diff options
Diffstat (limited to 'doc/arm/Bv9ARM.ch03.html')
| -rw-r--r-- | doc/arm/Bv9ARM.ch03.html | 222 |
1 files changed, 110 insertions, 112 deletions
diff --git a/doc/arm/Bv9ARM.ch03.html b/doc/arm/Bv9ARM.ch03.html index 0131e301179e..fa809476210d 100644 --- a/doc/arm/Bv9ARM.ch03.html +++ b/doc/arm/Bv9ARM.ch03.html @@ -14,13 +14,12 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id$ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>Chapter 3. Name Server Configuration</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> -<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual"> +<meta name="generator" content="DocBook XSL Stylesheets V1.78.1"> +<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual"> <link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual"> <link rel="prev" href="Bv9ARM.ch02.html" title="Chapter 2. BIND Resource Requirements"> <link rel="next" href="Bv9ARM.ch04.html" title="Chapter 4. Advanced DNS Features"> @@ -39,22 +38,22 @@ </table> <hr> </div> -<div class="chapter" lang="en"> -<div class="titlepage"><div><div><h2 class="title"> -<a name="Bv9ARM.ch03"></a>Chapter 3. Name Server Configuration</h2></div></div></div> +<div class="chapter"> +<div class="titlepage"><div><div><h1 class="title"> +<a name="Bv9ARM.ch03"></a>Chapter 3. Name Server Configuration</h1></div></div></div> <div class="toc"> <p><b>Table of Contents</b></p> -<dl> -<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt> +<dl class="toc"> +<dt><span class="section"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt> <dd><dl> -<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567998">A Caching-only Name Server</a></span></dt> -<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568014">An Authoritative-only Name Server</a></span></dt> +<dt><span class="section"><a href="Bv9ARM.ch03.html#cache_only_sample">A Caching-only Name Server</a></span></dt> +<dt><span class="section"><a href="Bv9ARM.ch03.html#auth_only_sample">An Authoritative-only Name Server</a></span></dt> </dl></dd> -<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568037">Load Balancing</a></span></dt> -<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568391">Name Server Operations</a></span></dt> +<dt><span class="section"><a href="Bv9ARM.ch03.html#load_balancing">Load Balancing</a></span></dt> +<dt><span class="section"><a href="Bv9ARM.ch03.html#ns_operations">Name Server Operations</a></span></dt> <dd><dl> -<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568396">Tools for Use With the Name Server Daemon</a></span></dt> -<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2569449">Signals</a></span></dt> +<dt><span class="section"><a href="Bv9ARM.ch03.html#tools">Tools for Use With the Name Server Daemon</a></span></dt> +<dt><span class="section"><a href="Bv9ARM.ch03.html#signals">Signals</a></span></dt> </dl></dd> </dl> </div> @@ -63,17 +62,17 @@ with guidelines for their use. We suggest reasonable values for certain option settings. </p> -<div class="sect1" lang="en"> +<div class="section"> <div class="titlepage"><div><div><h2 class="title" style="clear: both"> <a name="sample_configuration"></a>Sample Configurations</h2></div></div></div> -<div class="sect2" lang="en"> +<div class="section"> <div class="titlepage"><div><div><h3 class="title"> -<a name="id2567998"></a>A Caching-only Name Server</h3></div></div></div> +<a name="cache_only_sample"></a>A Caching-only Name Server</h3></div></div></div> <p> The following sample configuration is appropriate for a caching-only name server for use by clients internal to a corporation. All queries - from outside clients are refused using the <span><strong class="command">allow-query</strong></span> + from outside clients are refused using the <span class="command"><strong>allow-query</strong></span> option. Alternatively, the same effect could be achieved using suitable firewall rules. @@ -96,9 +95,9 @@ zone "0.0.127.in-addr.arpa" { }; </pre> </div> -<div class="sect2" lang="en"> +<div class="section"> <div class="titlepage"><div><div><h3 class="title"> -<a name="id2568014"></a>An Authoritative-only Name Server</h3></div></div></div> +<a name="auth_only_sample"></a>An Authoritative-only Name Server</h3></div></div></div> <p> This sample configuration is for an authoritative-only server that is the master server for "<code class="filename">example.com</code>" @@ -144,9 +143,9 @@ zone "eng.example.com" { </pre> </div> </div> -<div class="sect1" lang="en"> +<div class="section"> <div class="titlepage"><div><div><h2 class="title" style="clear: both"> -<a name="id2568037"></a>Load Balancing</h2></div></div></div> +<a name="load_balancing"></a>Load Balancing</h2></div></div></div> <p> A primitive form of load balancing can be achieved in the <acronym class="acronym">DNS</acronym> by using multiple records @@ -160,11 +159,11 @@ zone "eng.example.com" { </p> <div class="informaltable"><table border="1"> <colgroup> -<col> -<col> -<col> -<col> -<col> +<col width="0.875in" class="1"> +<col width="0.500in" class="2"> +<col width="0.750in" class="3"> +<col width="0.750in" class="4"> +<col width="2.028in" class="5"> </colgroup> <tbody> <tr> @@ -282,38 +281,38 @@ zone "eng.example.com" { </p> <p> For more detail on ordering responses, check the - <span><strong class="command">rrset-order</strong></span> sub-statement in the - <span><strong class="command">options</strong></span> statement, see - <a href="Bv9ARM.ch06.html#rrset_ordering">RRset Ordering</a>. + <span class="command"><strong>rrset-order</strong></span> sub-statement in the + <span class="command"><strong>options</strong></span> statement, see + <a class="xref" href="Bv9ARM.ch06.html#rrset_ordering" title="RRset Ordering">RRset Ordering</a>. </p> </div> -<div class="sect1" lang="en"> +<div class="section"> <div class="titlepage"><div><div><h2 class="title" style="clear: both"> -<a name="id2568391"></a>Name Server Operations</h2></div></div></div> -<div class="sect2" lang="en"> +<a name="ns_operations"></a>Name Server Operations</h2></div></div></div> +<div class="section"> <div class="titlepage"><div><div><h3 class="title"> -<a name="id2568396"></a>Tools for Use With the Name Server Daemon</h3></div></div></div> +<a name="tools"></a>Tools for Use With the Name Server Daemon</h3></div></div></div> <p> This section describes several indispensable diagnostic, administrative and monitoring tools available to the system administrator for controlling and debugging the name server daemon. </p> -<div class="sect3" lang="en"> +<div class="section"> <div class="titlepage"><div><div><h4 class="title"> <a name="diagnostic_tools"></a>Diagnostic Tools</h4></div></div></div> <p> - The <span><strong class="command">dig</strong></span>, <span><strong class="command">host</strong></span>, and - <span><strong class="command">nslookup</strong></span> programs are all command + The <span class="command"><strong>dig</strong></span>, <span class="command"><strong>host</strong></span>, and + <span class="command"><strong>nslookup</strong></span> programs are all command line tools for manually querying name servers. They differ in style and output format. </p> -<div class="variablelist"><dl> -<dt><span class="term"><a name="dig"></a><span><strong class="command">dig</strong></span></span></dt> +<div class="variablelist"><dl class="variablelist"> +<dt><span class="term"><a name="dig"></a><span class="command"><strong>dig</strong></span></span></dt> <dd> <p> - The domain information groper (<span><strong class="command">dig</strong></span>) + The domain information groper (<span class="command"><strong>dig</strong></span>) is the most versatile and complete of these lookup tools. It has two modes: simple interactive mode for a single query, and batch mode which executes a @@ -324,21 +323,21 @@ zone "eng.example.com" { </p> <div class="cmdsynopsis"><p><code class="command">dig</code> [@<em class="replaceable"><code>server</code></em>] <em class="replaceable"><code>domain</code></em> [<em class="replaceable"><code>query-type</code></em>] [<em class="replaceable"><code>query-class</code></em>] [+<em class="replaceable"><code>query-option</code></em>] [-<em class="replaceable"><code>dig-option</code></em>] [%<em class="replaceable"><code>comment</code></em>]</p></div> <p> - The usual simple use of <span><strong class="command">dig</strong></span> will take the form + The usual simple use of <span class="command"><strong>dig</strong></span> will take the form </p> -<p> - <span><strong class="command">dig @server domain query-type query-class</strong></span> +<p class="simpara"> + <span class="command"><strong>dig @server domain query-type query-class</strong></span> </p> <p> For more information and a list of available commands and - options, see the <span><strong class="command">dig</strong></span> man + options, see the <span class="command"><strong>dig</strong></span> man page. </p> </dd> -<dt><span class="term"><span><strong class="command">host</strong></span></span></dt> +<dt><span class="term"><span class="command"><strong>host</strong></span></span></dt> <dd> <p> - The <span><strong class="command">host</strong></span> utility emphasizes + The <span class="command"><strong>host</strong></span> utility emphasizes simplicity and ease of use. By default, it converts between host names and Internet addresses, but its @@ -348,13 +347,13 @@ zone "eng.example.com" { <div class="cmdsynopsis"><p><code class="command">host</code> [-aCdlnrsTwv] [-c <em class="replaceable"><code>class</code></em>] [-N <em class="replaceable"><code>ndots</code></em>] [-t <em class="replaceable"><code>type</code></em>] [-W <em class="replaceable"><code>timeout</code></em>] [-R <em class="replaceable"><code>retries</code></em>] [-m <em class="replaceable"><code>flag</code></em>] [-4] [-6] <em class="replaceable"><code>hostname</code></em> [<em class="replaceable"><code>server</code></em>]</p></div> <p> For more information and a list of available commands and - options, see the <span><strong class="command">host</strong></span> man + options, see the <span class="command"><strong>host</strong></span> man page. </p> </dd> -<dt><span class="term"><span><strong class="command">nslookup</strong></span></span></dt> +<dt><span class="term"><span class="command"><strong>nslookup</strong></span></span></dt> <dd> -<p><span><strong class="command">nslookup</strong></span> +<p><span class="command"><strong>nslookup</strong></span> has two modes: interactive and non-interactive. Interactive mode allows the user to query name servers for information about various @@ -382,144 +381,143 @@ zone "eng.example.com" { </p> <p> Due to its arcane user interface and frequently inconsistent - behavior, we do not recommend the use of <span><strong class="command">nslookup</strong></span>. - Use <span><strong class="command">dig</strong></span> instead. + behavior, we do not recommend the use of <span class="command"><strong>nslookup</strong></span>. + Use <span class="command"><strong>dig</strong></span> instead. </p> </dd> </dl></div> </div> -<div class="sect3" lang="en"> +<div class="section"> <div class="titlepage"><div><div><h4 class="title"> <a name="admin_tools"></a>Administrative Tools</h4></div></div></div> <p> Administrative tools play an integral part in the management of a server. </p> -<div class="variablelist"><dl> +<div class="variablelist"><dl class="variablelist"> <dt> -<a name="named-checkconf"></a><span class="term"><span><strong class="command">named-checkconf</strong></span></span> +<a name="named-checkconf"></a><span class="term"><span class="command"><strong>named-checkconf</strong></span></span> </dt> <dd> <p> - The <span><strong class="command">named-checkconf</strong></span> program + The <span class="command"><strong>named-checkconf</strong></span> program checks the syntax of a <code class="filename">named.conf</code> file. </p> <div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [-jvz] [-t <em class="replaceable"><code>directory</code></em>] [<em class="replaceable"><code>filename</code></em>]</p></div> </dd> <dt> -<a name="named-checkzone"></a><span class="term"><span><strong class="command">named-checkzone</strong></span></span> +<a name="named-checkzone"></a><span class="term"><span class="command"><strong>named-checkzone</strong></span></span> </dt> <dd> <p> - The <span><strong class="command">named-checkzone</strong></span> program + The <span class="command"><strong>named-checkzone</strong></span> program checks a master file for syntax and consistency. </p> <div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [-djqvD] [-c <em class="replaceable"><code>class</code></em>] [-o <em class="replaceable"><code>output</code></em>] [-t <em class="replaceable"><code>directory</code></em>] [-w <em class="replaceable"><code>directory</code></em>] [-k <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-n <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-W <em class="replaceable"><code>(ignore|warn)</code></em>] <em class="replaceable"><code>zone</code></em> [<em class="replaceable"><code>filename</code></em>]</p></div> </dd> <dt> -<a name="named-compilezone"></a><span class="term"><span><strong class="command">named-compilezone</strong></span></span> +<a name="named-compilezone"></a><span class="term"><span class="command"><strong>named-compilezone</strong></span></span> </dt> <dd><p> - Similar to <span><strong class="command">named-checkzone,</strong></span> but + Similar to <span class="command"><strong>named-checkzone,</strong></span> but it always dumps the zone content to a specified file (typically in a different format). </p></dd> <dt> -<a name="rndc"></a><span class="term"><span><strong class="command">rndc</strong></span></span> +<a name="rndc"></a><span class="term"><span class="command"><strong>rndc</strong></span></span> </dt> <dd> <p> The remote name daemon control - (<span><strong class="command">rndc</strong></span>) program allows the + (<span class="command"><strong>rndc</strong></span>) program allows the system administrator to control the operation of a name server. - Since <acronym class="acronym">BIND</acronym> 9.2, <span><strong class="command">rndc</strong></span> - supports all the commands of the BIND 8 <span><strong class="command">ndc</strong></span> - utility except <span><strong class="command">ndc start</strong></span> and - <span><strong class="command">ndc restart</strong></span>, which were also - not supported in <span><strong class="command">ndc</strong></span>'s + Since <acronym class="acronym">BIND</acronym> 9.2, <span class="command"><strong>rndc</strong></span> + supports all the commands of the BIND 8 <span class="command"><strong>ndc</strong></span> + utility except <span class="command"><strong>ndc start</strong></span> and + <span class="command"><strong>ndc restart</strong></span>, which were also + not supported in <span class="command"><strong>ndc</strong></span>'s channel mode. - If you run <span><strong class="command">rndc</strong></span> without any + If you run <span class="command"><strong>rndc</strong></span> without any options it will display a usage message as follows: </p> <div class="cmdsynopsis"><p><code class="command">rndc</code> [-c <em class="replaceable"><code>config</code></em>] [-s <em class="replaceable"><code>server</code></em>] [-p <em class="replaceable"><code>port</code></em>] [-y <em class="replaceable"><code>key</code></em>] <em class="replaceable"><code>command</code></em> [<em class="replaceable"><code>command</code></em>...]</p></div> -<p>See <a href="man.rndc.html" title="rndc"><span class="refentrytitle"><span class="application">rndc</span></span>(8)</a> for details of - the available <span><strong class="command">rndc</strong></span> commands. +<p>See <a class="xref" href="man.rndc.html" title="rndc"><span class="refentrytitle"><span class="application">rndc</span></span>(8)</a> for details of + the available <span class="command"><strong>rndc</strong></span> commands. </p> <p> - <span><strong class="command">rndc</strong></span> requires a configuration file, + <span class="command"><strong>rndc</strong></span> requires a configuration file, since all communication with the server is authenticated with digital signatures that rely on a shared secret, and there is no way to provide that secret other than with a configuration file. The default location for the - <span><strong class="command">rndc</strong></span> configuration file is + <span class="command"><strong>rndc</strong></span> configuration file is <code class="filename">/etc/rndc.conf</code>, but an alternate location can be specified with the <code class="option">-c</code> option. If the configuration file is not found, - <span><strong class="command">rndc</strong></span> will also look in + <span class="command"><strong>rndc</strong></span> will also look in <code class="filename">/etc/rndc.key</code> (or whatever <code class="varname">sysconfdir</code> was defined when the <acronym class="acronym">BIND</acronym> build was configured). The <code class="filename">rndc.key</code> file is generated by - running <span><strong class="command">rndc-confgen -a</strong></span> as + running <span class="command"><strong>rndc-confgen -a</strong></span> as described in - <a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and - Usage">the section called “<span><strong class="command">controls</strong></span> Statement Definition and + <a class="xref" href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and Usage">the section called “<span class="command"><strong>controls</strong></span> Statement Definition and Usage”</a>. </p> <p> The format of the configuration file is similar to that of <code class="filename">named.conf</code>, but limited to - only four statements, the <span><strong class="command">options</strong></span>, - <span><strong class="command">key</strong></span>, <span><strong class="command">server</strong></span> and - <span><strong class="command">include</strong></span> + only four statements, the <span class="command"><strong>options</strong></span>, + <span class="command"><strong>key</strong></span>, <span class="command"><strong>server</strong></span> and + <span class="command"><strong>include</strong></span> statements. These statements are what associate the secret keys to the servers with which they are meant to be shared. The order of statements is not significant. </p> <p> - The <span><strong class="command">options</strong></span> statement has + The <span class="command"><strong>options</strong></span> statement has three clauses: - <span><strong class="command">default-server</strong></span>, <span><strong class="command">default-key</strong></span>, - and <span><strong class="command">default-port</strong></span>. - <span><strong class="command">default-server</strong></span> takes a + <span class="command"><strong>default-server</strong></span>, <span class="command"><strong>default-key</strong></span>, + and <span class="command"><strong>default-port</strong></span>. + <span class="command"><strong>default-server</strong></span> takes a host name or address argument and represents the server that will be contacted if no <code class="option">-s</code> option is provided on the command line. - <span><strong class="command">default-key</strong></span> takes - the name of a key as its argument, as defined by a <span><strong class="command">key</strong></span> statement. - <span><strong class="command">default-port</strong></span> specifies the + <span class="command"><strong>default-key</strong></span> takes + the name of a key as its argument, as defined by a <span class="command"><strong>key</strong></span> statement. + <span class="command"><strong>default-port</strong></span> specifies the port to which - <span><strong class="command">rndc</strong></span> should connect if no + <span class="command"><strong>rndc</strong></span> should connect if no port is given on the command line or in a - <span><strong class="command">server</strong></span> statement. + <span class="command"><strong>server</strong></span> statement. </p> <p> - The <span><strong class="command">key</strong></span> statement defines a + The <span class="command"><strong>key</strong></span> statement defines a key to be used - by <span><strong class="command">rndc</strong></span> when authenticating + by <span class="command"><strong>rndc</strong></span> when authenticating with - <span><strong class="command">named</strong></span>. Its syntax is + <span class="command"><strong>named</strong></span>. Its syntax is identical to the - <span><strong class="command">key</strong></span> statement in <code class="filename">named.conf</code>. + <span class="command"><strong>key</strong></span> statement in <code class="filename">named.conf</code>. The keyword <strong class="userinput"><code>key</code></strong> is followed by a key name, which must be a valid domain name, though it need not actually be hierarchical; thus, a string like "<strong class="userinput"><code>rndc_key</code></strong>" is a valid name. - The <span><strong class="command">key</strong></span> statement has two + The <span class="command"><strong>key</strong></span> statement has two clauses: - <span><strong class="command">algorithm</strong></span> and <span><strong class="command">secret</strong></span>. + <span class="command"><strong>algorithm</strong></span> and <span class="command"><strong>secret</strong></span>. While the configuration parser will accept any string as the argument to algorithm, currently only the string "<strong class="userinput"><code>hmac-md5</code></strong>" @@ -527,18 +525,18 @@ zone "eng.example.com" { as specified in RFC 3548. </p> <p> - The <span><strong class="command">server</strong></span> statement + The <span class="command"><strong>server</strong></span> statement associates a key - defined using the <span><strong class="command">key</strong></span> + defined using the <span class="command"><strong>key</strong></span> statement with a server. The keyword <strong class="userinput"><code>server</code></strong> is followed by a - host name or address. The <span><strong class="command">server</strong></span> statement - has two clauses: <span><strong class="command">key</strong></span> and <span><strong class="command">port</strong></span>. - The <span><strong class="command">key</strong></span> clause specifies the + host name or address. The <span class="command"><strong>server</strong></span> statement + has two clauses: <span class="command"><strong>key</strong></span> and <span class="command"><strong>port</strong></span>. + The <span class="command"><strong>key</strong></span> clause specifies the name of the key to be used when communicating with this server, and the - <span><strong class="command">port</strong></span> clause can be used to - specify the port <span><strong class="command">rndc</strong></span> should + <span class="command"><strong>port</strong></span> clause can be used to + specify the port <span class="command"><strong>rndc</strong></span> should connect to on the server. </p> @@ -580,15 +578,15 @@ controls { <code class="literal">rndc_key</code>. </p> <p> - Running the <span><strong class="command">rndc-confgen</strong></span> + Running the <span class="command"><strong>rndc-confgen</strong></span> program will conveniently create a <code class="filename">rndc.conf</code> file for you, and also display the - corresponding <span><strong class="command">controls</strong></span> + corresponding <span class="command"><strong>controls</strong></span> statement that you need to add to <code class="filename">named.conf</code>. Alternatively, - you can run <span><strong class="command">rndc-confgen -a</strong></span> + you can run <span class="command"><strong>rndc-confgen -a</strong></span> to set up a <code class="filename">rndc.key</code> file and not modify @@ -598,23 +596,23 @@ controls { </dl></div> </div> </div> -<div class="sect2" lang="en"> +<div class="section"> <div class="titlepage"><div><div><h3 class="title"> -<a name="id2569449"></a>Signals</h3></div></div></div> +<a name="signals"></a>Signals</h3></div></div></div> <p> Certain UNIX signals cause the name server to take specific actions, as described in the following table. These signals can - be sent using the <span><strong class="command">kill</strong></span> command. + be sent using the <span class="command"><strong>kill</strong></span> command. </p> <div class="informaltable"><table border="1"> <colgroup> -<col> -<col> +<col width="1.125in" class="1"> +<col width="4.000in" class="2"> </colgroup> <tbody> <tr> <td> - <p><span><strong class="command">SIGHUP</strong></span></p> + <p><span class="command"><strong>SIGHUP</strong></span></p> </td> <td> <p> @@ -625,7 +623,7 @@ controls { </tr> <tr> <td> - <p><span><strong class="command">SIGTERM</strong></span></p> + <p><span class="command"><strong>SIGTERM</strong></span></p> </td> <td> <p> @@ -635,7 +633,7 @@ controls { </tr> <tr> <td> - <p><span><strong class="command">SIGINT</strong></span></p> + <p><span class="command"><strong>SIGINT</strong></span></p> </td> <td> <p> @@ -665,6 +663,6 @@ controls { </tr> </table> </div> -<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p> </body> </html> |