Context Navigation

bind.xml@ cdf0106

Visit:

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 9.1 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since cdf0106 was cdf0106, checked in by Douglas R. Reno <renodr@…>, 5 years ago

Update to gnome-online-accounts-3.34.1
Update to libsoup-2.68.2
Update to dconf-editor-3.34.2
Update to parted-3.3
Update to samba-4.11.0
Update to gvfs-1.42.1
Fix the download size in Volume_Key
Correct the rndc-confgen command in BIND9, as well as update some paths.

Please be aware that this version of Samba does not support SMBv1 anymore, and clients
that utilize that protocol will be completely unable to connect to the server.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@22255 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 33.0 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY bind-download-http " ">
8	<!ENTITY bind-download-ftp "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
9	<!ENTITY bind-md5sum "6f1fcdfcaecaaff13260b0045c83f113">
10	<!ENTITY bind-size "6.0 MB">
11	<!ENTITY bind-buildsize "124 MB (24 MB installed)">
12	<!ENTITY bind-time "0.9 SBU (with parallelism=4; add 30+ minutes, processor independent, to run the complete test suite)">
13	]>
14
15	<sect1 id="bind" xreflabel="BIND-&bind-version;">
16	<?dbhtml filename="bind.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	</sect1info>
22
23	<title>BIND-&bind-version;</title>
24
25	<indexterm zone="bind">
26	<primary sortas="a-BIND">BIND</primary>
27	</indexterm>
28
29	<sect2 role="package">
30	<title>Introduction to BIND</title>
31
32	<para>The <application>BIND</application> package provides a DNS server
33	and client utilities. If you are only interested in the utilities, refer
34	to the <xref linkend="bind-utils"/>.</para>
35
36	&lfs90_checked;
37
38	<bridgehead renderas="sect3">Package Information</bridgehead>
39	<itemizedlist spacing="compact">
40	<listitem>
41	<para>Download (HTTP): <ulink url="&bind-download-http;"/></para>
42	</listitem>
43	<listitem>
44	<para>Download (FTP): <ulink url="&bind-download-ftp;"/></para>
45	</listitem>
46	<listitem>
47	<para>Download MD5 sum: &bind-md5sum;</para>
48	</listitem>
49	<listitem>
50	<para>Download size: &bind-size;</para>
51	</listitem>
52	<listitem>
53	<para>Estimated disk space required: &bind-buildsize;</para>
54	</listitem>
55	<listitem>
56	<para>Estimated build time: &bind-time;</para>
57	</listitem>
58	</itemizedlist>
59	<!--
60	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
61	<itemizedlist spacing='compact'>
62	<listitem>
63	<para>Optional patch (if net-tools is not installed):
64	<ulink
65	url="&patch-root;/bind-&bind-version;-use_iproute2-1.patch"/></para>
66	</listitem>
67	</itemizedlist>
68	-->
69	<bridgehead renderas="sect3">BIND Dependencies</bridgehead>
70
71	<bridgehead renderas="sect4">Recommended</bridgehead>
72	<para role="optional">
73	<xref linkend="libcap-pam"/>
74	</para>
75
76	<bridgehead renderas="sect4">Optional</bridgehead>
77	<para role="optional">
78	<xref linkend="libidn2"/>,
79	<xref linkend="libxml2"/>,
80	<xref linkend="mitkrb"/>,
81	<ulink url="https://cmocka.org/">cmocka</ulink>, and
82	<ulink url='https://github.com/cjheath/geoip'>geoip</ulink>
83	</para>
84
85	<bridgehead renderas="sect4">Optional database backends</bridgehead>
86	<para role="optional">
87	<xref linkend="db"/>,
88	<xref linkend="mariadb"/> or <ulink url="http://www.mysql.com/">MySQL</ulink>,
89	<xref linkend="openldap"/>,
90	<xref linkend="postgresql"/>, and
91	<xref linkend="unixodbc"/>
92	</para>
93
94	<bridgehead renderas="sect4">Optional (to run the test suite)</bridgehead>
95	<para role="optional">
96	<xref linkend="perl-net-dns"/>
97	<!-- and
98	<xref linkend="net-tools"/> (you may omit net-tools by using the optional
99	patch to utilize iproute2, but the IPv6 tests will fail)
100	-->
101	</para>
102
103	<bridgehead renderas="sect4">Optional (to rebuild the documentation)</bridgehead>
104	<para role="optional">
105	<xref linkend="doxygen"/>,
106	<xref linkend="libxslt"/>, and
107	<xref linkend="texlive"/> (or <xref linkend="tl-installer"/>)
108	</para>
109
110	<para condition="html" role="usernotes">User Notes:
111	<ulink url="&blfs-wiki;/bind"/></para>
112
113	</sect2>
114
115	<sect2 role="installation">
116	<title>Installation of BIND</title>
117	<!--
118	<para>If you have chosen not to install net-tools, apply the iproute2
119	patch with the following command:</para>
120
121	<screen><userinput>patch -Np1 -i ../bind-&bind-version;-use_iproute2-1.patch</userinput></screen>
122	-->
123
124	<para>To ensure <application>BIND</application> will build dnssec-keymgr,
125	install a python module as the <systemitem
126	class="username">root</systemitem> user:</para>
127
128	<screen role="root"><userinput>pip3 install ply</userinput></screen>
129
130	<para>Install <application>BIND</application> by running the
131	following commands:</para>
132
133	<screen><userinput>./configure --prefix=/usr \
134	--sysconfdir=/etc \
135	--localstatedir=/var \
136	--mandir=/usr/share/man \
137	--with-libtool \
138	--disable-static &&
139	make</userinput></screen>
140
141	<para>Issue the following commands to run the complete suite of tests.
142	First, as the <systemitem class="username">root</systemitem> user, set up
143	some test interfaces:</para>
144
145	<note><para>If IPv6 is not enabled in the kernel, there will be several
146	error messages: "RTNETLINK answers: Operation not permitted". These
147	messages do not affect the tests.</para></note>
148
149	<screen role="root"
150	remap="test"><userinput>bin/tests/system/ifconfig.sh up</userinput></screen>
151
152	<para>The test suite may indicate some skipped tests depending on
153	what configuration options are used. Some tests are marked <quote>UNTESTED
154	</quote> if <xref linkend="perl-net-dns"/> is not installed.
155	To run the tests, as an unprivileged user, execute:</para>
156
157	<screen remap="test"><userinput>make -k check</userinput></screen>
158
159	<para>Again as <systemitem class="username">root</systemitem>, clean up the
160	test interfaces:</para>
161
162	<screen role="root"
163	remap="test"><userinput>bin/tests/system/ifconfig.sh down</userinput></screen>
164
165	<para>Finally, install the package as the <systemitem
166	class="username">root</systemitem> user:</para>
167
168	<screen role="root"><userinput>make install &&
169
170	install -v -m755 -d /usr/share/doc/bind-&bind-version;/arm &&
171	install -v -m644 doc/arm/*.html \
172	/usr/share/doc/bind-&bind-version;/arm</userinput></screen>
173	</sect2>
174
175	<!-- Documentation is an issue - make doc fails - some docbook problem
176	install -v -m644 doc/misc/{dnssec,ipv6,migrat*,options,rfc-compliance,roadmap,sdb} \
177	/usr/share/doc/bind-&bind-version;/misc</userinput></screen>
178	-->
179
180	<sect2 role="commands">
181	<title>Command Explanations</title>
182
183	<para><parameter>--sysconfdir=/etc</parameter>: This parameter forces
184	<application>BIND</application> to look for configuration
185	files in <filename class='directory'>/etc</filename> instead of
186	<filename class='directory'>/usr/etc</filename>.</para>
187
188	<!-- No longer available as of 9.14.2
189	<para><parameter>- -enable-threads</parameter>: This parameter enables
190	multi-threading capability.</para>
191	-->
192
193	<para><parameter>--with-libtool</parameter>: This parameter forces the
194	building of dynamic libraries and links the installed binaries to these
195	libraries.</para>
196
197	<para><parameter>--with-libidn2</parameter>: This parameter enables
198	the IDNA2008 (Internationalized Domain Names in Applications)
199	support.</para>
200
201	<!-- no longer available
202	<para><parameter>- -with-randomdev=/dev/urandom</parameter>: This parameter
203	specifes a non-blocking random device for use with digital signatures.</para>
204	-->
205	<para><option>--enable-fetchlimit</option>: Use this option if you want
206	to be able to limit the rate of recursive client queries. This may be
207	useful on servers which receive a large number of queries.</para>
208
209	<para><option>--disable-linux-caps</option>: BIND can also be built without
210	capability support by using this option, at the cost of some loss of
211	security.</para>
212
213	<para><option>--with-dlz-{mysql,bdb,filesystem,ldap,odbc,stub}</option>: Use
214	one (or more) of those options to add Dynamically Loadable Zones support.
215	For more information refer to
216	<ulink url="http://bind-dlz.sourceforge.net/">bind-dlz.sourceforge.net</ulink>.
217	</para>
218
219	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
220	href="../../xincludes/static-libraries.xml"/>
221
222	<para><command>cd doc; install ...</command>: These commands install
223	additional package documentation. Omit any or all of these commands if
224	desired.</para>
225	</sect2>
226
227	<sect2 role="configuration">
228	<title>Configuring BIND</title>
229
230	<sect3 id="bind-config">
231	<title>Config files</title>
232
233	<para><filename>named.conf</filename>,
234	<filename>root.hints</filename>,
235	<filename>127.0.0</filename>,
236	<filename>rndc.conf</filename> and
237	<filename>resolv.conf</filename></para>
238
239	<indexterm zone="bind bind-config">
240	<primary sortas="e-etc-named.conf">/etc/named.conf</primary>
241	</indexterm>
242
243	<indexterm zone="bind bind-config">
244	<primary sortas="e-etc-rndc.conf">/etc/rndc.conf</primary>
245	</indexterm>
246
247	<indexterm zone="bind bind-config">
248	<primary sortas="e-etc-resolv.conf">/etc/resolv.conf</primary>
249	</indexterm>
250
251	<indexterm zone="bind bind-config">
252	<primary
253	sortas="e-etc-namedb-root.hints">/etc/namedb/root.hints</primary>
254	</indexterm>
255
256	<indexterm zone="bind bind-config">
257	<primary
258	sortas="e-etc-namedb-pz-127.0.0.0">/etc/namedb/pz/127.0.0.0</primary>
259	</indexterm>
260	</sect3>
261
262	<sect3>
263	<title>Configuration Information</title>
264
265	<para><application>BIND</application> will be configured to run in a
266	<command>chroot</command> jail as an unprivileged user (<systemitem
267	class="username">named</systemitem>). This configuration is more secure
268	in that a DNS compromise can only affect a few files in the <systemitem
269	class="username">named</systemitem> user's <envar>HOME</envar>
270	directory.</para>
271
272	<para>Create the unprivileged user and group <systemitem
273	class="username">named</systemitem>:</para>
274
275	<screen role="root"><userinput>groupadd -g 20 named &&
276	useradd -c "BIND Owner" -g named -s /bin/false -u 20 named &&
277	install -d -m770 -o named -g named /srv/named</userinput></screen>
278
279	<para>Set up some files, directories and devices needed by
280	<application>BIND</application>:</para>
281
282	<screen role="root"><userinput>mkdir -p /srv/named &&
283	cd /srv/named &&
284	mkdir -p dev etc/namedb/{slave,pz} usr/lib/engines var/run/named &&
285	mknod /srv/named/dev/null c 1 3 &&
286	mknod /srv/named/dev/urandom c 1 9 &&
287	chmod 666 /srv/named/dev/{null,urandom} &&
288	cp /etc/localtime etc &&
289	touch /srv/named/managed-keys.bind</userinput></screen>
290
291	<para>The <filename>rndc.conf</filename> file contains information for
292	controlling <command>named</command> operations with the
293	<command>rndc</command> utility. Generate a key for use in the <filename>named.conf</filename> and <filename>rdnc.conf</filename> with the
294	<command>rndc-confgen</command> command:</para>
295
296	<screen role="root"><userinput>rndc-confgen -a -b 512 -t /srv/named &&
297	sed '/conf/d;/^#/!d;s:^# ::' /etc/rndc.conf > /srv/named/etc/named.conf</userinput></screen>
298
299	<para>Complete the <filename>named.conf</filename> file from which
300	<command>named</command> will read the location of zone files, root
301	name servers and secure DNS keys:</para>
302
303	<screen role="root"><?dbfo keep-together="auto"?><userinput>cat >> /srv/named/etc/named.conf << "EOF"
304	<literal>options {
305	directory "/etc/named";
306	pid-file "/var/run/named.pid";
307	statistics-file "/var/run/named.stats";
308
309	};
310	zone "." {
311	type hint;
312	file "root.hints";
313	};
314	zone "0.0.127.in-addr.arpa" {
315	type master;
316	file "pz/127.0.0";
317	};
318
319	// Bind 9 now logs by default through syslog (except debug).
320	// These are the default logging rules.
321
322	logging {
323	category default { default_syslog; default_debug; };
324	category unmatched { null; };
325
326	channel default_syslog {
327	syslog daemon; // send to syslog's daemon
328	// facility
329	severity info; // only send priority info
330	// and higher
331	};
332
333	channel default_debug {
334	file "named.run"; // write to named.run in
335	// the working directory
336	// Note: stderr is used instead
337	// of "named.run"
338	// if the server is started
339	// with the '-f' option.
340	severity dynamic; // log at the server's
341	// current debug level
342	};
343
344	channel default_stderr {
345	stderr; // writes to stderr
346	severity info; // only send priority info
347	// and higher
348	};
349
350	channel null {
351	null; // toss anything sent to
352	// this channel
353	};
354	};</literal>
355	EOF</userinput></screen>
356
357	<para>Create a zone file with the following contents:</para>
358
359	<screen role="root"><userinput>cat > /srv/named/etc/named/pz/127.0.0 << "EOF"
360	<literal>$TTL 3D
361	@ IN SOA ns.local.domain. hostmaster.local.domain. (
362	1 ; Serial
363	8H ; Refresh
364	2H ; Retry
365	4W ; Expire
366	1D) ; Minimum TTL
367	NS ns.local.domain.
368	1 PTR localhost.</literal>
369	EOF</userinput></screen>
370
371	<para>Create the <filename>root.hints</filename> file with the following
372	commands:</para>
373
374	<note>
375	<para>Caution must be used to ensure there are no leading spaces in
376	this file.</para>
377	</note>
378
379	<screen role="root"><userinput>cat > /srv/named/etc/named/root.hints << "EOF"
380	<literal>. 6D IN NS A.ROOT-SERVERS.NET.
381	. 6D IN NS B.ROOT-SERVERS.NET.
382	. 6D IN NS C.ROOT-SERVERS.NET.
383	. 6D IN NS D.ROOT-SERVERS.NET.
384	. 6D IN NS E.ROOT-SERVERS.NET.
385	. 6D IN NS F.ROOT-SERVERS.NET.
386	. 6D IN NS G.ROOT-SERVERS.NET.
387	. 6D IN NS H.ROOT-SERVERS.NET.
388	. 6D IN NS I.ROOT-SERVERS.NET.
389	. 6D IN NS J.ROOT-SERVERS.NET.
390	. 6D IN NS K.ROOT-SERVERS.NET.
391	. 6D IN NS L.ROOT-SERVERS.NET.
392	. 6D IN NS M.ROOT-SERVERS.NET.
393	A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
394	A.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:ba3e::2:30
395	B.ROOT-SERVERS.NET. 6D IN A 192.228.79.201
396	B.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:200::b
397	C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
398	C.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2::c
399	D.ROOT-SERVERS.NET. 6D IN A 199.7.91.13
400	D.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2d::d
401	E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
402	E.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:a8::e
403	F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
404	F.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2f::f
405	G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
406	G.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:12::d0d
407	H.ROOT-SERVERS.NET. 6D IN A 198.97.190.53
408	H.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:1::53
409	I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
410	I.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fe::53
411	J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30
412	J.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:c27::2:30
413	K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129
414	K.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fd::1
415	L.ROOT-SERVERS.NET. 6D IN A 199.7.83.42
416	L.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:9f::42
417	M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33
418	M.ROOT-SERVERS.NET. 6D IN AAAA 2001:dc3::35</literal>
419	EOF</userinput></screen>
420
421	<para>The <filename>root.hints</filename> file is a list of root name
422	servers. This file must be updated periodically with the
423	<command>dig</command> utility. A current copy of root.hints can be
424	obtained from <ulink url="ftp://rs.internic.net/domain/named.root" />.
425	For details, consult the "BIND 9 Administrator Reference Manual", included
426	in every source archive of BIND 9 distributed by ISC, in HTML and PDF
427	formats, also available at
428	<ulink url="ftp://ftp.isc.org/isc/bind9/cur/&bind-minor-version;/doc/arm/Bv9ARM.html">
429	BIND 9 Administrator Reference Manual</ulink>.</para>
430
431	<para>Create or modify <filename>resolv.conf</filename> to use the new
432	name server with the following commands:</para>
433
434	<note>
435	<para>Replace <replaceable><yourdomain.com></replaceable> with
436	your own valid domain name.</para>
437	</note>
438
439	<screen role="root"><userinput>cp /etc/resolv.conf /etc/resolv.conf.bak &&
440	cat > /etc/resolv.conf << "EOF"
441	<literal>search <replaceable><yourdomain.com></replaceable>
442	nameserver 127.0.0.1</literal>
443	EOF</userinput></screen>
444
445	<para>Set permissions on the <command>chroot</command> jail with the
446	following command:</para>
447
448	<screen role="root"><userinput>chown -R named:named /srv/named</userinput></screen>
449
450	</sect3>
451
452	<sect3 id="bind-init">
453	<title><phrase revision="sysv">Boot Script</phrase>
454	<phrase revision="systemd">Systemd Unit</phrase></title>
455
456	<para>To start the DNS server at boot, install the
457	<phrase revision="sysv"><filename>/etc/rc.d/init.d/bind</filename> init
458	script</phrase>
459	<phrase revision="systemd"><filename>named.service</filename>
460	unit</phrase> included in the
461	<xref linkend="bootscripts" revision="sysv"/>
462	<xref linkend="systemd-units" revision="systemd"/> package.</para>
463
464	<indexterm zone="bind bind-init">
465	<primary sortas="f-bind">bind</primary>
466	</indexterm>
467
468	<screen role="root" revision="sysv"><userinput>make install-bind</userinput></screen>
469	<screen role="root" revision="systemd"><userinput>make install-named</userinput></screen>
470
471	<para>Now start <application>BIND</application> with
472	the following command:</para>
473
474	<screen role="root" revision="sysv"><userinput>/etc/rc.d/init.d/bind start</userinput></screen>
475	<screen role="root" revision="systemd"><userinput>systemctl start named</userinput></screen>
476
477	</sect3>
478
479	<sect3>
480	<title>Testing BIND</title>
481
482	<para>Test out the new <application>BIND</application> 9 installation.
483	First query the local host address with <command>dig</command>:</para>
484
485	<screen><userinput>dig -x 127.0.0.1</userinput></screen>
486
487	<para>Now try an external name lookup, taking note of the speed
488	difference in repeated lookups due to the caching. Run the
489	<command>dig</command> command twice on the same address:</para>
490
491	<screen><userinput>dig www.&lfs-domainname; &&
492	dig www.&lfs-domainname;</userinput></screen>
493
494	<para>You can see almost instantaneous results with the named caching
495	lookups. Consult the <application>BIND</application> Administrator
496	Reference Manual located at <filename>doc/arm/Bv9ARM.html</filename>
497	in the package source tree, for further configuration options.</para>
498
499	</sect3>
500
501	</sect2>
502
503	<sect2 role="content">
504	<title>Contents</title>
505
506	<segmentedlist>
507	<segtitle>Installed Programs</segtitle>
508	<segtitle>Installed Libraries</segtitle>
509	<segtitle>Installed Directories</segtitle>
510
511	<seglistitem>
512
513	<seg>arpaname, bind9-config hardlinked to isc-config.sh, ddns-confgen,
514	delv, dig, dnssec-dsfromkey,
515	dnssec-importkey, dnssec-keyfromlabel, dnssec-keygen, dnssec-revoke,
516	dnssec-settime, dnssec-signzone, dnssec-verify, genrandom, host,
517	isc-hmac-fixup, lwresd hardlinked to named, named-checkconf,
518	named-checkzone, named-compilezone (symlink), named-journalprint,
519	named-rrchecker, nsec3hash, nslookup, nsupdate, rndc, rndc-confgen,
520	and tsig-keygen (symlink)</seg>
521
522	<seg>libbind9.so, libdns.so, libirs.so, libisc.so, libisccc.so,
523	libisccfg.so, and liblwres.so</seg>
524
525	<seg>/usr/include/{bind9,dns,dst,irs,isc,isccc,isccfg,lwres,pk11,pkcs11},
526	/usr/share/doc/bind-&bind-version; and /srv/named</seg>
527	</seglistitem>
528	</segmentedlist>
529
530	<variablelist>
531	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
532	<?dbfo list-presentation="list"?>
533	<?dbhtml list-presentation="table"?>
534
535	<varlistentry id="arpaname">
536	<term><command>arpaname</command></term>
537	<listitem>
538	<para>
539	translates IP addresses to the corresponding ARPA names.
540	</para>
541	<indexterm zone="bind arpaname">
542	<primary sortas="b-arpaname">arpaname</primary>
543	</indexterm>
544	</listitem>
545	</varlistentry>
546
547	<varlistentry id="bind9-config">
548	<term><command>bind9-config</command></term>
549	<listitem>
550	<para>
551	is hardlinked to <command>isc-config.sh</command>.
552	</para>
553	<indexterm zone="bind bind9-config">
554	<primary sortas="b-bind9-config">bind9-config</primary>
555	</indexterm>
556	</listitem>
557	</varlistentry>
558
559	<varlistentry id="ddns-confgen">
560	<term><command>ddns-confgen</command></term>
561	<listitem>
562	<para>
563	generates a key for use by nsupdate and named.
564	</para>
565	<indexterm zone="bind ddns-confgen">
566	<primary sortas="b-ddns-confgen">ddns-confgen</primary>
567	</indexterm>
568	</listitem>
569	</varlistentry>
570
571	<varlistentry id="delv">
572	<term><command>delv</command></term>
573	<listitem>
574	<para>
575	is a new debugging tool that is a successor to
576	<command>dig</command>.
577	</para>
578	<indexterm zone="bind delv">
579	<primary sortas="b-delv">delv</primary>
580	</indexterm>
581	</listitem>
582	</varlistentry>
583
584	<varlistentry id="dig">
585	<term><command>dig</command></term>
586	<listitem>
587	<para>interrogates DNS servers.</para>
588	<indexterm zone="bind dig">
589	<primary sortas="b-dig">dig</primary>
590	</indexterm>
591	</listitem>
592	</varlistentry>
593	<!--
594	<varlistentry id="dnssec-checkds">
595	<term><command>dnssec-checkds</command></term>
596	<listitem>
597	<para>
598	is a DNSSEC delegation consistency checking tool.
599	</para>
600	<indexterm zone="bind dnssec-checkds">
601	<primary sortas="b-dnssec-checkds">dnssec-checkds</primary>
602	</indexterm>
603	</listitem>
604	</varlistentry>
605
606	<varlistentry id="dnssec-coverage">
607	<term><command>dnssec-coverage</command></term>
608	<listitem>
609	<para>
610	verifies that the DNSSEC keys for a given zone or a set of zones
611	have timing metadata set properly to ensure no future lapses
612	in DNSSEC coverage.
613	</para>
614	<indexterm zone="bind dnssec-coverage">
615	<primary sortas="b-dnssec-coverage">dnssec-coverage</primary>
616	</indexterm>
617	</listitem>
618	</varlistentry>-->
619
620	<varlistentry id="dnssec-dsfromkey">
621	<term><command>dnssec-dsfromkey</command></term>
622	<listitem>
623	<para>
624	outputs the Delegation Signer (DS) resource record (RR).
625	</para>
626	<indexterm zone="bind dnssec-dsfromkey">
627	<primary sortas="b-dnssec-dsfromkey">dnssec-dsfromkey</primary>
628	</indexterm>
629	</listitem>
630	</varlistentry>
631
632	<varlistentry id="dnssec-importkey">
633	<term><command>dnssec-importkey</command></term>
634	<listitem>
635	<para>
636	reads a public DNSKEY record and generates a pair of
637	.key/.private files.
638	</para>
639	<indexterm zone="bind dnssec-importkey">
640	<primary sortas="b-dnssec-importkey">dnssec-importkey</primary>
641	</indexterm>
642	</listitem>
643	</varlistentry>
644
645	<varlistentry id="dnssec-keyfromlabel">
646	<term><command>dnssec-keyfromlabel</command></term>
647	<listitem>
648	<para>
649	gets keys with the given label from a crypto hardware and builds
650	key files for DNSSEC.
651	</para>
652	<indexterm zone="bind dnssec-keyfromlabel">
653	<primary sortas="b-dnssec-keyfromlabel">dnssec-keyfromlabel</primary>
654	</indexterm>
655	</listitem>
656	</varlistentry>
657
658	<varlistentry id="dnssec-keygen">
659	<term><command>dnssec-keygen</command></term>
660	<listitem>
661	<para>is a key generator for secure DNS.</para>
662	<indexterm zone="bind dnssec-keygen">
663	<primary sortas="b-dnssec-keygen">dnssec-keygen</primary>
664	</indexterm>
665	</listitem>
666	</varlistentry>
667
668	<varlistentry id="dnssec-revoke">
669	<term><command>dnssec-revoke</command></term>
670	<listitem>
671	<para>
672	sets the REVOKED bit on a DNSSEC key.
673	</para>
674	<indexterm zone="bind dnssec-revoke">
675	<primary sortas="b-dnssec-revoke">dnssec-revoke</primary>
676	</indexterm>
677	</listitem>
678	</varlistentry>
679
680	<varlistentry id="dnssec-settime">
681	<term><command>dnssec-settime</command></term>
682	<listitem>
683	<para>
684	sets the key timing metadata for a DNSSEC key.
685	</para>
686	<indexterm zone="bind dnssec-settime">
687	<primary sortas="b-dnssec-settime">dnssec-settime</primary>
688	</indexterm>
689	</listitem>
690	</varlistentry>
691
692	<varlistentry id="dnssec-signzone">
693	<term><command>dnssec-signzone</command></term>
694	<listitem>
695	<para>generates signed versions of zone files.</para>
696	<indexterm zone="bind dnssec-signzone">
697	<primary sortas="b-dnssec-signzone">dnssec-signzone</primary>
698	</indexterm>
699	</listitem>
700	</varlistentry>
701
702	<varlistentry id="dnssec-verify">
703	<term><command>dnssec-verify</command></term>
704	<listitem>
705	<para>
706	verifies that a zone is fully signed for each algorithm found
707	in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
708	chains are complete.
709	</para>
710	<indexterm zone="bind dnssec-verify">
711	<primary sortas="b-dnssec-verify">dnssec-verify</primary>
712	</indexterm>
713	</listitem>
714	</varlistentry>
715
716	<varlistentry id="genrandom">
717	<term><command>genrandom</command></term>
718	<listitem>
719	<para>
720	generates a file containing random data.
721	</para>
722	<indexterm zone="bind genrandom">
723	<primary sortas="b-genrandom">genrandom</primary>
724	</indexterm>
725	</listitem>
726	</varlistentry>
727
728	<varlistentry id="host">
729	<term><command>host</command></term>
730	<listitem>
731	<para>is a utility for DNS lookups.</para>
732	<indexterm zone="bind host">
733	<primary sortas="b-host">host</primary>
734	</indexterm>
735	</listitem>
736	</varlistentry>
737
738	<varlistentry id="isc-config.sh">
739	<term><command>isc-config.sh</command></term>
740	<listitem>
741	<para>
742	prints information related to the installed version of ISC BIND.
743	</para>
744	<indexterm zone="bind isc-config.sh">
745	<primary sortas="b-isc-config.sh">isc-config.sh</primary>
746	</indexterm>
747	</listitem>
748	</varlistentry>
749
750	<varlistentry id="isc-hmac-fixup">
751	<term><command>isc-hmac-fixup</command></term>
752	<listitem>
753	<para>
754	fixes HMAC keys generated by older versions of BIND.
755	</para>
756	<indexterm zone="bind isc-hmac-fixup">
757	<primary sortas="b-isc-hmac-fixup">isc-hmac-fixup</primary>
758	</indexterm>
759	</listitem>
760	</varlistentry>
761
762	<varlistentry id="lwresd">
763	<term><command>lwresd</command></term>
764	<listitem>
765	<para>is a caching-only name server for local process use.</para>
766	<indexterm zone="bind lwresd">
767	<primary sortas="b-lwresd">lwresd</primary>
768	</indexterm>
769	</listitem>
770	</varlistentry>
771
772	<varlistentry id="named">
773	<term><command>named</command></term>
774	<listitem>
775	<para>is the name server daemon.</para>
776	<indexterm zone="bind named">
777	<primary sortas="b-named">named</primary>
778	</indexterm>
779	</listitem>
780	</varlistentry>
781
782	<varlistentry id="named-checkconf">
783	<term><command>named-checkconf</command></term>
784	<listitem>
785	<para>checks the syntax of <filename>named.conf</filename>
786	files.</para>
787	<indexterm zone="bind named-checkconf">
788	<primary sortas="b-named-checkconf">named-checkconf</primary>
789	</indexterm>
790	</listitem>
791	</varlistentry>
792
793	<varlistentry id="named-checkzone">
794	<term><command>named-checkzone</command></term>
795	<listitem>
796	<para>checks zone file validity.</para>
797	<indexterm zone="bind named-checkzone">
798	<primary sortas="b-named-checkzone">named-checkzone</primary>
799	</indexterm>
800	</listitem>
801	</varlistentry>
802
803	<varlistentry id="named-compilezone">
804	<term><command>named-compilezone</command></term>
805	<listitem>
806	<para>
807	is similar to <command>named-checkzone</command>, but it always
808	dumps the zone contents to a specified file in a specified format.
809	</para>
810	<indexterm zone="bind named-compilezone">
811	<primary sortas="b-named-compilezone">named-compilezone</primary>
812	</indexterm>
813	</listitem>
814	</varlistentry>
815
816	<varlistentry id="named-journalprint">
817	<term><command>named-journalprint</command></term>
818	<listitem>
819	<para>
820	prints the zone journal in human-readable form.
821	</para>
822	<indexterm zone="bind named-journalprint">
823	<primary sortas="b-named-journalprint">named-journalprint</primary>
824	</indexterm>
825	</listitem>
826	</varlistentry>
827
828	<varlistentry id="named-rrchecker">
829	<term><command>named-rrchecker</command></term>
830	<listitem>
831	<para>
832	reads an individual DNS resource record from standard input and
833	checks if it is syntactically correct.
834	</para>
835	<indexterm zone="bind named-rrchecker">
836	<primary sortas="b-named-rrchecker">named-rrchecker</primary>
837	</indexterm>
838	</listitem>
839	</varlistentry>
840
841	<varlistentry id="nsec3hash">
842	<term><command>nsec3hash</command></term>
843	<listitem>
844	<para>
845	generates an NSEC3 hash based on a set of NSEC3 parameters.
846	</para>
847	<indexterm zone="bind nsec3hash">
848	<primary sortas="b-nsec3hash">nsec3hash</primary>
849	</indexterm>
850	</listitem>
851	</varlistentry>
852
853	<varlistentry id="nslookup">
854	<term><command>nslookup</command></term>
855	<listitem>
856	<para>is a program used to query Internet domain nameservers.</para>
857	<indexterm zone="bind nslookup">
858	<primary sortas="b-nslookup">nslookup</primary>
859	</indexterm>
860	</listitem>
861	</varlistentry>
862
863	<varlistentry id="nsupdate">
864	<term><command>nsupdate</command></term>
865	<listitem>
866	<para>is used to submit DNS update requests.</para>
867	<indexterm zone="bind nsupdate">
868	<primary sortas="b-nsupdate">nsupdate</primary>
869	</indexterm>
870	</listitem>
871	</varlistentry>
872
873	<varlistentry id="rndc">
874	<term><command>rndc</command></term>
875	<listitem>
876	<para>controls the operation of <application>BIND</application>.</para>
877	<indexterm zone="bind rndc">
878	<primary sortas="b-rndc">rndc</primary>
879	</indexterm>
880	</listitem>
881	</varlistentry>
882
883	<varlistentry id="rndc-confgen">
884	<term><command>rndc-confgen</command></term>
885	<listitem>
886	<para>generates <filename>rndc.conf</filename> files.</para>
887	<indexterm zone="bind rndc-confgen">
888	<primary sortas="b-rndc-confgen">rndc-confgen</primary>
889	</indexterm>
890	</listitem>
891	</varlistentry>
892
893	<varlistentry id="tsig-keygen">
894	<term><command>tsig-keygen</command></term>
895	<listitem>
896	<para>
897	is a symlink to <command>ddns-confgen</command>.
898	</para>
899	<indexterm zone="bind tsig-keygen">
900	<primary sortas="b-tsig-keygen">tsig-keygen</primary>
901	</indexterm>
902	</listitem>
903	</varlistentry>
904
905	</variablelist>
906
907	</sect2>
908
909	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: server/major/bind.xml@ cdf0106

Download in other formats: