source: server/major/bind.xml@ af0874b

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since af0874b was af0874b, checked in by Thomas Trepl <thomas@…>, 4 years ago

Upgrade bind-9.16.2

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@23006 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 34.1 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY bind-download-http " ">
8 <!ENTITY bind-download-ftp "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.xz">
9 <!ENTITY bind-md5sum "2f65f53ad0eab3701138332282b9b526">
10 <!ENTITY bind-size "4.3 MB">
11 <!ENTITY bind-buildsize "103 MB (25 MB installed)">
12 <!ENTITY bind-time "0.9 SBU (with parallelism=4; add 34+ minutes, processor independent, to run the complete test suite)">
13]>
14
15<sect1 id="bind" xreflabel="BIND-&bind-version;">
16 <?dbhtml filename="bind.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>BIND-&bind-version;</title>
24
25 <indexterm zone="bind">
26 <primary sortas="a-BIND">BIND</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to BIND</title>
31
32 <para>
33 The <application>BIND</application> package provides a DNS server
34 and client utilities. If you are only interested in the utilities, refer
35 to the <xref linkend="bind-utils"/>.
36 </para>
37
38 &lfs91_checked;
39
40 <bridgehead renderas="sect3">Package Information</bridgehead>
41 <itemizedlist spacing="compact">
42 <listitem>
43 <para>
44 Download (HTTP): <ulink url="&bind-download-http;"/>
45 </para>
46 </listitem>
47 <listitem>
48 <para>
49 Download (FTP): <ulink url="&bind-download-ftp;"/>
50 </para>
51 </listitem>
52 <listitem>
53 <para>
54 Download MD5 sum: &bind-md5sum;
55 </para>
56 </listitem>
57 <listitem>
58 <para>
59 Download size: &bind-size;
60 </para>
61 </listitem>
62 <listitem>
63 <para>
64 Estimated disk space required: &bind-buildsize;
65 </para>
66 </listitem>
67 <listitem>
68 <para>
69 Estimated build time: &bind-time;
70 </para>
71 </listitem>
72 </itemizedlist>
73<!--
74 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
75 <itemizedlist spacing='compact'>
76 <listitem>
77 <para>
78 Optional patch (if net-tools is not installed): <ulink
79 url="&patch-root;/bind-&bind-version;-use_iproute2-1.patch"/>
80 </para>
81 </listitem>
82 </itemizedlist>
83-->
84 <bridgehead renderas="sect3">BIND Dependencies</bridgehead>
85
86 <bridgehead renderas="sect4">Required</bridgehead>
87 <para role="required">
88 <xref linkend="libuv"/>
89 </para>
90
91 <bridgehead renderas="sect4">Recommended</bridgehead>
92 <para role="optional">
93 <xref linkend="libcap-pam"/>
94 </para>
95
96 <bridgehead renderas="sect4">Optional</bridgehead>
97 <para role="optional">
98 <xref linkend="libidn2"/>,
99 <xref linkend="libxml2"/>,
100 <xref linkend="mitkrb"/>,
101 <ulink url="https://cmocka.org/">cmocka</ulink>, and
102 <ulink url='https://github.com/cjheath/geoip'>geoip</ulink>
103 </para>
104
105 <bridgehead renderas="sect4">Optional database backends</bridgehead>
106 <para role="optional">
107 <xref linkend="db"/>,
108 <xref linkend="mariadb"/> or <ulink url="http://www.mysql.com/">MySQL</ulink>,
109 <xref linkend="openldap"/>,
110 <xref linkend="postgresql"/>, and
111 <xref linkend="unixodbc"/>
112 </para>
113
114 <bridgehead renderas="sect4">Optional (to run the test suite)</bridgehead>
115 <para role="optional">
116 <xref linkend="perl-net-dns"/>
117<!-- and
118 <xref linkend="net-tools"/> (you may omit net-tools by using the optional
119 patch to utilize iproute2, but the IPv6 tests will fail)
120-->
121 </para>
122
123 <bridgehead renderas="sect4">Optional (to rebuild the documentation)</bridgehead>
124 <para role="optional">
125 <xref linkend="doxygen"/>,
126 <xref linkend="libxslt"/>, and
127 <xref linkend="texlive"/> (or <xref linkend="tl-installer"/>)
128 </para>
129
130 <para condition="html" role="usernotes">User Notes:
131 <ulink url="&blfs-wiki;/bind"/></para>
132
133 </sect2>
134
135 <sect2 role="installation">
136 <title>Installation of BIND</title>
137<!--
138 <para>
139 If you have chosen not to install net-tools, apply the iproute2
140 patch with the following command:
141 </para>
142
143<screen><userinput>patch -Np1 -i ../bind-&bind-version;-use_iproute2-1.patch</userinput></screen>
144-->
145
146 <para>
147 To ensure <application>BIND</application> will build dnssec-keymgr,
148 install a python module as the <systemitem
149 class="username">root</systemitem> user:
150 </para>
151
152<screen role="root"><userinput>pip3 install ply</userinput></screen>
153
154 <para>
155 Install <application>BIND</application> by running the
156 following commands:
157 </para>
158
159<screen><userinput>./configure --prefix=/usr \
160 --sysconfdir=/etc \
161 --localstatedir=/var \
162 --mandir=/usr/share/man \
163 --with-libtool \
164 --disable-static &amp;&amp;
165make</userinput></screen>
166
167 <para>
168 Issue the following commands to run the complete suite of tests.
169 First, as the <systemitem class="username">root</systemitem> user, set up
170 some test interfaces:
171 </para>
172
173 <note>
174 <para>
175 If IPv6 is not enabled in the kernel, there will be several
176 error messages: "RTNETLINK answers: Operation not permitted". These
177 messages do not affect the tests.
178 </para>
179 </note>
180
181<screen role="root"
182 remap="test"><userinput>bin/tests/system/ifconfig.sh up</userinput></screen>
183
184 <para>
185 The test suite may indicate some skipped tests depending on
186 what configuration options are used. Some tests are marked
187 <quote>UNTESTED</quote> if <xref linkend="perl-net-dns"/> is not
188 installed. To run the tests, as an unprivileged user, execute:
189 </para>
190
191<screen remap="test"><userinput>make -k check</userinput></screen>
192
193 <para>
194 Again as <systemitem class="username">root</systemitem>, clean up the
195 test interfaces:
196 </para>
197
198<screen role="root"
199 remap="test"><userinput>bin/tests/system/ifconfig.sh down</userinput></screen>
200
201 <para>
202 Finally, install the package as the <systemitem
203 class="username">root</systemitem> user:
204 </para>
205
206<screen role="root"><userinput>make install &amp;&amp;
207
208install -v -m755 -d /usr/share/doc/bind-&bind-version;/arm &amp;&amp;
209install -v -m644 doc/arm/*.html \
210 /usr/share/doc/bind-&bind-version;/arm</userinput></screen>
211 </sect2>
212
213<!-- Documentation is an issue - make doc fails - some docbook problem
214install -v -m644 doc/misc/{dnssec,ipv6,migrat*,options,rfc-compliance,roadmap,sdb} \
215 /usr/share/doc/bind-&bind-version;/misc</userinput></screen>
216-->
217
218 <sect2 role="commands">
219 <title>Command Explanations</title>
220
221 <para>
222 <parameter>--sysconfdir=/etc</parameter>: This parameter forces
223 <application>BIND</application> to look for configuration
224 files in <filename class='directory'>/etc</filename> instead of
225 <filename class='directory'>/usr/etc</filename>.
226 </para>
227
228 <!-- No longer available as of 9.14.2
229 <para>
230 <parameter>- -enable-threads</parameter>: This parameter enables
231 multi-threading capability.
232 </para>
233 -->
234
235 <para>
236 <parameter>--with-libtool</parameter>: This parameter forces the
237 building of dynamic libraries and links the installed binaries to these
238 libraries.
239 </para>
240
241 <para>
242 <option>--with-libidn2</option>: This parameter enables
243 the IDNA2008 (Internationalized Domain Names in Applications)
244 support.
245 </para>
246
247<!-- no longer available
248 <para>
249 <parameter>- -with-randomdev=/dev/urandom</parameter>: This parameter
250 specifes a non-blocking random device for use with digital signatures.
251 </para>
252-->
253 <para>
254 <option>--enable-fetchlimit</option>: Use this option if you want
255 to be able to limit the rate of recursive client queries. This may be
256 useful on servers which receive a large number of queries.
257 </para>
258
259 <para>
260 <option>--disable-linux-caps</option>: BIND can also be built without
261 capability support by using this option, at the cost of some loss of
262 security.
263 </para>
264
265 <para>
266 <option>--with-dlz-{mysql,bdb,filesystem,ldap,odbc,stub}</option>: Use
267 one (or more) of those options to add Dynamically Loadable Zones support.
268 For more information refer to <ulink
269 url="http://bind-dlz.sourceforge.net/">bind-dlz.sourceforge.net</ulink>.
270 </para>
271
272 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
273 href="../../xincludes/static-libraries.xml"/>
274
275 <para>
276 <command>cd doc; install ...</command>: These commands install
277 additional package documentation. Omit any or all of these commands if
278 desired.
279 </para>
280 </sect2>
281
282 <sect2 role="configuration">
283 <title>Configuring BIND</title>
284
285 <sect3 id="bind-config">
286 <title>Config files</title>
287
288 <para>
289 <filename>named.conf</filename>,
290 <filename>root.hints</filename>,
291 <filename>127.0.0</filename>,
292 <filename>rndc.conf</filename>, and
293 <filename>resolv.conf</filename>
294 </para>
295
296 <indexterm zone="bind bind-config">
297 <primary sortas="e-etc-named.conf">/etc/named.conf</primary>
298 </indexterm>
299
300 <indexterm zone="bind bind-config">
301 <primary sortas="e-etc-rndc.conf">/etc/rndc.conf</primary>
302 </indexterm>
303
304 <indexterm zone="bind bind-config">
305 <primary sortas="e-etc-resolv.conf">/etc/resolv.conf</primary>
306 </indexterm>
307
308 <indexterm zone="bind bind-config">
309 <primary
310 sortas="e-etc-namedb-root.hints">/etc/namedb/root.hints</primary>
311 </indexterm>
312
313 <indexterm zone="bind bind-config">
314 <primary
315 sortas="e-etc-namedb-pz-127.0.0.0">/etc/namedb/pz/127.0.0.0</primary>
316 </indexterm>
317 </sect3>
318
319 <sect3>
320 <title>Configuration Information</title>
321
322 <para>
323 <application>BIND</application> will be configured to run in a
324 <command>chroot</command> jail as an unprivileged user (<systemitem
325 class="username">named</systemitem>). This configuration is more secure
326 in that a DNS compromise can only affect a few files in the <systemitem
327 class="username">named</systemitem> user's <envar>HOME</envar>
328 directory.
329 </para>
330
331 <para>
332 Create the unprivileged user and group <systemitem
333 class="username">named</systemitem>:
334 </para>
335
336<screen role="root"><userinput>groupadd -g 20 named &amp;&amp;
337useradd -c "BIND Owner" -g named -s /bin/false -u 20 named &amp;&amp;
338install -d -m770 -o named -g named /srv/named</userinput></screen>
339
340 <para>
341 Set up some files, directories and devices needed by
342 <application>BIND</application>:
343 </para>
344
345<screen role="root"><userinput>mkdir -p /srv/named &amp;&amp;
346cd /srv/named &amp;&amp;
347mkdir -p dev etc/named/{slave,pz} usr/lib/engines var/run/named &amp;&amp;
348mknod /srv/named/dev/null c 1 3 &amp;&amp;
349mknod /srv/named/dev/urandom c 1 9 &amp;&amp;
350chmod 666 /srv/named/dev/{null,urandom} &amp;&amp;
351cp /etc/localtime etc</userinput></screen>
352
353 <para>
354 The <filename>rndc.conf</filename> file contains information for
355 controlling <command>named</command> operations with the
356 <command>rndc</command> utility. Generate a key for use in the
357 <filename>named.conf</filename> and <filename>rdnc.conf</filename>
358 with the <command>rndc-confgen</command> command:
359 </para>
360
361<screen role="root"><userinput>rndc-confgen -a -b 512 -t /srv/named</userinput></screen>
362
363 <para>
364 Complete the <filename>named.conf</filename> file from which
365 <command>named</command> will read the location of zone files, root
366 name servers and secure DNS keys:
367 </para>
368
369<screen role="root"><?dbfo keep-together="auto"?><userinput>cat &gt;&gt; /srv/named/etc/named.conf &lt;&lt; "EOF"
370<literal>options {
371 directory "/etc/named";
372 pid-file "/var/run/named.pid";
373 statistics-file "/var/run/named.stats";
374
375};
376zone "." {
377 type hint;
378 file "root.hints";
379};
380zone "0.0.127.in-addr.arpa" {
381 type master;
382 file "pz/127.0.0";
383};
384
385// Bind 9 now logs by default through syslog (except debug).
386// These are the default logging rules.
387
388logging {
389 category default { default_syslog; default_debug; };
390 category unmatched { null; };
391
392 channel default_syslog {
393 syslog daemon; // send to syslog's daemon
394 // facility
395 severity info; // only send priority info
396 // and higher
397 };
398
399 channel default_debug {
400 file "named.run"; // write to named.run in
401 // the working directory
402 // Note: stderr is used instead
403 // of "named.run"
404 // if the server is started
405 // with the '-f' option.
406 severity dynamic; // log at the server's
407 // current debug level
408 };
409
410 channel default_stderr {
411 stderr; // writes to stderr
412 severity info; // only send priority info
413 // and higher
414 };
415
416 channel null {
417 null; // toss anything sent to
418 // this channel
419 };
420};</literal>
421EOF</userinput></screen>
422
423 <para>
424 Create a zone file with the following contents:
425 </para>
426
427<screen role="root"><userinput>cat &gt; /srv/named/etc/named/pz/127.0.0 &lt;&lt; "EOF"
428<literal>$TTL 3D
429@ IN SOA ns.local.domain. hostmaster.local.domain. (
430 1 ; Serial
431 8H ; Refresh
432 2H ; Retry
433 4W ; Expire
434 1D) ; Minimum TTL
435 NS ns.local.domain.
4361 PTR localhost.</literal>
437EOF</userinput></screen>
438
439 <para>
440 Create the <filename>root.hints</filename> file with the following
441 commands:
442 </para>
443
444 <note>
445 <para>
446 Caution must be used to ensure there are no leading spaces in
447 this file.
448 </para>
449 </note>
450
451<screen role="root"><userinput>cat &gt; /srv/named/etc/named/root.hints &lt;&lt; "EOF"
452<literal>. 6D IN NS A.ROOT-SERVERS.NET.
453. 6D IN NS B.ROOT-SERVERS.NET.
454. 6D IN NS C.ROOT-SERVERS.NET.
455. 6D IN NS D.ROOT-SERVERS.NET.
456. 6D IN NS E.ROOT-SERVERS.NET.
457. 6D IN NS F.ROOT-SERVERS.NET.
458. 6D IN NS G.ROOT-SERVERS.NET.
459. 6D IN NS H.ROOT-SERVERS.NET.
460. 6D IN NS I.ROOT-SERVERS.NET.
461. 6D IN NS J.ROOT-SERVERS.NET.
462. 6D IN NS K.ROOT-SERVERS.NET.
463. 6D IN NS L.ROOT-SERVERS.NET.
464. 6D IN NS M.ROOT-SERVERS.NET.
465A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
466A.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:ba3e::2:30
467B.ROOT-SERVERS.NET. 6D IN A 192.228.79.201
468B.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:200::b
469C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
470C.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2::c
471D.ROOT-SERVERS.NET. 6D IN A 199.7.91.13
472D.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2d::d
473E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
474E.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:a8::e
475F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
476F.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2f::f
477G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
478G.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:12::d0d
479H.ROOT-SERVERS.NET. 6D IN A 198.97.190.53
480H.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:1::53
481I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
482I.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fe::53
483J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30
484J.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:c27::2:30
485K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129
486K.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fd::1
487L.ROOT-SERVERS.NET. 6D IN A 199.7.83.42
488L.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:9f::42
489M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33
490M.ROOT-SERVERS.NET. 6D IN AAAA 2001:dc3::35</literal>
491EOF</userinput></screen>
492
493 <para>
494 The <filename>root.hints</filename> file is a list of root name
495 servers. This file must be updated periodically with the
496 <command>dig</command> utility. A current copy of root.hints can be
497 obtained from <ulink url="ftp://rs.internic.net/domain/named.root" />.
498 For details, consult the "BIND 9 Administrator Reference Manual",
499 included in every source archive of BIND 9 distributed by ISC, in HTML
500 and PDF formats, also available at <ulink
501 url="ftp://ftp.isc.org/isc/bind9/cur/&bind-minor-version;/doc/arm/Bv9ARM.html">
502 BIND 9 Administrator Reference Manual</ulink>.
503 </para>
504
505 <para>
506 Create or modify <filename>resolv.conf</filename> to use the new
507 name server with the following commands:
508 </para>
509
510 <note>
511 <para>
512 Replace <replaceable>&lt;yourdomain.com&gt;</replaceable> with
513 your own valid domain name.
514 </para>
515 </note>
516
517<screen role="root"><userinput>cp /etc/resolv.conf /etc/resolv.conf.bak &amp;&amp;
518cat &gt; /etc/resolv.conf &lt;&lt; "EOF"
519<literal>search <replaceable>&lt;yourdomain.com&gt;</replaceable>
520nameserver 127.0.0.1</literal>
521EOF</userinput></screen>
522
523 <para>
524 Set permissions on the <command>chroot</command> jail with the
525 following command:
526 </para>
527
528<screen role="root"><userinput>chown -R named:named /srv/named</userinput></screen>
529
530 </sect3>
531
532 <sect3 id="bind-init">
533 <title><phrase revision="sysv">Boot Script</phrase>
534 <phrase revision="systemd">Systemd Unit</phrase></title>
535
536 <para>
537 To start the DNS server at boot, install the
538 <phrase revision="sysv"><filename>/etc/rc.d/init.d/bind</filename> init
539 script</phrase>
540 <phrase revision="systemd"><filename>named.service</filename>
541 unit</phrase> included in the
542 <xref linkend="bootscripts" revision="sysv"/>
543 <xref linkend="systemd-units" revision="systemd"/> package:
544 </para>
545
546 <indexterm zone="bind bind-init">
547 <primary sortas="f-bind">bind</primary>
548 </indexterm>
549
550<screen role="root" revision="sysv"><userinput>make install-bind</userinput></screen>
551<screen role="root" revision="systemd"><userinput>make install-named</userinput></screen>
552
553 <para>
554 Now start <application>BIND</application> with the following command:
555 </para>
556
557<screen role="root" revision="sysv"><userinput>/etc/rc.d/init.d/bind start</userinput></screen>
558<screen role="root" revision="systemd"><userinput>systemctl start named</userinput></screen>
559
560 </sect3>
561
562 <sect3>
563 <title>Testing BIND</title>
564
565 <para>
566 Test out the new <application>BIND</application> 9 installation.
567 First query the local host address with <command>dig</command>:
568 </para>
569
570<screen><userinput>dig -x 127.0.0.1</userinput></screen>
571
572 <para>
573 Now try an external name lookup, taking note of the speed
574 difference in repeated lookups due to the caching. Run the
575 <command>dig</command> command twice on the same address:
576 </para>
577
578<screen><userinput>dig www.&lfs-domainname; &amp;&amp;
579dig www.&lfs-domainname;</userinput></screen>
580
581 <para>
582 You can see almost instantaneous results with the named caching
583 lookups. Consult the <application>BIND</application> Administrator
584 Reference Manual located at <filename>doc/arm/Bv9ARM.html</filename>
585 in the package source tree, for further configuration options.
586 </para>
587
588 </sect3>
589
590 </sect2>
591
592 <sect2 role="content">
593 <title>Contents</title>
594
595 <segmentedlist>
596 <segtitle>Installed Programs</segtitle>
597 <segtitle>Installed Libraries</segtitle>
598 <segtitle>Installed Directories</segtitle>
599
600 <seglistitem>
601
602 <seg>arpaname, bind9-config hardlinked to isc-config.sh, ddns-confgen,
603 delv, dig, dnssec-dsfromkey,
604 dnssec-importkey, dnssec-keyfromlabel, dnssec-keygen, dnssec-revoke,
605 dnssec-settime, dnssec-signzone, dnssec-verify, genrandom, host,
606 isc-hmac-fixup, lwresd hardlinked to named, named-checkconf,
607 named-checkzone, named-compilezone (symlink), named-journalprint,
608 named-rrchecker, nsec3hash, nslookup, nsupdate, rndc, rndc-confgen,
609 and tsig-keygen (symlink)</seg>
610
611 <seg>libbind9.so, libdns.so, libirs.so, libisc.so, libisccc.so,
612 libisccfg.so, and liblwres.so</seg>
613
614 <seg>/usr/include/{bind9,dns,dst,irs,isc,isccc,isccfg,lwres,pk11,pkcs11},
615 /usr/share/doc/bind-&bind-version; and /srv/named</seg>
616 </seglistitem>
617 </segmentedlist>
618
619 <variablelist>
620 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
621 <?dbfo list-presentation="list"?>
622 <?dbhtml list-presentation="table"?>
623
624 <varlistentry id="arpaname">
625 <term><command>arpaname</command></term>
626 <listitem>
627 <para>
628 translates IP addresses to the corresponding ARPA names.
629 </para>
630 <indexterm zone="bind arpaname">
631 <primary sortas="b-arpaname">arpaname</primary>
632 </indexterm>
633 </listitem>
634 </varlistentry>
635
636 <varlistentry id="bind9-config">
637 <term><command>bind9-config</command></term>
638 <listitem>
639 <para>
640 is hardlinked to <command>isc-config.sh</command>.
641 </para>
642 <indexterm zone="bind bind9-config">
643 <primary sortas="b-bind9-config">bind9-config</primary>
644 </indexterm>
645 </listitem>
646 </varlistentry>
647
648 <varlistentry id="ddns-confgen">
649 <term><command>ddns-confgen</command></term>
650 <listitem>
651 <para>
652 generates a key for use by nsupdate and named.
653 </para>
654 <indexterm zone="bind ddns-confgen">
655 <primary sortas="b-ddns-confgen">ddns-confgen</primary>
656 </indexterm>
657 </listitem>
658 </varlistentry>
659
660 <varlistentry id="delv">
661 <term><command>delv</command></term>
662 <listitem>
663 <para>
664 is a new debugging tool that is a successor to
665 <command>dig</command>.
666 </para>
667 <indexterm zone="bind delv">
668 <primary sortas="b-delv">delv</primary>
669 </indexterm>
670 </listitem>
671 </varlistentry>
672
673 <varlistentry id="dig">
674 <term><command>dig</command></term>
675 <listitem>
676 <para>
677 interrogates DNS servers.
678 </para>
679 <indexterm zone="bind dig">
680 <primary sortas="b-dig">dig</primary>
681 </indexterm>
682 </listitem>
683 </varlistentry>
684<!--
685 <varlistentry id="dnssec-checkds">
686 <term><command>dnssec-checkds</command></term>
687 <listitem>
688 <para>
689 is a DNSSEC delegation consistency checking tool.
690 </para>
691 <indexterm zone="bind dnssec-checkds">
692 <primary sortas="b-dnssec-checkds">dnssec-checkds</primary>
693 </indexterm>
694 </listitem>
695 </varlistentry>
696
697 <varlistentry id="dnssec-coverage">
698 <term><command>dnssec-coverage</command></term>
699 <listitem>
700 <para>
701 verifies that the DNSSEC keys for a given zone or a set of zones
702 have timing metadata set properly to ensure no future lapses
703 in DNSSEC coverage.
704 </para>
705 <indexterm zone="bind dnssec-coverage">
706 <primary sortas="b-dnssec-coverage">dnssec-coverage</primary>
707 </indexterm>
708 </listitem>
709 </varlistentry>-->
710
711 <varlistentry id="dnssec-dsfromkey">
712 <term><command>dnssec-dsfromkey</command></term>
713 <listitem>
714 <para>
715 outputs the Delegation Signer (DS) resource record (RR).
716 </para>
717 <indexterm zone="bind dnssec-dsfromkey">
718 <primary sortas="b-dnssec-dsfromkey">dnssec-dsfromkey</primary>
719 </indexterm>
720 </listitem>
721 </varlistentry>
722
723 <varlistentry id="dnssec-importkey">
724 <term><command>dnssec-importkey</command></term>
725 <listitem>
726 <para>
727 reads a public DNSKEY record and generates a pair of
728 .key/.private files.
729 </para>
730 <indexterm zone="bind dnssec-importkey">
731 <primary sortas="b-dnssec-importkey">dnssec-importkey</primary>
732 </indexterm>
733 </listitem>
734 </varlistentry>
735
736 <varlistentry id="dnssec-keyfromlabel">
737 <term><command>dnssec-keyfromlabel</command></term>
738 <listitem>
739 <para>
740 gets keys with the given label from a crypto hardware and builds
741 key files for DNSSEC.
742 </para>
743 <indexterm zone="bind dnssec-keyfromlabel">
744 <primary sortas="b-dnssec-keyfromlabel">dnssec-keyfromlabel</primary>
745 </indexterm>
746 </listitem>
747 </varlistentry>
748
749 <varlistentry id="dnssec-keygen">
750 <term><command>dnssec-keygen</command></term>
751 <listitem>
752 <para>
753 is a key generator for secure DNS.
754 </para>
755 <indexterm zone="bind dnssec-keygen">
756 <primary sortas="b-dnssec-keygen">dnssec-keygen</primary>
757 </indexterm>
758 </listitem>
759 </varlistentry>
760
761 <varlistentry id="dnssec-revoke">
762 <term><command>dnssec-revoke</command></term>
763 <listitem>
764 <para>
765 sets the REVOKED bit on a DNSSEC key.
766 </para>
767 <indexterm zone="bind dnssec-revoke">
768 <primary sortas="b-dnssec-revoke">dnssec-revoke</primary>
769 </indexterm>
770 </listitem>
771 </varlistentry>
772
773 <varlistentry id="dnssec-settime">
774 <term><command>dnssec-settime</command></term>
775 <listitem>
776 <para>
777 sets the key timing metadata for a DNSSEC key.
778 </para>
779 <indexterm zone="bind dnssec-settime">
780 <primary sortas="b-dnssec-settime">dnssec-settime</primary>
781 </indexterm>
782 </listitem>
783 </varlistentry>
784
785 <varlistentry id="dnssec-signzone">
786 <term><command>dnssec-signzone</command></term>
787 <listitem>
788 <para>
789 generates signed versions of zone files.
790 </para>
791 <indexterm zone="bind dnssec-signzone">
792 <primary sortas="b-dnssec-signzone">dnssec-signzone</primary>
793 </indexterm>
794 </listitem>
795 </varlistentry>
796
797 <varlistentry id="dnssec-verify">
798 <term><command>dnssec-verify</command></term>
799 <listitem>
800 <para>
801 verifies that a zone is fully signed for each algorithm found
802 in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
803 chains are complete.
804 </para>
805 <indexterm zone="bind dnssec-verify">
806 <primary sortas="b-dnssec-verify">dnssec-verify</primary>
807 </indexterm>
808 </listitem>
809 </varlistentry>
810
811 <varlistentry id="genrandom">
812 <term><command>genrandom</command></term>
813 <listitem>
814 <para>
815 generates a file containing random data.
816 </para>
817 <indexterm zone="bind genrandom">
818 <primary sortas="b-genrandom">genrandom</primary>
819 </indexterm>
820 </listitem>
821 </varlistentry>
822
823 <varlistentry id="host">
824 <term><command>host</command></term>
825 <listitem>
826 <para>
827 is a utility for DNS lookups.
828 </para>
829 <indexterm zone="bind host">
830 <primary sortas="b-host">host</primary>
831 </indexterm>
832 </listitem>
833 </varlistentry>
834
835 <varlistentry id="isc-config.sh">
836 <term><command>isc-config.sh</command></term>
837 <listitem>
838 <para>
839 prints information related to the installed version of ISC BIND.
840 </para>
841 <indexterm zone="bind isc-config.sh">
842 <primary sortas="b-isc-config.sh">isc-config.sh</primary>
843 </indexterm>
844 </listitem>
845 </varlistentry>
846
847 <varlistentry id="isc-hmac-fixup">
848 <term><command>isc-hmac-fixup</command></term>
849 <listitem>
850 <para>
851 fixes HMAC keys generated by older versions of BIND.
852 </para>
853 <indexterm zone="bind isc-hmac-fixup">
854 <primary sortas="b-isc-hmac-fixup">isc-hmac-fixup</primary>
855 </indexterm>
856 </listitem>
857 </varlistentry>
858
859 <varlistentry id="lwresd">
860 <term><command>lwresd</command></term>
861 <listitem>
862 <para>
863 is a caching-only name server for local process use.
864 </para>
865 <indexterm zone="bind lwresd">
866 <primary sortas="b-lwresd">lwresd</primary>
867 </indexterm>
868 </listitem>
869 </varlistentry>
870
871 <varlistentry id="named">
872 <term><command>named</command></term>
873 <listitem>
874 <para>
875 is the name server daemon.
876 </para>
877 <indexterm zone="bind named">
878 <primary sortas="b-named">named</primary>
879 </indexterm>
880 </listitem>
881 </varlistentry>
882
883 <varlistentry id="named-checkconf">
884 <term><command>named-checkconf</command></term>
885 <listitem>
886 <para>
887 checks the syntax of <filename>named.conf</filename>
888 files.
889 </para>
890 <indexterm zone="bind named-checkconf">
891 <primary sortas="b-named-checkconf">named-checkconf</primary>
892 </indexterm>
893 </listitem>
894 </varlistentry>
895
896 <varlistentry id="named-checkzone">
897 <term><command>named-checkzone</command></term>
898 <listitem>
899 <para>
900 checks zone file validity.
901 </para>
902 <indexterm zone="bind named-checkzone">
903 <primary sortas="b-named-checkzone">named-checkzone</primary>
904 </indexterm>
905 </listitem>
906 </varlistentry>
907
908 <varlistentry id="named-compilezone">
909 <term><command>named-compilezone</command></term>
910 <listitem>
911 <para>
912 is similar to <command>named-checkzone</command>, but it always
913 dumps the zone contents to a specified file in a specified format.
914 </para>
915 <indexterm zone="bind named-compilezone">
916 <primary sortas="b-named-compilezone">named-compilezone</primary>
917 </indexterm>
918 </listitem>
919 </varlistentry>
920
921 <varlistentry id="named-journalprint">
922 <term><command>named-journalprint</command></term>
923 <listitem>
924 <para>
925 prints the zone journal in human-readable form.
926 </para>
927 <indexterm zone="bind named-journalprint">
928 <primary sortas="b-named-journalprint">named-journalprint</primary>
929 </indexterm>
930 </listitem>
931 </varlistentry>
932
933 <varlistentry id="named-rrchecker">
934 <term><command>named-rrchecker</command></term>
935 <listitem>
936 <para>
937 reads an individual DNS resource record from standard input and
938 checks if it is syntactically correct.
939 </para>
940 <indexterm zone="bind named-rrchecker">
941 <primary sortas="b-named-rrchecker">named-rrchecker</primary>
942 </indexterm>
943 </listitem>
944 </varlistentry>
945
946 <varlistentry id="nsec3hash">
947 <term><command>nsec3hash</command></term>
948 <listitem>
949 <para>
950 generates an NSEC3 hash based on a set of NSEC3 parameters.
951 </para>
952 <indexterm zone="bind nsec3hash">
953 <primary sortas="b-nsec3hash">nsec3hash</primary>
954 </indexterm>
955 </listitem>
956 </varlistentry>
957
958 <varlistentry id="nslookup">
959 <term><command>nslookup</command></term>
960 <listitem>
961 <para>
962 is a program used to query Internet domain nameservers.
963 </para>
964 <indexterm zone="bind nslookup">
965 <primary sortas="b-nslookup">nslookup</primary>
966 </indexterm>
967 </listitem>
968 </varlistentry>
969
970 <varlistentry id="nsupdate">
971 <term><command>nsupdate</command></term>
972 <listitem>
973 <para>
974 is used to submit DNS update requests.
975 </para>
976 <indexterm zone="bind nsupdate">
977 <primary sortas="b-nsupdate">nsupdate</primary>
978 </indexterm>
979 </listitem>
980 </varlistentry>
981
982 <varlistentry id="rndc">
983 <term><command>rndc</command></term>
984 <listitem>
985 <para>
986 controls the operation of <application>BIND</application>.
987 </para>
988 <indexterm zone="bind rndc">
989 <primary sortas="b-rndc">rndc</primary>
990 </indexterm>
991 </listitem>
992 </varlistentry>
993
994 <varlistentry id="rndc-confgen">
995 <term><command>rndc-confgen</command></term>
996 <listitem>
997 <para>
998 generates <filename>rndc.conf</filename> files.
999 </para>
1000 <indexterm zone="bind rndc-confgen">
1001 <primary sortas="b-rndc-confgen">rndc-confgen</primary>
1002 </indexterm>
1003 </listitem>
1004 </varlistentry>
1005
1006 <varlistentry id="tsig-keygen">
1007 <term><command>tsig-keygen</command></term>
1008 <listitem>
1009 <para>
1010 is a symlink to <command>ddns-confgen</command>.
1011 </para>
1012 <indexterm zone="bind tsig-keygen">
1013 <primary sortas="b-tsig-keygen">tsig-keygen</primary>
1014 </indexterm>
1015 </listitem>
1016 </varlistentry>
1017
1018 </variablelist>
1019
1020 </sect2>
1021
1022</sect1>
Note: See TracBrowser for help on using the repository browser.