summaryrefslogtreecommitdiffstats
path: root/doc/arm/Bv9ARM.ch03.html
diff options
context:
space:
mode:
Diffstat (limited to 'doc/arm/Bv9ARM.ch03.html')
-rw-r--r--doc/arm/Bv9ARM.ch03.html808
1 files changed, 808 insertions, 0 deletions
diff --git a/doc/arm/Bv9ARM.ch03.html b/doc/arm/Bv9ARM.ch03.html
new file mode 100644
index 0000000..18f2711
--- /dev/null
+++ b/doc/arm/Bv9ARM.ch03.html
@@ -0,0 +1,808 @@
+<!--
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2003 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+<!-- $Id: Bv9ARM.ch03.html,v 1.35.18.31 2007/10/31 01:35:57 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Chapter 3. Name Server Configuration</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<link rel="prev" href="Bv9ARM.ch02.html" title="Chapter 2. BIND Resource Requirements">
+<link rel="next" href="Bv9ARM.ch04.html" title="Chapter 4. Advanced DNS Features">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
+<div class="navheader">
+<table width="100%" summary="Navigation header">
+<tr><th colspan="3" align="center">Chapter 3. Name Server Configuration</th></tr>
+<tr>
+<td width="20%" align="left">
+<a accesskey="p" href="Bv9ARM.ch02.html">Prev</a> </td>
+<th width="60%" align="center"> </th>
+<td width="20%" align="right"> <a accesskey="n" href="Bv9ARM.ch04.html">Next</a>
+</td>
+</tr>
+</table>
+<hr>
+</div>
+<div class="chapter" lang="en">
+<div class="titlepage"><div><div><h2 class="title">
+<a name="Bv9ARM.ch03"></a>Chapter 3. Name Server Configuration</h2></div></div></div>
+<div class="toc">
+<p><b>Table of Contents</b></p>
+<dl>
+<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
+<dd><dl>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568004">A Caching-only Name Server</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568020">An Authoritative-only Name Server</a></span></dt>
+</dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568042">Load Balancing</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568465">Name Server Operations</a></span></dt>
+<dd><dl>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568470">Tools for Use With the Name Server Daemon</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570184">Signals</a></span></dt>
+</dl></dd>
+</dl>
+</div>
+<p>
+ In this section we provide some suggested configurations along
+ with guidelines for their use. We suggest reasonable values for
+ certain option settings.
+ </p>
+<div class="sect1" lang="en">
+<div class="titlepage"><div><div><h2 class="title" style="clear: both">
+<a name="sample_configuration"></a>Sample Configurations</h2></div></div></div>
+<div class="sect2" lang="en">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="id2568004"></a>A Caching-only Name Server</h3></div></div></div>
+<p>
+ The following sample configuration is appropriate for a caching-only
+ name server for use by clients internal to a corporation. All
+ queries
+ from outside clients are refused using the <span><strong class="command">allow-query</strong></span>
+ option. Alternatively, the same effect could be achieved using
+ suitable
+ firewall rules.
+ </p>
+<pre class="programlisting">
+// Two corporate subnets we wish to allow queries from.
+acl corpnets { 192.168.4.0/24; 192.168.7.0/24; };
+options {
+ directory "/etc/namedb"; // Working directory
+ allow-query { corpnets; };
+};
+// Provide a reverse mapping for the loopback address 127.0.0.1
+zone "0.0.127.in-addr.arpa" {
+ type master;
+ file "localhost.rev";
+ notify no;
+};
+</pre>
+</div>
+<div class="sect2" lang="en">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="id2568020"></a>An Authoritative-only Name Server</h3></div></div></div>
+<p>
+ This sample configuration is for an authoritative-only server
+ that is the master server for "<code class="filename">example.com</code>"
+ and a slave for the subdomain "<code class="filename">eng.example.com</code>".
+ </p>
+<pre class="programlisting">
+options {
+ directory "/etc/namedb"; // Working directory
+ allow-query-cache { none; }; // Do not allow access to cache
+ allow-query { any; }; // This is the default
+ recursion no; // Do not provide recursive service
+};
+
+// Provide a reverse mapping for the loopback address 127.0.0.1
+zone "0.0.127.in-addr.arpa" {
+ type master;
+ file "localhost.rev";
+ notify no;
+};
+// We are the master server for example.com
+zone "example.com" {
+ type master;
+ file "example.com.db";
+ // IP addresses of slave servers allowed to transfer example.com
+ allow-transfer {
+ 192.168.4.14;
+ 192.168.5.53;
+ };
+};
+// We are a slave server for eng.example.com
+zone "eng.example.com" {
+ type slave;
+ file "eng.example.com.bk";
+ // IP address of eng.example.com master server
+ masters { 192.168.4.12; };
+};
+</pre>
+</div>
+</div>
+<div class="sect1" lang="en">
+<div class="titlepage"><div><div><h2 class="title" style="clear: both">
+<a name="id2568042"></a>Load Balancing</h2></div></div></div>
+<p>
+ A primitive form of load balancing can be achieved in
+ the <acronym class="acronym">DNS</acronym> by using multiple records
+ (such as multiple A records) for one name.
+ </p>
+<p>
+ For example, if you have three WWW servers with network addresses
+ of 10.0.0.1, 10.0.0.2 and 10.0.0.3, a set of records such as the
+ following means that clients will connect to each machine one third
+ of the time:
+ </p>
+<div class="informaltable"><table border="1">
+<colgroup>
+<col>
+<col>
+<col>
+<col>
+<col>
+</colgroup>
+<tbody>
+<tr>
+<td>
+ <p>
+ Name
+ </p>
+ </td>
+<td>
+ <p>
+ TTL
+ </p>
+ </td>
+<td>
+ <p>
+ CLASS
+ </p>
+ </td>
+<td>
+ <p>
+ TYPE
+ </p>
+ </td>
+<td>
+ <p>
+ Resource Record (RR) Data
+ </p>
+ </td>
+</tr>
+<tr>
+<td>
+ <p>
+ <code class="literal">www</code>
+ </p>
+ </td>
+<td>
+ <p>
+ <code class="literal">600</code>
+ </p>
+ </td>
+<td>
+ <p>
+ <code class="literal">IN</code>
+ </p>
+ </td>
+<td>
+ <p>
+ <code class="literal">A</code>
+ </p>
+ </td>
+<td>
+ <p>
+ <code class="literal">10.0.0.1</code>
+ </p>
+ </td>
+</tr>
+<tr>
+<td>
+ <p></p>
+ </td>
+<td>
+ <p>
+ <code class="literal">600</code>
+ </p>
+ </td>
+<td>
+ <p>
+ <code class="literal">IN</code>
+ </p>
+ </td>
+<td>
+ <p>
+ <code class="literal">A</code>
+ </p>
+ </td>
+<td>
+ <p>
+ <code class="literal">10.0.0.2</code>
+ </p>
+ </td>
+</tr>
+<tr>
+<td>
+ <p></p>
+ </td>
+<td>
+ <p>
+ <code class="literal">600</code>
+ </p>
+ </td>
+<td>
+ <p>
+ <code class="literal">IN</code>
+ </p>
+ </td>
+<td>
+ <p>
+ <code class="literal">A</code>
+ </p>
+ </td>
+<td>
+ <p>
+ <code class="literal">10.0.0.3</code>
+ </p>
+ </td>
+</tr>
+</tbody>
+</table></div>
+<p>
+ When a resolver queries for these records, <acronym class="acronym">BIND</acronym> will rotate
+ them and respond to the query with the records in a different
+ order. In the example above, clients will randomly receive
+ records in the order 1, 2, 3; 2, 3, 1; and 3, 1, 2. Most clients
+ will use the first record returned and discard the rest.
+ </p>
+<p>
+ For more detail on ordering responses, check the
+ <span><strong class="command">rrset-order</strong></span> substatement in the
+ <span><strong class="command">options</strong></span> statement, see
+ <a href="Bv9ARM.ch06.html#rrset_ordering">RRset Ordering</a>.
+ </p>
+</div>
+<div class="sect1" lang="en">
+<div class="titlepage"><div><div><h2 class="title" style="clear: both">
+<a name="id2568465"></a>Name Server Operations</h2></div></div></div>
+<div class="sect2" lang="en">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="id2568470"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
+<p>
+ This section describes several indispensable diagnostic,
+ administrative and monitoring tools available to the system
+ administrator for controlling and debugging the name server
+ daemon.
+ </p>
+<div class="sect3" lang="en">
+<div class="titlepage"><div><div><h4 class="title">
+<a name="diagnostic_tools"></a>Diagnostic Tools</h4></div></div></div>
+<p>
+ The <span><strong class="command">dig</strong></span>, <span><strong class="command">host</strong></span>, and
+ <span><strong class="command">nslookup</strong></span> programs are all command
+ line tools
+ for manually querying name servers. They differ in style and
+ output format.
+ </p>
+<div class="variablelist"><dl>
+<dt><span class="term"><a name="dig"></a><span><strong class="command">dig</strong></span></span></dt>
+<dd>
+<p>
+ The domain information groper (<span><strong class="command">dig</strong></span>)
+ is the most versatile and complete of these lookup tools.
+ It has two modes: simple interactive
+ mode for a single query, and batch mode which executes a
+ query for
+ each in a list of several query lines. All query options are
+ accessible
+ from the command line.
+ </p>
+<div class="cmdsynopsis"><p><code class="command">dig</code> [@<em class="replaceable"><code>server</code></em>] <em class="replaceable"><code>domain</code></em> [<em class="replaceable"><code>query-type</code></em>] [<em class="replaceable"><code>query-class</code></em>] [+<em class="replaceable"><code>query-option</code></em>] [-<em class="replaceable"><code>dig-option</code></em>] [%<em class="replaceable"><code>comment</code></em>]</p></div>
+<p>
+ The usual simple use of dig will take the form
+ </p>
+<p>
+ <span><strong class="command">dig @server domain query-type query-class</strong></span>
+ </p>
+<p>
+ For more information and a list of available commands and
+ options, see the <span><strong class="command">dig</strong></span> man
+ page.
+ </p>
+</dd>
+<dt><span class="term"><span><strong class="command">host</strong></span></span></dt>
+<dd>
+<p>
+ The <span><strong class="command">host</strong></span> utility emphasizes
+ simplicity
+ and ease of use. By default, it converts
+ between host names and Internet addresses, but its
+ functionality
+ can be extended with the use of options.
+ </p>
+<div class="cmdsynopsis"><p><code class="command">host</code> [-aCdlnrsTwv] [-c <em class="replaceable"><code>class</code></em>] [-N <em class="replaceable"><code>ndots</code></em>] [-t <em class="replaceable"><code>type</code></em>] [-W <em class="replaceable"><code>timeout</code></em>] [-R <em class="replaceable"><code>retries</code></em>] [-m <em class="replaceable"><code>flag</code></em>] [-4] [-6] <em class="replaceable"><code>hostname</code></em> [<em class="replaceable"><code>server</code></em>]</p></div>
+<p>
+ For more information and a list of available commands and
+ options, see the <span><strong class="command">host</strong></span> man
+ page.
+ </p>
+</dd>
+<dt><span class="term"><span><strong class="command">nslookup</strong></span></span></dt>
+<dd>
+<p><span><strong class="command">nslookup</strong></span>
+ has two modes: interactive and
+ non-interactive. Interactive mode allows the user to
+ query name servers for information about various
+ hosts and domains or to print a list of hosts in a
+ domain. Non-interactive mode is used to print just
+ the name and requested information for a host or
+ domain.
+ </p>
+<div class="cmdsynopsis"><p><code class="command">nslookup</code> [-option...] [[<em class="replaceable"><code>host-to-find</code></em>] | [- [server]]]</p></div>
+<p>
+ Interactive mode is entered when no arguments are given (the
+ default name server will be used) or when the first argument
+ is a
+ hyphen (`-') and the second argument is the host name or
+ Internet address
+ of a name server.
+ </p>
+<p>
+ Non-interactive mode is used when the name or Internet
+ address
+ of the host to be looked up is given as the first argument.
+ The
+ optional second argument specifies the host name or address
+ of a name server.
+ </p>
+<p>
+ Due to its arcane user interface and frequently inconsistent
+ behavior, we do not recommend the use of <span><strong class="command">nslookup</strong></span>.
+ Use <span><strong class="command">dig</strong></span> instead.
+ </p>
+</dd>
+</dl></div>
+</div>
+<div class="sect3" lang="en">
+<div class="titlepage"><div><div><h4 class="title">
+<a name="admin_tools"></a>Administrative Tools</h4></div></div></div>
+<p>
+ Administrative tools play an integral part in the management
+ of a server.
+ </p>
+<div class="variablelist"><dl>
+<dt>
+<a name="named-checkconf"></a><span class="term"><span><strong class="command">named-checkconf</strong></span></span>
+</dt>
+<dd>
+<p>
+ The <span><strong class="command">named-checkconf</strong></span> program
+ checks the syntax of a <code class="filename">named.conf</code> file.
+ </p>
+<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [-jvz] [-t <em class="replaceable"><code>directory</code></em>] [<em class="replaceable"><code>filename</code></em>]</p></div>
+</dd>
+<dt>
+<a name="named-checkzone"></a><span class="term"><span><strong class="command">named-checkzone</strong></span></span>
+</dt>
+<dd>
+<p>
+ The <span><strong class="command">named-checkzone</strong></span> program
+ checks a master file for
+ syntax and consistency.
+ </p>
+<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [-djqvD] [-c <em class="replaceable"><code>class</code></em>] [-o <em class="replaceable"><code>output</code></em>] [-t <em class="replaceable"><code>directory</code></em>] [-w <em class="replaceable"><code>directory</code></em>] [-k <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-n <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-W <em class="replaceable"><code>(ignore|warn)</code></em>] <em class="replaceable"><code>zone</code></em> [<em class="replaceable"><code>filename</code></em>]</p></div>
+</dd>
+<dt>
+<a name="named-compilezone"></a><span class="term"><span><strong class="command">named-compilezone</strong></span></span>
+</dt>
+<dd><p>
+ Similar to <span><strong class="command">named-checkzone,</strong></span> but
+ it always dumps the zone content to a specified file
+ (typically in a different format).
+ </p></dd>
+<dt>
+<a name="rndc"></a><span class="term"><span><strong class="command">rndc</strong></span></span>
+</dt>
+<dd>
+<p>
+ The remote name daemon control
+ (<span><strong class="command">rndc</strong></span>) program allows the
+ system
+ administrator to control the operation of a name server.
+ Since <acronym class="acronym">BIND</acronym> 9.2, <span><strong class="command">rndc</strong></span>
+ supports all the commands of the BIND 8 <span><strong class="command">ndc</strong></span>
+ utility except <span><strong class="command">ndc start</strong></span> and
+ <span><strong class="command">ndc restart</strong></span>, which were also
+ not supported in <span><strong class="command">ndc</strong></span>'s
+ channel mode.
+ If you run <span><strong class="command">rndc</strong></span> without any
+ options
+ it will display a usage message as follows:
+ </p>
+<div class="cmdsynopsis"><p><code class="command">rndc</code> [-c <em class="replaceable"><code>config</code></em>] [-s <em class="replaceable"><code>server</code></em>] [-p <em class="replaceable"><code>port</code></em>] [-y <em class="replaceable"><code>key</code></em>] <em class="replaceable"><code>command</code></em> [<em class="replaceable"><code>command</code></em>...]</p></div>
+<p>The <span><strong class="command">command</strong></span>
+ is one of the following:
+ </p>
+<div class="variablelist"><dl>
+<dt><span class="term"><strong class="userinput"><code>reload</code></strong></span></dt>
+<dd><p>
+ Reload configuration file and zones.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>reload <em class="replaceable"><code>zone</code></em>
+ [<span class="optional"><em class="replaceable"><code>class</code></em>
+ [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
+<dd><p>
+ Reload the given zone.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>refresh <em class="replaceable"><code>zone</code></em>
+ [<span class="optional"><em class="replaceable"><code>class</code></em>
+ [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
+<dd><p>
+ Schedule zone maintenance for the given zone.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>retransfer <em class="replaceable"><code>zone</code></em>
+
+ [<span class="optional"><em class="replaceable"><code>class</code></em>
+ [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
+<dd><p>
+ Retransfer the given zone from the master.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>freeze
+ [<span class="optional"><em class="replaceable"><code>zone</code></em>
+ [<span class="optional"><em class="replaceable"><code>class</code></em>
+ [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
+<dd><p>
+ Suspend updates to a dynamic zone. If no zone is
+ specified,
+ then all zones are suspended. This allows manual
+ edits to be made to a zone normally updated by dynamic
+ update. It
+ also causes changes in the journal file to be synced
+ into the master
+ and the journal file to be removed. All dynamic
+ update attempts will
+ be refused while the zone is frozen.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>thaw
+ [<span class="optional"><em class="replaceable"><code>zone</code></em>
+ [<span class="optional"><em class="replaceable"><code>class</code></em>
+ [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
+<dd><p>
+ Enable updates to a frozen dynamic zone. If no zone
+ is
+ specified, then all frozen zones are enabled. This
+ causes
+ the server to reload the zone from disk, and
+ re-enables dynamic updates
+ after the load has completed. After a zone is thawed,
+ dynamic updates
+ will no longer be refused.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>notify <em class="replaceable"><code>zone</code></em>
+ [<span class="optional"><em class="replaceable"><code>class</code></em>
+ [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
+<dd><p>
+ Resend NOTIFY messages for the zone.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>reconfig</code></strong></span></dt>
+<dd><p>
+ Reload the configuration file and load new zones,
+ but do not reload existing zone files even if they
+ have changed.
+ This is faster than a full <span><strong class="command">reload</strong></span> when there
+ is a large number of zones because it avoids the need
+ to examine the
+ modification times of the zones files.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>stats</code></strong></span></dt>
+<dd><p>
+ Write server statistics to the statistics file.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>querylog</code></strong></span></dt>
+<dd><p>
+ Toggle query logging. Query logging can also be enabled
+ by explicitly directing the <span><strong class="command">queries</strong></span>
+ <span><strong class="command">category</strong></span> to a
+ <span><strong class="command">channel</strong></span> in the
+ <span><strong class="command">logging</strong></span> section of
+ <code class="filename">named.conf</code> or by specifying
+ <span><strong class="command">querylog yes;</strong></span> in the
+ <span><strong class="command">options</strong></span> section of
+ <code class="filename">named.conf</code>.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>dumpdb
+ [<span class="optional">-all|-cache|-zone</span>]
+ [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>
+<dd><p>
+ Dump the server's caches (default) and/or zones to
+ the
+ dump file for the specified views. If no view is
+ specified, all
+ views are dumped.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>stop [<span class="optional">-p</span>]</code></strong></span></dt>
+<dd><p>
+ Stop the server, making sure any recent changes
+ made through dynamic update or IXFR are first saved to
+ the master files of the updated zones.
+ If -p is specified named's process id is returned.
+ This allows an external process to determine when named
+ had completed stopping.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>halt [<span class="optional">-p</span>]</code></strong></span></dt>
+<dd><p>
+ Stop the server immediately. Recent changes
+ made through dynamic update or IXFR are not saved to
+ the master files, but will be rolled forward from the
+ journal files when the server is restarted.
+ If -p is specified named's process id is returned.
+ This allows an external process to determine when named
+ had completed halting.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>trace</code></strong></span></dt>
+<dd><p>
+ Increment the servers debugging level by one.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>trace <em class="replaceable"><code>level</code></em></code></strong></span></dt>
+<dd><p>
+ Sets the server's debugging level to an explicit
+ value.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>notrace</code></strong></span></dt>
+<dd><p>
+ Sets the server's debugging level to 0.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>flush</code></strong></span></dt>
+<dd><p>
+ Flushes the server's cache.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>flushname</code></strong> <em class="replaceable"><code>name</code></em></span></dt>
+<dd><p>
+ Flushes the given name from the server's cache.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>status</code></strong></span></dt>
+<dd><p>
+ Display status of the server.
+ Note that the number of zones includes the internal <span><strong class="command">bind/CH</strong></span> zone
+ and the default <span><strong class="command">./IN</strong></span>
+ hint zone if there is not an
+ explicit root zone configured.
+ </p></dd>
+<dt><span class="term"><strong class="userinput"><code>recursing</code></strong></span></dt>
+<dd><p>
+ Dump the list of queries named is currently recursing
+ on.
+ </p></dd>
+</dl></div>
+<p>
+ A configuration file is required, since all
+ communication with the server is authenticated with
+ digital signatures that rely on a shared secret, and
+ there is no way to provide that secret other than with a
+ configuration file. The default location for the
+ <span><strong class="command">rndc</strong></span> configuration file is
+ <code class="filename">/etc/rndc.conf</code>, but an
+ alternate
+ location can be specified with the <code class="option">-c</code>
+ option. If the configuration file is not found,
+ <span><strong class="command">rndc</strong></span> will also look in
+ <code class="filename">/etc/rndc.key</code> (or whatever
+ <code class="varname">sysconfdir</code> was defined when
+ the <acronym class="acronym">BIND</acronym> build was
+ configured).
+ The <code class="filename">rndc.key</code> file is
+ generated by
+ running <span><strong class="command">rndc-confgen -a</strong></span> as
+ described in
+ <a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and
+ Usage">the section called &#8220;<span><strong class="command">controls</strong></span> Statement Definition and
+ Usage&#8221;</a>.
+ </p>
+<p>
+ The format of the configuration file is similar to
+ that of <code class="filename">named.conf</code>, but
+ limited to
+ only four statements, the <span><strong class="command">options</strong></span>,
+ <span><strong class="command">key</strong></span>, <span><strong class="command">server</strong></span> and
+ <span><strong class="command">include</strong></span>
+ statements. These statements are what associate the
+ secret keys to the servers with which they are meant to
+ be shared. The order of statements is not
+ significant.
+ </p>
+<p>
+ The <span><strong class="command">options</strong></span> statement has
+ three clauses:
+ <span><strong class="command">default-server</strong></span>, <span><strong class="command">default-key</strong></span>,
+ and <span><strong class="command">default-port</strong></span>.
+ <span><strong class="command">default-server</strong></span> takes a
+ host name or address argument and represents the server
+ that will
+ be contacted if no <code class="option">-s</code>
+ option is provided on the command line.
+ <span><strong class="command">default-key</strong></span> takes
+ the name of a key as its argument, as defined by a <span><strong class="command">key</strong></span> statement.
+ <span><strong class="command">default-port</strong></span> specifies the
+ port to which
+ <span><strong class="command">rndc</strong></span> should connect if no
+ port is given on the command line or in a
+ <span><strong class="command">server</strong></span> statement.
+ </p>
+<p>
+ The <span><strong class="command">key</strong></span> statement defines a
+ key to be used
+ by <span><strong class="command">rndc</strong></span> when authenticating
+ with
+ <span><strong class="command">named</strong></span>. Its syntax is
+ identical to the
+ <span><strong class="command">key</strong></span> statement in named.conf.
+ The keyword <strong class="userinput"><code>key</code></strong> is
+ followed by a key name, which must be a valid
+ domain name, though it need not actually be hierarchical;
+ thus,
+ a string like "<strong class="userinput"><code>rndc_key</code></strong>" is a valid
+ name.
+ The <span><strong class="command">key</strong></span> statement has two
+ clauses:
+ <span><strong class="command">algorithm</strong></span> and <span><strong class="command">secret</strong></span>.
+ While the configuration parser will accept any string as the
+ argument
+ to algorithm, currently only the string "<strong class="userinput"><code>hmac-md5</code></strong>"
+ has any meaning. The secret is a base-64 encoded string
+ as specified in RFC 3548.
+ </p>
+<p>
+ The <span><strong class="command">server</strong></span> statement
+ associates a key
+ defined using the <span><strong class="command">key</strong></span>
+ statement with a server.
+ The keyword <strong class="userinput"><code>server</code></strong> is followed by a
+ host name or address. The <span><strong class="command">server</strong></span> statement
+ has two clauses: <span><strong class="command">key</strong></span> and <span><strong class="command">port</strong></span>.
+ The <span><strong class="command">key</strong></span> clause specifies the
+ name of the key
+ to be used when communicating with this server, and the
+ <span><strong class="command">port</strong></span> clause can be used to
+ specify the port <span><strong class="command">rndc</strong></span> should
+ connect
+ to on the server.
+ </p>
+<p>
+ A sample minimal configuration file is as follows:
+ </p>
+<pre class="programlisting">
+key rndc_key {
+ algorithm "hmac-md5";
+ secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
+};
+options {
+ default-server 127.0.0.1;
+ default-key rndc_key;
+};
+</pre>
+<p>
+ This file, if installed as <code class="filename">/etc/rndc.conf</code>,
+ would allow the command:
+ </p>
+<p>
+ <code class="prompt">$ </code><strong class="userinput"><code>rndc reload</code></strong>
+ </p>
+<p>
+ to connect to 127.0.0.1 port 953 and cause the name server
+ to reload, if a name server on the local machine were
+ running with
+ following controls statements:
+ </p>
+<pre class="programlisting">
+controls {
+ inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
+};
+</pre>
+<p>
+ and it had an identical key statement for
+ <code class="literal">rndc_key</code>.
+ </p>
+<p>
+ Running the <span><strong class="command">rndc-confgen</strong></span>
+ program will
+ conveniently create a <code class="filename">rndc.conf</code>
+ file for you, and also display the
+ corresponding <span><strong class="command">controls</strong></span>
+ statement that you need to
+ add to <code class="filename">named.conf</code>.
+ Alternatively,
+ you can run <span><strong class="command">rndc-confgen -a</strong></span>
+ to set up
+ a <code class="filename">rndc.key</code> file and not
+ modify
+ <code class="filename">named.conf</code> at all.
+ </p>
+</dd>
+</dl></div>
+</div>
+</div>
+<div class="sect2" lang="en">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="id2570184"></a>Signals</h3></div></div></div>
+<p>
+ Certain UNIX signals cause the name server to take specific
+ actions, as described in the following table. These signals can
+ be sent using the <span><strong class="command">kill</strong></span> command.
+ </p>
+<div class="informaltable"><table border="1">
+<colgroup>
+<col>
+<col>
+</colgroup>
+<tbody>
+<tr>
+<td>
+ <p><span><strong class="command">SIGHUP</strong></span></p>
+ </td>
+<td>
+ <p>
+ Causes the server to read <code class="filename">named.conf</code> and
+ reload the database.
+ </p>
+ </td>
+</tr>
+<tr>
+<td>
+ <p><span><strong class="command">SIGTERM</strong></span></p>
+ </td>
+<td>
+ <p>
+ Causes the server to clean up and exit.
+ </p>
+ </td>
+</tr>
+<tr>
+<td>
+ <p><span><strong class="command">SIGINT</strong></span></p>
+ </td>
+<td>
+ <p>
+ Causes the server to clean up and exit.
+ </p>
+ </td>
+</tr>
+</tbody>
+</table></div>
+</div>
+</div>
+</div>
+<div class="navfooter">
+<hr>
+<table width="100%" summary="Navigation footer">
+<tr>
+<td width="40%" align="left">
+<a accesskey="p" href="Bv9ARM.ch02.html">Prev</a> </td>
+<td width="20%" align="center"> </td>
+<td width="40%" align="right"> <a accesskey="n" href="Bv9ARM.ch04.html">Next</a>
+</td>
+</tr>
+<tr>
+<td width="40%" align="left" valign="top">Chapter 2. <acronym class="acronym">BIND</acronym> Resource Requirements </td>
+<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
+<td width="40%" align="right" valign="top"> Chapter 4. Advanced DNS Features</td>
+</tr>
+</table>
+</div>
+</body>
+</html>
OpenPOWER on IntegriCloud