Context Navigation

source: server/major/bind.xml

Visit:

trunk

Last change on this file was 17f6553e, checked in by Bruce Dubbs <bdubbs@…>, 5 weeks ago
Update to bind utilities/bind-9.18.25.
Property mode set to `100644`
File size: 32.6 KB

Line
1	<?xml version="1.0" encoding="UTF-8"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY bind-download-http "https://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.xz">
8	<!ENTITY bind-download-ftp " ">
9	<!ENTITY bind-md5sum "&bind-md5;">
10	<!ENTITY bind-size "5.3 MB">
11	<!ENTITY bind-buildsize "127 MB (21 MB installed)">
12	<!ENTITY bind-time "0.5 SBU (with parallelism=4; about 40 minutes somewhat processor independent, to run the complete test suite)">
13	]>
14
15	<sect1 id="bind" xreflabel="BIND-&bind-version;">
16	<?dbhtml filename="bind.html"?>
17
18
19	<title>BIND-&bind-version;</title>
20
21	<indexterm zone="bind">
22	<primary sortas="a-BIND">BIND</primary>
23	</indexterm>
24
25	<sect2 role="package">
26	<title>Introduction to BIND</title>
27
28	<para>
29	The <application>BIND</application> package provides a DNS server
30	and client utilities. If you are only interested in the utilities, refer
31	to the <xref linkend="bind-utils"/>.
32	</para>
33
34	&lfs121_checked;
35
36	<bridgehead renderas="sect3">Package Information</bridgehead>
37	<itemizedlist spacing="compact">
38	<listitem>
39	<para>
40	Download (HTTP): <ulink url="&bind-download-http;"/>
41	</para>
42	</listitem>
43	<listitem>
44	<para>
45	Download (FTP): <ulink url="&bind-download-ftp;"/>
46	</para>
47	</listitem>
48	<listitem>
49	<para>
50	Download MD5 sum: &bind-md5sum;
51	</para>
52	</listitem>
53	<listitem>
54	<para>
55	Download size: &bind-size;
56	</para>
57	</listitem>
58	<listitem>
59	<para>
60	Estimated disk space required: &bind-buildsize;
61	</para>
62	</listitem>
63	<listitem>
64	<para>
65	Estimated build time: &bind-time;
66	</para>
67	</listitem>
68	</itemizedlist>
69	<!--
70	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
71	<itemizedlist spacing="compact">
72	<listitem>
73	<para>
74	Required patch:
75	<ulink url="&patch-root;/bind-&bind-version;-upstream_fixes-1.patch"/>
76	</para>
77	</listitem>
78	</itemizedlist>
79	-->
80	<bridgehead renderas="sect3">BIND Dependencies</bridgehead>
81
82	<bridgehead renderas="sect4">Required</bridgehead>
83	<para role="required">
84	<xref linkend="libuv"/>
85	</para>
86
87	<bridgehead renderas="sect4">Recommended</bridgehead>
88	<para role="recommended">
89	<xref linkend="json-c"/>,
90	<xref linkend="libcap-pam"/>, and
91	<xref linkend="nghttp2"/>
92	</para>
93
94	<bridgehead renderas="sect4">Optional</bridgehead>
95	<para role="optional">
96	<xref linkend="curl"/>,
97	<xref linkend="libidn2"/>,
98	<xref linkend="libxml2"/>,
99	<xref linkend="lmdb"/>,
100	<xref linkend="mitkrb"/>,
101	<xref linkend="pytest"/>,
102	<xref linkend="sphinx"/> (required to build documentation),
103	<ulink url="https://cmocka.org/">cmocka</ulink>,
104	<ulink url="https://github.com/cjheath/geoip">geoip</ulink>,
105	<ulink url="https://github.com/jemalloc/jemalloc">jemalloc</ulink>,
106	<ulink url="&w3m-url;">w3m</ulink>
107	</para>
108
109	<bridgehead renderas="sect4">Optional database backends</bridgehead>
110	<para role="optional">
111	<xref linkend="mariadb"/> or <ulink url="https://www.mysql.com/">MySQL</ulink>,
112	<xref linkend="openldap"/>,
113	<xref linkend="postgresql"/>,
114	<xref linkend="unixodbc"/>, and
115	&berkeley-db;
116	</para>
117
118	<bridgehead renderas="sect4">Optional (to run the test suite)</bridgehead>
119	<para role="optional">
120	<xref linkend="perl-net-dns"/>
121	</para>
122
123	<para condition="html" role="usernotes">
124	Editor Notes: <ulink url="&blfs-wiki;/bind"/>
125	</para>
126
127	</sect2>
128
129	<sect2 role="installation">
130	<title>Installation of BIND</title>
131
132	<!--
133	<para>
134	To ensure <application>BIND</application> will build dnssec-keymgr,
135	install a python module as the <systemitem
136	class="username">root</systemitem> user:
137	</para>
138
139	<screen role="root"><userinput>pip3 install ply</userinput></screen>
140	-->
141
142	<note>
143	<para>
144	Starting with bind-9.18.20, the IP addresses for B.ROOT-SERVERS.NET
145	have changed.
146	</para>
147	</note>
148
149	<para>
150	Install <application>BIND</application> by running the
151	following commands:
152	</para>
153
154	<screen><userinput>./configure --prefix=/usr \
155	--sysconfdir=/etc \
156	--localstatedir=/var \
157	--mandir=/usr/share/man \
158	--disable-static &&
159	make</userinput></screen>
160
161	<para>
162	Issue the following commands to run the complete suite of tests.
163	First, as the <systemitem class="username">root</systemitem> user, set up
164	some test interfaces:
165	</para>
166
167	<note>
168	<para>
169	If IPv6 is not enabled in the kernel, there will be several
170	error messages: "RTNETLINK answers: Operation not permitted". These
171	messages do not affect the tests.
172	</para>
173	</note>
174
175	<screen role="root"
176	remap="test"><userinput>bin/tests/system/ifconfig.sh up</userinput></screen>
177
178	<para>
179	The test suite may indicate some skipped tests depending on
180	what configuration options are used. Some tests are marked
181	<quote>UNTESTED</quote> or do even fail if <xref linkend="perl-net-dns"/>
182	is not installed. Two tests, <filename>resolver</filename> and
183	<filename>dispatch</filename>, are known to fail.
184	To run the tests, as an unprivileged user, execute:
185	</para>
186
187	<screen remap="test"><userinput>make -k check</userinput></screen>
188
189	<para>
190	Again as <systemitem class="username">root</systemitem>, clean up the
191	test interfaces:
192	</para>
193
194	<screen role="root"
195	remap="test"><userinput>bin/tests/system/ifconfig.sh down</userinput></screen>
196
197	<para>
198	Finally, install the package as the <systemitem
199	class="username">root</systemitem> user:
200	</para>
201
202	<!-- Documentation is an issue - The docs are now all in .rst format and appear
203	to be sphinx based. install source .rst files for now...
204
205	leave docs untouched as they does only use disk space when not
206	used to recreate the docs via Sphinx. I've added a note regarding
207	the documentation. (thomas)
208
209	<screen role="root"><userinput>make install &&
210
211	install -vdm 755 /usr/share/doc/bind-&bind-version;/{arm,dnssec-guide} &&
212	install doc/arm/* /usr/share/doc/bind-&bind-version;/arm &&
213	install doc/dnssec-guide/* /usr/share/doc/bind-&bind-version;/dnssec-guide</userinput></screen>
214	-->
215	<screen role="root"><userinput>make install</userinput></screen>
216
217	</sect2>
218
219	<sect2 role="commands">
220	<title>Command Explanations</title>
221
222	<para>
223	<parameter>--sysconfdir=/etc</parameter>: This parameter forces
224	<application>BIND</application> to look for configuration
225	files in <filename class='directory'>/etc</filename> instead of
226	<filename class='directory'>/usr/etc</filename>.
227	</para>
228
229	<!-- Seems to be removed in 9.18.0
230	<para>
231	<parameter>- -with-libtool</parameter>: This parameter forces the
232	building of dynamic libraries and links the installed binaries to these
233	libraries.
234	</para>
235	-->
236
237	<para>
238	<option>--with-libidn2</option>: This parameter enables
239	the IDNA2008 (Internationalized Domain Names in Applications)
240	support.
241	</para>
242
243	<para>
244	<option>--enable-fetchlimit</option>: Use this option if you want
245	to be able to limit the rate of recursive client queries. This may be
246	useful on servers which receive a large number of queries.
247	</para>
248
249	<para>
250	<option>--disable-linux-caps</option>: BIND can also be built without
251	capability support by using this option, at the cost of some loss of
252	security.
253	</para>
254
255	<para>
256	<option>--with-dlz-{mysql,bdb,filesystem,ldap,odbc,stub}</option>: Use
257	one (or more) of those options to add Dynamically Loadable Zones support.
258	For more information refer to <ulink
259	url="https://bind-dlz.sourceforge.net/">bind-dlz.sourceforge.net</ulink>.
260	</para>
261
262	<para>
263	<option>--disable-doh</option>: Use this option if you do not have
264	<xref linkend="nghttp2" role="nodep"/> installed and do not need support
265	for DNS over HTTPS.
266	</para>
267
268	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
269	href="../../xincludes/static-libraries.xml"/>
270
271	</sect2>
272
273	<sect2 role="configuration">
274	<title>Configuring BIND</title>
275
276	<sect3 id="bind-config">
277	<title>Config files</title>
278
279	<para>
280	<filename>named.conf</filename>,
281	<filename>root.hints</filename>,
282	<filename>127.0.0</filename>,
283	<filename>rndc.conf</filename>, and
284	<filename>resolv.conf</filename>
285	</para>
286
287	<indexterm zone="bind bind-config">
288	<primary sortas="e-etc-named.conf">/etc/named.conf</primary>
289	</indexterm>
290
291	<indexterm zone="bind bind-config">
292	<primary sortas="e-etc-rndc.conf">/etc/rndc.conf</primary>
293	</indexterm>
294
295	<indexterm zone="bind bind-config">
296	<primary sortas="e-etc-resolv.conf">/etc/resolv.conf</primary>
297	</indexterm>
298
299	<indexterm zone="bind bind-config">
300	<primary
301	sortas="e-etc-namedb-root.hints">/etc/namedb/root.hints</primary>
302	</indexterm>
303
304	<indexterm zone="bind bind-config">
305	<primary
306	sortas="e-etc-namedb-pz-127.0.0.0">/etc/namedb/pz/127.0.0.0</primary>
307	</indexterm>
308	</sect3>
309
310	<sect3>
311	<title>Configuration Information</title>
312
313	<para>
314	<application>BIND</application> will be configured to run in a
315	<command>chroot</command> jail as an unprivileged user (<systemitem
316	class="username">named</systemitem>). This configuration is more secure
317	in that a DNS compromise can only affect a few files in the <systemitem
318	class="username">named</systemitem> user's <envar>HOME</envar>
319	directory.
320	</para>
321
322	<para>
323	Create the unprivileged user and group <systemitem
324	class="username">named</systemitem>:
325	</para>
326
327	<screen role="root"><userinput>groupadd -g 20 named &&
328	useradd -c "BIND Owner" -g named -s /bin/false -u 20 named &&
329	install -d -m770 -o named -g named /srv/named</userinput></screen>
330
331	<para>
332	Set up some files, directories and devices needed by
333	<application>BIND</application>:
334	</para>
335
336	<screen role="root"><userinput>mkdir -p /srv/named &&
337	cd /srv/named &&
338	mkdir -p dev etc/named/{slave,pz} usr/lib/engines var/run/named &&
339	mknod /srv/named/dev/null c 1 3 &&
340	mknod /srv/named/dev/urandom c 1 9 &&
341	chmod 666 /srv/named/dev/{null,urandom} &&
342	cp /etc/localtime etc</userinput></screen>
343
344	<para>
345	The <filename>rndc.conf</filename> file contains information for
346	controlling <command>named</command> operations with the
347	<command>rndc</command> utility. Generate a key for use in the
348	<filename>named.conf</filename> and <filename>rndc.conf</filename>
349	with the <command>rndc-confgen</command> command:
350	</para>
351
352	<screen role="root"><userinput>rndc-confgen -a -b 512 -t /srv/named</userinput></screen>
353
354	<para>
355	Create the <filename>named.conf</filename> file from which
356	<command>named</command> will read the location of zone files, root
357	name servers and secure DNS keys:
358	</para>
359
360	<screen role="root"><?dbfo keep-together="auto"?><userinput>cat >> /srv/named/etc/named.conf << "EOF"
361	<literal>options {
362	directory "/etc/named";
363	pid-file "/var/run/named.pid";
364	statistics-file "/var/run/named.stats";
365
366	};
367	zone "." {
368	type hint;
369	file "root.hints";
370	};
371	zone "0.0.127.in-addr.arpa" {
372	type master;
373	file "pz/127.0.0";
374	};
375
376	// Bind 9 now logs by default through syslog (except debug).
377	// These are the default logging rules.
378
379	logging {
380	category default { default_syslog; default_debug; };
381	category unmatched { null; };
382
383	channel default_syslog {
384	syslog daemon; // send to syslog's daemon
385	// facility
386	severity info; // only send priority info
387	// and higher
388	};
389
390	channel default_debug {
391	file "named.run"; // write to named.run in
392	// the working directory
393	// Note: stderr is used instead
394	// of "named.run"
395	// if the server is started
396	// with the '-f' option.
397	severity dynamic; // log at the server's
398	// current debug level
399	};
400
401	channel default_stderr {
402	stderr; // writes to stderr
403	severity info; // only send priority info
404	// and higher
405	};
406
407	channel null {
408	null; // toss anything sent to
409	// this channel
410	};
411	};</literal>
412	EOF</userinput></screen>
413
414	<para>
415	Create a zone file with the following contents:
416	</para>
417
418	<screen role="root"><userinput>cat > /srv/named/etc/named/pz/127.0.0 << "EOF"
419	<literal>$TTL 3D
420	@ IN SOA ns.local.domain. hostmaster.local.domain. (
421	1 ; Serial
422	8H ; Refresh
423	2H ; Retry
424	4W ; Expire
425	1D) ; Minimum TTL
426	NS ns.local.domain.
427	1 PTR localhost.</literal>
428	EOF</userinput></screen>
429
430	<para>
431	Create the <filename>root.hints</filename> file with the following
432	commands:
433	</para>
434
435	<note>
436	<para>
437	Caution must be used to ensure there are no leading spaces in
438	this file.
439	</para>
440	</note>
441
442	<screen role="root"><userinput>cat > /srv/named/etc/named/root.hints << "EOF"
443	<literal>. 6D IN NS A.ROOT-SERVERS.NET.
444	. 6D IN NS B.ROOT-SERVERS.NET.
445	. 6D IN NS C.ROOT-SERVERS.NET.
446	. 6D IN NS D.ROOT-SERVERS.NET.
447	. 6D IN NS E.ROOT-SERVERS.NET.
448	. 6D IN NS F.ROOT-SERVERS.NET.
449	. 6D IN NS G.ROOT-SERVERS.NET.
450	. 6D IN NS H.ROOT-SERVERS.NET.
451	. 6D IN NS I.ROOT-SERVERS.NET.
452	. 6D IN NS J.ROOT-SERVERS.NET.
453	. 6D IN NS K.ROOT-SERVERS.NET.
454	. 6D IN NS L.ROOT-SERVERS.NET.
455	. 6D IN NS M.ROOT-SERVERS.NET.
456	A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
457	A.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:ba3e::2:30
458	B.ROOT-SERVERS.NET. 6D IN A 170.247.170.2
459	B.ROOT-SERVERS.NET. 6D IN AAAA 2801:1b8:10::b
460	C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
461	C.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2::c
462	D.ROOT-SERVERS.NET. 6D IN A 199.7.91.13
463	D.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2d::d
464	E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
465	E.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:a8::e
466	F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
467	F.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2f::f
468	G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
469	G.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:12::d0d
470	H.ROOT-SERVERS.NET. 6D IN A 198.97.190.53
471	H.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:1::53
472	I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
473	I.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fe::53
474	J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30
475	J.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:c27::2:30
476	K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129
477	K.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fd::1
478	L.ROOT-SERVERS.NET. 6D IN A 199.7.83.42
479	L.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:9f::42
480	M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33
481	M.ROOT-SERVERS.NET. 6D IN AAAA 2001:dc3::35</literal>
482	EOF</userinput></screen>
483
484	<para>
485	The <filename>root.hints</filename> file is a list of root name
486	servers. This file must be updated periodically with the
487	<command>dig</command> utility. A current copy of root.hints can be
488	obtained from <ulink url="https://www.internic.net/domain/named.root"/>.
489	For details, consult the "BIND 9 Administrator Reference Manual".
490	</para>
491
492	<para>
493	Create or modify <filename>resolv.conf</filename> to use the new
494	name server with the following commands:
495	</para>
496
497	<note>
498	<para>
499	Replace <replaceable><yourdomain.com></replaceable> with
500	your own valid domain name.
501	</para>
502	</note>
503
504	<screen role="root"><userinput>cp /etc/resolv.conf /etc/resolv.conf.bak &&
505	cat > /etc/resolv.conf << "EOF"
506	<literal>search <replaceable><yourdomain.com></replaceable>
507	nameserver 127.0.0.1</literal>
508	EOF</userinput></screen>
509
510	<para>
511	Set permissions on the <command>chroot</command> jail with the
512	following command:
513	</para>
514
515	<screen role="root"><userinput>chown -R named:named /srv/named</userinput></screen>
516
517	</sect3>
518
519	<sect3 id="bind-init">
520	<title><phrase revision="sysv">Boot Script</phrase>
521	<phrase revision="systemd">Systemd Unit</phrase></title>
522
523	<para>
524	To start the DNS server at boot, install the
525	<phrase revision="sysv"><filename>/etc/rc.d/init.d/bind</filename> init
526	script</phrase>
527	<phrase revision="systemd"><filename>named.service</filename>
528	unit</phrase> included in the
529	<xref linkend="bootscripts" revision="sysv"/>
530	<xref linkend="systemd-units" revision="systemd"/> package:
531	</para>
532
533	<indexterm zone="bind bind-init">
534	<primary sortas="f-bind">bind</primary>
535	</indexterm>
536
537	<screen role="root" revision="sysv"><userinput>make install-bind</userinput></screen>
538	<screen role="root" revision="systemd"><userinput>make install-named</userinput></screen>
539
540	<para>
541	Now start <application>BIND</application> with the following command:
542	</para>
543
544	<screen role="root" revision="sysv"><userinput>/etc/rc.d/init.d/bind start</userinput></screen>
545	<screen role="root" revision="systemd"><userinput>systemctl start named</userinput></screen>
546
547	</sect3>
548
549	<sect3>
550	<title>Testing BIND</title>
551
552	<para>
553	Test out the new <application>BIND</application> 9 installation.
554	First query the local host address with <command>dig</command>:
555	</para>
556
557	<screen><userinput>dig -x 127.0.0.1</userinput></screen>
558
559	<para>
560	Now try an external name lookup, taking note of the speed
561	difference in repeated lookups due to the caching. Run the
562	<command>dig</command> command twice on the same address:
563	</para>
564
565	<screen><userinput>dig www.&lfs-domainname; &&
566	dig www.&lfs-domainname;</userinput></screen>
567
568	<para>
569	You can see almost instantaneous results with the named caching
570	lookups. Consult the <application>BIND</application> Administrator
571	Reference Manual (see below) for further configuration options.
572	</para>
573
574	</sect3>
575
576	</sect2>
577
578	<sect2>
579	<title>Administrator Reference Manual (ARM)</title>
580
581	<para>
582	The ARM documentation (do not confuse with the processor architecture)
583	is included in the source package. The documentation is in .rst
584	format which means that it can be converted in human readable formats
585	if <xref linkend="sphinx"/> is installed.
586	</para>
587
588	<para>
589	When <application>BIND</application> is set up, especially if it is going
590	to be operating in a real live scenario, it is <emphasis>highly</emphasis>
591	recommended to consult the ARM documentation. ISC provides an
592	updated set of excellent documentation along with every release
593	so it can be easily viewed and/or downloaded – so there is
594	no excuse to not read the docs. The formats ISC provides are PDF,
595	epub and html at <ulink url="https://downloads.isc.org/isc/bind9/&bind-version;/doc/arm/"/>.
596	</para>
597	</sect2>
598
599	<sect2 role="content">
600	<title>Contents</title>
601
602	<segmentedlist>
603	<segtitle>Installed Programs</segtitle>
604	<segtitle>Installed Libraries</segtitle>
605	<segtitle>Installed Directories</segtitle>
606
607	<seglistitem>
608
609	<seg>arpaname, ddns-confgen, delv, dig, dnssec-cds,
610	dnssec-dsfromkey, dnssec-importkey, dnssec-keyfromlabel, dnssec-keygen,
611	dnssec-revoke, dnssec-settime, dnssec-signzone,
612	dnssec-verify, host, mdig, named, named-checkconf,
613	named-checkzone, named-compilezone, named-journalprint,
614	named-nzd2nzf, named-rrchecker, nsec3hash, nslookup, nsupdate, rndc,
615	rndc-confgen, and tsig-keygen (symlink)</seg>
616
617	<seg>libbind9.so, libdns.so, libirs.so, libisc.so, libisccc.so,
618	libisccfg.so, and libns.so</seg>
619
620	<seg>/usr/include/{bind9,dns,dst,irs,isc,isccc,isccfg,ns},
621	/usr/lib/bind,
622	and /srv/named</seg>
623	</seglistitem>
624	</segmentedlist>
625
626	<variablelist>
627	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
628	<?dbfo list-presentation="list"?>
629	<?dbhtml list-presentation="table"?>
630
631	<varlistentry id="arpaname">
632	<term><command>arpaname</command></term>
633	<listitem>
634	<para>
635	translates IP addresses to the corresponding ARPA names
636	</para>
637	<indexterm zone="bind arpaname">
638	<primary sortas="b-arpaname">arpaname</primary>
639	</indexterm>
640	</listitem>
641	</varlistentry>
642
643	<varlistentry id="ddns-confgen">
644	<term><command>ddns-confgen</command></term>
645	<listitem>
646	<para>
647	generates a key for use by nsupdate and named
648	</para>
649	<indexterm zone="bind ddns-confgen">
650	<primary sortas="b-ddns-confgen">ddns-confgen</primary>
651	</indexterm>
652	</listitem>
653	</varlistentry>
654
655	<varlistentry id="delv">
656	<term><command>delv</command></term>
657	<listitem>
658	<para>
659	is a new debugging tool that is a successor to
660	<command>dig</command>
661	</para>
662	<indexterm zone="bind delv">
663	<primary sortas="b-delv">delv</primary>
664	</indexterm>
665	</listitem>
666	</varlistentry>
667
668	<varlistentry id="dig">
669	<term><command>dig</command></term>
670	<listitem>
671	<para>
672	interrogates DNS servers
673	</para>
674	<indexterm zone="bind dig">
675	<primary sortas="b-dig">dig</primary>
676	</indexterm>
677	</listitem>
678	</varlistentry>
679
680	<varlistentry id="dnssec-cds">
681	<term><command>dnssec-cds</command></term>
682	<listitem>
683	<para>
684	changes DS records for a child zone based on
685	CDS/CDNSKEY
686	</para>
687	<indexterm zone="bind dnssec-cds">
688	<primary sortas="b-dnssec-cds">dnssec-cds</primary>
689	</indexterm>
690	</listitem>
691	</varlistentry>
692
693	<varlistentry id="dnssec-dsfromkey">
694	<term><command>dnssec-dsfromkey</command></term>
695	<listitem>
696	<para>
697	outputs the Delegation Signer (DS) resource record (RR)
698	</para>
699	<indexterm zone="bind dnssec-dsfromkey">
700	<primary sortas="b-dnssec-dsfromkey">dnssec-dsfromkey</primary>
701	</indexterm>
702	</listitem>
703	</varlistentry>
704
705	<varlistentry id="dnssec-importkey">
706	<term><command>dnssec-importkey</command></term>
707	<listitem>
708	<para>
709	reads a public DNSKEY record and generates a pair of
710	.key/.private files
711	</para>
712	<indexterm zone="bind dnssec-importkey">
713	<primary sortas="b-dnssec-importkey">dnssec-importkey</primary>
714	</indexterm>
715	</listitem>
716	</varlistentry>
717
718	<varlistentry id="dnssec-keyfromlabel">
719	<term><command>dnssec-keyfromlabel</command></term>
720	<listitem>
721	<para>
722	gets keys with the given label from a cryptography hardware device
723	and builds key files for DNSSEC
724	</para>
725	<indexterm zone="bind dnssec-keyfromlabel">
726	<primary sortas="b-dnssec-keyfromlabel">dnssec-keyfromlabel</primary>
727	</indexterm>
728	</listitem>
729	</varlistentry>
730
731	<varlistentry id="dnssec-keymgr">
732	<term><command>dnssec-keymgr</command></term>
733	<listitem>
734	<para>
735	ensures correct DNSKEY coverage based on a defined policy
736	</para>
737	<indexterm zone="bind dnssec-keymgr">
738	<primary sortas="b-dnssec-keymgr">dnssec-keymgr</primary>
739	</indexterm>
740	</listitem>
741	</varlistentry>
742
743	<varlistentry id="dnssec-revoke">
744	<term><command>dnssec-revoke</command></term>
745	<listitem>
746	<para>
747	sets the REVOKED bit on a DNSSEC key
748	</para>
749	<indexterm zone="bind dnssec-revoke">
750	<primary sortas="b-dnssec-revoke">dnssec-revoke</primary>
751	</indexterm>
752	</listitem>
753	</varlistentry>
754
755	<varlistentry id="dnssec-settime">
756	<term><command>dnssec-settime</command></term>
757	<listitem>
758	<para>
759	sets the key timing metadata for a DNSSEC key
760	</para>
761	<indexterm zone="bind dnssec-settime">
762	<primary sortas="b-dnssec-settime">dnssec-settime</primary>
763	</indexterm>
764	</listitem>
765	</varlistentry>
766
767	<varlistentry id="dnssec-signzone">
768	<term><command>dnssec-signzone</command></term>
769	<listitem>
770	<para>
771	generates signed versions of zone files
772	</para>
773	<indexterm zone="bind dnssec-signzone">
774	<primary sortas="b-dnssec-signzone">dnssec-signzone</primary>
775	</indexterm>
776	</listitem>
777	</varlistentry>
778
779	<varlistentry id="dnssec-verify">
780	<term><command>dnssec-verify</command></term>
781	<listitem>
782	<para>
783	verifies that a zone is fully signed for each algorithm found
784	in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
785	chains are complete
786	</para>
787	<indexterm zone="bind dnssec-verify">
788	<primary sortas="b-dnssec-verify">dnssec-verify</primary>
789	</indexterm>
790	</listitem>
791	</varlistentry>
792
793	<varlistentry id="host">
794	<term><command>host</command></term>
795	<listitem>
796	<para>
797	is a utility for DNS lookups
798	</para>
799	<indexterm zone="bind host">
800	<primary sortas="b-host">host</primary>
801	</indexterm>
802	</listitem>
803	</varlistentry>
804
805	<varlistentry id="mdig">
806	<term><command>mdig</command></term>
807	<listitem>
808	<para>
809	is a version of dig that allows multiple queries at once
810	</para>
811	<indexterm zone="bind mdig">
812	<primary sortas="b-mdig">mdig</primary>
813	</indexterm>
814	</listitem>
815	</varlistentry>
816
817	<varlistentry id="named">
818	<term><command>named</command></term>
819	<listitem>
820	<para>
821	is the name server daemon
822	</para>
823	<indexterm zone="bind named">
824	<primary sortas="b-named">named</primary>
825	</indexterm>
826	</listitem>
827	</varlistentry>
828
829	<varlistentry id="named-checkconf">
830	<term><command>named-checkconf</command></term>
831	<listitem>
832	<para>
833	checks the syntax of <filename>named.conf</filename>
834	files
835	</para>
836	<indexterm zone="bind named-checkconf">
837	<primary sortas="b-named-checkconf">named-checkconf</primary>
838	</indexterm>
839	</listitem>
840	</varlistentry>
841
842	<varlistentry id="named-checkzone">
843	<term><command>named-checkzone</command></term>
844	<listitem>
845	<para>
846	checks zone file validity
847	</para>
848	<indexterm zone="bind named-checkzone">
849	<primary sortas="b-named-checkzone">named-checkzone</primary>
850	</indexterm>
851	</listitem>
852	</varlistentry>
853
854	<varlistentry id="named-compilezone">
855	<term><command>named-compilezone</command></term>
856	<listitem>
857	<para>
858	is similar to <command>named-checkzone</command>, but it always
859	dumps the zone contents to a specified file in a specified format
860	</para>
861	<indexterm zone="bind named-compilezone">
862	<primary sortas="b-named-compilezone">named-compilezone</primary>
863	</indexterm>
864	</listitem>
865	</varlistentry>
866
867	<varlistentry id="named-journalprint">
868	<term><command>named-journalprint</command></term>
869	<listitem>
870	<para>
871	prints the zone journal in human-readable form
872	</para>
873	<indexterm zone="bind named-journalprint">
874	<primary sortas="b-named-journalprint">named-journalprint</primary>
875	</indexterm>
876	</listitem>
877	</varlistentry>
878
879	<varlistentry id="named-rrchecker">
880	<term><command>named-rrchecker</command></term>
881	<listitem>
882	<para>
883	reads an individual DNS resource record from standard input and
884	checks if it is syntactically correct
885	</para>
886	<indexterm zone="bind named-rrchecker">
887	<primary sortas="b-named-rrchecker">named-rrchecker</primary>
888	</indexterm>
889	</listitem>
890	</varlistentry>
891
892	<varlistentry id="named-nzd2nzf">
893	<term><command>named-nzd2nzf</command></term>
894	<listitem>
895	<para>
896	converts an NZD database to NZF text format
897	</para>
898	<indexterm zone="bind named-nzd2nzf">
899	<primary sortas="b-named-nzd2nzf">named-nzd2nzf</primary>
900	</indexterm>
901	</listitem>
902	</varlistentry>
903
904	<varlistentry id="nsec3hash">
905	<term><command>nsec3hash</command></term>
906	<listitem>
907	<para>
908	generates an NSEC3 hash based on a set of NSEC3 parameters
909	</para>
910	<indexterm zone="bind nsec3hash">
911	<primary sortas="b-nsec3hash">nsec3hash</primary>
912	</indexterm>
913	</listitem>
914	</varlistentry>
915
916	<varlistentry id="nslookup">
917	<term><command>nslookup</command></term>
918	<listitem>
919	<para>
920	is a program used to query Internet domain nameservers
921	</para>
922	<indexterm zone="bind nslookup">
923	<primary sortas="b-nslookup">nslookup</primary>
924	</indexterm>
925	</listitem>
926	</varlistentry>
927
928	<varlistentry id="nsupdate">
929	<term><command>nsupdate</command></term>
930	<listitem>
931	<para>
932	is used to submit DNS update requests
933	</para>
934	<indexterm zone="bind nsupdate">
935	<primary sortas="b-nsupdate">nsupdate</primary>
936	</indexterm>
937	</listitem>
938	</varlistentry>
939
940	<varlistentry id="rndc">
941	<term><command>rndc</command></term>
942	<listitem>
943	<para>
944	controls the operation of <application>BIND</application>
945	</para>
946	<indexterm zone="bind rndc">
947	<primary sortas="b-rndc">rndc</primary>
948	</indexterm>
949	</listitem>
950	</varlistentry>
951
952	<varlistentry id="rndc-confgen">
953	<term><command>rndc-confgen</command></term>
954	<listitem>
955	<para>
956	generates <filename>rndc.conf</filename> files
957	</para>
958	<indexterm zone="bind rndc-confgen">
959	<primary sortas="b-rndc-confgen">rndc-confgen</primary>
960	</indexterm>
961	</listitem>
962	</varlistentry>
963
964	<varlistentry id="tsig-keygen">
965	<term><command>tsig-keygen</command></term>
966	<listitem>
967	<para>
968	is a symlink to <command>ddns-confgen</command>
969	</para>
970	<indexterm zone="bind tsig-keygen">
971	<primary sortas="b-tsig-keygen">tsig-keygen</primary>
972	</indexterm>
973	</listitem>
974	</varlistentry>
975
976	</variablelist>
977
978	</sect2>
979
980	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: