<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
<!--
- Copyright (C) 2000 Internet Software Consortium.
- -
+ -
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- - ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- - OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- - CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- - DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- - PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- - ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- - SOFTWARE.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+ - DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+ - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+ - INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+ - FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ - NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.1.html,v 1.5.2.3 2000/07/12 17:57:38 gson Exp $ -->
+<!-- $Id: Bv9ARM.1.html,v 1.5.2.4 2000/08/22 19:29:05 gson Exp $ -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
<HTML>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
<!--
- Copyright (C) 2000 Internet Software Consortium.
- -
+ -
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- - ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- - OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- - CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- - DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- - PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- - ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- - SOFTWARE.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+ - DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+ - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+ - INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+ - FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ - NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.2.html,v 1.5.2.3 2000/07/12 17:57:39 gson Exp $ -->
+<!-- $Id: Bv9ARM.2.html,v 1.5.2.4 2000/08/22 19:29:06 gson Exp $ -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
<HTML>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
<!--
- Copyright (C) 2000 Internet Software Consortium.
- -
+ -
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- - ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- - OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- - CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- - DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- - PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- - ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- - SOFTWARE.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+ - DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+ - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+ - INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+ - FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ - NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.3.html,v 1.5.2.4 2000/07/13 03:16:31 gson Exp $ -->
+<!-- $Id: Bv9ARM.3.html,v 1.5.2.5 2000/08/22 19:29:08 gson Exp $ -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
<HTML>
<LINK REL="STYLESHEET" HREF="Bv9ARM.css">
<TITLE> Section 3. Nameserver Configuration</TITLE></HEAD>
<BODY BGCOLOR="#ffffff">
-<OL>
+
<H1 CLASS="1Level">
<A NAME="pgfId=997350">
</A>
Section 3. Nameserver Configuration</H1>
-</OL>
+
<P CLASS="1LevelContinued">
<A NAME="pgfId=997351">
</A>
In this section we provide some suggested configurations along with guidelines for their use. We also address the topic of reasonable option setting.</P>
<DIV>
-<OL>
+
<H3 CLASS="2Level">
<A NAME="pgfId=997353">
</A>
3.1 <A NAME="30164">
</A>
Sample Configurations</H3>
-</OL>
+
<DIV>
-<OL>
+
<H4 CLASS="3Level">
<A NAME="pgfId=1079232">
</A>
3.1.1 A Caching-only Nameserver</H4>
-</OL>
+
<P CLASS="3LevelContinued">
<A NAME="pgfId=1079238">
</A>
</PRE>
</DIV>
<DIV>
-<OL>
+
<H4 CLASS="3Level">
<A NAME="pgfId=1079323">
</A>
3.1.2 An Authoritative-only Nameserver</H4>
-</OL>
+
<P CLASS="3LevelContinued">
<A NAME="pgfId=1079327">
</A>
-This sample configuration is for an authoritative-only server that is the master server for "<EM CLASS="pathname">
-example.com</EM>
-" and a slave for the subdomain "<EM CLASS="pathname">
-eng.example.com</EM>
-".</P>
+This sample configuration is for an authoritative-only server that is the master server for "<EM CLASS="pathname">example.com</EM>" and a slave for the subdomain "<EM CLASS="pathname">eng.example.com</EM>".</P>
<PRE>
<CODE><STRONG>options {
</DIV>
</DIV>
<DIV>
-<OL>
+
<H3 CLASS="2Level">
<A NAME="pgfId=997410">
</A>
3.2 Load Balancing</H3>
-</OL>
+
<P CLASS="2LevelContinued">
<A NAME="pgfId=997411">
</A>
<A NAME="pgfId=997412">
</A>
For example, if you have three WWW servers with network addresses of 10.0.0.1, 10.0.0.2 and 10.0.0.3, a set of records such as the following means that clients will connect to each machine one third of the time:</P>
+
<PRE CLASS="2Level-fixed1"><A NAME="pgfId=997454"></A>
</PRE>
<TABLE>
statement under <A HREF="Bv9ARM.6.html#22766" CLASS="XRef">RRset Ordering</A>. This substatement is not supported in BIND 9, and only the ordering scheme described above is available.</P>
</DIV>
<DIV>
-<OL>
+
<H3 CLASS="2Level">
<A NAME="pgfId=997460">
</A>
3.3 <A NAME="35205">
</A>
Notify</H3>
-</OL>
+
<P CLASS="2LevelContinued">
<A NAME="pgfId=997461">
</A>
-DNS Notify is a mechanism that allows master nameservers to notify their slave servers of changes to a zone's data. In response to a <CODE CLASS="Program-Process">
-NOTIFY</CODE>
- from a master server, the slave will check to see that its version of the zone is the current version and, if not, initiate a transfer.</P>
+DNS Notify is a mechanism that allows master nameservers to notify their slave servers of changes to a zone's data. In response to a <CODE CLASS="Program-Process">NOTIFY</CODE> from a master server, the slave will check to see that its version of the zone is the current version and, if not, initiate a transfer.</P>
+
<P CLASS="2LevelContinued">
<A NAME="pgfId=1078896">
</A>
DNS Notify is fully documented in RFC 1996. See also the description of the zone option <CODE CLASS="Program-Process">
also-notify</CODE>
- under <A HREF="Bv9ARM.6.html#32057" CLASS="XRef">Zone Transfers</A>
-. More information about <CODE CLASS="Program-Process">
-notify</CODE>
- can be found under <A HREF="Bv9ARM.6.html#12205" CLASS="XRef">Boolean Options</A>
-.</P>
+ under <A HREF="Bv9ARM.6.html#32057" CLASS="XRef">Zone Transfers</A>. More information about <CODE CLASS="Program-Process">notify</CODE> can be found under <A HREF="Bv9ARM.6.html#12205" CLASS="XRef">Boolean Options</A>.</P>
</DIV>
<DIV>
-<OL>
+
<H3 CLASS="2Level">
<A NAME="pgfId=1078903">
</A>
3.4 Nameserver Operations</H3>
-</OL>
+
<DIV>
-<OL>
+
<H4 CLASS="3Level">
<A NAME="pgfId=997464">
</A>
3.4.1 Tools for Use With the Nameserver Daemon</H4>
-</OL>
+
<P CLASS="3LevelContinued">
<A NAME="pgfId=997465">
</A>
There are several indispensable diagnostic, administrative and monitoring tools available to the system administrator for controlling and debugging the nameserver daemon. We describe several in this section </P>
<DIV>
-<OL>
+
<H5 CLASS="4Level">
<A NAME="pgfId=997466">
</A>
3.4.1.1 Diagnostic Tools</H5>
-</OL>
+
</DIV>
<DIV>
<H5 CLASS="Subhead4">
<P CLASS="4LevelContinued">
<A NAME="pgfId=1079184">
</A>
-Due to its arcane user interface and frequently inconsistent behavior, we do not recommend the use of <CODE CLASS="Program-Process">
-nslookup</CODE>
-, and it is not installed by default when installing BIND 9. Use <CODE CLASS="Program-Process">
-dig</CODE>
- instead.</P>
+Due to its arcane user interface and frequently inconsistent behavior, we do not recommend the use of <CODE CLASS="Program-Process">nslookup</CODE>. Use <CODE CLASS="Program-Process">dig</CODE> instead.</P>
</DIV>
<DIV>
-<OL>
+
<H5 CLASS="4Level">
<A NAME="pgfId=1079185">
</A>
3.4.1.2 Administrative Tools</H5>
-</OL>
+
<P CLASS="4LevelContinued">
<A NAME="pgfId=997488">
</A>
<p>As noted above, "reload" is the only command available for BIND 9.0.0.
The other commands, and more, are planned to be implemented for future
releases.</p>
- <p> A configuration file is required, since all communication with the
- server is authenticated with digital signatures that rely on a shared
- secret, and there is no way to provide that secret other than with a
- configuration file. The default location for the rndc configuration
- file is <EM>/etc/rndc.conf</EM>, but an alternate location can be specified with
- the "<CODE>-c</CODE>" option.</p>
- <p>The format of the configuration file is similar to that of named.conf,
- but limited to only three statements, the <CODE>options{}</CODE>, <CODE>key{}</CODE> and <CODE>server{}</CODE>
- statements. These statements are what associate the secret keys to the
- servers with which they are meant to be shared. The order of statements
- is not significant.</p>
- <p>The <CODE>options{}</CODE> statement has two clauses: <CODE>default-server</CODE> and default-key.
- <CODE>default-server</CODE> takes a host name or address argument and represents the server that will be contacted if
- no "<CODE>-s</CODE>" option is provided on the command line. default-key takes the
- name of the key as its argument, as defined by a <CODE>key{}</CODE> statement. In
- the future a default-port clause will be added to specify the port to
- which <CODE>rndc</CODE> should connect.</p>
- <p>The <CODE>key{}</CODE> statement names a key with its string argument. The string
- is required by the server to be a valid domain name, though it need
- not actually be hierarchical; thus, a string like "rndc_key" is a valid
- name. The <CODE>key{}</CODE> statement has two clauses: <CODE>algorithm</CODE> and <CODE>secret</CODE>. While
- the configuration parser will accept any string as the argument to algorithm,
- currently only the string "hmac-md5" has any meaning. The secret is
- a base-64 encoded string, typically generated with either <CODE>dnssec-keygen</CODE>
- or <CODE>mmencode</CODE>.</p>
- <p>The <CODE>server{}</CODE> statement uses the key clause to associate a <CODE>key{}</CODE>-defined
- key with a server. The argument to the <CODE>server{}</CODE> statement is a host
- name or address (addresses must be double quoted). The argument to the
- key clause is the name of key as defined by the <CODE>key{}</CODE> statement. A port
- clause will be added to a future release to specify the port to which
- rndc should connect on the given server.</p>
- <p>A sample minimal configuration file is as follows:</p>
- <PRE>
-<CODE><STRONG>key rndc_key {
+ <p> A configuration file is required, since all communication with the server is authenticated with digital signatures that rely on a shared secret, and there is no way to provide that secret other than with a configuration file. The default location for the rndc configuration file is <EM>/etc/rndc.conf</EM>, but an alternate location can be specified with the "<CODE>-c</CODE>" option.</p>
+
+<p>The format of the configuration file is similar to that of named.conf, but limited to only three statements, the <CODE>options{}</CODE>, <CODE>key{}</CODE> and <CODE>server{}</CODE> statements. These statements are what associate the secret keys to the servers with which they are meant to be shared. The order of statements is not significant.</p>
+
+<p>The <CODE>options{}</CODE> statement has two clauses: <CODE>default-server</CODE> and default-key. <CODE>default-server</CODE> takes a host name or address argument and represents the server that will be contacted if no "<CODE>-s</CODE>" option is provided on the command line. default-key takes the name of the key as its argument, as defined by a <CODE>key{}</CODE> statement. In the future a default-port clause will be added to specify the port to which <CODE>rndc</CODE> should connect.</p>
+
+<p>The <CODE>key{}</CODE> statement names a key with its string argument. The string is required by the server to be a valid domain name, though it need not actually be hierarchical; thus, a string like "rndc_key" is a valid name. The <CODE>key{}</CODE> statement has two clauses: <CODE>algorithm</CODE> and <CODE>secret</CODE>. While the configuration parser will accept any string as the argument to algorithm, currently only the string "hmac-md5" has any meaning. The secret is a base-64 encoded string, typically generated with either <CODE>dnssec-keygen</CODE> or <CODE>mmencode</CODE>.</p>
+
+<p>The <CODE>server{}</CODE> statement uses the key clause to associate a <CODE>key{}</CODE>-defined key with a server. The argument to the <CODE>server{}</CODE> statement is a host name or address (addresses must be double quoted). The argument to the key clause is the name of key as defined by the <CODE>key{}</CODE> statement. A port clause will be added to a future release to specify the port to which rndc should connect on the given server.</p>
+
+<p>A sample minimal configuration file is as follows:</p>
+<PRE><CODE><STRONG>key rndc_key {
algorithm "hmac-md5";
secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};</STRONG></CODE>
default-key rndc_key;
};</STRONG></CODE>
</PRE>
- <p>This file, if installed as<EM> /etc/rndc.conf</EM>, would allow the command:</p>
- <p> <strong><code>$ rndc reload</code></strong></p>
- <p>to connect to 127.0.0.1 port 953 and cause the nameserver to reload,
- if a nameserver on the local machine were running with following controls
- statements:</p>
- <PRE>
-<CODE><STRONG>controls {
+
+<p>This file, if installed as<EM> /etc/rndc.conf</EM>, would allow the command:</p>
+
+<p><strong><code>$ rndc reload</code></strong></p>
+
+<p>to connect to 127.0.0.1 port 953 and cause the nameserver to reload, if a nameserver on the local machine were running with following controls statements:</p>
+<PRE><CODE><STRONG>controls {
inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};</STRONG></CODE>
</PRE>
- <p>and it had an identical key statement for <CODE>rndc_key</CODE>.</p>
- <P CLASS="4LevelContinued"> </P>
+
+<p>and it had an identical key statement for <CODE>rndc_key</CODE>.</p>
+
+<P CLASS="4LevelContinued"> </P>
</DIV>
<H4 CLASS="3Level">
<A NAME="pgfId=998650">
<p>Return to <A href="Bv9ARM.html">BIND 9 Administrator Reference Manual</A> table of contents.</p>
-
</div></BODY></HTML>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
<!--
- Copyright (C) 2000 Internet Software Consortium.
- -
+ -
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- - ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- - OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- - CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- - DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- - PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- - ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- - SOFTWARE.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+ - DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+ - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+ - INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+ - FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ - NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.4.html,v 1.5.2.3 2000/07/12 17:57:42 gson Exp $ -->
+<!-- $Id: Bv9ARM.4.html,v 1.5.2.4 2000/08/22 19:29:09 gson Exp $ -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
<HTML>
Kchild.example.+003+12345.key</EM>
and <EM CLASS="pathname">
Kchild.example.+003+12345.private</EM>
- (where 12345 is an example of a key identifier). The key file names contain the key name (<EM CLASS="pathname">
+ (where 12345 is an example of a key tag). The key file names contain the key name (<EM CLASS="pathname">
child.example.</EM>
-), algorithm (3 is DSA, 1 is RSA, etc.), and the key identifier (12345 in this case). The private key (in the <EM CLASS="pathname">
+), algorithm (3 is DSA, 1 is RSA, etc.), and the key tag (12345 in this case). The private key (in the <EM CLASS="pathname">
.private</EM>
file) is used to generate signatures, and the public key (in the <EM CLASS="pathname">
.key</EM>
<P CLASS="2LevelContinued">
<A NAME="pgfId=1039819">
</A>
-To generate another key with the same properties (but with a different key identifier), repeat the above command.</P>
+To generate another key with the same properties (but with a different key tag), repeat the above command.</P>
<P CLASS="2LevelContinued">
<A NAME="pgfId=1039820">
</A>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
<!--
- Copyright (C) 2000 Internet Software Consortium.
- -
+ -
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- - ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- - OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- - CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- - DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- - PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- - ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- - SOFTWARE.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+ - DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+ - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+ - INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+ - FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ - NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.5.html,v 1.5.2.3 2000/07/12 17:57:43 gson Exp $ -->
+<!-- $Id: Bv9ARM.5.html,v 1.5.2.4 2000/08/22 19:29:10 gson Exp $ -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
<HTML>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
<!--
- Copyright (C) 2000 Internet Software Consortium.
- -
+ -
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- - ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- - OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- - CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- - DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- - PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- - ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- - SOFTWARE.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+ - DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+ - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+ - INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+ - FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ - NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.6.html,v 1.5.2.5 2000/07/26 23:20:17 bwelling Exp $ -->
+<!-- $Id: Bv9ARM.6.html,v 1.5.2.6 2000/08/22 19:29:12 gson Exp $ -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
<HTML>
[ </EM><KBD CLASS="Literal-user-input">directory</KBD><EM CLASS="Optional-meta-syntax"> </EM><EM CLASS="variable">path_name</EM><KBD CLASS="Literal-user-input">;</KBD><EM CLASS="Optional-meta-syntax"> ]
[ </EM><KBD CLASS="Literal-user-input">named-xfer</KBD><EM CLASS="Optional-meta-syntax"> </EM><EM CLASS="variable">path_name</EM><KBD CLASS="Literal-user-input">;</KBD><EM CLASS="Optional-meta-syntax"> ]
[ </EM><KBD CLASS="Literal-user-input">tkey-domain</KBD><EM CLASS="Optional-meta-syntax"> </EM><EM CLASS="variable">domainname</EM><KBD CLASS="Literal-user-input">;</KBD><EM CLASS="Optional-meta-syntax"> ]
- [ </EM><KBD CLASS="Literal-user-input">tkey-dhkey</KBD><EM CLASS="Optional-meta-syntax"> </EM><EM CLASS="variable">keyname</EM><EM CLASS="Optional-meta-syntax"> </EM><EM CLASS="variable">keyid</EM><KBD CLASS="Literal-user-input">;</KBD><EM CLASS="Optional-meta-syntax"> ]
+ [ </EM><KBD CLASS="Literal-user-input">tkey-dhkey</KBD><EM CLASS="Optional-meta-syntax"> </EM><EM CLASS="variable">key_name</EM><EM CLASS="Optional-meta-syntax"> </EM><EM CLASS="variable">key_tag</EM><KBD CLASS="Literal-user-input">;</KBD><EM CLASS="Optional-meta-syntax"> ]
[ </EM><KBD CLASS="Literal-user-input">dump-file</KBD><EM CLASS="Optional-meta-syntax"> </EM><EM CLASS="variable">path_name</EM><KBD CLASS="Literal-user-input">;</KBD><EM CLASS="Optional-meta-syntax"> ]
[ </EM><KBD CLASS="Literal-user-input">memstatistics-file</KBD><EM CLASS="Optional-meta-syntax"> </EM><EM CLASS="variable">path_name</EM><KBD CLASS="Literal-user-input">;</KBD><EM CLASS="Optional-meta-syntax"> ]
[ </EM><KBD CLASS="Literal-user-input">pid-file</KBD><EM CLASS="Optional-meta-syntax"> </EM><EM CLASS="variable">path_name</EM><KBD CLASS="Literal-user-input">;</KBD><EM CLASS="Optional-meta-syntax"> ]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
<!--
- Copyright (C) 2000 Internet Software Consortium.
- -
+ -
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- - ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- - OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- - CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- - DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- - PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- - ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- - SOFTWARE.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+ - DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+ - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+ - INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+ - FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ - NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.7.html,v 1.5.2.3 2000/07/12 17:57:47 gson Exp $ -->
+<!-- $Id: Bv9ARM.7.html,v 1.5.2.4 2000/08/22 19:29:14 gson Exp $ -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
<HTML>
Here is an example of how to properly apply ACLs:</P>
<PRE>
-
+
<CODE><STRONG>// Set up an ACL named "bogusnets" that will block RFC1918 space,
// which is commonly used in spoofing attacks.
-
+
acl bogusnets { 0.0.0.0/8; 1.0.0.0/8; 2.0.0.0/8; 192.0.2.0/24; 224.0.0.0/3;
10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16; };
// Set up an ACL called our-nets. Replace this with the real IP numbers.
-
+
acl our-nets { x.x.x.x/24; x.x.x.x/21; };
-
+
options {
...
...
, and to run <CODE CLASS="Program-Process">
<STRONG>named setuid</STRONG></CODE>
to user 202:</P>
-
+
<PRE>
<CODE><STRONG>/usr/local/bin/named -u 202 -t /var/named
</STRONG></CODE></PRE>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
<!--
- Copyright (C) 2000 Internet Software Consortium.
- -
+ -
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- - ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- - OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- - CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- - DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- - PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- - ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- - SOFTWARE.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+ - DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+ - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+ - INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+ - FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ - NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.8.html,v 1.5.2.3 2000/07/12 17:57:48 gson Exp $ -->
+<!-- $Id: Bv9ARM.8.html,v 1.5.2.4 2000/08/22 19:29:15 gson Exp $ -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
<HTML>
<P CLASS="2LevelContinued">
<A NAME="pgfId=997394">
</A>
-To discuss arrangements for support, contact
+To discuss arrangements for support, contact
<A HREF="mailto:info@isc.org">info@isc.org</A>
<CODE CLASS="Program-Process">
</CODE>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
<!--
- Copyright (C) 2000 Internet Software Consortium.
- -
+ -
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- - ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- - OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- - CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- - DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- - PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- - ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- - SOFTWARE.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+ - DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+ - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+ - INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+ - FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ - NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.9.html,v 1.1.2.2 2000/07/12 17:57:49 gson Exp $ -->
+<!-- $Id: Bv9ARM.9.html,v 1.1.2.3 2000/08/22 19:29:17 gson Exp $ -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="Adobe FrameMaker 5.5/HTML Export Filter">
-<LINK REL="STYLESHEET" HREF="9APPENDICES.css">
+<LINK REL="STYLESHEET" HREF="Bv9ARM.css">
<TITLE>Appendices</TITLE></HEAD>
<BODY BGCOLOR="#ffffff">
<DIV>
font-size: 14.000000pt;
font-weight: Bold;
font-style: Regular;
- color: #0000ff;
+ color: #000000;
text-decoration: none;
vertical-align: baseline;
text-transform: none;
font-size: 11.000000pt;
font-weight: Bold;
font-style: Regular;
- color: #0000ff;
+ color: #000000;
text-decoration: none;
vertical-align: baseline;
text-transform: none;
font-size: 11.000000pt;
font-weight: Bold;
font-style: Regular;
- color: #0000ff;
+ color: #000000;
text-decoration: none;
vertical-align: baseline;
text-transform: none;
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
<!--
- Copyright (C) 2000 Internet Software Consortium.
- -
+ -
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- - ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- - OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- - CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- - DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- - PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- - ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- - SOFTWARE.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+ - DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+ - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+ - INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+ - FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ - NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.html,v 1.4.2.3 2000/07/12 17:57:52 gson Exp $ -->
+<!-- $Id: Bv9ARM.html,v 1.4.2.4 2000/08/22 19:29:19 gson Exp $ -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
<HTML>
+Copyright (C) 2000 Internet Software Consortium.
+See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
+
+$Id: Bv9ARM.txt,v 1.3.2.6 2000/08/22 19:29:20 gson Exp $
+
BIND 9 Administrator Reference Manual
July 2000
Copyright (c) 2000 Internet Software Consortium
6.2.1 acl Statement Grammar
6.2.2 acl Statement Definition and Usage
6.2.3 controls Statement Grammar
-6.2.4 controls Statement Definition and Usage
+6.2.4 controls Statement Definition and Usage
6.2.5 include Statement Grammar
6.2.6 include Statement Definition and Usage
6.2.7 key Statement Grammar
6.2.8 key Statement Definition and Usage
6.2.9 logging Statement Grammar
-6.2.10 logging Statement Definition and Usage
+6.2.10 logging Statement Definition and Usage
6.2.10.1 The channel Phrase
6.2.10.2 The category Phrase
6.2.11 options Statement Grammar
-6.2.12 options Statement Definition and Usage
+6.2.12 options Statement Definition and Usage
6.2.12.1 Boolean Options
6.2.12.2 Forwarding
6.2.12.3 Name Checking
nslookup [-option ...] [host-to-find | -[server]]
Interactive mode is entered when no arguments are given (the default
-nameserver will be used) or when the first argument is a hyphen (`-') and
+nameserver will be used) or when the first argument is a hyphen ('-') and
the second argument is the host name or Internet address of a nameserver.
Non-interactive mode is used when the name or Internet address of the host
nslookup man page.
Due to its arcane user interface and frequently inconsistent behavior, we do
-not recommend the use of nslookup, and it is not installed by default when
-installing BIND 9. Use dig instead.
+not recommend the use of nslookup. Use dig instead.
3.4.1.2 Administrative Tools
Two output files will be produced: Kchild.example.+003+12345.key and
Kchild.example.+003+12345.private (where 12345 is an example of a key
-identifier). The key file names contain the key name ( child.example.),
-algorithm (3 is DSA, 1 is RSA, etc.), and the key identifier (12345 in this
+tag). The key file names contain the key name ( child.example.),
+algorithm (3 is DSA, 1 is RSA, etc.), and the key tag (12345 in this
case). The private key (in the .private file) is used to generate
signatures, and the public key (in the .key file) is used for signature
verification.
To generate another key with the same properties (but with a different key
-identifier), repeat the above command.
+tag), repeat the above command.
The public keys should be inserted into the zone file with $INCLUDE
statements, including the .key files.
[ directory path_name; ]
[ named-xfer path_name; ]
[ tkey-domain domainname; ]
- [ tkey-dhkey keyname keyid; ]
+ [ tkey-dhkey key_name key_tag; ]
[ dump-file path_name; ]
[ memstatistics-file path_name; ]
[ pid-file path_name; ]
[ transfer-source ip4_addr; ]
[ transfer-source-v6 ip6_addr; ]
[ also-notify { ip_addr; [ ip_addr; ... ] }; ]
- [ max-ixfr-log-size number; ]
+ [ max-ixfr-log-size number; ]
[ coresize size_spec ; ]
[ datasize size_spec ; ]
[ files size_spec ; ]
apply to zone transfers.
-
+
also-notify Defines a global list of IP addresses that are also
sent NOTIFY messages whenever a fresh copy of the
zone is loaded. This helps to ensure that copies of
the cache every cleaning-interval minutes. The default
is 60 minutes. If set to 0, no periodic cleaning will
occur.
-
+
heartbeat-interval The server will perform zone maintenance tasks for all
zones marked dialup yes whenever this interval
expires. The default is 60 minutes. Reasonable values
servers need not allow dynamic update at all.
------------------------------------------------------------------------
-
+
Section 8. Troubleshooting
8.1 Common Problems
projects / thirdparty / bind9.git / commitdiff
