code></em>]
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews [<em class="replaceable"><code>filename</code></em>]
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews<a name="named-checkzone"></a><span class="term"><span class="command"><strong>named-checkzone</strong></span></span>
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater The <span class="command"><strong>named-checkzone</strong></span> program
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington checks a master file for
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington syntax and consistency.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <code class="command">named-checkzone</code>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [-c <em class="replaceable"><code>class</code></em>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [-o <em class="replaceable"><code>output</code></em>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [-t <em class="replaceable"><code>directory</code></em>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [-w <em class="replaceable"><code>directory</code></em>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [-k <em class="replaceable"><code>(ignore|warn|fail)</code></em>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [-n <em class="replaceable"><code>(ignore|warn|fail)</code></em>]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater [-W <em class="replaceable"><code>(ignore|warn)</code></em>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <em class="replaceable"><code>zone</code></em>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<em class="replaceable"><code>filename</code></em>]
56effd2e3f579fd77b1fb37d47871d1bf1286bc4Automatic Updater<a name="named-compilezone"></a><span class="term"><span class="command"><strong>named-compilezone</strong></span></span>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Similar to <span class="command"><strong>named-checkzone,</strong></span> but
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater it always dumps the zone content to a specified file
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington (typically in a different format).
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="rndc"></a><span class="term"><span class="command"><strong>rndc</strong></span></span>
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews The remote name daemon control
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews (<span class="command"><strong>rndc</strong></span>) program allows the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington administrator to control the operation of a name server.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Since <acronym class="acronym">BIND</acronym> 9.2, <span class="command"><strong>rndc</strong></span>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington supports all the commands of the BIND 8 <span class="command"><strong>ndc</strong></span>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington utility except <span class="command"><strong>ndc start</strong></span> and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span class="command"><strong>ndc restart</strong></span>, which were also
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington not supported in <span class="command"><strong>ndc</strong></span>'s
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington channel mode.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington If you run <span class="command"><strong>rndc</strong></span> without any
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington it will display a usage message as follows:
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [-c <em class="replaceable"><code>config</code></em>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [-s <em class="replaceable"><code>server</code></em>]
79cea03ba823e2d3a34895f0ba91d7fb5ad799e7Automatic Updater [-p <em class="replaceable"><code>port</code></em>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [-y <em class="replaceable"><code>key</code></em>]
8ccd7da886e93cd490fcb6f4c4e98a6514f35820Automatic Updater <em class="replaceable"><code>command</code></em>
8ccd7da886e93cd490fcb6f4c4e98a6514f35820Automatic Updater [<em class="replaceable"><code>command</code></em>...]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p>See <a class="xref" href="man.rndc.html" title="rndc"><span class="refentrytitle"><span class="application">rndc</span></span>(8)</a> for details of
84a18c72b9f05a7d2aabbc50886de494251d1719Automatic Updater the available <span class="command"><strong>rndc</strong></span> commands.
b4cebdb6ccde66a8f3e397a1b90b0cf788519d69Automatic Updater <span class="command"><strong>rndc</strong></span> requires a configuration file,
1fdd58445074579ee3b65c871137a7a1740eb542Mark Andrews communication with the server is authenticated with
cc5a9ce75af9870f2cb9e2bf00548c2f7e6398d6Automatic Updater digital signatures that rely on a shared secret, and
cc5a9ce75af9870f2cb9e2bf00548c2f7e6398d6Automatic Updater there is no way to provide that secret other than with a
cc5a9ce75af9870f2cb9e2bf00548c2f7e6398d6Automatic Updater configuration file. The default location for the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span class="command"><strong>rndc</strong></span> configuration file is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <code class="filename">/etc/rndc.conf</code>, but an
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater location can be specified with the <code class="option">-c</code>
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater option. If the configuration file is not found,
47ff70af9e842bf0f69d209433995216f560fe4aAutomatic Updater <span class="command"><strong>rndc</strong></span> will also look in
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater <code class="filename">/etc/rndc.key</code> (or whatever
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater <code class="varname">sysconfdir</code> was defined when
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater the <acronym class="acronym">BIND</acronym> build was
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater The <code class="filename">rndc.key</code> file is
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater running <span class="command"><strong>rndc-confgen -a</strong></span> as
e8c17c74535be290abaaa160a434ed80bf0ad2feMark Andrews <a class="xref" href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and Usage">the section called “<span class="command"><strong>controls</strong></span> Statement Definition and
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater Usage”</a>.
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater The format of the configuration file is similar to
9c446b72069d0ab9f710502f4d7048e50875fccbAutomatic Updater that of <code class="filename">named.conf</code>, but
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater only four statements, the <span class="command"><strong>options</strong></span>,
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater <span class="command"><strong>key</strong></span>, <span class="command"><strong>server</strong></span> and
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater <span class="command"><strong>include</strong></span>
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater statements. These statements are what associate the
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater secret keys to the servers with which they are meant to
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater be shared. The order of statements is not
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater The <span class="command"><strong>options</strong></span> statement has
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater three clauses:
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater <span class="command"><strong>default-server</strong></span>, <span class="command"><strong>default-key</strong></span>,
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater and <span class="command"><strong>default-port</strong></span>.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater <span class="command"><strong>default-server</strong></span> takes a
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater host name or address argument and represents the server
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater be contacted if no <code class="option">-s</code>
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater option is provided on the command line.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater <span class="command"><strong>default-key</strong></span> takes
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater the name of a key as its argument, as defined by a <span class="command"><strong>key</strong></span> statement.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater <span class="command"><strong>default-port</strong></span> specifies the
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater <span class="command"><strong>rndc</strong></span> should connect if no
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater port is given on the command line or in a
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater <span class="command"><strong>server</strong></span> statement.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater The <span class="command"><strong>key</strong></span> statement defines a
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater key to be used
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater by <span class="command"><strong>rndc</strong></span> when authenticating
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater <span class="command"><strong>named</strong></span>. Its syntax is
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater identical to the
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater <span class="command"><strong>key</strong></span> statement in <code class="filename">named.conf</code>.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater The keyword <strong class="userinput"><code>key</code></strong> is
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater followed by a key name, which must be a valid
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater domain name, though it need not actually be hierarchical;
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater a string like "<strong class="userinput"><code>rndc_key</code></strong>" is a valid
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater The <span class="command"><strong>key</strong></span> statement has two
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater <span class="command"><strong>algorithm</strong></span> and <span class="command"><strong>secret</strong></span>.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater While the configuration parser will accept any string as the
a308b69ac66fadf66863484f301314d6e6a3f1d2Automatic Updater to algorithm, currently only the strings
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater "<strong class="userinput"><code>hmac-md5</code></strong>",
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater "<strong class="userinput"><code>hmac-sha1</code></strong>",
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater "<strong class="userinput"><code>hmac-sha224</code></strong>",
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater "<strong class="userinput"><code>hmac-sha256</code></strong>",
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater "<strong class="userinput"><code>hmac-sha384</code></strong>"
bf8c3776f1bf1a1270e5e0443ae5a8df022632a8Mark Andrews and "<strong class="userinput"><code>hmac-sha512</code></strong>"
bf8c3776f1bf1a1270e5e0443ae5a8df022632a8Mark Andrews have any meaning. The secret is a base-64 encoded string
bf8c3776f1bf1a1270e5e0443ae5a8df022632a8Mark Andrews as specified in RFC 3548.
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater The <span class="command"><strong>server</strong></span> statement
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater associates a key
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater defined using the <span class="command"><strong>key</strong></span>
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater statement with a server.
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater The keyword <strong class="userinput"><code>server</code></strong> is followed by a
75333ed9bf283dc5f93deea43460149937402985Automatic Updater host name or address. The <span class="command"><strong>server</strong></span> statement
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater has two clauses: <span class="command"><strong>key</strong></span> and <span class="command"><strong>port</strong></span>.
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater The <span class="command"><strong>key</strong></span> clause specifies the
4ea3649f028ea6a1e42377082a7ccf8f789fb950Automatic Updater name of the key
40072ce70bc4125329addb4aaa56d18a1230bc17Automatic Updater to be used when communicating with this server, and the
60d5d17479b47c03b9c7c86f54269718103750b8Automatic Updater <span class="command"><strong>port</strong></span> clause can be used to
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater specify the port <span class="command"><strong>rndc</strong></span> should
a308b69ac66fadf66863484f301314d6e6a3f1d2Automatic Updater to on the server.
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater A sample minimal configuration file is as follows:
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater algorithm "hmac-sha256";
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
19dbf2e20df03f2b81ed1f347e27718084374059Automatic Updater default-server 127.0.0.1;
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater default-key rndc_key;
a308b69ac66fadf66863484f301314d6e6a3f1d2Automatic Updater This file, if installed as <code class="filename">/etc/rndc.conf</code>,
a308b69ac66fadf66863484f301314d6e6a3f1d2Automatic Updater would allow the command:
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater <code class="prompt">$ </code><strong class="userinput"><code>rndc reload</code></strong>
7dd02af3c9350553e1d52d980a7812425b3f1295Automatic Updater to connect to 127.0.0.1 port 953 and cause the name server
7dd02af3c9350553e1d52d980a7812425b3f1295Automatic Updater to reload, if a name server on the local machine were
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington following controls statements:
3e5b24a74c03d5b52f32d138e64e427bd2cbc8f3Automatic Updater inet 127.0.0.1
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington allow { localhost; } keys { rndc_key; };
789875a1bd6d50c00d3bd883cad17ead1d3c21cdMark Andrews and it had an identical key statement for
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Running the <span class="command"><strong>rndc-confgen</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater conveniently create a <code class="filename">rndc.conf</code>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater file for you, and also display the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater corresponding <span class="command"><strong>controls</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater statement that you need to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater add to <code class="filename">named.conf</code>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Alternatively,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater you can run <span class="command"><strong>rndc-confgen -a</strong></span>
47ff70af9e842bf0f69d209433995216f560fe4aAutomatic Updater a <code class="filename">rndc.key</code> file and not
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <code class="filename">named.conf</code> at all.
45c349c278fd83acd4dcb91eec3482401a623e47Automatic Updater<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="signals"></a>Signals</h3></div></div></div>
d9f94d668f4b9342e9367d80e9fc6e81fab303a0Mark Andrews Certain UNIX signals cause the name server to take specific
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater actions, as described in the following table. These signals can
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater be sent using the <span class="command"><strong>kill</strong></span> command.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span class="command"><strong>SIGHUP</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Causes the server to read <code class="filename">named.conf</code> and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater reload the database.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span class="command"><strong>SIGTERM</strong></span></p>
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater Causes the server to clean up and exit.
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater <p><span class="command"><strong>SIGINT</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Causes the server to clean up and exit.
1959fd489a8832e4e3d311670f64ae18e5d08156Automatic Updater<table width="100%" summary="Navigation footer">
1959fd489a8832e4e3d311670f64ae18e5d08156Automatic Updater<a accesskey="p" href="Bv9ARM.ch02.html">Prev</a>�</td>
1959fd489a8832e4e3d311670f64ae18e5d08156Automatic Updater<td width="40%" align="right">�<a accesskey="n" href="Bv9ARM.ch04.html">Next</a>
8bc194b266a17f89e6c54469d4dfbb408070f39eMark Andrews<td width="40%" align="left" valign="top">Chapter�2.�<acronym class="acronym">BIND</acronym> Resource Requirements�</td>
8bc194b266a17f89e6c54469d4dfbb408070f39eMark Andrews<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
8bc194b266a17f89e6c54469d4dfbb408070f39eMark Andrews<td width="40%" align="right" valign="top">�Chapter�4.�Advanced DNS Features</td>
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updater<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.2b1</p>