Context Navigation

source: server/major/bind.xml@ fc07c4bc

Visit:

12.1 12.2 gimp3 ken/TL2024 ken/tuningfonts lazarus plabs/newcss python3.11 rahul/power-profiles-daemon trunk xry111/for-12.3 xry111/llvm18 xry111/spidermonkey128

Last change on this file since fc07c4bc was 949aa82, checked in by Bruce Dubbs <bdubbs@…>, 10 months ago
Update to bind 9.18.20.
Property mode set to `100644`
File size: 32.4 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY bind-download-http "https://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.xz">
8	<!ENTITY bind-download-ftp " ">
9	<!ENTITY bind-md5sum "&bind-md5;">
10	<!ENTITY bind-size "5.3 MB">
11	<!ENTITY bind-buildsize "132 MB (21 MB installed)">
12	<!ENTITY bind-time "0.4 SBU (with parallelism=4; about 40 minutes somewhat processor independent, to run the complete test suite)">
13	]>
14
15	<sect1 id="bind" xreflabel="BIND-&bind-version;">
16	<?dbhtml filename="bind.html"?>
17
18
19	<title>BIND-&bind-version;</title>
20
21	<indexterm zone="bind">
22	<primary sortas="a-BIND">BIND</primary>
23	</indexterm>
24
25	<sect2 role="package">
26	<title>Introduction to BIND</title>
27
28	<para>
29	The <application>BIND</application> package provides a DNS server
30	and client utilities. If you are only interested in the utilities, refer
31	to the <xref linkend="bind-utils"/>.
32	</para>
33
34	&lfs120_checked;
35
36	<bridgehead renderas="sect3">Package Information</bridgehead>
37	<itemizedlist spacing="compact">
38	<listitem>
39	<para>
40	Download (HTTP): <ulink url="&bind-download-http;"/>
41	</para>
42	</listitem>
43	<listitem>
44	<para>
45	Download (FTP): <ulink url="&bind-download-ftp;"/>
46	</para>
47	</listitem>
48	<listitem>
49	<para>
50	Download MD5 sum: &bind-md5sum;
51	</para>
52	</listitem>
53	<listitem>
54	<para>
55	Download size: &bind-size;
56	</para>
57	</listitem>
58	<listitem>
59	<para>
60	Estimated disk space required: &bind-buildsize;
61	</para>
62	</listitem>
63	<listitem>
64	<para>
65	Estimated build time: &bind-time;
66	</para>
67	</listitem>
68	</itemizedlist>
69	<!--
70	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
71	<itemizedlist spacing="compact">
72	<listitem>
73	<para>
74	Required patch:
75	<ulink url="&patch-root;/bind-&bind-version;-upstream_fixes-1.patch"/>
76	</para>
77	</listitem>
78	</itemizedlist>
79	-->
80	<bridgehead renderas="sect3">BIND Dependencies</bridgehead>
81
82	<bridgehead renderas="sect4">Required</bridgehead>
83	<para role="required">
84	<xref linkend="libuv"/>
85	</para>
86
87	<bridgehead renderas="sect4">Recommended</bridgehead>
88	<para role="recommended">
89	<xref linkend="json-c"/>,
90	<xref linkend="libcap-pam"/>, and
91	<xref linkend="nghttp2"/>
92	</para>
93
94	<bridgehead renderas="sect4">Optional</bridgehead>
95	<para role="optional">
96	<xref linkend="curl"/>,
97	<xref linkend="libidn2"/>,
98	<xref linkend="libxml2"/>,
99	<xref linkend="lmdb"/>,
100	<xref linkend="mitkrb"/>,
101	<xref linkend="pytest"/>,
102	<xref linkend="sphinx"/> (required to build documentation),
103	<ulink url="https://cmocka.org/">cmocka</ulink>,
104	<ulink url="https://github.com/cjheath/geoip">geoip</ulink>,
105	<ulink url="https://github.com/jemalloc/jemalloc">jemalloc</ulink>,
106	<ulink url="&w3m-url;">w3m</ulink>
107	</para>
108
109	<bridgehead renderas="sect4">Optional database backends</bridgehead>
110	<para role="optional">
111	<xref linkend="db"/>,
112	<xref linkend="mariadb"/> or <ulink url="https://www.mysql.com/">MySQL</ulink>,
113	<xref linkend="openldap"/>,
114	<xref linkend="postgresql"/>, and
115	<xref linkend="unixodbc"/>
116	</para>
117
118	<bridgehead renderas="sect4">Optional (to run the test suite)</bridgehead>
119	<para role="optional">
120	<xref linkend="perl-net-dns"/>
121	</para>
122
123	</sect2>
124
125	<sect2 role="installation">
126	<title>Installation of BIND</title>
127
128	<!--
129	<para>
130	To ensure <application>BIND</application> will build dnssec-keymgr,
131	install a python module as the <systemitem
132	class="username">root</systemitem> user:
133	</para>
134
135	<screen role="root"><userinput>pip3 install ply</userinput></screen>
136	-->
137
138	<note>
139	<para>Staring with bind-9.18.20, the IP addreses for
140	B.ROOT-SERVERS.NET have changed.
141	</para>
142	</note>
143
144	<para>
145	Install <application>BIND</application> by running the
146	following commands:
147	</para>
148
149	<screen><userinput>./configure --prefix=/usr \
150	--sysconfdir=/etc \
151	--localstatedir=/var \
152	--mandir=/usr/share/man \
153	--disable-static &&
154	make</userinput></screen>
155
156	<para>
157	Issue the following commands to run the complete suite of tests.
158	First, as the <systemitem class="username">root</systemitem> user, set up
159	some test interfaces:
160	</para>
161
162	<note>
163	<para>
164	If IPv6 is not enabled in the kernel, there will be several
165	error messages: "RTNETLINK answers: Operation not permitted". These
166	messages do not affect the tests.
167	</para>
168	</note>
169
170	<screen role="root"
171	remap="test"><userinput>bin/tests/system/ifconfig.sh up</userinput></screen>
172
173	<para>
174	The test suite may indicate some skipped tests depending on
175	what configuration options are used. Some tests are marked
176	<quote>UNTESTED</quote> or do even fail if <xref linkend="perl-net-dns"/>
177	is not installed. Two tests, <filename>resolver</filename> and
178	<filename>dispatch</filename>, are known to fail.
179	To run the tests, as an unprivileged user, execute:
180	</para>
181
182	<screen remap="test"><userinput>make -k check</userinput></screen>
183
184	<para>
185	Again as <systemitem class="username">root</systemitem>, clean up the
186	test interfaces:
187	</para>
188
189	<screen role="root"
190	remap="test"><userinput>bin/tests/system/ifconfig.sh down</userinput></screen>
191
192	<para>
193	Finally, install the package as the <systemitem
194	class="username">root</systemitem> user:
195	</para>
196
197	<!-- Documentation is an issue - The docs are now all in .rst format and appear
198	to be sphinx based. install source .rst files for now...
199
200	leave docs untouched as they does only use disk space when not
201	used to recreate the docs via Sphinx. I've added a note regarding
202	the documentation. (thomas)
203
204	<screen role="root"><userinput>make install &&
205
206	install -vdm 755 /usr/share/doc/bind-&bind-version;/{arm,dnssec-guide} &&
207	install doc/arm/* /usr/share/doc/bind-&bind-version;/arm &&
208	install doc/dnssec-guide/* /usr/share/doc/bind-&bind-version;/dnssec-guide</userinput></screen>
209	-->
210	<screen role="root"><userinput>make install</userinput></screen>
211
212	</sect2>
213
214	<sect2 role="commands">
215	<title>Command Explanations</title>
216
217	<para>
218	<parameter>--sysconfdir=/etc</parameter>: This parameter forces
219	<application>BIND</application> to look for configuration
220	files in <filename class='directory'>/etc</filename> instead of
221	<filename class='directory'>/usr/etc</filename>.
222	</para>
223
224	<!-- Seems to be removed in 9.18.0
225	<para>
226	<parameter>- -with-libtool</parameter>: This parameter forces the
227	building of dynamic libraries and links the installed binaries to these
228	libraries.
229	</para>
230	-->
231
232	<para>
233	<option>--with-libidn2</option>: This parameter enables
234	the IDNA2008 (Internationalized Domain Names in Applications)
235	support.
236	</para>
237
238	<para>
239	<option>--enable-fetchlimit</option>: Use this option if you want
240	to be able to limit the rate of recursive client queries. This may be
241	useful on servers which receive a large number of queries.
242	</para>
243
244	<para>
245	<option>--disable-linux-caps</option>: BIND can also be built without
246	capability support by using this option, at the cost of some loss of
247	security.
248	</para>
249
250	<para>
251	<option>--with-dlz-{mysql,bdb,filesystem,ldap,odbc,stub}</option>: Use
252	one (or more) of those options to add Dynamically Loadable Zones support.
253	For more information refer to <ulink
254	url="https://bind-dlz.sourceforge.net/">bind-dlz.sourceforge.net</ulink>.
255	</para>
256
257	<para>
258	<option>--disable-doh</option>: Use this option if you do not have
259	<xref linkend="nghttp2" role="nodep"/> installed and do not need support
260	for DNS over HTTPS.
261	</para>
262
263	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
264	href="../../xincludes/static-libraries.xml"/>
265
266	</sect2>
267
268	<sect2 role="configuration">
269	<title>Configuring BIND</title>
270
271	<sect3 id="bind-config">
272	<title>Config files</title>
273
274	<para>
275	<filename>named.conf</filename>,
276	<filename>root.hints</filename>,
277	<filename>127.0.0</filename>,
278	<filename>rndc.conf</filename>, and
279	<filename>resolv.conf</filename>
280	</para>
281
282	<indexterm zone="bind bind-config">
283	<primary sortas="e-etc-named.conf">/etc/named.conf</primary>
284	</indexterm>
285
286	<indexterm zone="bind bind-config">
287	<primary sortas="e-etc-rndc.conf">/etc/rndc.conf</primary>
288	</indexterm>
289
290	<indexterm zone="bind bind-config">
291	<primary sortas="e-etc-resolv.conf">/etc/resolv.conf</primary>
292	</indexterm>
293
294	<indexterm zone="bind bind-config">
295	<primary
296	sortas="e-etc-namedb-root.hints">/etc/namedb/root.hints</primary>
297	</indexterm>
298
299	<indexterm zone="bind bind-config">
300	<primary
301	sortas="e-etc-namedb-pz-127.0.0.0">/etc/namedb/pz/127.0.0.0</primary>
302	</indexterm>
303	</sect3>
304
305	<sect3>
306	<title>Configuration Information</title>
307
308	<para>
309	<application>BIND</application> will be configured to run in a
310	<command>chroot</command> jail as an unprivileged user (<systemitem
311	class="username">named</systemitem>). This configuration is more secure
312	in that a DNS compromise can only affect a few files in the <systemitem
313	class="username">named</systemitem> user's <envar>HOME</envar>
314	directory.
315	</para>
316
317	<para>
318	Create the unprivileged user and group <systemitem
319	class="username">named</systemitem>:
320	</para>
321
322	<screen role="root"><userinput>groupadd -g 20 named &&
323	useradd -c "BIND Owner" -g named -s /bin/false -u 20 named &&
324	install -d -m770 -o named -g named /srv/named</userinput></screen>
325
326	<para>
327	Set up some files, directories and devices needed by
328	<application>BIND</application>:
329	</para>
330
331	<screen role="root"><userinput>mkdir -p /srv/named &&
332	cd /srv/named &&
333	mkdir -p dev etc/named/{slave,pz} usr/lib/engines var/run/named &&
334	mknod /srv/named/dev/null c 1 3 &&
335	mknod /srv/named/dev/urandom c 1 9 &&
336	chmod 666 /srv/named/dev/{null,urandom} &&
337	cp /etc/localtime etc</userinput></screen>
338
339	<para>
340	The <filename>rndc.conf</filename> file contains information for
341	controlling <command>named</command> operations with the
342	<command>rndc</command> utility. Generate a key for use in the
343	<filename>named.conf</filename> and <filename>rndc.conf</filename>
344	with the <command>rndc-confgen</command> command:
345	</para>
346
347	<screen role="root"><userinput>rndc-confgen -a -b 512 -t /srv/named</userinput></screen>
348
349	<para>
350	Create the <filename>named.conf</filename> file from which
351	<command>named</command> will read the location of zone files, root
352	name servers and secure DNS keys:
353	</para>
354
355	<screen role="root"><?dbfo keep-together="auto"?><userinput>cat >> /srv/named/etc/named.conf << "EOF"
356	<literal>options {
357	directory "/etc/named";
358	pid-file "/var/run/named.pid";
359	statistics-file "/var/run/named.stats";
360
361	};
362	zone "." {
363	type hint;
364	file "root.hints";
365	};
366	zone "0.0.127.in-addr.arpa" {
367	type master;
368	file "pz/127.0.0";
369	};
370
371	// Bind 9 now logs by default through syslog (except debug).
372	// These are the default logging rules.
373
374	logging {
375	category default { default_syslog; default_debug; };
376	category unmatched { null; };
377
378	channel default_syslog {
379	syslog daemon; // send to syslog's daemon
380	// facility
381	severity info; // only send priority info
382	// and higher
383	};
384
385	channel default_debug {
386	file "named.run"; // write to named.run in
387	// the working directory
388	// Note: stderr is used instead
389	// of "named.run"
390	// if the server is started
391	// with the '-f' option.
392	severity dynamic; // log at the server's
393	// current debug level
394	};
395
396	channel default_stderr {
397	stderr; // writes to stderr
398	severity info; // only send priority info
399	// and higher
400	};
401
402	channel null {
403	null; // toss anything sent to
404	// this channel
405	};
406	};</literal>
407	EOF</userinput></screen>
408
409	<para>
410	Create a zone file with the following contents:
411	</para>
412
413	<screen role="root"><userinput>cat > /srv/named/etc/named/pz/127.0.0 << "EOF"
414	<literal>$TTL 3D
415	@ IN SOA ns.local.domain. hostmaster.local.domain. (
416	1 ; Serial
417	8H ; Refresh
418	2H ; Retry
419	4W ; Expire
420	1D) ; Minimum TTL
421	NS ns.local.domain.
422	1 PTR localhost.</literal>
423	EOF</userinput></screen>
424
425	<para>
426	Create the <filename>root.hints</filename> file with the following
427	commands:
428	</para>
429
430	<note>
431	<para>
432	Caution must be used to ensure there are no leading spaces in
433	this file.
434	</para>
435	</note>
436
437	<screen role="root"><userinput>cat > /srv/named/etc/named/root.hints << "EOF"
438	<literal>. 6D IN NS A.ROOT-SERVERS.NET.
439	. 6D IN NS B.ROOT-SERVERS.NET.
440	. 6D IN NS C.ROOT-SERVERS.NET.
441	. 6D IN NS D.ROOT-SERVERS.NET.
442	. 6D IN NS E.ROOT-SERVERS.NET.
443	. 6D IN NS F.ROOT-SERVERS.NET.
444	. 6D IN NS G.ROOT-SERVERS.NET.
445	. 6D IN NS H.ROOT-SERVERS.NET.
446	. 6D IN NS I.ROOT-SERVERS.NET.
447	. 6D IN NS J.ROOT-SERVERS.NET.
448	. 6D IN NS K.ROOT-SERVERS.NET.
449	. 6D IN NS L.ROOT-SERVERS.NET.
450	. 6D IN NS M.ROOT-SERVERS.NET.
451	A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
452	A.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:ba3e::2:30
453	B.ROOT-SERVERS.NET. 6D IN A 170.247.170.2
454	B.ROOT-SERVERS.NET. 6D IN AAAA 2801:1b8:10::b
455	C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
456	C.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2::c
457	D.ROOT-SERVERS.NET. 6D IN A 199.7.91.13
458	D.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2d::d
459	E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
460	E.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:a8::e
461	F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
462	F.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2f::f
463	G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
464	G.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:12::d0d
465	H.ROOT-SERVERS.NET. 6D IN A 198.97.190.53
466	H.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:1::53
467	I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
468	I.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fe::53
469	J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30
470	J.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:c27::2:30
471	K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129
472	K.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fd::1
473	L.ROOT-SERVERS.NET. 6D IN A 199.7.83.42
474	L.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:9f::42
475	M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33
476	M.ROOT-SERVERS.NET. 6D IN AAAA 2001:dc3::35</literal>
477	EOF</userinput></screen>
478
479	<para>
480	The <filename>root.hints</filename> file is a list of root name
481	servers. This file must be updated periodically with the
482	<command>dig</command> utility. A current copy of root.hints can be
483	obtained from <ulink url="https://www.internic.net/domain/named.root"/>.
484	For details, consult the "BIND 9 Administrator Reference Manual".
485	</para>
486
487	<para>
488	Create or modify <filename>resolv.conf</filename> to use the new
489	name server with the following commands:
490	</para>
491
492	<note>
493	<para>
494	Replace <replaceable><yourdomain.com></replaceable> with
495	your own valid domain name.
496	</para>
497	</note>
498
499	<screen role="root"><userinput>cp /etc/resolv.conf /etc/resolv.conf.bak &&
500	cat > /etc/resolv.conf << "EOF"
501	<literal>search <replaceable><yourdomain.com></replaceable>
502	nameserver 127.0.0.1</literal>
503	EOF</userinput></screen>
504
505	<para>
506	Set permissions on the <command>chroot</command> jail with the
507	following command:
508	</para>
509
510	<screen role="root"><userinput>chown -R named:named /srv/named</userinput></screen>
511
512	</sect3>
513
514	<sect3 id="bind-init">
515	<title><phrase revision="sysv">Boot Script</phrase>
516	<phrase revision="systemd">Systemd Unit</phrase></title>
517
518	<para>
519	To start the DNS server at boot, install the
520	<phrase revision="sysv"><filename>/etc/rc.d/init.d/bind</filename> init
521	script</phrase>
522	<phrase revision="systemd"><filename>named.service</filename>
523	unit</phrase> included in the
524	<xref linkend="bootscripts" revision="sysv"/>
525	<xref linkend="systemd-units" revision="systemd"/> package:
526	</para>
527
528	<indexterm zone="bind bind-init">
529	<primary sortas="f-bind">bind</primary>
530	</indexterm>
531
532	<screen role="root" revision="sysv"><userinput>make install-bind</userinput></screen>
533	<screen role="root" revision="systemd"><userinput>make install-named</userinput></screen>
534
535	<para>
536	Now start <application>BIND</application> with the following command:
537	</para>
538
539	<screen role="root" revision="sysv"><userinput>/etc/rc.d/init.d/bind start</userinput></screen>
540	<screen role="root" revision="systemd"><userinput>systemctl start named</userinput></screen>
541
542	</sect3>
543
544	<sect3>
545	<title>Testing BIND</title>
546
547	<para>
548	Test out the new <application>BIND</application> 9 installation.
549	First query the local host address with <command>dig</command>:
550	</para>
551
552	<screen><userinput>dig -x 127.0.0.1</userinput></screen>
553
554	<para>
555	Now try an external name lookup, taking note of the speed
556	difference in repeated lookups due to the caching. Run the
557	<command>dig</command> command twice on the same address:
558	</para>
559
560	<screen><userinput>dig www.&lfs-domainname; &&
561	dig www.&lfs-domainname;</userinput></screen>
562
563	<para>
564	You can see almost instantaneous results with the named caching
565	lookups. Consult the <application>BIND</application> Administrator
566	Reference Manual (see below) for further configuration options.
567	</para>
568
569	</sect3>
570
571	</sect2>
572
573	<sect2>
574	<title>Administrator Reference Manual (ARM)</title>
575
576	<para>
577	The ARM documentation (do not confuse with the processor architecture)
578	is included in the source package. The documentation is in .rst
579	format which means that it can be converted in human readable formats
580	if <xref linkend="sphinx"/> is installed.
581	</para>
582
583	<para>
584	When <application>BIND</application> is set up, especially if it is going
585	to be operating in a real live scenario, it is <emphasis>highly</emphasis>
586	recommended to consult the ARM documentation. ISC provides an
587	updated set of excellent documentation along with every release
588	so it can be easily viewed and/or downloaded – so there is
589	no excuse to not read the docs. The formats ISC provides are PDF,
590	epub and html at <ulink url="https://downloads.isc.org/isc/bind9/&bind-version;/doc/arm/"/>.
591	</para>
592	</sect2>
593
594	<sect2 role="content">
595	<title>Contents</title>
596
597	<segmentedlist>
598	<segtitle>Installed Programs</segtitle>
599	<segtitle>Installed Libraries</segtitle>
600	<segtitle>Installed Directories</segtitle>
601
602	<seglistitem>
603
604	<seg>arpaname, ddns-confgen, delv, dig, dnssec-cds,
605	dnssec-dsfromkey, dnssec-importkey, dnssec-keyfromlabel, dnssec-keygen,
606	dnssec-revoke, dnssec-settime, dnssec-signzone,
607	dnssec-verify, host, mdig, named, named-checkconf,
608	named-checkzone, named-compilezone, named-journalprint,
609	named-nzd2nzf, named-rrchecker, nsec3hash, nslookup, nsupdate, rndc,
610	rndc-confgen, and tsig-keygen (symlink)</seg>
611
612	<seg>libbind9.so, libdns.so, libirs.so, libisc.so, libisccc.so,
613	libisccfg.so, and libns.so</seg>
614
615	<seg>/usr/include/{bind9,dns,dst,irs,isc,isccc,isccfg,ns},
616	/usr/lib/bind,
617	and /srv/named</seg>
618	</seglistitem>
619	</segmentedlist>
620
621	<variablelist>
622	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
623	<?dbfo list-presentation="list"?>
624	<?dbhtml list-presentation="table"?>
625
626	<varlistentry id="arpaname">
627	<term><command>arpaname</command></term>
628	<listitem>
629	<para>
630	translates IP addresses to the corresponding ARPA names
631	</para>
632	<indexterm zone="bind arpaname">
633	<primary sortas="b-arpaname">arpaname</primary>
634	</indexterm>
635	</listitem>
636	</varlistentry>
637
638	<varlistentry id="ddns-confgen">
639	<term><command>ddns-confgen</command></term>
640	<listitem>
641	<para>
642	generates a key for use by nsupdate and named
643	</para>
644	<indexterm zone="bind ddns-confgen">
645	<primary sortas="b-ddns-confgen">ddns-confgen</primary>
646	</indexterm>
647	</listitem>
648	</varlistentry>
649
650	<varlistentry id="delv">
651	<term><command>delv</command></term>
652	<listitem>
653	<para>
654	is a new debugging tool that is a successor to
655	<command>dig</command>
656	</para>
657	<indexterm zone="bind delv">
658	<primary sortas="b-delv">delv</primary>
659	</indexterm>
660	</listitem>
661	</varlistentry>
662
663	<varlistentry id="dig">
664	<term><command>dig</command></term>
665	<listitem>
666	<para>
667	interrogates DNS servers
668	</para>
669	<indexterm zone="bind dig">
670	<primary sortas="b-dig">dig</primary>
671	</indexterm>
672	</listitem>
673	</varlistentry>
674
675	<varlistentry id="dnssec-cds">
676	<term><command>dnssec-cds</command></term>
677	<listitem>
678	<para>
679	changes DS records for a child zone based on
680	CDS/CDNSKEY
681	</para>
682	<indexterm zone="bind dnssec-cds">
683	<primary sortas="b-dnssec-cds">dnssec-cds</primary>
684	</indexterm>
685	</listitem>
686	</varlistentry>
687
688	<varlistentry id="dnssec-dsfromkey">
689	<term><command>dnssec-dsfromkey</command></term>
690	<listitem>
691	<para>
692	outputs the Delegation Signer (DS) resource record (RR)
693	</para>
694	<indexterm zone="bind dnssec-dsfromkey">
695	<primary sortas="b-dnssec-dsfromkey">dnssec-dsfromkey</primary>
696	</indexterm>
697	</listitem>
698	</varlistentry>
699
700	<varlistentry id="dnssec-importkey">
701	<term><command>dnssec-importkey</command></term>
702	<listitem>
703	<para>
704	reads a public DNSKEY record and generates a pair of
705	.key/.private files
706	</para>
707	<indexterm zone="bind dnssec-importkey">
708	<primary sortas="b-dnssec-importkey">dnssec-importkey</primary>
709	</indexterm>
710	</listitem>
711	</varlistentry>
712
713	<varlistentry id="dnssec-keyfromlabel">
714	<term><command>dnssec-keyfromlabel</command></term>
715	<listitem>
716	<para>
717	gets keys with the given label from a cryptography hardware device
718	and builds key files for DNSSEC
719	</para>
720	<indexterm zone="bind dnssec-keyfromlabel">
721	<primary sortas="b-dnssec-keyfromlabel">dnssec-keyfromlabel</primary>
722	</indexterm>
723	</listitem>
724	</varlistentry>
725
726	<varlistentry id="dnssec-keymgr">
727	<term><command>dnssec-keymgr</command></term>
728	<listitem>
729	<para>
730	ensures correct DNSKEY coverage based on a defined policy
731	</para>
732	<indexterm zone="bind dnssec-keymgr">
733	<primary sortas="b-dnssec-keymgr">dnssec-keymgr</primary>
734	</indexterm>
735	</listitem>
736	</varlistentry>
737
738	<varlistentry id="dnssec-revoke">
739	<term><command>dnssec-revoke</command></term>
740	<listitem>
741	<para>
742	sets the REVOKED bit on a DNSSEC key
743	</para>
744	<indexterm zone="bind dnssec-revoke">
745	<primary sortas="b-dnssec-revoke">dnssec-revoke</primary>
746	</indexterm>
747	</listitem>
748	</varlistentry>
749
750	<varlistentry id="dnssec-settime">
751	<term><command>dnssec-settime</command></term>
752	<listitem>
753	<para>
754	sets the key timing metadata for a DNSSEC key
755	</para>
756	<indexterm zone="bind dnssec-settime">
757	<primary sortas="b-dnssec-settime">dnssec-settime</primary>
758	</indexterm>
759	</listitem>
760	</varlistentry>
761
762	<varlistentry id="dnssec-signzone">
763	<term><command>dnssec-signzone</command></term>
764	<listitem>
765	<para>
766	generates signed versions of zone files
767	</para>
768	<indexterm zone="bind dnssec-signzone">
769	<primary sortas="b-dnssec-signzone">dnssec-signzone</primary>
770	</indexterm>
771	</listitem>
772	</varlistentry>
773
774	<varlistentry id="dnssec-verify">
775	<term><command>dnssec-verify</command></term>
776	<listitem>
777	<para>
778	verifies that a zone is fully signed for each algorithm found
779	in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
780	chains are complete
781	</para>
782	<indexterm zone="bind dnssec-verify">
783	<primary sortas="b-dnssec-verify">dnssec-verify</primary>
784	</indexterm>
785	</listitem>
786	</varlistentry>
787
788	<varlistentry id="host">
789	<term><command>host</command></term>
790	<listitem>
791	<para>
792	is a utility for DNS lookups
793	</para>
794	<indexterm zone="bind host">
795	<primary sortas="b-host">host</primary>
796	</indexterm>
797	</listitem>
798	</varlistentry>
799
800	<varlistentry id="mdig">
801	<term><command>mdig</command></term>
802	<listitem>
803	<para>
804	is a version of dig that allows multiple queries at once
805	</para>
806	<indexterm zone="bind mdig">
807	<primary sortas="b-mdig">mdig</primary>
808	</indexterm>
809	</listitem>
810	</varlistentry>
811
812	<varlistentry id="named">
813	<term><command>named</command></term>
814	<listitem>
815	<para>
816	is the name server daemon
817	</para>
818	<indexterm zone="bind named">
819	<primary sortas="b-named">named</primary>
820	</indexterm>
821	</listitem>
822	</varlistentry>
823
824	<varlistentry id="named-checkconf">
825	<term><command>named-checkconf</command></term>
826	<listitem>
827	<para>
828	checks the syntax of <filename>named.conf</filename>
829	files
830	</para>
831	<indexterm zone="bind named-checkconf">
832	<primary sortas="b-named-checkconf">named-checkconf</primary>
833	</indexterm>
834	</listitem>
835	</varlistentry>
836
837	<varlistentry id="named-checkzone">
838	<term><command>named-checkzone</command></term>
839	<listitem>
840	<para>
841	checks zone file validity
842	</para>
843	<indexterm zone="bind named-checkzone">
844	<primary sortas="b-named-checkzone">named-checkzone</primary>
845	</indexterm>
846	</listitem>
847	</varlistentry>
848
849	<varlistentry id="named-compilezone">
850	<term><command>named-compilezone</command></term>
851	<listitem>
852	<para>
853	is similar to <command>named-checkzone</command>, but it always
854	dumps the zone contents to a specified file in a specified format
855	</para>
856	<indexterm zone="bind named-compilezone">
857	<primary sortas="b-named-compilezone">named-compilezone</primary>
858	</indexterm>
859	</listitem>
860	</varlistentry>
861
862	<varlistentry id="named-journalprint">
863	<term><command>named-journalprint</command></term>
864	<listitem>
865	<para>
866	prints the zone journal in human-readable form
867	</para>
868	<indexterm zone="bind named-journalprint">
869	<primary sortas="b-named-journalprint">named-journalprint</primary>
870	</indexterm>
871	</listitem>
872	</varlistentry>
873
874	<varlistentry id="named-rrchecker">
875	<term><command>named-rrchecker</command></term>
876	<listitem>
877	<para>
878	reads an individual DNS resource record from standard input and
879	checks if it is syntactically correct
880	</para>
881	<indexterm zone="bind named-rrchecker">
882	<primary sortas="b-named-rrchecker">named-rrchecker</primary>
883	</indexterm>
884	</listitem>
885	</varlistentry>
886
887	<varlistentry id="named-nzd2nzf">
888	<term><command>named-nzd2nzf</command></term>
889	<listitem>
890	<para>
891	converts an NZD database to NZF text format
892	</para>
893	<indexterm zone="bind named-nzd2nzf">
894	<primary sortas="b-named-nzd2nzf">named-nzd2nzf</primary>
895	</indexterm>
896	</listitem>
897	</varlistentry>
898
899	<varlistentry id="nsec3hash">
900	<term><command>nsec3hash</command></term>
901	<listitem>
902	<para>
903	generates an NSEC3 hash based on a set of NSEC3 parameters
904	</para>
905	<indexterm zone="bind nsec3hash">
906	<primary sortas="b-nsec3hash">nsec3hash</primary>
907	</indexterm>
908	</listitem>
909	</varlistentry>
910
911	<varlistentry id="nslookup">
912	<term><command>nslookup</command></term>
913	<listitem>
914	<para>
915	is a program used to query Internet domain nameservers
916	</para>
917	<indexterm zone="bind nslookup">
918	<primary sortas="b-nslookup">nslookup</primary>
919	</indexterm>
920	</listitem>
921	</varlistentry>
922
923	<varlistentry id="nsupdate">
924	<term><command>nsupdate</command></term>
925	<listitem>
926	<para>
927	is used to submit DNS update requests
928	</para>
929	<indexterm zone="bind nsupdate">
930	<primary sortas="b-nsupdate">nsupdate</primary>
931	</indexterm>
932	</listitem>
933	</varlistentry>
934
935	<varlistentry id="rndc">
936	<term><command>rndc</command></term>
937	<listitem>
938	<para>
939	controls the operation of <application>BIND</application>
940	</para>
941	<indexterm zone="bind rndc">
942	<primary sortas="b-rndc">rndc</primary>
943	</indexterm>
944	</listitem>
945	</varlistentry>
946
947	<varlistentry id="rndc-confgen">
948	<term><command>rndc-confgen</command></term>
949	<listitem>
950	<para>
951	generates <filename>rndc.conf</filename> files
952	</para>
953	<indexterm zone="bind rndc-confgen">
954	<primary sortas="b-rndc-confgen">rndc-confgen</primary>
955	</indexterm>
956	</listitem>
957	</varlistentry>
958
959	<varlistentry id="tsig-keygen">
960	<term><command>tsig-keygen</command></term>
961	<listitem>
962	<para>
963	is a symlink to <command>ddns-confgen</command>
964	</para>
965	<indexterm zone="bind tsig-keygen">
966	<primary sortas="b-tsig-keygen">tsig-keygen</primary>
967	</indexterm>
968	</listitem>
969	</varlistentry>
970
971	</variablelist>
972
973	</sect2>
974
975	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: