Bv9ARM.ch12.html revision fa535fa05f36a1a45027faf9d116cfa3249d9d72
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook - Copyright (C) 2000-2003 Internet Software Consortium.
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook - Permission to use, copy, modify, and/or distribute this software for any
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook - purpose with or without fee is hereby granted, provided that the above
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook - copyright notice and this permission notice appear in all copies.
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook - PERFORMANCE OF THIS SOFTWARE.
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<!-- $Id$ -->
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<title>Appendix�D.�BIND 9 DNS Library Support</title>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<link rel="prev" href="Bv9ARM.ch11.html" title="Appendix�C.�General DNS Reference Information">
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<link rel="next" href="Bv9ARM.ch13.html" title="Manual pages">
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<tr><th colspan="3" align="center">Appendix�D.�BIND 9 DNS Library Support</th></tr>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<a accesskey="p" href="Bv9ARM.ch11.html">Prev</a>�</td>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch13.html">Next</a>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<a name="Bv9ARM.ch12"></a>Appendix�D.�BIND 9 DNS Library Support</h2></div></div></div>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<dt><span class="sect1"><a href="Bv9ARM.ch12.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2616563">Prerequisite</a></span></dt>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2616572">Compilation</a></span></dt>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614344">Installation</a></span></dt>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614375">Known Defects/Restrictions</a></span></dt>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614930">The dns.conf File</a></span></dt>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614956">Sample Applications</a></span></dt>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2616202">Library References</a></span></dt>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<div class="titlepage"><div><div><h2 class="title" style="clear: both">
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<a name="bind9.library"></a>BIND 9 DNS Library Support</h2></div></div></div>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<p>This version of BIND 9 "exports" its internal libraries so
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook that they can be used by third-party applications more easily (we
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook call them "export" libraries in this document). In addition to
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook all major DNS-related APIs BIND 9 is currently using, the export
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook libraries provide the following features:</p>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<li><p>The newly created "DNS client" module. This is a higher
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook level API that provides an interface to name resolution,
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook single DNS transaction with a particular server, and dynamic
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook update. Regarding name resolution, it supports advanced
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook features such as DNSSEC validation and caching. This module
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook supports both synchronous and asynchronous mode.</p></li>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<li><p>The new "IRS" (Information Retrieval System) library.
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook It provides an interface to parse the traditional resolv.conf
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook file and more advanced, DNS-specific configuration file for
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook the rest of this package (see the description for the
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<li><p>As part of the IRS library, newly implemented standard
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook address-name mapping functions, getaddrinfo() and
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook getnameinfo(), are provided. They use the DNSSEC-aware
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook validating resolver backend, and could use other advanced
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook features of the BIND 9 libraries such as caching. The
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook getaddrinfo() function resolves both A and AAAA RRs
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook concurrently (when the address family is unspecified).</p></li>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<li><p>An experimental framework to support other event
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook libraries than BIND 9's internal event task system.</p></li>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<a name="id2616563"></a>Prerequisite</h3></div></div></div>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<p>GNU make is required to build the export libraries (other
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook part of BIND 9 can still be built with other types of make). In
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook the reminder of this document, "make" means GNU make. Note that
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook in some platforms you may need to invoke a different command name
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook than "make" (e.g. "gmake") to indicate it's GNU make.</p>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<a name="id2616572"></a>Compilation</h3></div></div></div>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook$ <strong class="userinput"><code>/configure --enable-exportlib <em class="replaceable"><code>[other flags]</code></em></code></strong>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook$ <strong class="userinput"><code>make</code></strong>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook This will create (in addition to usual BIND 9 programs) and a
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook separate set of libraries under the lib/export directory. For
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook example, <code class="filename">lib/export/dns/libdns.a</code> is the archive file of the
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook export version of the BIND 9 DNS library. Sample application
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook programs using the libraries will also be built under the
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<a name="id2614344"></a>Installation</h3></div></div></div>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook$ <strong class="userinput"><code>cd lib/export</code></strong>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook$ <strong class="userinput"><code>make install</code></strong>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook This will install library object files under the directory
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook specified by the --with-export-libdir configure option (default:
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook EPREFIX/lib/bind9), and header files under the directory
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook specified by the --with-export-includedir configure option
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook Root privilege is normally required.
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook "<span><strong class="command">make install</strong></span>" at the top directory will do the
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook To see how to build your own
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook application after the installation, see
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook <code class="filename">lib/export/samples/Makefile-postinstall.in</code>.</p>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<a name="id2614375"></a>Known Defects/Restrictions</h3></div></div></div>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<li><p>Currently, win32 is not supported for the export
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook library. (Normal BIND 9 application can be built as
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<p>The "fixed" RRset order is not (currently) supported in
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook the export library. If you want to use "fixed" RRset order
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook for, e.g. <span><strong class="command">named</strong></span> while still building the
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook export library even without the fixed order support, build
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook them separately:
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook$ <strong class="userinput"><code>/configure --enable-fixed-rrset <em class="replaceable"><code>[other flags, but not --enable-exportlib]</code></em></code></strong>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook$ <strong class="userinput"><code>make</code></strong>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook$ <strong class="userinput"><code>/configure --enable-exportlib <em class="replaceable"><code>[other flags, but not --enable-fixed-rrset]</code></em></code></strong>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook$ <strong class="userinput"><code>cd lib/export</code></strong>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook$ <strong class="userinput"><code>make</code></strong>
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<li><p>The client module and the IRS library currently do not
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook support DNSSEC validation using DLV (the underlying modules
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook can handle it, but there is no tunable interface to enable
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<li><p>RFC 5011 is not supported in the validating stub
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook resolver of the export library. In fact, it is not clear
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook whether it should: trust anchors would be a system-wide
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook configuration which would be managed by an administrator,
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook while the stub resolver will be used by ordinary applications
f8126a79cb9116058bdaaa62ee7fd203234ff897keescook<li><p>Not all common <code class="filename">/etc/resolv.conf</code>
<a href="Bv9ARM.ch06.html#trusted-keys" title="trusted-keys Statement Grammar">the section called “<span><strong class="command">trusted-keys</strong></span> Statement Grammar”</a> for details.)</p>
example, to specify the following DNSKEY of example.com:
-e -k example.com -K "xxx"
"domain". Example: -s example.com:2001:db8::1234
<a name="id2615056"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div>
<a name="id2615173"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div>
returned by getaddrinfo(). If the dns.conf file exists and
<a name="id2615188"></a>sample-update: a simple dynamic update client program</h4></div></div></div>
dynamic.example.com zone has an IPv6 address 2001:db8::1234,
$ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key add "foo.dynamic.example.com 30 IN A 192.168.2.1"</code></strong></pre>
adds an A RR for foo.dynamic.example.com using the given key.
$ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dynamic.example.com 30 IN A"</code></strong></pre>
removes all A RRs for foo.dynamic.example.com using the given key.
$ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dynamic.example.com"</code></strong></pre>
removes all RRs for foo.dynamic.example.com using the given key.
<a name="id2616138"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div>
"example.com". In general this domain name must be the apex
"www.example.com"). nsprobe first identifies the NS RRsets for