source: server/major/bind.xml@ 1752d56

10.0 10.1 11.0 11.1 11.2 lazarus plabs/python-mods qt5new trunk upgradedb xry111/intltool xry111/soup3 xry111/test-20220226
Last change on this file since 1752d56 was 1752d56, checked in by Thomas Trepl <thomas@…>, 3 years ago

Upgrade bind9 & bind9-utils to 9.16.3

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@23174 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 34.1 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY bind-download-http " ">
8 <!ENTITY bind-download-ftp "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.xz">
9 <!ENTITY bind-md5sum "2b207d5699d7acb0a2e997b7cd53d9c2">
10 <!ENTITY bind-size "4.3 MB">
11 <!ENTITY bind-buildsize "103 MB (25 MB installed)">
12 <!ENTITY bind-time "0.9 SBU (with parallelism=4; add 34+ minutes, processor independent, to run the complete test suite)">
13]>
14
15<sect1 id="bind" xreflabel="BIND-&bind-version;">
16 <?dbhtml filename="bind.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>BIND-&bind-version;</title>
24
25 <indexterm zone="bind">
26 <primary sortas="a-BIND">BIND</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to BIND</title>
31
32 <para>
33 The <application>BIND</application> package provides a DNS server
34 and client utilities. If you are only interested in the utilities, refer
35 to the <xref linkend="bind-utils"/>.
36 </para>
37
38 &lfs91_checked;
39
40 <bridgehead renderas="sect3">Package Information</bridgehead>
41 <itemizedlist spacing="compact">
42 <listitem>
43 <para>
44 Download (HTTP): <ulink url="&bind-download-http;"/>
45 </para>
46 </listitem>
47 <listitem>
48 <para>
49 Download (FTP): <ulink url="&bind-download-ftp;"/>
50 </para>
51 </listitem>
52 <listitem>
53 <para>
54 Download MD5 sum: &bind-md5sum;
55 </para>
56 </listitem>
57 <listitem>
58 <para>
59 Download size: &bind-size;
60 </para>
61 </listitem>
62 <listitem>
63 <para>
64 Estimated disk space required: &bind-buildsize;
65 </para>
66 </listitem>
67 <listitem>
68 <para>
69 Estimated build time: &bind-time;
70 </para>
71 </listitem>
72 </itemizedlist>
73<!--
74 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
75 <itemizedlist spacing='compact'>
76 <listitem>
77 <para>
78 Optional patch (if net-tools is not installed): <ulink
79 url="&patch-root;/bind-&bind-version;-use_iproute2-1.patch"/>
80 </para>
81 </listitem>
82 </itemizedlist>
83-->
84 <bridgehead renderas="sect3">BIND Dependencies</bridgehead>
85
86 <bridgehead renderas="sect4">Required</bridgehead>
87 <para role="required">
88 <xref linkend="libuv"/>
89 </para>
90
91 <bridgehead renderas="sect4">Recommended</bridgehead>
92 <para role="recommended">
93 <xref linkend="json-c"/> and
94 <xref linkend="libcap-pam"/>
95 </para>
96
97 <bridgehead renderas="sect4">Optional</bridgehead>
98 <para role="optional">
99 <xref linkend="libidn2"/>,
100 <xref linkend="libxml2"/>,
101 <xref linkend="mitkrb"/>,
102 <ulink url="https://cmocka.org/">cmocka</ulink>, and
103 <ulink url='https://github.com/cjheath/geoip'>geoip</ulink>
104 </para>
105
106 <bridgehead renderas="sect4">Optional database backends</bridgehead>
107 <para role="optional">
108 <xref linkend="db"/>,
109 <xref linkend="mariadb"/> or <ulink url="http://www.mysql.com/">MySQL</ulink>,
110 <xref linkend="openldap"/>,
111 <xref linkend="postgresql"/>, and
112 <xref linkend="unixodbc"/>
113 </para>
114
115 <bridgehead renderas="sect4">Optional (to run the test suite)</bridgehead>
116 <para role="optional">
117 <xref linkend="perl-net-dns"/>
118<!-- and
119 <xref linkend="net-tools"/> (you may omit net-tools by using the optional
120 patch to utilize iproute2, but the IPv6 tests will fail)
121-->
122 </para>
123
124 <bridgehead renderas="sect4">Optional (to rebuild the documentation)</bridgehead>
125 <para role="optional">
126 <xref linkend="doxygen"/>,
127 <xref linkend="libxslt"/>, and
128 <xref linkend="texlive"/> (or <xref linkend="tl-installer"/>)
129 </para>
130
131 <para condition="html" role="usernotes">User Notes:
132 <ulink url="&blfs-wiki;/bind"/></para>
133
134 </sect2>
135
136 <sect2 role="installation">
137 <title>Installation of BIND</title>
138<!--
139 <para>
140 If you have chosen not to install net-tools, apply the iproute2
141 patch with the following command:
142 </para>
143
144<screen><userinput>patch -Np1 -i ../bind-&bind-version;-use_iproute2-1.patch</userinput></screen>
145-->
146
147 <para>
148 To ensure <application>BIND</application> will build dnssec-keymgr,
149 install a python module as the <systemitem
150 class="username">root</systemitem> user:
151 </para>
152
153<screen role="root"><userinput>pip3 install ply</userinput></screen>
154
155 <para>
156 Install <application>BIND</application> by running the
157 following commands:
158 </para>
159
160<screen><userinput>./configure --prefix=/usr \
161 --sysconfdir=/etc \
162 --localstatedir=/var \
163 --mandir=/usr/share/man \
164 --with-libtool \
165 --disable-static &amp;&amp;
166make</userinput></screen>
167
168 <para>
169 Issue the following commands to run the complete suite of tests.
170 First, as the <systemitem class="username">root</systemitem> user, set up
171 some test interfaces:
172 </para>
173
174 <note>
175 <para>
176 If IPv6 is not enabled in the kernel, there will be several
177 error messages: "RTNETLINK answers: Operation not permitted". These
178 messages do not affect the tests.
179 </para>
180 </note>
181
182<screen role="root"
183 remap="test"><userinput>bin/tests/system/ifconfig.sh up</userinput></screen>
184
185 <para>
186 The test suite may indicate some skipped tests depending on
187 what configuration options are used. Some tests are marked
188 <quote>UNTESTED</quote> if <xref linkend="perl-net-dns"/> is not
189 installed. To run the tests, as an unprivileged user, execute:
190 </para>
191
192<screen remap="test"><userinput>make -k check</userinput></screen>
193
194 <para>
195 Again as <systemitem class="username">root</systemitem>, clean up the
196 test interfaces:
197 </para>
198
199<screen role="root"
200 remap="test"><userinput>bin/tests/system/ifconfig.sh down</userinput></screen>
201
202 <para>
203 Finally, install the package as the <systemitem
204 class="username">root</systemitem> user:
205 </para>
206
207<screen role="root"><userinput>make install &amp;&amp;
208
209install -v -m755 -d /usr/share/doc/bind-&bind-version;/arm &amp;&amp;
210install -v -m644 doc/arm/*.html \
211 /usr/share/doc/bind-&bind-version;/arm</userinput></screen>
212 </sect2>
213
214<!-- Documentation is an issue - make doc fails - some docbook problem
215install -v -m644 doc/misc/{dnssec,ipv6,migrat*,options,rfc-compliance,roadmap,sdb} \
216 /usr/share/doc/bind-&bind-version;/misc</userinput></screen>
217-->
218
219 <sect2 role="commands">
220 <title>Command Explanations</title>
221
222 <para>
223 <parameter>--sysconfdir=/etc</parameter>: This parameter forces
224 <application>BIND</application> to look for configuration
225 files in <filename class='directory'>/etc</filename> instead of
226 <filename class='directory'>/usr/etc</filename>.
227 </para>
228
229 <!-- No longer available as of 9.14.2
230 <para>
231 <parameter>- -enable-threads</parameter>: This parameter enables
232 multi-threading capability.
233 </para>
234 -->
235
236 <para>
237 <parameter>--with-libtool</parameter>: This parameter forces the
238 building of dynamic libraries and links the installed binaries to these
239 libraries.
240 </para>
241
242 <para>
243 <option>--with-libidn2</option>: This parameter enables
244 the IDNA2008 (Internationalized Domain Names in Applications)
245 support.
246 </para>
247
248<!-- no longer available
249 <para>
250 <parameter>- -with-randomdev=/dev/urandom</parameter>: This parameter
251 specifes a non-blocking random device for use with digital signatures.
252 </para>
253-->
254 <para>
255 <option>--enable-fetchlimit</option>: Use this option if you want
256 to be able to limit the rate of recursive client queries. This may be
257 useful on servers which receive a large number of queries.
258 </para>
259
260 <para>
261 <option>--disable-linux-caps</option>: BIND can also be built without
262 capability support by using this option, at the cost of some loss of
263 security.
264 </para>
265
266 <para>
267 <option>--with-dlz-{mysql,bdb,filesystem,ldap,odbc,stub}</option>: Use
268 one (or more) of those options to add Dynamically Loadable Zones support.
269 For more information refer to <ulink
270 url="http://bind-dlz.sourceforge.net/">bind-dlz.sourceforge.net</ulink>.
271 </para>
272
273 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
274 href="../../xincludes/static-libraries.xml"/>
275
276 <para>
277 <command>cd doc; install ...</command>: These commands install
278 additional package documentation. Omit any or all of these commands if
279 desired.
280 </para>
281 </sect2>
282
283 <sect2 role="configuration">
284 <title>Configuring BIND</title>
285
286 <sect3 id="bind-config">
287 <title>Config files</title>
288
289 <para>
290 <filename>named.conf</filename>,
291 <filename>root.hints</filename>,
292 <filename>127.0.0</filename>,
293 <filename>rndc.conf</filename>, and
294 <filename>resolv.conf</filename>
295 </para>
296
297 <indexterm zone="bind bind-config">
298 <primary sortas="e-etc-named.conf">/etc/named.conf</primary>
299 </indexterm>
300
301 <indexterm zone="bind bind-config">
302 <primary sortas="e-etc-rndc.conf">/etc/rndc.conf</primary>
303 </indexterm>
304
305 <indexterm zone="bind bind-config">
306 <primary sortas="e-etc-resolv.conf">/etc/resolv.conf</primary>
307 </indexterm>
308
309 <indexterm zone="bind bind-config">
310 <primary
311 sortas="e-etc-namedb-root.hints">/etc/namedb/root.hints</primary>
312 </indexterm>
313
314 <indexterm zone="bind bind-config">
315 <primary
316 sortas="e-etc-namedb-pz-127.0.0.0">/etc/namedb/pz/127.0.0.0</primary>
317 </indexterm>
318 </sect3>
319
320 <sect3>
321 <title>Configuration Information</title>
322
323 <para>
324 <application>BIND</application> will be configured to run in a
325 <command>chroot</command> jail as an unprivileged user (<systemitem
326 class="username">named</systemitem>). This configuration is more secure
327 in that a DNS compromise can only affect a few files in the <systemitem
328 class="username">named</systemitem> user's <envar>HOME</envar>
329 directory.
330 </para>
331
332 <para>
333 Create the unprivileged user and group <systemitem
334 class="username">named</systemitem>:
335 </para>
336
337<screen role="root"><userinput>groupadd -g 20 named &amp;&amp;
338useradd -c "BIND Owner" -g named -s /bin/false -u 20 named &amp;&amp;
339install -d -m770 -o named -g named /srv/named</userinput></screen>
340
341 <para>
342 Set up some files, directories and devices needed by
343 <application>BIND</application>:
344 </para>
345
346<screen role="root"><userinput>mkdir -p /srv/named &amp;&amp;
347cd /srv/named &amp;&amp;
348mkdir -p dev etc/named/{slave,pz} usr/lib/engines var/run/named &amp;&amp;
349mknod /srv/named/dev/null c 1 3 &amp;&amp;
350mknod /srv/named/dev/urandom c 1 9 &amp;&amp;
351chmod 666 /srv/named/dev/{null,urandom} &amp;&amp;
352cp /etc/localtime etc</userinput></screen>
353
354 <para>
355 The <filename>rndc.conf</filename> file contains information for
356 controlling <command>named</command> operations with the
357 <command>rndc</command> utility. Generate a key for use in the
358 <filename>named.conf</filename> and <filename>rdnc.conf</filename>
359 with the <command>rndc-confgen</command> command:
360 </para>
361
362<screen role="root"><userinput>rndc-confgen -a -b 512 -t /srv/named</userinput></screen>
363
364 <para>
365 Complete the <filename>named.conf</filename> file from which
366 <command>named</command> will read the location of zone files, root
367 name servers and secure DNS keys:
368 </para>
369
370<screen role="root"><?dbfo keep-together="auto"?><userinput>cat &gt;&gt; /srv/named/etc/named.conf &lt;&lt; "EOF"
371<literal>options {
372 directory "/etc/named";
373 pid-file "/var/run/named.pid";
374 statistics-file "/var/run/named.stats";
375
376};
377zone "." {
378 type hint;
379 file "root.hints";
380};
381zone "0.0.127.in-addr.arpa" {
382 type master;
383 file "pz/127.0.0";
384};
385
386// Bind 9 now logs by default through syslog (except debug).
387// These are the default logging rules.
388
389logging {
390 category default { default_syslog; default_debug; };
391 category unmatched { null; };
392
393 channel default_syslog {
394 syslog daemon; // send to syslog's daemon
395 // facility
396 severity info; // only send priority info
397 // and higher
398 };
399
400 channel default_debug {
401 file "named.run"; // write to named.run in
402 // the working directory
403 // Note: stderr is used instead
404 // of "named.run"
405 // if the server is started
406 // with the '-f' option.
407 severity dynamic; // log at the server's
408 // current debug level
409 };
410
411 channel default_stderr {
412 stderr; // writes to stderr
413 severity info; // only send priority info
414 // and higher
415 };
416
417 channel null {
418 null; // toss anything sent to
419 // this channel
420 };
421};</literal>
422EOF</userinput></screen>
423
424 <para>
425 Create a zone file with the following contents:
426 </para>
427
428<screen role="root"><userinput>cat &gt; /srv/named/etc/named/pz/127.0.0 &lt;&lt; "EOF"
429<literal>$TTL 3D
430@ IN SOA ns.local.domain. hostmaster.local.domain. (
431 1 ; Serial
432 8H ; Refresh
433 2H ; Retry
434 4W ; Expire
435 1D) ; Minimum TTL
436 NS ns.local.domain.
4371 PTR localhost.</literal>
438EOF</userinput></screen>
439
440 <para>
441 Create the <filename>root.hints</filename> file with the following
442 commands:
443 </para>
444
445 <note>
446 <para>
447 Caution must be used to ensure there are no leading spaces in
448 this file.
449 </para>
450 </note>
451
452<screen role="root"><userinput>cat &gt; /srv/named/etc/named/root.hints &lt;&lt; "EOF"
453<literal>. 6D IN NS A.ROOT-SERVERS.NET.
454. 6D IN NS B.ROOT-SERVERS.NET.
455. 6D IN NS C.ROOT-SERVERS.NET.
456. 6D IN NS D.ROOT-SERVERS.NET.
457. 6D IN NS E.ROOT-SERVERS.NET.
458. 6D IN NS F.ROOT-SERVERS.NET.
459. 6D IN NS G.ROOT-SERVERS.NET.
460. 6D IN NS H.ROOT-SERVERS.NET.
461. 6D IN NS I.ROOT-SERVERS.NET.
462. 6D IN NS J.ROOT-SERVERS.NET.
463. 6D IN NS K.ROOT-SERVERS.NET.
464. 6D IN NS L.ROOT-SERVERS.NET.
465. 6D IN NS M.ROOT-SERVERS.NET.
466A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
467A.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:ba3e::2:30
468B.ROOT-SERVERS.NET. 6D IN A 192.228.79.201
469B.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:200::b
470C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
471C.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2::c
472D.ROOT-SERVERS.NET. 6D IN A 199.7.91.13
473D.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2d::d
474E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
475E.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:a8::e
476F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
477F.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2f::f
478G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
479G.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:12::d0d
480H.ROOT-SERVERS.NET. 6D IN A 198.97.190.53
481H.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:1::53
482I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
483I.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fe::53
484J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30
485J.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:c27::2:30
486K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129
487K.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fd::1
488L.ROOT-SERVERS.NET. 6D IN A 199.7.83.42
489L.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:9f::42
490M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33
491M.ROOT-SERVERS.NET. 6D IN AAAA 2001:dc3::35</literal>
492EOF</userinput></screen>
493
494 <para>
495 The <filename>root.hints</filename> file is a list of root name
496 servers. This file must be updated periodically with the
497 <command>dig</command> utility. A current copy of root.hints can be
498 obtained from <ulink url="ftp://rs.internic.net/domain/named.root" />.
499 For details, consult the "BIND 9 Administrator Reference Manual",
500 included in every source archive of BIND 9 distributed by ISC, in HTML
501 and PDF formats, also available at <ulink
502 url="ftp://ftp.isc.org/isc/bind9/cur/&bind-minor-version;/doc/arm/Bv9ARM.html">
503 BIND 9 Administrator Reference Manual</ulink>.
504 </para>
505
506 <para>
507 Create or modify <filename>resolv.conf</filename> to use the new
508 name server with the following commands:
509 </para>
510
511 <note>
512 <para>
513 Replace <replaceable>&lt;yourdomain.com&gt;</replaceable> with
514 your own valid domain name.
515 </para>
516 </note>
517
518<screen role="root"><userinput>cp /etc/resolv.conf /etc/resolv.conf.bak &amp;&amp;
519cat &gt; /etc/resolv.conf &lt;&lt; "EOF"
520<literal>search <replaceable>&lt;yourdomain.com&gt;</replaceable>
521nameserver 127.0.0.1</literal>
522EOF</userinput></screen>
523
524 <para>
525 Set permissions on the <command>chroot</command> jail with the
526 following command:
527 </para>
528
529<screen role="root"><userinput>chown -R named:named /srv/named</userinput></screen>
530
531 </sect3>
532
533 <sect3 id="bind-init">
534 <title><phrase revision="sysv">Boot Script</phrase>
535 <phrase revision="systemd">Systemd Unit</phrase></title>
536
537 <para>
538 To start the DNS server at boot, install the
539 <phrase revision="sysv"><filename>/etc/rc.d/init.d/bind</filename> init
540 script</phrase>
541 <phrase revision="systemd"><filename>named.service</filename>
542 unit</phrase> included in the
543 <xref linkend="bootscripts" revision="sysv"/>
544 <xref linkend="systemd-units" revision="systemd"/> package:
545 </para>
546
547 <indexterm zone="bind bind-init">
548 <primary sortas="f-bind">bind</primary>
549 </indexterm>
550
551<screen role="root" revision="sysv"><userinput>make install-bind</userinput></screen>
552<screen role="root" revision="systemd"><userinput>make install-named</userinput></screen>
553
554 <para>
555 Now start <application>BIND</application> with the following command:
556 </para>
557
558<screen role="root" revision="sysv"><userinput>/etc/rc.d/init.d/bind start</userinput></screen>
559<screen role="root" revision="systemd"><userinput>systemctl start named</userinput></screen>
560
561 </sect3>
562
563 <sect3>
564 <title>Testing BIND</title>
565
566 <para>
567 Test out the new <application>BIND</application> 9 installation.
568 First query the local host address with <command>dig</command>:
569 </para>
570
571<screen><userinput>dig -x 127.0.0.1</userinput></screen>
572
573 <para>
574 Now try an external name lookup, taking note of the speed
575 difference in repeated lookups due to the caching. Run the
576 <command>dig</command> command twice on the same address:
577 </para>
578
579<screen><userinput>dig www.&lfs-domainname; &amp;&amp;
580dig www.&lfs-domainname;</userinput></screen>
581
582 <para>
583 You can see almost instantaneous results with the named caching
584 lookups. Consult the <application>BIND</application> Administrator
585 Reference Manual located at <filename>doc/arm/Bv9ARM.html</filename>
586 in the package source tree, for further configuration options.
587 </para>
588
589 </sect3>
590
591 </sect2>
592
593 <sect2 role="content">
594 <title>Contents</title>
595
596 <segmentedlist>
597 <segtitle>Installed Programs</segtitle>
598 <segtitle>Installed Libraries</segtitle>
599 <segtitle>Installed Directories</segtitle>
600
601 <seglistitem>
602
603 <seg>arpaname, bind9-config hardlinked to isc-config.sh, ddns-confgen,
604 delv, dig, dnssec-dsfromkey,
605 dnssec-importkey, dnssec-keyfromlabel, dnssec-keygen, dnssec-revoke,
606 dnssec-settime, dnssec-signzone, dnssec-verify, genrandom, host,
607 isc-hmac-fixup, lwresd hardlinked to named, named-checkconf,
608 named-checkzone, named-compilezone (symlink), named-journalprint,
609 named-rrchecker, nsec3hash, nslookup, nsupdate, rndc, rndc-confgen,
610 and tsig-keygen (symlink)</seg>
611
612 <seg>libbind9.so, libdns.so, libirs.so, libisc.so, libisccc.so,
613 libisccfg.so, and liblwres.so</seg>
614
615 <seg>/usr/include/{bind9,dns,dst,irs,isc,isccc,isccfg,lwres,pk11,pkcs11},
616 /usr/share/doc/bind-&bind-version; and /srv/named</seg>
617 </seglistitem>
618 </segmentedlist>
619
620 <variablelist>
621 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
622 <?dbfo list-presentation="list"?>
623 <?dbhtml list-presentation="table"?>
624
625 <varlistentry id="arpaname">
626 <term><command>arpaname</command></term>
627 <listitem>
628 <para>
629 translates IP addresses to the corresponding ARPA names.
630 </para>
631 <indexterm zone="bind arpaname">
632 <primary sortas="b-arpaname">arpaname</primary>
633 </indexterm>
634 </listitem>
635 </varlistentry>
636
637 <varlistentry id="bind9-config">
638 <term><command>bind9-config</command></term>
639 <listitem>
640 <para>
641 is hardlinked to <command>isc-config.sh</command>.
642 </para>
643 <indexterm zone="bind bind9-config">
644 <primary sortas="b-bind9-config">bind9-config</primary>
645 </indexterm>
646 </listitem>
647 </varlistentry>
648
649 <varlistentry id="ddns-confgen">
650 <term><command>ddns-confgen</command></term>
651 <listitem>
652 <para>
653 generates a key for use by nsupdate and named.
654 </para>
655 <indexterm zone="bind ddns-confgen">
656 <primary sortas="b-ddns-confgen">ddns-confgen</primary>
657 </indexterm>
658 </listitem>
659 </varlistentry>
660
661 <varlistentry id="delv">
662 <term><command>delv</command></term>
663 <listitem>
664 <para>
665 is a new debugging tool that is a successor to
666 <command>dig</command>.
667 </para>
668 <indexterm zone="bind delv">
669 <primary sortas="b-delv">delv</primary>
670 </indexterm>
671 </listitem>
672 </varlistentry>
673
674 <varlistentry id="dig">
675 <term><command>dig</command></term>
676 <listitem>
677 <para>
678 interrogates DNS servers.
679 </para>
680 <indexterm zone="bind dig">
681 <primary sortas="b-dig">dig</primary>
682 </indexterm>
683 </listitem>
684 </varlistentry>
685<!--
686 <varlistentry id="dnssec-checkds">
687 <term><command>dnssec-checkds</command></term>
688 <listitem>
689 <para>
690 is a DNSSEC delegation consistency checking tool.
691 </para>
692 <indexterm zone="bind dnssec-checkds">
693 <primary sortas="b-dnssec-checkds">dnssec-checkds</primary>
694 </indexterm>
695 </listitem>
696 </varlistentry>
697
698 <varlistentry id="dnssec-coverage">
699 <term><command>dnssec-coverage</command></term>
700 <listitem>
701 <para>
702 verifies that the DNSSEC keys for a given zone or a set of zones
703 have timing metadata set properly to ensure no future lapses
704 in DNSSEC coverage.
705 </para>
706 <indexterm zone="bind dnssec-coverage">
707 <primary sortas="b-dnssec-coverage">dnssec-coverage</primary>
708 </indexterm>
709 </listitem>
710 </varlistentry>-->
711
712 <varlistentry id="dnssec-dsfromkey">
713 <term><command>dnssec-dsfromkey</command></term>
714 <listitem>
715 <para>
716 outputs the Delegation Signer (DS) resource record (RR).
717 </para>
718 <indexterm zone="bind dnssec-dsfromkey">
719 <primary sortas="b-dnssec-dsfromkey">dnssec-dsfromkey</primary>
720 </indexterm>
721 </listitem>
722 </varlistentry>
723
724 <varlistentry id="dnssec-importkey">
725 <term><command>dnssec-importkey</command></term>
726 <listitem>
727 <para>
728 reads a public DNSKEY record and generates a pair of
729 .key/.private files.
730 </para>
731 <indexterm zone="bind dnssec-importkey">
732 <primary sortas="b-dnssec-importkey">dnssec-importkey</primary>
733 </indexterm>
734 </listitem>
735 </varlistentry>
736
737 <varlistentry id="dnssec-keyfromlabel">
738 <term><command>dnssec-keyfromlabel</command></term>
739 <listitem>
740 <para>
741 gets keys with the given label from a crypto hardware and builds
742 key files for DNSSEC.
743 </para>
744 <indexterm zone="bind dnssec-keyfromlabel">
745 <primary sortas="b-dnssec-keyfromlabel">dnssec-keyfromlabel</primary>
746 </indexterm>
747 </listitem>
748 </varlistentry>
749
750 <varlistentry id="dnssec-keygen">
751 <term><command>dnssec-keygen</command></term>
752 <listitem>
753 <para>
754 is a key generator for secure DNS.
755 </para>
756 <indexterm zone="bind dnssec-keygen">
757 <primary sortas="b-dnssec-keygen">dnssec-keygen</primary>
758 </indexterm>
759 </listitem>
760 </varlistentry>
761
762 <varlistentry id="dnssec-revoke">
763 <term><command>dnssec-revoke</command></term>
764 <listitem>
765 <para>
766 sets the REVOKED bit on a DNSSEC key.
767 </para>
768 <indexterm zone="bind dnssec-revoke">
769 <primary sortas="b-dnssec-revoke">dnssec-revoke</primary>
770 </indexterm>
771 </listitem>
772 </varlistentry>
773
774 <varlistentry id="dnssec-settime">
775 <term><command>dnssec-settime</command></term>
776 <listitem>
777 <para>
778 sets the key timing metadata for a DNSSEC key.
779 </para>
780 <indexterm zone="bind dnssec-settime">
781 <primary sortas="b-dnssec-settime">dnssec-settime</primary>
782 </indexterm>
783 </listitem>
784 </varlistentry>
785
786 <varlistentry id="dnssec-signzone">
787 <term><command>dnssec-signzone</command></term>
788 <listitem>
789 <para>
790 generates signed versions of zone files.
791 </para>
792 <indexterm zone="bind dnssec-signzone">
793 <primary sortas="b-dnssec-signzone">dnssec-signzone</primary>
794 </indexterm>
795 </listitem>
796 </varlistentry>
797
798 <varlistentry id="dnssec-verify">
799 <term><command>dnssec-verify</command></term>
800 <listitem>
801 <para>
802 verifies that a zone is fully signed for each algorithm found
803 in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
804 chains are complete.
805 </para>
806 <indexterm zone="bind dnssec-verify">
807 <primary sortas="b-dnssec-verify">dnssec-verify</primary>
808 </indexterm>
809 </listitem>
810 </varlistentry>
811
812 <varlistentry id="genrandom">
813 <term><command>genrandom</command></term>
814 <listitem>
815 <para>
816 generates a file containing random data.
817 </para>
818 <indexterm zone="bind genrandom">
819 <primary sortas="b-genrandom">genrandom</primary>
820 </indexterm>
821 </listitem>
822 </varlistentry>
823
824 <varlistentry id="host">
825 <term><command>host</command></term>
826 <listitem>
827 <para>
828 is a utility for DNS lookups.
829 </para>
830 <indexterm zone="bind host">
831 <primary sortas="b-host">host</primary>
832 </indexterm>
833 </listitem>
834 </varlistentry>
835
836 <varlistentry id="isc-config.sh">
837 <term><command>isc-config.sh</command></term>
838 <listitem>
839 <para>
840 prints information related to the installed version of ISC BIND.
841 </para>
842 <indexterm zone="bind isc-config.sh">
843 <primary sortas="b-isc-config.sh">isc-config.sh</primary>
844 </indexterm>
845 </listitem>
846 </varlistentry>
847
848 <varlistentry id="isc-hmac-fixup">
849 <term><command>isc-hmac-fixup</command></term>
850 <listitem>
851 <para>
852 fixes HMAC keys generated by older versions of BIND.
853 </para>
854 <indexterm zone="bind isc-hmac-fixup">
855 <primary sortas="b-isc-hmac-fixup">isc-hmac-fixup</primary>
856 </indexterm>
857 </listitem>
858 </varlistentry>
859
860 <varlistentry id="lwresd">
861 <term><command>lwresd</command></term>
862 <listitem>
863 <para>
864 is a caching-only name server for local process use.
865 </para>
866 <indexterm zone="bind lwresd">
867 <primary sortas="b-lwresd">lwresd</primary>
868 </indexterm>
869 </listitem>
870 </varlistentry>
871
872 <varlistentry id="named">
873 <term><command>named</command></term>
874 <listitem>
875 <para>
876 is the name server daemon.
877 </para>
878 <indexterm zone="bind named">
879 <primary sortas="b-named">named</primary>
880 </indexterm>
881 </listitem>
882 </varlistentry>
883
884 <varlistentry id="named-checkconf">
885 <term><command>named-checkconf</command></term>
886 <listitem>
887 <para>
888 checks the syntax of <filename>named.conf</filename>
889 files.
890 </para>
891 <indexterm zone="bind named-checkconf">
892 <primary sortas="b-named-checkconf">named-checkconf</primary>
893 </indexterm>
894 </listitem>
895 </varlistentry>
896
897 <varlistentry id="named-checkzone">
898 <term><command>named-checkzone</command></term>
899 <listitem>
900 <para>
901 checks zone file validity.
902 </para>
903 <indexterm zone="bind named-checkzone">
904 <primary sortas="b-named-checkzone">named-checkzone</primary>
905 </indexterm>
906 </listitem>
907 </varlistentry>
908
909 <varlistentry id="named-compilezone">
910 <term><command>named-compilezone</command></term>
911 <listitem>
912 <para>
913 is similar to <command>named-checkzone</command>, but it always
914 dumps the zone contents to a specified file in a specified format.
915 </para>
916 <indexterm zone="bind named-compilezone">
917 <primary sortas="b-named-compilezone">named-compilezone</primary>
918 </indexterm>
919 </listitem>
920 </varlistentry>
921
922 <varlistentry id="named-journalprint">
923 <term><command>named-journalprint</command></term>
924 <listitem>
925 <para>
926 prints the zone journal in human-readable form.
927 </para>
928 <indexterm zone="bind named-journalprint">
929 <primary sortas="b-named-journalprint">named-journalprint</primary>
930 </indexterm>
931 </listitem>
932 </varlistentry>
933
934 <varlistentry id="named-rrchecker">
935 <term><command>named-rrchecker</command></term>
936 <listitem>
937 <para>
938 reads an individual DNS resource record from standard input and
939 checks if it is syntactically correct.
940 </para>
941 <indexterm zone="bind named-rrchecker">
942 <primary sortas="b-named-rrchecker">named-rrchecker</primary>
943 </indexterm>
944 </listitem>
945 </varlistentry>
946
947 <varlistentry id="nsec3hash">
948 <term><command>nsec3hash</command></term>
949 <listitem>
950 <para>
951 generates an NSEC3 hash based on a set of NSEC3 parameters.
952 </para>
953 <indexterm zone="bind nsec3hash">
954 <primary sortas="b-nsec3hash">nsec3hash</primary>
955 </indexterm>
956 </listitem>
957 </varlistentry>
958
959 <varlistentry id="nslookup">
960 <term><command>nslookup</command></term>
961 <listitem>
962 <para>
963 is a program used to query Internet domain nameservers.
964 </para>
965 <indexterm zone="bind nslookup">
966 <primary sortas="b-nslookup">nslookup</primary>
967 </indexterm>
968 </listitem>
969 </varlistentry>
970
971 <varlistentry id="nsupdate">
972 <term><command>nsupdate</command></term>
973 <listitem>
974 <para>
975 is used to submit DNS update requests.
976 </para>
977 <indexterm zone="bind nsupdate">
978 <primary sortas="b-nsupdate">nsupdate</primary>
979 </indexterm>
980 </listitem>
981 </varlistentry>
982
983 <varlistentry id="rndc">
984 <term><command>rndc</command></term>
985 <listitem>
986 <para>
987 controls the operation of <application>BIND</application>.
988 </para>
989 <indexterm zone="bind rndc">
990 <primary sortas="b-rndc">rndc</primary>
991 </indexterm>
992 </listitem>
993 </varlistentry>
994
995 <varlistentry id="rndc-confgen">
996 <term><command>rndc-confgen</command></term>
997 <listitem>
998 <para>
999 generates <filename>rndc.conf</filename> files.
1000 </para>
1001 <indexterm zone="bind rndc-confgen">
1002 <primary sortas="b-rndc-confgen">rndc-confgen</primary>
1003 </indexterm>
1004 </listitem>
1005 </varlistentry>
1006
1007 <varlistentry id="tsig-keygen">
1008 <term><command>tsig-keygen</command></term>
1009 <listitem>
1010 <para>
1011 is a symlink to <command>ddns-confgen</command>.
1012 </para>
1013 <indexterm zone="bind tsig-keygen">
1014 <primary sortas="b-tsig-keygen">tsig-keygen</primary>
1015 </indexterm>
1016 </listitem>
1017 </varlistentry>
1018
1019 </variablelist>
1020
1021 </sect2>
1022
1023</sect1>
Note: See TracBrowser for help on using the repository browser.