source: server/major/bind.xml@ 8558044

11.1 lazarus qt5new trunk upgradedb xry111/intltool xry111/test-20220226
Last change on this file since 8558044 was 8558044, checked in by Pierre Labastie <pierre.labastie@…>, 8 months ago

Remove spaces at the end of lines

I know it is somewhat useless, but I don't like them for
two reasons: first they cannot be seen, and I do not like things I
cannot see. Second, git highlights them, and this is disturbing...

  • Property mode set to 100644
File size: 35.1 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY bind-download-http " ">
8 <!ENTITY bind-download-ftp "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.xz">
9 <!ENTITY bind-md5sum "8025b8f8463b3b9d9c902bab27f185a2">
10 <!ENTITY bind-size "4.8 MB">
11 <!ENTITY bind-buildsize "117 MB (20 MB installed)">
12 <!ENTITY bind-time "0.8 SBU (with parallelism=4; add 30+ minutes, somewhat processor independent, to run the complete test suite)">
13]>
14
15<sect1 id="bind" xreflabel="BIND-&bind-version;">
16 <?dbhtml filename="bind.html"?>
17
18 <sect1info>
19 <date>$Date$</date>
20 </sect1info>
21
22 <title>BIND-&bind-version;</title>
23
24 <indexterm zone="bind">
25 <primary sortas="a-BIND">BIND</primary>
26 </indexterm>
27
28 <sect2 role="package">
29 <title>Introduction to BIND</title>
30
31 <para>
32 The <application>BIND</application> package provides a DNS server
33 and client utilities. If you are only interested in the utilities, refer
34 to the <xref linkend="bind-utils"/>.
35 </para>
36
37 &lfs110a_checked;
38
39 <bridgehead renderas="sect3">Package Information</bridgehead>
40 <itemizedlist spacing="compact">
41 <listitem>
42 <para>
43 Download (HTTP): <ulink url="&bind-download-http;"/>
44 </para>
45 </listitem>
46 <listitem>
47 <para>
48 Download (FTP): <ulink url="&bind-download-ftp;"/>
49 </para>
50 </listitem>
51 <listitem>
52 <para>
53 Download MD5 sum: &bind-md5sum;
54 </para>
55 </listitem>
56 <listitem>
57 <para>
58 Download size: &bind-size;
59 </para>
60 </listitem>
61 <listitem>
62 <para>
63 Estimated disk space required: &bind-buildsize;
64 </para>
65 </listitem>
66 <listitem>
67 <para>
68 Estimated build time: &bind-time;
69 </para>
70 </listitem>
71 </itemizedlist>
72<!--
73 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
74 <itemizedlist spacing="compact">
75 <listitem>
76 <para>
77 Required patch:
78 <ulink url="&patch-root;/bind-&bind-version;-upstream_fixes-1.patch"/>
79 </para>
80 </listitem>
81 </itemizedlist>
82-->
83 <bridgehead renderas="sect3">BIND Dependencies</bridgehead>
84
85 <bridgehead renderas="sect4">Required</bridgehead>
86 <para role="required">
87 <xref linkend="libuv"/>
88 </para>
89
90 <bridgehead renderas="sect4">Recommended</bridgehead>
91 <para role="recommended">
92 <xref linkend="json-c"/> and
93 <xref linkend="libcap-pam"/>
94 </para>
95
96 <bridgehead renderas="sect4">Optional</bridgehead>
97 <para role="optional">
98 <xref linkend="curl"/>,
99 <xref linkend="libidn2"/>,
100 <xref linkend="libxml2"/>,
101 <xref linkend="lmdb"/>,
102 <xref linkend="mitkrb"/>,
103 <ulink url="https://cmocka.org/">cmocka</ulink>,
104 <ulink url="https://github.com/cjheath/geoip">geoip</ulink>,
105 <ulink url="https://docs.pytest.org/en/stable/">pytest</ulink>,
106 <ulink url="https://pypi.python.org/pypi/Sphinx">Sphinx</ulink>, and
107 <ulink url="&w3m-url;">w3m</ulink>
108 </para>
109
110 <bridgehead renderas="sect4">Optional database backends</bridgehead>
111 <para role="optional">
112 <xref linkend="db"/>,
113 <xref linkend="mariadb"/> or <ulink url="http://www.mysql.com/">MySQL</ulink>,
114 <xref linkend="openldap"/>,
115 <xref linkend="postgresql"/>, and
116 <xref linkend="unixodbc"/>
117 </para>
118
119 <bridgehead renderas="sect4">Optional (to run the test suite)</bridgehead>
120 <para role="optional">
121 <xref linkend="perl-net-dns"/>
122 </para>
123
124 <bridgehead renderas="sect4">Optional (to rebuild the documentation)</bridgehead>
125 <para role="optional">
126 <xref linkend="doxygen"/>,
127 <xref linkend="libxslt"/>, and
128 <xref linkend="texlive"/> (or <xref linkend="tl-installer"/>)
129 </para>
130
131 <para condition="html" role="usernotes">User Notes:
132 <ulink url="&blfs-wiki;/bind"/></para>
133
134 </sect2>
135
136 <sect2 role="installation">
137 <title>Installation of BIND</title>
138
139 <para>
140 To ensure <application>BIND</application> will build dnssec-keymgr,
141 install a python module as the <systemitem
142 class="username">root</systemitem> user:
143 </para>
144
145<screen role="root"><userinput>pip3 install ply</userinput></screen>
146<!--
147 <para>
148 First, fix a few regressions that were reported upstream:
149 </para>
150
151<screen><userinput remap="pre">patch -Np1 -i ../bind-&bind-version;-upstream_fixes-1.patch</userinput></screen>
152-->
153 <para>
154 Fix a regression identified upstream:
155 </para>
156
157<screen><userinput remap="pre">sed -i 's/MAPAPI=2.0/MAPAPI=3.0/' lib/dns/mapapi</userinput></screen>
158
159 <para>
160 Install <application>BIND</application> by running the
161 following commands:
162 </para>
163
164<screen><userinput>./configure --prefix=/usr \
165 --sysconfdir=/etc \
166 --localstatedir=/var \
167 --mandir=/usr/share/man \
168 --with-libtool \
169 --disable-static &amp;&amp;
170make</userinput></screen>
171
172 <para>
173 Issue the following commands to run the complete suite of tests.
174 First, as the <systemitem class="username">root</systemitem> user, set up
175 some test interfaces:
176 </para>
177
178 <note>
179 <para>
180 If IPv6 is not enabled in the kernel, there will be several
181 error messages: "RTNETLINK answers: Operation not permitted". These
182 messages do not affect the tests.
183 </para>
184 </note>
185
186<screen role="root"
187 remap="test"><userinput>bin/tests/system/ifconfig.sh up</userinput></screen>
188
189 <para>
190 The test suite may indicate some skipped tests depending on
191 what configuration options are used. Some tests are marked
192 <quote>UNTESTED</quote> if <xref linkend="perl-net-dns"/> is not
193 installed. <!--One test, <quote>CPU</quote>, is known to fail.-->
194 To run the tests, as an unprivileged user, execute:
195 </para>
196
197<screen remap="test"><userinput>make -k check</userinput></screen>
198
199 <para>
200 Again as <systemitem class="username">root</systemitem>, clean up the
201 test interfaces:
202 </para>
203
204<screen role="root"
205 remap="test"><userinput>bin/tests/system/ifconfig.sh down</userinput></screen>
206
207 <para>
208 Finally, install the package as the <systemitem
209 class="username">root</systemitem> user:
210 </para>
211
212<screen role="root"><userinput>make install</userinput></screen>
213 </sect2>
214
215<!-- Documentation is an issue - The docs are now all in .rst format and appear
216to be sphinx based.
217-->
218
219 <sect2 role="commands">
220 <title>Command Explanations</title>
221
222 <para>
223 <parameter>--sysconfdir=/etc</parameter>: This parameter forces
224 <application>BIND</application> to look for configuration
225 files in <filename class='directory'>/etc</filename> instead of
226 <filename class='directory'>/usr/etc</filename>.
227 </para>
228
229 <para>
230 <parameter>--with-libtool</parameter>: This parameter forces the
231 building of dynamic libraries and links the installed binaries to these
232 libraries.
233 </para>
234
235 <para>
236 <option>--with-libidn2</option>: This parameter enables
237 the IDNA2008 (Internationalized Domain Names in Applications)
238 support.
239 </para>
240
241 <para>
242 <option>--enable-fetchlimit</option>: Use this option if you want
243 to be able to limit the rate of recursive client queries. This may be
244 useful on servers which receive a large number of queries.
245 </para>
246
247 <para>
248 <option>--disable-linux-caps</option>: BIND can also be built without
249 capability support by using this option, at the cost of some loss of
250 security.
251 </para>
252
253 <para>
254 <option>--with-dlz-{mysql,bdb,filesystem,ldap,odbc,stub}</option>: Use
255 one (or more) of those options to add Dynamically Loadable Zones support.
256 For more information refer to <ulink
257 url="http://bind-dlz.sourceforge.net/">bind-dlz.sourceforge.net</ulink>.
258 </para>
259
260 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
261 href="../../xincludes/static-libraries.xml"/>
262
263 </sect2>
264
265 <sect2 role="configuration">
266 <title>Configuring BIND</title>
267
268 <sect3 id="bind-config">
269 <title>Config files</title>
270
271 <para>
272 <filename>named.conf</filename>,
273 <filename>root.hints</filename>,
274 <filename>127.0.0</filename>,
275 <filename>rndc.conf</filename>, and
276 <filename>resolv.conf</filename>
277 </para>
278
279 <indexterm zone="bind bind-config">
280 <primary sortas="e-etc-named.conf">/etc/named.conf</primary>
281 </indexterm>
282
283 <indexterm zone="bind bind-config">
284 <primary sortas="e-etc-rndc.conf">/etc/rndc.conf</primary>
285 </indexterm>
286
287 <indexterm zone="bind bind-config">
288 <primary sortas="e-etc-resolv.conf">/etc/resolv.conf</primary>
289 </indexterm>
290
291 <indexterm zone="bind bind-config">
292 <primary
293 sortas="e-etc-namedb-root.hints">/etc/namedb/root.hints</primary>
294 </indexterm>
295
296 <indexterm zone="bind bind-config">
297 <primary
298 sortas="e-etc-namedb-pz-127.0.0.0">/etc/namedb/pz/127.0.0.0</primary>
299 </indexterm>
300 </sect3>
301
302 <sect3>
303 <title>Configuration Information</title>
304
305 <para>
306 <application>BIND</application> will be configured to run in a
307 <command>chroot</command> jail as an unprivileged user (<systemitem
308 class="username">named</systemitem>). This configuration is more secure
309 in that a DNS compromise can only affect a few files in the <systemitem
310 class="username">named</systemitem> user's <envar>HOME</envar>
311 directory.
312 </para>
313
314 <para>
315 Create the unprivileged user and group <systemitem
316 class="username">named</systemitem>:
317 </para>
318
319<screen role="root"><userinput>groupadd -g 20 named &amp;&amp;
320useradd -c "BIND Owner" -g named -s /bin/false -u 20 named &amp;&amp;
321install -d -m770 -o named -g named /srv/named</userinput></screen>
322
323 <para>
324 Set up some files, directories and devices needed by
325 <application>BIND</application>:
326 </para>
327
328<screen role="root"><userinput>mkdir -p /srv/named &amp;&amp;
329cd /srv/named &amp;&amp;
330mkdir -p dev etc/named/{slave,pz} usr/lib/engines var/run/named &amp;&amp;
331mknod /srv/named/dev/null c 1 3 &amp;&amp;
332mknod /srv/named/dev/urandom c 1 9 &amp;&amp;
333chmod 666 /srv/named/dev/{null,urandom} &amp;&amp;
334cp /etc/localtime etc</userinput></screen>
335
336 <para>
337 The <filename>rndc.conf</filename> file contains information for
338 controlling <command>named</command> operations with the
339 <command>rndc</command> utility. Generate a key for use in the
340 <filename>named.conf</filename> and <filename>rndc.conf</filename>
341 with the <command>rndc-confgen</command> command:
342 </para>
343
344<screen role="root"><userinput>rndc-confgen -a -b 512 -t /srv/named</userinput></screen>
345
346 <para>
347 Complete the <filename>named.conf</filename> file from which
348 <command>named</command> will read the location of zone files, root
349 name servers and secure DNS keys:
350 </para>
351
352<screen role="root"><?dbfo keep-together="auto"?><userinput>cat &gt;&gt; /srv/named/etc/named.conf &lt;&lt; "EOF"
353<literal>options {
354 directory "/etc/named";
355 pid-file "/var/run/named.pid";
356 statistics-file "/var/run/named.stats";
357
358};
359zone "." {
360 type hint;
361 file "root.hints";
362};
363zone "0.0.127.in-addr.arpa" {
364 type master;
365 file "pz/127.0.0";
366};
367
368// Bind 9 now logs by default through syslog (except debug).
369// These are the default logging rules.
370
371logging {
372 category default { default_syslog; default_debug; };
373 category unmatched { null; };
374
375 channel default_syslog {
376 syslog daemon; // send to syslog's daemon
377 // facility
378 severity info; // only send priority info
379 // and higher
380 };
381
382 channel default_debug {
383 file "named.run"; // write to named.run in
384 // the working directory
385 // Note: stderr is used instead
386 // of "named.run"
387 // if the server is started
388 // with the '-f' option.
389 severity dynamic; // log at the server's
390 // current debug level
391 };
392
393 channel default_stderr {
394 stderr; // writes to stderr
395 severity info; // only send priority info
396 // and higher
397 };
398
399 channel null {
400 null; // toss anything sent to
401 // this channel
402 };
403};</literal>
404EOF</userinput></screen>
405
406 <para>
407 Create a zone file with the following contents:
408 </para>
409
410<screen role="root"><userinput>cat &gt; /srv/named/etc/named/pz/127.0.0 &lt;&lt; "EOF"
411<literal>$TTL 3D
412@ IN SOA ns.local.domain. hostmaster.local.domain. (
413 1 ; Serial
414 8H ; Refresh
415 2H ; Retry
416 4W ; Expire
417 1D) ; Minimum TTL
418 NS ns.local.domain.
4191 PTR localhost.</literal>
420EOF</userinput></screen>
421
422 <para>
423 Create the <filename>root.hints</filename> file with the following
424 commands:
425 </para>
426
427 <note>
428 <para>
429 Caution must be used to ensure there are no leading spaces in
430 this file.
431 </para>
432 </note>
433
434<screen role="root"><userinput>cat &gt; /srv/named/etc/named/root.hints &lt;&lt; "EOF"
435<literal>. 6D IN NS A.ROOT-SERVERS.NET.
436. 6D IN NS B.ROOT-SERVERS.NET.
437. 6D IN NS C.ROOT-SERVERS.NET.
438. 6D IN NS D.ROOT-SERVERS.NET.
439. 6D IN NS E.ROOT-SERVERS.NET.
440. 6D IN NS F.ROOT-SERVERS.NET.
441. 6D IN NS G.ROOT-SERVERS.NET.
442. 6D IN NS H.ROOT-SERVERS.NET.
443. 6D IN NS I.ROOT-SERVERS.NET.
444. 6D IN NS J.ROOT-SERVERS.NET.
445. 6D IN NS K.ROOT-SERVERS.NET.
446. 6D IN NS L.ROOT-SERVERS.NET.
447. 6D IN NS M.ROOT-SERVERS.NET.
448A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
449A.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:ba3e::2:30
450B.ROOT-SERVERS.NET. 6D IN A 192.228.79.201
451B.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:200::b
452C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
453C.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2::c
454D.ROOT-SERVERS.NET. 6D IN A 199.7.91.13
455D.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2d::d
456E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
457E.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:a8::e
458F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
459F.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2f::f
460G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
461G.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:12::d0d
462H.ROOT-SERVERS.NET. 6D IN A 198.97.190.53
463H.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:1::53
464I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
465I.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fe::53
466J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30
467J.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:c27::2:30
468K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129
469K.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fd::1
470L.ROOT-SERVERS.NET. 6D IN A 199.7.83.42
471L.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:9f::42
472M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33
473M.ROOT-SERVERS.NET. 6D IN AAAA 2001:dc3::35</literal>
474EOF</userinput></screen>
475
476 <para>
477 The <filename>root.hints</filename> file is a list of root name
478 servers. This file must be updated periodically with the
479 <command>dig</command> utility. A current copy of root.hints can be
480 obtained from <ulink url="ftp://rs.internic.net/domain/named.root" />.
481 For details, consult the "BIND 9 Administrator Reference Manual",
482 included in every source archive of BIND 9 distributed by ISC, in HTML
483 and PDF formats, also available at <ulink
484 url="ftp://ftp.isc.org/isc/bind9/cur/&bind-minor-version;/doc/arm/Bv9ARM.html">
485 BIND 9 Administrator Reference Manual</ulink>.
486 </para>
487
488 <para>
489 Create or modify <filename>resolv.conf</filename> to use the new
490 name server with the following commands:
491 </para>
492
493 <note>
494 <para>
495 Replace <replaceable>&lt;yourdomain.com&gt;</replaceable> with
496 your own valid domain name.
497 </para>
498 </note>
499
500<screen role="root"><userinput>cp /etc/resolv.conf /etc/resolv.conf.bak &amp;&amp;
501cat &gt; /etc/resolv.conf &lt;&lt; "EOF"
502<literal>search <replaceable>&lt;yourdomain.com&gt;</replaceable>
503nameserver 127.0.0.1</literal>
504EOF</userinput></screen>
505
506 <para>
507 Set permissions on the <command>chroot</command> jail with the
508 following command:
509 </para>
510
511<screen role="root"><userinput>chown -R named:named /srv/named</userinput></screen>
512
513 </sect3>
514
515 <sect3 id="bind-init">
516 <title><phrase revision="sysv">Boot Script</phrase>
517 <phrase revision="systemd">Systemd Unit</phrase></title>
518
519 <para>
520 To start the DNS server at boot, install the
521 <phrase revision="sysv"><filename>/etc/rc.d/init.d/bind</filename> init
522 script</phrase>
523 <phrase revision="systemd"><filename>named.service</filename>
524 unit</phrase> included in the
525 <xref linkend="bootscripts" revision="sysv"/>
526 <xref linkend="systemd-units" revision="systemd"/> package:
527 </para>
528
529 <indexterm zone="bind bind-init">
530 <primary sortas="f-bind">bind</primary>
531 </indexterm>
532
533<screen role="root" revision="sysv"><userinput>make install-bind</userinput></screen>
534<screen role="root" revision="systemd"><userinput>make install-named</userinput></screen>
535
536 <para>
537 Now start <application>BIND</application> with the following command:
538 </para>
539
540<screen role="root" revision="sysv"><userinput>/etc/rc.d/init.d/bind start</userinput></screen>
541<screen role="root" revision="systemd"><userinput>systemctl start named</userinput></screen>
542
543 </sect3>
544
545 <sect3>
546 <title>Testing BIND</title>
547
548 <para>
549 Test out the new <application>BIND</application> 9 installation.
550 First query the local host address with <command>dig</command>:
551 </para>
552
553<screen><userinput>dig -x 127.0.0.1</userinput></screen>
554
555 <para>
556 Now try an external name lookup, taking note of the speed
557 difference in repeated lookups due to the caching. Run the
558 <command>dig</command> command twice on the same address:
559 </para>
560
561<screen><userinput>dig www.&lfs-domainname; &amp;&amp;
562dig www.&lfs-domainname;</userinput></screen>
563
564 <para>
565 You can see almost instantaneous results with the named caching
566 lookups. Consult the <application>BIND</application> Administrator
567 Reference Manual located at
568 <ulink url="https://bind9.readthedocs.io/en/v9_16/"/>
569 for further configuration options.
570 </para>
571
572 </sect3>
573
574 </sect2>
575
576 <sect2 role="content">
577 <title>Contents</title>
578
579 <segmentedlist>
580 <segtitle>Installed Programs</segtitle>
581 <segtitle>Installed Libraries</segtitle>
582 <segtitle>Installed Directories</segtitle>
583
584 <seglistitem>
585
586 <seg>arpaname, <!--bind9-config hardlinked to isc-config.sh,-->
587 ddns-confgen, delv, dig, dnssec-cds, dnssec-checkds, dnssec-coverage,
588 dnssec-dsfromkey, dnssec-importkey, dnssec-keyfromlabel, dnssec-keygen,
589 dnssec-keymgr, dnssec-revoke, dnssec-settime, dnssec-signzone,
590 dnssec-verify, host, mdig, named, named-checkconf,
591 named-checkzone, named-compilezone (symlink), named-journalprint,
592 named-nzd2nzf, named-rrchecker, nsec3hash, nslookup, nsupdate, rndc,
593 rndc-confgen, and tsig-keygen (symlink)</seg>
594
595 <seg>libbind9.so, libdns.so, libirs.so, libisc.so, libisccc.so,
596 libisccfg.so, and libns.so</seg>
597
598 <seg>/usr/include/{bind9,dns,dst,irs,isc,isccc,isccfg,ns,pk11,pkcs11},
599 /usr/lib/named, /usr/lib/python&python3-majorver;/site-packages/isc,
600 and /srv/named</seg>
601 </seglistitem>
602 </segmentedlist>
603
604 <variablelist>
605 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
606 <?dbfo list-presentation="list"?>
607 <?dbhtml list-presentation="table"?>
608
609 <varlistentry id="arpaname">
610 <term><command>arpaname</command></term>
611 <listitem>
612 <para>
613 translates IP addresses to the corresponding ARPA names
614 </para>
615 <indexterm zone="bind arpaname">
616 <primary sortas="b-arpaname">arpaname</primary>
617 </indexterm>
618 </listitem>
619 </varlistentry>
620
621<!-- Not present as of 9.16.5
622 <varlistentry id="bind9-config">
623 <term><command>bind9-config</command></term>
624 <listitem>
625 <para>
626 is hardlinked to <command>isc-config.sh</command>.
627 </para>
628 <indexterm zone="bind bind9-config">
629 <primary sortas="b-bind9-config">bind9-config</primary>
630 </indexterm>
631 </listitem>
632 </varlistentry>
633-->
634
635 <varlistentry id="ddns-confgen">
636 <term><command>ddns-confgen</command></term>
637 <listitem>
638 <para>
639 generates a key for use by nsupdate and named
640 </para>
641 <indexterm zone="bind ddns-confgen">
642 <primary sortas="b-ddns-confgen">ddns-confgen</primary>
643 </indexterm>
644 </listitem>
645 </varlistentry>
646
647 <varlistentry id="delv">
648 <term><command>delv</command></term>
649 <listitem>
650 <para>
651 is a new debugging tool that is a successor to
652 <command>dig</command>
653 </para>
654 <indexterm zone="bind delv">
655 <primary sortas="b-delv">delv</primary>
656 </indexterm>
657 </listitem>
658 </varlistentry>
659
660 <varlistentry id="dig">
661 <term><command>dig</command></term>
662 <listitem>
663 <para>
664 interrogates DNS servers
665 </para>
666 <indexterm zone="bind dig">
667 <primary sortas="b-dig">dig</primary>
668 </indexterm>
669 </listitem>
670 </varlistentry>
671
672 <varlistentry id="dnssec-cds">
673 <term><command>dnssec-cds</command></term>
674 <listitem>
675 <para>
676 changes DS records for a child zone based on
677 CDS/CDNSKEY
678 </para>
679 <indexterm zone="bind dnssec-cds">
680 <primary sortas="b-dnssec-cds">dnssec-cds</primary>
681 </indexterm>
682 </listitem>
683 </varlistentry>
684
685 <varlistentry id="dnssec-checkds">
686 <term><command>dnssec-checkds</command></term>
687 <listitem>
688 <para>
689 is a DNSSEC delegation consistency checking tool
690 </para>
691 <indexterm zone="bind dnssec-checkds">
692 <primary sortas="b-dnssec-checkds">dnssec-checkds</primary>
693 </indexterm>
694 </listitem>
695 </varlistentry>
696
697 <varlistentry id="dnssec-coverage">
698 <term><command>dnssec-coverage</command></term>
699 <listitem>
700 <para>
701 verifies that the DNSSEC keys for a given zone or a set of zones
702 have timing metadata set properly to ensure no future lapses
703 in DNSSEC coverage
704 </para>
705 <indexterm zone="bind dnssec-coverage">
706 <primary sortas="b-dnssec-coverage">dnssec-coverage</primary>
707 </indexterm>
708 </listitem>
709 </varlistentry>
710
711 <varlistentry id="dnssec-dsfromkey">
712 <term><command>dnssec-dsfromkey</command></term>
713 <listitem>
714 <para>
715 outputs the Delegation Signer (DS) resource record (RR)
716 </para>
717 <indexterm zone="bind dnssec-dsfromkey">
718 <primary sortas="b-dnssec-dsfromkey">dnssec-dsfromkey</primary>
719 </indexterm>
720 </listitem>
721 </varlistentry>
722
723 <varlistentry id="dnssec-importkey">
724 <term><command>dnssec-importkey</command></term>
725 <listitem>
726 <para>
727 reads a public DNSKEY record and generates a pair of
728 .key/.private files
729 </para>
730 <indexterm zone="bind dnssec-importkey">
731 <primary sortas="b-dnssec-importkey">dnssec-importkey</primary>
732 </indexterm>
733 </listitem>
734 </varlistentry>
735
736 <varlistentry id="dnssec-keyfromlabel">
737 <term><command>dnssec-keyfromlabel</command></term>
738 <listitem>
739 <para>
740 gets keys with the given label from a cryptography hardware device
741 and builds key files for DNSSEC
742 </para>
743 <indexterm zone="bind dnssec-keyfromlabel">
744 <primary sortas="b-dnssec-keyfromlabel">dnssec-keyfromlabel</primary>
745 </indexterm>
746 </listitem>
747 </varlistentry>
748
749 <varlistentry id="dnssec-keygen">
750 <term><command>dnssec-keygen</command></term>
751 <listitem>
752 <para>
753 is a key generator for secure DNS
754 </para>
755 <indexterm zone="bind dnssec-keygen">
756 <primary sortas="b-dnssec-keygen">dnssec-keygen</primary>
757 </indexterm>
758 </listitem>
759 </varlistentry>
760
761 <varlistentry id="dnssec-keymgr">
762 <term><command>dnssec-keymgr</command></term>
763 <listitem>
764 <para>
765 ensures correct DNSKEY coverage based on a defined policy
766 </para>
767 <indexterm zone="bind dnssec-keymgr">
768 <primary sortas="b-dnssec-keymgr">dnssec-keymgr</primary>
769 </indexterm>
770 </listitem>
771 </varlistentry>
772
773 <varlistentry id="dnssec-revoke">
774 <term><command>dnssec-revoke</command></term>
775 <listitem>
776 <para>
777 sets the REVOKED bit on a DNSSEC key
778 </para>
779 <indexterm zone="bind dnssec-revoke">
780 <primary sortas="b-dnssec-revoke">dnssec-revoke</primary>
781 </indexterm>
782 </listitem>
783 </varlistentry>
784
785 <varlistentry id="dnssec-settime">
786 <term><command>dnssec-settime</command></term>
787 <listitem>
788 <para>
789 sets the key timing metadata for a DNSSEC key
790 </para>
791 <indexterm zone="bind dnssec-settime">
792 <primary sortas="b-dnssec-settime">dnssec-settime</primary>
793 </indexterm>
794 </listitem>
795 </varlistentry>
796
797 <varlistentry id="dnssec-signzone">
798 <term><command>dnssec-signzone</command></term>
799 <listitem>
800 <para>
801 generates signed versions of zone files
802 </para>
803 <indexterm zone="bind dnssec-signzone">
804 <primary sortas="b-dnssec-signzone">dnssec-signzone</primary>
805 </indexterm>
806 </listitem>
807 </varlistentry>
808
809 <varlistentry id="dnssec-verify">
810 <term><command>dnssec-verify</command></term>
811 <listitem>
812 <para>
813 verifies that a zone is fully signed for each algorithm found
814 in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
815 chains are complete
816 </para>
817 <indexterm zone="bind dnssec-verify">
818 <primary sortas="b-dnssec-verify">dnssec-verify</primary>
819 </indexterm>
820 </listitem>
821 </varlistentry>
822
823<!-- No longer present with 9.16.5
824 <varlistentry id="genrandom">
825 <term><command>genrandom</command></term>
826 <listitem>
827 <para>
828 generates a file containing random data.
829 </para>
830 <indexterm zone="bind genrandom">
831 <primary sortas="b-genrandom">genrandom</primary>
832 </indexterm>
833 </listitem>
834 </varlistentry>
835-->
836
837 <varlistentry id="host">
838 <term><command>host</command></term>
839 <listitem>
840 <para>
841 is a utility for DNS lookups
842 </para>
843 <indexterm zone="bind host">
844 <primary sortas="b-host">host</primary>
845 </indexterm>
846 </listitem>
847 </varlistentry>
848
849 <!-- No longer present with 9.16.5
850 <varlistentry id="isc-config.sh">
851 <term><command>isc-config.sh</command></term>
852 <listitem>
853 <para>
854 prints information related to the installed version of ISC BIND.
855 </para>
856 <indexterm zone="bind isc-config.sh">
857 <primary sortas="b-isc-config.sh">isc-config.sh</primary>
858 </indexterm>
859 </listitem>
860 </varlistentry>
861
862 <varlistentry id="isc-hmac-fixup">
863 <term><command>isc-hmac-fixup</command></term>
864 <listitem>
865 <para>
866 fixes HMAC keys generated by older versions of BIND.
867 </para>
868 <indexterm zone="bind isc-hmac-fixup">
869 <primary sortas="b-isc-hmac-fixup">isc-hmac-fixup</primary>
870 </indexterm>
871 </listitem>
872 </varlistentry>
873
874 <varlistentry id="lwresd">
875 <term><command>lwresd</command></term>
876 <listitem>
877 <para>
878 is a caching-only name server for local process use.
879 </para>
880 <indexterm zone="bind lwresd">
881 <primary sortas="b-lwresd">lwresd</primary>
882 </indexterm>
883 </listitem>
884 </varlistentry>
885-->
886
887 <varlistentry id="mdig">
888 <term><command>mdig</command></term>
889 <listitem>
890 <para>
891 is a version of dig that allows multiple queries at once
892 </para>
893 <indexterm zone="bind mdig">
894 <primary sortas="b-mdig">mdig</primary>
895 </indexterm>
896 </listitem>
897 </varlistentry>
898
899 <varlistentry id="named">
900 <term><command>named</command></term>
901 <listitem>
902 <para>
903 is the name server daemon
904 </para>
905 <indexterm zone="bind named">
906 <primary sortas="b-named">named</primary>
907 </indexterm>
908 </listitem>
909 </varlistentry>
910
911 <varlistentry id="named-checkconf">
912 <term><command>named-checkconf</command></term>
913 <listitem>
914 <para>
915 checks the syntax of <filename>named.conf</filename>
916 files
917 </para>
918 <indexterm zone="bind named-checkconf">
919 <primary sortas="b-named-checkconf">named-checkconf</primary>
920 </indexterm>
921 </listitem>
922 </varlistentry>
923
924 <varlistentry id="named-checkzone">
925 <term><command>named-checkzone</command></term>
926 <listitem>
927 <para>
928 checks zone file validity
929 </para>
930 <indexterm zone="bind named-checkzone">
931 <primary sortas="b-named-checkzone">named-checkzone</primary>
932 </indexterm>
933 </listitem>
934 </varlistentry>
935
936 <varlistentry id="named-compilezone">
937 <term><command>named-compilezone</command></term>
938 <listitem>
939 <para>
940 is similar to <command>named-checkzone</command>, but it always
941 dumps the zone contents to a specified file in a specified format
942 </para>
943 <indexterm zone="bind named-compilezone">
944 <primary sortas="b-named-compilezone">named-compilezone</primary>
945 </indexterm>
946 </listitem>
947 </varlistentry>
948
949 <varlistentry id="named-journalprint">
950 <term><command>named-journalprint</command></term>
951 <listitem>
952 <para>
953 prints the zone journal in human-readable form
954 </para>
955 <indexterm zone="bind named-journalprint">
956 <primary sortas="b-named-journalprint">named-journalprint</primary>
957 </indexterm>
958 </listitem>
959 </varlistentry>
960
961 <varlistentry id="named-rrchecker">
962 <term><command>named-rrchecker</command></term>
963 <listitem>
964 <para>
965 reads an individual DNS resource record from standard input and
966 checks if it is syntactically correct
967 </para>
968 <indexterm zone="bind named-rrchecker">
969 <primary sortas="b-named-rrchecker">named-rrchecker</primary>
970 </indexterm>
971 </listitem>
972 </varlistentry>
973
974 <varlistentry id="named-nzd2nzf">
975 <term><command>named-nzd2nzf</command></term>
976 <listitem>
977 <para>
978 converts an NZD database to NZF text format
979 </para>
980 <indexterm zone="bind named-nzd2nzf">
981 <primary sortas="b-named-nzd2nzf">named-nzd2nzf</primary>
982 </indexterm>
983 </listitem>
984 </varlistentry>
985
986 <varlistentry id="nsec3hash">
987 <term><command>nsec3hash</command></term>
988 <listitem>
989 <para>
990 generates an NSEC3 hash based on a set of NSEC3 parameters
991 </para>
992 <indexterm zone="bind nsec3hash">
993 <primary sortas="b-nsec3hash">nsec3hash</primary>
994 </indexterm>
995 </listitem>
996 </varlistentry>
997
998 <varlistentry id="nslookup">
999 <term><command>nslookup</command></term>
1000 <listitem>
1001 <para>
1002 is a program used to query Internet domain nameservers
1003 </para>
1004 <indexterm zone="bind nslookup">
1005 <primary sortas="b-nslookup">nslookup</primary>
1006 </indexterm>
1007 </listitem>
1008 </varlistentry>
1009
1010 <varlistentry id="nsupdate">
1011 <term><command>nsupdate</command></term>
1012 <listitem>
1013 <para>
1014 is used to submit DNS update requests
1015 </para>
1016 <indexterm zone="bind nsupdate">
1017 <primary sortas="b-nsupdate">nsupdate</primary>
1018 </indexterm>
1019 </listitem>
1020 </varlistentry>
1021
1022 <varlistentry id="rndc">
1023 <term><command>rndc</command></term>
1024 <listitem>
1025 <para>
1026 controls the operation of <application>BIND</application>
1027 </para>
1028 <indexterm zone="bind rndc">
1029 <primary sortas="b-rndc">rndc</primary>
1030 </indexterm>
1031 </listitem>
1032 </varlistentry>
1033
1034 <varlistentry id="rndc-confgen">
1035 <term><command>rndc-confgen</command></term>
1036 <listitem>
1037 <para>
1038 generates <filename>rndc.conf</filename> files
1039 </para>
1040 <indexterm zone="bind rndc-confgen">
1041 <primary sortas="b-rndc-confgen">rndc-confgen</primary>
1042 </indexterm>
1043 </listitem>
1044 </varlistentry>
1045
1046 <varlistentry id="tsig-keygen">
1047 <term><command>tsig-keygen</command></term>
1048 <listitem>
1049 <para>
1050 is a symlink to <command>ddns-confgen</command>
1051 </para>
1052 <indexterm zone="bind tsig-keygen">
1053 <primary sortas="b-tsig-keygen">tsig-keygen</primary>
1054 </indexterm>
1055 </listitem>
1056 </varlistentry>
1057
1058 </variablelist>
1059
1060 </sect2>
1061
1062</sect1>
Note: See TracBrowser for help on using the repository browser.