summaryrefslogtreecommitdiffstats
path: root/contrib/bind9/doc/arm/Bv9ARM.ch03.html
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/bind9/doc/arm/Bv9ARM.ch03.html')
-rw-r--r--contrib/bind9/doc/arm/Bv9ARM.ch03.html808
1 files changed, 0 insertions, 808 deletions
diff --git a/contrib/bind9/doc/arm/Bv9ARM.ch03.html b/contrib/bind9/doc/arm/Bv9ARM.ch03.html
deleted file mode 100644
index 18f2711..0000000
--- a/contrib/bind9/doc/arm/Bv9ARM.ch03.html
+++ /dev/null
@@ -1,808 +0,0 @@
-<!--
- - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2003 Internet Software Consortium.
- -
- - Permission to use, copy, modify, and distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-<!-- $Id: Bv9ARM.ch03.html,v 1.35.18.31 2007/10/31 01:35:57 marka Exp $ -->
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>Chapter 3. Name Server Configuration</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
-<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
-<link rel="prev" href="Bv9ARM.ch02.html" title="Chapter 2. BIND Resource Requirements">
-<link rel="next" href="Bv9ARM.ch04.html" title="Chapter 4. Advanced DNS Features">
-</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
-<div class="navheader">
-<table width="100%" summary="Navigation header">
-<tr><th colspan="3" align="center">Chapter 3. Name Server Configuration</th></tr>
-<tr>
-<td width="20%" align="left">
-<a accesskey="p" href="Bv9ARM.ch02.html">Prev</a> </td>
-<th width="60%" align="center"> </th>
-<td width="20%" align="right"> <a accesskey="n" href="Bv9ARM.ch04.html">Next</a>
-</td>
-</tr>
-</table>
-<hr>
-</div>
-<div class="chapter" lang="en">
-<div class="titlepage"><div><div><h2 class="title">
-<a name="Bv9ARM.ch03"></a>Chapter 3. Name Server Configuration</h2></div></div></div>
-<div class="toc">
-<p><b>Table of Contents</b></p>
-<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
-<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568004">A Caching-only Name Server</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568020">An Authoritative-only Name Server</a></span></dt>
-</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568042">Load Balancing</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568465">Name Server Operations</a></span></dt>
-<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568470">Tools for Use With the Name Server Daemon</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570184">Signals</a></span></dt>
-</dl></dd>
-</dl>
-</div>
-<p>
- In this section we provide some suggested configurations along
- with guidelines for their use. We suggest reasonable values for
- certain option settings.
- </p>
-<div class="sect1" lang="en">
-<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="sample_configuration"></a>Sample Configurations</h2></div></div></div>
-<div class="sect2" lang="en">
-<div class="titlepage"><div><div><h3 class="title">
-<a name="id2568004"></a>A Caching-only Name Server</h3></div></div></div>
-<p>
- The following sample configuration is appropriate for a caching-only
- name server for use by clients internal to a corporation. All
- queries
- from outside clients are refused using the <span><strong class="command">allow-query</strong></span>
- option. Alternatively, the same effect could be achieved using
- suitable
- firewall rules.
- </p>
-<pre class="programlisting">
-// Two corporate subnets we wish to allow queries from.
-acl corpnets { 192.168.4.0/24; 192.168.7.0/24; };
-options {
- directory "/etc/namedb"; // Working directory
- allow-query { corpnets; };
-};
-// Provide a reverse mapping for the loopback address 127.0.0.1
-zone "0.0.127.in-addr.arpa" {
- type master;
- file "localhost.rev";
- notify no;
-};
-</pre>
-</div>
-<div class="sect2" lang="en">
-<div class="titlepage"><div><div><h3 class="title">
-<a name="id2568020"></a>An Authoritative-only Name Server</h3></div></div></div>
-<p>
- This sample configuration is for an authoritative-only server
- that is the master server for "<code class="filename">example.com</code>"
- and a slave for the subdomain "<code class="filename">eng.example.com</code>".
- </p>
-<pre class="programlisting">
-options {
- directory "/etc/namedb"; // Working directory
- allow-query-cache { none; }; // Do not allow access to cache
- allow-query { any; }; // This is the default
- recursion no; // Do not provide recursive service
-};
-
-// Provide a reverse mapping for the loopback address 127.0.0.1
-zone "0.0.127.in-addr.arpa" {
- type master;
- file "localhost.rev";
- notify no;
-};
-// We are the master server for example.com
-zone "example.com" {
- type master;
- file "example.com.db";
- // IP addresses of slave servers allowed to transfer example.com
- allow-transfer {
- 192.168.4.14;
- 192.168.5.53;
- };
-};
-// We are a slave server for eng.example.com
-zone "eng.example.com" {
- type slave;
- file "eng.example.com.bk";
- // IP address of eng.example.com master server
- masters { 192.168.4.12; };
-};
-</pre>
-</div>
-</div>
-<div class="sect1" lang="en">
-<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2568042"></a>Load Balancing</h2></div></div></div>
-<p>
- A primitive form of load balancing can be achieved in
- the <acronym class="acronym">DNS</acronym> by using multiple records
- (such as multiple A records) for one name.
- </p>
-<p>
- For example, if you have three WWW servers with network addresses
- of 10.0.0.1, 10.0.0.2 and 10.0.0.3, a set of records such as the
- following means that clients will connect to each machine one third
- of the time:
- </p>
-<div class="informaltable"><table border="1">
-<colgroup>
-<col>
-<col>
-<col>
-<col>
-<col>
-</colgroup>
-<tbody>
-<tr>
-<td>
- <p>
- Name
- </p>
- </td>
-<td>
- <p>
- TTL
- </p>
- </td>
-<td>
- <p>
- CLASS
- </p>
- </td>
-<td>
- <p>
- TYPE
- </p>
- </td>
-<td>
- <p>
- Resource Record (RR) Data
- </p>
- </td>
-</tr>
-<tr>
-<td>
- <p>
- <code class="literal">www</code>
- </p>
- </td>
-<td>
- <p>
- <code class="literal">600</code>
- </p>
- </td>
-<td>
- <p>
- <code class="literal">IN</code>
- </p>
- </td>
-<td>
- <p>
- <code class="literal">A</code>
- </p>
- </td>
-<td>
- <p>
- <code class="literal">10.0.0.1</code>
- </p>
- </td>
-</tr>
-<tr>
-<td>
- <p></p>
- </td>
-<td>
- <p>
- <code class="literal">600</code>
- </p>
- </td>
-<td>
- <p>
- <code class="literal">IN</code>
- </p>
- </td>
-<td>
- <p>
- <code class="literal">A</code>
- </p>
- </td>
-<td>
- <p>
- <code class="literal">10.0.0.2</code>
- </p>
- </td>
-</tr>
-<tr>
-<td>
- <p></p>
- </td>
-<td>
- <p>
- <code class="literal">600</code>
- </p>
- </td>
-<td>
- <p>
- <code class="literal">IN</code>
- </p>
- </td>
-<td>
- <p>
- <code class="literal">A</code>
- </p>
- </td>
-<td>
- <p>
- <code class="literal">10.0.0.3</code>
- </p>
- </td>
-</tr>
-</tbody>
-</table></div>
-<p>
- When a resolver queries for these records, <acronym class="acronym">BIND</acronym> will rotate
- them and respond to the query with the records in a different
- order. In the example above, clients will randomly receive
- records in the order 1, 2, 3; 2, 3, 1; and 3, 1, 2. Most clients
- will use the first record returned and discard the rest.
- </p>
-<p>
- For more detail on ordering responses, check the
- <span><strong class="command">rrset-order</strong></span> substatement in the
- <span><strong class="command">options</strong></span> statement, see
- <a href="Bv9ARM.ch06.html#rrset_ordering">RRset Ordering</a>.
- </p>
-</div>
-<div class="sect1" lang="en">
-<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2568465"></a>Name Server Operations</h2></div></div></div>
-<div class="sect2" lang="en">
-<div class="titlepage"><div><div><h3 class="title">
-<a name="id2568470"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
-<p>
- This section describes several indispensable diagnostic,
- administrative and monitoring tools available to the system
- administrator for controlling and debugging the name server
- daemon.
- </p>
-<div class="sect3" lang="en">
-<div class="titlepage"><div><div><h4 class="title">
-<a name="diagnostic_tools"></a>Diagnostic Tools</h4></div></div></div>
-<p>
- The <span><strong class="command">dig</strong></span>, <span><strong class="command">host</strong></span>, and
- <span><strong class="command">nslookup</strong></span> programs are all command
- line tools
- for manually querying name servers. They differ in style and
- output format.
- </p>
-<div class="variablelist"><dl>
-<dt><span class="term"><a name="dig"></a><span><strong class="command">dig</strong></span></span></dt>
-<dd>
-<p>
- The domain information groper (<span><strong class="command">dig</strong></span>)
- is the most versatile and complete of these lookup tools.
- It has two modes: simple interactive
- mode for a single query, and batch mode which executes a
- query for
- each in a list of several query lines. All query options are
- accessible
- from the command line.
- </p>
-<div class="cmdsynopsis"><p><code class="command">dig</code> [@<em class="replaceable"><code>server</code></em>] <em class="replaceable"><code>domain</code></em> [<em class="replaceable"><code>query-type</code></em>] [<em class="replaceable"><code>query-class</code></em>] [+<em class="replaceable"><code>query-option</code></em>] [-<em class="replaceable"><code>dig-option</code></em>] [%<em class="replaceable"><code>comment</code></em>]</p></div>
-<p>
- The usual simple use of dig will take the form
- </p>
-<p>
- <span><strong class="command">dig @server domain query-type query-class</strong></span>
- </p>
-<p>
- For more information and a list of available commands and
- options, see the <span><strong class="command">dig</strong></span> man
- page.
- </p>
-</dd>
-<dt><span class="term"><span><strong class="command">host</strong></span></span></dt>
-<dd>
-<p>
- The <span><strong class="command">host</strong></span> utility emphasizes
- simplicity
- and ease of use. By default, it converts
- between host names and Internet addresses, but its
- functionality
- can be extended with the use of options.
- </p>
-<div class="cmdsynopsis"><p><code class="command">host</code> [-aCdlnrsTwv] [-c <em class="replaceable"><code>class</code></em>] [-N <em class="replaceable"><code>ndots</code></em>] [-t <em class="replaceable"><code>type</code></em>] [-W <em class="replaceable"><code>timeout</code></em>] [-R <em class="replaceable"><code>retries</code></em>] [-m <em class="replaceable"><code>flag</code></em>] [-4] [-6] <em class="replaceable"><code>hostname</code></em> [<em class="replaceable"><code>server</code></em>]</p></div>
-<p>
- For more information and a list of available commands and
- options, see the <span><strong class="command">host</strong></span> man
- page.
- </p>
-</dd>
-<dt><span class="term"><span><strong class="command">nslookup</strong></span></span></dt>
-<dd>
-<p><span><strong class="command">nslookup</strong></span>
- has two modes: interactive and
- non-interactive. Interactive mode allows the user to
- query name servers for information about various
- hosts and domains or to print a list of hosts in a
- domain. Non-interactive mode is used to print just
- the name and requested information for a host or
- domain.
- </p>
-<div class="cmdsynopsis"><p><code class="command">nslookup</code> [-option...] [[<em class="replaceable"><code>host-to-find</code></em>] | [- [server]]]</p></div>
-<p>
- Interactive mode is entered when no arguments are given (the
- default name server will be used) or when the first argument
- is a
- hyphen (`-') and the second argument is the host name or
- Internet address
- of a name server.
- </p>
-<p>
- Non-interactive mode is used when the name or Internet
- address
- of the host to be looked up is given as the first argument.
- The
- optional second argument specifies the host name or address
- of a name server.
- </p>
-<p>
- Due to its arcane user interface and frequently inconsistent
- behavior, we do not recommend the use of <span><strong class="command">nslookup</strong></span>.
- Use <span><strong class="command">dig</strong></span> instead.
- </p>
-</dd>
-</dl></div>
-</div>
-<div class="sect3" lang="en">
-<div class="titlepage"><div><div><h4 class="title">
-<a name="admin_tools"></a>Administrative Tools</h4></div></div></div>
-<p>
- Administrative tools play an integral part in the management
- of a server.
- </p>
-<div class="variablelist"><dl>
-<dt>
-<a name="named-checkconf"></a><span class="term"><span><strong class="command">named-checkconf</strong></span></span>
-</dt>
-<dd>
-<p>
- The <span><strong class="command">named-checkconf</strong></span> program
- checks the syntax of a <code class="filename">named.conf</code> file.
- </p>
-<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [-jvz] [-t <em class="replaceable"><code>directory</code></em>] [<em class="replaceable"><code>filename</code></em>]</p></div>
-</dd>
-<dt>
-<a name="named-checkzone"></a><span class="term"><span><strong class="command">named-checkzone</strong></span></span>
-</dt>
-<dd>
-<p>
- The <span><strong class="command">named-checkzone</strong></span> program
- checks a master file for
- syntax and consistency.
- </p>
-<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [-djqvD] [-c <em class="replaceable"><code>class</code></em>] [-o <em class="replaceable"><code>output</code></em>] [-t <em class="replaceable"><code>directory</code></em>] [-w <em class="replaceable"><code>directory</code></em>] [-k <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-n <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-W <em class="replaceable"><code>(ignore|warn)</code></em>] <em class="replaceable"><code>zone</code></em> [<em class="replaceable"><code>filename</code></em>]</p></div>
-</dd>
-<dt>
-<a name="named-compilezone"></a><span class="term"><span><strong class="command">named-compilezone</strong></span></span>
-</dt>
-<dd><p>
- Similar to <span><strong class="command">named-checkzone,</strong></span> but
- it always dumps the zone content to a specified file
- (typically in a different format).
- </p></dd>
-<dt>
-<a name="rndc"></a><span class="term"><span><strong class="command">rndc</strong></span></span>
-</dt>
-<dd>
-<p>
- The remote name daemon control
- (<span><strong class="command">rndc</strong></span>) program allows the
- system
- administrator to control the operation of a name server.
- Since <acronym class="acronym">BIND</acronym> 9.2, <span><strong class="command">rndc</strong></span>
- supports all the commands of the BIND 8 <span><strong class="command">ndc</strong></span>
- utility except <span><strong class="command">ndc start</strong></span> and
- <span><strong class="command">ndc restart</strong></span>, which were also
- not supported in <span><strong class="command">ndc</strong></span>'s
- channel mode.
- If you run <span><strong class="command">rndc</strong></span> without any
- options
- it will display a usage message as follows:
- </p>
-<div class="cmdsynopsis"><p><code class="command">rndc</code> [-c <em class="replaceable"><code>config</code></em>] [-s <em class="replaceable"><code>server</code></em>] [-p <em class="replaceable"><code>port</code></em>] [-y <em class="replaceable"><code>key</code></em>] <em class="replaceable"><code>command</code></em> [<em class="replaceable"><code>command</code></em>...]</p></div>
-<p>The <span><strong class="command">command</strong></span>
- is one of the following:
- </p>
-<div class="variablelist"><dl>
-<dt><span class="term"><strong class="userinput"><code>reload</code></strong></span></dt>
-<dd><p>
- Reload configuration file and zones.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>reload <em class="replaceable"><code>zone</code></em>
- [<span class="optional"><em class="replaceable"><code>class</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
-<dd><p>
- Reload the given zone.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>refresh <em class="replaceable"><code>zone</code></em>
- [<span class="optional"><em class="replaceable"><code>class</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
-<dd><p>
- Schedule zone maintenance for the given zone.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>retransfer <em class="replaceable"><code>zone</code></em>
-
- [<span class="optional"><em class="replaceable"><code>class</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
-<dd><p>
- Retransfer the given zone from the master.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>freeze
- [<span class="optional"><em class="replaceable"><code>zone</code></em>
- [<span class="optional"><em class="replaceable"><code>class</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
-<dd><p>
- Suspend updates to a dynamic zone. If no zone is
- specified,
- then all zones are suspended. This allows manual
- edits to be made to a zone normally updated by dynamic
- update. It
- also causes changes in the journal file to be synced
- into the master
- and the journal file to be removed. All dynamic
- update attempts will
- be refused while the zone is frozen.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>thaw
- [<span class="optional"><em class="replaceable"><code>zone</code></em>
- [<span class="optional"><em class="replaceable"><code>class</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
-<dd><p>
- Enable updates to a frozen dynamic zone. If no zone
- is
- specified, then all frozen zones are enabled. This
- causes
- the server to reload the zone from disk, and
- re-enables dynamic updates
- after the load has completed. After a zone is thawed,
- dynamic updates
- will no longer be refused.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>notify <em class="replaceable"><code>zone</code></em>
- [<span class="optional"><em class="replaceable"><code>class</code></em>
- [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
-<dd><p>
- Resend NOTIFY messages for the zone.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>reconfig</code></strong></span></dt>
-<dd><p>
- Reload the configuration file and load new zones,
- but do not reload existing zone files even if they
- have changed.
- This is faster than a full <span><strong class="command">reload</strong></span> when there
- is a large number of zones because it avoids the need
- to examine the
- modification times of the zones files.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>stats</code></strong></span></dt>
-<dd><p>
- Write server statistics to the statistics file.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>querylog</code></strong></span></dt>
-<dd><p>
- Toggle query logging. Query logging can also be enabled
- by explicitly directing the <span><strong class="command">queries</strong></span>
- <span><strong class="command">category</strong></span> to a
- <span><strong class="command">channel</strong></span> in the
- <span><strong class="command">logging</strong></span> section of
- <code class="filename">named.conf</code> or by specifying
- <span><strong class="command">querylog yes;</strong></span> in the
- <span><strong class="command">options</strong></span> section of
- <code class="filename">named.conf</code>.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>dumpdb
- [<span class="optional">-all|-cache|-zone</span>]
- [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>
-<dd><p>
- Dump the server's caches (default) and/or zones to
- the
- dump file for the specified views. If no view is
- specified, all
- views are dumped.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>stop [<span class="optional">-p</span>]</code></strong></span></dt>
-<dd><p>
- Stop the server, making sure any recent changes
- made through dynamic update or IXFR are first saved to
- the master files of the updated zones.
- If -p is specified named's process id is returned.
- This allows an external process to determine when named
- had completed stopping.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>halt [<span class="optional">-p</span>]</code></strong></span></dt>
-<dd><p>
- Stop the server immediately. Recent changes
- made through dynamic update or IXFR are not saved to
- the master files, but will be rolled forward from the
- journal files when the server is restarted.
- If -p is specified named's process id is returned.
- This allows an external process to determine when named
- had completed halting.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>trace</code></strong></span></dt>
-<dd><p>
- Increment the servers debugging level by one.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>trace <em class="replaceable"><code>level</code></em></code></strong></span></dt>
-<dd><p>
- Sets the server's debugging level to an explicit
- value.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>notrace</code></strong></span></dt>
-<dd><p>
- Sets the server's debugging level to 0.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>flush</code></strong></span></dt>
-<dd><p>
- Flushes the server's cache.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>flushname</code></strong> <em class="replaceable"><code>name</code></em></span></dt>
-<dd><p>
- Flushes the given name from the server's cache.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>status</code></strong></span></dt>
-<dd><p>
- Display status of the server.
- Note that the number of zones includes the internal <span><strong class="command">bind/CH</strong></span> zone
- and the default <span><strong class="command">./IN</strong></span>
- hint zone if there is not an
- explicit root zone configured.
- </p></dd>
-<dt><span class="term"><strong class="userinput"><code>recursing</code></strong></span></dt>
-<dd><p>
- Dump the list of queries named is currently recursing
- on.
- </p></dd>
-</dl></div>
-<p>
- A configuration file is required, since all
- communication with the server is authenticated with
- digital signatures that rely on a shared secret, and
- there is no way to provide that secret other than with a
- configuration file. The default location for the
- <span><strong class="command">rndc</strong></span> configuration file is
- <code class="filename">/etc/rndc.conf</code>, but an
- alternate
- location can be specified with the <code class="option">-c</code>
- option. If the configuration file is not found,
- <span><strong class="command">rndc</strong></span> will also look in
- <code class="filename">/etc/rndc.key</code> (or whatever
- <code class="varname">sysconfdir</code> was defined when
- the <acronym class="acronym">BIND</acronym> build was
- configured).
- The <code class="filename">rndc.key</code> file is
- generated by
- running <span><strong class="command">rndc-confgen -a</strong></span> as
- described in
- <a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and
- Usage">the section called &#8220;<span><strong class="command">controls</strong></span> Statement Definition and
- Usage&#8221;</a>.
- </p>
-<p>
- The format of the configuration file is similar to
- that of <code class="filename">named.conf</code>, but
- limited to
- only four statements, the <span><strong class="command">options</strong></span>,
- <span><strong class="command">key</strong></span>, <span><strong class="command">server</strong></span> and
- <span><strong class="command">include</strong></span>
- statements. These statements are what associate the
- secret keys to the servers with which they are meant to
- be shared. The order of statements is not
- significant.
- </p>
-<p>
- The <span><strong class="command">options</strong></span> statement has
- three clauses:
- <span><strong class="command">default-server</strong></span>, <span><strong class="command">default-key</strong></span>,
- and <span><strong class="command">default-port</strong></span>.
- <span><strong class="command">default-server</strong></span> takes a
- host name or address argument and represents the server
- that will
- be contacted if no <code class="option">-s</code>
- option is provided on the command line.
- <span><strong class="command">default-key</strong></span> takes
- the name of a key as its argument, as defined by a <span><strong class="command">key</strong></span> statement.
- <span><strong class="command">default-port</strong></span> specifies the
- port to which
- <span><strong class="command">rndc</strong></span> should connect if no
- port is given on the command line or in a
- <span><strong class="command">server</strong></span> statement.
- </p>
-<p>
- The <span><strong class="command">key</strong></span> statement defines a
- key to be used
- by <span><strong class="command">rndc</strong></span> when authenticating
- with
- <span><strong class="command">named</strong></span>. Its syntax is
- identical to the
- <span><strong class="command">key</strong></span> statement in named.conf.
- The keyword <strong class="userinput"><code>key</code></strong> is
- followed by a key name, which must be a valid
- domain name, though it need not actually be hierarchical;
- thus,
- a string like "<strong class="userinput"><code>rndc_key</code></strong>" is a valid
- name.
- The <span><strong class="command">key</strong></span> statement has two
- clauses:
- <span><strong class="command">algorithm</strong></span> and <span><strong class="command">secret</strong></span>.
- While the configuration parser will accept any string as the
- argument
- to algorithm, currently only the string "<strong class="userinput"><code>hmac-md5</code></strong>"
- has any meaning. The secret is a base-64 encoded string
- as specified in RFC 3548.
- </p>
-<p>
- The <span><strong class="command">server</strong></span> statement
- associates a key
- defined using the <span><strong class="command">key</strong></span>
- statement with a server.
- The keyword <strong class="userinput"><code>server</code></strong> is followed by a
- host name or address. The <span><strong class="command">server</strong></span> statement
- has two clauses: <span><strong class="command">key</strong></span> and <span><strong class="command">port</strong></span>.
- The <span><strong class="command">key</strong></span> clause specifies the
- name of the key
- to be used when communicating with this server, and the
- <span><strong class="command">port</strong></span> clause can be used to
- specify the port <span><strong class="command">rndc</strong></span> should
- connect
- to on the server.
- </p>
-<p>
- A sample minimal configuration file is as follows:
- </p>
-<pre class="programlisting">
-key rndc_key {
- algorithm "hmac-md5";
- secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
-};
-options {
- default-server 127.0.0.1;
- default-key rndc_key;
-};
-</pre>
-<p>
- This file, if installed as <code class="filename">/etc/rndc.conf</code>,
- would allow the command:
- </p>
-<p>
- <code class="prompt">$ </code><strong class="userinput"><code>rndc reload</code></strong>
- </p>
-<p>
- to connect to 127.0.0.1 port 953 and cause the name server
- to reload, if a name server on the local machine were
- running with
- following controls statements:
- </p>
-<pre class="programlisting">
-controls {
- inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
-};
-</pre>
-<p>
- and it had an identical key statement for
- <code class="literal">rndc_key</code>.
- </p>
-<p>
- Running the <span><strong class="command">rndc-confgen</strong></span>
- program will
- conveniently create a <code class="filename">rndc.conf</code>
- file for you, and also display the
- corresponding <span><strong class="command">controls</strong></span>
- statement that you need to
- add to <code class="filename">named.conf</code>.
- Alternatively,
- you can run <span><strong class="command">rndc-confgen -a</strong></span>
- to set up
- a <code class="filename">rndc.key</code> file and not
- modify
- <code class="filename">named.conf</code> at all.
- </p>
-</dd>
-</dl></div>
-</div>
-</div>
-<div class="sect2" lang="en">
-<div class="titlepage"><div><div><h3 class="title">
-<a name="id2570184"></a>Signals</h3></div></div></div>
-<p>
- Certain UNIX signals cause the name server to take specific
- actions, as described in the following table. These signals can
- be sent using the <span><strong class="command">kill</strong></span> command.
- </p>
-<div class="informaltable"><table border="1">
-<colgroup>
-<col>
-<col>
-</colgroup>
-<tbody>
-<tr>
-<td>
- <p><span><strong class="command">SIGHUP</strong></span></p>
- </td>
-<td>
- <p>
- Causes the server to read <code class="filename">named.conf</code> and
- reload the database.
- </p>
- </td>
-</tr>
-<tr>
-<td>
- <p><span><strong class="command">SIGTERM</strong></span></p>
- </td>
-<td>
- <p>
- Causes the server to clean up and exit.
- </p>
- </td>
-</tr>
-<tr>
-<td>
- <p><span><strong class="command">SIGINT</strong></span></p>
- </td>
-<td>
- <p>
- Causes the server to clean up and exit.
- </p>
- </td>
-</tr>
-</tbody>
-</table></div>
-</div>
-</div>
-</div>
-<div class="navfooter">
-<hr>
-<table width="100%" summary="Navigation footer">
-<tr>
-<td width="40%" align="left">
-<a accesskey="p" href="Bv9ARM.ch02.html">Prev</a> </td>
-<td width="20%" align="center"> </td>
-<td width="40%" align="right"> <a accesskey="n" href="Bv9ARM.ch04.html">Next</a>
-</td>
-</tr>
-<tr>
-<td width="40%" align="left" valign="top">Chapter 2. <acronym class="acronym">BIND</acronym> Resource Requirements </td>
-<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
-<td width="40%" align="right" valign="top"> Chapter 4. Advanced DNS Features</td>
-</tr>
-</table>
-</div>
-</body>
-</html>
OpenPOWER on IntegriCloud