summaryrefslogtreecommitdiffstats
path: root/contrib/bind/doc/bog/files.me
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/bind/doc/bog/files.me')
-rw-r--r--contrib/bind/doc/bog/files.me1150
1 files changed, 0 insertions, 1150 deletions
diff --git a/contrib/bind/doc/bog/files.me b/contrib/bind/doc/bog/files.me
deleted file mode 100644
index ae755ff..0000000
--- a/contrib/bind/doc/bog/files.me
+++ /dev/null
@@ -1,1150 +0,0 @@
-.\" ++Copyright++ 1986, 1988, 1995
-.\" -
-.\" Copyright (c) 1986, 1988, 1995
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" -
-.\" Portions Copyright (c) 1993 by Digital Equipment Corporation.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies, and that
-.\" the name of Digital Equipment Corporation not be used in advertising or
-.\" publicity pertaining to distribution of the document or software without
-.\" specific, written prior permission.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
-.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
-.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.\" -
-.\" --Copyright--
-.\"
-.\" @(#)files.me 6.8 (Berkeley) 9/19/89
-.\"
-.sh 1 "Files
-.pp
-The name server uses several files to load its data base.
-This section covers the files and their formats needed for \fInamed\fP.
-.sh 2 "Boot File"
-.pp
-This is the file that is first read when \fInamed\fP starts up.
-This tells the server what type of server it is,
-which
-zones it has authority over and where to get its initial data.
-The default location for this file is \fI/etc\|/named.boot\fP\|.
-However this can be changed
-by setting the \fIBOOTFILE\fP variable when you compile \fInamed\fP
-or by specifying
-the location on the command line when \fInamed\fP is started up.
-.sh 3 "Domain"
-.pp
-A default domain may be specified for the name server
-using a line such as
-.(b l
-.ta 0.5i +\w`secondary `u +\w`berkeley.edu `u +.5i +.5i
-\fIdomain Berkeley\fP\fB\|.\|\fP\fIEdu\fP
-.)b
-.re
-Older name servers use this information when they receive a query for a name
-without a ``\fB.\fP'' that is not known. Newer designs assume that the
-resolver library will append its own idea of a ``default domain'' to any
-unqualified names. Though the name server can still be compiled with
-support for the \fIdomain\fP directive in the boot file, the default is to
-leave it out and we strenuously recommend against its use. If you use this
-feature, clients outside your local domain which send you requests about
-unqualified names will have the implicit qualification of your domain rather
-than theirs. The proper place for this function is on the client, in their
-\fB/etc/resolv.conf\fP (or equivalent) file. Use of the \fIdomain\fP
-directive in your boot file is strongly discouraged.
-.sh 3 "Directory"
-.pp
-The \fIdirectory\fP directive specifies the directory in which the name server
-should run, allowing the other file names in the boot file to use relative path
-names. There can be only one \fIdirectory\fP directive and it should be given
-before any other directives that specify file names.
-.(b l
-.ta 0.5i +\w`secondary `u +\w`berkeley.edu `u +.5i +.5i
-\fIdirectory /var/named\fP
-.)b
-.re
-If you have more than a couple of named files to be maintained, you may wish
-to place the named files in a directory such as /var/named and adjust the
-directory command properly. The main purposes of this command are to make
-sure named is in the proper directory when trying to include files by
-relative path names with $INCLUDE and to allow named to run in a location
-that is reasonable to dump core if it feels the urge.
-.sh 3 "Primary Service"
-.pp
-The line in the boot file that designates the server as a primary master server
-for a zone looks as follows:
-.(b l
-.ta 0.5i +\w`secondary `u +\w`berkeley.edu `u +.5i +.5i
-\fIprimary Berkeley\fP\fB\|.\|\fP\fIEdu ucbhosts\fP
-.)b
-.re
-The first field specifies that the server is a primary one for the zone
-stated in the second field.
-The third field is the name of the file from which the data is read.
-.pp
-The above assumes that the zone you are specifying is a class \fIIN\fP
-zone. If you wish to designate a different class you can append
-\fI/class\fP to the first field, where \fIclass\fP is either the
-integer value or the standard mnemonic for the class. For example the line
-for a primary server for a hesiod class zone looks as follows:
-.(b l
-.ta 0.5i +\w`secondary `u +\w`berkeley.edu `u +.5i +.5i
-\fIprimary/HS Berkeley\fP\fB\|.\|\fP\fIEdu hesiod.data\fP
-.)b
-.re
-Note that this support for specifying other than class \fIIN\fP zones is a
-compile-time option which your vendor may not have enabled when they built
-your operating system.
-.sh 3 "Secondary Service"
-.pp
-The line for a secondary server is similar to the primary except
-that it lists addresses of other servers (usually primary servers)
-from which the zone data will be obtained.
-.(b l
-.ta 0.5i +\w`secondary `u +\w`berkeley.edu `u +\w`128.32.0.10 `u +\w`128.32.0.10 `u +.5i +.5i
-\fIsecondary Berkeley\fP\fB\|.\|\fP\fIEdu 128\fP\fB.\fP\fI32\fP\fB.\fP\fI0\fP\fB.\fP\fI10 \fP\fI128\fP\fB.\fP\fI32\fP\fB.\fP\fI0\fP\fB.\fP\fI4\fP \fIucbhosts.bak\fP
-.)b
-.re
-The first field specifies that the server is a secondary server for
-the zone stated in the second field.
-The two network addresses specify the name servers which have data for the
-zone. Note that at least one of these will be a \fIprimary\fP, and, unless
-you are using some protocol other than \s-1IP/DNS\s+1 for your zone transfer
-mechanism, the others will all be other \fIsecondary\fP servers. Having your
-secondary server pull data from other secondary servers is usually unwise,
-since you can add delay to the propagation of zone updates if your network's
-connectivity varies in pathological but common ways. The intended use for
-multiple addresses on a \fIsecondary\fP declaration is when the \fIprimary\fP
-server has multiple network interfaces and therefore multiple host addresses.
-The secondary server gets its data across the network from one of the listed
-servers. The server addresses are tried in the order listed.
-If a filename is present after the list of primary servers, data for the zone
-will be dumped into that file as a backup.
-When the server is first started, the data is loaded from the backup file
-if possible, and a primary server is then consulted to check that the zone
-is still up-to-date. Note that listing your server as a \fIsecondary\fP
-server does not necessarily make it one \(em the parent zone must
-\fIdelegate\fP authority to your server as well as the primary and the
-other secondaries, or you will be transferring a zone over for no reason;
-no other server will have a reason to query you for that zone unless the
-parent zone lists you as a server for the zone.
-.pp
-As with primary you may specify a secondary server for a class other than
-\fIIN\fP by appending \fI/class\fP to the \fIsecondary\fP keyword, e.g.,
-\fIsecondary/HS\fP.
-.sh 3 "Stub Service"
-.pp
-The line for a stub server is similar to a secondary.
-(This feature is experimental as of 4.9.3.)
-.(b l
-.ta 0.5i +\w`stub `u +\w`berkeley.edu `u +\w`128.32.0.10 `u +\w`128.32.0.10 `u +.5i +.5i
-\fIstub Berkeley\fP\fB\|.\|\fP\fIEdu 128\fP\fB.\fP\fI32\fP\fB.\fP\fI0\fP\fB.\fP\fI10 \fP\fI128\fP\fB.\fP\fI32\fP\fB.\fP\fI0\fP\fB.\fP\fI4\fP \fIucbhosts.bak\fP
-.)b
-.re
-The first field specifies that the server is a stub server for the zone stated
-in the second field.
-.pp
-Stub zones are intended to ensure that a primary for a zone always has the
-correct \fINS\fP records for children of that zone. If the primary is not
-a secondary for a child zone it should be configured with stub zones for
-all its children. Stub zones provide a mechanism to allow \fINS\fP records
-for a zone to be specified in only one place.
-.(b l
-.ta 0.5i +\w`primary `u +\w`dms.csiro.au `u +\w`130.155.98.1 `u +.5i +.5i
-\fIprimary CSIRO\fP\fB\|.\|\fP\fIAU \fIcsiro.dat\fP
-\fIstub dms.CSIRO\fP\fB\|.\|\fP\fIAU 130\fP\fB.\fP\fI155\fP\fB.\fP\fI16\fP\fB.\fP\fI1 \fIdms.stub\fP
-\fIstub dap.CSIRO\fP\fB\|.\|\fP\fIAU 130\fP\fB.\fP\fI155\fP\fB.\fP\fI98\fP\fB.\fP\fI1 \fIdap.stub\fP
-.)b
-.re
-.sh 3 "Cache Initialization"
-.pp
-All servers, including ``caching only'' servers, should have a line as
-follows in the boot file to prime the name servers cache:
-.(b l
-\fIcache \fP\fB.\fP\fI root\fP\fB.\fP\fIcache\fP
-.)b
-Do not put anything into your \fIcache\fP files other than root server
-information.
-.pp
-All cache files listed will be read in at named boot time and any values
-still valid will be reinstated in the cache.
-The root name server
-information in the cache files will be used until a root query is
-actually answered by one of the name servers in the cache file, after
-which that answer will be used instead of the cache file until the answer
-times out.
-.pp
-As with \fIprimary\fP and \fIsecondary\fP, you may specify a secondary
-server for a class other than \fIIN\fP by appending \fI/class\fP to the
-\fIcache\fP keyword, e.g., \fIclass/HS\fP.
-.sh 3 "Forwarders"
-.pp
-Any server can make use of \fIforwarders\fP. A \fIforwarder\fP is another
-server capable of processing recursive queries that is willing to try
-resolving queries on behalf of other systems. The \fIforwarders\fP
-command specifies forwarders by internet address as follows:
-.(b l
-\fIforwarders \fI128\fP\fB.\fP\fI32\fP\fB.\fP\fI0\fP\fB.\fP\fI10 \fP\fI128\fP\fB.\fP\fI32\fP\fB.\fP\fI0\fP\fB.\fP\fI4\fP
-.)b
-.re
-There are two main reasons for wanting to do so. First, some systems may
-not have full network access and may be prevented from sending any IP
-packets into the rest of the Internet and therefore must rely on a forwarder
-which does have access to the full net. The second reason is that the
-forwarder sees a union of all queries as they pass through its server and
-therefore it builds up a very rich cache of data compared to the cache in a
-typical workstation name server. In effect, the \fIforwarder\fP becomes a
-meta-cache that all hosts can benefit from, thereby reducing the total
-number of queries from that site to the rest of the net.
-.pp
-The effect of ``forwarders'' is to prepend some fixed addresses to the list
-of name servers to be tried for every query. Normally that list is made up
-only of higher-authority servers discovered via \fINS\fP record lookups for
-the relevant domain. If the forwarders do not answer, then unless the
-\fIslave\fP directive was given, the appropriate servers for the domains
-will be queried directly.
-
-.sh 3 "Slave Servers"
-.pp
-Slave mode is used if the use of forwarders is the only possible way
-to resolve queries due to lack of full net access or if you wish to prevent
-the name server from using other than the listed forwarders.
-Slave mode is activated by placing the simple command
-.(b l
-\fIoptions forward-only\fP
-.)b
-in the bootfile. If this option is used, then you must specify forwarders.
-When in slave mode, the server will forward each query to each of the
-forwarders until an answer is found or the list of forwarders is exhausted.
-The server will not try to contact any remote name server other than those
-named in the \fIforwarders\fP list.
-.pp
-So while \fIforwarders\fP prepends addresses to the ``server list'' for each
-query, \fIoptions forward-only\fP causes the ``server list'' to contain
-\fIonly\fP those addresses listed in the \fIforwarders\fP declarations.
-Careless use of the \fIoptions forward-only\fP directive can cause really
-horrible forwarding loops, since
-you could end up forwarding queries only to some set of hosts which are also
-slaves, and one or several of them could be forwarding queries back to you.
-.pp
-Use of the \fIoptions forward-only\fP directive should be considered very
-carefully. Note that this same behaviour can be achieved using the deprecated
-directive, \fIslave\fP.
-
-.sh 3 "Nonrecursive Servers"
-.pp
-\s-1BIND\s+1's separation of authoritative (zone) and nonauthoritiative (cache)
-data has always been somewhat weak, and pollution of the former via the latter
-has been known to occur. One way to prevent this, as well as to save memory on
-servers carrying a lot of authoritative data (e.g., root servers) is to make
-such servers ``nonrecursive.'' This can be achieved via the directive
-.(b l
-\fIoptions no-recursion\fP
-.)b
-in the bootfile. A server with this option enabled will not attempt to fetch
-data to help answer queries \(em if you ask it for data it does not have, it
-will send you a referral to a more authoritative server or, if it is itself
-authoritative for the zone of the query, it will send you an negative answer.
-.pp
-A nonrecursive server can be named in an \s-1NS\ RR\s+1 but it cannot be listed
-in the \fIresolv.conf\fP file.
-
-.sh 3 "Query Logging"
-.pp
-If the file system containing your \fIsyslog\fP file has quite a bit of space,
-you can consider using the
-.(b l
-\fIoptions query-log\fP
-.)b
-directive in your bootfile. This will cause your name server to log every
-query it receives, which when combined with a Perl or \s-1AWK\s+1 script to
-postprocess the logs, can be a useful management tool.
-
-.sh 3 "Inverse Query Pseudosupport"
-.pp
-\s-1BIND\s+1 by default does not support inverse queries, and this has been
-known to cause problems for certain microcomputer operating systems and for
-older versions of \s-1BIND\s+1's \fInslookup\fP tool. You may decide that
-rather than answering with ``operation not implemented,'' \fInamed\fP should
-detect the most common inverse queries and answer them with bogus information.
-It is better to upgrade your clients to stop depending on inverse queries, but
-if that is not possible, you should use the
-.(b l
-\fIoptions fake-iquery\fP
-.)b
-directive in your bootfile. \fINOTE:\fP the responses are in fact bogus, in
-that they contain \s-1ISO\s+18859 square brackets (\fB[\fP and \fB]\fP), so
-your clients will not be able to do anything useful with these responses. It
-has been observed that no client ever did anything useful with real inverse
-query responses, either.
-
-.sh 3 "Setting Name Server Limits"
-.pp
-Some name server operations can be quite resource intensive, and in order to
-tune your system properly it is sometimes necessary to change \s-1BIND\s+1's
-internal quotas. This is accomplished via
-.(b l
-\fIlimit <name> <value>\fP
-.)b
-directives in the bootfile. Limits, and their default values, are as follows:
-.(b I
-\fIlimit transfers-in 10\fP
-.)b
-This is the number of simultaneous \fInamed-xfer\fP processes \s-1BIND\s+1 is
-willing to start. Higher numbers yield faster convergence to primary servers
-if your secondary server has hundreds or thousands of zones to maintain, but
-setting this number too high can cause thrashing due to starvation of resources
-such as network bandwidth or swap space. \fINOTE:\fP this limit can also be
-expressed via the deprecated directive \fImax-fetch NN\fP.
-.(b I
-\fIlimit transfers-per-ns 2\fP
-.)b
-This is the number of simultaneous \fInamed-xfer\fP processes \s-1BIND\s+1 is
-willing to initiate \fIto any given name server\fP. In most cases, you should
-not need to change it. If your secondary server is pulling hundreds or
-thousands of zones from a single primary server, increasing
-\fItransfers-per-ns\fP may speed convergence. It should be kept as
-small as possible, to avoid causing thrashing and resource starvation
-on the primary server.
-.(b I
-\fIlimit datasize <system-dependent>\fP
-.)b
-Most systems have a quota that limits the size of the so-called ``data
-segment,'' which is where \s-1BIND\s+1 keeps all of its authority and cache
-data. \s-1BIND\s+1 will behave suboptimally (perhaps even exiting) if it runs
-up against this quota. If your system supports a system call to change this
-quota for a given process, you can ask \s-1BIND\s+1 to use that system call
-via the \fIlimit datasize NN\fP directive. The value given here may be scaled
-by postfixing \fIk\fP for 1024X, \fIm\fP for (1024^2)X, and \fIg\fP for
-(1024^3)X. In 1995, the root servers all use \fIlimit datasize 64m\fP.
-
-.sh 3 "Zone Transfer Restrictions"
-.pp
-It may be the case that your organization does not wish to give complete
-lists of your hosts to anyone on the Internet who can reach your name servers.
-While it is still possible for people to ``iterate'' through your address
-range, looking for \fIPTR\fP records, and build a list of your hosts the
-``slow'' way, it is still considered reasonable to restrict your export of
-zones via the zone transfer protocol. To limit the list of neighbors who
-can transfer zones from your server, use the \fIxfrnets\fP directive.
-.pp
-This directive has the same syntax as \fIforwarders\fP except that you can
-list network numbers in addition to host addresses. For example, you could
-add the directive
-.(b l
-\fIxfrnets 16.0.0.0\fP
-.)b
-.re
-if you wanted to permit only hosts on Class A network number 16 to transfer
-zones from your server. This is not nearly granular enough, and a future
-version of \s-1BIND\s+1 will permit such access-control to be specified on a
-per-host basis rather than the current per-net basis. Note that while
-addresses without explicit masks are assumed by this directive to be networks,
-you can specify a mask which is as granular as you wish, perhaps including
-all bits of the address such that only a single host is given transfer
-permission. For example, consider
-.(b l
-\fIxfrnets 16.1.0.2&255.255.255.255\fP
-.)b
-which would permit only host \fI16.1.0.2\fP to transfer zones from you. Note
-that no spaces are allowed surrounding the ``\fI&\fP'' character that
-introduces a netmask.
-.pp
-The \fIxfrnets\fP directive may also be given as \fItcplist\fP for
-compatibility with interim releases of \s-1BIND\s+1 4.9.
-
-.sh 3 "Sorting Addresses"
-.pp
-If there are multiple addresses available for a name server which \s-1BIND\s+1
-wants to contact, \s-1BIND\s+1 will try the ones it believes are ``closest''
-first. ``Closeness'' is defined in terms of similarity-of-address; that is,
-if one address is on the same \fIsubnet\fP as some interface of the local host,
-then that address will be tried first. Failing that, an address which is on
-the same \fInetwork\fP will be tried first. Failing that, they will be tried
-in a more-or-less random order unless the \fIsortlist\fP directive was given
-in the \fInamed.boot\fP file. \fIsortlist\fP has a syntax similar to
-\fIforwarders\fP, \fIxfrnets\fP, and \fIbogusns\fP \(em you give it a list
-of dotted-quad networks and it uses these to ``prefer'' some remote name server
-addresses over others. If no explicit mask is provided with each element of
-a \fIsortlist\fP, one will be inferred based on the high order address bits.
-.pp
-If you are on a Class C net which has a Class B net between you and the rest
-of the Internet, you could try to improve the name server's luck in getting
-answers by listing the Class B network's number in a \fIsortlist\fP
-directive. This should have the effect of trying ``closer'' servers before
-the more ``distant'' ones. Note that this behaviour is new as of \s-1BIND
-4.9\s+1.
-.pp
-The other and older effect of the \fIsortlist\fP directive is to cause
-\s-1BIND\s+1 to sort the \fIA\fP records in any response it generates, so as
-to put those which appear on the \fIsortlist\fP earlier than those which do
-not. This is not as helpful as you might think, since many clients will
-reorder the \fIA\fP records either at random or using \s-1LIFO\s+1; also,
-consider the fact that the server won't be able to guess the client's network
-topology, and so will not be able to accurately order for ``closeness'' to
-all possible clients. Doing the ordering in the resolver is clearly superior.
-.pp
-In actual practice, this directive is used only rarely since it hardwires
-information which changes rapidly; a network which is ``close'' today may
-be ``distant'' next month. Since \s-1BIND\s+1 builds up a cache of the
-remote name servers' response times, it will quickly converge on
-``reasonable'' behaviour, which isn't the same as ``optimal'' but it's
-close enough. Future directions for \s-1BIND\s+1 include choosing
-addresses based on local interface metrics (on hosts that have more than
-one) and perhaps on routing table information. We do not intend to solve
-the generalized ``multihomed host'' problem, but we should be able to do a
-little better than we're doing now. Likewise, we hope to see a higher
-level resolver library that sorts responses using topology information that
-only exists on the client's host.
-
-.sh 3 "Bogus Name Servers"
-.pp
-It happens occasionally that some remote name server goes ``bad''. You can
-tell your name server to refuse to listen to or ask questions of certain
-other name servers by listing them in a \fIbogusns\fP directive in your
-\fInamed.boot\fP file. Its syntax is the same as \fIforwarders\fP,
-\fIxfrnets\fP, and \fIsortlist\fP \(em you just give it a list of dotted-quad
-Internet addresses. Note that zones delegated to such servers will not be
-reachable from clients of your servers; thus you should use this directive
-sparingly or not at all.
-
-.sh 3 "Segmented Boot Files"
-.pp
-If you are secondary for a lot of zones, you may find it convenient to split
-your \fInamed.boot\fP file into a static portion which hardly ever changes
-(directives such as \fIdirectory\fP, \fIsortlist\fP, \fIxfrnets\fP and
-\fIcache\fP could go here), and dynamic portions that change frequently
-(all of your \fIprimary\fP directives might go in one file, and all of your
-\fIsecondary\fP directives might go in another file \(em and either or both
-of these might be fetched automatically from some neighbor so that they can
-change your list of secondary zones without requiring your active
-intervention). You can accomplish this via the \fIinclude\fP directive,
-which takes just a single file name as its argument. No quotes are needed
-around the file name. The file name will be evaluated after the name server
-has changed its working directory to that specified in the \fIdirectory\fP
-directive, so you can use relative pathnames if your system supports them.
-
-.sh 2 "Resolver Configuration"
-.pp
-The configuration file's name is \fI/etc/resolv.conf\fP.
-This file designates the name servers on the network that should
-be sent queries.
-The resolver will try to contact a name server on the localhost if it cannot
-find its configuration file. You should install the configuration file
-on every host anyway, since this is the only recommended way to specify a
-system-level default domain, and you can still list the local host's address
-if it runs a name server.
-It is considered reasonable to create this file even if you run a local
-server, since its contents will be cached by each client of the resolver
-library when the client makes its first call to a resolver routine.
-.pp
-The \fIresolv.conf\fP file contains directives, one per line, of the
-following forms:
-.(l I
-; comment
-# another comment
-domain \fIlocal-domain\fP
-search \fIsearch-list\fP
-nameserver \fIserver-address\fP
-sortlist \fIsort-list\fP
-options \fIoption-list\fP
-.)l
-Exactly one of the \fIdomain\fP or \fIsearch\fP directives should be given,
-exactly once.
-If the \fIsearch\fP directive is given, the first item in the given
-\fIsearch-list\fP will override any previously-specified \fIlocal-domain\fP.
-The \fInameserver\fP directive may be given up to three times; additional
-\fInameserver\fP directives will be ignored. Comments may be given by
-starting a line with a ``\fB\|;\|\fP'' or ``\fB\|#\|\fP''; note that
-comments were not permitted in versions of the resolver earlier than the one
-included with \s-1BIND 4.9\s+1 \(em so if your vendor's resolver supports
-comments, you know they are really on the ball.
-.pp
-The \fIlocal-domain\fP will be appended to any query-name that does not
-contain a ``\fB\|.\|\fP''. \fIlocal-domain\fP can be overridden on a
-per-process basis by setting the \s-1LOCALDOMAIN\s+1 environment variable.
-Note that \fIlocal-domain\fP processing can be disabled by setting an
-option in the resolver.
-.pp
-The \fIsearch-list\fP is a list of domains which are tried, in order,
-as qualifying domains for query-names which do not contain a ``\fB\|.\|\fP''.
-Note that \fIsearch-list\fP processing can be disabled by setting an
-option in the resolver. Also note that the environment variable
-``\s-1LOCALDOMAIN\s+1'' can override this \fIsearch-list\fP on a per-process
-basis.
-.pp
-The \fIserver-address\fP\|'s are aggregated and then used as the default
-destination of queries generated through the resolver. In other words,
-this is the way you tell the resolver which name servers it should use. It
-is possible for a given client application to override this list, and this
-is often done inside the name server (which is itself a \fIresolver\fP
-client) and in test programs such as \fInslookup\fP.
-Note that if you wish to list the
-local host in your resolver configuration file, you should probably use its
-primary Internet address rather than a local-host alias such as 127.0.0.1 or
-0.0.0.0. This is due to a bug in the handling of connected \s-1SOCK_DGRAM\s+1
-sockets in some versions of the \s+1BSD\s-1 networking code. If you must use
-an address-alias, you should prefer 0.0.0.0 (or simply ``0'') over 127.0.0.1,
-though be warned that depending on the vintage of your \s-1BSD\s+1-derived
-networking code, both of them are capable of failing in their own ways.
-If your host's IP
-implementation does not create a short-circuit route between the default
-interface and the loopback interface, then you might also want to add a
-static route (eg. in \fB/etc/rc.local\fP) to do so:
-.(b l
-\fIroute add myhost.domain.name localhost 1\fP
-.)b
-.pp
-The \fIsort-list\fP is a list of IP address, netmask pairs. Addresses
-returned by gethostbyname are sorted to the order specified by this list.
-Any addresses that do not match the address netmask pair will be returned
-after those that do. The netmask is optional and the natural netmask will be
-used if not specified.
-.pp
-The \fIoption-list\fP is a list of options which each override some internal
-resolver variable. Supported options at this time are:
-.ip \fBdebug\fP
-sets the \s-1RES_DEBUG\s+1 bit in \fB_res.options\fP.
-.ip \fBndots:\fP\fIn\fP
-sets the lower threshold (measured in ``number of dots'') on names given to
-\fIres_query\fP() such that names with more than this number of dots will be
-tried as absolute names before any \fIlocal-domain\fP or \fIsearch-list\fP
-processing is done. The default for this internal variable is ``1''.
-.\" .pp
-.\" Finally, if the environment variable \s-1HOSTALIASES\s+1 is set, it is
-.\" taken to contain the name of a file which in turn contains resolver-level
-.\" aliases. These aliases are applied only to names which do not contain any
-.\" ``\fB\|.\|\fP'' characters, and they are applied to query-names before the
-.\" query is generated. Note that the resolver options governing the operation
-.\" of \fIlocal-domain\fP and \fIsearch-list\fP do not apply to
-.\" \s-1HOSTALIASES\s+1.
-
-.sh 2 "Cache Initialization File"
-.sh 3 root.cache
-.pp
-The name server needs to know the servers that are the authoritative name
-servers for the root domain of the network. To do this we have to prime the
-name server's cache with the addresses of these higher authorities. The
-location of this file is specified in the boot file. This file uses the
-Standard Resource Record Format (aka. Masterfile Format) covered further on
-in this paper.
-
-.sh 2 "Domain Data Files"
-.pp
-There are two standard files for specifying the data for a
-domain. These are \fIhosts\fP and \fIhost.rev\fP.
-These files use the Standard Resource Record Format covered later
-in this paper. Note that the file names are arbitrary; many network
-administrators prefer to name their zone files after the domains they
-contain, especially in the average case which is where a given server
-is primary and/or secondary for many different zones.
-.sh 3 hosts
-.pp
-This file contains all the data about the machines in this zone.
-The location of this file is specified in the boot file.
-.sh 3 hosts.rev
-.pp
-This file specifies the IN-ADDR\|.\|ARPA domain.
-This is a special domain for allowing address to name mapping.
-As internet host addresses do not fall within domain boundaries,
-this special domain was formed to allow inverse mapping.
-The IN-ADDR\|.\|ARPA domain has four
-labels preceding it. These labels correspond to the 4 octets of
-an Internet address.
-All four octets must be specified even if an octet contains zero.
-The Internet address 128.32.0.4 is located in the domain
-4\|.\|0\|.\|32\|.\|128\|.\|IN-ADDR\|.\|ARPA.
-This reversal of the address is awkward to read but allows
-for the natural grouping of hosts in a network.
-.sh 3 named.local
-.pp
-This file specifies the \fIPTR\fP record for the local loopback interface,
-better known as \fIlocalhost\fP, whose network address is 127.0.0.1. The
-location of this file is specified in the boot file. It is vitally
-important to the proper operation of every name server that the 127.0.0.1
-address have a \fIPTR\fP record pointing back to the name
-``\fBlocalhost.\fP''. The name of this \fIPTR\fP record is always
-``\fB1.0.0.127.\s-1IN-ADDR.ARPA\s+1\fP''. This is necessary if you want
-your users to be able to use hostname-authentication (\fIhosts.equiv\fP or
-\fI~/.rhosts\fP) on the name ``\fBlocalhost\fP''. As implied by this
-\fIPTR\fP record, there should be a ``\fBlocalhost.\fP\fImy.dom.ain\fP''
-\fIA\fP record (with address 127.0.0.1) in every domain that contains hosts.
-``\fBlocalhost.\fP'' will lose its trailing dot when
-\fB1.0.0.127.in-addr.arpa\fP is queried for; then, the DEFNAMES and/or
-DNSRCH resolver options will cause ``\fBlocalhost\fP'' to be evaluated as a
-host name in the local domain, and that means the top domains (or ideally,
-every domain) in your resolver's search path had better have something by
-that name.
-.sh 2 "Standard Resource Record Format"
-.pp
-The records in the name server data files are called resource records.
-The Standard Resource Record Format (RR) is specified in RFC1035.
-The following is a general description of these records:
-.TS
-l l l l l.
-\fI{name} {ttl} addr-class Record Type Record Specific data\fP
-.TE
-Resource records have a standard format shown above.
-The first field is always the name of the domain record
-and it must always start in column 1.
-For all RR's other than the first in a file, the name may be left blank;
-in that case it takes on the name of the previous RR.
-The second field is an optional time to live field.
-This specifies how long this data will be stored in the data base.
-By leaving this field blank the default time to live is specified
-in the \fIStart Of Authority\fP resource record (see below).
-The third field is the address class; currently, only one class is supported:
-\fIIN\fP for internet addresses and other internet information. Limited
-support is included for the \fIHS\fP class, which is for MIT/Athena ``Hesiod''
-information.
-The fourth field states the type of the resource record.
-The fields after that are dependent on the type of the RR.
-Case is preserved in names and data fields when loaded into the name server.
-All comparisons and lookups in the name server data base are case insensitive.
-.bl
-.b
-The following characters have special meanings:
-.ip ``\fB.\fP''
-A free standing dot in the name field refers to the root domain.
-.ip ``@''
-A free standing @ in the name field denotes the current origin.
-.ip "``\eX''"
-Where X is any character other than a digit (0-9),
-quotes that character so that its special meaning does not apply.
-For example, ``\e.'' can be used to place a dot character in a label.
-.ip "``\eDDD''"
-Where each D is a digit, is the octet corresponding to the
-decimal number described by DDD.
-The resulting octet is assumed to be text and
-is not checked for special meaning.
-.ip "``( )''"
-Parentheses are used to group data that crosses a line.
-In effect, line terminations are not recognized within parentheses.
-(At present, this notation only works for SOA RR's and is not optional.)
-.ip "``;''"
-Semicolon starts a comment; the remainder of the line is ignored. Note
-that a completely blank line is also considered a comment, and ignored.
-.ip "``*''"
-An asterisk signifies wildcarding. Note that this is just another data
-character whose special meaning comes about only during internal name
-server search operations. Wildcarding is only meaningful for some RR
-types (notably \fIMX\fP), and then only in the name field \(em not in
-the data fields.
-.pp
-Anywhere a name appears \(em either in the name field or in some data field
-defined to contain names \(em the current origin will be appended if the
-name does not end in a ``\fB\|.\|\fP''.
-This is useful for appending the current domain name to the data,
-such as machine names, but may cause problems where you do not want
-this to happen.
-A good rule of thumb is that, if the name is not in the domain for which
-you are creating the data file, end the name with a ``\fB.\fP''.
-.sh 3 $INCLUDE
-.pp
-An include line begins with $INCLUDE, starting in column 1,
-and is followed by a file name, and, optionally, by a new
-temporary $ORIGIN to be used while reading this file.
-This feature is
-particularly useful for separating different types of data into multiple files.
-An example would be:
-.(b l
-$INCLUDE /usr/local/adm/named/data/mail-exchanges
-.)b
-The line would be interpreted as a request to load the file
-\fI/usr/local/adm/named/data/mail-exchanges\fP. The $INCLUDE command does not cause
-data to be loaded into a different zone or tree. This is simply a way to
-allow data for a given primary zone to be organized in separate files.
-Not even the ``temporary $ORIGIN'' feature described above is sufficient
-to cause your data to branch out into some other zone \(em zone boundaries
-can only be introduced in the boot file.
-.pp
-A $INCLUDE file must have a name on its first RR. That is, the first
-character of the first non-comment line must not be a space. The current
-default name in the parent file \fIdoes not\fP carry into the $INCLUDE
-file.
-.sh 3 $ORIGIN
-.pp
-The origin is a way of changing the origin in a data file. The line starts
-in column 1, and is followed by a domain origin. This seems like it could
-be useful for putting more then one zone into a data file, but that's not
-how it works. The name server fundamentally requires a given zone to map
-entirely to some specific file. You should therefore be very careful to use
-$ORIGIN only once at the top of a file, or, within a file, to change to a
-``lower'' domain in the zone \(em never to some other zone altogether.
-.sh 3 "SOA - Start Of Authority"
-.(b L
-.TS
-l l l l l l.
-\fIname {ttl} addr-class SOA Origin Person in charge\fP
-@ IN SOA ucbvax\fB.\fPBerkeley\fB.\fPEdu\fB.\fP kjd\fB.\fPucbvax\fB.\fPBerkeley\fB.\fPEdu\fB.\fP (
- 1995122103 ; Serial
- 10800 ; Refresh
- 1800 ; Retry
- 3600000 ; Expire
- 259200 ) ; Minimum
-.TE
-.)b
-The \fIStart of Authority, SOA,\fP record designates the start of a zone.
-The name is the name of the zone and is often given as ``@'' since this
-is always the current $ORIGIN and the SOA RR is usually the first record
-of the primary zone file.
-Origin is the name of the host on which this data file resides (in other
-words, the \fIprimary master\fP server for this zone.)
-Person in charge is the e-mail address for the person responsible
-for the name server, with ``@'' changed to a ``.''.
-The serial number is the version number of this data file and must be a
-positive integer.
-This number must be incremented whenever a change is made to the data.
-Older servers permitted the use of a phantom ``.'' in this and other
-numbers in a zone file; the meaning of n.m was ``n000m'' rather than the
-more intuitive ``n*1000+m'' (such that 1.234 translated to 1000234 rather
-than to 1234). This feature has been deprecated due to its
-obscurity, unpredictability, and lack of necessity.
-Note that using a ``YYYYMMDDNN'' notation you can still make 100 changes
-per day until the year 4294. You should choose a notation that works for
-you. If you're a clever \fIperl\fP programmer you could even use \fIRCS\fP
-version numbers to help generate your zone serial numbers.
-The refresh indicates how often, in seconds, the secondary name servers
-are to check with the primary name server to see if an update is needed.
-The retry indicates how long, in seconds, a secondary server should wait
-before retrying a failed zone transfer.
-Expire is the upper limit, in seconds, that a secondary name server
-is to use the data before it expires for lack of getting a refresh.
-Minimum is the default number of seconds to be used for the Time To Live
-field on resource records which do not specify one in the zone file.
-It is also an enforced minimum on Time To Live if it is specified on
-some resource record (RR) in the zone.
-There must be exactly one \fISOA\fP record per zone.
-.sh 3 "NS - Name Server"
-.TS
-l l l l l.
-\fI{name} {ttl} addr-class NS Name servers name\fP
- IN NS ucbarpa\fB\|.\|\fPBerkeley\fB\|.\|\fPEdu\fB.\fP
-.TE
-The \fIName Server\fP record, \fINS\fP, lists a name server responsible
-for a given domain, creating a \fIdelegation point\fP and a \fIsubzone\fP.
-The first name field specifies the zone that is serviced by
-the name server specified by the second name.
-Every zone needs at least two name servers.
-.bp \" ----PLACEMENT HACK----
-.sh 3 "A - Address"
-.TS
-l l l l l.
-\fI{name} {ttl} addr-class A address\fP
-ucbarpa IN A 128\fB.\fP32\fB.\fP0\fB.\fP4
- IN A 10\fB.\fP0\fB.\fP0\fB.\fP78
-.TE
-The \fIAddress\fP record, \fIA\fP, lists the address for a given machine.
-The name field is the machine name and the address is the network address.
-There should be one \fIA\fP record for each address of the machine.
-.sh 3 "HINFO - Host Information"
-.TS
-l l l l l l.
-\fI{name} {ttl} addr-class HINFO Hardware OS\fP
- IN HINFO VAX-11/780 UNIX
-.TE
-\fIHost Information\fP resource record, \fIHINFO\fP, is for host specific
-data. This lists the hardware and operating system that are running at the
-listed host. If you want to include a space in the machine name you must
-quote the name (using ``"'' characters.) There could be one \fIHINFO\fP
-record for each host, though for security reasons most domains don't have
-any \fIHINFO\fP records at all. No application depends on them.
-.(b L
-.sh 3 "WKS - Well Known Services"
-.TS
-l l l l l l l.
-\fI{name} {ttl} addr-class WKS address protocol list of services\fP
- IN WKS 128\fB.\fP32\fB.\fP0\fB.\fP10 UDP who route timed domain
- IN WKS 128\fB.\fP32\fB.\fP0\fB.\fP10 TCP ( echo telnet
- discard sunrpc sftp
- uucp-path systat daytime
- netstat qotd nntp
- link chargen ftp
- auth time whois mtp
- pop rje finger smtp
- supdup hostnames
- domain
- nameserver )
-.TE
-The \fIWell Known Services\fP record, \fIWKS\fP, describes the well known
-services supported by a particular protocol at a specified address. The
-list of services and port numbers come from the list of services specified
-in \fI/etc/services.\fP There should be only one \fIWKS\fP record per
-protocol per address. Note that RFC1123 says of \fIWKS\fP records:
-.)b
-.(l L
- 2.2 Using Domain Name Service
- ...
- An application SHOULD NOT rely on the ability to locate a WKS
- record containing an accurate listing of all services at a
- particular host address, since the WKS RR type is not often used
- by Internet sites. To confirm that a service is present, simply
- attempt to use it.
- ...
- 5.2.12 WKS Use in MX Processing: RFC-974, p. 5
-
- RFC-974 [SMTP:3] recommended that the domain system be queried
- for WKS ("Well-Known Service") records, to verify that each
- proposed mail target does support SMTP. Later experience has
- shown that WKS is not widely supported, so the WKS step in MX
- processing SHOULD NOT be used.
- ...
- 6.1.3.6 Status of RR Types
- ...
- The TXT and WKS RR types have not been widely used by
- Internet sites; as a result, an application cannot rely
- on the existence of a TXT or WKS RR in most
- domains.
-.)l
-.sh 3 "CNAME - Canonical Name"
-.TS
-l l l l l.
-\fIalias {ttl} addr-class CNAME Canonical name\fP
-ucbmonet IN CNAME monet
-.TE
-The \fICanonical Name\fP resource record, \fICNAME\fP, specifies an
-alias or nickname for the official, or canonical, host name.
-This record must be the only one associated with the alias name.
-All other resource records must be
-associated with the canonical name, not with the nickname.
-Any resource records that include a domain name as their value
-(e.g., NS or MX) \fImust\fP list the canonical name, not the nickname.
-Similarly, a CNAME will be followed when searching for A RRs, but not
-for MX RRs or NS RRs or most other types of RRs. CNAMEs are allowed
-to point to other CNAMEs, but this is considered sloppy.
-.pp
-Nicknames are useful when a well known host changes its name. In that
-case, it is usually a good idea to have a \fICNAME\fP record so that
-people still using the old name will get to the right place.
-.sh 3 "PTR - Domain Name Pointer"
-.TS
-l l l l l.
-\fIname {ttl} addr-class PTR real name\fP
-7.0 IN PTR monet\fB\|.\|\fPBerkeley\fB\|.\|\fPEdu\fB\|.\fP
-.TE
-A \fIDomain Name Pointer\fP record, \fIPTR\fP, allows special names to point
-to some other location in the domain. The above example of a \fIPTR\fP
-record is used in setting up reverse pointers for the special
-\fIIN-ADDR\fP\fB\|.\|\fP\fIARPA\fP domain. This line is from the example
-\fIhosts.rev\fP file. \fIPTR\fP records are needed by the
-\fIgethostbyaddr\fP function. Note the trailing ``\fB\|.\|\fP'' which
-prevents \s-1BIND\s+1 from appending the current \s-1$ORIGIN\s+1 to that
-domain name.
-.sh 3 "MX - Mail Exchange"
-.TS
-l l l l l l.
-\fIname {ttl} addr-class MX preference value mail exchange\fP
-Munnari\fB\|.\|\fPOZ\fB\|.\|\fPAU\fB\|.\fP IN MX 0 Seismo\fB\|.\|\fPCSS\fB\|.\|\fPGOV\fB\|.\fP
-*\fB\|.\|\fPIL\fB\|.\fP IN MX 0 RELAY\fB\|.\|\fPCS\fB\|.\|\fPNET\fB\|.\fP
-.TE
-\fIMail eXchange\fP records, \fIMX\fP, are used to specify a list of hosts
-which are configured to receive mail sent to this domain name. Every name
-which receives mail should have an \fIMX\fP since if one is not found at the
-time mail is being delivered, an \fIMX\fP will be ``imputed'' with a cost
-of 0 and a destination of the host itself. If you want a host to receive
-its own mail, you should create an \fIMX\fP for your host's name, pointing
-at your host's name. It is better to have this be explicit than to let it
-be imputed by remote mailers.
-In the first example, above,
-Seismo\fB\|.\|\fPCSS\fB\|.\|\fPGOV\fB\|.\fP is a mail gateway that knows how
-to deliver mail to Munnari\fB\|.\|\fPOZ\fB\|.\|\fPAU\fB\|.\fP. These two
-machines may have a private connection or use a different transport medium.
-The preference value is the order that a mailer should follow when there is
-more than one way to deliver mail to a single machine. Note that lower
-numbers indicate higher precedence, and that mailers are supposed to randomize
-same-valued \fIMX\fP hosts so as to distribute the load evenly if the costs
-are equal. See RFC974 for more detailed information.
-.pp
-Wildcard names containing the character ``*'' may be used for mail routing
-with \fIMX\fP records. There are likely to be servers on the network that
-simply state that any mail to a domain is to be routed through a relay.
-Second example, above, all mail to hosts in the domain IL is routed through
-RELAY.CS.NET. This is done by creating a wildcard resource record, which
-states that *.IL has an \fIMX\fP of RELAY.CS.NET. Wildcard \fIMX\fP records
-are not very useful in practice, though, since once a mail message gets to
-the gateway for a given domain it still has to be routed \fIwithin\fP that
-domain and it is not currently possible to have an apparently-different set
-of \fIMX\fP records inside and outside of a domain. If you won't be needing
-any Mail Exchanges inside your domain, go ahead and use a wildcard. If you
-want to use both wildcard ``top-level'' and specific ``interior'' \fIMX\fP
-records, note that each specific record will have to ``end with'' a complete
-recitation of the same data that is carried in the top-level record. This
-is because the specific \fIMX\fP records will take precedence over the
-top-level wildcard records, and must be able to perform the top-level's
-if a given interior domain is to be able to receive mail from outside the
-gateway. Wildcard \fIMX\fP records are very subtle and you should be careful
-with them.
-.sh 3 "TXT - Text"
-.TS
-l l l l l l.
-\fIname {ttl} addr-class TXT string\fP
-Munnari\fB\|.\|\fPOZ\fB\|.\|\fPAU\fB\|.\fP IN TXT "foo"
-.TE
-A \fITXT\fP record contains free-form textual data. The syntax of the text
-depends on the domain where it is found; many systems use \fITXT\fP records
-to encode local data in a stylized format. MIT Hesiod is one such system.
-.sh 3 "RP - Responsible Person"
-.TS
-l l l l l l.
-\fIowner {ttl} addr-class RP mbox-domain-name TXT-domain-name\fP
-franklin IN RP ben.franklin.berkeley.edu. sysadmins.berkeley.edu.
-.TE
-.pp
-The Responsible Person record, \fIRP\fP, identifies the name or group name of
-the responsible person for a host. Often it is desirable to be able to
-identify the responsible entity for a particular host. When that host
-is down or malfunctioning, you would want to contact those parties
-who might be able to repair the host.
-.pp
-The first field, \fImbox-domain-name\fP, is a domain name that specifies the
-mailbox for the responsible person. Its format in a zone file uses
-the \s-1DNS\s+1 convention for mailbox encoding, identical to that used for
-the \fIPerson-in-charge\fP mailbox field in the SOA record.
-In the example above, the \fImbox-domain-name\fP shows the encoding for
-``\fB<ben@franklin.berkeley.edu>\fP''.
-The root domain name (just ``\fB\|.\|\fP'') may be specified
-to indicate that no mailbox is available.
-.pp
-The second field, \fITXT-domain-name\fP, is a domain name for which
-\fITXT\fP records exist. A subsequent query can be performed to retrieve
-the associated \fITXT\fP resource records at \fITXT-domain-name\fP. This
-provides a level of indirection so that the entity can be referred to from
-multiple places in the \s-1DNS\s+1. The root domain name (just
-``\fB\|.\|\fP'') may be specified for \fITXT-domain-name\fI to indicate
-that no associated \fITXT\fP RR exists. In the example above,
-``\fBsysadmins.berkeley.edu.\fP'' is the name of a TXT record that might
-contain some text with names and phone numbers.
-.pp
-The format of the \fIRP\fP record is class-insensitive.
-Multiple \fIRP\fP records at a single name may be present in the database,
-though they should have identical TTLs.
-.pp
-The \fIRP\fP record is still experimental; not all name servers implement
-or recognize it.
-.sh 3 "AFSDB - DCE or AFS Server"
-.TS
-l l l l l l.
-\fIname {ttl} addr-class AFSDB subtype server host name\fP
-toaster.com. IN AFSDB 1 jack.toaster.com.
-toaster.com. IN AFSDB 1 jill.toaster.com.
-toaster.com. IN AFSDB 2 tracker.toaster.com.
-.TE
-\fIAFSDB\fP records are used to specify the hosts that provide a style of
-distributed service advertised under this domain name. A subtype value
-(analogous to the ``preference'' value in the \fIMX\fP record) indicates
-which style of distributed service is provided with the given name.
-Subtype 1 indicates that the named host is an AFS (R) database server for
-the AFS cell of the given domain name. Subtype 2 indicates that the
-named host provides intra-cell name service for the DCE (R) cell named by
-the given domain name.
-In the example above, jack\fB\|.\|\fPtoaster\fB\|.\|\fPcom and
-jill\fB\|.\|\fPtoaster\fB\|.\|\fPcom are declared to be AFS database
-servers for the toaster\fB\|.\|\fPcom AFS cell, so that AFS clients
-wishing service from toaster\fB\|.\|\fPcom are directed to those two hosts
-for further information. The third record declares that
-tracker\fB\|.\|\fPtoaster\fB\|.\|\fPcom houses a directory server for the
-root of the DCE cell toaster\fB\|.\|\fPcom, so that DCE clients that wish
-to refer to DCE services should consult with the host
-tracker\fB\|.\|\fPtoaster\fB\|.\|\fPcom for further information. The
-DCE sub-type of record is usually accompanied by a \fITXT\fP record for
-other information specifying other details to be used in accessing the
-DCE cell. RFC1183 contains more detailed information on the use of
-this record type.
-.pp
-The \fIAFSDB\fP record is still experimental; not all name servers implement
-or recognize it.
-
-.sh 3 "PX - Pointer to X.400/RFC822 mapping information"
-.TS
-l l l l l l l.
-\fIname {ttl} addr-class PX prefer 822-dom X.400-dom\fP
-*.ADMD-garr.X42D.it. IN PX 50 it. ADMD-garr.C-it.
-*.infn.it. IN PX 50 infn.it. O.PRMD-infn.ADMD-garr.C-it.
-*.it. IN PX 50 it. O-gate.PRMD-garr.ADMD-garr.C-it.
-.TE
-.pp
-The \fIPX\fP records (\fIPointer to X.400/RFC822 mapping information\fP)
-are used to specify address mapping rules between X.400 O/R addresses and
-RFC822 style (domain-style) mail addresses. For a detailed description of the
-mapping process please refer to RFC1327.
-.pp
-Mapping rules are of 3 different types:
-.pp
-1) mapping from X.400 to RFC822 (defined as "table 1 rules" in RFC1327)
-.pp
-2) mapping from RFC822 to X.400 (defined as "table 2 rules" in RFC1327)
-.pp
-3) encoding RFC822 into X.400 (defined as "gate table" in RFC1327)
-.pp
-All three types of mapping rules are specified using \fIPX\fP Resource
-Records in DNS, although the \fIname\fP value is different: for case 1, the
-\fIname\fP value is an X.400 domain in DNS syntax, whereas for cases 2 and
-3 the \fIname\fP value is an RFC822 domain. Refer to RFC-1664 for details
-on specifying an X.400 domain in DNS syntax and for the use of the
-\fIX42D\fP keyword in it. Tools are available to convert from RFC1327
-tables format into DNS files syntax. \fIPreference\fP is analogous to the
-\fIMX\fP RR Preference parameter: it is currently advised to use a fixed
-value of 50 for it. \fI822-dom\fP gives the RFC822 part of the mapping
-rules, and \fIX.400-dom\fP gives the X.400 part of the mapping rule (in DNS
-syntax). It is currently advised always to use wildcarded \fIname\fP
-values, as the RFC1327 tables specifications permit wildcard
-specifications only. This is to keep compatibility with existing services
-using static RFC1327 tables instead of DNS \fIPX\fP information.
-.pp
-Specifications of mapping rules from X.400 to RFC822 syntax requires the
-creation of an appropriate X.400 domain tree into DNS, including thus specific
-\fISOA\fP and \fINS\fP records for the domain itself. Specification of mapping
-rules from RFC822 into X.400 can be embedded directly into the normal direct
-\fIname\fP tree.
-Again, refer to RFC1664 for details about organization of this structure.
-.pp
-Tools and library routines, based on the standard resolver ones, are available
-to retrieve from DNS the appropriate mapping rules in RFC1327 or DNS syntax.
-.pp
-Once again, refer to RFC1664 to use the \fIPX\fP resource record, and be careful
-in coordinating the mapping information you can specify in DNS with the same
-information specified into the RFC1327 static tables.
-.pp
-The \fIPX\fP record is still experimental; not all servers implement or
-recognize it.
-
-.sh 2 "Discussion about the TTL"
-.pp
-The Time To Live assigned to the records and to the zone via the
-Minimum field in the SOA record is very important. High values will
-lead to lower BIND network traffic and faster response time. Lower
-values will tend to generate lots of requests but will allow faster
-propagation of changes.
-.pp
-Only changes and deletions from the zone are affected by the TTLs.
-Additions propagate according to the Refresh value in the SOA.
-.pp
-Experience has shown that sites use default TTLs for their zones varying
-from around 0.5 day to around 7 days. You may wish to consider boosting
-the default TTL shown in former versions of this guide from one day
-(86400 seconds) to three days (259200 seconds). This will drastically
-reduce the number of requests made to your name servers.
-.pp
-If you need fast propagation of changes and deletions, it might be wise
-to reduce the Minimum field a few days before the change, then do the
-modification itself and augment the TTL to its former value.
-.pp
-If you know that your zone is pretty stable (you mainly add new records
-without deleting or changing old ones) then you may even wish to consider
-a TTL higher than three days.
-.pp
-Note that in any case, it makes no sense to have records with a TTL
-below the SOA Refresh delay, as Delay is the time required for secondaries
-to get a copy of the newly modified zone.
-
-.sh 2 "About ``secure zones''
-.pp
-Secure zones implement named security on a zone by zone basis. It is
-designed to use a permission list of networks or hosts which may obtain
-particular information from the zone.
-.pp
-In order to use zone security, \fInamed\fP must be compiled with SECURE_ZONES
-defined and you must have at least one secure_zone TXT RR. Unless a
-\fIsecure_zone\fP record exists for a given zone, no restrictions will be
-applied to the data in that zone. The format of the secure_zone TXT RR is:
-.lp
-secure_zone\h'0.5i'addr-class\h'0.5i'TXT\h'0.5i'string
-.pp
-The addr-class may be either \fIHS\fP or \fIIN\fP. The syntax for the TXT
-string is either ``network address:netmask'' or ``host IP address:H''.
-.pp
-``network address:netmask'' allows queries from an entire network. If the
-netmask is omitted, named will use the default netmask for the network
-address specified.
-.pp
-``host IP address:H'' allows queries from a host. The ``H'' after the ``:''
-is required to differentiate the host address from a network address.
-Multiple secure_zone TXT RRs are allowed in the same zone file.
-.pp
-For example, you can set up a zone to only answer Hesiod requests from the
-masked class B network 130.215.0.0 and from host 128.23.10.56 by adding the
-following two TXT RR's:
-.lp
-secure_zone\h'0.5i'HS\h'0.5i'TXT\h'0.5i'``130.215.0.0:255.255.0.0''
-secure_zone\h'0.5i'HS\h'0.5i'TXT\h'0.5i'``128.23.10.56:H''
-.pp
-This feature can be used to restrict access to a Hesiod password map or to
-separate internal and external internet address resolution on a firewall
-machine without needing to run a separate named for internal and external
-address resolution.
-.pp
-Note that you will need to include your loopback interface (127.0.0.1) in
-your secure_zone record, or your local clients won't be able to resolve
-names.
-
-.sh 2 "About Hesiod, and HS-class Resource Records
-.pp
-Hesiod, developed by \s-1MIT\s+1 Project Athena, is an information service
-built upon \s-1BIND\s+1. Its intent is similar to that of Sun's
-\s-1NIS\s+1: to furnish information about users, groups, network-accessible
-file systems, printcaps, and mail service throughout an installation. Aside
-from its use of \s-1BIND\s+1 rather than separate server code another
-important difference between Hesiod and \s-1NIS\s+1 is that Hesiod is not
-intended to deal with passwords and authentication, but only with data that
-are not security sensitive. Hesiod servers can be implemented by adding
-resource records to \s-1BIND\s+1 servers; or they can be implemented as
-separate servers separately administered.
-.pp
-To learn about and obtain Hesiod make an anonymous \s-1FTP\s+1 connection to
-host \s-1ATHENA-DIST.MIT.EDU\s+1 and retrieve the compressed tar file
-\fB/pub/ATHENA/hesiod.tar.Z\fP. You will not need the named and resolver
-library portions of the distribution because their functionality has already
-been integrated into \s-1BIND as of 4.9\s+1. To learn how Hesiod functions
-as part of the Athena computing environment obtain the paper
-\fB/pub/ATHENA/usenix/athena-changes.PS\fP from the above \s-1FTP\s+1 server
-host. There is also a tar file of sample Hesiod resource files.
-.pp
-Whether one should use Hesiod class is open to question, since the same
-services can probably be provided with class IN, type TXT and type
-CNAME records. In either case, the code and documents for Hesiod will
-suggest how to set up and use the service.
-.pp
-Note that while \s-1BIND\s+1 includes support for \fIHS\fP-class queries,
-the zone transfer logic for non-\fIIN\fP-class zones is still experimental.
-
-.sh 2 "Sample Files"
-.pp
-The following section contains sample files for the name server.
-This covers example boot files for the different types of servers
-and example domain data base files.
OpenPOWER on IntegriCloud