Context Navigation

source: server/major/bind.xml@ 76f2fb4

Visit:

12.0 12.1 12.2 gimp3 kea ken/TL2024 ken/tuningfonts lazarus lxqt plabs/newcss python3.11 rahul/power-profiles-daemon renodr/vulkan-addition trunk xry111/for-12.3 xry111/llvm18 xry111/spidermonkey128 xry111/xf86-video-removal

Last change on this file since 76f2fb4 was 359633c, checked in by Douglas R. Reno <renodr@…>, 15 months ago
Update to bind (and bind-utils) 9.18.16
Property mode set to `100644`
File size: 36.0 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY bind-download-http "https://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.xz">
8	<!ENTITY bind-download-ftp "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.xz">
9	<!ENTITY bind-md5sum "&bind-md5;">
10	<!ENTITY bind-size "5.2 MB">
11	<!ENTITY bind-buildsize "145 MB (26 MB installed)">
12	<!ENTITY bind-time "0.7 SBU (with parallelism=4; about 40 minutes somewhat processor independent, to run the complete test suite)">
13	]>
14
15	<sect1 id="bind" xreflabel="BIND-&bind-version;">
16	<?dbhtml filename="bind.html"?>
17
18
19	<title>BIND-&bind-version;</title>
20
21	<indexterm zone="bind">
22	<primary sortas="a-BIND">BIND</primary>
23	</indexterm>
24
25	<sect2 role="package">
26	<title>Introduction to BIND</title>
27
28	<para>
29	The <application>BIND</application> package provides a DNS server
30	and client utilities. If you are only interested in the utilities, refer
31	to the <xref linkend="bind-utils"/>.
32	</para>
33
34	&lfs113_checked;
35
36	<bridgehead renderas="sect3">Package Information</bridgehead>
37	<itemizedlist spacing="compact">
38	<listitem>
39	<para>
40	Download (HTTP): <ulink url="&bind-download-http;"/>
41	</para>
42	</listitem>
43	<listitem>
44	<para>
45	Download (FTP): <ulink url="&bind-download-ftp;"/>
46	</para>
47	</listitem>
48	<listitem>
49	<para>
50	Download MD5 sum: &bind-md5sum;
51	</para>
52	</listitem>
53	<listitem>
54	<para>
55	Download size: &bind-size;
56	</para>
57	</listitem>
58	<listitem>
59	<para>
60	Estimated disk space required: &bind-buildsize;
61	</para>
62	</listitem>
63	<listitem>
64	<para>
65	Estimated build time: &bind-time;
66	</para>
67	</listitem>
68	</itemizedlist>
69	<!--
70	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
71	<itemizedlist spacing="compact">
72	<listitem>
73	<para>
74	Required patch:
75	<ulink url="&patch-root;/bind-&bind-version;-upstream_fixes-1.patch"/>
76	</para>
77	</listitem>
78	</itemizedlist>
79	-->
80	<bridgehead renderas="sect3">BIND Dependencies</bridgehead>
81
82	<bridgehead renderas="sect4">Required</bridgehead>
83	<para role="required">
84	<xref linkend="libuv"/>
85	</para>
86
87	<bridgehead renderas="sect4">Recommended</bridgehead>
88	<para role="recommended">
89	<xref linkend="json-c"/> and
90	<xref linkend="libcap-pam"/>
91	</para>
92
93	<bridgehead renderas="sect4">Optional</bridgehead>
94	<para role="optional">
95	<xref linkend="curl"/>,
96	<xref linkend="libidn2"/>,
97	<xref linkend="libxml2"/>,
98	<xref linkend="lmdb"/>,
99	<xref linkend="mitkrb"/>,
100	<xref linkend="pytest"/>,
101	<xref linkend="sphinx"/> (required to build documentation),
102	<ulink url="https://cmocka.org/">cmocka</ulink>,
103	<ulink url="https://github.com/cjheath/geoip">geoip</ulink>,
104	<ulink url="https://github.com/jemalloc/jemalloc">jemalloc</ulink>,
105	<ulink url="&w3m-url;">w3m</ulink>
106	</para>
107
108	<bridgehead renderas="sect4">Optional database backends</bridgehead>
109	<para role="optional">
110	<xref linkend="db"/>,
111	<xref linkend="mariadb"/> or <ulink url="https://www.mysql.com/">MySQL</ulink>,
112	<xref linkend="openldap"/>,
113	<xref linkend="postgresql"/>, and
114	<xref linkend="unixodbc"/>
115	</para>
116
117	<bridgehead renderas="sect4">Optional (to run the test suite)</bridgehead>
118	<para role="optional">
119	<xref linkend="perl-net-dns"/>
120	</para>
121
122	<!-- docs are now all sphinx based
123	<bridgehead renderas="sect4">Optional (to rebuild the documentation)</bridgehead>
124	<para role="optional">
125	<xref linkend="doxygen"/>,
126	<xref linkend="libxslt"/>, and
127	<xref linkend="texlive"/> (or <xref linkend="tl-installer"/>)
128	</para>
129	-->
130
131	<para condition="html" role="usernotes">User Notes:
132	<ulink url="&blfs-wiki;/bind"/></para>
133
134	</sect2>
135
136	<sect2 role="installation">
137	<title>Installation of BIND</title>
138
139	<!--
140	<para>
141	To ensure <application>BIND</application> will build dnssec-keymgr,
142	install a python module as the <systemitem
143	class="username">root</systemitem> user:
144	</para>
145
146	<screen role="root"><userinput>pip3 install ply</userinput></screen>
147	-->
148
149	<para>
150	Install <application>BIND</application> by running the
151	following commands:
152	</para>
153
154	<screen><userinput>./configure --prefix=/usr \
155	--sysconfdir=/etc \
156	--localstatedir=/var \
157	--mandir=/usr/share/man \
158	--disable-static &&
159	make</userinput></screen>
160
161	<para>
162	Issue the following commands to run the complete suite of tests.
163	First, as the <systemitem class="username">root</systemitem> user, set up
164	some test interfaces:
165	</para>
166
167	<note>
168	<para>
169	If IPv6 is not enabled in the kernel, there will be several
170	error messages: "RTNETLINK answers: Operation not permitted". These
171	messages do not affect the tests.
172	</para>
173	</note>
174
175	<screen role="root"
176	remap="test"><userinput>bin/tests/system/ifconfig.sh up</userinput></screen>
177
178	<para>
179	The test suite may indicate some skipped tests depending on
180	what configuration options are used. Some tests are marked
181	<quote>UNTESTED</quote> or do even fail if <xref linkend="perl-net-dns"/>
182	is not installed. <!--One test, <quote>CPU</quote>, is known to fail.-->
183	To run the tests, as an unprivileged user, execute:
184	</para>
185
186	<screen remap="test"><userinput>make -k check</userinput></screen>
187
188	<para>
189	Again as <systemitem class="username">root</systemitem>, clean up the
190	test interfaces:
191	</para>
192
193	<screen role="root"
194	remap="test"><userinput>bin/tests/system/ifconfig.sh down</userinput></screen>
195
196	<para>
197	Finally, install the package as the <systemitem
198	class="username">root</systemitem> user:
199	</para>
200
201	<!-- Documentation is an issue - The docs are now all in .rst format and appear
202	to be sphinx based. install source .rst files for now...
203
204	leave docs untouched as they does only use disk space when not
205	used to recreate the docs via Sphinx. I've added a note regarding
206	the documentation. (thomas)
207
208	<screen role="root"><userinput>make install &&
209
210	install -vdm 755 /usr/share/doc/bind-&bind-version;/{arm,dnssec-guide} &&
211	install doc/arm/* /usr/share/doc/bind-&bind-version;/arm &&
212	install doc/dnssec-guide/* /usr/share/doc/bind-&bind-version;/dnssec-guide</userinput></screen>
213	-->
214	<screen role="root"><userinput>make install</userinput></screen>
215
216	</sect2>
217
218	<sect2 role="commands">
219	<title>Command Explanations</title>
220
221	<para>
222	<parameter>--sysconfdir=/etc</parameter>: This parameter forces
223	<application>BIND</application> to look for configuration
224	files in <filename class='directory'>/etc</filename> instead of
225	<filename class='directory'>/usr/etc</filename>.
226	</para>
227
228	<!-- Seems to be removed in 9.18.0
229	<para>
230	<parameter>- -with-libtool</parameter>: This parameter forces the
231	building of dynamic libraries and links the installed binaries to these
232	libraries.
233	</para>
234	-->
235
236	<para>
237	<option>--with-libidn2</option>: This parameter enables
238	the IDNA2008 (Internationalized Domain Names in Applications)
239	support.
240	</para>
241
242	<para>
243	<option>--enable-fetchlimit</option>: Use this option if you want
244	to be able to limit the rate of recursive client queries. This may be
245	useful on servers which receive a large number of queries.
246	</para>
247
248	<para>
249	<option>--disable-linux-caps</option>: BIND can also be built without
250	capability support by using this option, at the cost of some loss of
251	security.
252	</para>
253
254	<para>
255	<option>--with-dlz-{mysql,bdb,filesystem,ldap,odbc,stub}</option>: Use
256	one (or more) of those options to add Dynamically Loadable Zones support.
257	For more information refer to <ulink
258	url="https://bind-dlz.sourceforge.net/">bind-dlz.sourceforge.net</ulink>.
259	</para>
260
261	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
262	href="../../xincludes/static-libraries.xml"/>
263
264	</sect2>
265
266	<sect2 role="configuration">
267	<title>Configuring BIND</title>
268
269	<sect3 id="bind-config">
270	<title>Config files</title>
271
272	<para>
273	<filename>named.conf</filename>,
274	<filename>root.hints</filename>,
275	<filename>127.0.0</filename>,
276	<filename>rndc.conf</filename>, and
277	<filename>resolv.conf</filename>
278	</para>
279
280	<indexterm zone="bind bind-config">
281	<primary sortas="e-etc-named.conf">/etc/named.conf</primary>
282	</indexterm>
283
284	<indexterm zone="bind bind-config">
285	<primary sortas="e-etc-rndc.conf">/etc/rndc.conf</primary>
286	</indexterm>
287
288	<indexterm zone="bind bind-config">
289	<primary sortas="e-etc-resolv.conf">/etc/resolv.conf</primary>
290	</indexterm>
291
292	<indexterm zone="bind bind-config">
293	<primary
294	sortas="e-etc-namedb-root.hints">/etc/namedb/root.hints</primary>
295	</indexterm>
296
297	<indexterm zone="bind bind-config">
298	<primary
299	sortas="e-etc-namedb-pz-127.0.0.0">/etc/namedb/pz/127.0.0.0</primary>
300	</indexterm>
301	</sect3>
302
303	<sect3>
304	<title>Configuration Information</title>
305
306	<para>
307	<application>BIND</application> will be configured to run in a
308	<command>chroot</command> jail as an unprivileged user (<systemitem
309	class="username">named</systemitem>). This configuration is more secure
310	in that a DNS compromise can only affect a few files in the <systemitem
311	class="username">named</systemitem> user's <envar>HOME</envar>
312	directory.
313	</para>
314
315	<para>
316	Create the unprivileged user and group <systemitem
317	class="username">named</systemitem>:
318	</para>
319
320	<screen role="root"><userinput>groupadd -g 20 named &&
321	useradd -c "BIND Owner" -g named -s /bin/false -u 20 named &&
322	install -d -m770 -o named -g named /srv/named</userinput></screen>
323
324	<para>
325	Set up some files, directories and devices needed by
326	<application>BIND</application>:
327	</para>
328
329	<screen role="root"><userinput>mkdir -p /srv/named &&
330	cd /srv/named &&
331	mkdir -p dev etc/named/{slave,pz} usr/lib/engines var/run/named &&
332	mknod /srv/named/dev/null c 1 3 &&
333	mknod /srv/named/dev/urandom c 1 9 &&
334	chmod 666 /srv/named/dev/{null,urandom} &&
335	cp /etc/localtime etc</userinput></screen>
336
337	<para>
338	The <filename>rndc.conf</filename> file contains information for
339	controlling <command>named</command> operations with the
340	<command>rndc</command> utility. Generate a key for use in the
341	<filename>named.conf</filename> and <filename>rndc.conf</filename>
342	with the <command>rndc-confgen</command> command:
343	</para>
344
345	<screen role="root"><userinput>rndc-confgen -a -b 512 -t /srv/named</userinput></screen>
346
347	<para>
348	Complete the <filename>named.conf</filename> file from which
349	<command>named</command> will read the location of zone files, root
350	name servers and secure DNS keys:
351	</para>
352
353	<screen role="root"><?dbfo keep-together="auto"?><userinput>cat >> /srv/named/etc/named.conf << "EOF"
354	<literal>options {
355	directory "/etc/named";
356	pid-file "/var/run/named.pid";
357	statistics-file "/var/run/named.stats";
358
359	};
360	zone "." {
361	type hint;
362	file "root.hints";
363	};
364	zone "0.0.127.in-addr.arpa" {
365	type master;
366	file "pz/127.0.0";
367	};
368
369	// Bind 9 now logs by default through syslog (except debug).
370	// These are the default logging rules.
371
372	logging {
373	category default { default_syslog; default_debug; };
374	category unmatched { null; };
375
376	channel default_syslog {
377	syslog daemon; // send to syslog's daemon
378	// facility
379	severity info; // only send priority info
380	// and higher
381	};
382
383	channel default_debug {
384	file "named.run"; // write to named.run in
385	// the working directory
386	// Note: stderr is used instead
387	// of "named.run"
388	// if the server is started
389	// with the '-f' option.
390	severity dynamic; // log at the server's
391	// current debug level
392	};
393
394	channel default_stderr {
395	stderr; // writes to stderr
396	severity info; // only send priority info
397	// and higher
398	};
399
400	channel null {
401	null; // toss anything sent to
402	// this channel
403	};
404	};</literal>
405	EOF</userinput></screen>
406
407	<para>
408	Create a zone file with the following contents:
409	</para>
410
411	<screen role="root"><userinput>cat > /srv/named/etc/named/pz/127.0.0 << "EOF"
412	<literal>$TTL 3D
413	@ IN SOA ns.local.domain. hostmaster.local.domain. (
414	1 ; Serial
415	8H ; Refresh
416	2H ; Retry
417	4W ; Expire
418	1D) ; Minimum TTL
419	NS ns.local.domain.
420	1 PTR localhost.</literal>
421	EOF</userinput></screen>
422
423	<para>
424	Create the <filename>root.hints</filename> file with the following
425	commands:
426	</para>
427
428	<note>
429	<para>
430	Caution must be used to ensure there are no leading spaces in
431	this file.
432	</para>
433	</note>
434
435	<screen role="root"><userinput>cat > /srv/named/etc/named/root.hints << "EOF"
436	<literal>. 6D IN NS A.ROOT-SERVERS.NET.
437	. 6D IN NS B.ROOT-SERVERS.NET.
438	. 6D IN NS C.ROOT-SERVERS.NET.
439	. 6D IN NS D.ROOT-SERVERS.NET.
440	. 6D IN NS E.ROOT-SERVERS.NET.
441	. 6D IN NS F.ROOT-SERVERS.NET.
442	. 6D IN NS G.ROOT-SERVERS.NET.
443	. 6D IN NS H.ROOT-SERVERS.NET.
444	. 6D IN NS I.ROOT-SERVERS.NET.
445	. 6D IN NS J.ROOT-SERVERS.NET.
446	. 6D IN NS K.ROOT-SERVERS.NET.
447	. 6D IN NS L.ROOT-SERVERS.NET.
448	. 6D IN NS M.ROOT-SERVERS.NET.
449	A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
450	A.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:ba3e::2:30
451	B.ROOT-SERVERS.NET. 6D IN A 199.9.14.201
452	B.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:200::b
453	C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
454	C.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2::c
455	D.ROOT-SERVERS.NET. 6D IN A 199.7.91.13
456	D.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2d::d
457	E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
458	E.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:a8::e
459	F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
460	F.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2f::f
461	G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
462	G.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:12::d0d
463	H.ROOT-SERVERS.NET. 6D IN A 198.97.190.53
464	H.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:1::53
465	I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
466	I.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fe::53
467	J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30
468	J.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:c27::2:30
469	K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129
470	K.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fd::1
471	L.ROOT-SERVERS.NET. 6D IN A 199.7.83.42
472	L.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:9f::42
473	M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33
474	M.ROOT-SERVERS.NET. 6D IN AAAA 2001:dc3::35</literal>
475	EOF</userinput></screen>
476
477	<para>
478	The <filename>root.hints</filename> file is a list of root name
479	servers. This file must be updated periodically with the
480	<command>dig</command> utility. A current copy of root.hints can be
481	obtained from <ulink url="https://www.internic.net/domain/named.root"/>.
482	For details, consult the "BIND 9 Administrator Reference Manual".
483	</para>
484
485	<para>
486	Create or modify <filename>resolv.conf</filename> to use the new
487	name server with the following commands:
488	</para>
489
490	<note>
491	<para>
492	Replace <replaceable><yourdomain.com></replaceable> with
493	your own valid domain name.
494	</para>
495	</note>
496
497	<screen role="root"><userinput>cp /etc/resolv.conf /etc/resolv.conf.bak &&
498	cat > /etc/resolv.conf << "EOF"
499	<literal>search <replaceable><yourdomain.com></replaceable>
500	nameserver 127.0.0.1</literal>
501	EOF</userinput></screen>
502
503	<para>
504	Set permissions on the <command>chroot</command> jail with the
505	following command:
506	</para>
507
508	<screen role="root"><userinput>chown -R named:named /srv/named</userinput></screen>
509
510	</sect3>
511
512	<sect3 id="bind-init">
513	<title><phrase revision="sysv">Boot Script</phrase>
514	<phrase revision="systemd">Systemd Unit</phrase></title>
515
516	<para>
517	To start the DNS server at boot, install the
518	<phrase revision="sysv"><filename>/etc/rc.d/init.d/bind</filename> init
519	script</phrase>
520	<phrase revision="systemd"><filename>named.service</filename>
521	unit</phrase> included in the
522	<xref linkend="bootscripts" revision="sysv"/>
523	<xref linkend="systemd-units" revision="systemd"/> package:
524	</para>
525
526	<indexterm zone="bind bind-init">
527	<primary sortas="f-bind">bind</primary>
528	</indexterm>
529
530	<screen role="root" revision="sysv"><userinput>make install-bind</userinput></screen>
531	<screen role="root" revision="systemd"><userinput>make install-named</userinput></screen>
532
533	<para>
534	Now start <application>BIND</application> with the following command:
535	</para>
536
537	<screen role="root" revision="sysv"><userinput>/etc/rc.d/init.d/bind start</userinput></screen>
538	<screen role="root" revision="systemd"><userinput>systemctl start named</userinput></screen>
539
540	</sect3>
541
542	<sect3>
543	<title>Testing BIND</title>
544
545	<para>
546	Test out the new <application>BIND</application> 9 installation.
547	First query the local host address with <command>dig</command>:
548	</para>
549
550	<screen><userinput>dig -x 127.0.0.1</userinput></screen>
551
552	<para>
553	Now try an external name lookup, taking note of the speed
554	difference in repeated lookups due to the caching. Run the
555	<command>dig</command> command twice on the same address:
556	</para>
557
558	<screen><userinput>dig www.&lfs-domainname; &&
559	dig www.&lfs-domainname;</userinput></screen>
560
561	<para>
562	You can see almost instantaneous results with the named caching
563	lookups. Consult the <application>BIND</application> Administrator
564	Reference Manual (see below) for further configuration options.
565	</para>
566
567	</sect3>
568
569	</sect2>
570
571	<sect2>
572	<title>Administrator Reference Manual (ARM)</title>
573
574	<para>
575	The ARM documentation (do not confuse with the processor architecture)
576	is included in the source package. The documentation is in .rst
577	format which means, it can be converted in human readable formats
578	if <xref linkend="sphinx"/> is installed.
579	</para>
580
581	<para>
582	When <application>BIND</application> is set up, especially when
583	to operate in a real live scenario, it is <emphasis>highly</emphasis>
584	recommended to consult the ARM documentation. ISC provides an
585	updated set of excellent documentation along with every release
586	so it can be easily viewed and/or downloaded – so there is
587	no excuse to not read the docs. The formats ISC provides are PDF,
588	epub and html at <ulink url="https://downloads.isc.org/isc/bind9/&bind-version;/doc/arm/"/>.
589	</para>
590	</sect2>
591
592	<sect2 role="content">
593	<title>Contents</title>
594
595	<segmentedlist>
596	<segtitle>Installed Programs</segtitle>
597	<segtitle>Installed Libraries</segtitle>
598	<segtitle>Installed Directories</segtitle>
599
600	<seglistitem>
601
602	<seg>arpaname, <!--bind9-config hardlinked to isc-config.sh,-->
603	ddns-confgen, delv, dig, dnssec-cds, <!-- dnssec-checkds, dnssec-coverage,-->
604	dnssec-dsfromkey, dnssec-importkey, dnssec-keyfromlabel, dnssec-keygen,
605	<!--dnssec-keymgr,--> dnssec-revoke, dnssec-settime, dnssec-signzone,
606	dnssec-verify, host, mdig, named, named-checkconf,
607	named-checkzone, named-compilezone, named-journalprint,
608	named-nzd2nzf, named-rrchecker, nsec3hash, nslookup, nsupdate, rndc,
609	rndc-confgen, and tsig-keygen (symlink)</seg>
610
611	<seg>libbind9.so, libdns.so, libirs.so, libisc.so, libisccc.so,
612	libisccfg.so, and libns.so</seg>
613
614	<seg>/usr/include/{bind9,dns,dst,irs,isc,isccc,isccfg,ns},
615	/usr/lib/bind, <!--/usr/lib/python&python3-majorver;/site-packages/isc,-->
616	and /srv/named</seg>
617	</seglistitem>
618	</segmentedlist>
619
620	<variablelist>
621	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
622	<?dbfo list-presentation="list"?>
623	<?dbhtml list-presentation="table"?>
624
625	<varlistentry id="arpaname">
626	<term><command>arpaname</command></term>
627	<listitem>
628	<para>
629	translates IP addresses to the corresponding ARPA names
630	</para>
631	<indexterm zone="bind arpaname">
632	<primary sortas="b-arpaname">arpaname</primary>
633	</indexterm>
634	</listitem>
635	</varlistentry>
636
637	<!-- Not present as of 9.16.5
638	<varlistentry id="bind9-config">
639	<term><command>bind9-config</command></term>
640	<listitem>
641	<para>
642	is hardlinked to <command>isc-config.sh</command>.
643	</para>
644	<indexterm zone="bind bind9-config">
645	<primary sortas="b-bind9-config">bind9-config</primary>
646	</indexterm>
647	</listitem>
648	</varlistentry>
649	-->
650
651	<varlistentry id="ddns-confgen">
652	<term><command>ddns-confgen</command></term>
653	<listitem>
654	<para>
655	generates a key for use by nsupdate and named
656	</para>
657	<indexterm zone="bind ddns-confgen">
658	<primary sortas="b-ddns-confgen">ddns-confgen</primary>
659	</indexterm>
660	</listitem>
661	</varlistentry>
662
663	<varlistentry id="delv">
664	<term><command>delv</command></term>
665	<listitem>
666	<para>
667	is a new debugging tool that is a successor to
668	<command>dig</command>
669	</para>
670	<indexterm zone="bind delv">
671	<primary sortas="b-delv">delv</primary>
672	</indexterm>
673	</listitem>
674	</varlistentry>
675
676	<varlistentry id="dig">
677	<term><command>dig</command></term>
678	<listitem>
679	<para>
680	interrogates DNS servers
681	</para>
682	<indexterm zone="bind dig">
683	<primary sortas="b-dig">dig</primary>
684	</indexterm>
685	</listitem>
686	</varlistentry>
687
688	<varlistentry id="dnssec-cds">
689	<term><command>dnssec-cds</command></term>
690	<listitem>
691	<para>
692	changes DS records for a child zone based on
693	CDS/CDNSKEY
694	</para>
695	<indexterm zone="bind dnssec-cds">
696	<primary sortas="b-dnssec-cds">dnssec-cds</primary>
697	</indexterm>
698	</listitem>
699	</varlistentry>
700
701	<!-- Removed in 9.18.x
702	<varlistentry id="dnssec-checkds">
703	<term><command>dnssec-checkds</command></term>
704	<listitem>
705	<para>
706	is a DNSSEC delegation consistency checking tool
707	</para>
708	<indexterm zone="bind dnssec-checkds">
709	<primary sortas="b-dnssec-checkds">dnssec-checkds</primary>
710	</indexterm>
711	</listitem>
712	</varlistentry>
713
714	<varlistentry id="dnssec-coverage">
715	<term><command>dnssec-coverage</command></term>
716	<listitem>
717	<para>
718	verifies that the DNSSEC keys for a given zone or a set of zones
719	have timing metadata set properly to ensure no future lapses
720	in DNSSEC coverage
721	</para>
722	<indexterm zone="bind dnssec-coverage">
723	<primary sortas="b-dnssec-coverage">dnssec-coverage</primary>
724	</indexterm>
725	</listitem>
726	</varlistentry>
727	-->
728	<varlistentry id="dnssec-dsfromkey">
729	<term><command>dnssec-dsfromkey</command></term>
730	<listitem>
731	<para>
732	outputs the Delegation Signer (DS) resource record (RR)
733	</para>
734	<indexterm zone="bind dnssec-dsfromkey">
735	<primary sortas="b-dnssec-dsfromkey">dnssec-dsfromkey</primary>
736	</indexterm>
737	</listitem>
738	</varlistentry>
739
740	<varlistentry id="dnssec-importkey">
741	<term><command>dnssec-importkey</command></term>
742	<listitem>
743	<para>
744	reads a public DNSKEY record and generates a pair of
745	.key/.private files
746	</para>
747	<indexterm zone="bind dnssec-importkey">
748	<primary sortas="b-dnssec-importkey">dnssec-importkey</primary>
749	</indexterm>
750	</listitem>
751	</varlistentry>
752
753	<varlistentry id="dnssec-keyfromlabel">
754	<term><command>dnssec-keyfromlabel</command></term>
755	<listitem>
756	<para>
757	gets keys with the given label from a cryptography hardware device
758	and builds key files for DNSSEC
759	</para>
760	<indexterm zone="bind dnssec-keyfromlabel">
761	<primary sortas="b-dnssec-keyfromlabel">dnssec-keyfromlabel</primary>
762	</indexterm>
763	</listitem>
764	</varlistentry>
765
766	<!-- Removed in 9.18.x
767	<varlistentry id="dnssec-keygen">
768	<term><command>dnssec-keygen</command></term>
769	<listitem>
770	<para>
771	is a key generator for secure DNS
772	</para>
773	<indexterm zone="bind dnssec-keygen">
774	<primary sortas="b-dnssec-keygen">dnssec-keygen</primary>
775	</indexterm>
776	</listitem>
777	</varlistentry>
778	-->
779
780	<varlistentry id="dnssec-keymgr">
781	<term><command>dnssec-keymgr</command></term>
782	<listitem>
783	<para>
784	ensures correct DNSKEY coverage based on a defined policy
785	</para>
786	<indexterm zone="bind dnssec-keymgr">
787	<primary sortas="b-dnssec-keymgr">dnssec-keymgr</primary>
788	</indexterm>
789	</listitem>
790	</varlistentry>
791
792	<varlistentry id="dnssec-revoke">
793	<term><command>dnssec-revoke</command></term>
794	<listitem>
795	<para>
796	sets the REVOKED bit on a DNSSEC key
797	</para>
798	<indexterm zone="bind dnssec-revoke">
799	<primary sortas="b-dnssec-revoke">dnssec-revoke</primary>
800	</indexterm>
801	</listitem>
802	</varlistentry>
803
804	<varlistentry id="dnssec-settime">
805	<term><command>dnssec-settime</command></term>
806	<listitem>
807	<para>
808	sets the key timing metadata for a DNSSEC key
809	</para>
810	<indexterm zone="bind dnssec-settime">
811	<primary sortas="b-dnssec-settime">dnssec-settime</primary>
812	</indexterm>
813	</listitem>
814	</varlistentry>
815
816	<varlistentry id="dnssec-signzone">
817	<term><command>dnssec-signzone</command></term>
818	<listitem>
819	<para>
820	generates signed versions of zone files
821	</para>
822	<indexterm zone="bind dnssec-signzone">
823	<primary sortas="b-dnssec-signzone">dnssec-signzone</primary>
824	</indexterm>
825	</listitem>
826	</varlistentry>
827
828	<varlistentry id="dnssec-verify">
829	<term><command>dnssec-verify</command></term>
830	<listitem>
831	<para>
832	verifies that a zone is fully signed for each algorithm found
833	in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
834	chains are complete
835	</para>
836	<indexterm zone="bind dnssec-verify">
837	<primary sortas="b-dnssec-verify">dnssec-verify</primary>
838	</indexterm>
839	</listitem>
840	</varlistentry>
841
842	<!-- No longer present with 9.16.5
843	<varlistentry id="genrandom">
844	<term><command>genrandom</command></term>
845	<listitem>
846	<para>
847	generates a file containing random data.
848	</para>
849	<indexterm zone="bind genrandom">
850	<primary sortas="b-genrandom">genrandom</primary>
851	</indexterm>
852	</listitem>
853	</varlistentry>
854	-->
855
856	<varlistentry id="host">
857	<term><command>host</command></term>
858	<listitem>
859	<para>
860	is a utility for DNS lookups
861	</para>
862	<indexterm zone="bind host">
863	<primary sortas="b-host">host</primary>
864	</indexterm>
865	</listitem>
866	</varlistentry>
867
868	<!-- No longer present with 9.16.5
869	<varlistentry id="isc-config.sh">
870	<term><command>isc-config.sh</command></term>
871	<listitem>
872	<para>
873	prints information related to the installed version of ISC BIND.
874	</para>
875	<indexterm zone="bind isc-config.sh">
876	<primary sortas="b-isc-config.sh">isc-config.sh</primary>
877	</indexterm>
878	</listitem>
879	</varlistentry>
880
881	<varlistentry id="isc-hmac-fixup">
882	<term><command>isc-hmac-fixup</command></term>
883	<listitem>
884	<para>
885	fixes HMAC keys generated by older versions of BIND.
886	</para>
887	<indexterm zone="bind isc-hmac-fixup">
888	<primary sortas="b-isc-hmac-fixup">isc-hmac-fixup</primary>
889	</indexterm>
890	</listitem>
891	</varlistentry>
892
893	<varlistentry id="lwresd">
894	<term><command>lwresd</command></term>
895	<listitem>
896	<para>
897	is a caching-only name server for local process use.
898	</para>
899	<indexterm zone="bind lwresd">
900	<primary sortas="b-lwresd">lwresd</primary>
901	</indexterm>
902	</listitem>
903	</varlistentry>
904	-->
905
906	<varlistentry id="mdig">
907	<term><command>mdig</command></term>
908	<listitem>
909	<para>
910	is a version of dig that allows multiple queries at once
911	</para>
912	<indexterm zone="bind mdig">
913	<primary sortas="b-mdig">mdig</primary>
914	</indexterm>
915	</listitem>
916	</varlistentry>
917
918	<varlistentry id="named">
919	<term><command>named</command></term>
920	<listitem>
921	<para>
922	is the name server daemon
923	</para>
924	<indexterm zone="bind named">
925	<primary sortas="b-named">named</primary>
926	</indexterm>
927	</listitem>
928	</varlistentry>
929
930	<varlistentry id="named-checkconf">
931	<term><command>named-checkconf</command></term>
932	<listitem>
933	<para>
934	checks the syntax of <filename>named.conf</filename>
935	files
936	</para>
937	<indexterm zone="bind named-checkconf">
938	<primary sortas="b-named-checkconf">named-checkconf</primary>
939	</indexterm>
940	</listitem>
941	</varlistentry>
942
943	<varlistentry id="named-checkzone">
944	<term><command>named-checkzone</command></term>
945	<listitem>
946	<para>
947	checks zone file validity
948	</para>
949	<indexterm zone="bind named-checkzone">
950	<primary sortas="b-named-checkzone">named-checkzone</primary>
951	</indexterm>
952	</listitem>
953	</varlistentry>
954
955	<varlistentry id="named-compilezone">
956	<term><command>named-compilezone</command></term>
957	<listitem>
958	<para>
959	is similar to <command>named-checkzone</command>, but it always
960	dumps the zone contents to a specified file in a specified format
961	</para>
962	<indexterm zone="bind named-compilezone">
963	<primary sortas="b-named-compilezone">named-compilezone</primary>
964	</indexterm>
965	</listitem>
966	</varlistentry>
967
968	<varlistentry id="named-journalprint">
969	<term><command>named-journalprint</command></term>
970	<listitem>
971	<para>
972	prints the zone journal in human-readable form
973	</para>
974	<indexterm zone="bind named-journalprint">
975	<primary sortas="b-named-journalprint">named-journalprint</primary>
976	</indexterm>
977	</listitem>
978	</varlistentry>
979
980	<varlistentry id="named-rrchecker">
981	<term><command>named-rrchecker</command></term>
982	<listitem>
983	<para>
984	reads an individual DNS resource record from standard input and
985	checks if it is syntactically correct
986	</para>
987	<indexterm zone="bind named-rrchecker">
988	<primary sortas="b-named-rrchecker">named-rrchecker</primary>
989	</indexterm>
990	</listitem>
991	</varlistentry>
992
993	<varlistentry id="named-nzd2nzf">
994	<term><command>named-nzd2nzf</command></term>
995	<listitem>
996	<para>
997	converts an NZD database to NZF text format
998	</para>
999	<indexterm zone="bind named-nzd2nzf">
1000	<primary sortas="b-named-nzd2nzf">named-nzd2nzf</primary>
1001	</indexterm>
1002	</listitem>
1003	</varlistentry>
1004
1005	<varlistentry id="nsec3hash">
1006	<term><command>nsec3hash</command></term>
1007	<listitem>
1008	<para>
1009	generates an NSEC3 hash based on a set of NSEC3 parameters
1010	</para>
1011	<indexterm zone="bind nsec3hash">
1012	<primary sortas="b-nsec3hash">nsec3hash</primary>
1013	</indexterm>
1014	</listitem>
1015	</varlistentry>
1016
1017	<varlistentry id="nslookup">
1018	<term><command>nslookup</command></term>
1019	<listitem>
1020	<para>
1021	is a program used to query Internet domain nameservers
1022	</para>
1023	<indexterm zone="bind nslookup">
1024	<primary sortas="b-nslookup">nslookup</primary>
1025	</indexterm>
1026	</listitem>
1027	</varlistentry>
1028
1029	<varlistentry id="nsupdate">
1030	<term><command>nsupdate</command></term>
1031	<listitem>
1032	<para>
1033	is used to submit DNS update requests
1034	</para>
1035	<indexterm zone="bind nsupdate">
1036	<primary sortas="b-nsupdate">nsupdate</primary>
1037	</indexterm>
1038	</listitem>
1039	</varlistentry>
1040
1041	<varlistentry id="rndc">
1042	<term><command>rndc</command></term>
1043	<listitem>
1044	<para>
1045	controls the operation of <application>BIND</application>
1046	</para>
1047	<indexterm zone="bind rndc">
1048	<primary sortas="b-rndc">rndc</primary>
1049	</indexterm>
1050	</listitem>
1051	</varlistentry>
1052
1053	<varlistentry id="rndc-confgen">
1054	<term><command>rndc-confgen</command></term>
1055	<listitem>
1056	<para>
1057	generates <filename>rndc.conf</filename> files
1058	</para>
1059	<indexterm zone="bind rndc-confgen">
1060	<primary sortas="b-rndc-confgen">rndc-confgen</primary>
1061	</indexterm>
1062	</listitem>
1063	</varlistentry>
1064
1065	<varlistentry id="tsig-keygen">
1066	<term><command>tsig-keygen</command></term>
1067	<listitem>
1068	<para>
1069	is a symlink to <command>ddns-confgen</command>
1070	</para>
1071	<indexterm zone="bind tsig-keygen">
1072	<primary sortas="b-tsig-keygen">tsig-keygen</primary>
1073	</indexterm>
1074	</listitem>
1075	</varlistentry>
1076
1077	</variablelist>
1078
1079	</sect2>
1080
1081	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: