Context Navigation

source: server/major/bind.xml@ 3c0e3458

Visit:

12.1 ken/TL2024 lazarus plabs/newcss python3.11 rahul/power-profiles-daemon trunk xry111/llvm18

Last change on this file since 3c0e3458 was 7706986, checked in by Douglas R. Reno <renodr@…>, 7 months ago
Another minor typo fix :)
Property mode set to `100644`
File size: 32.4 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY bind-download-http "https://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.xz">
8	<!ENTITY bind-download-ftp " ">
9	<!ENTITY bind-md5sum "&bind-md5;">
10	<!ENTITY bind-size "5.3 MB">
11	<!ENTITY bind-buildsize "132 MB (21 MB installed)">
12	<!ENTITY bind-time "0.4 SBU (with parallelism=4; about 40 minutes somewhat processor independent, to run the complete test suite)">
13	]>
14
15	<sect1 id="bind" xreflabel="BIND-&bind-version;">
16	<?dbhtml filename="bind.html"?>
17
18
19	<title>BIND-&bind-version;</title>
20
21	<indexterm zone="bind">
22	<primary sortas="a-BIND">BIND</primary>
23	</indexterm>
24
25	<sect2 role="package">
26	<title>Introduction to BIND</title>
27
28	<para>
29	The <application>BIND</application> package provides a DNS server
30	and client utilities. If you are only interested in the utilities, refer
31	to the <xref linkend="bind-utils"/>.
32	</para>
33
34	&lfs120_checked;
35
36	<bridgehead renderas="sect3">Package Information</bridgehead>
37	<itemizedlist spacing="compact">
38	<listitem>
39	<para>
40	Download (HTTP): <ulink url="&bind-download-http;"/>
41	</para>
42	</listitem>
43	<listitem>
44	<para>
45	Download (FTP): <ulink url="&bind-download-ftp;"/>
46	</para>
47	</listitem>
48	<listitem>
49	<para>
50	Download MD5 sum: &bind-md5sum;
51	</para>
52	</listitem>
53	<listitem>
54	<para>
55	Download size: &bind-size;
56	</para>
57	</listitem>
58	<listitem>
59	<para>
60	Estimated disk space required: &bind-buildsize;
61	</para>
62	</listitem>
63	<listitem>
64	<para>
65	Estimated build time: &bind-time;
66	</para>
67	</listitem>
68	</itemizedlist>
69	<!--
70	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
71	<itemizedlist spacing="compact">
72	<listitem>
73	<para>
74	Required patch:
75	<ulink url="&patch-root;/bind-&bind-version;-upstream_fixes-1.patch"/>
76	</para>
77	</listitem>
78	</itemizedlist>
79	-->
80	<bridgehead renderas="sect3">BIND Dependencies</bridgehead>
81
82	<bridgehead renderas="sect4">Required</bridgehead>
83	<para role="required">
84	<xref linkend="libuv"/>
85	</para>
86
87	<bridgehead renderas="sect4">Recommended</bridgehead>
88	<para role="recommended">
89	<xref linkend="json-c"/>,
90	<xref linkend="libcap-pam"/>, and
91	<xref linkend="nghttp2"/>
92	</para>
93
94	<bridgehead renderas="sect4">Optional</bridgehead>
95	<para role="optional">
96	<xref linkend="curl"/>,
97	<xref linkend="libidn2"/>,
98	<xref linkend="libxml2"/>,
99	<xref linkend="lmdb"/>,
100	<xref linkend="mitkrb"/>,
101	<xref linkend="pytest"/>,
102	<xref linkend="sphinx"/> (required to build documentation),
103	<ulink url="https://cmocka.org/">cmocka</ulink>,
104	<ulink url="https://github.com/cjheath/geoip">geoip</ulink>,
105	<ulink url="https://github.com/jemalloc/jemalloc">jemalloc</ulink>,
106	<ulink url="&w3m-url;">w3m</ulink>
107	</para>
108
109	<bridgehead renderas="sect4">Optional database backends</bridgehead>
110	<para role="optional">
111	<xref linkend="mariadb"/> or <ulink url="https://www.mysql.com/">MySQL</ulink>,
112	<xref linkend="openldap"/>,
113	<xref linkend="postgresql"/>,
114	<xref linkend="unixodbc"/>, and
115	&berkeley-db;
116	</para>
117
118	<bridgehead renderas="sect4">Optional (to run the test suite)</bridgehead>
119	<para role="optional">
120	<xref linkend="perl-net-dns"/>
121	</para>
122
123	</sect2>
124
125	<sect2 role="installation">
126	<title>Installation of BIND</title>
127
128	<!--
129	<para>
130	To ensure <application>BIND</application> will build dnssec-keymgr,
131	install a python module as the <systemitem
132	class="username">root</systemitem> user:
133	</para>
134
135	<screen role="root"><userinput>pip3 install ply</userinput></screen>
136	-->
137
138	<note>
139	<para>
140	Starting with bind-9.18.20, the IP addresses for B.ROOT-SERVERS.NET
141	have changed.
142	</para>
143	</note>
144
145	<para>
146	Install <application>BIND</application> by running the
147	following commands:
148	</para>
149
150	<screen><userinput>./configure --prefix=/usr \
151	--sysconfdir=/etc \
152	--localstatedir=/var \
153	--mandir=/usr/share/man \
154	--disable-static &&
155	make</userinput></screen>
156
157	<para>
158	Issue the following commands to run the complete suite of tests.
159	First, as the <systemitem class="username">root</systemitem> user, set up
160	some test interfaces:
161	</para>
162
163	<note>
164	<para>
165	If IPv6 is not enabled in the kernel, there will be several
166	error messages: "RTNETLINK answers: Operation not permitted". These
167	messages do not affect the tests.
168	</para>
169	</note>
170
171	<screen role="root"
172	remap="test"><userinput>bin/tests/system/ifconfig.sh up</userinput></screen>
173
174	<para>
175	The test suite may indicate some skipped tests depending on
176	what configuration options are used. Some tests are marked
177	<quote>UNTESTED</quote> or do even fail if <xref linkend="perl-net-dns"/>
178	is not installed. Two tests, <filename>resolver</filename> and
179	<filename>dispatch</filename>, are known to fail.
180	To run the tests, as an unprivileged user, execute:
181	</para>
182
183	<screen remap="test"><userinput>make -k check</userinput></screen>
184
185	<para>
186	Again as <systemitem class="username">root</systemitem>, clean up the
187	test interfaces:
188	</para>
189
190	<screen role="root"
191	remap="test"><userinput>bin/tests/system/ifconfig.sh down</userinput></screen>
192
193	<para>
194	Finally, install the package as the <systemitem
195	class="username">root</systemitem> user:
196	</para>
197
198	<!-- Documentation is an issue - The docs are now all in .rst format and appear
199	to be sphinx based. install source .rst files for now...
200
201	leave docs untouched as they does only use disk space when not
202	used to recreate the docs via Sphinx. I've added a note regarding
203	the documentation. (thomas)
204
205	<screen role="root"><userinput>make install &&
206
207	install -vdm 755 /usr/share/doc/bind-&bind-version;/{arm,dnssec-guide} &&
208	install doc/arm/* /usr/share/doc/bind-&bind-version;/arm &&
209	install doc/dnssec-guide/* /usr/share/doc/bind-&bind-version;/dnssec-guide</userinput></screen>
210	-->
211	<screen role="root"><userinput>make install</userinput></screen>
212
213	</sect2>
214
215	<sect2 role="commands">
216	<title>Command Explanations</title>
217
218	<para>
219	<parameter>--sysconfdir=/etc</parameter>: This parameter forces
220	<application>BIND</application> to look for configuration
221	files in <filename class='directory'>/etc</filename> instead of
222	<filename class='directory'>/usr/etc</filename>.
223	</para>
224
225	<!-- Seems to be removed in 9.18.0
226	<para>
227	<parameter>- -with-libtool</parameter>: This parameter forces the
228	building of dynamic libraries and links the installed binaries to these
229	libraries.
230	</para>
231	-->
232
233	<para>
234	<option>--with-libidn2</option>: This parameter enables
235	the IDNA2008 (Internationalized Domain Names in Applications)
236	support.
237	</para>
238
239	<para>
240	<option>--enable-fetchlimit</option>: Use this option if you want
241	to be able to limit the rate of recursive client queries. This may be
242	useful on servers which receive a large number of queries.
243	</para>
244
245	<para>
246	<option>--disable-linux-caps</option>: BIND can also be built without
247	capability support by using this option, at the cost of some loss of
248	security.
249	</para>
250
251	<para>
252	<option>--with-dlz-{mysql,bdb,filesystem,ldap,odbc,stub}</option>: Use
253	one (or more) of those options to add Dynamically Loadable Zones support.
254	For more information refer to <ulink
255	url="https://bind-dlz.sourceforge.net/">bind-dlz.sourceforge.net</ulink>.
256	</para>
257
258	<para>
259	<option>--disable-doh</option>: Use this option if you do not have
260	<xref linkend="nghttp2" role="nodep"/> installed and do not need support
261	for DNS over HTTPS.
262	</para>
263
264	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
265	href="../../xincludes/static-libraries.xml"/>
266
267	</sect2>
268
269	<sect2 role="configuration">
270	<title>Configuring BIND</title>
271
272	<sect3 id="bind-config">
273	<title>Config files</title>
274
275	<para>
276	<filename>named.conf</filename>,
277	<filename>root.hints</filename>,
278	<filename>127.0.0</filename>,
279	<filename>rndc.conf</filename>, and
280	<filename>resolv.conf</filename>
281	</para>
282
283	<indexterm zone="bind bind-config">
284	<primary sortas="e-etc-named.conf">/etc/named.conf</primary>
285	</indexterm>
286
287	<indexterm zone="bind bind-config">
288	<primary sortas="e-etc-rndc.conf">/etc/rndc.conf</primary>
289	</indexterm>
290
291	<indexterm zone="bind bind-config">
292	<primary sortas="e-etc-resolv.conf">/etc/resolv.conf</primary>
293	</indexterm>
294
295	<indexterm zone="bind bind-config">
296	<primary
297	sortas="e-etc-namedb-root.hints">/etc/namedb/root.hints</primary>
298	</indexterm>
299
300	<indexterm zone="bind bind-config">
301	<primary
302	sortas="e-etc-namedb-pz-127.0.0.0">/etc/namedb/pz/127.0.0.0</primary>
303	</indexterm>
304	</sect3>
305
306	<sect3>
307	<title>Configuration Information</title>
308
309	<para>
310	<application>BIND</application> will be configured to run in a
311	<command>chroot</command> jail as an unprivileged user (<systemitem
312	class="username">named</systemitem>). This configuration is more secure
313	in that a DNS compromise can only affect a few files in the <systemitem
314	class="username">named</systemitem> user's <envar>HOME</envar>
315	directory.
316	</para>
317
318	<para>
319	Create the unprivileged user and group <systemitem
320	class="username">named</systemitem>:
321	</para>
322
323	<screen role="root"><userinput>groupadd -g 20 named &&
324	useradd -c "BIND Owner" -g named -s /bin/false -u 20 named &&
325	install -d -m770 -o named -g named /srv/named</userinput></screen>
326
327	<para>
328	Set up some files, directories and devices needed by
329	<application>BIND</application>:
330	</para>
331
332	<screen role="root"><userinput>mkdir -p /srv/named &&
333	cd /srv/named &&
334	mkdir -p dev etc/named/{slave,pz} usr/lib/engines var/run/named &&
335	mknod /srv/named/dev/null c 1 3 &&
336	mknod /srv/named/dev/urandom c 1 9 &&
337	chmod 666 /srv/named/dev/{null,urandom} &&
338	cp /etc/localtime etc</userinput></screen>
339
340	<para>
341	The <filename>rndc.conf</filename> file contains information for
342	controlling <command>named</command> operations with the
343	<command>rndc</command> utility. Generate a key for use in the
344	<filename>named.conf</filename> and <filename>rndc.conf</filename>
345	with the <command>rndc-confgen</command> command:
346	</para>
347
348	<screen role="root"><userinput>rndc-confgen -a -b 512 -t /srv/named</userinput></screen>
349
350	<para>
351	Create the <filename>named.conf</filename> file from which
352	<command>named</command> will read the location of zone files, root
353	name servers and secure DNS keys:
354	</para>
355
356	<screen role="root"><?dbfo keep-together="auto"?><userinput>cat >> /srv/named/etc/named.conf << "EOF"
357	<literal>options {
358	directory "/etc/named";
359	pid-file "/var/run/named.pid";
360	statistics-file "/var/run/named.stats";
361
362	};
363	zone "." {
364	type hint;
365	file "root.hints";
366	};
367	zone "0.0.127.in-addr.arpa" {
368	type master;
369	file "pz/127.0.0";
370	};
371
372	// Bind 9 now logs by default through syslog (except debug).
373	// These are the default logging rules.
374
375	logging {
376	category default { default_syslog; default_debug; };
377	category unmatched { null; };
378
379	channel default_syslog {
380	syslog daemon; // send to syslog's daemon
381	// facility
382	severity info; // only send priority info
383	// and higher
384	};
385
386	channel default_debug {
387	file "named.run"; // write to named.run in
388	// the working directory
389	// Note: stderr is used instead
390	// of "named.run"
391	// if the server is started
392	// with the '-f' option.
393	severity dynamic; // log at the server's
394	// current debug level
395	};
396
397	channel default_stderr {
398	stderr; // writes to stderr
399	severity info; // only send priority info
400	// and higher
401	};
402
403	channel null {
404	null; // toss anything sent to
405	// this channel
406	};
407	};</literal>
408	EOF</userinput></screen>
409
410	<para>
411	Create a zone file with the following contents:
412	</para>
413
414	<screen role="root"><userinput>cat > /srv/named/etc/named/pz/127.0.0 << "EOF"
415	<literal>$TTL 3D
416	@ IN SOA ns.local.domain. hostmaster.local.domain. (
417	1 ; Serial
418	8H ; Refresh
419	2H ; Retry
420	4W ; Expire
421	1D) ; Minimum TTL
422	NS ns.local.domain.
423	1 PTR localhost.</literal>
424	EOF</userinput></screen>
425
426	<para>
427	Create the <filename>root.hints</filename> file with the following
428	commands:
429	</para>
430
431	<note>
432	<para>
433	Caution must be used to ensure there are no leading spaces in
434	this file.
435	</para>
436	</note>
437
438	<screen role="root"><userinput>cat > /srv/named/etc/named/root.hints << "EOF"
439	<literal>. 6D IN NS A.ROOT-SERVERS.NET.
440	. 6D IN NS B.ROOT-SERVERS.NET.
441	. 6D IN NS C.ROOT-SERVERS.NET.
442	. 6D IN NS D.ROOT-SERVERS.NET.
443	. 6D IN NS E.ROOT-SERVERS.NET.
444	. 6D IN NS F.ROOT-SERVERS.NET.
445	. 6D IN NS G.ROOT-SERVERS.NET.
446	. 6D IN NS H.ROOT-SERVERS.NET.
447	. 6D IN NS I.ROOT-SERVERS.NET.
448	. 6D IN NS J.ROOT-SERVERS.NET.
449	. 6D IN NS K.ROOT-SERVERS.NET.
450	. 6D IN NS L.ROOT-SERVERS.NET.
451	. 6D IN NS M.ROOT-SERVERS.NET.
452	A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
453	A.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:ba3e::2:30
454	B.ROOT-SERVERS.NET. 6D IN A 170.247.170.2
455	B.ROOT-SERVERS.NET. 6D IN AAAA 2801:1b8:10::b
456	C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
457	C.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2::c
458	D.ROOT-SERVERS.NET. 6D IN A 199.7.91.13
459	D.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2d::d
460	E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
461	E.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:a8::e
462	F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
463	F.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2f::f
464	G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
465	G.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:12::d0d
466	H.ROOT-SERVERS.NET. 6D IN A 198.97.190.53
467	H.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:1::53
468	I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
469	I.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fe::53
470	J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30
471	J.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:c27::2:30
472	K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129
473	K.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fd::1
474	L.ROOT-SERVERS.NET. 6D IN A 199.7.83.42
475	L.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:9f::42
476	M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33
477	M.ROOT-SERVERS.NET. 6D IN AAAA 2001:dc3::35</literal>
478	EOF</userinput></screen>
479
480	<para>
481	The <filename>root.hints</filename> file is a list of root name
482	servers. This file must be updated periodically with the
483	<command>dig</command> utility. A current copy of root.hints can be
484	obtained from <ulink url="https://www.internic.net/domain/named.root"/>.
485	For details, consult the "BIND 9 Administrator Reference Manual".
486	</para>
487
488	<para>
489	Create or modify <filename>resolv.conf</filename> to use the new
490	name server with the following commands:
491	</para>
492
493	<note>
494	<para>
495	Replace <replaceable><yourdomain.com></replaceable> with
496	your own valid domain name.
497	</para>
498	</note>
499
500	<screen role="root"><userinput>cp /etc/resolv.conf /etc/resolv.conf.bak &&
501	cat > /etc/resolv.conf << "EOF"
502	<literal>search <replaceable><yourdomain.com></replaceable>
503	nameserver 127.0.0.1</literal>
504	EOF</userinput></screen>
505
506	<para>
507	Set permissions on the <command>chroot</command> jail with the
508	following command:
509	</para>
510
511	<screen role="root"><userinput>chown -R named:named /srv/named</userinput></screen>
512
513	</sect3>
514
515	<sect3 id="bind-init">
516	<title><phrase revision="sysv">Boot Script</phrase>
517	<phrase revision="systemd">Systemd Unit</phrase></title>
518
519	<para>
520	To start the DNS server at boot, install the
521	<phrase revision="sysv"><filename>/etc/rc.d/init.d/bind</filename> init
522	script</phrase>
523	<phrase revision="systemd"><filename>named.service</filename>
524	unit</phrase> included in the
525	<xref linkend="bootscripts" revision="sysv"/>
526	<xref linkend="systemd-units" revision="systemd"/> package:
527	</para>
528
529	<indexterm zone="bind bind-init">
530	<primary sortas="f-bind">bind</primary>
531	</indexterm>
532
533	<screen role="root" revision="sysv"><userinput>make install-bind</userinput></screen>
534	<screen role="root" revision="systemd"><userinput>make install-named</userinput></screen>
535
536	<para>
537	Now start <application>BIND</application> with the following command:
538	</para>
539
540	<screen role="root" revision="sysv"><userinput>/etc/rc.d/init.d/bind start</userinput></screen>
541	<screen role="root" revision="systemd"><userinput>systemctl start named</userinput></screen>
542
543	</sect3>
544
545	<sect3>
546	<title>Testing BIND</title>
547
548	<para>
549	Test out the new <application>BIND</application> 9 installation.
550	First query the local host address with <command>dig</command>:
551	</para>
552
553	<screen><userinput>dig -x 127.0.0.1</userinput></screen>
554
555	<para>
556	Now try an external name lookup, taking note of the speed
557	difference in repeated lookups due to the caching. Run the
558	<command>dig</command> command twice on the same address:
559	</para>
560
561	<screen><userinput>dig www.&lfs-domainname; &&
562	dig www.&lfs-domainname;</userinput></screen>
563
564	<para>
565	You can see almost instantaneous results with the named caching
566	lookups. Consult the <application>BIND</application> Administrator
567	Reference Manual (see below) for further configuration options.
568	</para>
569
570	</sect3>
571
572	</sect2>
573
574	<sect2>
575	<title>Administrator Reference Manual (ARM)</title>
576
577	<para>
578	The ARM documentation (do not confuse with the processor architecture)
579	is included in the source package. The documentation is in .rst
580	format which means that it can be converted in human readable formats
581	if <xref linkend="sphinx"/> is installed.
582	</para>
583
584	<para>
585	When <application>BIND</application> is set up, especially if it is going
586	to be operating in a real live scenario, it is <emphasis>highly</emphasis>
587	recommended to consult the ARM documentation. ISC provides an
588	updated set of excellent documentation along with every release
589	so it can be easily viewed and/or downloaded – so there is
590	no excuse to not read the docs. The formats ISC provides are PDF,
591	epub and html at <ulink url="https://downloads.isc.org/isc/bind9/&bind-version;/doc/arm/"/>.
592	</para>
593	</sect2>
594
595	<sect2 role="content">
596	<title>Contents</title>
597
598	<segmentedlist>
599	<segtitle>Installed Programs</segtitle>
600	<segtitle>Installed Libraries</segtitle>
601	<segtitle>Installed Directories</segtitle>
602
603	<seglistitem>
604
605	<seg>arpaname, ddns-confgen, delv, dig, dnssec-cds,
606	dnssec-dsfromkey, dnssec-importkey, dnssec-keyfromlabel, dnssec-keygen,
607	dnssec-revoke, dnssec-settime, dnssec-signzone,
608	dnssec-verify, host, mdig, named, named-checkconf,
609	named-checkzone, named-compilezone, named-journalprint,
610	named-nzd2nzf, named-rrchecker, nsec3hash, nslookup, nsupdate, rndc,
611	rndc-confgen, and tsig-keygen (symlink)</seg>
612
613	<seg>libbind9.so, libdns.so, libirs.so, libisc.so, libisccc.so,
614	libisccfg.so, and libns.so</seg>
615
616	<seg>/usr/include/{bind9,dns,dst,irs,isc,isccc,isccfg,ns},
617	/usr/lib/bind,
618	and /srv/named</seg>
619	</seglistitem>
620	</segmentedlist>
621
622	<variablelist>
623	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
624	<?dbfo list-presentation="list"?>
625	<?dbhtml list-presentation="table"?>
626
627	<varlistentry id="arpaname">
628	<term><command>arpaname</command></term>
629	<listitem>
630	<para>
631	translates IP addresses to the corresponding ARPA names
632	</para>
633	<indexterm zone="bind arpaname">
634	<primary sortas="b-arpaname">arpaname</primary>
635	</indexterm>
636	</listitem>
637	</varlistentry>
638
639	<varlistentry id="ddns-confgen">
640	<term><command>ddns-confgen</command></term>
641	<listitem>
642	<para>
643	generates a key for use by nsupdate and named
644	</para>
645	<indexterm zone="bind ddns-confgen">
646	<primary sortas="b-ddns-confgen">ddns-confgen</primary>
647	</indexterm>
648	</listitem>
649	</varlistentry>
650
651	<varlistentry id="delv">
652	<term><command>delv</command></term>
653	<listitem>
654	<para>
655	is a new debugging tool that is a successor to
656	<command>dig</command>
657	</para>
658	<indexterm zone="bind delv">
659	<primary sortas="b-delv">delv</primary>
660	</indexterm>
661	</listitem>
662	</varlistentry>
663
664	<varlistentry id="dig">
665	<term><command>dig</command></term>
666	<listitem>
667	<para>
668	interrogates DNS servers
669	</para>
670	<indexterm zone="bind dig">
671	<primary sortas="b-dig">dig</primary>
672	</indexterm>
673	</listitem>
674	</varlistentry>
675
676	<varlistentry id="dnssec-cds">
677	<term><command>dnssec-cds</command></term>
678	<listitem>
679	<para>
680	changes DS records for a child zone based on
681	CDS/CDNSKEY
682	</para>
683	<indexterm zone="bind dnssec-cds">
684	<primary sortas="b-dnssec-cds">dnssec-cds</primary>
685	</indexterm>
686	</listitem>
687	</varlistentry>
688
689	<varlistentry id="dnssec-dsfromkey">
690	<term><command>dnssec-dsfromkey</command></term>
691	<listitem>
692	<para>
693	outputs the Delegation Signer (DS) resource record (RR)
694	</para>
695	<indexterm zone="bind dnssec-dsfromkey">
696	<primary sortas="b-dnssec-dsfromkey">dnssec-dsfromkey</primary>
697	</indexterm>
698	</listitem>
699	</varlistentry>
700
701	<varlistentry id="dnssec-importkey">
702	<term><command>dnssec-importkey</command></term>
703	<listitem>
704	<para>
705	reads a public DNSKEY record and generates a pair of
706	.key/.private files
707	</para>
708	<indexterm zone="bind dnssec-importkey">
709	<primary sortas="b-dnssec-importkey">dnssec-importkey</primary>
710	</indexterm>
711	</listitem>
712	</varlistentry>
713
714	<varlistentry id="dnssec-keyfromlabel">
715	<term><command>dnssec-keyfromlabel</command></term>
716	<listitem>
717	<para>
718	gets keys with the given label from a cryptography hardware device
719	and builds key files for DNSSEC
720	</para>
721	<indexterm zone="bind dnssec-keyfromlabel">
722	<primary sortas="b-dnssec-keyfromlabel">dnssec-keyfromlabel</primary>
723	</indexterm>
724	</listitem>
725	</varlistentry>
726
727	<varlistentry id="dnssec-keymgr">
728	<term><command>dnssec-keymgr</command></term>
729	<listitem>
730	<para>
731	ensures correct DNSKEY coverage based on a defined policy
732	</para>
733	<indexterm zone="bind dnssec-keymgr">
734	<primary sortas="b-dnssec-keymgr">dnssec-keymgr</primary>
735	</indexterm>
736	</listitem>
737	</varlistentry>
738
739	<varlistentry id="dnssec-revoke">
740	<term><command>dnssec-revoke</command></term>
741	<listitem>
742	<para>
743	sets the REVOKED bit on a DNSSEC key
744	</para>
745	<indexterm zone="bind dnssec-revoke">
746	<primary sortas="b-dnssec-revoke">dnssec-revoke</primary>
747	</indexterm>
748	</listitem>
749	</varlistentry>
750
751	<varlistentry id="dnssec-settime">
752	<term><command>dnssec-settime</command></term>
753	<listitem>
754	<para>
755	sets the key timing metadata for a DNSSEC key
756	</para>
757	<indexterm zone="bind dnssec-settime">
758	<primary sortas="b-dnssec-settime">dnssec-settime</primary>
759	</indexterm>
760	</listitem>
761	</varlistentry>
762
763	<varlistentry id="dnssec-signzone">
764	<term><command>dnssec-signzone</command></term>
765	<listitem>
766	<para>
767	generates signed versions of zone files
768	</para>
769	<indexterm zone="bind dnssec-signzone">
770	<primary sortas="b-dnssec-signzone">dnssec-signzone</primary>
771	</indexterm>
772	</listitem>
773	</varlistentry>
774
775	<varlistentry id="dnssec-verify">
776	<term><command>dnssec-verify</command></term>
777	<listitem>
778	<para>
779	verifies that a zone is fully signed for each algorithm found
780	in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
781	chains are complete
782	</para>
783	<indexterm zone="bind dnssec-verify">
784	<primary sortas="b-dnssec-verify">dnssec-verify</primary>
785	</indexterm>
786	</listitem>
787	</varlistentry>
788
789	<varlistentry id="host">
790	<term><command>host</command></term>
791	<listitem>
792	<para>
793	is a utility for DNS lookups
794	</para>
795	<indexterm zone="bind host">
796	<primary sortas="b-host">host</primary>
797	</indexterm>
798	</listitem>
799	</varlistentry>
800
801	<varlistentry id="mdig">
802	<term><command>mdig</command></term>
803	<listitem>
804	<para>
805	is a version of dig that allows multiple queries at once
806	</para>
807	<indexterm zone="bind mdig">
808	<primary sortas="b-mdig">mdig</primary>
809	</indexterm>
810	</listitem>
811	</varlistentry>
812
813	<varlistentry id="named">
814	<term><command>named</command></term>
815	<listitem>
816	<para>
817	is the name server daemon
818	</para>
819	<indexterm zone="bind named">
820	<primary sortas="b-named">named</primary>
821	</indexterm>
822	</listitem>
823	</varlistentry>
824
825	<varlistentry id="named-checkconf">
826	<term><command>named-checkconf</command></term>
827	<listitem>
828	<para>
829	checks the syntax of <filename>named.conf</filename>
830	files
831	</para>
832	<indexterm zone="bind named-checkconf">
833	<primary sortas="b-named-checkconf">named-checkconf</primary>
834	</indexterm>
835	</listitem>
836	</varlistentry>
837
838	<varlistentry id="named-checkzone">
839	<term><command>named-checkzone</command></term>
840	<listitem>
841	<para>
842	checks zone file validity
843	</para>
844	<indexterm zone="bind named-checkzone">
845	<primary sortas="b-named-checkzone">named-checkzone</primary>
846	</indexterm>
847	</listitem>
848	</varlistentry>
849
850	<varlistentry id="named-compilezone">
851	<term><command>named-compilezone</command></term>
852	<listitem>
853	<para>
854	is similar to <command>named-checkzone</command>, but it always
855	dumps the zone contents to a specified file in a specified format
856	</para>
857	<indexterm zone="bind named-compilezone">
858	<primary sortas="b-named-compilezone">named-compilezone</primary>
859	</indexterm>
860	</listitem>
861	</varlistentry>
862
863	<varlistentry id="named-journalprint">
864	<term><command>named-journalprint</command></term>
865	<listitem>
866	<para>
867	prints the zone journal in human-readable form
868	</para>
869	<indexterm zone="bind named-journalprint">
870	<primary sortas="b-named-journalprint">named-journalprint</primary>
871	</indexterm>
872	</listitem>
873	</varlistentry>
874
875	<varlistentry id="named-rrchecker">
876	<term><command>named-rrchecker</command></term>
877	<listitem>
878	<para>
879	reads an individual DNS resource record from standard input and
880	checks if it is syntactically correct
881	</para>
882	<indexterm zone="bind named-rrchecker">
883	<primary sortas="b-named-rrchecker">named-rrchecker</primary>
884	</indexterm>
885	</listitem>
886	</varlistentry>
887
888	<varlistentry id="named-nzd2nzf">
889	<term><command>named-nzd2nzf</command></term>
890	<listitem>
891	<para>
892	converts an NZD database to NZF text format
893	</para>
894	<indexterm zone="bind named-nzd2nzf">
895	<primary sortas="b-named-nzd2nzf">named-nzd2nzf</primary>
896	</indexterm>
897	</listitem>
898	</varlistentry>
899
900	<varlistentry id="nsec3hash">
901	<term><command>nsec3hash</command></term>
902	<listitem>
903	<para>
904	generates an NSEC3 hash based on a set of NSEC3 parameters
905	</para>
906	<indexterm zone="bind nsec3hash">
907	<primary sortas="b-nsec3hash">nsec3hash</primary>
908	</indexterm>
909	</listitem>
910	</varlistentry>
911
912	<varlistentry id="nslookup">
913	<term><command>nslookup</command></term>
914	<listitem>
915	<para>
916	is a program used to query Internet domain nameservers
917	</para>
918	<indexterm zone="bind nslookup">
919	<primary sortas="b-nslookup">nslookup</primary>
920	</indexterm>
921	</listitem>
922	</varlistentry>
923
924	<varlistentry id="nsupdate">
925	<term><command>nsupdate</command></term>
926	<listitem>
927	<para>
928	is used to submit DNS update requests
929	</para>
930	<indexterm zone="bind nsupdate">
931	<primary sortas="b-nsupdate">nsupdate</primary>
932	</indexterm>
933	</listitem>
934	</varlistentry>
935
936	<varlistentry id="rndc">
937	<term><command>rndc</command></term>
938	<listitem>
939	<para>
940	controls the operation of <application>BIND</application>
941	</para>
942	<indexterm zone="bind rndc">
943	<primary sortas="b-rndc">rndc</primary>
944	</indexterm>
945	</listitem>
946	</varlistentry>
947
948	<varlistentry id="rndc-confgen">
949	<term><command>rndc-confgen</command></term>
950	<listitem>
951	<para>
952	generates <filename>rndc.conf</filename> files
953	</para>
954	<indexterm zone="bind rndc-confgen">
955	<primary sortas="b-rndc-confgen">rndc-confgen</primary>
956	</indexterm>
957	</listitem>
958	</varlistentry>
959
960	<varlistentry id="tsig-keygen">
961	<term><command>tsig-keygen</command></term>
962	<listitem>
963	<para>
964	is a symlink to <command>ddns-confgen</command>
965	</para>
966	<indexterm zone="bind tsig-keygen">
967	<primary sortas="b-tsig-keygen">tsig-keygen</primary>
968	</indexterm>
969	</listitem>
970	</varlistentry>
971
972	</variablelist>
973
974	</sect2>
975
976	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: