diff options
Diffstat (limited to 'usr.sbin/bind/doc/arm/Bv9ARM.ch03.html')
| -rw-r--r-- | usr.sbin/bind/doc/arm/Bv9ARM.ch03.html | 828 |
1 files changed, 556 insertions, 272 deletions
diff --git a/usr.sbin/bind/doc/arm/Bv9ARM.ch03.html b/usr.sbin/bind/doc/arm/Bv9ARM.ch03.html index af5ae435b45..c6ff6fe1d40 100644 --- a/usr.sbin/bind/doc/arm/Bv9ARM.ch03.html +++ b/usr.sbin/bind/doc/arm/Bv9ARM.ch03.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,12 +14,12 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $ISC: Bv9ARM.ch03.html,v 1.26.2.5.4.17 2006/06/29 13:02:31 marka Exp $ --> +<!-- $ISC: Bv9ARM.ch03.html,v 1.35.18.31 2007/10/31 01:35:57 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>Chapter 3. Name Server Configuration</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> <link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual"> <link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual"> <link rel="prev" href="Bv9ARM.ch02.html" title="Chapter 2. BIND Resource Requirements"> @@ -47,31 +47,37 @@ <dl> <dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt> <dd><dl> -<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2571026">A Caching-only Name Server</a></span></dt> -<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2571042">An Authoritative-only Name Server</a></span></dt> +<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568004">A Caching-only Name Server</a></span></dt> +<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568020">An Authoritative-only Name Server</a></span></dt> </dl></dd> -<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2571064">Load Balancing</a></span></dt> -<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2571484">Name Server Operations</a></span></dt> +<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568042">Load Balancing</a></span></dt> +<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568465">Name Server Operations</a></span></dt> <dd><dl> -<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2571490">Tools for Use With the Name Server Daemon</a></span></dt> -<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2572723">Signals</a></span></dt> +<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568470">Tools for Use With the Name Server Daemon</a></span></dt> +<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570184">Signals</a></span></dt> </dl></dd> </dl> </div> -<p>In this section we provide some suggested configurations along -with guidelines for their use. We also address the topic of reasonable -option setting.</p> +<p> + In this section we provide some suggested configurations along + with guidelines for their use. We suggest reasonable values for + certain option settings. + </p> <div class="sect1" lang="en"> <div class="titlepage"><div><div><h2 class="title" style="clear: both"> <a name="sample_configuration"></a>Sample Configurations</h2></div></div></div> <div class="sect2" lang="en"> <div class="titlepage"><div><div><h3 class="title"> -<a name="id2571026"></a>A Caching-only Name Server</h3></div></div></div> -<p>The following sample configuration is appropriate for a caching-only -name server for use by clients internal to a corporation. All queries -from outside clients are refused using the <span><strong class="command">allow-query</strong></span> -option. Alternatively, the same effect could be achieved using suitable -firewall rules.</p> +<a name="id2568004"></a>A Caching-only Name Server</h3></div></div></div> +<p> + The following sample configuration is appropriate for a caching-only + name server for use by clients internal to a corporation. All + queries + from outside clients are refused using the <span><strong class="command">allow-query</strong></span> + option. Alternatively, the same effect could be achieved using + suitable + firewall rules. + </p> <pre class="programlisting"> // Two corporate subnets we wish to allow queries from. acl corpnets { 192.168.4.0/24; 192.168.7.0/24; }; @@ -89,13 +95,16 @@ zone "0.0.127.in-addr.arpa" { </div> <div class="sect2" lang="en"> <div class="titlepage"><div><div><h3 class="title"> -<a name="id2571042"></a>An Authoritative-only Name Server</h3></div></div></div> -<p>This sample configuration is for an authoritative-only server -that is the master server for "<code class="filename">example.com</code>" -and a slave for the subdomain "<code class="filename">eng.example.com</code>".</p> +<a name="id2568020"></a>An Authoritative-only Name Server</h3></div></div></div> +<p> + This sample configuration is for an authoritative-only server + that is the master server for "<code class="filename">example.com</code>" + and a slave for the subdomain "<code class="filename">eng.example.com</code>". + </p> <pre class="programlisting"> options { directory "/etc/namedb"; // Working directory + allow-query-cache { none; }; // Do not allow access to cache allow-query { any; }; // This is the default recursion no; // Do not provide recursive service }; @@ -128,13 +137,18 @@ zone "eng.example.com" { </div> <div class="sect1" lang="en"> <div class="titlepage"><div><div><h2 class="title" style="clear: both"> -<a name="id2571064"></a>Load Balancing</h2></div></div></div> -<p>A primitive form of load balancing can be achieved in -the <acronym class="acronym">DNS</acronym> by using multiple A records for one name.</p> -<p>For example, if you have three WWW servers with network addresses -of 10.0.0.1, 10.0.0.2 and 10.0.0.3, a set of records such as the -following means that clients will connect to each machine one third -of the time:</p> +<a name="id2568042"></a>Load Balancing</h2></div></div></div> +<p> + A primitive form of load balancing can be achieved in + the <acronym class="acronym">DNS</acronym> by using multiple records + (such as multiple A records) for one name. + </p> +<p> + For example, if you have three WWW servers with network addresses + of 10.0.0.1, 10.0.0.2 and 10.0.0.3, a set of records such as the + following means that clients will connect to each machine one third + of the time: + </p> <div class="informaltable"><table border="1"> <colgroup> <col> @@ -145,296 +159,533 @@ of the time:</p> </colgroup> <tbody> <tr> -<td><p>Name</p></td> -<td><p>TTL</p></td> -<td><p>CLASS</p></td> -<td><p>TYPE</p></td> -<td><p>Resource Record (RR) Data</p></td> +<td> + <p> + Name + </p> + </td> +<td> + <p> + TTL + </p> + </td> +<td> + <p> + CLASS + </p> + </td> +<td> + <p> + TYPE + </p> + </td> +<td> + <p> + Resource Record (RR) Data + </p> + </td> </tr> <tr> -<td><p><code class="literal">www</code></p></td> -<td><p><code class="literal">600</code></p></td> -<td><p><code class="literal">IN</code></p></td> -<td><p><code class="literal">A</code></p></td> -<td><p><code class="literal">10.0.0.1</code></p></td> +<td> + <p> + <code class="literal">www</code> + </p> + </td> +<td> + <p> + <code class="literal">600</code> + </p> + </td> +<td> + <p> + <code class="literal">IN</code> + </p> + </td> +<td> + <p> + <code class="literal">A</code> + </p> + </td> +<td> + <p> + <code class="literal">10.0.0.1</code> + </p> + </td> </tr> <tr> -<td><p></p></td> -<td><p><code class="literal">600</code></p></td> -<td><p><code class="literal">IN</code></p></td> -<td><p><code class="literal">A</code></p></td> -<td><p><code class="literal">10.0.0.2</code></p></td> +<td> + <p></p> + </td> +<td> + <p> + <code class="literal">600</code> + </p> + </td> +<td> + <p> + <code class="literal">IN</code> + </p> + </td> +<td> + <p> + <code class="literal">A</code> + </p> + </td> +<td> + <p> + <code class="literal">10.0.0.2</code> + </p> + </td> </tr> <tr> -<td><p></p></td> -<td><p><code class="literal">600</code></p></td> -<td><p><code class="literal">IN</code></p></td> -<td><p><code class="literal">A</code></p></td> -<td><p><code class="literal">10.0.0.3</code></p></td> +<td> + <p></p> + </td> +<td> + <p> + <code class="literal">600</code> + </p> + </td> +<td> + <p> + <code class="literal">IN</code> + </p> + </td> +<td> + <p> + <code class="literal">A</code> + </p> + </td> +<td> + <p> + <code class="literal">10.0.0.3</code> + </p> + </td> </tr> </tbody> </table></div> -<p>When a resolver queries for these records, <acronym class="acronym">BIND</acronym> will rotate - them and respond to the query with the records in a different - order. In the example above, clients will randomly receive - records in the order 1, 2, 3; 2, 3, 1; and 3, 1, 2. Most clients - will use the first record returned and discard the rest.</p> -<p>For more detail on ordering responses, check the - <span><strong class="command">rrset-order</strong></span> substatement in the - <span><strong class="command">options</strong></span> statement, see - <a href="Bv9ARM.ch06.html#rrset_ordering">RRset Ordering</a>. - This substatement is not supported in - <acronym class="acronym">BIND</acronym> 9, and only the ordering scheme described above is - available.</p> +<p> + When a resolver queries for these records, <acronym class="acronym">BIND</acronym> will rotate + them and respond to the query with the records in a different + order. In the example above, clients will randomly receive + records in the order 1, 2, 3; 2, 3, 1; and 3, 1, 2. Most clients + will use the first record returned and discard the rest. + </p> +<p> + For more detail on ordering responses, check the + <span><strong class="command">rrset-order</strong></span> substatement in the + <span><strong class="command">options</strong></span> statement, see + <a href="Bv9ARM.ch06.html#rrset_ordering">RRset Ordering</a>. + </p> </div> <div class="sect1" lang="en"> <div class="titlepage"><div><div><h2 class="title" style="clear: both"> -<a name="id2571484"></a>Name Server Operations</h2></div></div></div> +<a name="id2568465"></a>Name Server Operations</h2></div></div></div> <div class="sect2" lang="en"> <div class="titlepage"><div><div><h3 class="title"> -<a name="id2571490"></a>Tools for Use With the Name Server Daemon</h3></div></div></div> -<p>There are several indispensable diagnostic, administrative -and monitoring tools available to the system administrator for controlling -and debugging the name server daemon. We describe several in this -section </p> +<a name="id2568470"></a>Tools for Use With the Name Server Daemon</h3></div></div></div> +<p> + This section describes several indispensable diagnostic, + administrative and monitoring tools available to the system + administrator for controlling and debugging the name server + daemon. + </p> <div class="sect3" lang="en"> <div class="titlepage"><div><div><h4 class="title"> <a name="diagnostic_tools"></a>Diagnostic Tools</h4></div></div></div> -<p>The <span><strong class="command">dig</strong></span>, <span><strong class="command">host</strong></span>, and -<span><strong class="command">nslookup</strong></span> programs are all command line tools -for manually querying name servers. They differ in style and -output format. -</p> +<p> + The <span><strong class="command">dig</strong></span>, <span><strong class="command">host</strong></span>, and + <span><strong class="command">nslookup</strong></span> programs are all command + line tools + for manually querying name servers. They differ in style and + output format. + </p> <div class="variablelist"><dl> <dt><span class="term"><a name="dig"></a><span><strong class="command">dig</strong></span></span></dt> <dd> -<p>The domain information groper (<span><strong class="command">dig</strong></span>) -is the most versatile and complete of these lookup tools. -It has two modes: simple interactive -mode for a single query, and batch mode which executes a query for -each in a list of several query lines. All query options are accessible -from the command line.</p> +<p> + The domain information groper (<span><strong class="command">dig</strong></span>) + is the most versatile and complete of these lookup tools. + It has two modes: simple interactive + mode for a single query, and batch mode which executes a + query for + each in a list of several query lines. All query options are + accessible + from the command line. + </p> <div class="cmdsynopsis"><p><code class="command">dig</code> [@<em class="replaceable"><code>server</code></em>] <em class="replaceable"><code>domain</code></em> [<em class="replaceable"><code>query-type</code></em>] [<em class="replaceable"><code>query-class</code></em>] [+<em class="replaceable"><code>query-option</code></em>] [-<em class="replaceable"><code>dig-option</code></em>] [%<em class="replaceable"><code>comment</code></em>]</p></div> -<p>The usual simple use of dig will take the form</p> -<p><span><strong class="command">dig @server domain query-type query-class</strong></span></p> -<p>For more information and a list of available commands and -options, see the <span><strong class="command">dig</strong></span> man page.</p> +<p> + The usual simple use of dig will take the form + </p> +<p> + <span><strong class="command">dig @server domain query-type query-class</strong></span> + </p> +<p> + For more information and a list of available commands and + options, see the <span><strong class="command">dig</strong></span> man + page. + </p> </dd> <dt><span class="term"><span><strong class="command">host</strong></span></span></dt> <dd> -<p>The <span><strong class="command">host</strong></span> utility emphasizes simplicity -and ease of use. By default, it converts -between host names and Internet addresses, but its functionality -can be extended with the use of options.</p> -<div class="cmdsynopsis"><p><code class="command">host</code> [-aCdlrTwv] [-c <em class="replaceable"><code>class</code></em>] [-N <em class="replaceable"><code>ndots</code></em>] [-t <em class="replaceable"><code>type</code></em>] [-W <em class="replaceable"><code>timeout</code></em>] [-R <em class="replaceable"><code>retries</code></em>] <em class="replaceable"><code>hostname</code></em> [<em class="replaceable"><code>server</code></em>]</p></div> -<p>For more information and a list of available commands and -options, see the <span><strong class="command">host</strong></span> man page.</p> +<p> + The <span><strong class="command">host</strong></span> utility emphasizes + simplicity + and ease of use. By default, it converts + between host names and Internet addresses, but its + functionality + can be extended with the use of options. + </p> +<div class="cmdsynopsis"><p><code class="command">host</code> [-aCdlnrsTwv] [-c <em class="replaceable"><code>class</code></em>] [-N <em class="replaceable"><code>ndots</code></em>] [-t <em class="replaceable"><code>type</code></em>] [-W <em class="replaceable"><code>timeout</code></em>] [-R <em class="replaceable"><code>retries</code></em>] [-m <em class="replaceable"><code>flag</code></em>] [-4] [-6] <em class="replaceable"><code>hostname</code></em> [<em class="replaceable"><code>server</code></em>]</p></div> +<p> + For more information and a list of available commands and + options, see the <span><strong class="command">host</strong></span> man + page. + </p> </dd> <dt><span class="term"><span><strong class="command">nslookup</strong></span></span></dt> <dd> -<p><span><strong class="command">nslookup</strong></span> has two modes: interactive -and non-interactive. Interactive mode allows the user to query name servers -for information about various hosts and domains or to print a list -of hosts in a domain. Non-interactive mode is used to print just -the name and requested information for a host or domain.</p> +<p><span><strong class="command">nslookup</strong></span> + has two modes: interactive and + non-interactive. Interactive mode allows the user to + query name servers for information about various + hosts and domains or to print a list of hosts in a + domain. Non-interactive mode is used to print just + the name and requested information for a host or + domain. + </p> <div class="cmdsynopsis"><p><code class="command">nslookup</code> [-option...] [[<em class="replaceable"><code>host-to-find</code></em>] | [- [server]]]</p></div> -<p>Interactive mode is entered when no arguments are given (the -default name server will be used) or when the first argument is a -hyphen (`-') and the second argument is the host name or Internet address -of a name server.</p> -<p>Non-interactive mode is used when the name or Internet address -of the host to be looked up is given as the first argument. The -optional second argument specifies the host name or address of a name server.</p> -<p>Due to its arcane user interface and frequently inconsistent -behavior, we do not recommend the use of <span><strong class="command">nslookup</strong></span>. -Use <span><strong class="command">dig</strong></span> instead.</p> +<p> + Interactive mode is entered when no arguments are given (the + default name server will be used) or when the first argument + is a + hyphen (`-') and the second argument is the host name or + Internet address + of a name server. + </p> +<p> + Non-interactive mode is used when the name or Internet + address + of the host to be looked up is given as the first argument. + The + optional second argument specifies the host name or address + of a name server. + </p> +<p> + Due to its arcane user interface and frequently inconsistent + behavior, we do not recommend the use of <span><strong class="command">nslookup</strong></span>. + Use <span><strong class="command">dig</strong></span> instead. + </p> </dd> </dl></div> </div> <div class="sect3" lang="en"> <div class="titlepage"><div><div><h4 class="title"> <a name="admin_tools"></a>Administrative Tools</h4></div></div></div> -<p>Administrative tools play an integral part in the management -of a server.