6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

7d32c065c7bb56f281651ae3dd2888f32ce4f1d9Bob Halley<HTML

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><HEAD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><TITLE

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson>Name Server Configuration</TITLE

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><META

6017f424ee3c02d7f22132c77576ea38542fa949Andreas GustafssonCONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK

6017f424ee3c02d7f22132c77576ea38542fa949Andreas GustafssonHREF="Bv9ARM.html"><LINK

6017f424ee3c02d7f22132c77576ea38542fa949Andreas GustafssonHREF="Bv9ARM.ch02.html"><LINK

6017f424ee3c02d7f22132c77576ea38542fa949Andreas GustafssonHREF="Bv9ARM.ch04.html"></HEAD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><BODY

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><DIV

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><TABLE

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson><TR

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson><TH

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson>BIND 9 Administrator Reference Manual</TH

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson></TR

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson><TR

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson><TD

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson><A

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson>Prev</A

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson></TD

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson><TD

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson></TD

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson><TD

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson><A

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson>Next</A

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson></TD

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson></TR

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson></TABLE

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson><HR

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas GustafssonWIDTH="100%"></DIV

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson><DIV

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson><H1

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson><A

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson></A

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson>Chapter 3. Name Server Configuration</H1

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson><DIV

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson><DL

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson><DT

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson><B

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson>Table of Contents</B

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson></DT

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson><DT

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson>3.1. <A

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson>Sample Configurations</A

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson></DT

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson><DT

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson>3.2. <A

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson>Load Balancing</A

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson></DT

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson><DT

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson>3.3. <A

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson>Name Server Operations</A

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson></DT

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson></DL

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson></DIV

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson><P

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson>In this section we provide some suggested configurations along

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafssonwith guidelines for their use. We also address the topic of reasonable

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafssonoption setting.</P

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson><DIV

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson><H1

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson><A

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson>3.1. Sample Configurations</A

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson></H1

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson><DIV

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson><H2

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson><A

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson>3.1.1. A Caching-only Name Server</A

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson></H2

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson><P

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson>The following sample configuration is appropriate for a caching-only

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafssonname server for use by clients internal to a corporation. All queries

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafssonfrom outside clients are refused using the <B

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson>allow-query</B

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson>

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafssonoption. Alternatively, the same effect could be achieved using suitable

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafssonfirewall rules.</P

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson><PRE

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson>&#13;// Two corporate subnets we wish to allow queries from.

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafssonacl corpnets { 192.168.4.0/24; 192.168.7.0/24; };

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafssonoptions {

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson directory "/etc/namedb"; // Working directory

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson allow-query { corpnets; };

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson};

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson// Provide a reverse mapping for the loopback address 127.0.0.1

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafssonzone "0.0.127.in-addr.arpa" {

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson type master;

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson file "localhost.rev";

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson notify no;

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson};

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson</PRE

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></DIV

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><DIV

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><H2

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><A

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson>3.1.2. An Authoritative-only Name Server</A

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson></H2

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson>This sample configuration is for an authoritative-only server

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafssonthat is the master server for "<TT

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson>example.com</TT

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson>"

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafssonand a slave for the subdomain "<TT

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson>eng.example.com</TT

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson>".</P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><PRE

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson>&#13;options {

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson directory "/etc/namedb"; // Working directory

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson allow-query { any; }; // This is the default

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson recursion no; // Do not provide recursive service

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson};

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson// Provide a reverse mapping for the loopback address 127.0.0.1

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafssonzone "0.0.127.in-addr.arpa" {

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson type master;

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson file "localhost.rev";

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson notify no;

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson};

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson// We are the master server for example.com

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafssonzone "example.com" {

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson type master;

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson file "example.com.db";

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson // IP addresses of slave servers allowed to transfer example.com

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson allow-transfer {

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson 192.168.4.14;

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson 192.168.5.53;

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson };

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson};

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson// We are a slave server for eng.example.com

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafssonzone "eng.example.com" {

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson type slave;

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson file "eng.example.com.bk";

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson // IP address of eng.example.com master server

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson masters { 192.168.4.12; };

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson};

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson</PRE

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></DIV

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></DIV

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><DIV

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><H1

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><A

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson>3.2. Load Balancing</A

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></H1

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><P

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson>A primitive form of load balancing can be achieved in

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafssonthe <ACRONYM

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson>DNS</ACRONYM

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson> by using multiple A records for one name.</P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson>For example, if you have three WWW servers with network addresses

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafssonof 10.0.0.1, 10.0.0.2 and 10.0.0.3, a set of records such as the

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafssonfollowing means that clients will connect to each machine one third

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafssonof the time:</P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><DIV

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><A

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></A

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><TABLE

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><TBODY

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><TR

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><P

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson>Name</P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson>TTL</P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><P

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson>CLASS</P

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson></TD

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson><TD

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson><P

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson>TYPE</P

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson></TD

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson><TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><P

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson>Resource Record (RR) Data</P

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson></TD

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson></TR

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson><TR

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson><TD

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson><P

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson><VAR

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson>www</VAR

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><VAR

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson>600</VAR

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><VAR

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson>IN</VAR

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><VAR

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson>A</VAR

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><VAR

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson>10.0.0.1</VAR

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></TR

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><TR

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><VAR

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson>600</VAR

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><VAR

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson>IN</VAR

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><VAR

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson>A</VAR

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><VAR

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson>10.0.0.2</VAR

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></TR

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><TR

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><TD

7693d4de8fca501dfe6989a7f30d8d3c86fe096aAndreas Gustafsson><P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><VAR

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson>600</VAR

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><VAR

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson>IN</VAR

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><VAR

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson>A</VAR

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></P

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson></TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><TD

6017f424ee3c02d7f22132c77576ea38542fa949Andreas Gustafsson><P

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson><VAR

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson>10.0.0.3</VAR

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson></P

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson></TD

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson></TR

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson></TBODY

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson></TABLE

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson><P

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson></P

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson></DIV

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson><P

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson>When a resolver queries for these records, <ACRONYM

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson>BIND</ACRONYM

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson> will rotate

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson them and respond to the query with the records in a different

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson order. In the example above, clients will randomly receive

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson records in the order 1, 2, 3; 2, 3, 1; and 3, 1, 2. Most clients

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson will use the first record returned and discard the rest.</P

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson><P

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson>For more detail on ordering responses, check the

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson <B

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson>rrset-order</B

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson> substatement in the

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson <B

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson>options</B

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson> statement, see

a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson <A

><I

>RRset Ordering</I

></A

>.

This substatement is not supported in

<ACRONYM

>BIND</ACRONYM

> 9, and only the ordering scheme described above is

available.</P

></DIV

><DIV

><H1

><A

>3.3. Name Server Operations</A

></H1

><DIV

><H2

><A

>3.3.1. Tools for Use With the Name Server Daemon</A

></H2

><P

>There are several indispensable diagnostic, administrative

and monitoring tools available to the system administrator for controlling

and debugging the name server daemon. We describe several in this

section </P

><DIV

><H3

><A

>3.3.1.1. Diagnostic Tools</A

></H3

><P

>The <B

>dig</B

>, <B

>host</B

>, and

<B

>nslookup</B

> programs are all command line tools

for manually querying name servers. They differ in style and

output format.

</P

><P

></P

><DIV

><DL

><DT

><B

>dig</B

></DT

><DD

><P

>The domain information groper (<B

>dig</B

>)

is the most versatile and complete of these lookup tools.

It has two modes: simple interactive

mode for a single query, and batch mode which executes a query for

each in a list of several query lines. All query options are accessible

from the command line.</P

><P

><B

>dig</B

> [@<VAR

>server</VAR

>] <VAR

>domain</VAR

> [<VAR

>query-type</VAR

>] [<VAR

>query-class</VAR

>] [+<VAR

>query-option</VAR

>] [-<VAR

>dig-option</VAR

>] [%<VAR

>comment</VAR

>]</P

><P

>The usual simple use of dig will take the form</P

><P

><B

>dig @server domain query-type query-class</B

></P

><P

>For more information and a list of available commands and

options, see the <B

>dig</B

> man page.</P

></DD

><DT

><B

>host</B

></DT

><DD

><P

>The <B

>host</B

> utility emphasizes simplicity

and ease of use. By default, it converts

between host names and Internet addresses, but its functionality

can be extended with the use of options.</P

><P

><B

>host</B

> [-aCdlrTwv] [-c <VAR

>class</VAR

>] [-N <VAR

>ndots</VAR

>] [-t <VAR

>type</VAR

>] [-W <VAR

>timeout</VAR

>] [-R <VAR

>retries</VAR

>] <VAR

>hostname</VAR

> [<VAR

>server</VAR

>]</P

><P

>For more information and a list of available commands and

options, see the <B

>host</B

> man page.</P

></DD

><DT

><B

>nslookup</B

></DT

><DD

><P

><B

>nslookup</B

> has two modes: interactive

and non-interactive. Interactive mode allows the user to query name servers

for information about various hosts and domains or to print a list

of hosts in a domain. Non-interactive mode is used to print just

the name and requested information for a host or domain.</P

><P

><B

>nslookup</B

> [-option...] [<VAR

>host-to-find</VAR

> | - [server]]</P

><P

>Interactive mode is entered when no arguments are given (the

default name server will be used) or when the first argument is a

hyphen (`-') and the second argument is the host name or Internet address

of a name server.</P

><P

>Non-interactive mode is used when the name or Internet address

of the host to be looked up is given as the first argument. The

optional second argument specifies the host name or address of a name server.</P

><P

>Due to its arcane user interface and frequently inconsistent

behavior, we do not recommend the use of <B

>nslookup</B

>.

Use <B

>dig</B

> instead.</P

></DD

></DL

></DIV

></DIV

><DIV

><H3

><A

>3.3.1.2. Administrative Tools</A

></H3

><P

>Administrative tools play an integral part in the management

of a server.</P

><P

></P

><DIV

><DL

><DT

><A

></A

><B

>named-checkconf</B

></DT

><DD

><P

>The <B

>named-checkconf</B

> program

checks the syntax of a <TT

>named.conf</TT

> file.</P

><P

><B

>named-checkconf</B

> [-t <VAR

>directory</VAR

>] [<VAR

>filename</VAR

>]</P

></DD

><DT

><A

></A

><B

>named-checkzone</B

></DT

><DD

><P

>The <B

>named-checkzone</B

> program checks a master file for

syntax and consistency.</P

><P

><B

>named-checkzone</B

> [-djqvD] [-c <VAR

>class</VAR

>] [-o <VAR

>output</VAR

>] [-t <VAR

>directory</VAR

>] [-w <VAR

>directory</VAR

>] [-k <VAR

>(ignore|warn|fail)</VAR

>] [-n <VAR

>(ignore|warn|fail)</VAR

>] <VAR

>zone</VAR

> [<VAR

>filename</VAR

>]</P

></DD

><DT

><A

></A

><B

>rndc</B

></DT

><DD

><P

>The remote name daemon control

(<B

>rndc</B

>) program allows the system

administrator to control the operation of a name server.

If you run <B

>rndc</B

> without any options

it will display a usage message as follows:</P

><P

><B

>rndc</B

> [-c <VAR

>config</VAR

>] [-s <VAR

>server</VAR

>] [-p <VAR

>port</VAR

>] [-y <VAR

>key</VAR

>] <VAR

>command</VAR

> [<VAR

>command</VAR

>...]</P

><P

><B

>command</B

> is one of the following:</P

><P

></P

><DIV

><DL

><DT

><KBD

>reload</KBD

></DT

><DD

><P

>Reload configuration file and zones.</P

></DD

><DT

><KBD

>reload <VAR

>zone</VAR

>

[<SPAN

><VAR

>class</VAR

>

[<SPAN

><VAR

>view</VAR

></SPAN

>]</SPAN

>]</KBD

></DT

><DD

><P

>Reload the given zone.</P

></DD

><DT

><KBD

>refresh <VAR

>zone</VAR

>

[<SPAN

><VAR

>class</VAR

>

[<SPAN

><VAR

>view</VAR

></SPAN

>]</SPAN

>]</KBD

></DT

><DD

><P

>Schedule zone maintenance for the given zone.</P

></DD

><DT

><KBD

>retransfer <VAR

>zone</VAR

>

[<SPAN

><VAR

>class</VAR

>

[<SPAN

><VAR

>view</VAR

></SPAN

>]</SPAN

>]</KBD

></DT

><DD

><P

>Retransfer the given zone from the master.</P

></DD

><DT

><KBD

>freeze <VAR

>zone</VAR

>

[<SPAN

><VAR

>class</VAR

>

[<SPAN

><VAR

>view</VAR

></SPAN

>]</SPAN

>]</KBD

></DT

><DD

><P

>Suspend updates to a dynamic zone. This allows manual

edits to be made to a zone normally updated by dynamic update. It

also causes changes in the journal file to be synced into the master

and the journal file to be removed. All dynamic update attempts will

be refused while the zone is frozen.</P

></DD

><DT

><KBD

>unfreeze <VAR

>zone</VAR

>

[<SPAN

><VAR

>class</VAR

>

[<SPAN

><VAR

>view</VAR

></SPAN

>]</SPAN

>]</KBD

></DT

><DD

><P

>Enable updates to a frozen dynamic zone. This causes

the server to reload the zone from disk, and re-enables dynamic updates

after the load has completed. After a zone is unfrozen, dynamic updates

will no longer be refused.</P

></DD

><DT

><KBD

>reconfig</KBD

></DT

><DD

><P

>Reload the configuration file and load new zones,

but do not reload existing zone files even if they have changed.

This is faster than a full <B

>reload</B

> when there

is a large number of zones because it avoids the need to examine the

modification times of the zones files.

</P

></DD

><DT

><KBD

>stats</KBD

></DT

><DD

><P

>Write server statistics to the statistics file.</P

></DD

><DT

><KBD

>querylog</KBD

></DT

><DD

><P

>Toggle query logging. Query logging can also be enabled

by explicitly directing the <B

>queries</B

>

<B

>category</B

> to a <B

>channel</B

> in the

<B

>logging</B

> section of

<TT

>named.conf</TT

>.</P

></DD

><DT

><KBD

>dumpdb</KBD

></DT

><DD

><P

>Dump the server's caches to the dump file. </P

></DD

><DT

><KBD

>stop</KBD

></DT

><DD

><P

>Stop the server,

making sure any recent changes

made through dynamic update or IXFR are first saved to the master files

of the updated zones.</P

></DD

><DT

><KBD

>halt</KBD

></DT

><DD

><P

>Stop the server immediately. Recent changes

made through dynamic update or IXFR are not saved to the master files,

but will be rolled forward from the journal files when the server

is restarted.</P

></DD

><DT

><KBD

>trace</KBD

></DT

><DD

><P

>Increment the servers debugging level by one. </P

></DD

><DT

><KBD

>trace <VAR

>level</VAR

></KBD

></DT

><DD

><P

>Sets the server's debugging level to an explicit

value.</P

></DD

><DT

><KBD

>notrace</KBD

></DT

><DD

><P

>Sets the server's debugging level to 0.</P

></DD

><DT

><KBD

>flush</KBD

></DT

><DD

><P

>Flushes the server's cache.</P

></DD

><DT

><KBD

>status</KBD

></DT

><DD

><P

>Display status of the server.

Note the number of zones includes the internal <B

>bind/CH</B

> zone

and the default <B

>/IN</B

> hint zone if there is not a

explicit root zone configured.</P

></DD

></DL

></DIV

><P

>In <ACRONYM

>BIND</ACRONYM

> 9.2, <B

>rndc</B

>

supports all the commands of the BIND 8 <B

>ndc</B

>

utility except <B

>ndc start</B

> and

<B

>ndc restart</B

>, which were also

not supported in <B

>ndc</B

>'s channel mode.</P

><P

>A configuration file is required, since all

communication with the server is authenticated with

digital signatures that rely on a shared secret, and

there is no way to provide that secret other than with a

configuration file. The default location for the

<B

>rndc</B

> configuration file is

<TT

>/etc/rndc.conf</TT

>, but an alternate

location can be specified with the <VAR

>-c</VAR

>

option. If the configuration file is not found,

<B

>rndc</B

> will also look in

<TT

>/etc/rndc.key</TT

> (or whatever

<VAR

>sysconfdir</VAR

> was defined when

the <ACRONYM

>BIND</ACRONYM

> build was configured).

The <TT

>rndc.key</TT

> file is generated by

running <B

>rndc-confgen -a</B

> as described in

<A

>Section 6.2.4</A

>.</P

><P

>The format of the configuration file is similar to

that of <TT

>named.conf</TT

>, but limited to

only four statements, the <B

>options</B

>,

<B

>key</B

>, <B

>server</B

> and

<B

>include</B

>

statements. These statements are what associate the

secret keys to the servers with which they are meant to

be shared. The order of statements is not

significant.</P

><P

>The <B

>options</B

> statement has three clauses:

<B

>default-server</B

>, <B

>default-key</B

>,

and <B

>default-port</B

>.

<B

>default-server</B

> takes a

host name or address argument and represents the server that will

be contacted if no <VAR

>-s</VAR

>

option is provided on the command line.

<B

>default-key</B

> takes

the name of a key as its argument, as defined by a <B

>key</B

> statement.

<B

>default-port</B

> specifies the port to which

<B

>rndc</B

> should connect if no

port is given on the command line or in a

<B

>server</B

> statement.</P

><P

>The <B

>key</B

> statement defines an key to be used

by <B

>rndc</B

> when authenticating with

<B

>named</B

>. Its syntax is identical to the

<B

>key</B

> statement in named.conf.

The keyword <KBD

>key</KBD

> is

followed by a key name, which must be a valid

domain name, though it need not actually be hierarchical; thus,

a string like "<KBD

>rndc_key</KBD

>" is a valid name.

The <B

>key</B

> statement has two clauses:

<B

>algorithm</B

> and <B

>secret</B

>.

While the configuration parser will accept any string as the argument

to algorithm, currently only the string "<KBD

>hmac-md5</KBD

>"

has any meaning. The secret is a base-64 encoded string.</P

><P

>The <B

>server</B

> statement associates a key

defined using the <B

>key</B

> statement with a server.

The keyword <KBD

>server</KBD

> is followed by a

host name or address. The <B

>server</B

> statement

has two clauses: <B

>key</B

> and <B

>port</B

>.

The <B

>key</B

> clause specifies the name of the key

to be used when communicating with this server, and the

<B

>port</B

> clause can be used to

specify the port <B

>rndc</B

> should connect

to on the server.</P

><P

>A sample minimal configuration file is as follows:</P

><PRE

>&#13;key rndc_key {

algorithm "hmac-md5";

secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";

};

options {

default-server 127.0.0.1;

default-key rndc_key;

};

</PRE

><P

>This file, if installed as <TT

>/etc/rndc.conf</TT

>,

would allow the command:</P

><P

><SAMP

>$ </SAMP

><KBD

>rndc reload</KBD

></P

><P

>to connect to 127.0.0.1 port 953 and cause the name server

to reload, if a name server on the local machine were running with

following controls statements:</P

><PRE

>&#13;controls {

inet 127.0.0.1 allow { localhost; } keys { rndc_key; };

};

</PRE

><P

>and it had an identical key statement for

<VAR

>rndc_key</VAR

>.</P

><P

>Running the <B

>rndc-confgen</B

> program will

conveniently create a <TT

>rndc.conf</TT

>

file for you, and also display the

corresponding <B

>controls</B

> statement that you need to

add to <TT

>named.conf</TT

>. Alternatively,

you can run <B

>rndc-confgen -a</B

> to set up

a <TT

>rndc.key</TT

> file and not modify

<TT

>named.conf</TT

> at all.

</P

></DD

></DL

></DIV

></DIV

></DIV

><DIV

><H2

><A

>3.3.2. Signals</A

></H2

><P

>Certain UNIX signals cause the name server to take specific

actions, as described in the following table. These signals can

be sent using the <B

>kill</B

> command.</P

><DIV

><P

></P

><A

></A

><TABLE

><TBODY

><TR

><TD

><P

><B

>SIGHUP</B

></P

></TD

><TD

><P

>Causes the server to read <TT

>named.conf</TT

> and

reload the database. </P

></TD

></TR

><TR

><TD

><P

><B

>SIGTERM</B

></P

></TD

><TD

><P

>Causes the server to clean up and exit.</P

></TD

></TR

><TR

><TD

>&#13;<P

><B

>SIGINT</B

></P

>

</TD

><TD

><P

>Causes the server to clean up and exit.</P

></TD

></TR

></TBODY

></TABLE

><P

></P

></DIV

></DIV

></DIV

></DIV

><DIV

><HR

WIDTH="100%"><TABLE

><TR

><TD

><A

>Prev</A

></TD

><TD

><A

>Home</A

></TD

><TD

><A

>Next</A

></TD

></TR

><TR

><TD

><ACRONYM

>BIND</ACRONYM

> Resource Requirements</TD

><TD

>&nbsp;</TD

><TD

>Advanced DNS Features</TD

></TR

></TABLE

></DIV

></BODY

></HTML

>