Bv9ARM.html revision bafdc1ebe80e1bc359bfbb48aa88790c7bbdc749
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy - Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy - Copyright (C) 2000-2003 Internet Software Consortium.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy - Permission to use, copy, modify, and/or distribute this software for any
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy - purpose with or without fee is hereby granted, provided that the above
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy - copyright notice and this permission notice appear in all copies.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
a192d1c0eb1d05a03ead3c7f898e864e4bf0399cPatrick Mooney - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy - PERFORMANCE OF THIS SOFTWARE.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy<!-- $Id: Bv9ARM.html,v 1.287 2011/11/24 01:14:51 tbox Exp $ -->
a192d1c0eb1d05a03ead3c7f898e864e4bf0399cPatrick Mooney<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy<title>BIND 9 Administrator Reference Manual</title>
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
a192d1c0eb1d05a03ead3c7f898e864e4bf0399cPatrick Mooney<link rel="next" href="Bv9ARM.ch01.html" title="Chapter�1.�Introduction">
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy<table width="100%" summary="Navigation header">
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy<tr><th colspan="3" align="center">BIND 9 Administrator Reference Manual</th></tr>
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch01.html">Next</a>
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy<a name="id2563174"></a>BIND 9 Administrator Reference Manual</h1></div>
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy<div><p class="copyright">Copyright � 2004-2011 Internet Systems Consortium, Inc. ("ISC")</p></div>
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy<div><p class="copyright">Copyright � 2000-2003 Internet Software Consortium.</p></div>
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy<dt><span class="chapter"><a href="Bv9ARM.ch01.html">1. Introduction</a></span></dt>
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564371">Scope of Document</a></span></dt>
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564394">Organization of This Document</a></span></dt>
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564534">Conventions Used in This Document</a></span></dt>
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564715">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564771">Domains and Domain Names</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567253">Authoritative Name Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567556">Name Servers in Multiple Roles</a></span></dt>
<dt><span class="chapter"><a href="Bv9ARM.ch02.html">2. <acronym class="acronym">BIND</acronym> Resource Requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567724">Name Server Intensive Environment Issues</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567735">Supported Operating Systems</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567767">A Caching-only Name Server</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567988">An Authoritative-only Name Server</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568370">Tools for Use With the Name Server Daemon</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564053">Example split DNS setup</a></span></dt></dl></dd>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571722">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571796">Copying the Shared Secret to Both Machines</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571806">Informing the Servers of the Key's Existence</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571979">Instructing the Server to Use the Key</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572105">TSIG Key Based Access Control</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dnssec.dynamic.zones">DNSSEC, Dynamic Zones, and Automatic Signing</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608427">Converting from insecure to secure</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608465">Dynamic DNS update method</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563513">Fully automatic zone signing</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563803">Dynamic DNS update method</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563836">Automatic key rollovers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563863">NSEC3PARAM rollovers via UPDATE</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563873">Converting from NSEC to NSEC3</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563882">Converting from NSEC3 to NSEC</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571200">Converting from secure to insecure</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#rfc5011.support">Dynamic Trust Anchor Management</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#pkcs11">PKCS #11 (Cryptoki) support</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608755">Building BIND 9 with PKCS#11</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2611537">Specifying the engine on the command line</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2611582">Running named with automatic zone re-signing</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572802">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573068">Address Lookups Using AAAA Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573090">Address to Name Lookups Using Nibble Format</a></span></dt>
<dt><span class="chapter"><a href="Bv9ARM.ch05.html">5. The <acronym class="acronym">BIND</acronym> 9 Lightweight Resolver</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2573123">The Lightweight Resolver Library</a></span></dt>
<dt><span class="chapter"><a href="Bv9ARM.ch06.html">6. <acronym class="acronym">BIND</acronym> 9 Configuration Reference</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575193"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575383"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575742"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575760"><span><strong class="command">include</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575783"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575806"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575965"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576160"><span><strong class="command">logging</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578117"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578259"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578323"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578366"><span><strong class="command">masters</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578388"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#statschannels"><span><strong class="command">statistics-channels</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590061"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#trusted-keys"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590201"><span><strong class="command">trusted-keys</strong></span> Statement Definition
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590248"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#managed-keys"><span><strong class="command">managed-keys</strong></span> Statement Definition
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590742"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2592422"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598082">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598697">Inverse Mapping in IPv4</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598824">Other Zone File Directives</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2599029"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch06.html#statistics_counters">Statistics Counters</a></span></dt></dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch07.html">7. <acronym class="acronym">BIND</acronym> 9 Security Considerations</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2603817"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603898">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603958">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2604043">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2604055">Incrementing and Changing the Serial Number</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2604442">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2607654">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609179">Known Defects/Restrictions</a></span></dt>
<span class="refentrytitle"><a href="man.dig.html">dig</a></span><span class="refpurpose"> — DNS lookup utility</span>
<span class="refentrytitle"><a href="man.host.html">host</a></span><span class="refpurpose"> — DNS lookup utility</span>
<span class="refentrytitle"><a href="man.dnssec-dsfromkey.html"><span class="application">dnssec-dsfromkey</span></a></span><span class="refpurpose"> — DNSSEC DS RR generation tool</span>
<span class="refentrytitle"><a href="man.dnssec-keyfromlabel.html"><span class="application">dnssec-keyfromlabel</span></a></span><span class="refpurpose"> — DNSSEC key generation tool</span>
<span class="refentrytitle"><a href="man.dnssec-keygen.html"><span class="application">dnssec-keygen</span></a></span><span class="refpurpose"> — DNSSEC key generation tool</span>
<span class="refentrytitle"><a href="man.dnssec-revoke.html"><span class="application">dnssec-revoke</span></a></span><span class="refpurpose"> — Set the REVOKED bit on a DNSSEC key</span>
<span class="refentrytitle"><a href="man.dnssec-settime.html"><span class="application">dnssec-settime</span></a></span><span class="refpurpose"> — Set the key timing metadata for a DNSSEC key</span>
<span class="refentrytitle"><a href="man.dnssec-signzone.html"><span class="application">dnssec-signzone</span></a></span><span class="refpurpose"> — DNSSEC zone signing tool</span>
<span class="refentrytitle"><a href="man.named-checkconf.html"><span class="application">named-checkconf</span></a></span><span class="refpurpose"> — named configuration file syntax checking tool</span>
<span class="refentrytitle"><a href="man.named-checkzone.html"><span class="application">named-checkzone</span></a></span><span class="refpurpose"> — zone file validity checking or converting tool</span>
<span class="refentrytitle"><a href="man.named.html"><span class="application">named</span></a></span><span class="refpurpose"> — Internet domain name server</span>
<span class="refentrytitle"><a href="man.named-journalprint.html"><span class="application">named-journalprint</span></a></span><span class="refpurpose"> — print zone journal in human-readable form</span>
<span class="refentrytitle"><a href="man.nsupdate.html"><span class="application">nsupdate</span></a></span><span class="refpurpose"> — Dynamic DNS update utility</span>
<span class="refentrytitle"><a href="man.rndc.html"><span class="application">rndc</span></a></span><span class="refpurpose"> — name server control utility</span>
<span class="refentrytitle"><a href="man.rndc.conf.html"><code class="filename">rndc.conf</code></a></span><span class="refpurpose"> — rndc configuration file</span>
<span class="refentrytitle"><a href="man.rndc-confgen.html"><span class="application">rndc-confgen</span></a></span><span class="refpurpose"> — rndc key generation tool</span>
<span class="refentrytitle"><a href="man.ddns-confgen.html"><span class="application">ddns-confgen</span></a></span><span class="refpurpose"> — ddns key generation tool</span>
<span class="refentrytitle"><a href="man.arpaname.html"><span class="application">arpaname</span></a></span><span class="refpurpose"> — translate IP addresses to the corresponding ARPA names</span>
<span class="refentrytitle"><a href="man.genrandom.html"><span class="application">genrandom</span></a></span><span class="refpurpose"> — generate a file containing random data</span>
<span class="refentrytitle"><a href="man.isc-hmac-fixup.html"><span class="application">isc-hmac-fixup</span></a></span><span class="refpurpose"> — fixes HMAC keys generated by older versions of BIND</span>
<span class="refentrytitle"><a href="man.nsec3hash.html"><span class="application">nsec3hash</span></a></span><span class="refpurpose"> — generate NSEC3 hash</span>