doc/arm/Bv9ARM.ch03.html

	Bv9ARM.ch03.html revision c313914d0e66b20969215e519bbf2ab4ecf39512
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<!--
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg -
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg - This Source Code Form is subject to the terms of the Mozilla Public
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg - License, v. 2.0. If a copy of the MPL was not distributed with this
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg - file, You can obtain one at http://mozilla.org/MPL/2.0/.
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg-->
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<html lang="en">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<head>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<title>Chapter�3.�Name Server Configuration</title>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
0662ed52e814f8f08ef0e09956413a792584eddffuankg<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<link rel="prev" href="Bv9ARM.ch02.html" title="Chapter�2.�BIND Resource Requirements">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<link rel="next" href="Bv9ARM.ch04.html" title="Chapter�4.�Advanced DNS Features">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg</head>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<div class="navheader">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<table width="100%" summary="Navigation header">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<tr><th colspan="3" align="center">Chapter�3.�Name Server Configuration</th></tr>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<tr>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<td width="20%" align="left">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<a accesskey="p" href="Bv9ARM.ch02.html">Prev</a>�</td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<th width="60%" align="center">�</th>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch04.html">Next</a>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg</td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg</tr>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg</table>
16b55a35cff91315d261d1baa776138af465c4e4fuankg<hr>
16b55a35cff91315d261d1baa776138af465c4e4fuankg</div>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<div class="chapter">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<div class="titlepage"><div><div><h1 class="title">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<a name="Bv9ARM.ch03"></a>Chapter�3.�Name Server Configuration</h1></div></div></div>
16b55a35cff91315d261d1baa776138af465c4e4fuankg<div class="toc">
16b55a35cff91315d261d1baa776138af465c4e4fuankg<p><b>Table of Contents</b></p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<dl class="toc">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<dt><span class="section"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<dd><dl>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<dt><span class="section"><a href="Bv9ARM.ch03.html#cache_only_sample">A Caching-only Name Server</a></span></dt>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<dt><span class="section"><a href="Bv9ARM.ch03.html#auth_only_sample">An Authoritative-only Name Server</a></span></dt>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg</dl></dd>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<dt><span class="section"><a href="Bv9ARM.ch03.html#load_balancing">Load Balancing</a></span></dt>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<dt><span class="section"><a href="Bv9ARM.ch03.html#ns_operations">Name Server Operations</a></span></dt>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<dd><dl>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<dt><span class="section"><a href="Bv9ARM.ch03.html#tools">Tools for Use With the Name Server Daemon</a></span></dt>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<dt><span class="section"><a href="Bv9ARM.ch03.html#signals">Signals</a></span></dt>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg</dl></dd>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg</dl>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg</div>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg    <p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg      In this chapter we provide some suggested configurations along
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg      with guidelines for their use.  We suggest reasonable values for
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg      certain option settings.
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg    </p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg    <div class="section">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<div class="titlepage"><div><div><h2 class="title" style="clear: both">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<a name="sample_configuration"></a>Sample Configurations</h2></div></div></div>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg      <div class="section">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<div class="titlepage"><div><div><h3 class="title">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<a name="cache_only_sample"></a>A Caching-only Name Server</h3></div></div></div>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg        <p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg          The following sample configuration is appropriate for a caching-only
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg          name server for use by clients internal to a corporation.  All
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg          queries
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg          from outside clients are refused using the <span class="command"><strong>allow-query</strong></span>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg          option.  Alternatively, the same effect could be achieved using
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg          suitable
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg          firewall rules.
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg        </p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<pre class="programlisting">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg// Two corporate subnets we wish to allow queries from.
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankgacl corpnets { 192.168.4.0/24; 192.168.7.0/24; };
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankgoptions {
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg     // Working directory
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg     directory "/etc/namedb";
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg     allow-query { corpnets; };
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg};
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg// Provide a reverse mapping for the loopback
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg// address 127.0.0.1
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankgzone "0.0.127.in-addr.arpa" {
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg     type master;
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg     file "localhost.rev";
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg     notify no;
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg};
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg</pre>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg      </div>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg      <div class="section">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<div class="titlepage"><div><div><h3 class="title">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<a name="auth_only_sample"></a>An Authoritative-only Name Server</h3></div></div></div>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg        <p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg          This sample configuration is for an authoritative-only server
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg          that is the master server for "<code class="filename">example.com</code>"
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg          and a slave for the subdomain "<code class="filename">eng.example.com</code>".
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg        </p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<pre class="programlisting">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankgoptions {
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg     // Working directory
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg     directory "/etc/namedb";
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg     // Do not allow access to cache
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg     allow-query-cache { none; };
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg     // This is the default
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg     allow-query { any; };
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg     // Do not provide recursive service
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg     recursion no;
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg};
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg// Provide a reverse mapping for the loopback
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg// address 127.0.0.1
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankgzone "0.0.127.in-addr.arpa" {
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg     type master;
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg     file "localhost.rev";
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg     notify no;
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg};
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg// We are the master server for example.com
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankgzone "example.com" {
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg     type master;
0662ed52e814f8f08ef0e09956413a792584eddffuankg     file "example.com.db";
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg     // IP addresses of slave servers allowed to
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg     // transfer example.com
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg     allow-transfer {
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg          192.168.4.14;
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg          192.168.5.53;
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg     };
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg};
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg// We are a slave server for eng.example.com
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankgzone "eng.example.com" {
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg     type slave;
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg     file "eng.example.com.bk";
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg     // IP address of eng.example.com master server
0662ed52e814f8f08ef0e09956413a792584eddffuankg     masters { 192.168.4.12; };
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg};
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg</pre>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg      </div>
0662ed52e814f8f08ef0e09956413a792584eddffuankg    </div>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg    <div class="section">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<div class="titlepage"><div><div><h2 class="title" style="clear: both">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<a name="load_balancing"></a>Load Balancing</h2></div></div></div>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg      <p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg        A primitive form of load balancing can be achieved in
0662ed52e814f8f08ef0e09956413a792584eddffuankg        the <acronym class="acronym">DNS</acronym> by using multiple records
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg        (such as multiple A records) for one name.
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg      </p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg      <p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg        For example, if you have three WWW servers with network addresses
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg        of 10.0.0.1, 10.0.0.2 and 10.0.0.3, a set of records such as the
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg        following means that clients will connect to each machine one third
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg        of the time:
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg      </p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg      <div class="informaltable">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg        <table border="1">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<colgroup>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<col width="0.875in" class="1">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<col width="0.500in" class="2">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<col width="0.750in" class="3">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<col width="0.750in" class="4">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<col width="2.028in" class="5">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg</colgroup>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<tbody>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<tr>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                <p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                  Name
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                </p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg              </td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                <p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                  TTL
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                </p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg              </td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                <p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                  CLASS
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                </p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg              </td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                <p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                  TYPE
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                </p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg              </td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                <p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                  Resource Record (RR) Data
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                </p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg              </td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg</tr>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<tr>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                <p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                  <code class="literal">www</code>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                </p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg              </td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                <p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                  <code class="literal">600</code>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                </p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg              </td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                <p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                  <code class="literal">IN</code>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                </p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg              </td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                <p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                  <code class="literal">A</code>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                </p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg              </td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                <p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                  <code class="literal">10.0.0.1</code>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                </p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg              </td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg</tr>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<tr>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                <p></p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg              </td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                <p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                  <code class="literal">600</code>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                </p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg              </td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                <p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                  <code class="literal">IN</code>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                </p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg              </td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                <p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                  <code class="literal">A</code>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                </p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg              </td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                <p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                  <code class="literal">10.0.0.2</code>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                </p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg              </td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg</tr>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<tr>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                <p></p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg              </td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                <p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                  <code class="literal">600</code>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                </p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg              </td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                <p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                  <code class="literal">IN</code>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                </p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg              </td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                <p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                  <code class="literal">A</code>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                </p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg              </td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                <p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                  <code class="literal">10.0.0.3</code>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg                </p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg              </td>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg</tr>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg</tbody>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg</table>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg      </div>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg      <p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg        When a resolver queries for these records, <acronym class="acronym">BIND</acronym> will rotate
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg        them and respond to the query with the records in a different
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg        order.  In the example above, clients will randomly receive
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg        records in the order 1, 2, 3; 2, 3, 1; and 3, 1, 2. Most clients
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg        will use the first record returned and discard the rest.
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg      </p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg      <p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg        For more detail on ordering responses, check the
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg        <span class="command"><strong>rrset-order</strong></span> sub-statement in the
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg        <span class="command"><strong>options</strong></span> statement, see
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg        <a class="xref" href="Bv9ARM.ch06.html#rrset_ordering" title="RRset Ordering">RRset Ordering</a>.
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg      </p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg    </div>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg    <div class="section">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<div class="titlepage"><div><div><h2 class="title" style="clear: both">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<a name="ns_operations"></a>Name Server Operations</h2></div></div></div>
0662ed52e814f8f08ef0e09956413a792584eddffuankg
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg      <div class="section">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<div class="titlepage"><div><div><h3 class="title">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<a name="tools"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg        <p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg          This section describes several indispensable diagnostic,
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg          administrative and monitoring tools available to the system
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg          administrator for controlling and debugging the name server
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg          daemon.
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg        </p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg        <div class="section">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<div class="titlepage"><div><div><h4 class="title">
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg<a name="diagnostic_tools"></a>Diagnostic Tools</h4></div></div></div>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg          <p>
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg            The <span class="command"><strong>dig</strong></span>, <span class="command"><strong>host</strong></span>, and
0662ed52e814f8f08ef0e09956413a792584eddffuankg            <span class="command"><strong>nslookup</strong></span> programs are all command
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg            line tools
fc1365b60fa715841c959c6b91c7ed83884ba3fcfuankg            for manually querying name servers.  They differ in style and
            output format.
          </p>

          <div class="variablelist"><dl class="variablelist">
<dt><span class="term"><a name="dig"></a><span class="command"><strong>dig</strong></span></span></dt>
<dd>
                <p>
                  <span class="command"><strong>dig</strong></span>
                  is the most versatile and complete of these lookup tools.
                  It has two modes: simple interactive
                  mode for a single query, and batch mode which executes a
                  query for
                  each in a list of several query lines. All query options are
                  accessible
                  from the command line.
                </p>
                <div class="cmdsynopsis"><p>
                  <code class="command">dig</code>
                   [@<em class="replaceable"><code>server</code></em>]
                    <em class="replaceable"><code>domain</code></em>
                   [<em class="replaceable"><code>query-type</code></em>]
                   [<em class="replaceable"><code>query-class</code></em>]
                   [+<em class="replaceable"><code>query-option</code></em>]
                   [-<em class="replaceable"><code>dig-option</code></em>]
                   [%<em class="replaceable"><code>comment</code></em>]
                </p></div>
                <p>
                  The usual simple use of <span class="command"><strong>dig</strong></span> will take the form
                </p>
                <p class="simpara">
                  <span class="command"><strong>dig @server domain query-type query-class</strong></span>
                </p>
                <p>
                  For more information and a list of available commands and
                  options, see the <span class="command"><strong>dig</strong></span> man
                  page.
                </p>
              </dd>
<dt><span class="term"><span class="command"><strong>host</strong></span></span></dt>
<dd>
                <p>
                  The <span class="command"><strong>host</strong></span> utility emphasizes
                  simplicity
                  and ease of use.  By default, it converts
                  between host names and Internet addresses, but its
                  functionality
                  can be extended with the use of options.
                </p>
                <div class="cmdsynopsis"><p>
                  <code class="command">host</code>
                   [-aCdlnrsTwv]
                   [-c <em class="replaceable"><code>class</code></em>]
                   [-N <em class="replaceable"><code>ndots</code></em>]
                   [-t <em class="replaceable"><code>type</code></em>]
                   [-W <em class="replaceable"><code>timeout</code></em>]
                   [-R <em class="replaceable"><code>retries</code></em>]
                   [-m <em class="replaceable"><code>flag</code></em>]
                   [-4]
                   [-6]
                    <em class="replaceable"><code>hostname</code></em>
                   [<em class="replaceable"><code>server</code></em>]
                </p></div>
                <p>
                  For more information and a list of available commands and
                  options, see the <span class="command"><strong>host</strong></span> man
                  page.
                </p>
              </dd>
<dt><span class="term"><span class="command"><strong>nslookup</strong></span></span></dt>
<dd>
                <p><span class="command"><strong>nslookup</strong></span>
                  has two modes: interactive and
                  non-interactive. Interactive mode allows the user to
                  query name servers for information about various
                  hosts and domains or to print a list of hosts in a
                  domain. Non-interactive mode is used to print just
                  the name and requested information for a host or
                  domain.
                </p>
                <div class="cmdsynopsis"><p>
                  <code class="command">nslookup</code>
                   [-option...]
                   [
                    [<em class="replaceable"><code>host-to-find</code></em>]
                     |  [- [server]]
                  ]
                </p></div>
                <p>
                  Interactive mode is entered when no arguments are given (the
                  default name server will be used) or when the first argument
                  is a
                  hyphen (`-') and the second argument is the host name or
                  Internet address
                  of a name server.
                </p>
                <p>
                  Non-interactive mode is used when the name or Internet
                  address
                  of the host to be looked up is given as the first argument.
                  The
                  optional second argument specifies the host name or address
                  of a name server.
                </p>
                <p>
                  Due to its arcane user interface and frequently inconsistent
                  behavior, we do not recommend the use of <span class="command"><strong>nslookup</strong></span>.
                  Use <span class="command"><strong>dig</strong></span> instead.
                </p>
              </dd>
</dl></div>
        </div>

        <div class="section">
<div class="titlepage"><div><div><h4 class="title">
<a name="admin_tools"></a>Administrative Tools</h4></div></div></div>
          <p>
            Administrative tools play an integral part in the management
            of a server.
          </p>
          <div class="variablelist"><dl class="variablelist">
<dt>
<a name="named-checkconf"></a><span class="term"><span class="command"><strong>named-checkconf</strong></span></span>
</dt>
<dd>
                <p>
                  The <span class="command"><strong>named-checkconf</strong></span> program
                  checks the syntax of a <code class="filename">named.conf</code> file.
                </p>
                <div class="cmdsynopsis"><p>
                  <code class="command">named-checkconf</code>
                   [-jvz]
                   [-t <em class="replaceable"><code>directory</code></em>]
                   [<em class="replaceable"><code>filename</code></em>]
                </p></div>
              </dd>
<dt>
<a name="named-checkzone"></a><span class="term"><span class="command"><strong>named-checkzone</strong></span></span>
</dt>
<dd>
                <p>
                  The <span class="command"><strong>named-checkzone</strong></span> program
                  checks a master file for
                  syntax and consistency.
                </p>
                <div class="cmdsynopsis"><p>
                  <code class="command">named-checkzone</code>
                   [-djqvD]
                   [-c <em class="replaceable"><code>class</code></em>]
                   [-o <em class="replaceable"><code>output</code></em>]
                   [-t <em class="replaceable"><code>directory</code></em>]
                   [-w <em class="replaceable"><code>directory</code></em>]
                   [-k <em class="replaceable"><code>(ignore|warn|fail)</code></em>]
                   [-n <em class="replaceable"><code>(ignore|warn|fail)</code></em>]
                   [-W <em class="replaceable"><code>(ignore|warn)</code></em>]
                    <em class="replaceable"><code>zone</code></em>
                   [<em class="replaceable"><code>filename</code></em>]
                </p></div>
              </dd>
<dt>
<a name="named-compilezone"></a><span class="term"><span class="command"><strong>named-compilezone</strong></span></span>
</dt>
<dd>
                <p>
                  Similar to <span class="command"><strong>named-checkzone,</strong></span> but
                  it always dumps the zone content to a specified file
                  (typically in a different format).
                </p>
              </dd>
<dt>
<a name="rndc"></a><span class="term"><span class="command"><strong>rndc</strong></span></span>
</dt>
<dd>
                <p>
                  The remote name daemon control
                  (<span class="command"><strong>rndc</strong></span>) program allows the
                  system
                  administrator to control the operation of a name server.
                  Since <acronym class="acronym">BIND</acronym> 9.2, <span class="command"><strong>rndc</strong></span>
                  supports all the commands of the BIND 8 <span class="command"><strong>ndc</strong></span>
                  utility except <span class="command"><strong>ndc start</strong></span> and
                  <span class="command"><strong>ndc restart</strong></span>, which were also
                  not supported in <span class="command"><strong>ndc</strong></span>'s
                  channel mode.
                  If you run <span class="command"><strong>rndc</strong></span> without any
                  options
                  it will display a usage message as follows:
                </p>
                <div class="cmdsynopsis"><p>
                  <code class="command">rndc</code>
                   [-c <em class="replaceable"><code>config</code></em>]
                   [-s <em class="replaceable"><code>server</code></em>]
                   [-p <em class="replaceable"><code>port</code></em>]
                   [-y <em class="replaceable"><code>key</code></em>]
                    <em class="replaceable"><code>command</code></em>
                   [<em class="replaceable"><code>command</code></em>...]
                </p></div>

                <p>See <a class="xref" href="man.rndc.html" title="rndc"><span class="refentrytitle"><span class="application">rndc</span></span>(8)</a> for details of
                  the available <span class="command"><strong>rndc</strong></span> commands.
                </p>

                <p>
                  <span class="command"><strong>rndc</strong></span> requires a configuration file,
                  since all
                  communication with the server is authenticated with
                  digital signatures that rely on a shared secret, and
                  there is no way to provide that secret other than with a
                  configuration file.  The default location for the
                  <span class="command"><strong>rndc</strong></span> configuration file is
                  <code class="filename">/etc/rndc.conf</code>, but an
                  alternate
                  location can be specified with the <code class="option">-c</code>
                  option.  If the configuration file is not found,
                  <span class="command"><strong>rndc</strong></span> will also look in
                  <code class="filename">/etc/rndc.key</code> (or whatever
                  <code class="varname">sysconfdir</code> was defined when
                  the <acronym class="acronym">BIND</acronym> build was
                  configured).
                  The <code class="filename">rndc.key</code> file is
                  generated by
                  running <span class="command"><strong>rndc-confgen -a</strong></span> as
                  described in
                  <a class="xref" href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and Usage">the section called &#8220;<span class="command"><strong>controls</strong></span> Statement Definition and
          Usage&#8221;</a>.
                </p>

                <p>
                  The format of the configuration file is similar to
                  that of <code class="filename">named.conf</code>, but
                  limited to
                  only four statements, the <span class="command"><strong>options</strong></span>,
                  <span class="command"><strong>key</strong></span>, <span class="command"><strong>server</strong></span> and
                  <span class="command"><strong>include</strong></span>
                  statements.  These statements are what associate the
                  secret keys to the servers with which they are meant to
                  be shared.  The order of statements is not
                  significant.
                </p>

                <p>
                  The <span class="command"><strong>options</strong></span> statement has
                  three clauses:
                  <span class="command"><strong>default-server</strong></span>, <span class="command"><strong>default-key</strong></span>,
                  and <span class="command"><strong>default-port</strong></span>.
                  <span class="command"><strong>default-server</strong></span> takes a
                  host name or address argument  and represents the server
                  that will
                  be contacted if no <code class="option">-s</code>
                  option is provided on the command line.
                  <span class="command"><strong>default-key</strong></span> takes
                  the name of a key as its argument, as defined by a <span class="command"><strong>key</strong></span> statement.
                  <span class="command"><strong>default-port</strong></span> specifies the
                  port to which
                  <span class="command"><strong>rndc</strong></span> should connect if no
                  port is given on the command line or in a
                  <span class="command"><strong>server</strong></span> statement.
                </p>

                <p>
                  The <span class="command"><strong>key</strong></span> statement defines a
                  key to be used
                  by <span class="command"><strong>rndc</strong></span> when authenticating
                  with
                  <span class="command"><strong>named</strong></span>.  Its syntax is
                  identical to the
                  <span class="command"><strong>key</strong></span> statement in <code class="filename">named.conf</code>.
                  The keyword <strong class="userinput"><code>key</code></strong> is
                  followed by a key name, which must be a valid
                  domain name, though it need not actually be hierarchical;
                  thus,
                  a string like "<strong class="userinput"><code>rndc_key</code></strong>" is a valid
                  name.
                  The <span class="command"><strong>key</strong></span> statement has two
                  clauses:
                  <span class="command"><strong>algorithm</strong></span> and <span class="command"><strong>secret</strong></span>.
                  While the configuration parser will accept any string as the
                  argument
                  to algorithm, currently only the strings
                  "<strong class="userinput"><code>hmac-md5</code></strong>",
                  "<strong class="userinput"><code>hmac-sha1</code></strong>",
                  "<strong class="userinput"><code>hmac-sha224</code></strong>",
                  "<strong class="userinput"><code>hmac-sha256</code></strong>",
                  "<strong class="userinput"><code>hmac-sha384</code></strong>"
                  and "<strong class="userinput"><code>hmac-sha512</code></strong>"
                  have any meaning.  The secret is a Base64 encoded string
                  as specified in RFC 3548.
                </p>

                <p>
                  The <span class="command"><strong>server</strong></span> statement
                  associates a key
                  defined using the <span class="command"><strong>key</strong></span>
                  statement with a server.
                  The keyword <strong class="userinput"><code>server</code></strong> is followed by a
                  host name or address.  The <span class="command"><strong>server</strong></span> statement
                  has two clauses: <span class="command"><strong>key</strong></span> and <span class="command"><strong>port</strong></span>.
                  The <span class="command"><strong>key</strong></span> clause specifies the
                  name of the key
                  to be used when communicating with this server, and the
                  <span class="command"><strong>port</strong></span> clause can be used to
                  specify the port <span class="command"><strong>rndc</strong></span> should
                  connect
                  to on the server.
                </p>

                <p>
                  A sample minimal configuration file is as follows:
                </p>

<pre class="programlisting">
key rndc_key {
     algorithm "hmac-sha256";
     secret
       "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};
options {
     default-server 127.0.0.1;
     default-key    rndc_key;
};
</pre>

                <p>
                  This file, if installed as <code class="filename">/etc/rndc.conf</code>,
                  would allow the command:
                </p>

                <p>
                  <code class="prompt">$ </code><strong class="userinput"><code>rndc reload</code></strong>
                </p>

                <p>
                  to connect to 127.0.0.1 port 953 and cause the name server
                  to reload, if a name server on the local machine were
                  running with
                  following controls statements:
                </p>

<pre class="programlisting">
controls {
        inet 127.0.0.1
            allow { localhost; } keys { rndc_key; };
};
</pre>

                <p>
                  and it had an identical key statement for
                  <code class="literal">rndc_key</code>.
                </p>

                <p>
                  Running the <span class="command"><strong>rndc-confgen</strong></span>
                  program will
                  conveniently create a <code class="filename">rndc.conf</code>
                  file for you, and also display the
                  corresponding <span class="command"><strong>controls</strong></span>
                  statement that you need to
                  add to <code class="filename">named.conf</code>.
                  Alternatively,
                  you can run <span class="command"><strong>rndc-confgen -a</strong></span>
                  to set up
                  a <code class="filename">rndc.key</code> file and not
                  modify
                  <code class="filename">named.conf</code> at all.
                </p>

              </dd>
</dl></div>

        </div>
      </div>

      <div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="signals"></a>Signals</h3></div></div></div>
        <p>
          Certain UNIX signals cause the name server to take specific
          actions, as described in the following table.  These signals can
          be sent using the <span class="command"><strong>kill</strong></span> command.
        </p>
        <div class="informaltable">
          <table border="1">
<colgroup>
<col width="1.125in" class="1">
<col width="4.000in" class="2">
</colgroup>
<tbody>
<tr>
<td>
                  <p><span class="command"><strong>SIGHUP</strong></span></p>
                </td>
<td>
                  <p>
                    Causes the server to read <code class="filename">named.conf</code> and
                    reload the database.
                  </p>
                </td>
</tr>
<tr>
<td>
                  <p><span class="command"><strong>SIGTERM</strong></span></p>
                </td>
<td>
                  <p>
                    Causes the server to clean up and exit.
                  </p>
                </td>
</tr>
<tr>
<td>
                  <p><span class="command"><strong>SIGINT</strong></span></p>
                </td>
<td>
                  <p>
                    Causes the server to clean up and exit.
                  </p>
                </td>
</tr>
</tbody>
</table>
        </div>
      </div>
    </div>
  </div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left">
<a accesskey="p" href="Bv9ARM.ch02.html">Prev</a>�</td>
<td width="20%" align="center">�</td>
<td width="40%" align="right">�<a accesskey="n" href="Bv9ARM.ch04.html">Next</a>
</td>
</tr>
<tr>
<td width="40%" align="left" valign="top">Chapter�2.�<acronym class="acronym">BIND</acronym> Resource Requirements�</td>
<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
<td width="40%" align="right" valign="top">�Chapter�4.�Advanced DNS Features</td>
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
</body>
</html>