Context Navigation

source: server/major/bind.xml@ 08235aa8

Visit:

11.3 12.0 12.1 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk xry111/llvm18 xry111/xf86-video-removal

Last change on this file since 08235aa8 was 08235aa8, checked in by Pierre Labastie <pierre.labastie@…>, 20 months ago
Correct version for Babel is 2.10.3
Property mode set to `100644`
File size: 36.0 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY bind-download-http "https://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.xz">
8	<!ENTITY bind-download-ftp "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.xz">
9	<!ENTITY bind-md5sum "50424bcd9c2c1a84ac32b400bc70cf3a">
10	<!ENTITY bind-size "5.4 MB">
11	<!ENTITY bind-buildsize "138 MB (26 MB installed)"><!-- differs much from prev maybe because of docs? -->
12	<!ENTITY bind-time "0.4 SBU (with parallelism=4; about 20 SBU somewhat processor independent, to run the complete test suite)">
13	]>
14
15	<sect1 id="bind" xreflabel="BIND-&bind-version;">
16	<?dbhtml filename="bind.html"?>
17
18	<sect1info>
19	<date>$Date$</date>
20	</sect1info>
21
22	<title>BIND-&bind-version;</title>
23
24	<indexterm zone="bind">
25	<primary sortas="a-BIND">BIND</primary>
26	</indexterm>
27
28	<sect2 role="package">
29	<title>Introduction to BIND</title>
30
31	<para>
32	The <application>BIND</application> package provides a DNS server
33	and client utilities. If you are only interested in the utilities, refer
34	to the <xref linkend="bind-utils"/>.
35	</para>
36
37	&lfs112_checked;
38
39	<bridgehead renderas="sect3">Package Information</bridgehead>
40	<itemizedlist spacing="compact">
41	<listitem>
42	<para>
43	Download (HTTP): <ulink url="&bind-download-http;"/>
44	</para>
45	</listitem>
46	<listitem>
47	<para>
48	Download (FTP): <ulink url="&bind-download-ftp;"/>
49	</para>
50	</listitem>
51	<listitem>
52	<para>
53	Download MD5 sum: &bind-md5sum;
54	</para>
55	</listitem>
56	<listitem>
57	<para>
58	Download size: &bind-size;
59	</para>
60	</listitem>
61	<listitem>
62	<para>
63	Estimated disk space required: &bind-buildsize;
64	</para>
65	</listitem>
66	<listitem>
67	<para>
68	Estimated build time: &bind-time;
69	</para>
70	</listitem>
71	</itemizedlist>
72	<!--
73	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
74	<itemizedlist spacing="compact">
75	<listitem>
76	<para>
77	Required patch:
78	<ulink url="&patch-root;/bind-&bind-version;-upstream_fixes-1.patch"/>
79	</para>
80	</listitem>
81	</itemizedlist>
82	-->
83	<bridgehead renderas="sect3">BIND Dependencies</bridgehead>
84
85	<bridgehead renderas="sect4">Required</bridgehead>
86	<para role="required">
87	<xref linkend="libuv"/>
88	</para>
89
90	<bridgehead renderas="sect4">Recommended</bridgehead>
91	<para role="recommended">
92	<xref linkend="json-c"/> and
93	<xref linkend="libcap-pam"/>
94	</para>
95
96	<bridgehead renderas="sect4">Optional</bridgehead>
97	<para role="optional">
98	<xref linkend="curl"/>,
99	<xref linkend="libidn2"/>,
100	<xref linkend="libxml2"/>,
101	<xref linkend="lmdb"/>,
102	<xref linkend="mitkrb"/>,
103	<xref linkedn="pytest"/>,
104	<xref linkend="sphinx"/> (required to build documentation),
105	<ulink url="https://cmocka.org/">cmocka</ulink>,
106	<ulink url="https://github.com/cjheath/geoip">geoip</ulink>,
107	<ulink url="&w3m-url;">w3m</ulink>
108	</para>
109
110	<bridgehead renderas="sect4">Optional database backends</bridgehead>
111	<para role="optional">
112	<xref linkend="db"/>,
113	<xref linkend="mariadb"/> or <ulink url="https://www.mysql.com/">MySQL</ulink>,
114	<xref linkend="openldap"/>,
115	<xref linkend="postgresql"/>, and
116	<xref linkend="unixodbc"/>
117	</para>
118
119	<bridgehead renderas="sect4">Optional (to run the test suite)</bridgehead>
120	<para role="optional">
121	<xref linkend="perl-net-dns"/>
122	</para>
123
124	<!-- docs are now all sphinx based
125	<bridgehead renderas="sect4">Optional (to rebuild the documentation)</bridgehead>
126	<para role="optional">
127	<xref linkend="doxygen"/>,
128	<xref linkend="libxslt"/>, and
129	<xref linkend="texlive"/> (or <xref linkend="tl-installer"/>)
130	</para>
131	-->
132
133	<para condition="html" role="usernotes">User Notes:
134	<ulink url="&blfs-wiki;/bind"/></para>
135
136	</sect2>
137
138	<sect2 role="installation">
139	<title>Installation of BIND</title>
140
141	<!--
142	<para>
143	To ensure <application>BIND</application> will build dnssec-keymgr,
144	install a python module as the <systemitem
145	class="username">root</systemitem> user:
146	</para>
147
148	<screen role="root"><userinput>pip3 install ply</userinput></screen>
149	-->
150
151	<para>
152	Install <application>BIND</application> by running the
153	following commands:
154	</para>
155
156	<screen><userinput>./configure --prefix=/usr \
157	--sysconfdir=/etc \
158	--localstatedir=/var \
159	--mandir=/usr/share/man \
160	--disable-static &&
161	make</userinput></screen>
162
163	<para>
164	Issue the following commands to run the complete suite of tests.
165	First, as the <systemitem class="username">root</systemitem> user, set up
166	some test interfaces:
167	</para>
168
169	<note>
170	<para>
171	If IPv6 is not enabled in the kernel, there will be several
172	error messages: "RTNETLINK answers: Operation not permitted". These
173	messages do not affect the tests.
174	</para>
175	</note>
176
177	<screen role="root"
178	remap="test"><userinput>bin/tests/system/ifconfig.sh up</userinput></screen>
179
180	<para>
181	The test suite may indicate some skipped tests depending on
182	what configuration options are used. Some tests are marked
183	<quote>UNTESTED</quote> or do even fail if <xref linkend="perl-net-dns"/>
184	is not installed. <!--One test, <quote>CPU</quote>, is known to fail.-->
185	To run the tests, as an unprivileged user, execute:
186	</para>
187
188	<screen remap="test"><userinput>make -k check</userinput></screen>
189
190	<para>
191	Again as <systemitem class="username">root</systemitem>, clean up the
192	test interfaces:
193	</para>
194
195	<screen role="root"
196	remap="test"><userinput>bin/tests/system/ifconfig.sh down</userinput></screen>
197
198	<para>
199	Finally, install the package as the <systemitem
200	class="username">root</systemitem> user:
201	</para>
202
203	<!-- Documentation is an issue - The docs are now all in .rst format and appear
204	to be sphinx based. install source .rst files for now...
205
206	leave docs untouched as they does only use disk space when not
207	used to recreate the docs via Sphinx. I've added a note regarding
208	the documentation. (thomas)
209
210	<screen role="root"><userinput>make install &&
211
212	install -vdm 755 /usr/share/doc/bind-&bind-version;/{arm,dnssec-guide} &&
213	install doc/arm/* /usr/share/doc/bind-&bind-version;/arm &&
214	install doc/dnssec-guide/* /usr/share/doc/bind-&bind-version;/dnssec-guide</userinput></screen>
215	-->
216	<screen role="root"><userinput>make install</userinput></screen>
217
218	</sect2>
219
220	<sect2 role="commands">
221	<title>Command Explanations</title>
222
223	<para>
224	<parameter>--sysconfdir=/etc</parameter>: This parameter forces
225	<application>BIND</application> to look for configuration
226	files in <filename class='directory'>/etc</filename> instead of
227	<filename class='directory'>/usr/etc</filename>.
228	</para>
229
230	<!-- Seems to be removed in 9.18.0
231	<para>
232	<parameter>- -with-libtool</parameter>: This parameter forces the
233	building of dynamic libraries and links the installed binaries to these
234	libraries.
235	</para>
236	-->
237
238	<para>
239	<option>--with-libidn2</option>: This parameter enables
240	the IDNA2008 (Internationalized Domain Names in Applications)
241	support.
242	</para>
243
244	<para>
245	<option>--enable-fetchlimit</option>: Use this option if you want
246	to be able to limit the rate of recursive client queries. This may be
247	useful on servers which receive a large number of queries.
248	</para>
249
250	<para>
251	<option>--disable-linux-caps</option>: BIND can also be built without
252	capability support by using this option, at the cost of some loss of
253	security.
254	</para>
255
256	<para>
257	<option>--with-dlz-{mysql,bdb,filesystem,ldap,odbc,stub}</option>: Use
258	one (or more) of those options to add Dynamically Loadable Zones support.
259	For more information refer to <ulink
260	url="http://bind-dlz.sourceforge.net/">bind-dlz.sourceforge.net</ulink>.
261	</para>
262
263	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
264	href="../../xincludes/static-libraries.xml"/>
265
266	</sect2>
267
268	<sect2 role="configuration">
269	<title>Configuring BIND</title>
270
271	<sect3 id="bind-config">
272	<title>Config files</title>
273
274	<para>
275	<filename>named.conf</filename>,
276	<filename>root.hints</filename>,
277	<filename>127.0.0</filename>,
278	<filename>rndc.conf</filename>, and
279	<filename>resolv.conf</filename>
280	</para>
281
282	<indexterm zone="bind bind-config">
283	<primary sortas="e-etc-named.conf">/etc/named.conf</primary>
284	</indexterm>
285
286	<indexterm zone="bind bind-config">
287	<primary sortas="e-etc-rndc.conf">/etc/rndc.conf</primary>
288	</indexterm>
289
290	<indexterm zone="bind bind-config">
291	<primary sortas="e-etc-resolv.conf">/etc/resolv.conf</primary>
292	</indexterm>
293
294	<indexterm zone="bind bind-config">
295	<primary
296	sortas="e-etc-namedb-root.hints">/etc/namedb/root.hints</primary>
297	</indexterm>
298
299	<indexterm zone="bind bind-config">
300	<primary
301	sortas="e-etc-namedb-pz-127.0.0.0">/etc/namedb/pz/127.0.0.0</primary>
302	</indexterm>
303	</sect3>
304
305	<sect3>
306	<title>Configuration Information</title>
307
308	<para>
309	<application>BIND</application> will be configured to run in a
310	<command>chroot</command> jail as an unprivileged user (<systemitem
311	class="username">named</systemitem>). This configuration is more secure
312	in that a DNS compromise can only affect a few files in the <systemitem
313	class="username">named</systemitem> user's <envar>HOME</envar>
314	directory.
315	</para>
316
317	<para>
318	Create the unprivileged user and group <systemitem
319	class="username">named</systemitem>:
320	</para>
321
322	<screen role="root"><userinput>groupadd -g 20 named &&
323	useradd -c "BIND Owner" -g named -s /bin/false -u 20 named &&
324	install -d -m770 -o named -g named /srv/named</userinput></screen>
325
326	<para>
327	Set up some files, directories and devices needed by
328	<application>BIND</application>:
329	</para>
330
331	<screen role="root"><userinput>mkdir -p /srv/named &&
332	cd /srv/named &&
333	mkdir -p dev etc/named/{slave,pz} usr/lib/engines var/run/named &&
334	mknod /srv/named/dev/null c 1 3 &&
335	mknod /srv/named/dev/urandom c 1 9 &&
336	chmod 666 /srv/named/dev/{null,urandom} &&
337	cp /etc/localtime etc</userinput></screen>
338
339	<para>
340	The <filename>rndc.conf</filename> file contains information for
341	controlling <command>named</command> operations with the
342	<command>rndc</command> utility. Generate a key for use in the
343	<filename>named.conf</filename> and <filename>rndc.conf</filename>
344	with the <command>rndc-confgen</command> command:
345	</para>
346
347	<screen role="root"><userinput>rndc-confgen -a -b 512 -t /srv/named</userinput></screen>
348
349	<para>
350	Complete the <filename>named.conf</filename> file from which
351	<command>named</command> will read the location of zone files, root
352	name servers and secure DNS keys:
353	</para>
354
355	<screen role="root"><?dbfo keep-together="auto"?><userinput>cat >> /srv/named/etc/named.conf << "EOF"
356	<literal>options {
357	directory "/etc/named";
358	pid-file "/var/run/named.pid";
359	statistics-file "/var/run/named.stats";
360
361	};
362	zone "." {
363	type hint;
364	file "root.hints";
365	};
366	zone "0.0.127.in-addr.arpa" {
367	type master;
368	file "pz/127.0.0";
369	};
370
371	// Bind 9 now logs by default through syslog (except debug).
372	// These are the default logging rules.
373
374	logging {
375	category default { default_syslog; default_debug; };
376	category unmatched { null; };
377
378	channel default_syslog {
379	syslog daemon; // send to syslog's daemon
380	// facility
381	severity info; // only send priority info
382	// and higher
383	};
384
385	channel default_debug {
386	file "named.run"; // write to named.run in
387	// the working directory
388	// Note: stderr is used instead
389	// of "named.run"
390	// if the server is started
391	// with the '-f' option.
392	severity dynamic; // log at the server's
393	// current debug level
394	};
395
396	channel default_stderr {
397	stderr; // writes to stderr
398	severity info; // only send priority info
399	// and higher
400	};
401
402	channel null {
403	null; // toss anything sent to
404	// this channel
405	};
406	};</literal>
407	EOF</userinput></screen>
408
409	<para>
410	Create a zone file with the following contents:
411	</para>
412
413	<screen role="root"><userinput>cat > /srv/named/etc/named/pz/127.0.0 << "EOF"
414	<literal>$TTL 3D
415	@ IN SOA ns.local.domain. hostmaster.local.domain. (
416	1 ; Serial
417	8H ; Refresh
418	2H ; Retry
419	4W ; Expire
420	1D) ; Minimum TTL
421	NS ns.local.domain.
422	1 PTR localhost.</literal>
423	EOF</userinput></screen>
424
425	<para>
426	Create the <filename>root.hints</filename> file with the following
427	commands:
428	</para>
429
430	<note>
431	<para>
432	Caution must be used to ensure there are no leading spaces in
433	this file.
434	</para>
435	</note>
436
437	<screen role="root"><userinput>cat > /srv/named/etc/named/root.hints << "EOF"
438	<literal>. 6D IN NS A.ROOT-SERVERS.NET.
439	. 6D IN NS B.ROOT-SERVERS.NET.
440	. 6D IN NS C.ROOT-SERVERS.NET.
441	. 6D IN NS D.ROOT-SERVERS.NET.
442	. 6D IN NS E.ROOT-SERVERS.NET.
443	. 6D IN NS F.ROOT-SERVERS.NET.
444	. 6D IN NS G.ROOT-SERVERS.NET.
445	. 6D IN NS H.ROOT-SERVERS.NET.
446	. 6D IN NS I.ROOT-SERVERS.NET.
447	. 6D IN NS J.ROOT-SERVERS.NET.
448	. 6D IN NS K.ROOT-SERVERS.NET.
449	. 6D IN NS L.ROOT-SERVERS.NET.
450	. 6D IN NS M.ROOT-SERVERS.NET.
451	A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
452	A.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:ba3e::2:30
453	B.ROOT-SERVERS.NET. 6D IN A 192.228.79.201
454	B.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:200::b
455	C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
456	C.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2::c
457	D.ROOT-SERVERS.NET. 6D IN A 199.7.91.13
458	D.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2d::d
459	E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
460	E.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:a8::e
461	F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
462	F.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2f::f
463	G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
464	G.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:12::d0d
465	H.ROOT-SERVERS.NET. 6D IN A 198.97.190.53
466	H.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:1::53
467	I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
468	I.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fe::53
469	J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30
470	J.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:c27::2:30
471	K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129
472	K.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fd::1
473	L.ROOT-SERVERS.NET. 6D IN A 199.7.83.42
474	L.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:9f::42
475	M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33
476	M.ROOT-SERVERS.NET. 6D IN AAAA 2001:dc3::35</literal>
477	EOF</userinput></screen>
478
479	<para>
480	The <filename>root.hints</filename> file is a list of root name
481	servers. This file must be updated periodically with the
482	<command>dig</command> utility. A current copy of root.hints can be
483	obtained from <ulink url="https://www.internic.net/domain/named.root"/>.
484	For details, consult the "BIND 9 Administrator Reference Manual".
485	</para>
486
487	<para>
488	Create or modify <filename>resolv.conf</filename> to use the new
489	name server with the following commands:
490	</para>
491
492	<note>
493	<para>
494	Replace <replaceable><yourdomain.com></replaceable> with
495	your own valid domain name.
496	</para>
497	</note>
498
499	<screen role="root"><userinput>cp /etc/resolv.conf /etc/resolv.conf.bak &&
500	cat > /etc/resolv.conf << "EOF"
501	<literal>search <replaceable><yourdomain.com></replaceable>
502	nameserver 127.0.0.1</literal>
503	EOF</userinput></screen>
504
505	<para>
506	Set permissions on the <command>chroot</command> jail with the
507	following command:
508	</para>
509
510	<screen role="root"><userinput>chown -R named:named /srv/named</userinput></screen>
511
512	</sect3>
513
514	<sect3 id="bind-init">
515	<title><phrase revision="sysv">Boot Script</phrase>
516	<phrase revision="systemd">Systemd Unit</phrase></title>
517
518	<para>
519	To start the DNS server at boot, install the
520	<phrase revision="sysv"><filename>/etc/rc.d/init.d/bind</filename> init
521	script</phrase>
522	<phrase revision="systemd"><filename>named.service</filename>
523	unit</phrase> included in the
524	<xref linkend="bootscripts" revision="sysv"/>
525	<xref linkend="systemd-units" revision="systemd"/> package:
526	</para>
527
528	<indexterm zone="bind bind-init">
529	<primary sortas="f-bind">bind</primary>
530	</indexterm>
531
532	<screen role="root" revision="sysv"><userinput>make install-bind</userinput></screen>
533	<screen role="root" revision="systemd"><userinput>make install-named</userinput></screen>
534
535	<para>
536	Now start <application>BIND</application> with the following command:
537	</para>
538
539	<screen role="root" revision="sysv"><userinput>/etc/rc.d/init.d/bind start</userinput></screen>
540	<screen role="root" revision="systemd"><userinput>systemctl start named</userinput></screen>
541
542	</sect3>
543
544	<sect3>
545	<title>Testing BIND</title>
546
547	<para>
548	Test out the new <application>BIND</application> 9 installation.
549	First query the local host address with <command>dig</command>:
550	</para>
551
552	<screen><userinput>dig -x 127.0.0.1</userinput></screen>
553
554	<para>
555	Now try an external name lookup, taking note of the speed
556	difference in repeated lookups due to the caching. Run the
557	<command>dig</command> command twice on the same address:
558	</para>
559
560	<screen><userinput>dig www.&lfs-domainname; &&
561	dig www.&lfs-domainname;</userinput></screen>
562
563	<para>
564	You can see almost instantaneous results with the named caching
565	lookups. Consult the <application>BIND</application> Administrator
566	Reference Manual (see below) for further configuration options.
567	</para>
568
569	</sect3>
570
571	</sect2>
572
573	<sect2>
574	<title>Administrator Reference Manual (ARM)</title>
575
576	<para>
577	The ARM documentation (do not confuse with the processor architecture)
578	is included in the source package. The documentation is in .rst
579	format which means, it can be converted in human readable formats
580	if <xref linkend="sphinx"/> is installed.
581	</para>
582
583	<para>
584	When <application>BIND</application> is set up, especially when
585	to operate in a real live scenario, it is <emphasis>highly</emphasis>
586	recommended to consult the ARM documentation. ISC provides an
587	updated set of excellent documentation along with every release
588	so it can be easily viewed and/or downloaded – so there is
589	no excuse to not read the docs. The formats ISC provides are PDF,
590	epub and html at <ulink url="https://downloads.isc.org/isc/bind9/&bind-version;/doc/arm/"/>.
591	</para>
592	</sect2>
593
594	<sect2 role="content">
595	<title>Contents</title>
596
597	<segmentedlist>
598	<segtitle>Installed Programs</segtitle>
599	<segtitle>Installed Libraries</segtitle>
600	<segtitle>Installed Directories</segtitle>
601
602	<seglistitem>
603
604	<seg>arpaname, <!--bind9-config hardlinked to isc-config.sh,-->
605	ddns-confgen, delv, dig, dnssec-cds, dnssec-checkds, dnssec-coverage,
606	dnssec-dsfromkey, dnssec-importkey, dnssec-keyfromlabel, dnssec-keygen,
607	dnssec-keymgr, dnssec-revoke, dnssec-settime, dnssec-signzone,
608	dnssec-verify, host, mdig, named, named-checkconf,
609	named-checkzone, named-compilezone (symlink), named-journalprint,
610	named-nzd2nzf, named-rrchecker, nsec3hash, nslookup, nsupdate, rndc,
611	rndc-confgen, and tsig-keygen (symlink)</seg>
612
613	<seg>libbind9.so, libdns.so, libirs.so, libisc.so, libisccc.so,
614	libisccfg.so, and libns.so</seg>
615
616	<seg>/usr/include/{bind9,dns,dst,irs,isc,isccc,isccfg,ns,pk11,pkcs11},
617	/usr/lib/named, /usr/lib/python&python3-majorver;/site-packages/isc,
618	and /srv/named</seg>
619	</seglistitem>
620	</segmentedlist>
621
622	<variablelist>
623	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
624	<?dbfo list-presentation="list"?>
625	<?dbhtml list-presentation="table"?>
626
627	<varlistentry id="arpaname">
628	<term><command>arpaname</command></term>
629	<listitem>
630	<para>
631	translates IP addresses to the corresponding ARPA names
632	</para>
633	<indexterm zone="bind arpaname">
634	<primary sortas="b-arpaname">arpaname</primary>
635	</indexterm>
636	</listitem>
637	</varlistentry>
638
639	<!-- Not present as of 9.16.5
640	<varlistentry id="bind9-config">
641	<term><command>bind9-config</command></term>
642	<listitem>
643	<para>
644	is hardlinked to <command>isc-config.sh</command>.
645	</para>
646	<indexterm zone="bind bind9-config">
647	<primary sortas="b-bind9-config">bind9-config</primary>
648	</indexterm>
649	</listitem>
650	</varlistentry>
651	-->
652
653	<varlistentry id="ddns-confgen">
654	<term><command>ddns-confgen</command></term>
655	<listitem>
656	<para>
657	generates a key for use by nsupdate and named
658	</para>
659	<indexterm zone="bind ddns-confgen">
660	<primary sortas="b-ddns-confgen">ddns-confgen</primary>
661	</indexterm>
662	</listitem>
663	</varlistentry>
664
665	<varlistentry id="delv">
666	<term><command>delv</command></term>
667	<listitem>
668	<para>
669	is a new debugging tool that is a successor to
670	<command>dig</command>
671	</para>
672	<indexterm zone="bind delv">
673	<primary sortas="b-delv">delv</primary>
674	</indexterm>
675	</listitem>
676	</varlistentry>
677
678	<varlistentry id="dig">
679	<term><command>dig</command></term>
680	<listitem>
681	<para>
682	interrogates DNS servers
683	</para>
684	<indexterm zone="bind dig">
685	<primary sortas="b-dig">dig</primary>
686	</indexterm>
687	</listitem>
688	</varlistentry>
689
690	<varlistentry id="dnssec-cds">
691	<term><command>dnssec-cds</command></term>
692	<listitem>
693	<para>
694	changes DS records for a child zone based on
695	CDS/CDNSKEY
696	</para>
697	<indexterm zone="bind dnssec-cds">
698	<primary sortas="b-dnssec-cds">dnssec-cds</primary>
699	</indexterm>
700	</listitem>
701	</varlistentry>
702
703	<varlistentry id="dnssec-checkds">
704	<term><command>dnssec-checkds</command></term>
705	<listitem>
706	<para>
707	is a DNSSEC delegation consistency checking tool
708	</para>
709	<indexterm zone="bind dnssec-checkds">
710	<primary sortas="b-dnssec-checkds">dnssec-checkds</primary>
711	</indexterm>
712	</listitem>
713	</varlistentry>
714
715	<varlistentry id="dnssec-coverage">
716	<term><command>dnssec-coverage</command></term>
717	<listitem>
718	<para>
719	verifies that the DNSSEC keys for a given zone or a set of zones
720	have timing metadata set properly to ensure no future lapses
721	in DNSSEC coverage
722	</para>
723	<indexterm zone="bind dnssec-coverage">
724	<primary sortas="b-dnssec-coverage">dnssec-coverage</primary>
725	</indexterm>
726	</listitem>
727	</varlistentry>
728
729	<varlistentry id="dnssec-dsfromkey">
730	<term><command>dnssec-dsfromkey</command></term>
731	<listitem>
732	<para>
733	outputs the Delegation Signer (DS) resource record (RR)
734	</para>
735	<indexterm zone="bind dnssec-dsfromkey">
736	<primary sortas="b-dnssec-dsfromkey">dnssec-dsfromkey</primary>
737	</indexterm>
738	</listitem>
739	</varlistentry>
740
741	<varlistentry id="dnssec-importkey">
742	<term><command>dnssec-importkey</command></term>
743	<listitem>
744	<para>
745	reads a public DNSKEY record and generates a pair of
746	.key/.private files
747	</para>
748	<indexterm zone="bind dnssec-importkey">
749	<primary sortas="b-dnssec-importkey">dnssec-importkey</primary>
750	</indexterm>
751	</listitem>
752	</varlistentry>
753
754	<varlistentry id="dnssec-keyfromlabel">
755	<term><command>dnssec-keyfromlabel</command></term>
756	<listitem>
757	<para>
758	gets keys with the given label from a cryptography hardware device
759	and builds key files for DNSSEC
760	</para>
761	<indexterm zone="bind dnssec-keyfromlabel">
762	<primary sortas="b-dnssec-keyfromlabel">dnssec-keyfromlabel</primary>
763	</indexterm>
764	</listitem>
765	</varlistentry>
766
767	<varlistentry id="dnssec-keygen">
768	<term><command>dnssec-keygen</command></term>
769	<listitem>
770	<para>
771	is a key generator for secure DNS
772	</para>
773	<indexterm zone="bind dnssec-keygen">
774	<primary sortas="b-dnssec-keygen">dnssec-keygen</primary>
775	</indexterm>
776	</listitem>
777	</varlistentry>
778
779	<varlistentry id="dnssec-keymgr">
780	<term><command>dnssec-keymgr</command></term>
781	<listitem>
782	<para>
783	ensures correct DNSKEY coverage based on a defined policy
784	</para>
785	<indexterm zone="bind dnssec-keymgr">
786	<primary sortas="b-dnssec-keymgr">dnssec-keymgr</primary>
787	</indexterm>
788	</listitem>
789	</varlistentry>
790
791	<varlistentry id="dnssec-revoke">
792	<term><command>dnssec-revoke</command></term>
793	<listitem>
794	<para>
795	sets the REVOKED bit on a DNSSEC key
796	</para>
797	<indexterm zone="bind dnssec-revoke">
798	<primary sortas="b-dnssec-revoke">dnssec-revoke</primary>
799	</indexterm>
800	</listitem>
801	</varlistentry>
802
803	<varlistentry id="dnssec-settime">
804	<term><command>dnssec-settime</command></term>
805	<listitem>
806	<para>
807	sets the key timing metadata for a DNSSEC key
808	</para>
809	<indexterm zone="bind dnssec-settime">
810	<primary sortas="b-dnssec-settime">dnssec-settime</primary>
811	</indexterm>
812	</listitem>
813	</varlistentry>
814
815	<varlistentry id="dnssec-signzone">
816	<term><command>dnssec-signzone</command></term>
817	<listitem>
818	<para>
819	generates signed versions of zone files
820	</para>
821	<indexterm zone="bind dnssec-signzone">
822	<primary sortas="b-dnssec-signzone">dnssec-signzone</primary>
823	</indexterm>
824	</listitem>
825	</varlistentry>
826
827	<varlistentry id="dnssec-verify">
828	<term><command>dnssec-verify</command></term>
829	<listitem>
830	<para>
831	verifies that a zone is fully signed for each algorithm found
832	in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
833	chains are complete
834	</para>
835	<indexterm zone="bind dnssec-verify">
836	<primary sortas="b-dnssec-verify">dnssec-verify</primary>
837	</indexterm>
838	</listitem>
839	</varlistentry>
840
841	<!-- No longer present with 9.16.5
842	<varlistentry id="genrandom">
843	<term><command>genrandom</command></term>
844	<listitem>
845	<para>
846	generates a file containing random data.
847	</para>
848	<indexterm zone="bind genrandom">
849	<primary sortas="b-genrandom">genrandom</primary>
850	</indexterm>
851	</listitem>
852	</varlistentry>
853	-->
854
855	<varlistentry id="host">
856	<term><command>host</command></term>
857	<listitem>
858	<para>
859	is a utility for DNS lookups
860	</para>
861	<indexterm zone="bind host">
862	<primary sortas="b-host">host</primary>
863	</indexterm>
864	</listitem>
865	</varlistentry>
866
867	<!-- No longer present with 9.16.5
868	<varlistentry id="isc-config.sh">
869	<term><command>isc-config.sh</command></term>
870	<listitem>
871	<para>
872	prints information related to the installed version of ISC BIND.
873	</para>
874	<indexterm zone="bind isc-config.sh">
875	<primary sortas="b-isc-config.sh">isc-config.sh</primary>
876	</indexterm>
877	</listitem>
878	</varlistentry>
879
880	<varlistentry id="isc-hmac-fixup">
881	<term><command>isc-hmac-fixup</command></term>
882	<listitem>
883	<para>
884	fixes HMAC keys generated by older versions of BIND.
885	</para>
886	<indexterm zone="bind isc-hmac-fixup">
887	<primary sortas="b-isc-hmac-fixup">isc-hmac-fixup</primary>
888	</indexterm>
889	</listitem>
890	</varlistentry>
891
892	<varlistentry id="lwresd">
893	<term><command>lwresd</command></term>
894	<listitem>
895	<para>
896	is a caching-only name server for local process use.
897	</para>
898	<indexterm zone="bind lwresd">
899	<primary sortas="b-lwresd">lwresd</primary>
900	</indexterm>
901	</listitem>
902	</varlistentry>
903	-->
904
905	<varlistentry id="mdig">
906	<term><command>mdig</command></term>
907	<listitem>
908	<para>
909	is a version of dig that allows multiple queries at once
910	</para>
911	<indexterm zone="bind mdig">
912	<primary sortas="b-mdig">mdig</primary>
913	</indexterm>
914	</listitem>
915	</varlistentry>
916
917	<varlistentry id="named">
918	<term><command>named</command></term>
919	<listitem>
920	<para>
921	is the name server daemon
922	</para>
923	<indexterm zone="bind named">
924	<primary sortas="b-named">named</primary>
925	</indexterm>
926	</listitem>
927	</varlistentry>
928
929	<varlistentry id="named-checkconf">
930	<term><command>named-checkconf</command></term>
931	<listitem>
932	<para>
933	checks the syntax of <filename>named.conf</filename>
934	files
935	</para>
936	<indexterm zone="bind named-checkconf">
937	<primary sortas="b-named-checkconf">named-checkconf</primary>
938	</indexterm>
939	</listitem>
940	</varlistentry>
941
942	<varlistentry id="named-checkzone">
943	<term><command>named-checkzone</command></term>
944	<listitem>
945	<para>
946	checks zone file validity
947	</para>
948	<indexterm zone="bind named-checkzone">
949	<primary sortas="b-named-checkzone">named-checkzone</primary>
950	</indexterm>
951	</listitem>
952	</varlistentry>
953
954	<varlistentry id="named-compilezone">
955	<term><command>named-compilezone</command></term>
956	<listitem>
957	<para>
958	is similar to <command>named-checkzone</command>, but it always
959	dumps the zone contents to a specified file in a specified format
960	</para>
961	<indexterm zone="bind named-compilezone">
962	<primary sortas="b-named-compilezone">named-compilezone</primary>
963	</indexterm>
964	</listitem>
965	</varlistentry>
966
967	<varlistentry id="named-journalprint">
968	<term><command>named-journalprint</command></term>
969	<listitem>
970	<para>
971	prints the zone journal in human-readable form
972	</para>
973	<indexterm zone="bind named-journalprint">
974	<primary sortas="b-named-journalprint">named-journalprint</primary>
975	</indexterm>
976	</listitem>
977	</varlistentry>
978
979	<varlistentry id="named-rrchecker">
980	<term><command>named-rrchecker</command></term>
981	<listitem>
982	<para>
983	reads an individual DNS resource record from standard input and
984	checks if it is syntactically correct
985	</para>
986	<indexterm zone="bind named-rrchecker">
987	<primary sortas="b-named-rrchecker">named-rrchecker</primary>
988	</indexterm>
989	</listitem>
990	</varlistentry>
991
992	<varlistentry id="named-nzd2nzf">
993	<term><command>named-nzd2nzf</command></term>
994	<listitem>
995	<para>
996	converts an NZD database to NZF text format
997	</para>
998	<indexterm zone="bind named-nzd2nzf">
999	<primary sortas="b-named-nzd2nzf">named-nzd2nzf</primary>
1000	</indexterm>
1001	</listitem>
1002	</varlistentry>
1003
1004	<varlistentry id="nsec3hash">
1005	<term><command>nsec3hash</command></term>
1006	<listitem>
1007	<para>
1008	generates an NSEC3 hash based on a set of NSEC3 parameters
1009	</para>
1010	<indexterm zone="bind nsec3hash">
1011	<primary sortas="b-nsec3hash">nsec3hash</primary>
1012	</indexterm>
1013	</listitem>
1014	</varlistentry>
1015
1016	<varlistentry id="nslookup">
1017	<term><command>nslookup</command></term>
1018	<listitem>
1019	<para>
1020	is a program used to query Internet domain nameservers
1021	</para>
1022	<indexterm zone="bind nslookup">
1023	<primary sortas="b-nslookup">nslookup</primary>
1024	</indexterm>
1025	</listitem>
1026	</varlistentry>
1027
1028	<varlistentry id="nsupdate">
1029	<term><command>nsupdate</command></term>
1030	<listitem>
1031	<para>
1032	is used to submit DNS update requests
1033	</para>
1034	<indexterm zone="bind nsupdate">
1035	<primary sortas="b-nsupdate">nsupdate</primary>
1036	</indexterm>
1037	</listitem>
1038	</varlistentry>
1039
1040	<varlistentry id="rndc">
1041	<term><command>rndc</command></term>
1042	<listitem>
1043	<para>
1044	controls the operation of <application>BIND</application>
1045	</para>
1046	<indexterm zone="bind rndc">
1047	<primary sortas="b-rndc">rndc</primary>
1048	</indexterm>
1049	</listitem>
1050	</varlistentry>
1051
1052	<varlistentry id="rndc-confgen">
1053	<term><command>rndc-confgen</command></term>
1054	<listitem>
1055	<para>
1056	generates <filename>rndc.conf</filename> files
1057	</para>
1058	<indexterm zone="bind rndc-confgen">
1059	<primary sortas="b-rndc-confgen">rndc-confgen</primary>
1060	</indexterm>
1061	</listitem>
1062	</varlistentry>
1063
1064	<varlistentry id="tsig-keygen">
1065	<term><command>tsig-keygen</command></term>
1066	<listitem>
1067	<para>
1068	is a symlink to <command>ddns-confgen</command>
1069	</para>
1070	<indexterm zone="bind tsig-keygen">
1071	<primary sortas="b-tsig-keygen">tsig-keygen</primary>
1072	</indexterm>
1073	</listitem>
1074	</varlistentry>
1075
1076	</variablelist>
1077
1078	</sect2>
1079
1080	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: