Context Navigation

bind.xml@ 6d90301

Visit:

12.0 12.1 gimp3 ken/TL2024 ken/tuningfonts lazarus lxqt plabs/newcss python3.11 rahul/power-profiles-daemon renodr/vulkan-addition trunk xry111/for-12.3 xry111/llvm18 xry111/spidermonkey128

Last change on this file since 6d90301 was 14891a90, checked in by Xi Ruoyao <xry111@…>, 14 months ago

treewide: More "User Notes" clean up

Remove links to pages w/o real contents.

Property mode set to 100644

File size: 35.9 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY bind-download-http "https://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.xz">
8	<!ENTITY bind-download-ftp "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.xz">
9	<!ENTITY bind-md5sum "&bind-md5;">
10	<!ENTITY bind-size "5.2 MB">
11	<!ENTITY bind-buildsize "145 MB (26 MB installed)">
12	<!ENTITY bind-time "0.7 SBU (with parallelism=4; about 40 minutes somewhat processor independent, to run the complete test suite)">
13	]>
14
15	<sect1 id="bind" xreflabel="BIND-&bind-version;">
16	<?dbhtml filename="bind.html"?>
17
18
19	<title>BIND-&bind-version;</title>
20
21	<indexterm zone="bind">
22	<primary sortas="a-BIND">BIND</primary>
23	</indexterm>
24
25	<sect2 role="package">
26	<title>Introduction to BIND</title>
27
28	<para>
29	The <application>BIND</application> package provides a DNS server
30	and client utilities. If you are only interested in the utilities, refer
31	to the <xref linkend="bind-utils"/>.
32	</para>
33
34	&lfs113_checked;
35
36	<bridgehead renderas="sect3">Package Information</bridgehead>
37	<itemizedlist spacing="compact">
38	<listitem>
39	<para>
40	Download (HTTP): <ulink url="&bind-download-http;"/>
41	</para>
42	</listitem>
43	<listitem>
44	<para>
45	Download (FTP): <ulink url="&bind-download-ftp;"/>
46	</para>
47	</listitem>
48	<listitem>
49	<para>
50	Download MD5 sum: &bind-md5sum;
51	</para>
52	</listitem>
53	<listitem>
54	<para>
55	Download size: &bind-size;
56	</para>
57	</listitem>
58	<listitem>
59	<para>
60	Estimated disk space required: &bind-buildsize;
61	</para>
62	</listitem>
63	<listitem>
64	<para>
65	Estimated build time: &bind-time;
66	</para>
67	</listitem>
68	</itemizedlist>
69	<!--
70	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
71	<itemizedlist spacing="compact">
72	<listitem>
73	<para>
74	Required patch:
75	<ulink url="&patch-root;/bind-&bind-version;-upstream_fixes-1.patch"/>
76	</para>
77	</listitem>
78	</itemizedlist>
79	-->
80	<bridgehead renderas="sect3">BIND Dependencies</bridgehead>
81
82	<bridgehead renderas="sect4">Required</bridgehead>
83	<para role="required">
84	<xref linkend="libuv"/>
85	</para>
86
87	<bridgehead renderas="sect4">Recommended</bridgehead>
88	<para role="recommended">
89	<xref linkend="json-c"/> and
90	<xref linkend="libcap-pam"/>
91	</para>
92
93	<bridgehead renderas="sect4">Optional</bridgehead>
94	<para role="optional">
95	<xref linkend="curl"/>,
96	<xref linkend="libidn2"/>,
97	<xref linkend="libxml2"/>,
98	<xref linkend="lmdb"/>,
99	<xref linkend="mitkrb"/>,
100	<xref linkend="pytest"/>,
101	<xref linkend="sphinx"/> (required to build documentation),
102	<ulink url="https://cmocka.org/">cmocka</ulink>,
103	<ulink url="https://github.com/cjheath/geoip">geoip</ulink>,
104	<ulink url="https://github.com/jemalloc/jemalloc">jemalloc</ulink>,
105	<ulink url="&w3m-url;">w3m</ulink>
106	</para>
107
108	<bridgehead renderas="sect4">Optional database backends</bridgehead>
109	<para role="optional">
110	<xref linkend="db"/>,
111	<xref linkend="mariadb"/> or <ulink url="https://www.mysql.com/">MySQL</ulink>,
112	<xref linkend="openldap"/>,
113	<xref linkend="postgresql"/>, and
114	<xref linkend="unixodbc"/>
115	</para>
116
117	<bridgehead renderas="sect4">Optional (to run the test suite)</bridgehead>
118	<para role="optional">
119	<xref linkend="perl-net-dns"/>
120	</para>
121
122	<!-- docs are now all sphinx based
123	<bridgehead renderas="sect4">Optional (to rebuild the documentation)</bridgehead>
124	<para role="optional">
125	<xref linkend="doxygen"/>,
126	<xref linkend="libxslt"/>, and
127	<xref linkend="texlive"/> (or <xref linkend="tl-installer"/>)
128	</para>
129	-->
130
131	</sect2>
132
133	<sect2 role="installation">
134	<title>Installation of BIND</title>
135
136	<!--
137	<para>
138	To ensure <application>BIND</application> will build dnssec-keymgr,
139	install a python module as the <systemitem
140	class="username">root</systemitem> user:
141	</para>
142
143	<screen role="root"><userinput>pip3 install ply</userinput></screen>
144	-->
145
146	<para>
147	Install <application>BIND</application> by running the
148	following commands:
149	</para>
150
151	<screen><userinput>./configure --prefix=/usr \
152	--sysconfdir=/etc \
153	--localstatedir=/var \
154	--mandir=/usr/share/man \
155	--disable-static &&
156	make</userinput></screen>
157
158	<para>
159	Issue the following commands to run the complete suite of tests.
160	First, as the <systemitem class="username">root</systemitem> user, set up
161	some test interfaces:
162	</para>
163
164	<note>
165	<para>
166	If IPv6 is not enabled in the kernel, there will be several
167	error messages: "RTNETLINK answers: Operation not permitted". These
168	messages do not affect the tests.
169	</para>
170	</note>
171
172	<screen role="root"
173	remap="test"><userinput>bin/tests/system/ifconfig.sh up</userinput></screen>
174
175	<para>
176	The test suite may indicate some skipped tests depending on
177	what configuration options are used. Some tests are marked
178	<quote>UNTESTED</quote> or do even fail if <xref linkend="perl-net-dns"/>
179	is not installed. <!--One test, <quote>CPU</quote>, is known to fail.-->
180	To run the tests, as an unprivileged user, execute:
181	</para>
182
183	<screen remap="test"><userinput>make -k check</userinput></screen>
184
185	<para>
186	Again as <systemitem class="username">root</systemitem>, clean up the
187	test interfaces:
188	</para>
189
190	<screen role="root"
191	remap="test"><userinput>bin/tests/system/ifconfig.sh down</userinput></screen>
192
193	<para>
194	Finally, install the package as the <systemitem
195	class="username">root</systemitem> user:
196	</para>
197
198	<!-- Documentation is an issue - The docs are now all in .rst format and appear
199	to be sphinx based. install source .rst files for now...
200
201	leave docs untouched as they does only use disk space when not
202	used to recreate the docs via Sphinx. I've added a note regarding
203	the documentation. (thomas)
204
205	<screen role="root"><userinput>make install &&
206
207	install -vdm 755 /usr/share/doc/bind-&bind-version;/{arm,dnssec-guide} &&
208	install doc/arm/* /usr/share/doc/bind-&bind-version;/arm &&
209	install doc/dnssec-guide/* /usr/share/doc/bind-&bind-version;/dnssec-guide</userinput></screen>
210	-->
211	<screen role="root"><userinput>make install</userinput></screen>
212
213	</sect2>
214
215	<sect2 role="commands">
216	<title>Command Explanations</title>
217
218	<para>
219	<parameter>--sysconfdir=/etc</parameter>: This parameter forces
220	<application>BIND</application> to look for configuration
221	files in <filename class='directory'>/etc</filename> instead of
222	<filename class='directory'>/usr/etc</filename>.
223	</para>
224
225	<!-- Seems to be removed in 9.18.0
226	<para>
227	<parameter>- -with-libtool</parameter>: This parameter forces the
228	building of dynamic libraries and links the installed binaries to these
229	libraries.
230	</para>
231	-->
232
233	<para>
234	<option>--with-libidn2</option>: This parameter enables
235	the IDNA2008 (Internationalized Domain Names in Applications)
236	support.
237	</para>
238
239	<para>
240	<option>--enable-fetchlimit</option>: Use this option if you want
241	to be able to limit the rate of recursive client queries. This may be
242	useful on servers which receive a large number of queries.
243	</para>
244
245	<para>
246	<option>--disable-linux-caps</option>: BIND can also be built without
247	capability support by using this option, at the cost of some loss of
248	security.
249	</para>
250
251	<para>
252	<option>--with-dlz-{mysql,bdb,filesystem,ldap,odbc,stub}</option>: Use
253	one (or more) of those options to add Dynamically Loadable Zones support.
254	For more information refer to <ulink
255	url="https://bind-dlz.sourceforge.net/">bind-dlz.sourceforge.net</ulink>.
256	</para>
257
258	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
259	href="../../xincludes/static-libraries.xml"/>
260
261	</sect2>
262
263	<sect2 role="configuration">
264	<title>Configuring BIND</title>
265
266	<sect3 id="bind-config">
267	<title>Config files</title>
268
269	<para>
270	<filename>named.conf</filename>,
271	<filename>root.hints</filename>,
272	<filename>127.0.0</filename>,
273	<filename>rndc.conf</filename>, and
274	<filename>resolv.conf</filename>
275	</para>
276
277	<indexterm zone="bind bind-config">
278	<primary sortas="e-etc-named.conf">/etc/named.conf</primary>
279	</indexterm>
280
281	<indexterm zone="bind bind-config">
282	<primary sortas="e-etc-rndc.conf">/etc/rndc.conf</primary>
283	</indexterm>
284
285	<indexterm zone="bind bind-config">
286	<primary sortas="e-etc-resolv.conf">/etc/resolv.conf</primary>
287	</indexterm>
288
289	<indexterm zone="bind bind-config">
290	<primary
291	sortas="e-etc-namedb-root.hints">/etc/namedb/root.hints</primary>
292	</indexterm>
293
294	<indexterm zone="bind bind-config">
295	<primary
296	sortas="e-etc-namedb-pz-127.0.0.0">/etc/namedb/pz/127.0.0.0</primary>
297	</indexterm>
298	</sect3>
299
300	<sect3>
301	<title>Configuration Information</title>
302
303	<para>
304	<application>BIND</application> will be configured to run in a
305	<command>chroot</command> jail as an unprivileged user (<systemitem
306	class="username">named</systemitem>). This configuration is more secure
307	in that a DNS compromise can only affect a few files in the <systemitem
308	class="username">named</systemitem> user's <envar>HOME</envar>
309	directory.
310	</para>
311
312	<para>
313	Create the unprivileged user and group <systemitem
314	class="username">named</systemitem>:
315	</para>
316
317	<screen role="root"><userinput>groupadd -g 20 named &&
318	useradd -c "BIND Owner" -g named -s /bin/false -u 20 named &&
319	install -d -m770 -o named -g named /srv/named</userinput></screen>
320
321	<para>
322	Set up some files, directories and devices needed by
323	<application>BIND</application>:
324	</para>
325
326	<screen role="root"><userinput>mkdir -p /srv/named &&
327	cd /srv/named &&
328	mkdir -p dev etc/named/{slave,pz} usr/lib/engines var/run/named &&
329	mknod /srv/named/dev/null c 1 3 &&
330	mknod /srv/named/dev/urandom c 1 9 &&
331	chmod 666 /srv/named/dev/{null,urandom} &&
332	cp /etc/localtime etc</userinput></screen>
333
334	<para>
335	The <filename>rndc.conf</filename> file contains information for
336	controlling <command>named</command> operations with the
337	<command>rndc</command> utility. Generate a key for use in the
338	<filename>named.conf</filename> and <filename>rndc.conf</filename>
339	with the <command>rndc-confgen</command> command:
340	</para>
341
342	<screen role="root"><userinput>rndc-confgen -a -b 512 -t /srv/named</userinput></screen>
343
344	<para>
345	Complete the <filename>named.conf</filename> file from which
346	<command>named</command> will read the location of zone files, root
347	name servers and secure DNS keys:
348	</para>
349
350	<screen role="root"><?dbfo keep-together="auto"?><userinput>cat >> /srv/named/etc/named.conf << "EOF"
351	<literal>options {
352	directory "/etc/named";
353	pid-file "/var/run/named.pid";
354	statistics-file "/var/run/named.stats";
355
356	};
357	zone "." {
358	type hint;
359	file "root.hints";
360	};
361	zone "0.0.127.in-addr.arpa" {
362	type master;
363	file "pz/127.0.0";
364	};
365
366	// Bind 9 now logs by default through syslog (except debug).
367	// These are the default logging rules.
368
369	logging {
370	category default { default_syslog; default_debug; };
371	category unmatched { null; };
372
373	channel default_syslog {
374	syslog daemon; // send to syslog's daemon
375	// facility
376	severity info; // only send priority info
377	// and higher
378	};
379
380	channel default_debug {
381	file "named.run"; // write to named.run in
382	// the working directory
383	// Note: stderr is used instead
384	// of "named.run"
385	// if the server is started
386	// with the '-f' option.
387	severity dynamic; // log at the server's
388	// current debug level
389	};
390
391	channel default_stderr {
392	stderr; // writes to stderr
393	severity info; // only send priority info
394	// and higher
395	};
396
397	channel null {
398	null; // toss anything sent to
399	// this channel
400	};
401	};</literal>
402	EOF</userinput></screen>
403
404	<para>
405	Create a zone file with the following contents:
406	</para>
407
408	<screen role="root"><userinput>cat > /srv/named/etc/named/pz/127.0.0 << "EOF"
409	<literal>$TTL 3D
410	@ IN SOA ns.local.domain. hostmaster.local.domain. (
411	1 ; Serial
412	8H ; Refresh
413	2H ; Retry
414	4W ; Expire
415	1D) ; Minimum TTL
416	NS ns.local.domain.
417	1 PTR localhost.</literal>
418	EOF</userinput></screen>
419
420	<para>
421	Create the <filename>root.hints</filename> file with the following
422	commands:
423	</para>
424
425	<note>
426	<para>
427	Caution must be used to ensure there are no leading spaces in
428	this file.
429	</para>
430	</note>
431
432	<screen role="root"><userinput>cat > /srv/named/etc/named/root.hints << "EOF"
433	<literal>. 6D IN NS A.ROOT-SERVERS.NET.
434	. 6D IN NS B.ROOT-SERVERS.NET.
435	. 6D IN NS C.ROOT-SERVERS.NET.
436	. 6D IN NS D.ROOT-SERVERS.NET.
437	. 6D IN NS E.ROOT-SERVERS.NET.
438	. 6D IN NS F.ROOT-SERVERS.NET.
439	. 6D IN NS G.ROOT-SERVERS.NET.
440	. 6D IN NS H.ROOT-SERVERS.NET.
441	. 6D IN NS I.ROOT-SERVERS.NET.
442	. 6D IN NS J.ROOT-SERVERS.NET.
443	. 6D IN NS K.ROOT-SERVERS.NET.
444	. 6D IN NS L.ROOT-SERVERS.NET.
445	. 6D IN NS M.ROOT-SERVERS.NET.
446	A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
447	A.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:ba3e::2:30
448	B.ROOT-SERVERS.NET. 6D IN A 199.9.14.201
449	B.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:200::b
450	C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
451	C.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2::c
452	D.ROOT-SERVERS.NET. 6D IN A 199.7.91.13
453	D.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2d::d
454	E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
455	E.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:a8::e
456	F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
457	F.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2f::f
458	G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
459	G.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:12::d0d
460	H.ROOT-SERVERS.NET. 6D IN A 198.97.190.53
461	H.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:1::53
462	I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
463	I.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fe::53
464	J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30
465	J.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:c27::2:30
466	K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129
467	K.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fd::1
468	L.ROOT-SERVERS.NET. 6D IN A 199.7.83.42
469	L.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:9f::42
470	M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33
471	M.ROOT-SERVERS.NET. 6D IN AAAA 2001:dc3::35</literal>
472	EOF</userinput></screen>
473
474	<para>
475	The <filename>root.hints</filename> file is a list of root name
476	servers. This file must be updated periodically with the
477	<command>dig</command> utility. A current copy of root.hints can be
478	obtained from <ulink url="https://www.internic.net/domain/named.root"/>.
479	For details, consult the "BIND 9 Administrator Reference Manual".
480	</para>
481
482	<para>
483	Create or modify <filename>resolv.conf</filename> to use the new
484	name server with the following commands:
485	</para>
486
487	<note>
488	<para>
489	Replace <replaceable><yourdomain.com></replaceable> with
490	your own valid domain name.
491	</para>
492	</note>
493
494	<screen role="root"><userinput>cp /etc/resolv.conf /etc/resolv.conf.bak &&
495	cat > /etc/resolv.conf << "EOF"
496	<literal>search <replaceable><yourdomain.com></replaceable>
497	nameserver 127.0.0.1</literal>
498	EOF</userinput></screen>
499
500	<para>
501	Set permissions on the <command>chroot</command> jail with the
502	following command:
503	</para>
504
505	<screen role="root"><userinput>chown -R named:named /srv/named</userinput></screen>
506
507	</sect3>
508
509	<sect3 id="bind-init">
510	<title><phrase revision="sysv">Boot Script</phrase>
511	<phrase revision="systemd">Systemd Unit</phrase></title>
512
513	<para>
514	To start the DNS server at boot, install the
515	<phrase revision="sysv"><filename>/etc/rc.d/init.d/bind</filename> init
516	script</phrase>
517	<phrase revision="systemd"><filename>named.service</filename>
518	unit</phrase> included in the
519	<xref linkend="bootscripts" revision="sysv"/>
520	<xref linkend="systemd-units" revision="systemd"/> package:
521	</para>
522
523	<indexterm zone="bind bind-init">
524	<primary sortas="f-bind">bind</primary>
525	</indexterm>
526
527	<screen role="root" revision="sysv"><userinput>make install-bind</userinput></screen>
528	<screen role="root" revision="systemd"><userinput>make install-named</userinput></screen>
529
530	<para>
531	Now start <application>BIND</application> with the following command:
532	</para>
533
534	<screen role="root" revision="sysv"><userinput>/etc/rc.d/init.d/bind start</userinput></screen>
535	<screen role="root" revision="systemd"><userinput>systemctl start named</userinput></screen>
536
537	</sect3>
538
539	<sect3>
540	<title>Testing BIND</title>
541
542	<para>
543	Test out the new <application>BIND</application> 9 installation.
544	First query the local host address with <command>dig</command>:
545	</para>
546
547	<screen><userinput>dig -x 127.0.0.1</userinput></screen>
548
549	<para>
550	Now try an external name lookup, taking note of the speed
551	difference in repeated lookups due to the caching. Run the
552	<command>dig</command> command twice on the same address:
553	</para>
554
555	<screen><userinput>dig www.&lfs-domainname; &&
556	dig www.&lfs-domainname;</userinput></screen>
557
558	<para>
559	You can see almost instantaneous results with the named caching
560	lookups. Consult the <application>BIND</application> Administrator
561	Reference Manual (see below) for further configuration options.
562	</para>
563
564	</sect3>
565
566	</sect2>
567
568	<sect2>
569	<title>Administrator Reference Manual (ARM)</title>
570
571	<para>
572	The ARM documentation (do not confuse with the processor architecture)
573	is included in the source package. The documentation is in .rst
574	format which means, it can be converted in human readable formats
575	if <xref linkend="sphinx"/> is installed.
576	</para>
577
578	<para>
579	When <application>BIND</application> is set up, especially when
580	to operate in a real live scenario, it is <emphasis>highly</emphasis>
581	recommended to consult the ARM documentation. ISC provides an
582	updated set of excellent documentation along with every release
583	so it can be easily viewed and/or downloaded – so there is
584	no excuse to not read the docs. The formats ISC provides are PDF,
585	epub and html at <ulink url="https://downloads.isc.org/isc/bind9/&bind-version;/doc/arm/"/>.
586	</para>
587	</sect2>
588
589	<sect2 role="content">
590	<title>Contents</title>
591
592	<segmentedlist>
593	<segtitle>Installed Programs</segtitle>
594	<segtitle>Installed Libraries</segtitle>
595	<segtitle>Installed Directories</segtitle>
596
597	<seglistitem>
598
599	<seg>arpaname, <!--bind9-config hardlinked to isc-config.sh,-->
600	ddns-confgen, delv, dig, dnssec-cds, <!-- dnssec-checkds, dnssec-coverage,-->
601	dnssec-dsfromkey, dnssec-importkey, dnssec-keyfromlabel, dnssec-keygen,
602	<!--dnssec-keymgr,--> dnssec-revoke, dnssec-settime, dnssec-signzone,
603	dnssec-verify, host, mdig, named, named-checkconf,
604	named-checkzone, named-compilezone, named-journalprint,
605	named-nzd2nzf, named-rrchecker, nsec3hash, nslookup, nsupdate, rndc,
606	rndc-confgen, and tsig-keygen (symlink)</seg>
607
608	<seg>libbind9.so, libdns.so, libirs.so, libisc.so, libisccc.so,
609	libisccfg.so, and libns.so</seg>
610
611	<seg>/usr/include/{bind9,dns,dst,irs,isc,isccc,isccfg,ns},
612	/usr/lib/bind, <!--/usr/lib/python&python3-majorver;/site-packages/isc,-->
613	and /srv/named</seg>
614	</seglistitem>
615	</segmentedlist>
616
617	<variablelist>
618	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
619	<?dbfo list-presentation="list"?>
620	<?dbhtml list-presentation="table"?>
621
622	<varlistentry id="arpaname">
623	<term><command>arpaname</command></term>
624	<listitem>
625	<para>
626	translates IP addresses to the corresponding ARPA names
627	</para>
628	<indexterm zone="bind arpaname">
629	<primary sortas="b-arpaname">arpaname</primary>
630	</indexterm>
631	</listitem>
632	</varlistentry>
633
634	<!-- Not present as of 9.16.5
635	<varlistentry id="bind9-config">
636	<term><command>bind9-config</command></term>
637	<listitem>
638	<para>
639	is hardlinked to <command>isc-config.sh</command>.
640	</para>
641	<indexterm zone="bind bind9-config">
642	<primary sortas="b-bind9-config">bind9-config</primary>
643	</indexterm>
644	</listitem>
645	</varlistentry>
646	-->
647
648	<varlistentry id="ddns-confgen">
649	<term><command>ddns-confgen</command></term>
650	<listitem>
651	<para>
652	generates a key for use by nsupdate and named
653	</para>
654	<indexterm zone="bind ddns-confgen">
655	<primary sortas="b-ddns-confgen">ddns-confgen</primary>
656	</indexterm>
657	</listitem>
658	</varlistentry>
659
660	<varlistentry id="delv">
661	<term><command>delv</command></term>
662	<listitem>
663	<para>
664	is a new debugging tool that is a successor to
665	<command>dig</command>
666	</para>
667	<indexterm zone="bind delv">
668	<primary sortas="b-delv">delv</primary>
669	</indexterm>
670	</listitem>
671	</varlistentry>
672
673	<varlistentry id="dig">
674	<term><command>dig</command></term>
675	<listitem>
676	<para>
677	interrogates DNS servers
678	</para>
679	<indexterm zone="bind dig">
680	<primary sortas="b-dig">dig</primary>
681	</indexterm>
682	</listitem>
683	</varlistentry>
684
685	<varlistentry id="dnssec-cds">
686	<term><command>dnssec-cds</command></term>
687	<listitem>
688	<para>
689	changes DS records for a child zone based on
690	CDS/CDNSKEY
691	</para>
692	<indexterm zone="bind dnssec-cds">
693	<primary sortas="b-dnssec-cds">dnssec-cds</primary>
694	</indexterm>
695	</listitem>
696	</varlistentry>
697
698	<!-- Removed in 9.18.x
699	<varlistentry id="dnssec-checkds">
700	<term><command>dnssec-checkds</command></term>
701	<listitem>
702	<para>
703	is a DNSSEC delegation consistency checking tool
704	</para>
705	<indexterm zone="bind dnssec-checkds">
706	<primary sortas="b-dnssec-checkds">dnssec-checkds</primary>
707	</indexterm>
708	</listitem>
709	</varlistentry>
710
711	<varlistentry id="dnssec-coverage">
712	<term><command>dnssec-coverage</command></term>
713	<listitem>
714	<para>
715	verifies that the DNSSEC keys for a given zone or a set of zones
716	have timing metadata set properly to ensure no future lapses
717	in DNSSEC coverage
718	</para>
719	<indexterm zone="bind dnssec-coverage">
720	<primary sortas="b-dnssec-coverage">dnssec-coverage</primary>
721	</indexterm>
722	</listitem>
723	</varlistentry>
724	-->
725	<varlistentry id="dnssec-dsfromkey">
726	<term><command>dnssec-dsfromkey</command></term>
727	<listitem>
728	<para>
729	outputs the Delegation Signer (DS) resource record (RR)
730	</para>
731	<indexterm zone="bind dnssec-dsfromkey">
732	<primary sortas="b-dnssec-dsfromkey">dnssec-dsfromkey</primary>
733	</indexterm>
734	</listitem>
735	</varlistentry>
736
737	<varlistentry id="dnssec-importkey">
738	<term><command>dnssec-importkey</command></term>
739	<listitem>
740	<para>
741	reads a public DNSKEY record and generates a pair of
742	.key/.private files
743	</para>
744	<indexterm zone="bind dnssec-importkey">
745	<primary sortas="b-dnssec-importkey">dnssec-importkey</primary>
746	</indexterm>
747	</listitem>
748	</varlistentry>
749
750	<varlistentry id="dnssec-keyfromlabel">
751	<term><command>dnssec-keyfromlabel</command></term>
752	<listitem>
753	<para>
754	gets keys with the given label from a cryptography hardware device
755	and builds key files for DNSSEC
756	</para>
757	<indexterm zone="bind dnssec-keyfromlabel">
758	<primary sortas="b-dnssec-keyfromlabel">dnssec-keyfromlabel</primary>
759	</indexterm>
760	</listitem>
761	</varlistentry>
762
763	<!-- Removed in 9.18.x
764	<varlistentry id="dnssec-keygen">
765	<term><command>dnssec-keygen</command></term>
766	<listitem>
767	<para>
768	is a key generator for secure DNS
769	</para>
770	<indexterm zone="bind dnssec-keygen">
771	<primary sortas="b-dnssec-keygen">dnssec-keygen</primary>
772	</indexterm>
773	</listitem>
774	</varlistentry>
775	-->
776
777	<varlistentry id="dnssec-keymgr">
778	<term><command>dnssec-keymgr</command></term>
779	<listitem>
780	<para>
781	ensures correct DNSKEY coverage based on a defined policy
782	</para>
783	<indexterm zone="bind dnssec-keymgr">
784	<primary sortas="b-dnssec-keymgr">dnssec-keymgr</primary>
785	</indexterm>
786	</listitem>
787	</varlistentry>
788
789	<varlistentry id="dnssec-revoke">
790	<term><command>dnssec-revoke</command></term>
791	<listitem>
792	<para>
793	sets the REVOKED bit on a DNSSEC key
794	</para>
795	<indexterm zone="bind dnssec-revoke">
796	<primary sortas="b-dnssec-revoke">dnssec-revoke</primary>
797	</indexterm>
798	</listitem>
799	</varlistentry>
800
801	<varlistentry id="dnssec-settime">
802	<term><command>dnssec-settime</command></term>
803	<listitem>
804	<para>
805	sets the key timing metadata for a DNSSEC key
806	</para>
807	<indexterm zone="bind dnssec-settime">
808	<primary sortas="b-dnssec-settime">dnssec-settime</primary>
809	</indexterm>
810	</listitem>
811	</varlistentry>
812
813	<varlistentry id="dnssec-signzone">
814	<term><command>dnssec-signzone</command></term>
815	<listitem>
816	<para>
817	generates signed versions of zone files
818	</para>
819	<indexterm zone="bind dnssec-signzone">
820	<primary sortas="b-dnssec-signzone">dnssec-signzone</primary>
821	</indexterm>
822	</listitem>
823	</varlistentry>
824
825	<varlistentry id="dnssec-verify">
826	<term><command>dnssec-verify</command></term>
827	<listitem>
828	<para>
829	verifies that a zone is fully signed for each algorithm found
830	in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
831	chains are complete
832	</para>
833	<indexterm zone="bind dnssec-verify">
834	<primary sortas="b-dnssec-verify">dnssec-verify</primary>
835	</indexterm>
836	</listitem>
837	</varlistentry>
838
839	<!-- No longer present with 9.16.5
840	<varlistentry id="genrandom">
841	<term><command>genrandom</command></term>
842	<listitem>
843	<para>
844	generates a file containing random data.
845	</para>
846	<indexterm zone="bind genrandom">
847	<primary sortas="b-genrandom">genrandom</primary>
848	</indexterm>
849	</listitem>
850	</varlistentry>
851	-->
852
853	<varlistentry id="host">
854	<term><command>host</command></term>
855	<listitem>
856	<para>
857	is a utility for DNS lookups
858	</para>
859	<indexterm zone="bind host">
860	<primary sortas="b-host">host</primary>
861	</indexterm>
862	</listitem>
863	</varlistentry>
864
865	<!-- No longer present with 9.16.5
866	<varlistentry id="isc-config.sh">
867	<term><command>isc-config.sh</command></term>
868	<listitem>
869	<para>
870	prints information related to the installed version of ISC BIND.
871	</para>
872	<indexterm zone="bind isc-config.sh">
873	<primary sortas="b-isc-config.sh">isc-config.sh</primary>
874	</indexterm>
875	</listitem>
876	</varlistentry>
877
878	<varlistentry id="isc-hmac-fixup">
879	<term><command>isc-hmac-fixup</command></term>
880	<listitem>
881	<para>
882	fixes HMAC keys generated by older versions of BIND.
883	</para>
884	<indexterm zone="bind isc-hmac-fixup">
885	<primary sortas="b-isc-hmac-fixup">isc-hmac-fixup</primary>
886	</indexterm>
887	</listitem>
888	</varlistentry>
889
890	<varlistentry id="lwresd">
891	<term><command>lwresd</command></term>
892	<listitem>
893	<para>
894	is a caching-only name server for local process use.
895	</para>
896	<indexterm zone="bind lwresd">
897	<primary sortas="b-lwresd">lwresd</primary>
898	</indexterm>
899	</listitem>
900	</varlistentry>
901	-->
902
903	<varlistentry id="mdig">
904	<term><command>mdig</command></term>
905	<listitem>
906	<para>
907	is a version of dig that allows multiple queries at once
908	</para>
909	<indexterm zone="bind mdig">
910	<primary sortas="b-mdig">mdig</primary>
911	</indexterm>
912	</listitem>
913	</varlistentry>
914
915	<varlistentry id="named">
916	<term><command>named</command></term>
917	<listitem>
918	<para>
919	is the name server daemon
920	</para>
921	<indexterm zone="bind named">
922	<primary sortas="b-named">named</primary>
923	</indexterm>
924	</listitem>
925	</varlistentry>
926
927	<varlistentry id="named-checkconf">
928	<term><command>named-checkconf</command></term>
929	<listitem>
930	<para>
931	checks the syntax of <filename>named.conf</filename>
932	files
933	</para>
934	<indexterm zone="bind named-checkconf">
935	<primary sortas="b-named-checkconf">named-checkconf</primary>
936	</indexterm>
937	</listitem>
938	</varlistentry>
939
940	<varlistentry id="named-checkzone">
941	<term><command>named-checkzone</command></term>
942	<listitem>
943	<para>
944	checks zone file validity
945	</para>
946	<indexterm zone="bind named-checkzone">
947	<primary sortas="b-named-checkzone">named-checkzone</primary>
948	</indexterm>
949	</listitem>
950	</varlistentry>
951
952	<varlistentry id="named-compilezone">
953	<term><command>named-compilezone</command></term>
954	<listitem>
955	<para>
956	is similar to <command>named-checkzone</command>, but it always
957	dumps the zone contents to a specified file in a specified format
958	</para>
959	<indexterm zone="bind named-compilezone">
960	<primary sortas="b-named-compilezone">named-compilezone</primary>
961	</indexterm>
962	</listitem>
963	</varlistentry>
964
965	<varlistentry id="named-journalprint">
966	<term><command>named-journalprint</command></term>
967	<listitem>
968	<para>
969	prints the zone journal in human-readable form
970	</para>
971	<indexterm zone="bind named-journalprint">
972	<primary sortas="b-named-journalprint">named-journalprint</primary>
973	</indexterm>
974	</listitem>
975	</varlistentry>
976
977	<varlistentry id="named-rrchecker">
978	<term><command>named-rrchecker</command></term>
979	<listitem>
980	<para>
981	reads an individual DNS resource record from standard input and
982	checks if it is syntactically correct
983	</para>
984	<indexterm zone="bind named-rrchecker">
985	<primary sortas="b-named-rrchecker">named-rrchecker</primary>
986	</indexterm>
987	</listitem>
988	</varlistentry>
989
990	<varlistentry id="named-nzd2nzf">
991	<term><command>named-nzd2nzf</command></term>
992	<listitem>
993	<para>
994	converts an NZD database to NZF text format
995	</para>
996	<indexterm zone="bind named-nzd2nzf">
997	<primary sortas="b-named-nzd2nzf">named-nzd2nzf</primary>
998	</indexterm>
999	</listitem>
1000	</varlistentry>
1001
1002	<varlistentry id="nsec3hash">
1003	<term><command>nsec3hash</command></term>
1004	<listitem>
1005	<para>
1006	generates an NSEC3 hash based on a set of NSEC3 parameters
1007	</para>
1008	<indexterm zone="bind nsec3hash">
1009	<primary sortas="b-nsec3hash">nsec3hash</primary>
1010	</indexterm>
1011	</listitem>
1012	</varlistentry>
1013
1014	<varlistentry id="nslookup">
1015	<term><command>nslookup</command></term>
1016	<listitem>
1017	<para>
1018	is a program used to query Internet domain nameservers
1019	</para>
1020	<indexterm zone="bind nslookup">
1021	<primary sortas="b-nslookup">nslookup</primary>
1022	</indexterm>
1023	</listitem>
1024	</varlistentry>
1025
1026	<varlistentry id="nsupdate">
1027	<term><command>nsupdate</command></term>
1028	<listitem>
1029	<para>
1030	is used to submit DNS update requests
1031	</para>
1032	<indexterm zone="bind nsupdate">
1033	<primary sortas="b-nsupdate">nsupdate</primary>
1034	</indexterm>
1035	</listitem>
1036	</varlistentry>
1037
1038	<varlistentry id="rndc">
1039	<term><command>rndc</command></term>
1040	<listitem>
1041	<para>
1042	controls the operation of <application>BIND</application>
1043	</para>
1044	<indexterm zone="bind rndc">
1045	<primary sortas="b-rndc">rndc</primary>
1046	</indexterm>
1047	</listitem>
1048	</varlistentry>
1049
1050	<varlistentry id="rndc-confgen">
1051	<term><command>rndc-confgen</command></term>
1052	<listitem>
1053	<para>
1054	generates <filename>rndc.conf</filename> files
1055	</para>
1056	<indexterm zone="bind rndc-confgen">
1057	<primary sortas="b-rndc-confgen">rndc-confgen</primary>
1058	</indexterm>
1059	</listitem>
1060	</varlistentry>
1061
1062	<varlistentry id="tsig-keygen">
1063	<term><command>tsig-keygen</command></term>
1064	<listitem>
1065	<para>
1066	is a symlink to <command>ddns-confgen</command>
1067	</para>
1068	<indexterm zone="bind tsig-keygen">
1069	<primary sortas="b-tsig-keygen">tsig-keygen</primary>
1070	</indexterm>
1071	</listitem>
1072	</varlistentry>
1073
1074	</variablelist>
1075
1076	</sect2>
1077
1078	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: server/major/bind.xml@ 6d90301

Download in other formats: