Context Navigation

bind-systemd.xml@ 1adf07d

Visit:

systemd-13485

Last change on this file since 1adf07d was 1adf07d, checked in by Douglas R. Reno <renodr@…>, 9 years ago

Update to bind-9.10.2-P4 and BIND-Utilities-9.10.2-P4
Update to stunnel-5.23
Update to libgpg-error-1.20
Update to mutt-1.5.24
Fix a typo in my own changelog.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/branches/systemd@16389 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 31.0 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY bind-download-http " ">
8	<!ENTITY bind-download-ftp "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
9	<!ENTITY bind-md5sum "8b1f5064837756c938eadc1537dec5c7">
10	<!ENTITY bind-size "8.1 MB">
11	<!ENTITY bind-buildsize "137 MB (additional 44 MB to run the test suite)">
12	<!ENTITY bind-time "0.9 SBU (additional 20+ minutes, processor independent, to run the complete test suite)">
13	]>
14
15	<sect1 id="bind" xreflabel="BIND-&bind-version;">
16	<?dbhtml filename="bind.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	</sect1info>
22
23	<title>BIND-&bind-version;</title>
24
25	<indexterm zone="bind">
26	<primary sortas="a-BIND">BIND</primary>
27	</indexterm>
28
29	<sect2 role="package">
30	<title>Introduction to BIND</title>
31
32	<para>The <application>BIND</application> package provides a DNS server
33	and client utilities. If you are only interested in the utilities, refer
34	to the <xref linkend="bind-utils"/>.</para>
35
36	&lfs77_checked;
37
38	<bridgehead renderas="sect3">Package Information</bridgehead>
39	<itemizedlist spacing="compact">
40	<listitem>
41	<para>Download (HTTP): <ulink url="&bind-download-http;"/></para>
42	</listitem>
43	<listitem>
44	<para>Download (FTP): <ulink url="&bind-download-ftp;"/></para>
45	</listitem>
46	<listitem>
47	<para>Download MD5 sum: &bind-md5sum;</para>
48	</listitem>
49	<listitem>
50	<para>Download size: &bind-size;</para>
51	</listitem>
52	<listitem>
53	<para>Estimated disk space required: &bind-buildsize;</para>
54	</listitem>
55	<listitem>
56	<para>Estimated build time: &bind-time;</para>
57	</listitem>
58	</itemizedlist>
59
60	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
61	<itemizedlist spacing='compact'>
62	<listitem>
63	<para>Optional patch (if net-tools is not installed):
64	<ulink
65	url="&patch-root;/bind-&bind-version;-use_iproute2-1.patch"/></para>
66	</listitem>
67	</itemizedlist>
68
69	<bridgehead renderas="sect3">BIND Dependencies</bridgehead>
70
71	<bridgehead renderas="sect4">Optional</bridgehead>
72	<para role="optional">
73	<xref linkend="libxml2"/>,
74	<xref linkend="mitkrb"/>,
75	<xref linkend="openssl"/>, and
76	<ulink url="https://github.com/cjheath/geoip">GeoIP</ulink>
77	</para>
78
79	<bridgehead renderas="sect4">Optional database backends</bridgehead>
80	<para role="optional">
81	<xref linkend="db"/>,
82	<xref linkend="openldap"/>,
83	<xref linkend="mariadb"/>,
84	<xref linkend="postgresql"/>, and
85	<xref linkend="unixodbc"/>
86	</para>
87
88	<bridgehead renderas="sect4">Optional (to run the test suite)</bridgehead>
89	<para role="optional">
90	<xref linkend="perl-net-dns"/> and
91	<xref linkend="net-tools"/> (you may omit net-tools by using the optional
92	patch to utilize iproute2, but the IPv6 tests will fail)
93	</para>
94
95	<bridgehead renderas="sect4">Optional (to rebuild the documentation)</bridgehead>
96	<para role="optional">
97	<xref linkend="doxygen"/>,
98	<xref linkend="libxslt"/>, and
99	<xref linkend="texlive"/> (or <xref linkend="tl-installer"/>)
100	</para>
101
102	<para condition="html" role="usernotes">User Notes:
103	<ulink url="&blfs-wiki;/bind"/></para>
104
105	</sect2>
106
107	<sect2 role="installation">
108	<title>Installation of BIND</title>
109
110	<para>If you have chosen not to install net-tools, apply the iproute2
111	patch with the following command:</para>
112
113	<screen><userinput>patch -Np1 -i ../bind-&bind-version;-use_iproute2-1.patch</userinput></screen>
114
115	<para>Install <application>BIND</application> by running the
116	following commands:</para>
117
118	<screen><userinput>./configure --prefix=/usr \
119	--sysconfdir=/etc \
120	--localstatedir=/var \
121	--mandir=/usr/share/man \
122	--enable-threads \
123	--with-libtool \
124	--disable-static \
125	--with-randomdev=/dev/urandom &&
126	make</userinput></screen>
127
128	<para>Issue the following commands to run the complete suite of tests.
129	First, as the <systemitem class="username">root</systemitem> user, set up
130	some test interfaces:</para>
131
132	<note><para>If IPv6 is not enabled in the kernel, there will be several
133	error messages: "RTNETLINK answers: Operation not permitted". These
134	messages do not afffect the tests.</para></note>
135
136	<screen role="root"><userinput>bin/tests/system/ifconfig.sh up</userinput></screen>
137
138	<!-- <para>As an unprivileged user, remove some tests that fail:</para>
139
140	<screen><userinput>
141	sed -e 's/ecdsa //' \
142	-e 's/masterformat //' \
143	-e 's/reclimit //' \
144	-e 's/tsiggss //' \
145	-i bin/tests/system/conf.sh</userinput></screen>
146
147	<para>Now run the test suite as an unprivileged user:</para>-->
148	<para>The test suite may indicate some failures depending on installed
149	optional dependencies and what configuration options are used.
150	To run the tests, as an unprivileged user, issue:</para>
151
152	<screen><userinput>make -k check</userinput></screen>
153
154	<para>Again as <systemitem class="username">root</systemitem>, clean up the
155	test interfaces:</para>
156
157	<screen role="root"><userinput>bin/tests/system/ifconfig.sh down</userinput></screen>
158
159	<para>Finally, install the package as the <systemitem
160	class="username">root</systemitem> user:</para>
161
162	<screen role="root"><userinput>make install &&
163	chmod -v 755 /usr/lib/lib{bind9,dns,isc{,cc,cfg},lwres}.so &&
164
165	install -v -dm755 /usr/share/doc/bind-&bind-version;/{arm,misc} &&
166	install -v -m644 doc/arm/*.html \
167	/usr/share/doc/bind-&bind-version;/arm &&
168	install -v -m644 \
169	doc/misc/{dnssec,ipv6,migrat*,options,rfc-compliance,roadmap,sdb} \
170	/usr/share/doc/bind-&bind-version;/misc</userinput></screen>
171	</sect2>
172
173	<sect2 role="commands">
174	<title>Command Explanations</title>
175	<!--
176	<para><command>sed ... bin/tests/system/conf.sh</command>: This command
177	removes tests that fail (some for unknown reasons).</para>-->
178
179	<para><parameter>--sysconfdir=/etc</parameter>: This parameter forces
180	<application>BIND</application> to look for configuration
181	files in <filename class='directory'>/etc</filename> instead of
182	<filename class='directory'>/usr/etc</filename>.</para>
183
184	<para><parameter>--enable-threads</parameter>: This parameter enables
185	multi-threading capability.</para>
186
187	<para><parameter>--with-libtool</parameter>: This parameter forces the
188	building of dynamic libraries and links the installed binaries to these
189	libraries.</para>
190
191	<para><parameter>--with-randomdev=/dev/urandom</parameter>: This parameter
192	specifes a non-blocking random device for use with digital signatures.</para>
193
194	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
195	href="../../xincludes/static-libraries.xml"/>
196
197	<para><command>chmod 0755
198	/usr/lib/{lib{bind9,dns,isc{,cc,cfg},lwres}.so</command>:
199	Enable the execute bit to prevent a warning when using
200	<command>ldd</command> to check library dependencies.</para>
201
202	<para><command>cd doc; install ...</command>: These commands install
203	additional package documentation. Omit any or all of these commands if
204	desired.</para>
205	</sect2>
206
207	<sect2 role="configuration">
208	<title>Configuring BIND</title>
209
210	<sect3 id="bind-config">
211	<title>Config files</title>
212
213	<para><filename>named.conf</filename>,
214	<filename>root.hints</filename>,
215	<filename>127.0.0</filename>,
216	<filename>rndc.conf</filename> and
217	<filename>resolv.conf</filename></para>
218
219	<indexterm zone="bind bind-config">
220	<primary sortas="e-etc-named.conf">/etc/named.conf</primary>
221	</indexterm>
222
223	<indexterm zone="bind bind-config">
224	<primary sortas="e-etc-rndc.conf">/etc/rndc.conf</primary>
225	</indexterm>
226
227	<indexterm zone="bind bind-config">
228	<primary sortas="e-etc-resolv.conf">/etc/resolv.conf</primary>
229	</indexterm>
230
231	<indexterm zone="bind bind-config">
232	<primary
233	sortas="e-etc-namedb-root.hints">/etc/namedb/root.hints</primary>
234	</indexterm>
235
236	<indexterm zone="bind bind-config">
237	<primary
238	sortas="e-etc-namedb-pz-127.0.0.0">/etc/namedb/pz/127.0.0.0</primary>
239	</indexterm>
240	</sect3>
241
242	<sect3>
243	<title>Configuration Information</title>
244
245	<para><application>BIND</application> will be configured to run in a
246	<command>chroot</command> jail as an unprivileged user (<systemitem
247	class="username">named</systemitem>). This configuration is more secure
248	in that a DNS compromise can only affect a few files in the <systemitem
249	class="username">named</systemitem> user's <envar>HOME</envar>
250	directory.</para>
251
252	<para>Create the unprivileged user and group <systemitem
253	class="username">named</systemitem>:</para>
254
255	<screen role="root"><userinput>groupadd -g 20 named &&
256	useradd -c "BIND Owner" -g named -s /bin/false -u 20 named &&
257	install -d -m770 -o named -g named /srv/named</userinput></screen>
258
259	<para>Set up some files, directories and devices needed by
260	<application>BIND</application>:</para>
261
262	<screen role="root"><userinput>cd /srv/named &&
263	mkdir -pv dev etc/namedb/{slave,pz} usr/lib/engines var/run/named &&
264	mknod /srv/named/dev/null c 1 3 &&
265	mknod /srv/named/dev/urandom c 1 9 &&
266	chmod -v 666 /srv/named/dev/{null,urandom} &&
267	cp -Lv /etc/localtime etc &&
268	touch /srv/named/managed-keys.bind &&
269	cp -v /usr/lib/engines/libgost.so usr/lib/engines &&
270	[ $(uname -m) = x86_64 ] && ln -sfv lib usr/lib64</userinput></screen>
271
272	<para>The <filename>rndc.conf</filename> file contains information for
273	controlling <command>named</command> operations with the
274	<command>rndc</command> utility. Generate a key for use in the <filename>named.conf</filename> and <filename>rdnc.conf</filename> with the
275	<command>rndc-confgen</command> command:</para>
276
277	<screen role="root"><userinput>rndc-confgen -r /dev/urandom -b 512 > /etc/rndc.conf &&
278	sed '/conf/d;/^#/!d;s:^# ::' /etc/rndc.conf > /srv/named/etc/named.conf</userinput></screen>
279
280	<para>Complete the <filename>named.conf</filename> file from which
281	<command>named</command> will read the location of zone files, root
282	name servers and secure DNS keys:</para>
283
284	<screen role="root"><?dbfo keep-together="auto"?><userinput>cat >> /srv/named/etc/named.conf << "EOF"
285	<literal>options {
286	directory "/etc/namedb";
287	pid-file "/var/run/named.pid";
288	statistics-file "/var/run/named.stats";
289
290	};
291	zone "." {
292	type hint;
293	file "root.hints";
294	};
295	zone "0.0.127.in-addr.arpa" {
296	type master;
297	file "pz/127.0.0";
298	};
299
300	// Bind 9 now logs by default through syslog (except debug).
301	// These are the default logging rules.
302
303	logging {
304	category default { default_syslog; default_debug; };
305	category unmatched { null; };
306
307	channel default_syslog {
308	syslog daemon; // send to syslog's daemon
309	// facility
310	severity info; // only send priority info
311	// and higher
312	};
313
314	channel default_debug {
315	file "named.run"; // write to named.run in
316	// the working directory
317	// Note: stderr is used instead
318	// of "named.run"
319	// if the server is started
320	// with the '-f' option.
321	severity dynamic; // log at the server's
322	// current debug level
323	};
324
325	channel default_stderr {
326	stderr; // writes to stderr
327	severity info; // only send priority info
328	// and higher
329	};
330
331	channel null {
332	null; // toss anything sent to
333	// this channel
334	};
335	};</literal>
336	EOF</userinput></screen>
337
338	<para>Create a zone file with the following contents:</para>
339
340	<screen role="root"><userinput>cat > /srv/named/etc/namedb/pz/127.0.0 << "EOF"
341	<literal>$TTL 3D
342	@ IN SOA ns.local.domain. hostmaster.local.domain. (
343	1 ; Serial
344	8H ; Refresh
345	2H ; Retry
346	4W ; Expire
347	1D) ; Minimum TTL
348	NS ns.local.domain.
349	1 PTR localhost.</literal>
350	EOF</userinput></screen>
351
352	<para>Create the <filename>root.hints</filename> file with the following
353	commands:</para>
354
355	<note>
356	<para>Caution must be used to ensure there are no leading spaces in
357	this file.</para>
358	</note>
359
360	<screen role="root"><userinput>cat > /srv/named/etc/namedb/root.hints << "EOF"
361	<literal>. 6D IN NS A.ROOT-SERVERS.NET.
362	. 6D IN NS B.ROOT-SERVERS.NET.
363	. 6D IN NS C.ROOT-SERVERS.NET.
364	. 6D IN NS D.ROOT-SERVERS.NET.
365	. 6D IN NS E.ROOT-SERVERS.NET.
366	. 6D IN NS F.ROOT-SERVERS.NET.
367	. 6D IN NS G.ROOT-SERVERS.NET.
368	. 6D IN NS H.ROOT-SERVERS.NET.
369	. 6D IN NS I.ROOT-SERVERS.NET.
370	. 6D IN NS J.ROOT-SERVERS.NET.
371	. 6D IN NS K.ROOT-SERVERS.NET.
372	. 6D IN NS L.ROOT-SERVERS.NET.
373	. 6D IN NS M.ROOT-SERVERS.NET.
374	A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
375	B.ROOT-SERVERS.NET. 6D IN A 192.228.79.201
376	C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
377	D.ROOT-SERVERS.NET. 6D IN A 199.7.91.13
378	E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
379	F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
380	G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
381	H.ROOT-SERVERS.NET. 6D IN A 128.63.2.53
382	I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
383	J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30
384	K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129
385	L.ROOT-SERVERS.NET. 6D IN A 199.7.83.42
386	M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33</literal>
387	EOF</userinput></screen>
388
389	<para>The <filename>root.hints</filename> file is a list of root
390	name servers. This file must be updated periodically with the
391	<command>dig</command> utility. A current copy of root.hints can be
392	obtained from <ulink url="ftp://rs.internic.net/domain/named.root" />.
393	Consult the <ulink url="http://www.bind9.net/Bv9ARM.html">BIND 9
394	Administrator Reference Manual</ulink> for details.</para>
395
396	<para>Create or modify <filename>resolv.conf</filename> to use the new
397	name server with the following commands:</para>
398
399	<note>
400	<para>Replace <replaceable><yourdomain.com></replaceable> with
401	your own valid domain name.</para>
402	</note>
403
404	<screen role="root"><userinput>cp /etc/resolv.conf /etc/resolv.conf.bak &&
405	cat > /etc/resolv.conf << "EOF"
406	<literal>search <replaceable><yourdomain.com></replaceable>
407	nameserver 127.0.0.1</literal>
408	EOF</userinput></screen>
409
410	<para>Set permissions on the <command>chroot</command> jail with the
411	following command:</para>
412
413	<screen role="root"><userinput>chown -R named:named /srv/named</userinput></screen>
414
415	</sect3>
416
417	<sect3 id="bind-init">
418	<title>Systemd Units</title>
419
420	<para>
421	To start the <command>named</command> daemon at boot,
422	install the systemd unit from the <xref linkend="bootscripts"/>
423	package by running the following command as the
424	<systemitem class="username">root</systemitem> user:
425	</para>
426
427	<indexterm zone="bind bind-init">
428	<primary sortas="f-bind">bind</primary>
429	</indexterm>
430
431	<screen role="root"><userinput>make install-named</userinput></screen>
432
433	<para>Now start <application>BIND</application> using
434	the <command>systemctl</command> utility:</para>
435
436	<screen role="root"><userinput>systemctl start named</userinput></screen>
437
438	</sect3>
439
440	<sect3>
441	<title>Testing BIND</title>
442
443	<para>Test out the new <application>BIND</application> 9 installation.
444	First query the local host address with <command>dig</command>:</para>
445
446	<screen><userinput>dig -x 127.0.0.1</userinput></screen>
447
448	<para>Now try an external name lookup, taking note of the speed
449	difference in repeated lookups due to the caching. Run the
450	<command>dig</command> command twice on the same address:</para>
451
452	<screen><userinput>dig www.&lfs-domainname; &&
453	dig www.&lfs-domainname;</userinput></screen>
454
455	<para>You can see almost instantaneous results with the named caching
456	lookups. Consult the <application>BIND</application> Administrator
457	Reference Manual located at <filename>doc/arm/Bv9ARM.html</filename>
458	in the package source tree, for further configuration options.</para>
459
460	</sect3>
461
462	</sect2>
463
464	<sect2 role="content">
465	<title>Contents</title>
466
467	<segmentedlist>
468	<segtitle>Installed Programs</segtitle>
469	<segtitle>Installed Libraries</segtitle>
470	<segtitle>Installed Directories</segtitle>
471
472	<seglistitem>
473
474	<seg>arpaname, bind9-config hardlinked to isc-config.sh, ddns-confgen,
475	delv, dig, dnssec-checkds, dnssec-coverage, dnssec-dsfromkey,
476	dnssec-importkey, dnssec-keyfromlabel, dnssec-keygen, dnssec-revoke,
477	dnssec-settime, dnssec-signzone, dnssec-verify, genrandom, host,
478	isc-hmac-fixup, lwresd hardlinked to named, named-checkconf,
479	named-checkzone, named-compilezone (symlink), named-journalprint,
480	named-rrchecker, nsec3hash, nslookup, nsupdate, rndc, rndc-confgen,
481	and tsig-keygen (symlink)</seg>
482
483	<seg>libbind9.so, libdns.so, libirs.so, libisc.so, libisccc.so,
484	libisccfg.so, and liblwres.so</seg>
485
486	<seg>/usr/include/{bind9,dns,dst,irs,isc,isccc,isccfg,lwres,pk11,pkcs11},
487	/usr/share/doc/bind-&bind-version; and /srv/named</seg>
488	</seglistitem>
489	</segmentedlist>
490
491	<variablelist>
492	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
493	<?dbfo list-presentation="list"?>
494	<?dbhtml list-presentation="table"?>
495
496	<varlistentry id="arpaname">
497	<term><command>arpaname</command></term>
498	<listitem>
499	<para>
500	translate IP addresses to the corresponding ARPA names.
501	</para>
502	<indexterm zone="bind arpaname">
503	<primary sortas="b-arpaname">arpaname</primary>
504	</indexterm>
505	</listitem>
506	</varlistentry>
507
508	<varlistentry id="bind9-config">
509	<term><command>bind9-config</command></term>
510	<listitem>
511	<para>
512	hardlinked to <command>isc-config.sh</command>.
513	</para>
514	<indexterm zone="bind bind9-config">
515	<primary sortas="b-bind9-config">bind9-config</primary>
516	</indexterm>
517	</listitem>
518	</varlistentry>
519
520	<varlistentry id="ddns-confgen">
521	<term><command>ddns-confgen</command></term>
522	<listitem>
523	<para>
524	generates a key for use by nsupdate and named.
525	</para>
526	<indexterm zone="bind ddns-confgen">
527	<primary sortas="b-ddns-confgen">ddns-confgen</primary>
528	</indexterm>
529	</listitem>
530	</varlistentry>
531
532	<varlistentry id="delv">
533	<term><command>delv</command></term>
534	<listitem>
535	<para>
536	is a new debugging tool that is a successor to
537	<command>dig</command>.
538	</para>
539	<indexterm zone="bind delv">
540	<primary sortas="b-delv">delv</primary>
541	</indexterm>
542	</listitem>
543	</varlistentry>
544
545	<varlistentry id="dig">
546	<term><command>dig</command></term>
547	<listitem>
548	<para>interrogates DNS servers.</para>
549	<indexterm zone="bind dig">
550	<primary sortas="b-dig">dig</primary>
551	</indexterm>
552	</listitem>
553	</varlistentry>
554
555	<varlistentry id="dnssec-checkds">
556	<term><command>dnssec-checkds</command></term>
557	<listitem>
558	<para>
559	is a DNSSEC delegation consistency checking tool.
560	</para>
561	<indexterm zone="bind dnssec-checkds">
562	<primary sortas="b-dnssec-checkds">dnssec-checkds</primary>
563	</indexterm>
564	</listitem>
565	</varlistentry>
566
567	<varlistentry id="dnssec-coverage">
568	<term><command>dnssec-coverage</command></term>
569	<listitem>
570	<para>
571	verifies that the DNSSEC keys for a given zone or a set of zones
572	have timing metadata set properly to ensure no future lapses
573	in DNSSEC coverage.
574	</para>
575	<indexterm zone="bind dnssec-coverage">
576	<primary sortas="b-dnssec-coverage">dnssec-coverage</primary>
577	</indexterm>
578	</listitem>
579	</varlistentry>
580
581	<varlistentry id="dnssec-dsfromkey">
582	<term><command>dnssec-dsfromkey</command></term>
583	<listitem>
584	<para>
585	outputs the Delegation Signer (DS) resource record (RR).
586	</para>
587	<indexterm zone="bind dnssec-dsfromkey">
588	<primary sortas="b-dnssec-dsfromkey">dnssec-dsfromkey</primary>
589	</indexterm>
590	</listitem>
591	</varlistentry>
592
593	<varlistentry id="dnssec-importkey">
594	<term><command>dnssec-importkey</command></term>
595	<listitem>
596	<para>
597	reads a public DNSKEY record and generates a pair of
598	.key/.private files.
599	</para>
600	<indexterm zone="bind dnssec-importkey">
601	<primary sortas="b-dnssec-importkey">dnssec-importkey</primary>
602	</indexterm>
603	</listitem>
604	</varlistentry>
605
606	<varlistentry id="dnssec-keyfromlabel">
607	<term><command>dnssec-keyfromlabel</command></term>
608	<listitem>
609	<para>
610	gets keys with the given label from a crypto hardware and builds
611	key files for DNSSEC.
612	</para>
613	<indexterm zone="bind dnssec-keyfromlabel">
614	<primary sortas="b-dnssec-keyfromlabel">dnssec-keyfromlabel</primary>
615	</indexterm>
616	</listitem>
617	</varlistentry>
618
619	<varlistentry id="dnssec-keygen">
620	<term><command>dnssec-keygen</command></term>
621	<listitem>
622	<para>is a key generator for secure DNS.</para>
623	<indexterm zone="bind dnssec-keygen">
624	<primary sortas="b-dnssec-keygen">dnssec-keygen</primary>
625	</indexterm>
626	</listitem>
627	</varlistentry>
628
629	<varlistentry id="dnssec-revoke">
630	<term><command>dnssec-revoke</command></term>
631	<listitem>
632	<para>
633	Set the REVOKED bit on a DNSSEC key.
634	</para>
635	<indexterm zone="bind dnssec-revoke">
636	<primary sortas="b-dnssec-revoke">dnssec-revoke</primary>
637	</indexterm>
638	</listitem>
639	</varlistentry>
640
641	<varlistentry id="dnssec-settime">
642	<term><command>dnssec-settime</command></term>
643	<listitem>
644	<para>
645	set the key timing metadata for a DNSSEC key.
646	</para>
647	<indexterm zone="bind dnssec-settime">
648	<primary sortas="b-dnssec-settime">dnssec-settime</primary>
649	</indexterm>
650	</listitem>
651	</varlistentry>
652
653	<varlistentry id="dnssec-signzone">
654	<term><command>dnssec-signzone</command></term>
655	<listitem>
656	<para>generates signed versions of zone files.</para>
657	<indexterm zone="bind dnssec-signzone">
658	<primary sortas="b-dnssec-signzone">dnssec-signzone</primary>
659	</indexterm>
660	</listitem>
661	</varlistentry>
662
663	<varlistentry id="dnssec-verify">
664	<term><command>dnssec-verify</command></term>
665	<listitem>
666	<para>
667	verifies that a zone is fully signed for each algorithm found
668	in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
669	chains are complete.
670	</para>
671	<indexterm zone="bind dnssec-verify">
672	<primary sortas="b-dnssec-verify">dnssec-verify</primary>
673	</indexterm>
674	</listitem>
675	</varlistentry>
676
677	<varlistentry id="genrandom">
678	<term><command>genrandom</command></term>
679	<listitem>
680	<para>
681	generate a file containing random data.
682	</para>
683	<indexterm zone="bind genrandom">
684	<primary sortas="b-genrandom">genrandom</primary>
685	</indexterm>
686	</listitem>
687	</varlistentry>
688
689	<varlistentry id="host">
690	<term><command>host</command></term>
691	<listitem>
692	<para>is a utility for DNS lookups.</para>
693	<indexterm zone="bind host">
694	<primary sortas="b-host">host</primary>
695	</indexterm>
696	</listitem>
697	</varlistentry>
698
699	<varlistentry id="isc-config.sh">
700	<term><command>isc-config.sh</command></term>
701	<listitem>
702	<para>
703	prints information related to the installed version of ISC BIND.
704	</para>
705	<indexterm zone="bind isc-config.sh">
706	<primary sortas="b-isc-config.sh">isc-config.sh</primary>
707	</indexterm>
708	</listitem>
709	</varlistentry>
710
711	<varlistentry id="isc-hmac-fixup">
712	<term><command>isc-hmac-fixup</command></term>
713	<listitem>
714	<para>
715	fixes HMAC keys generated by older versions of BIND.
716	</para>
717	<indexterm zone="bind isc-hmac-fixup">
718	<primary sortas="b-isc-hmac-fixup">isc-hmac-fixup</primary>
719	</indexterm>
720	</listitem>
721	</varlistentry>
722
723	<varlistentry id="lwresd">
724	<term><command>lwresd</command></term>
725	<listitem>
726	<para>is a caching-only name server for local process use.</para>
727	<indexterm zone="bind lwresd">
728	<primary sortas="b-lwresd">lwresd</primary>
729	</indexterm>
730	</listitem>
731	</varlistentry>
732
733	<varlistentry id="named">
734	<term><command>named</command></term>
735	<listitem>
736	<para>is the name server daemon.</para>
737	<indexterm zone="bind named">
738	<primary sortas="b-named">named</primary>
739	</indexterm>
740	</listitem>
741	</varlistentry>
742
743	<varlistentry id="named-checkconf">
744	<term><command>named-checkconf</command></term>
745	<listitem>
746	<para>checks the syntax of <filename>named.conf</filename>
747	files.</para>
748	<indexterm zone="bind named-checkconf">
749	<primary sortas="b-named-checkconf">named-checkconf</primary>
750	</indexterm>
751	</listitem>
752	</varlistentry>
753
754	<varlistentry id="named-checkzone">
755	<term><command>named-checkzone</command></term>
756	<listitem>
757	<para>checks zone file validity.</para>
758	<indexterm zone="bind named-checkzone">
759	<primary sortas="b-named-checkzone">named-checkzone</primary>
760	</indexterm>
761	</listitem>
762	</varlistentry>
763
764	<varlistentry id="named-compilezone">
765	<term><command>named-compilezone</command></term>
766	<listitem>
767	<para>
768	is similar to <command>named-checkzone</command>, but it always
769	dumps the zone contents to a specified file in a specified format.
770	</para>
771	<indexterm zone="bind named-compilezone">
772	<primary sortas="b-named-compilezone">named-compilezone</primary>
773	</indexterm>
774	</listitem>
775	</varlistentry>
776
777	<varlistentry id="named-journalprint">
778	<term><command>named-journalprint</command></term>
779	<listitem>
780	<para>
781	print zone journal in human-readable form.
782	</para>
783	<indexterm zone="bind named-journalprint">
784	<primary sortas="b-named-journalprint">named-journalprint</primary>
785	</indexterm>
786	</listitem>
787	</varlistentry>
788
789	<varlistentry id="named-rrchecker">
790	<term><command>named-rrchecker</command></term>
791	<listitem>
792	<para>
793	read a individual DNS resource record from standard input and
794	checks if it is syntactically correct.
795	</para>
796	<indexterm zone="bind named-rrchecker">
797	<primary sortas="b-named-rrchecker">named-rrchecker</primary>
798	</indexterm>
799	</listitem>
800	</varlistentry>
801
802	<varlistentry id="nsec3hash">
803	<term><command>nsec3hash</command></term>
804	<listitem>
805	<para>
806	generates an NSEC3 hash based on a set of NSEC3 parameters.
807	</para>
808	<indexterm zone="bind nsec3hash">
809	<primary sortas="b-nsec3hash">nsec3hash</primary>
810	</indexterm>
811	</listitem>
812	</varlistentry>
813
814	<varlistentry id="nslookup">
815	<term><command>nslookup</command></term>
816	<listitem>
817	<para>is a program used to query Internet domain nameservers.</para>
818	<indexterm zone="bind nslookup">
819	<primary sortas="b-nslookup">nslookup</primary>
820	</indexterm>
821	</listitem>
822	</varlistentry>
823
824	<varlistentry id="nsupdate">
825	<term><command>nsupdate</command></term>
826	<listitem>
827	<para>is used to submit DNS update requests.</para>
828	<indexterm zone="bind nsupdate">
829	<primary sortas="b-nsupdate">nsupdate</primary>
830	</indexterm>
831	</listitem>
832	</varlistentry>
833
834	<varlistentry id="rndc">
835	<term><command>rndc</command></term>
836	<listitem>
837	<para>controls the operation of <application>BIND</application>.</para>
838	<indexterm zone="bind rndc">
839	<primary sortas="b-rndc">rndc</primary>
840	</indexterm>
841	</listitem>
842	</varlistentry>
843
844	<varlistentry id="rndc-confgen">
845	<term><command>rndc-confgen</command></term>
846	<listitem>
847	<para>generates <filename>rndc.conf</filename> files.</para>
848	<indexterm zone="bind rndc-confgen">
849	<primary sortas="b-rndc-confgen">rndc-confgen</primary>
850	</indexterm>
851	</listitem>
852	</varlistentry>
853
854	<varlistentry id="tsig-keygen">
855	<term><command>tsig-keygen</command></term>
856	<listitem>
857	<para>
858	is a symlink to <command>ddns-confgen</command>.
859	</para>
860	<indexterm zone="bind tsig-keygen">
861	<primary sortas="b-tsig-keygen">tsig-keygen</primary>
862	</indexterm>
863	</listitem>
864	</varlistentry>
865
866	</variablelist>
867
868	</sect2>
869
870	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: server/major/bind-systemd.xml@ 1adf07d

Download in other formats: