summaryrefslogtreecommitdiffstats
path: root/contrib/bind9/doc/arm/Bv9ARM.ch03.html
diff options
context:
space:
mode:
authordes <des@FreeBSD.org>2013-09-30 17:23:45 +0000
committerdes <des@FreeBSD.org>2013-09-30 17:23:45 +0000
commitaa2e4b623cdc1d9d2b44a103d24ecb7e0c984de9 (patch)
tree1a2886b0de387ddff665d0e370f40ffc32778840 /contrib/bind9/doc/arm/Bv9ARM.ch03.html
parent9e2a5c1c0e7dbd2e8116aa8f1ce21759dec75295 (diff)
downloadFreeBSD-src-aa2e4b623cdc1d9d2b44a103d24ecb7e0c984de9.zip
FreeBSD-src-aa2e4b623cdc1d9d2b44a103d24ecb7e0c984de9.tar.gz
Remove BIND.
Approved by: re (gjb)
Diffstat (limited to 'contrib/bind9/doc/arm/Bv9ARM.ch03.html')
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.ch03.html1057
1 files changed, 0 insertions, 1057 deletions
diff --git a/contrib/bind9/doc/arm/Bv9ARM.ch03.html b/contrib/bind9/doc/arm/Bv9ARM.ch03.html
deleted file mode 100644
index 0b8819e..0000000
--- a/contrib/bind9/doc/arm/Bv9ARM.ch03.html
+++ /dev/null
@@ -1,1057 +0,0 @@
-<!--
- - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2003 Internet Software Consortium.
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-<!-- $Id$ -->
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>Chapter 3. Name Server Configuration</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
-<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
-<link rel="prev" href="Bv9ARM.ch02.html" title="Chapter 2. BIND Resource Requirements">
-<link rel="next" href="Bv9ARM.ch04.html" title="Chapter 4. Advanced DNS Features">
-</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
-<div class="navheader">
-<table width="100%" summary="Navigation header">
-<tr><th colspan="3" align="center">Chapter 3. Name Server Configuration</th></tr>
-<tr>
-<td width="20%" align="left">
-<a accesskey="p" href="Bv9ARM.ch02.html">Prev</a> </td>
-<th width="60%" align="center"> </th>
-<td width="20%" align="right"> <a accesskey="n" href="Bv9ARM.ch04.html">Next</a>
-</td>
-</tr>
-</table>
-<hr>
-</div>
-<div class="chapter" lang="en">
-<div class="titlepage"><div><div><h2 class="title">
-<a name="Bv9ARM.ch03"></a>Chapter 3. Name Server Configuration</h2></div></div></div>
-<div class="toc">
-<p><b>Table of Contents</b></p>
-<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
-<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567774">A Caching-only Name Server</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567995">An Authoritative-only Name Server</a></span></dt>
-</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568018">Load Balancing</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568372">Name Server Operations</a></span></dt>
-<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568377">Tools for Use With the Name Server Daemon</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570600">Signals</a></span></dt>
-</dl></dd>
-</dl>
-</div>
-<p>
- In this chapter we provide some suggested configurations along
- with guidelines for their use. We suggest reasonable values for
- certain option settings.
- </p>
-<div class="sect1" lang="en">
-<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="sample_configuration"></a>Sample Configurations</h2></div></div></div>
-<div class="sect2" lang="en">
-<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567774"></a>A Caching-only Name Server</h3></div></div></div>
-<p>
- The following sample configuration is appropriate for a caching-only
- name server for use by clients internal to a corporation. All
- queries
- from outside clients are refused using the <span><strong class="command">allow-query</strong></span>
- option. Alternatively, the same effect could be achieved using
- suitable
- firewall rules.
- </p>
-<pre class="programlisting">
-// Two corporate subnets we wish to allow queries from.
-acl corpnets { 192.168.4.0/24; 192.168.7.0/24; };
-options {
- // Working directory
- directory "/etc/namedb";
-
- allow-query { corpnets; };
-};
-// Provide a reverse mapping for the loopback
-// address 127.0.0.1
-zone "0.0.127.in-addr.arpa" {
- type master;
- file "localhost.rev";
- notify no;
-};
-</pre>
-</div>
-<div class="sect2" lang="en">
-<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567995"></a>An Authoritative-only Name Server</h3></div></div></div>
-<p>
- This sample configuration is for an authoritative-only server
- that is the master server for "<code class="filename">example.com</code>"
- and a slave for the subdomain "<code class="filename">eng.example.com</code>".
- </p>
-<pre class="programlisting">
-options {
- // Working directory
- directory "/etc/namedb";
- // Do not allow access to cache
- allow-query-cache { none; };
- // This is the default
- allow-query { any; };
- // Do not provide recursive service
- recursion no;
-};
-
-// Provide a reverse mapping for the loopback
-// address 127.0.0.1
-zone "0.0.127.in-addr.arpa" {
- type master;
- file "localhost.rev";
- notify no;
-};
-// We are the master server for example.com
-zone "example.com" {
- type master;
- file "example.com.db";
- // IP addresses of slave servers allowed to
- // transfer example.com
- allow-transfer {
- 192.168.4.14;
- 192.168.5.53;
- };
-};
-// We are a slave server for eng.example.com
-zone "eng.example.com" {
- type slave;
- file "eng.example.com.bk";
- // IP address of eng.example.com master server
- masters { 192.168.4.12; };
-};
-</pre>
-</div>
-</div>
-<div class="sect1" lang="en">
-<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2568018"></a>Load Balancing</h2></div></div></div>
-<p>
- A primitive form of load balancing can be achieved in
- the <acronym class="acronym">DNS</acronym> by using multiple records
- (such as multiple A records) for one name.
- </p>
-<p>
- For example, if you have three WWW servers with network addresses
- of 10.0.0.1, 10.0.0.2 and 10.0.0.3, a set of records such as the
- following means that clients will connect to each machine one third
- of the time:
- </p>
-<div class="informaltable"><table border="1">
-<colgroup>
-<col>
-<col>
-<col>
-<col>
-<col>
-</colgroup>
-<tbody>
-<tr>
-<td>
- <p>
- Name
- </p>
- </td>
-<td>
- <p>
- TTL
- </p>
- </td>
-<td>
- <p>
- CLASS
- </p>
- </td>
-<td>
- <p>
- TYPE
- </p>
- </td>
-<td>
- <p>
- Resource Record (RR) Data
- </p>
- </td>
-</tr>
-<tr>
-<td>
- <p>
- <code class="literal">www</code>
- </p>
- </td>
-<td>
- <p>
- <code class="literal">600</code>
- </p>
- </td>
-<td>
- <p>
- <code class="literal">IN</code>
- </p>
- </td>
-<td>
- <p>
- <code class="literal">A</code>
- </p>
- </td>
-<td>
- <p>
- <code class="literal">10.0.0.1</code>
- </p>
- </td>
-</tr>
-<tr>
-<td>
- <p></p>
- </td>
-<td>
- <p>
- <code class="literal">600</code>
- </p>
- </td>
-<td>
- <p>
- <code class="literal">IN</code>
- </p>
- </td>
-<td>
- <p>
- <code class="literal">A</code>
- </p>
- </td>
-<td>
- <p>
- <code class="literal">10.0.0.2</code>
- </p>
- </td>
-</tr>
-<tr>
-<td>
- <p></p>
- </td>
-<td>
- <p>
- <code class="literal">600</code>
- </p>
- </td>
-<td>
- <p>
- <code class="literal">IN</code>
- </p>
- </td>
-<td>
- <p>
- <code class="literal">A</code>
- </p>
- </td>
-<td>
- <p>
- <code class="literal">10.0.0.3</code>
- </p>
- </td>
-</tr>
-</tbody>
-</table></div>
-<p>
- When a resolver queries for these records, <acronym class="acronym">BIND</acronym> will rotate
- them and respond to the query with the records in a different
- order. In the example above, clients will randomly receive
- records in the order 1, 2, 3; 2, 3, 1; and 3, 1, 2. Most clients
- will use the first record returned and discard the rest.
- </p>
-<p>
- For more detail on ordering responses, check the
- <span><strong class="command">rrset-order</strong></span> sub-statement in the
- <span><strong class="command">options</strong></span> statement, see
- <a href="Bv9ARM.ch06.html#rrset_ordering">RRset Ordering</a>.
- </p>
-</div>
-<div class="sect1" lang="en">
-<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2568372"></a>Name Server Operations</h2></div></div></div>
-<div class="sect2" lang="en">
-<div class="titlepage"><div><div><h3 class="title">
-<a name="id2568377"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
-<p>
- This section describes several indispensable diagnostic,
- administrative and monitoring tools available to the system
- administrator for controlling and debugging the name server
- daemon.
- </p>
-<div class="sect3" lang="en">
-<div class="titlepage"><div><div><h4 class="title">
-<a name="diagnostic_tools"></a>Diagnostic Tools</h4></div></div></div>
-<p>
- The <span><strong class="command">dig</strong></span>, <span><strong class="command">host</strong></span>, and
- <span><strong class="command">nslookup</strong></span> programs are all command
- line tools
- for manually querying name servers. They differ in style and
- output format.
- </p>
-<div class="variablelist"><dl>
-<dt><span class="term"><a name="dig"></a><span><strong class="command">dig</strong></span></span></dt>
-<dd>
-<p>
- The domain information groper (<span><strong class="command">dig</strong></span>)
- is the most versatile and complete of these lookup tools.
- It has two modes: simple interactive
- mode for a single query, and batch mode which executes a
- query for
- each in a list of several query lines. All query options are
- accessible
- from the command line.
- </p>
-<div class="cmdsynopsis"><p><code class="command">dig</code> [@<em class="replaceable"><code>server</code></em>] <em class="replaceable"><code>domain</code></em> [<em class="replaceable"><code>query-type</code></em>] [<em class="replaceable"><code>query-class</code></em>] [+<em class="replaceable"><code>query-option</code></em>] [-<em class="replaceable"><code>dig-option</code></em>] [%<em class="replaceable"><code>comment</code></em>]</p></div>
-<p>
- The usual simple use of <span><strong class="command">dig</strong></span> will take the form
- </p>
-<p>
- <span><strong class="command">dig @server domain query-type query-class</strong></span>
- </p>
-<p>
- For more information and a list of available commands and
- options, see the <span><strong class="command">dig</strong></span> man
- page.
- </p>
-</dd>
-<dt><span class="term"><span><strong class="command">host</strong></span></span></dt>
-<dd>
-<p>
- The <span><strong class="command">host</strong></span> utility emphasizes
- simplicity
- and ease of use. By default, it converts
- between host names and Internet addresses, but its
- functionality
- can be extended with the use of options.
- </p>
-<div class="cmdsynopsis"><p><code class="command">host</code> [-aCdlnrsTwv] [-c <em class="replaceable"><code>class</code></em>] [-N <em class="replaceable"><code>ndots</code></em>] [-t <em class="replaceable"><code>type</code></em>] [-W <em class="replaceable"><code>timeout</code></em>] [-R <em class="replaceable"><code>retries</code></em>] [-m <em class="replaceable"><code>flag</code></em>] [-4] [-6] <em class="replaceable"><code>hostname</code></em> [<em class="replaceable"><code>server</code></em>]</p></div>
-<p>
- For more information and a list of available commands and
- options, see the <span><strong class="command">host</strong></span> man
- page.
- </p>
-</dd>
-<dt><span class="term"><span><strong class="command">nslookup</strong></span></span></dt>
-<dd>
-<p><span><strong class="command">nslookup</strong></span>
- has two modes: interactive and
- non-interactive. Interactive mode allows the user to
- query name servers for information about various
- hosts and domains or to print a list of hosts in a
- domain. Non-interactive mode is used to print just
- the name and requested information for a host or
- domain.
- </p>
-<div class="cmdsynopsis"><p><code class="command">nslookup</code> [-option...] [[<em class="replaceable"><code>host-to-find</code></em>] | [- [server]]]</p></div>
-<p>
- Interactive mode is entered when no arguments are given (the
- default name server will be used) or when the first argument
- is a
- hyphen (`-') and the second argument is the host name or
- Internet address
- of a name server.
- </p>
-<p>
- Non-interactive mode is used when the name or Internet
- address
- of the host to be looked up is given as the first argument.
- The
- optional second argument specifies the host name or address
- of a name server.
- </p>
-<p>
- Due to its arcane user interface and frequently inconsistent
- behavior, we do not recommend the use of <span><strong class="command">nslookup</strong></span>.
- Use <span><strong class="command">dig</strong></span> instead.
- </p>
-</dd>
-</dl></div>
-</div>
-<div class="sect3" lang="en">
-<div class="titlepage"><div><div><h4 class="title">
-<a name="admin_tools"></a>Administrative Tools</h4></div></div></div>
-<p>
- Administrative tools play an integral part in the management
- of a server.
- </p>
-<div class="variablelist"><dl>
-<dt>
-<a name="named-checkconf"></a><span class="term"><span><strong class="command">named-checkconf</strong></span></span>
-</dt>
-<dd>
-<p>
- The <span><strong class="command">named-checkconf</strong></span> program
- checks the syntax of a <code class="filename">named.conf</code> file.
- </p>
-<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [-jvz] [-t <em class="replaceable"><code>directory</code></em>] [<em class="replaceable"><code>filename</code></em>]</p></div>
-</dd>
-<dt>
-<a name="named-checkzone"></a><span class="term"><span><strong class="command">named-checkzone</strong></span></span>
-</dt>
-<dd>
-<p>
- The <span><strong class="command">named-checkzone</strong></span> program
- checks a master file for
- syntax and consistency.
- </p>
-<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [-djqvD] [-c <em class="replaceable"><code>class</code></em>] [-o <em class="replaceable"><code>output</code></em>] [-t <em class="replaceable"><code>directory</code></em>] [-w <em class="replaceable"><code>directory</code></em>] [-k <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-n <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-W <em class="replaceable"><code>(ignore|warn)</code></em>] <em class="replaceable"><code>zone</code></em> [<em class="replaceable"><code>filename</code></em>]</p></div>
-</dd>
-<dt>
-<a name="named-compilezone"></a><span class="term"><span><strong class="command">named-compilezone</strong></span></span>
-</dt>
-<dd><p>
- Similar to <span><strong class="command">named-checkzone,</strong></span> but
- it always dumps the zone content to a specified file
- (typically in a different format).
- </p></dd>
-<dt>
-<a name="rndc"></a><span class="term"><span><strong class="command">rndc</strong></span></span>
-</dt>
-<dd>
-<p>
- The remote name daemon control
- (<span><strong class="command">rndc</strong></span>) program allows the
- system
- administrator to control the operation of a name server.
- Since <acronym class="acronym">BIND</acronym> 9.2, <span><strong class="command">rndc</strong></span>
- supports all the commands of the BIND 8 <span><strong class="command">ndc</strong></span>
- utility except <span><strong class="command">ndc start</strong></span> and
- <span><strong class="command">ndc restart</strong></span>, which were also
- not supported in <span><strong class="command">ndc</strong></span>'s
- channel mode.
- If you run <span><strong class="command">rndc</strong></span> without any
- options
- it will display a usage message as follows:
- </p>
-<div class="cmdsynopsis"><p><code class="command">rndc</code> [-c <em class="replaceable"><code>config</code></em>] [-s <em class="replaceable"><code>server</code></em>] [-p <em class="replaceable"><code>port</code></em>] [-y <em class="replaceable"><code>key</code></em>] <em class="replaceable"><code>command</code></em> [<em class="replaceable"><code>command</code></em>...]</p></div>
-<p>The <span><strong class="command">command</strong></span>
- is one of the following:
- </p>
-<div class="variablelist"><dl>
-<dt><span class="term"><strong class="userinput"><code>reload</code></strong></span></dt>
-<dd><p>
- Reload configuration file and zones.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>reload <em class="replaceable"><code>zone</code></em>
- [<span class="optional"><em class="replaceable"><code>class</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
-<dd><p>
- Reload the given zone.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>refresh <em class="replaceable"><code>zone</code></em>
- [<span class="optional"><em class="replaceable"><code>class</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
-<dd><p>
- Schedule zone maintenance for the given zone.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>retransfer <em class="replaceable"><code>zone</code></em>
-
- [<span class="optional"><em class="replaceable"><code>class</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
-<dd><p>
- Retransfer the given zone from the master.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>sign <em class="replaceable"><code>zone</code></em>
- [<span class="optional"><em class="replaceable"><code>class</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
-<dd>
-<p>
- Fetch all DNSSEC keys for the given zone
- from the key directory (see
- <span><strong class="command">key-directory</strong></span> in
- <a href="Bv9ARM.ch06.html#options" title="options Statement Definition and
- Usage">the section called &#8220;<span><strong class="command">options</strong></span> Statement Definition and
- Usage&#8221;</a>). If they are within
- their publication period, merge them into the
- zone's DNSKEY RRset. If the DNSKEY RRset
- is changed, then the zone is automatically
- re-signed with the new key set.
- </p>
-<p>
- This command requires that the
- <span><strong class="command">auto-dnssec</strong></span> zone option be set
- to <code class="literal">allow</code> or
- <code class="literal">maintain</code>,
- and also requires the zone to be configured to
- allow dynamic DNS.
- See <a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called &#8220;Dynamic Update Policies&#8221;</a> for
- more details.
- </p>
-</dd>
-<dt><span class="term"><strong class="userinput"><code>loadkeys <em class="replaceable"><code>zone</code></em>
- [<span class="optional"><em class="replaceable"><code>class</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
-<dd>
-<p>
- Fetch all DNSSEC keys for the given zone
- from the key directory (see
- <span><strong class="command">key-directory</strong></span> in
- <a href="Bv9ARM.ch06.html#options" title="options Statement Definition and
- Usage">the section called &#8220;<span><strong class="command">options</strong></span> Statement Definition and
- Usage&#8221;</a>). If they are within
- their publication period, merge them into the
- zone's DNSKEY RRset. Unlike <span><strong class="command">rndc
- sign</strong></span>, however, the zone is not
- immediately re-signed by the new keys, but is
- allowed to incrementally re-sign over time.
- </p>
-<p>
- This command requires that the
- <span><strong class="command">auto-dnssec</strong></span> zone option
- be set to <code class="literal">maintain</code>,
- and also requires the zone to be configured to
- allow dynamic DNS.
- See <a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called &#8220;Dynamic Update Policies&#8221;</a> for
- more details.
- </p>
-</dd>
-<dt><span class="term"><strong class="userinput"><code>freeze
- [<span class="optional"><em class="replaceable"><code>zone</code></em>
- [<span class="optional"><em class="replaceable"><code>class</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
-<dd><p>
- Suspend updates to a dynamic zone. If no zone is
- specified, then all zones are suspended. This allows
- manual edits to be made to a zone normally updated by
- dynamic update. It also causes changes in the
- journal file to be synced into the master file.
- All dynamic update attempts will be refused while
- the zone is frozen.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>thaw
- [<span class="optional"><em class="replaceable"><code>zone</code></em>
- [<span class="optional"><em class="replaceable"><code>class</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
-<dd><p>
- Enable updates to a frozen dynamic zone. If no
- zone is specified, then all frozen zones are
- enabled. This causes the server to reload the zone
- from disk, and re-enables dynamic updates after the
- load has completed. After a zone is thawed,
- dynamic updates will no longer be refused. If
- the zone has changed and the
- <span><strong class="command">ixfr-from-differences</strong></span> option is
- in use, then the journal file will be updated to
- reflect changes in the zone. Otherwise, if the
- zone has changed, any existing journal file will be
- removed.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>sync
- [<span class="optional">-clean</span>]
- [<span class="optional"><em class="replaceable"><code>zone</code></em>
- [<span class="optional"><em class="replaceable"><code>class</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
-<dd><p>
- Sync changes in the journal file for a dynamic zone
- to the master file. If the "-clean" option is
- specified, the journal file is also removed. If
- no zone is specified, then all zones are synced.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>notify <em class="replaceable"><code>zone</code></em>
- [<span class="optional"><em class="replaceable"><code>class</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
-<dd><p>
- Resend NOTIFY messages for the zone.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>reconfig</code></strong></span></dt>
-<dd><p>
- Reload the configuration file and load new zones,
- but do not reload existing zone files even if they
- have changed.
- This is faster than a full <span><strong class="command">reload</strong></span> when there
- is a large number of zones because it avoids the need
- to examine the
- modification times of the zones files.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>stats</code></strong></span></dt>
-<dd><p>
- Write server statistics to the statistics file.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>querylog</code></strong>
- [<span class="optional">on|off</span>]
- </span></dt>
-<dd>
-<p>
- Enable or disable query logging. (For backward
- compatibility, this command can also be used without
- an argument to toggle query logging on and off.)
- </p>
-<p>
- Query logging can also be enabled
- by explicitly directing the <span><strong class="command">queries</strong></span>
- <span><strong class="command">category</strong></span> to a
- <span><strong class="command">channel</strong></span> in the
- <span><strong class="command">logging</strong></span> section of
- <code class="filename">named.conf</code> or by specifying
- <span><strong class="command">querylog yes;</strong></span> in the
- <span><strong class="command">options</strong></span> section of
- <code class="filename">named.conf</code>.
- </p>
-</dd>
-<dt><span class="term"><strong class="userinput"><code>dumpdb
- [<span class="optional">-all|-cache|-zone</span>]
- [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>
-<dd><p>
- Dump the server's caches (default) and/or zones to
- the
- dump file for the specified views. If no view is
- specified, all
- views are dumped.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>secroots
- [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>
-<dd><p>
- Dump the server's security roots to the secroots
- file for the specified views. If no view is
- specified, security roots for all
- views are dumped.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>stop [<span class="optional">-p</span>]</code></strong></span></dt>
-<dd><p>
- Stop the server, making sure any recent changes
- made through dynamic update or IXFR are first saved to
- the master files of the updated zones.
- If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned.
- This allows an external process to determine when <span><strong class="command">named</strong></span>
- had completed stopping.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>halt [<span class="optional">-p</span>]</code></strong></span></dt>
-<dd><p>
- Stop the server immediately. Recent changes
- made through dynamic update or IXFR are not saved to
- the master files, but will be rolled forward from the
- journal files when the server is restarted.
- If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned.
- This allows an external process to determine when <span><strong class="command">named</strong></span>
- had completed halting.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>trace</code></strong></span></dt>
-<dd><p>
- Increment the servers debugging level by one.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>trace <em class="replaceable"><code>level</code></em></code></strong></span></dt>
-<dd><p>
- Sets the server's debugging level to an explicit
- value.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>notrace</code></strong></span></dt>
-<dd><p>
- Sets the server's debugging level to 0.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>flush</code></strong></span></dt>
-<dd><p>
- Flushes the server's cache.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>flushname</code></strong>
- <em class="replaceable"><code>name</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]
- </span></dt>
-<dd><p>
- Flushes the given name from the server's DNS cache,
- and from the server's nameserver address database
- if applicable.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>flushtree</code></strong>
- <em class="replaceable"><code>name</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]
- </span></dt>
-<dd><p>
- Flushes the given name, and all of its subdomains,
- from the server's DNS cache. (The server's
- nameserver address database is not affected.)
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>status</code></strong></span></dt>
-<dd><p>
- Display status of the server.
- Note that the number of zones includes the internal <span><strong class="command">bind/CH</strong></span> zone
- and the default <span><strong class="command">./IN</strong></span>
- hint zone if there is not an
- explicit root zone configured.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>recursing</code></strong></span></dt>
-<dd><p>
- Dump the list of queries <span><strong class="command">named</strong></span> is currently recursing
- on.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>validation
- [<span class="optional">on|off</span>]
- [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]
- </code></strong></span></dt>
-<dd><p>
- Enable or disable DNSSEC validation.
- Note <span><strong class="command">dnssec-enable</strong></span> also needs to be
- set to <strong class="userinput"><code>yes</code></strong> to be effective.
- It defaults to enabled.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>tsig-list</code></strong></span></dt>
-<dd><p>
- List the names of all TSIG keys currently configured
- for use by <span><strong class="command">named</strong></span> in each view. The
- list both statically configured keys and dynamic
- TKEY-negotiated keys.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>tsig-delete</code></strong>
- <em class="replaceable"><code>keyname</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span></dt>
-<dd><p>
- Delete a given TKEY-negotiated key from the server.
- (This does not apply to statically configured TSIG
- keys.)
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>addzone
- <em class="replaceable"><code>zone</code></em>
- [<span class="optional"><em class="replaceable"><code>class</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]
- <em class="replaceable"><code>configuration</code></em>
- </code></strong></span></dt>
-<dd>
-<p>
- Add a zone while the server is running. This
- command requires the
- <span><strong class="command">allow-new-zones</strong></span> option to be set
- to <strong class="userinput"><code>yes</code></strong>. The
- <em class="replaceable"><code>configuration</code></em> string
- specified on the command line is the zone
- configuration text that would ordinarily be
- placed in <code class="filename">named.conf</code>.
- </p>
-<p>
- The configuration is saved in a file called
- <code class="filename"><em class="replaceable"><code>hash</code></em>.nzf</code>,
- where <em class="replaceable"><code>hash</code></em> is a
- cryptographic hash generated from the name of
- the view. When <span><strong class="command">named</strong></span> is
- restarted, the file will be loaded into the view
- configuration, so that zones that were added
- can persist after a restart.
- </p>
-<p>
- This sample <span><strong class="command">addzone</strong></span> command
- would add the zone <code class="literal">example.com</code>
- to the default view:
- </p>
-<p>
-<code class="prompt">$ </code><strong class="userinput"><code>rndc addzone example.com '{ type master; file "example.com.db"; };'</code></strong>
- </p>
-<p>
- (Note the brackets and semi-colon around the zone
- configuration text.)
- </p>
-</dd>
-<dt><span class="term"><strong class="userinput"><code>delzone
- <em class="replaceable"><code>zone</code></em>
- [<span class="optional"><em class="replaceable"><code>class</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]
- </code></strong></span></dt>
-<dd><p>
- Delete a zone while the server is running.
- Only zones that were originally added via
- <span><strong class="command">rndc addzone</strong></span> can be deleted
- in this matter.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>signing
- [<span class="optional">( -list | -clear <em class="replaceable"><code>keyid/algorithm</code></em> | -clear <code class="literal">all</code> | -nsec3param ( <em class="replaceable"><code>parameters</code></em> | <code class="literal">none</code> ) ) </span>]
- <em class="replaceable"><code>zone</code></em>
- [<span class="optional"><em class="replaceable"><code>class</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]
- </code></strong></span></dt>
-<dd>
-<p>
- List, edit, or remove the DNSSEC signing state for
- the specified zone. The status of ongoing DNSSEC
- operations (such as signing or generating
- NSEC3 chains) is stored in the zone in the form
- of DNS resource records of type
- <span><strong class="command">sig-signing-type</strong></span>.
- <span><strong class="command">rndc signing -list</strong></span> converts
- these records into a human-readable form,
- indicating which keys are currently signing
- or have finished signing the zone, and which NSEC3
- NSEC3 chains are being created or removed.
- </p>
-<p>
- <span><strong class="command">rndc signing -clear</strong></span> can remove
- a single key (specified in the same format that
- <span><strong class="command">rndc signing -list</strong></span> uses to
- display it), or all keys. In either case, only
- completed keys are removed; any record indicating
- that a key has not yet finished signing the zone
- will be retained.
- </p>
-<p>
- <span><strong class="command">rndc signing -nsec3param</strong></span> sets
- the NSEC3 parameters for a zone. This is the
- only supported mechanism for using NSEC3 with
- <span><strong class="command">inline-signing</strong></span> zones.
- Parameters are specified in the same format as
- an NSEC3PARAM resource record: hash algorithm,
- flags, iterations, and salt, in that order.
- </p>
-<p>
- Currently, the only defined value for hash algorithm
- is <code class="literal">1</code>, representing SHA-1.
- The <code class="option">flags</code> may be set to
- <code class="literal">0</code> or <code class="literal">1</code>,
- depending on whether you wish to set the opt-out
- bit in the NSEC3 chain. <code class="option">iterations</code>
- defines the number of additional times to apply
- the algorithm when generating an NSEC3 hash. The
- <code class="option">salt</code> is a string of data expressed
- in hexidecimal, or a hyphen (`-') if no salt is
- to be used.
- </p>
-<p>
- So, for example, to create an NSEC3 chain using
- the SHA-1 hash algorithm, no opt-out flag,
- 10 iterations, and a salt value of "FFFF", use:
- <span><strong class="command">rndc signing -nsec3param 1 0 10 FFFF &lt;zone&gt;</strong></span>.
- To set the opt-out flag, 15 iterations, and no
- salt, use:
- <span><strong class="command">rndc signing -nsec3param 1 1 15 - &lt;zone&gt;</strong></span>.
- </p>
-<p>
- <span><strong class="command">rndc signing -nsec3param none</strong></span>
- removes an existing NSEC3 chain and replaces it
- with NSEC.
- </p>
-</dd>
-</dl></div>
-<p>
- A configuration file is required, since all
- communication with the server is authenticated with
- digital signatures that rely on a shared secret, and
- there is no way to provide that secret other than with a
- configuration file. The default location for the
- <span><strong class="command">rndc</strong></span> configuration file is
- <code class="filename">/etc/rndc.conf</code>, but an
- alternate
- location can be specified with the <code class="option">-c</code>
- option. If the configuration file is not found,
- <span><strong class="command">rndc</strong></span> will also look in
- <code class="filename">/etc/rndc.key</code> (or whatever
- <code class="varname">sysconfdir</code> was defined when
- the <acronym class="acronym">BIND</acronym> build was
- configured).
- The <code class="filename">rndc.key</code> file is
- generated by
- running <span><strong class="command">rndc-confgen -a</strong></span> as
- described in
- <a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and
- Usage">the section called &#8220;<span><strong class="command">controls</strong></span> Statement Definition and
- Usage&#8221;</a>.
- </p>
-<p>
- The format of the configuration file is similar to
- that of <code class="filename">named.conf</code>, but
- limited to
- only four statements, the <span><strong class="command">options</strong></span>,
- <span><strong class="command">key</strong></span>, <span><strong class="command">server</strong></span> and
- <span><strong class="command">include</strong></span>
- statements. These statements are what associate the
- secret keys to the servers with which they are meant to
- be shared. The order of statements is not
- significant.
- </p>
-<p>
- The <span><strong class="command">options</strong></span> statement has
- three clauses:
- <span><strong class="command">default-server</strong></span>, <span><strong class="command">default-key</strong></span>,
- and <span><strong class="command">default-port</strong></span>.
- <span><strong class="command">default-server</strong></span> takes a
- host name or address argument and represents the server
- that will
- be contacted if no <code class="option">-s</code>
- option is provided on the command line.
- <span><strong class="command">default-key</strong></span> takes
- the name of a key as its argument, as defined by a <span><strong class="command">key</strong></span> statement.
- <span><strong class="command">default-port</strong></span> specifies the
- port to which
- <span><strong class="command">rndc</strong></span> should connect if no
- port is given on the command line or in a
- <span><strong class="command">server</strong></span> statement.
- </p>
-<p>
- The <span><strong class="command">key</strong></span> statement defines a
- key to be used
- by <span><strong class="command">rndc</strong></span> when authenticating
- with
- <span><strong class="command">named</strong></span>. Its syntax is
- identical to the
- <span><strong class="command">key</strong></span> statement in <code class="filename">named.conf</code>.
- The keyword <strong class="userinput"><code>key</code></strong> is
- followed by a key name, which must be a valid
- domain name, though it need not actually be hierarchical;
- thus,
- a string like "<strong class="userinput"><code>rndc_key</code></strong>" is a valid
- name.
- The <span><strong class="command">key</strong></span> statement has two
- clauses:
- <span><strong class="command">algorithm</strong></span> and <span><strong class="command">secret</strong></span>.
- While the configuration parser will accept any string as the
- argument
- to algorithm, currently only the string "<strong class="userinput"><code>hmac-md5</code></strong>"
- has any meaning. The secret is a base-64 encoded string
- as specified in RFC 3548.
- </p>
-<p>
- The <span><strong class="command">server</strong></span> statement
- associates a key
- defined using the <span><strong class="command">key</strong></span>
- statement with a server.
- The keyword <strong class="userinput"><code>server</code></strong> is followed by a
- host name or address. The <span><strong class="command">server</strong></span> statement
- has two clauses: <span><strong class="command">key</strong></span> and <span><strong class="command">port</strong></span>.
- The <span><strong class="command">key</strong></span> clause specifies the
- name of the key
- to be used when communicating with this server, and the
- <span><strong class="command">port</strong></span> clause can be used to
- specify the port <span><strong class="command">rndc</strong></span> should
- connect
- to on the server.
- </p>
-<p>
- A sample minimal configuration file is as follows:
- </p>
-<pre class="programlisting">
-key rndc_key {
- algorithm "hmac-md5";
- secret
- "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
-};
-options {
- default-server 127.0.0.1;
- default-key rndc_key;
-};
-</pre>
-<p>
- This file, if installed as <code class="filename">/etc/rndc.conf</code>,
- would allow the command:
- </p>
-<p>
- <code class="prompt">$ </code><strong class="userinput"><code>rndc reload</code></strong>
- </p>
-<p>
- to connect to 127.0.0.1 port 953 and cause the name server
- to reload, if a name server on the local machine were
- running with
- following controls statements:
- </p>
-<pre class="programlisting">
-controls {
- inet 127.0.0.1
- allow { localhost; } keys { rndc_key; };
-};
-</pre>
-<p>
- and it had an identical key statement for
- <code class="literal">rndc_key</code>.
- </p>
-<p>
- Running the <span><strong class="command">rndc-confgen</strong></span>
- program will
- conveniently create a <code class="filename">rndc.conf</code>
- file for you, and also display the
- corresponding <span><strong class="command">controls</strong></span>
- statement that you need to
- add to <code class="filename">named.conf</code>.
- Alternatively,
- you can run <span><strong class="command">rndc-confgen -a</strong></span>
- to set up
- a <code class="filename">rndc.key</code> file and not
- modify
- <code class="filename">named.conf</code> at all.
- </p>
-</dd>
-</dl></div>
-</div>
-</div>
-<div class="sect2" lang="en">
-<div class="titlepage"><div><div><h3 class="title">
-<a name="id2570600"></a>Signals</h3></div></div></div>
-<p>
- Certain UNIX signals cause the name server to take specific
- actions, as described in the following table. These signals can
- be sent using the <span><strong class="command">kill</strong></span> command.
- </p>
-<div class="informaltable"><table border="1">
-<colgroup>
-<col>
-<col>
-</colgroup>
-<tbody>
-<tr>
-<td>
- <p><span><strong class="command">SIGHUP</strong></span></p>
- </td>
-<td>
- <p>
- Causes the server to read <code class="filename">named.conf</code> and
- reload the database.
- </p>
- </td>
-</tr>
-<tr>
-<td>
- <p><span><strong class="command">SIGTERM</strong></span></p>
- </td>
-<td>
- <p>
- Causes the server to clean up and exit.
- </p>
- </td>
-</tr>
-<tr>
-<td>
- <p><span><strong class="command">SIGINT</strong></span></p>
- </td>
-<td>
- <p>
- Causes the server to clean up and exit.
- </p>
- </td>
-</tr>
-</tbody>
-</table></div>
-</div>
-</div>
-</div>
-<div class="navfooter">
-<hr>
-<table width="100%" summary="Navigation footer">
-<tr>
-<td width="40%" align="left">
-<a accesskey="p" href="Bv9ARM.ch02.html">Prev</a> </td>
-<td width="20%" align="center"> </td>
-<td width="40%" align="right"> <a accesskey="n" href="Bv9ARM.ch04.html">Next</a>
-</td>
-</tr>
-<tr>
-<td width="40%" align="left" valign="top">Chapter 2. <acronym class="acronym">BIND</acronym> Resource Requirements </td>
-<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
-<td width="40%" align="right" valign="top"> Chapter 4. Advanced DNS Features</td>
-</tr>
-</table>
-</div>
-</body>
-</html>
OpenPOWER on IntegriCloud