</p> +<p> + Administrative tools play an integral part in the management + of a server. + </p> <div class="variablelist"><dl> <dt> <a name="named-checkconf"></a><span class="term"><span><strong class="command">named-checkconf</strong></span></span> </dt> <dd> -<p>The <span><strong class="command">named-checkconf</strong></span> program - checks the syntax of a <code class="filename">named.conf</code> file.</p> +<p> + The <span><strong class="command">named-checkconf</strong></span> program + checks the syntax of a <code class="filename">named.conf</code> file. + </p> <div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [-jvz] [-t <em class="replaceable"><code>directory</code></em>] [<em class="replaceable"><code>filename</code></em>]</p></div> </dd> <dt> <a name="named-checkzone"></a><span class="term"><span><strong class="command">named-checkzone</strong></span></span> </dt> <dd> -<p>The <span><strong class="command">named-checkzone</strong></span> program checks a master file for - syntax and consistency.</p> -<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [-djqvD] [-c <em class="replaceable"><code>class</code></em>] [-o <em class="replaceable"><code>output</code></em>] [-t <em class="replaceable"><code>directory</code></em>] [-w <em class="replaceable"><code>directory</code></em>] [-k <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-n <em class="replaceable"><code>(ignore|warn|fail)</code></em>] <em class="replaceable"><code>zone</code></em> [<em class="replaceable"><code>filename</code></em>]</p></div> +<p> + The <span><strong class="command">named-checkzone</strong></span> program + checks a master file for + syntax and consistency. + </p> +<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [-djqvD] [-c <em class="replaceable"><code>class</code></em>] [-o <em class="replaceable"><code>output</code></em>] [-t <em class="replaceable"><code>directory</code></em>] [-w <em class="replaceable"><code>directory</code></em>] [-k <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-n <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-W <em class="replaceable"><code>(ignore|warn)</code></em>] <em class="replaceable"><code>zone</code></em> [<em class="replaceable"><code>filename</code></em>]</p></div> </dd> <dt> +<a name="named-compilezone"></a><span class="term"><span><strong class="command">named-compilezone</strong></span></span> +</dt> +<dd><p> + Similar to <span><strong class="command">named-checkzone,</strong></span> but + it always dumps the zone content to a specified file + (typically in a different format). + </p></dd> +<dt> <a name="rndc"></a><span class="term"><span><strong class="command">rndc</strong></span></span> </dt> <dd> -<p>The remote name daemon control - (<span><strong class="command">rndc</strong></span>) program allows the system - administrator to control the operation of a name server. - If you run <span><strong class="command">rndc</strong></span> without any options - it will display a usage message as follows:</p> +<p> + The remote name daemon control + (<span><strong class="command">rndc</strong></span>) program allows the + system + administrator to control the operation of a name server. + Since <acronym class="acronym">BIND</acronym> 9.2, <span><strong class="command">rndc</strong></span> + supports all the commands of the BIND 8 <span><strong class="command">ndc</strong></span> + utility except <span><strong class="command">ndc start</strong></span> and + <span><strong class="command">ndc restart</strong></span>, which were also + not supported in <span><strong class="command">ndc</strong></span>'s + channel mode. + If you run <span><strong class="command">rndc</strong></span> without any + options + it will display a usage message as follows: + </p> <div class="cmdsynopsis"><p><code class="command">rndc</code> [-c <em class="replaceable"><code>config</code></em>] [-s <em class="replaceable"><code>server</code></em>] [-p <em class="replaceable"><code>port</code></em>] [-y <em class="replaceable"><code>key</code></em>] <em class="replaceable"><code>command</code></em> [<em class="replaceable"><code>command</code></em>...]</p></div> -<p>The <span><strong class="command">command</strong></span> is one of the following:</p> +<p>The <span><strong class="command">command</strong></span> + is one of the following: + </p> <div class="variablelist"><dl> <dt><span class="term"><strong class="userinput"><code>reload</code></strong></span></dt> -<dd><p>Reload configuration file and zones.</p></dd> +<dd><p> + Reload configuration file and zones. + </p></dd> <dt><span class="term"><strong class="userinput"><code>reload <em class="replaceable"><code>zone</code></em> - [<span class="optional"><em class="replaceable"><code>class</code></em> + [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt> -<dd><p>Reload the given zone.</p></dd> +<dd><p> + Reload the given zone. + </p></dd> <dt><span class="term"><strong class="userinput"><code>refresh <em class="replaceable"><code>zone</code></em> - [<span class="optional"><em class="replaceable"><code>class</code></em> + [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt> -<dd><p>Schedule zone maintenance for the given zone.</p></dd> +<dd><p> + Schedule zone maintenance for the given zone. + </p></dd> <dt><span class="term"><strong class="userinput"><code>retransfer <em class="replaceable"><code>zone</code></em> - [<span class="optional"><em class="replaceable"><code>class</code></em> + + [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt> -<dd><p>Retransfer the given zone from the master.</p></dd> -<dt><span class="term"><strong class="userinput"><code>freeze [<span class="optional"><em class="replaceable"><code>zone</code></em> +<dd><p> + Retransfer the given zone from the master. + </p></dd> +<dt><span class="term"><strong class="userinput"><code>freeze + [<span class="optional"><em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt> -<dd><p>Suspend updates to a dynamic zone. If no zone is specified, - then all zones are suspended. This allows manual - edits to be made to a zone normally updated by dynamic update. It - also causes changes in the journal file to be synced into the master - and the journal file to be removed. All dynamic update attempts will - be refused while the zone is frozen.</p></dd> -<dt><span class="term"><strong class="userinput"><code>thaw [<span class="optional"><em class="replaceable"><code>zone</code></em> +<dd><p> + Suspend updates to a dynamic zone. If no zone is + specified, + then all zones are suspended. This allows manual + edits to be made to a zone normally updated by dynamic + update. It + also causes changes in the journal file to be synced + into the master + and the journal file to be removed. All dynamic + update attempts will + be refused while the zone is frozen. + </p></dd> +<dt><span class="term"><strong class="userinput"><code>thaw + [<span class="optional"><em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt> -<dd><p>Enable updates to a frozen dynamic zone. If no zone is - specified, then all frozen zones are enabled. This causes - the server to reload the zone from disk, and re-enables dynamic updates - after the load has completed. After a zone is thawed, dynamic updates - will no longer be refused.</p></dd> +<dd><p> + Enable updates to a frozen dynamic zone. If no zone + is + specified, then all frozen zones are enabled. This + causes + the server to reload the zone from disk, and + re-enables dynamic updates + after the load has completed. After a zone is thawed, + dynamic updates + will no longer be refused. + </p></dd> +<dt><span class="term"><strong class="userinput"><code>notify <em class="replaceable"><code>zone</code></em> + [<span class="optional"><em class="replaceable"><code>class</code></em> + [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt> +<dd><p> + Resend NOTIFY messages for the zone. + </p></dd> <dt><span class="term"><strong class="userinput"><code>reconfig</code></strong></span></dt> -<dd><p>Reload the configuration file and load new zones, - but do not reload existing zone files even if they have changed. - This is faster than a full <span><strong class="command">reload</strong></span> when there - is a large number of zones because it avoids the need to examine the - modification times of the zones files. - </p></dd> +<dd><p> + Reload the configuration file and load new zones, + but do not reload existing zone files even if they + have changed. + This is faster than a full <span><strong class="command">reload</strong></span> when there + is a large number of zones because it avoids the need + to examine the + modification times of the zones files. + </p></dd> <dt><span class="term"><strong class="userinput"><code>stats</code></strong></span></dt> -<dd><p>Write server statistics to the statistics file.</p></dd> +<dd><p> + Write server statistics to the statistics file. + </p></dd> <dt><span class="term"><strong class="userinput"><code>querylog</code></strong></span></dt> -<dd><p>Toggle query logging. Query logging can also be enabled - by explicitly directing the <span><strong class="command">queries</strong></span> - <span><strong class="command">category</strong></span> to a <span><strong class="command">channel</strong></span> in the - <span><strong class="command">logging</strong></span> section of - <code class="filename">named.conf</code>.</p></dd> -<dt><span class="term"><strong class="userinput"><code>dumpdb [<span class="optional">-all|-cache|-zone</span>] [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt> -<dd><p>Dump the server's caches (default) and / or zones to the - dump file for the specified views. If no view is specified, all - views are dumped.</p></dd> +<dd><p> + Toggle query logging. Query logging can also be enabled + by explicitly directing the <span><strong class="command">queries</strong></span> + <span><strong class="command">category</strong></span> to a + <span><strong class="command">channel</strong></span> in the + <span><strong class="command">logging</strong></span> section of + <code class="filename">named.conf</code> or by specifying + <span><strong class="command">querylog yes;</strong></span> in the + <span><strong class="command">options</strong></span> section of + <code class="filename">named.conf</code>. + </p></dd> +<dt><span class="term"><strong class="userinput"><code>dumpdb + [<span class="optional">-all|-cache|-zone</span>] + [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt> +<dd><p> + Dump the server's caches (default) and/or zones to + the + dump file for the specified views. If no view is + specified, all + views are dumped. + </p></dd> <dt><span class="term"><strong class="userinput"><code>stop [<span class="optional">-p</span>]</code></strong></span></dt> -<dd><p>Stop the server, making sure any recent changes - made through dynamic update or IXFR are first saved to the master files - of the updated zones. If -p is specified named's process id is returned. - This allows an external process to determine when named had completed stopping.</p></dd> +<dd><p> + Stop the server, making sure any recent changes + made through dynamic update or IXFR are first saved to + the master files of the updated zones. + If -p is specified named's process id is returned. + This allows an external process to determine when named + had completed stopping. + </p></dd> <dt><span class="term"><strong class="userinput"><code>halt [<span class="optional">-p</span>]</code></strong></span></dt> -<dd><p>Stop the server immediately. Recent changes - made through dynamic update or IXFR are not saved to the master files, - but will be rolled forward from the journal files when the server - is restarted. If -p is specified named's process id is returned. - This allows an external process to determine when named had completed - stopping.</p></dd> +<dd><p> + Stop the server immediately. Recent changes + made through dynamic update or IXFR are not saved to + the master files, but will be rolled forward from the + journal files when the server is restarted. + If -p is specified named's process id is returned. + This allows an external process to determine when named + had completed halting. + </p></dd> <dt><span class="term"><strong class="userinput"><code>trace</code></strong></span></dt> -<dd><p>Increment the servers debugging level by one. </p></dd> +<dd><p> + Increment the servers debugging level by one. + </p></dd> <dt><span class="term"><strong class="userinput"><code>trace <em class="replaceable"><code>level</code></em></code></strong></span></dt> -<dd><p>Sets the server's debugging level to an explicit - value.</p></dd> +<dd><p> + Sets the server's debugging level to an explicit + value. + </p></dd> <dt><span class="term"><strong class="userinput"><code>notrace</code></strong></span></dt> -<dd><p>Sets the server's debugging level to 0.</p></dd> +<dd><p> + Sets the server's debugging level to 0. + </p></dd> <dt><span class="term"><strong class="userinput"><code>flush</code></strong></span></dt> -<dd><p>Flushes the server's cache.</p></dd> +<dd><p> + Flushes the server's cache. + </p></dd> <dt><span class="term"><strong class="userinput"><code>flushname</code></strong> <em class="replaceable"><code>name</code></em></span></dt> -<dd><p>Flushes the given name from the server's cache.</p></dd> +<dd><p> + Flushes the given name from the server's cache. + </p></dd> <dt><span class="term"><strong class="userinput"><code>status</code></strong></span></dt> -<dd><p>Display status of the server. -Note that the number of zones includes the internal <span><strong class="command">bind/CH</strong></span> zone -and the default <span><strong class="command">./IN</strong></span> hint zone if there is not an -explicit root zone configured.</p></dd> +<dd><p> + Display status of the server. + Note that the number of zones includes the internal <span><strong class="command">bind/CH</strong></span> zone + and the default <span><strong class="command">./IN</strong></span> + hint zone if there is not an + explicit root zone configured. + </p></dd> <dt><span class="term"><strong class="userinput"><code>recursing</code></strong></span></dt> -<dd><p>Dump the list of queries named is currently recursing - on. - </p></dd> +<dd><p> + Dump the list of queries named is currently recursing + on. + </p></dd> </dl></div> -<p>In <acronym class="acronym">BIND</acronym> 9.2, <span><strong class="command">rndc</strong></span> -supports all the commands of the BIND 8 <span><strong class="command">ndc</strong></span> -utility except <span><strong class="command">ndc start</strong></span> and -<span><strong class="command">ndc restart</strong></span>, which were also -not supported in <span><strong class="command">ndc</strong></span>'s channel mode.</p> -<p>A configuration file is required, since all -communication with the server is authenticated with -digital signatures that rely on a shared secret, and -there is no way to provide that secret other than with a -configuration file. The default location for the -<span><strong class="command">rndc</strong></span> configuration file is -<code class="filename">/etc/rndc.conf</code>, but an alternate -location can be specified with the <code class="option">-c</code> -option. If the configuration file is not found, -<span><strong class="command">rndc</strong></span> will also look in -<code class="filename">/etc/rndc.key</code> (or whatever -<code class="varname">sysconfdir</code> was defined when -the <acronym class="acronym">BIND</acronym> build was configured). -The <code class="filename">rndc.key</code> file is generated by -running <span><strong class="command">rndc-confgen -a</strong></span> as described in -<a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and Usage">the section called “<span><strong class="command">controls</strong></span> Statement Definition and Usage”</a>.</p> -<p>The format of the configuration file is similar to -that of <code class="filename">named.conf</code>, but limited to -only four statements, the <span><strong class="command">options</strong></span>, -<span><strong class="command">key</strong></span>, <span><strong class="command">server</strong></span> and -<span><strong class="command">include</strong></span> -statements. These statements are what associate the -secret keys to the servers with which they are meant to -be shared. The order of statements is not -significant.</p> -<p>The <span><strong class="command">options</strong></span> statement has three clauses: -<span><strong class="command">default-server</strong></span>, <span><strong class="command">default-key</strong></span>, -and <span><strong class="command">default-port</strong></span>. -<span><strong class="command">default-server</strong></span> takes a -host name or address argument and represents the server that will -be contacted if no <code class="option">-s</code> -option is provided on the command line. -<span><strong class="command">default-key</strong></span> takes -the name of a key as its argument, as defined by a <span><strong class="command">key</strong></span> statement. -<span><strong class="command">default-port</strong></span> specifies the port to which -<span><strong class="command">rndc</strong></span> should connect if no -port is given on the command line or in a -<span><strong class="command">server</strong></span> statement.</p> -<p>The <span><strong class="command">key</strong></span> statement defines a key to be used -by <span><strong class="command">rndc</strong></span> when authenticating with -<span><strong class="command">named</strong></span>. Its syntax is identical to the -<span><strong class="command">key</strong></span> statement in named.conf. -The keyword <strong class="userinput"><code>key</code></strong> is -followed by a key name, which must be a valid -domain name, though it need not actually be hierarchical; thus, -a string like "<strong class="userinput"><code>rndc_key</code></strong>" is a valid name. -The <span><strong class="command">key</strong></span> statement has two clauses: -<span><strong class="command">algorithm</strong></span> and <span><strong class="command">secret</strong></span>. -While the configuration parser will accept any string as the argument -to algorithm, currently only the string "<strong class="userinput"><code>hmac-md5</code></strong>" -has any meaning. The secret is a base-64 encoded string.</p> -<p>The <span><strong class="command">server</strong></span> statement associates a key -defined using the <span><strong class="command">key</strong></span> statement with a server. -The keyword <strong class="userinput"><code>server</code></strong> is followed by a -host name or address. The <span><strong class="command">server</strong></span> statement -has two clauses: <span><strong class="command">key</strong></span> and <span><strong class="command">port</strong></span>. -The <span><strong class="command">key</strong></span> clause specifies the name of the key -to be used when communicating with this server, and the -<span><strong class="command">port</strong></span> clause can be used to -specify the port <span><strong class="command">rndc</strong></span> should connect -to on the server.</p> -<p>A sample minimal configuration file is as follows:</p> +<p> + A configuration file is required, since all + communication with the server is authenticated with + digital signatures that rely on a shared secret, and + there is no way to provide that secret other than with a + configuration file. The default location for the + <span><strong class="command">rndc</strong></span> configuration file is + <code class="filename">/etc/rndc.conf</code>, but an + alternate + location can be specified with the <code class="option">-c</code> + option. If the configuration file is not found, + <span><strong class="command">rndc</strong></span> will also look in + <code class="filename">/etc/rndc.key</code> (or whatever + <code class="varname">sysconfdir</code> was defined when + the <acronym class="acronym">BIND</acronym> build was + configured). + The <code class="filename">rndc.key</code> file is + generated by + running <span><strong class="command">rndc-confgen -a</strong></span> as + described in + <a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and + Usage">the section called “<span><strong class="command">controls</strong></span> Statement Definition and + Usage”</a>. + </p> +<p> + The format of the configuration file is similar to + that of <code class="filename">named.conf</code>, but + limited to + only four statements, the <span><strong class="command">options</strong></span>, + <span><strong class="command">key</strong></span>, <span><strong class="command">server</strong></span> and + <span><strong class="command">include</strong></span> + statements. These statements are what associate the + secret keys to the servers with which they are meant to + be shared. The order of statements is not + significant. + </p> +<p> + The <span><strong class="command">options</strong></span> statement has + three clauses: + <span><strong class="command">default-server</strong></span>, <span><strong class="command">default-key</strong></span>, + and <span><strong class="command">default-port</strong></span>. + <span><strong class="command">default-server</strong></span> takes a + host name or address argument and represents the server + that will + be contacted if no <code class="option">-s</code> + option is provided on the command line. + <span><strong class="command">default-key</strong></span> takes + the name of a key as its argument, as defined by a <span><strong class="command">key</strong></span> statement. + <span><strong class="command">default-port</strong></span> specifies the + port to which + <span><strong class="command">rndc</strong></span> should connect if no + port is given on the command line or in a + <span><strong class="command">server</strong></span> statement. + </p> +<p> + The <span><strong class="command">key</strong></span> statement defines a + key to be used + by <span><strong class="command">rndc</strong></span> when authenticating + with + <span><strong class="command">named</strong></span>. Its syntax is + identical to the + <span><strong class="command">key</strong></span> statement in named.conf. + The keyword <strong class="userinput"><code>key</code></strong> is + followed by a key name, which must be a valid + domain name, though it need not actually be hierarchical; + thus, + a string like "<strong class="userinput"><code>rndc_key</code></strong>" is a valid + name. + The <span><strong class="command">key</strong></span> statement has two + clauses: + <span><strong class="command">algorithm</strong></span> and <span><strong class="command">secret</strong></span>. + While the configuration parser will accept any string as the + argument + to algorithm, currently only the string "<strong class="userinput"><code>hmac-md5</code></strong>" + has any meaning. The secret is a base-64 encoded string + as specified in RFC 3548. + </p> +<p> + The <span><strong class="command">server</strong></span> statement + associates a key + defined using the <span><strong class="command">key</strong></span> + statement with a server. + The keyword <strong class="userinput"><code>server</code></strong> is followed by a + host name or address. The <span><strong class="command">server</strong></span> statement + has two clauses: <span><strong class="command">key</strong></span> and <span><strong class="command">port</strong></span>. + The <span><strong class="command">key</strong></span> clause specifies the + name of the key + to be used when communicating with this server, and the + <span><strong class="command">port</strong></span> clause can be used to + specify the port <span><strong class="command">rndc</strong></span> should + connect + to on the server. + </p> +<p> + A sample minimal configuration file is as follows: + </p> <pre class="programlisting"> key rndc_key { algorithm "hmac-md5"; @@ -445,38 +696,55 @@ options { default-key rndc_key; }; </pre> -<p>This file, if installed as <code class="filename">/etc/rndc.conf</code>, -would allow the command:</p> -<p><code class="prompt">$ </code><strong class="userinput"><code>rndc reload</code></strong></p> -<p>to connect to 127.0.0.1 port 953 and cause the name server -to reload, if a name server on the local machine were running with -following controls statements:</p> +<p> + This file, if installed as <code class="filename">/etc/rndc.conf</code>, + would allow the command: + </p> +<p> + <code class="prompt">$ </code><strong class="userinput"><code>rndc reload</code></strong> + </p> +<p> + to connect to 127.0.0.1 port 953 and cause the name server + to reload, if a name server on the local machine were + running with + following controls statements: + </p> <pre class="programlisting"> controls { inet 127.0.0.1 allow { localhost; } keys { rndc_key; }; }; </pre> -<p>and it had an identical key statement for -<code class="literal">rndc_key</code>.</p> -<p>Running the <span><strong class="command">rndc-confgen</strong></span> program will -conveniently create a <code class="filename">rndc.conf</code> -file for you, and also display the -corresponding <span><strong class="command">controls</strong></span> statement that you need to -add to <code class="filename">named.conf</code>. Alternatively, -you can run <span><strong class="command">rndc-confgen -a</strong></span> to set up -a <code class="filename">rndc.key</code> file and not modify -<code class="filename">named.conf</code> at all. -</p> +<p> + and it had an identical key statement for + <code class="literal">rndc_key</code>. + </p> +<p> + Running the <span><strong class="command">rndc-confgen</strong></span> + program will + conveniently create a <code class="filename">rndc.conf</code> + file for you, and also display the + corresponding <span><strong class="command">controls</strong></span> + statement that you need to + add to <code class="filename">named.conf</code>. + Alternatively, + you can run <span><strong class="command">rndc-confgen -a</strong></span> + to set up + a <code class="filename">rndc.key</code> file and not + modify + <code class="filename">named.conf</code> at all. + </p> </dd> </dl></div> </div> </div> <div class="sect2" lang="en"> <div class="titlepage"><div><div><h3 class="title"> -<a name="id2572723"></a>Signals</h3></div></div></div> -<p>Certain UNIX signals cause the name server to take specific -actions, as described in the following table. These signals can -be sent using the <span><strong class="command">kill</strong></span> command.</p> +<a name="id2570184"></a>Signals</h3></div></div></div> +<p> + Certain UNIX signals cause the name server to take specific + actions, as described in the following table. These signals can + be sent using the <span><strong class="command">kill</strong></span> command. + </p> <div class="informaltable"><table border="1"> <colgroup> <col> @@ -484,19 +752,35 @@ be sent using the <span><strong class="command">kill</strong></span> command.</p </colgroup> <tbody> <tr> -<td><p><span><strong class="command">SIGHUP</strong></span></p></td> -<td><p>Causes the server to read <code class="filename">named.conf</code> and -reload the database. </p></td> +<td> + <p><span><strong class="command">SIGHUP</strong></span></p> + </td> +<td> + <p> + Causes the server to read <code class="filename">named.conf</code> and + reload the database. + </p> + </td> </tr> <tr> -<td><p><span><strong class="command">SIGTERM</strong></span></p></td> -<td><p>Causes the server to clean up and exit.</p></td> +<td> + <p><span><strong class="command">SIGTERM</strong></span></p> + </td> +<td> + <p> + Causes the server to clean up and exit. + </p> + </td> </tr> <tr> <td> -<p><span><strong class="command">SIGINT</strong></span></p> -</td> -<td><p>Causes the server to clean up and exit.</p></td> + <p><span><strong class="command">SIGINT</strong></span></p> + </td> +<td> + <p> + Causes the server to clean up and exit. + </p> + </td> </tr> </tbody> </table></div> |