Context Navigation

bind.xml@ 7841f70

Visit:

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 7.10 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since 7841f70 was 7841f70, checked in by Fernando de Oliveira <fernando@…>, 8 years ago

Update to graphite2-1.3.5.
Update to HTML-Parser-3.72 (perl module).
Update to cmake-3.4.2.
Update to bind-9.10.3-P3 (bind9.10.3-P3) and BIND Utilities-9.10.3-P3.
Update to gstreamer-1.6.3, gst-plugins-base-1.6.3, gst-plugins-good-1.6.3, gst-plugins-bad-1.6.3, gst-plugins-ugly-1.6.3, and gst-libav-1.6.3.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@16825 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 30.8 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY bind-download-http " ">
8	<!ENTITY bind-download-ftp "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
9	<!ENTITY bind-md5sum "bcf7e772b616f7259420a3edc5df350a">
10	<!ENTITY bind-size "8.2 MB">
11	<!ENTITY bind-buildsize "137 MB (additional 93 MB for the test suite)">
12	<!ENTITY bind-time "1 SBU (additional 24+ minutes, processor independent, to run the complete test suite)">
13	]>
14
15	<sect1 id="bind" xreflabel="BIND-&bind-version;">
16	<?dbhtml filename="bind.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	</sect1info>
22
23	<title>BIND-&bind-version;</title>
24
25	<indexterm zone="bind">
26	<primary sortas="a-BIND">BIND</primary>
27	</indexterm>
28
29	<sect2 role="package">
30	<title>Introduction to BIND</title>
31
32	<para>The <application>BIND</application> package provides a DNS server
33	and client utilities. If you are only interested in the utilities, refer
34	to the <xref linkend="bind-utils"/>.</para>
35
36	&lfs78_checked;
37
38	<bridgehead renderas="sect3">Package Information</bridgehead>
39	<itemizedlist spacing="compact">
40	<listitem>
41	<para>Download (HTTP): <ulink url="&bind-download-http;"/></para>
42	</listitem>
43	<listitem>
44	<para>Download (FTP): <ulink url="&bind-download-ftp;"/></para>
45	</listitem>
46	<listitem>
47	<para>Download MD5 sum: &bind-md5sum;</para>
48	</listitem>
49	<listitem>
50	<para>Download size: &bind-size;</para>
51	</listitem>
52	<listitem>
53	<para>Estimated disk space required: &bind-buildsize;</para>
54	</listitem>
55	<listitem>
56	<para>Estimated build time: &bind-time;</para>
57	</listitem>
58	</itemizedlist>
59
60	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
61	<itemizedlist spacing='compact'>
62	<listitem>
63	<para>Optional patch (if net-tools is not installed):
64	<ulink
65	url="&patch-root;/bind-&bind-version;-use_iproute2-1.patch"/></para>
66	</listitem>
67	</itemizedlist>
68
69	<bridgehead renderas="sect3">BIND Dependencies</bridgehead>
70
71	<bridgehead renderas="sect4">Optional</bridgehead>
72	<para role="optional">
73	<xref linkend="libcap-pam"/>,
74	<xref linkend="libxml2"/>,
75	<xref linkend="mitkrb"/>,
76	<xref linkend="openssl"/>, and
77	<ulink url='https://github.com/cjheath/geoip'>geoip</ulink>
78	</para>
79
80	<bridgehead renderas="sect4">Optional database backends</bridgehead>
81	<para role="optional">
82	<xref linkend="db"/>,
83	<xref linkend="mariadb"/> or <ulink url="http://www.mysql.com/">MySQL</ulink>,
84	<xref linkend="openldap"/>,
85	<xref linkend="postgresql"/>, and
86	<xref linkend="unixodbc"/>
87	</para>
88
89	<bridgehead renderas="sect4">Optional (to run the test suite)</bridgehead>
90	<para role="optional">
91	<xref linkend="perl-net-dns"/> and
92	<xref linkend="net-tools"/> (you may omit net-tools by using the optional
93	patch to utilize iproute2, but the IPv6 tests will fail)
94	</para>
95
96	<bridgehead renderas="sect4">Optional (to rebuild the documentation)</bridgehead>
97	<para role="optional">
98	<xref linkend="doxygen"/>,
99	<xref linkend="libxslt"/>, and
100	<xref linkend="texlive"/> (or <xref linkend="tl-installer"/>)
101	</para>
102
103	<para condition="html" role="usernotes">User Notes:
104	<ulink url="&blfs-wiki;/bind"/></para>
105
106	</sect2>
107
108	<sect2 role="installation">
109	<title>Installation of BIND</title>
110
111	<para>If you have chosen not to install net-tools, apply the iproute2
112	patch with the following command:</para>
113
114	<screen><userinput>patch -Np1 -i ../bind-&bind-version;-use_iproute2-1.patch</userinput></screen>
115
116	<para>Install <application>BIND</application> by running the
117	following commands:</para>
118
119	<screen><userinput>./configure --prefix=/usr \
120	--sysconfdir=/etc \
121	--localstatedir=/var \
122	--mandir=/usr/share/man \
123	--enable-threads \
124	--with-libtool \
125	--disable-static \
126	--with-randomdev=/dev/urandom &&
127	make</userinput></screen>
128
129	<para>Issue the following commands to run the complete suite of tests.
130	First, as the <systemitem class="username">root</systemitem> user, set up
131	some test interfaces:</para>
132
133	<note><para>If IPv6 is not enabled in the kernel, there will be several
134	error messages: "RTNETLINK answers: Operation not permitted". These
135	messages do not afffect the tests.</para></note>
136
137	<screen role="root"><userinput>bin/tests/system/ifconfig.sh up</userinput></screen>
138
139	<para>The test suite may indicate some skipped tests depending on
140	what configuration options are used. Some tests are marked <quote>UNTESTED
141	</quote> if <xref linkend="perl-net-dns"/> is not installed.
142	To run the tests, as an unprivileged user, execute:</para>
143
144	<screen><userinput>make -k check</userinput></screen>
145
146	<para>Again as <systemitem class="username">root</systemitem>, clean up the
147	test interfaces:</para>
148
149	<screen role="root"><userinput>bin/tests/system/ifconfig.sh down</userinput></screen>
150
151	<para>Finally, install the package as the <systemitem
152	class="username">root</systemitem> user:</para>
153
154	<screen role="root"><userinput>make install &&
155	chmod -v 0755 /usr/lib/lib{bind9,dns,isc{,cc,cfg},lwres}.so &&
156
157	install -v -m755 -d /usr/share/doc/bind-&bind-version;/{arm,misc} &&
158	install -v -m644 doc/arm/*.html \
159	/usr/share/doc/bind-&bind-version;/arm &&
160	install -v -m644 doc/misc/{dnssec,ipv6,migrat*,options,rfc-compliance,roadmap,sdb} \
161	/usr/share/doc/bind-&bind-version;/misc</userinput></screen>
162	</sect2>
163
164	<sect2 role="commands">
165	<title>Command Explanations</title>
166
167	<para><parameter>--sysconfdir=/etc</parameter>: This parameter forces
168	<application>BIND</application> to look for configuration
169	files in <filename class='directory'>/etc</filename> instead of
170	<filename class='directory'>/usr/etc</filename>.</para>
171
172	<para><parameter>--enable-threads</parameter>: This parameter enables
173	multi-threading capability.</para>
174
175	<para><parameter>--with-libtool</parameter>: This parameter forces the
176	building of dynamic libraries and links the installed binaries to these
177	libraries.</para>
178
179	<para><parameter>--with-randomdev=/dev/urandom</parameter>: This parameter
180	specifes a non-blocking random device for use with digital signatures.</para>
181
182	<para><option>--enable-fetchlimit</option>: Use this option if you want
183	to be able to limit the the rate of recursive client queries. This may be
184	useful on servers which receive a large number of queries.</para>
185
186	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
187	href="../../xincludes/static-libraries.xml"/>
188
189	<para><command>chmod 0755
190	/usr/lib/{lib{bind9,dns,isc{,cc,cfg},lwres}.so</command>:
191	Enable the execute bit to prevent a warning when using
192	<command>ldd</command> to check library dependencies.</para>
193
194	<para><command>cd doc; install ...</command>: These commands install
195	additional package documentation. Omit any or all of these commands if
196	desired.</para>
197	</sect2>
198
199	<sect2 role="configuration">
200	<title>Configuring BIND</title>
201
202	<sect3 id="bind-config">
203	<title>Config files</title>
204
205	<para><filename>named.conf</filename>,
206	<filename>root.hints</filename>,
207	<filename>127.0.0</filename>,
208	<filename>rndc.conf</filename> and
209	<filename>resolv.conf</filename></para>
210
211	<indexterm zone="bind bind-config">
212	<primary sortas="e-etc-named.conf">/etc/named.conf</primary>
213	</indexterm>
214
215	<indexterm zone="bind bind-config">
216	<primary sortas="e-etc-rndc.conf">/etc/rndc.conf</primary>
217	</indexterm>
218
219	<indexterm zone="bind bind-config">
220	<primary sortas="e-etc-resolv.conf">/etc/resolv.conf</primary>
221	</indexterm>
222
223	<indexterm zone="bind bind-config">
224	<primary
225	sortas="e-etc-namedb-root.hints">/etc/namedb/root.hints</primary>
226	</indexterm>
227
228	<indexterm zone="bind bind-config">
229	<primary
230	sortas="e-etc-namedb-pz-127.0.0.0">/etc/namedb/pz/127.0.0.0</primary>
231	</indexterm>
232	</sect3>
233
234	<sect3>
235	<title>Configuration Information</title>
236
237	<para><application>BIND</application> will be configured to run in a
238	<command>chroot</command> jail as an unprivileged user (<systemitem
239	class="username">named</systemitem>). This configuration is more secure
240	in that a DNS compromise can only affect a few files in the <systemitem
241	class="username">named</systemitem> user's <envar>HOME</envar>
242	directory.</para>
243
244	<para>Create the unprivileged user and group <systemitem
245	class="username">named</systemitem>:</para>
246
247	<screen role="root"><userinput>groupadd -g 20 named &&
248	useradd -c "BIND Owner" -g named -s /bin/false -u 20 named &&
249	install -d -m770 -o named -g named /srv/named</userinput></screen>
250
251	<para>Set up some files, directories and devices needed by
252	<application>BIND</application>:</para>
253
254	<screen role="root"><userinput>cd /srv/named &&
255	mkdir -p dev etc/namedb/{slave,pz} usr/lib/engines var/run/named &&
256	mknod /srv/named/dev/null c 1 3 &&
257	mknod /srv/named/dev/urandom c 1 9 &&
258	chmod 666 /srv/named/dev/{null,urandom} &&
259	cp /etc/localtime etc &&
260	touch /srv/named/managed-keys.bind &&
261	cp /usr/lib/engines/libgost.so usr/lib/engines &&
262	[ $(uname -m) = x86_64 ] && ln -sv lib usr/lib64</userinput></screen>
263
264	<para>The <filename>rndc.conf</filename> file contains information for
265	controlling <command>named</command> operations with the
266	<command>rndc</command> utility. Generate a key for use in the <filename>named.conf</filename> and <filename>rdnc.conf</filename> with the
267	<command>rndc-confgen</command> command:</para>
268
269	<screen role="root"><userinput>rndc-confgen -r /dev/urandom -b 512 > /etc/rndc.conf &&
270	sed '/conf/d;/^#/!d;s:^# ::' /etc/rndc.conf > /srv/named/etc/named.conf</userinput></screen>
271
272	<para>Complete the <filename>named.conf</filename> file from which
273	<command>named</command> will read the location of zone files, root
274	name servers and secure DNS keys:</para>
275
276	<screen role="root"><?dbfo keep-together="auto"?><userinput>cat >> /srv/named/etc/named.conf << "EOF"
277	<literal>options {
278	directory "/etc/namedb";
279	pid-file "/var/run/named.pid";
280	statistics-file "/var/run/named.stats";
281
282	};
283	zone "." {
284	type hint;
285	file "root.hints";
286	};
287	zone "0.0.127.in-addr.arpa" {
288	type master;
289	file "pz/127.0.0";
290	};
291
292	// Bind 9 now logs by default through syslog (except debug).
293	// These are the default logging rules.
294
295	logging {
296	category default { default_syslog; default_debug; };
297	category unmatched { null; };
298
299	channel default_syslog {
300	syslog daemon; // send to syslog's daemon
301	// facility
302	severity info; // only send priority info
303	// and higher
304	};
305
306	channel default_debug {
307	file "named.run"; // write to named.run in
308	// the working directory
309	// Note: stderr is used instead
310	// of "named.run"
311	// if the server is started
312	// with the '-f' option.
313	severity dynamic; // log at the server's
314	// current debug level
315	};
316
317	channel default_stderr {
318	stderr; // writes to stderr
319	severity info; // only send priority info
320	// and higher
321	};
322
323	channel null {
324	null; // toss anything sent to
325	// this channel
326	};
327	};</literal>
328	EOF</userinput></screen>
329
330	<para>Create a zone file with the following contents:</para>
331
332	<screen role="root"><userinput>cat > /srv/named/etc/namedb/pz/127.0.0 << "EOF"
333	<literal>$TTL 3D
334	@ IN SOA ns.local.domain. hostmaster.local.domain. (
335	1 ; Serial
336	8H ; Refresh
337	2H ; Retry
338	4W ; Expire
339	1D) ; Minimum TTL
340	NS ns.local.domain.
341	1 PTR localhost.</literal>
342	EOF</userinput></screen>
343
344	<para>Create the <filename>root.hints</filename> file with the following
345	commands:</para>
346
347	<note>
348	<para>Caution must be used to ensure there are no leading spaces in
349	this file.</para>
350	</note>
351
352	<screen role="root"><userinput>cat > /srv/named/etc/namedb/root.hints << "EOF"
353	<literal>. 6D IN NS A.ROOT-SERVERS.NET.
354	. 6D IN NS B.ROOT-SERVERS.NET.
355	. 6D IN NS C.ROOT-SERVERS.NET.
356	. 6D IN NS D.ROOT-SERVERS.NET.
357	. 6D IN NS E.ROOT-SERVERS.NET.
358	. 6D IN NS F.ROOT-SERVERS.NET.
359	. 6D IN NS G.ROOT-SERVERS.NET.
360	. 6D IN NS H.ROOT-SERVERS.NET.
361	. 6D IN NS I.ROOT-SERVERS.NET.
362	. 6D IN NS J.ROOT-SERVERS.NET.
363	. 6D IN NS K.ROOT-SERVERS.NET.
364	. 6D IN NS L.ROOT-SERVERS.NET.
365	. 6D IN NS M.ROOT-SERVERS.NET.
366	A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
367	B.ROOT-SERVERS.NET. 6D IN A 192.228.79.201
368	C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
369	D.ROOT-SERVERS.NET. 6D IN A 199.7.91.13
370	E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
371	F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
372	G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
373	H.ROOT-SERVERS.NET. 6D IN A 128.63.2.53
374	I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
375	J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30
376	K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129
377	L.ROOT-SERVERS.NET. 6D IN A 199.7.83.42
378	M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33</literal>
379	EOF</userinput></screen>
380
381	<para>The <filename>root.hints</filename> file is a list of root
382	name servers. This file must be updated periodically with the
383	<command>dig</command> utility. A current copy of root.hints can be
384	obtained from <ulink url="ftp://rs.internic.net/domain/named.root" />.
385	Consult the <ulink url="http://www.bind9.net/Bv9ARM.html">BIND 9
386	Administrator Reference Manual</ulink> for details.</para>
387
388	<para>Create or modify <filename>resolv.conf</filename> to use the new
389	name server with the following commands:</para>
390
391	<note>
392	<para>Replace <replaceable><yourdomain.com></replaceable> with
393	your own valid domain name.</para>
394	</note>
395
396	<screen role="root"><userinput>cp /etc/resolv.conf /etc/resolv.conf.bak &&
397	cat > /etc/resolv.conf << "EOF"
398	<literal>search <replaceable><yourdomain.com></replaceable>
399	nameserver 127.0.0.1</literal>
400	EOF</userinput></screen>
401
402	<para>Set permissions on the <command>chroot</command> jail with the
403	following command:</para>
404
405	<screen role="root"><userinput>chown -R named:named /srv/named</userinput></screen>
406
407	</sect3>
408
409	<sect3 id="bind-init">
410	<title>Boot Script</title>
411
412	<para>To start the DNS server at boot, install the
413	<filename>/etc/rc.d/init.d/bind</filename> init script included
414	in the <xref linkend="bootscripts"/> package.</para>
415
416	<indexterm zone="bind bind-init">
417	<primary sortas="f-bind">bind</primary>
418	</indexterm>
419
420	<screen role="root"><userinput>make install-bind</userinput></screen>
421
422	<para>Now start <application>BIND</application> with
423	the new boot script:</para>
424
425	<screen role="root"><userinput>/etc/rc.d/init.d/bind start</userinput></screen>
426
427	</sect3>
428
429	<sect3>
430	<title>Testing BIND</title>
431
432	<para>Test out the new <application>BIND</application> 9 installation.
433	First query the local host address with <command>dig</command>:</para>
434
435	<screen><userinput>dig -x 127.0.0.1</userinput></screen>
436
437	<para>Now try an external name lookup, taking note of the speed
438	difference in repeated lookups due to the caching. Run the
439	<command>dig</command> command twice on the same address:</para>
440
441	<screen><userinput>dig www.&lfs-domainname; &&
442	dig www.&lfs-domainname;</userinput></screen>
443
444	<para>You can see almost instantaneous results with the named caching
445	lookups. Consult the <application>BIND</application> Administrator
446	Reference Manual located at <filename>doc/arm/Bv9ARM.html</filename>
447	in the package source tree, for further configuration options.</para>
448
449	</sect3>
450
451	</sect2>
452
453	<sect2 role="content">
454	<title>Contents</title>
455
456	<segmentedlist>
457	<segtitle>Installed Programs</segtitle>
458	<segtitle>Installed Libraries</segtitle>
459	<segtitle>Installed Directories</segtitle>
460
461	<seglistitem>
462
463	<seg>arpaname, bind9-config hardlinked to isc-config.sh, ddns-confgen,
464	delv, dig, dnssec-checkds, dnssec-coverage, dnssec-dsfromkey,
465	dnssec-importkey, dnssec-keyfromlabel, dnssec-keygen, dnssec-revoke,
466	dnssec-settime, dnssec-signzone, dnssec-verify, genrandom, host,
467	isc-hmac-fixup, lwresd hardlinked to named, named-checkconf,
468	named-checkzone, named-compilezone (symlink), named-journalprint,
469	named-rrchecker, nsec3hash, nslookup, nsupdate, rndc, rndc-confgen,
470	and tsig-keygen (symlink)</seg>
471
472	<seg>libbind9.so, libdns.so, libirs.so, libisc.so, libisccc.so,
473	libisccfg.so, and liblwres.so</seg>
474
475	<seg>/usr/include/{bind9,dns,dst,irs,isc,isccc,isccfg,lwres,pk11,pkcs11},
476	/usr/share/doc/bind-&bind-version; and /srv/named</seg>
477	</seglistitem>
478	</segmentedlist>
479
480	<variablelist>
481	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
482	<?dbfo list-presentation="list"?>
483	<?dbhtml list-presentation="table"?>
484
485	<varlistentry id="arpaname">
486	<term><command>arpaname</command></term>
487	<listitem>
488	<para>
489	translate IP addresses to the corresponding ARPA names.
490	</para>
491	<indexterm zone="bind arpaname">
492	<primary sortas="b-arpaname">arpaname</primary>
493	</indexterm>
494	</listitem>
495	</varlistentry>
496
497	<varlistentry id="bind9-config">
498	<term><command>bind9-config</command></term>
499	<listitem>
500	<para>
501	hardlinked to <command>isc-config.sh</command>.
502	</para>
503	<indexterm zone="bind bind9-config">
504	<primary sortas="b-bind9-config">bind9-config</primary>
505	</indexterm>
506	</listitem>
507	</varlistentry>
508
509	<varlistentry id="ddns-confgen">
510	<term><command>ddns-confgen</command></term>
511	<listitem>
512	<para>
513	generates a key for use by nsupdate and named.
514	</para>
515	<indexterm zone="bind ddns-confgen">
516	<primary sortas="b-ddns-confgen">ddns-confgen</primary>
517	</indexterm>
518	</listitem>
519	</varlistentry>
520
521	<varlistentry id="delv">
522	<term><command>delv</command></term>
523	<listitem>
524	<para>
525	is a new debugging tool that is a successor to
526	<command>dig</command>.
527	</para>
528	<indexterm zone="bind delv">
529	<primary sortas="b-delv">delv</primary>
530	</indexterm>
531	</listitem>
532	</varlistentry>
533
534	<varlistentry id="dig">
535	<term><command>dig</command></term>
536	<listitem>
537	<para>interrogates DNS servers.</para>
538	<indexterm zone="bind dig">
539	<primary sortas="b-dig">dig</primary>
540	</indexterm>
541	</listitem>
542	</varlistentry>
543
544	<varlistentry id="dnssec-checkds">
545	<term><command>dnssec-checkds</command></term>
546	<listitem>
547	<para>
548	is a DNSSEC delegation consistency checking tool.
549	</para>
550	<indexterm zone="bind dnssec-checkds">
551	<primary sortas="b-dnssec-checkds">dnssec-checkds</primary>
552	</indexterm>
553	</listitem>
554	</varlistentry>
555
556	<varlistentry id="dnssec-coverage">
557	<term><command>dnssec-coverage</command></term>
558	<listitem>
559	<para>
560	verifies that the DNSSEC keys for a given zone or a set of zones
561	have timing metadata set properly to ensure no future lapses
562	in DNSSEC coverage.
563	</para>
564	<indexterm zone="bind dnssec-coverage">
565	<primary sortas="b-dnssec-coverage">dnssec-coverage</primary>
566	</indexterm>
567	</listitem>
568	</varlistentry>
569
570	<varlistentry id="dnssec-dsfromkey">
571	<term><command>dnssec-dsfromkey</command></term>
572	<listitem>
573	<para>
574	outputs the Delegation Signer (DS) resource record (RR).
575	</para>
576	<indexterm zone="bind dnssec-dsfromkey">
577	<primary sortas="b-dnssec-dsfromkey">dnssec-dsfromkey</primary>
578	</indexterm>
579	</listitem>
580	</varlistentry>
581
582	<varlistentry id="dnssec-importkey">
583	<term><command>dnssec-importkey</command></term>
584	<listitem>
585	<para>
586	reads a public DNSKEY record and generates a pair of
587	.key/.private files.
588	</para>
589	<indexterm zone="bind dnssec-importkey">
590	<primary sortas="b-dnssec-importkey">dnssec-importkey</primary>
591	</indexterm>
592	</listitem>
593	</varlistentry>
594
595	<varlistentry id="dnssec-keyfromlabel">
596	<term><command>dnssec-keyfromlabel</command></term>
597	<listitem>
598	<para>
599	gets keys with the given label from a crypto hardware and builds
600	key files for DNSSEC.
601	</para>
602	<indexterm zone="bind dnssec-keyfromlabel">
603	<primary sortas="b-dnssec-keyfromlabel">dnssec-keyfromlabel</primary>
604	</indexterm>
605	</listitem>
606	</varlistentry>
607
608	<varlistentry id="dnssec-keygen">
609	<term><command>dnssec-keygen</command></term>
610	<listitem>
611	<para>is a key generator for secure DNS.</para>
612	<indexterm zone="bind dnssec-keygen">
613	<primary sortas="b-dnssec-keygen">dnssec-keygen</primary>
614	</indexterm>
615	</listitem>
616	</varlistentry>
617
618	<varlistentry id="dnssec-revoke">
619	<term><command>dnssec-revoke</command></term>
620	<listitem>
621	<para>
622	Set the REVOKED bit on a DNSSEC key.
623	</para>
624	<indexterm zone="bind dnssec-revoke">
625	<primary sortas="b-dnssec-revoke">dnssec-revoke</primary>
626	</indexterm>
627	</listitem>
628	</varlistentry>
629
630	<varlistentry id="dnssec-settime">
631	<term><command>dnssec-settime</command></term>
632	<listitem>
633	<para>
634	set the key timing metadata for a DNSSEC key.
635	</para>
636	<indexterm zone="bind dnssec-settime">
637	<primary sortas="b-dnssec-settime">dnssec-settime</primary>
638	</indexterm>
639	</listitem>
640	</varlistentry>
641
642	<varlistentry id="dnssec-signzone">
643	<term><command>dnssec-signzone</command></term>
644	<listitem>
645	<para>generates signed versions of zone files.</para>
646	<indexterm zone="bind dnssec-signzone">
647	<primary sortas="b-dnssec-signzone">dnssec-signzone</primary>
648	</indexterm>
649	</listitem>
650	</varlistentry>
651
652	<varlistentry id="dnssec-verify">
653	<term><command>dnssec-verify</command></term>
654	<listitem>
655	<para>
656	verifies that a zone is fully signed for each algorithm found
657	in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
658	chains are complete.
659	</para>
660	<indexterm zone="bind dnssec-verify">
661	<primary sortas="b-dnssec-verify">dnssec-verify</primary>
662	</indexterm>
663	</listitem>
664	</varlistentry>
665
666	<varlistentry id="genrandom">
667	<term><command>genrandom</command></term>
668	<listitem>
669	<para>
670	generate a file containing random data.
671	</para>
672	<indexterm zone="bind genrandom">
673	<primary sortas="b-genrandom">genrandom</primary>
674	</indexterm>
675	</listitem>
676	</varlistentry>
677
678	<varlistentry id="host">
679	<term><command>host</command></term>
680	<listitem>
681	<para>is a utility for DNS lookups.</para>
682	<indexterm zone="bind host">
683	<primary sortas="b-host">host</primary>
684	</indexterm>
685	</listitem>
686	</varlistentry>
687
688	<varlistentry id="isc-config.sh">
689	<term><command>isc-config.sh</command></term>
690	<listitem>
691	<para>
692	prints information related to the installed version of ISC BIND.
693	</para>
694	<indexterm zone="bind isc-config.sh">
695	<primary sortas="b-isc-config.sh">isc-config.sh</primary>
696	</indexterm>
697	</listitem>
698	</varlistentry>
699
700	<varlistentry id="isc-hmac-fixup">
701	<term><command>isc-hmac-fixup</command></term>
702	<listitem>
703	<para>
704	fixes HMAC keys generated by older versions of BIND.
705	</para>
706	<indexterm zone="bind isc-hmac-fixup">
707	<primary sortas="b-isc-hmac-fixup">isc-hmac-fixup</primary>
708	</indexterm>
709	</listitem>
710	</varlistentry>
711
712	<varlistentry id="lwresd">
713	<term><command>lwresd</command></term>
714	<listitem>
715	<para>is a caching-only name server for local process use.</para>
716	<indexterm zone="bind lwresd">
717	<primary sortas="b-lwresd">lwresd</primary>
718	</indexterm>
719	</listitem>
720	</varlistentry>
721
722	<varlistentry id="named">
723	<term><command>named</command></term>
724	<listitem>
725	<para>is the name server daemon.</para>
726	<indexterm zone="bind named">
727	<primary sortas="b-named">named</primary>
728	</indexterm>
729	</listitem>
730	</varlistentry>
731
732	<varlistentry id="named-checkconf">
733	<term><command>named-checkconf</command></term>
734	<listitem>
735	<para>checks the syntax of <filename>named.conf</filename>
736	files.</para>
737	<indexterm zone="bind named-checkconf">
738	<primary sortas="b-named-checkconf">named-checkconf</primary>
739	</indexterm>
740	</listitem>
741	</varlistentry>
742
743	<varlistentry id="named-checkzone">
744	<term><command>named-checkzone</command></term>
745	<listitem>
746	<para>checks zone file validity.</para>
747	<indexterm zone="bind named-checkzone">
748	<primary sortas="b-named-checkzone">named-checkzone</primary>
749	</indexterm>
750	</listitem>
751	</varlistentry>
752
753	<varlistentry id="named-compilezone">
754	<term><command>named-compilezone</command></term>
755	<listitem>
756	<para>
757	is similar to <command>named-checkzone</command>, but it always
758	dumps the zone contents to a specified file in a specified format.
759	</para>
760	<indexterm zone="bind named-compilezone">
761	<primary sortas="b-named-compilezone">named-compilezone</primary>
762	</indexterm>
763	</listitem>
764	</varlistentry>
765
766	<varlistentry id="named-journalprint">
767	<term><command>named-journalprint</command></term>
768	<listitem>
769	<para>
770	print zone journal in human-readable form.
771	</para>
772	<indexterm zone="bind named-journalprint">
773	<primary sortas="b-named-journalprint">named-journalprint</primary>
774	</indexterm>
775	</listitem>
776	</varlistentry>
777
778	<varlistentry id="named-rrchecker">
779	<term><command>named-rrchecker</command></term>
780	<listitem>
781	<para>
782	read a individual DNS resource record from standard input and
783	checks if it is syntactically correct.
784	</para>
785	<indexterm zone="bind named-rrchecker">
786	<primary sortas="b-named-rrchecker">named-rrchecker</primary>
787	</indexterm>
788	</listitem>
789	</varlistentry>
790
791	<varlistentry id="nsec3hash">
792	<term><command>nsec3hash</command></term>
793	<listitem>
794	<para>
795	generates an NSEC3 hash based on a set of NSEC3 parameters.
796	</para>
797	<indexterm zone="bind nsec3hash">
798	<primary sortas="b-nsec3hash">nsec3hash</primary>
799	</indexterm>
800	</listitem>
801	</varlistentry>
802
803	<varlistentry id="nslookup">
804	<term><command>nslookup</command></term>
805	<listitem>
806	<para>is a program used to query Internet domain nameservers.</para>
807	<indexterm zone="bind nslookup">
808	<primary sortas="b-nslookup">nslookup</primary>
809	</indexterm>
810	</listitem>
811	</varlistentry>
812
813	<varlistentry id="nsupdate">
814	<term><command>nsupdate</command></term>
815	<listitem>
816	<para>is used to submit DNS update requests.</para>
817	<indexterm zone="bind nsupdate">
818	<primary sortas="b-nsupdate">nsupdate</primary>
819	</indexterm>
820	</listitem>
821	</varlistentry>
822
823	<varlistentry id="rndc">
824	<term><command>rndc</command></term>
825	<listitem>
826	<para>controls the operation of <application>BIND</application>.</para>
827	<indexterm zone="bind rndc">
828	<primary sortas="b-rndc">rndc</primary>
829	</indexterm>
830	</listitem>
831	</varlistentry>
832
833	<varlistentry id="rndc-confgen">
834	<term><command>rndc-confgen</command></term>
835	<listitem>
836	<para>generates <filename>rndc.conf</filename> files.</para>
837	<indexterm zone="bind rndc-confgen">
838	<primary sortas="b-rndc-confgen">rndc-confgen</primary>
839	</indexterm>
840	</listitem>
841	</varlistentry>
842
843	<varlistentry id="tsig-keygen">
844	<term><command>tsig-keygen</command></term>
845	<listitem>
846	<para>
847	is a symlink to <command>ddns-confgen</command>.
848	</para>
849	<indexterm zone="bind tsig-keygen">
850	<primary sortas="b-tsig-keygen">tsig-keygen</primary>
851	</indexterm>
852	</listitem>
853	</varlistentry>
854
855	</variablelist>
856
857	</sect2>
858
859	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: server/major/bind.xml@ 7841f70

Download in other formats: