Context Navigation

source: server/major/bind.xml@ b8007e8e

Visit:

11.3 12.0 12.1 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk xry111/llvm18 xry111/xf86-video-removal

Last change on this file since b8007e8e was b8007e8e, checked in by Bruce Dubbs <bdubbs@…>, 19 months ago
Update to bind-9.18.7.
Property mode set to `100644`
File size: 36.2 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY bind-download-http "https://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.xz">
8	<!ENTITY bind-download-ftp "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.xz">
9	<!ENTITY bind-md5sum "50424bcd9c2c1a84ac32b400bc70cf3a">
10	<!ENTITY bind-size "5.4 MB">
11	<!ENTITY bind-buildsize "138 MB (26 MB installed)"><!-- differs much from prev maybe because of docs? -->
12	<!ENTITY bind-time "0.4 SBU (with parallelism=4; about 20 SBU somewhat processor independent, to run the complete test suite)">
13	]>
14
15	<sect1 id="bind" xreflabel="BIND-&bind-version;">
16	<?dbhtml filename="bind.html"?>
17
18	<sect1info>
19	<date>$Date$</date>
20	</sect1info>
21
22	<title>BIND-&bind-version;</title>
23
24	<indexterm zone="bind">
25	<primary sortas="a-BIND">BIND</primary>
26	</indexterm>
27
28	<sect2 role="package">
29	<title>Introduction to BIND</title>
30
31	<para>
32	The <application>BIND</application> package provides a DNS server
33	and client utilities. If you are only interested in the utilities, refer
34	to the <xref linkend="bind-utils"/>.
35	</para>
36
37	&lfs112_checked;
38
39	<bridgehead renderas="sect3">Package Information</bridgehead>
40	<itemizedlist spacing="compact">
41	<listitem>
42	<para>
43	Download (HTTP): <ulink url="&bind-download-http;"/>
44	</para>
45	</listitem>
46	<listitem>
47	<para>
48	Download (FTP): <ulink url="&bind-download-ftp;"/>
49	</para>
50	</listitem>
51	<listitem>
52	<para>
53	Download MD5 sum: &bind-md5sum;
54	</para>
55	</listitem>
56	<listitem>
57	<para>
58	Download size: &bind-size;
59	</para>
60	</listitem>
61	<listitem>
62	<para>
63	Estimated disk space required: &bind-buildsize;
64	</para>
65	</listitem>
66	<listitem>
67	<para>
68	Estimated build time: &bind-time;
69	</para>
70	</listitem>
71	</itemizedlist>
72	<!--
73	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
74	<itemizedlist spacing="compact">
75	<listitem>
76	<para>
77	Required patch:
78	<ulink url="&patch-root;/bind-&bind-version;-upstream_fixes-1.patch"/>
79	</para>
80	</listitem>
81	</itemizedlist>
82	-->
83	<bridgehead renderas="sect3">BIND Dependencies</bridgehead>
84
85	<bridgehead renderas="sect4">Required</bridgehead>
86	<para role="required">
87	<xref linkend="libuv"/>
88	</para>
89
90	<bridgehead renderas="sect4">Recommended</bridgehead>
91	<para role="recommended">
92	<xref linkend="json-c"/> and
93	<xref linkend="libcap-pam"/>
94	</para>
95
96	<bridgehead renderas="sect4">Optional</bridgehead>
97	<para role="optional">
98	<xref linkend="curl"/>,
99	<xref linkend="libidn2"/>,
100	<xref linkend="libxml2"/>,
101	<xref linkend="lmdb"/>,
102	<xref linkend="mitkrb"/>,
103	<ulink url="https://cmocka.org/">cmocka</ulink>,
104	<ulink url="https://github.com/cjheath/geoip">geoip</ulink>,
105	<ulink url="https://docs.pytest.org/en/stable/">pytest</ulink>,
106	<ulink url="https://pypi.python.org/pypi/Sphinx">Sphinx</ulink> (required to build documentation), and
107	<ulink url="&w3m-url;">w3m</ulink>
108	</para>
109
110	<bridgehead renderas="sect4">Optional database backends</bridgehead>
111	<para role="optional">
112	<xref linkend="db"/>,
113	<xref linkend="mariadb"/> or <ulink url="https://www.mysql.com/">MySQL</ulink>,
114	<xref linkend="openldap"/>,
115	<xref linkend="postgresql"/>, and
116	<xref linkend="unixodbc"/>
117	</para>
118
119	<bridgehead renderas="sect4">Optional (to run the test suite)</bridgehead>
120	<para role="optional">
121	<xref linkend="perl-net-dns"/>
122	</para>
123
124	<!-- docs are now all sphinx based
125	<bridgehead renderas="sect4">Optional (to rebuild the documentation)</bridgehead>
126	<para role="optional">
127	<xref linkend="doxygen"/>,
128	<xref linkend="libxslt"/>, and
129	<xref linkend="texlive"/> (or <xref linkend="tl-installer"/>)
130	</para>
131	-->
132
133	<para condition="html" role="usernotes">User Notes:
134	<ulink url="&blfs-wiki;/bind"/></para>
135
136	</sect2>
137
138	<sect2 role="installation">
139	<title>Installation of BIND</title>
140
141	<!--
142	<para>
143	To ensure <application>BIND</application> will build dnssec-keymgr,
144	install a python module as the <systemitem
145	class="username">root</systemitem> user:
146	</para>
147
148	<screen role="root"><userinput>pip3 install ply</userinput></screen>
149	-->
150
151	<para>
152	Install <application>BIND</application> by running the
153	following commands:
154	</para>
155
156	<screen><userinput>./configure --prefix=/usr \
157	--sysconfdir=/etc \
158	--localstatedir=/var \
159	--mandir=/usr/share/man \
160	--disable-static &&
161	make</userinput></screen>
162
163	<para>
164	Issue the following commands to run the complete suite of tests.
165	First, as the <systemitem class="username">root</systemitem> user, set up
166	some test interfaces:
167	</para>
168
169	<note>
170	<para>
171	If IPv6 is not enabled in the kernel, there will be several
172	error messages: "RTNETLINK answers: Operation not permitted". These
173	messages do not affect the tests.
174	</para>
175	</note>
176
177	<screen role="root"
178	remap="test"><userinput>bin/tests/system/ifconfig.sh up</userinput></screen>
179
180	<para>
181	The test suite may indicate some skipped tests depending on
182	what configuration options are used. Some tests are marked
183	<quote>UNTESTED</quote> or does even fail if <xref linkend="perl-net-dns"/>
184	is not installed. <!--One test, <quote>CPU</quote>, is known to fail.-->
185	To run the tests, as an unprivileged user, execute:
186	</para>
187
188	<screen remap="test"><userinput>make -k check</userinput></screen>
189
190	<para>
191	Again as <systemitem class="username">root</systemitem>, clean up the
192	test interfaces:
193	</para>
194
195	<screen role="root"
196	remap="test"><userinput>bin/tests/system/ifconfig.sh down</userinput></screen>
197
198	<para>
199	Finally, install the package as the <systemitem
200	class="username">root</systemitem> user:
201	</para>
202
203	<!-- Documentation is an issue - The docs are now all in .rst format and appear
204	to be sphinx based. install source .rst files for now...
205
206	leave docs untouched as they does only use disk space when not
207	used to recreate the docs via Sphinx. I've added a note regarding
208	the documentation. (thomas)
209
210	<screen role="root"><userinput>make install &&
211
212	install -vdm 755 /usr/share/doc/bind-&bind-version;/{arm,dnssec-guide} &&
213	install doc/arm/* /usr/share/doc/bind-&bind-version;/arm &&
214	install doc/dnssec-guide/* /usr/share/doc/bind-&bind-version;/dnssec-guide</userinput></screen>
215	-->
216	<screen role="root"><userinput>make install</userinput></screen>
217
218	</sect2>
219
220	<sect2 role="commands">
221	<title>Command Explanations</title>
222
223	<para>
224	<parameter>--sysconfdir=/etc</parameter>: This parameter forces
225	<application>BIND</application> to look for configuration
226	files in <filename class='directory'>/etc</filename> instead of
227	<filename class='directory'>/usr/etc</filename>.
228	</para>
229
230	<!-- Seems to be removed in 9.18.0
231	<para>
232	<parameter>- -with-libtool</parameter>: This parameter forces the
233	building of dynamic libraries and links the installed binaries to these
234	libraries.
235	</para>
236	-->
237
238	<para>
239	<option>--with-libidn2</option>: This parameter enables
240	the IDNA2008 (Internationalized Domain Names in Applications)
241	support.
242	</para>
243
244	<para>
245	<option>--enable-fetchlimit</option>: Use this option if you want
246	to be able to limit the rate of recursive client queries. This may be
247	useful on servers which receive a large number of queries.
248	</para>
249
250	<para>
251	<option>--disable-linux-caps</option>: BIND can also be built without
252	capability support by using this option, at the cost of some loss of
253	security.
254	</para>
255
256	<para>
257	<option>--with-dlz-{mysql,bdb,filesystem,ldap,odbc,stub}</option>: Use
258	one (or more) of those options to add Dynamically Loadable Zones support.
259	For more information refer to <ulink
260	url="http://bind-dlz.sourceforge.net/">bind-dlz.sourceforge.net</ulink>.
261	</para>
262
263	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
264	href="../../xincludes/static-libraries.xml"/>
265
266	</sect2>
267
268	<sect2 role="configuration">
269	<title>Configuring BIND</title>
270
271	<sect3 id="bind-config">
272	<title>Config files</title>
273
274	<para>
275	<filename>named.conf</filename>,
276	<filename>root.hints</filename>,
277	<filename>127.0.0</filename>,
278	<filename>rndc.conf</filename>, and
279	<filename>resolv.conf</filename>
280	</para>
281
282	<indexterm zone="bind bind-config">
283	<primary sortas="e-etc-named.conf">/etc/named.conf</primary>
284	</indexterm>
285
286	<indexterm zone="bind bind-config">
287	<primary sortas="e-etc-rndc.conf">/etc/rndc.conf</primary>
288	</indexterm>
289
290	<indexterm zone="bind bind-config">
291	<primary sortas="e-etc-resolv.conf">/etc/resolv.conf</primary>
292	</indexterm>
293
294	<indexterm zone="bind bind-config">
295	<primary
296	sortas="e-etc-namedb-root.hints">/etc/namedb/root.hints</primary>
297	</indexterm>
298
299	<indexterm zone="bind bind-config">
300	<primary
301	sortas="e-etc-namedb-pz-127.0.0.0">/etc/namedb/pz/127.0.0.0</primary>
302	</indexterm>
303	</sect3>
304
305	<sect3>
306	<title>Configuration Information</title>
307
308	<para>
309	<application>BIND</application> will be configured to run in a
310	<command>chroot</command> jail as an unprivileged user (<systemitem
311	class="username">named</systemitem>). This configuration is more secure
312	in that a DNS compromise can only affect a few files in the <systemitem
313	class="username">named</systemitem> user's <envar>HOME</envar>
314	directory.
315	</para>
316
317	<para>
318	Create the unprivileged user and group <systemitem
319	class="username">named</systemitem>:
320	</para>
321
322	<screen role="root"><userinput>groupadd -g 20 named &&
323	useradd -c "BIND Owner" -g named -s /bin/false -u 20 named &&
324	install -d -m770 -o named -g named /srv/named</userinput></screen>
325
326	<para>
327	Set up some files, directories and devices needed by
328	<application>BIND</application>:
329	</para>
330
331	<screen role="root"><userinput>mkdir -p /srv/named &&
332	cd /srv/named &&
333	mkdir -p dev etc/named/{slave,pz} usr/lib/engines var/run/named &&
334	mknod /srv/named/dev/null c 1 3 &&
335	mknod /srv/named/dev/urandom c 1 9 &&
336	chmod 666 /srv/named/dev/{null,urandom} &&
337	cp /etc/localtime etc</userinput></screen>
338
339	<para>
340	The <filename>rndc.conf</filename> file contains information for
341	controlling <command>named</command> operations with the
342	<command>rndc</command> utility. Generate a key for use in the
343	<filename>named.conf</filename> and <filename>rndc.conf</filename>
344	with the <command>rndc-confgen</command> command:
345	</para>
346
347	<screen role="root"><userinput>rndc-confgen -a -b 512 -t /srv/named</userinput></screen>
348
349	<para>
350	Complete the <filename>named.conf</filename> file from which
351	<command>named</command> will read the location of zone files, root
352	name servers and secure DNS keys:
353	</para>
354
355	<screen role="root"><?dbfo keep-together="auto"?><userinput>cat >> /srv/named/etc/named.conf << "EOF"
356	<literal>options {
357	directory "/etc/named";
358	pid-file "/var/run/named.pid";
359	statistics-file "/var/run/named.stats";
360
361	};
362	zone "." {
363	type hint;
364	file "root.hints";
365	};
366	zone "0.0.127.in-addr.arpa" {
367	type master;
368	file "pz/127.0.0";
369	};
370
371	// Bind 9 now logs by default through syslog (except debug).
372	// These are the default logging rules.
373
374	logging {
375	category default { default_syslog; default_debug; };
376	category unmatched { null; };
377
378	channel default_syslog {
379	syslog daemon; // send to syslog's daemon
380	// facility
381	severity info; // only send priority info
382	// and higher
383	};
384
385	channel default_debug {
386	file "named.run"; // write to named.run in
387	// the working directory
388	// Note: stderr is used instead
389	// of "named.run"
390	// if the server is started
391	// with the '-f' option.
392	severity dynamic; // log at the server's
393	// current debug level
394	};
395
396	channel default_stderr {
397	stderr; // writes to stderr
398	severity info; // only send priority info
399	// and higher
400	};
401
402	channel null {
403	null; // toss anything sent to
404	// this channel
405	};
406	};</literal>
407	EOF</userinput></screen>
408
409	<para>
410	Create a zone file with the following contents:
411	</para>
412
413	<screen role="root"><userinput>cat > /srv/named/etc/named/pz/127.0.0 << "EOF"
414	<literal>$TTL 3D
415	@ IN SOA ns.local.domain. hostmaster.local.domain. (
416	1 ; Serial
417	8H ; Refresh
418	2H ; Retry
419	4W ; Expire
420	1D) ; Minimum TTL
421	NS ns.local.domain.
422	1 PTR localhost.</literal>
423	EOF</userinput></screen>
424
425	<para>
426	Create the <filename>root.hints</filename> file with the following
427	commands:
428	</para>
429
430	<note>
431	<para>
432	Caution must be used to ensure there are no leading spaces in
433	this file.
434	</para>
435	</note>
436
437	<screen role="root"><userinput>cat > /srv/named/etc/named/root.hints << "EOF"
438	<literal>. 6D IN NS A.ROOT-SERVERS.NET.
439	. 6D IN NS B.ROOT-SERVERS.NET.
440	. 6D IN NS C.ROOT-SERVERS.NET.
441	. 6D IN NS D.ROOT-SERVERS.NET.
442	. 6D IN NS E.ROOT-SERVERS.NET.
443	. 6D IN NS F.ROOT-SERVERS.NET.
444	. 6D IN NS G.ROOT-SERVERS.NET.
445	. 6D IN NS H.ROOT-SERVERS.NET.
446	. 6D IN NS I.ROOT-SERVERS.NET.
447	. 6D IN NS J.ROOT-SERVERS.NET.
448	. 6D IN NS K.ROOT-SERVERS.NET.
449	. 6D IN NS L.ROOT-SERVERS.NET.
450	. 6D IN NS M.ROOT-SERVERS.NET.
451	A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
452	A.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:ba3e::2:30
453	B.ROOT-SERVERS.NET. 6D IN A 192.228.79.201
454	B.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:200::b
455	C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
456	C.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2::c
457	D.ROOT-SERVERS.NET. 6D IN A 199.7.91.13
458	D.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2d::d
459	E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
460	E.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:a8::e
461	F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
462	F.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2f::f
463	G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
464	G.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:12::d0d
465	H.ROOT-SERVERS.NET. 6D IN A 198.97.190.53
466	H.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:1::53
467	I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
468	I.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fe::53
469	J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30
470	J.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:c27::2:30
471	K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129
472	K.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fd::1
473	L.ROOT-SERVERS.NET. 6D IN A 199.7.83.42
474	L.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:9f::42
475	M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33
476	M.ROOT-SERVERS.NET. 6D IN AAAA 2001:dc3::35</literal>
477	EOF</userinput></screen>
478
479	<para>
480	The <filename>root.hints</filename> file is a list of root name
481	servers. This file must be updated periodically with the
482	<command>dig</command> utility. A current copy of root.hints can be
483	obtained from <ulink url="https://www.internic.net/domain/named.root"/>.
484	For details, consult the "BIND 9 Administrator Reference Manual".
485	</para>
486
487	<para>
488	Create or modify <filename>resolv.conf</filename> to use the new
489	name server with the following commands:
490	</para>
491
492	<note>
493	<para>
494	Replace <replaceable><yourdomain.com></replaceable> with
495	your own valid domain name.
496	</para>
497	</note>
498
499	<screen role="root"><userinput>cp /etc/resolv.conf /etc/resolv.conf.bak &&
500	cat > /etc/resolv.conf << "EOF"
501	<literal>search <replaceable><yourdomain.com></replaceable>
502	nameserver 127.0.0.1</literal>
503	EOF</userinput></screen>
504
505	<para>
506	Set permissions on the <command>chroot</command> jail with the
507	following command:
508	</para>
509
510	<screen role="root"><userinput>chown -R named:named /srv/named</userinput></screen>
511
512	</sect3>
513
514	<sect3 id="bind-init">
515	<title><phrase revision="sysv">Boot Script</phrase>
516	<phrase revision="systemd">Systemd Unit</phrase></title>
517
518	<para>
519	To start the DNS server at boot, install the
520	<phrase revision="sysv"><filename>/etc/rc.d/init.d/bind</filename> init
521	script</phrase>
522	<phrase revision="systemd"><filename>named.service</filename>
523	unit</phrase> included in the
524	<xref linkend="bootscripts" revision="sysv"/>
525	<xref linkend="systemd-units" revision="systemd"/> package:
526	</para>
527
528	<indexterm zone="bind bind-init">
529	<primary sortas="f-bind">bind</primary>
530	</indexterm>
531
532	<screen role="root" revision="sysv"><userinput>make install-bind</userinput></screen>
533	<screen role="root" revision="systemd"><userinput>make install-named</userinput></screen>
534
535	<para>
536	Now start <application>BIND</application> with the following command:
537	</para>
538
539	<screen role="root" revision="sysv"><userinput>/etc/rc.d/init.d/bind start</userinput></screen>
540	<screen role="root" revision="systemd"><userinput>systemctl start named</userinput></screen>
541
542	</sect3>
543
544	<sect3>
545	<title>Testing BIND</title>
546
547	<para>
548	Test out the new <application>BIND</application> 9 installation.
549	First query the local host address with <command>dig</command>:
550	</para>
551
552	<screen><userinput>dig -x 127.0.0.1</userinput></screen>
553
554	<para>
555	Now try an external name lookup, taking note of the speed
556	difference in repeated lookups due to the caching. Run the
557	<command>dig</command> command twice on the same address:
558	</para>
559
560	<screen><userinput>dig www.&lfs-domainname; &&
561	dig www.&lfs-domainname;</userinput></screen>
562
563	<para>
564	You can see almost instantaneous results with the named caching
565	lookups. Consult the <application>BIND</application> Administrator
566	Reference Manual (see below) for further configuration options.
567	</para>
568
569	</sect3>
570
571	</sect2>
572
573	<sect2>
574	<title>Administrator Reference Manual (ARM)</title>
575
576	<para>
577	The ARM documentation (do not confuse with the processor architecture)
578	is included in the source package. The documentation is in .rst
579	format which means, it can be converted in human readable formats
580	if <ulink url="https://www.sphinx-doc.org/">Sphinx</ulink> is
581	installed. As time of writing, sphinx is not included in
582	the BLFS book and therefore, the instructions above do not
583	install the docs.
584	</para>
585
586	<para>
587	When <application>BIND</application> is set up, especially when
588	to operate in a real live scenario, it is <emphasis>highly</emphasis>
589	recommended to consult the ARM documentation. ISC provides an
590	updated set of excellent documentation along with every release
591	so it can be easily be viewed and/or downloaded - so there is
592	no excuse to not read the docs. The formats ISC provides are PDF,
593	epub and html at <ulink url="https://downloads.isc.org/isc/bind9/&bind-version;/doc/arm/"/>.
594	</para>
595	</sect2>
596
597	<sect2 role="content">
598	<title>Contents</title>
599
600	<segmentedlist>
601	<segtitle>Installed Programs</segtitle>
602	<segtitle>Installed Libraries</segtitle>
603	<segtitle>Installed Directories</segtitle>
604
605	<seglistitem>
606
607	<seg>arpaname, <!--bind9-config hardlinked to isc-config.sh,-->
608	ddns-confgen, delv, dig, dnssec-cds, dnssec-checkds, dnssec-coverage,
609	dnssec-dsfromkey, dnssec-importkey, dnssec-keyfromlabel, dnssec-keygen,
610	dnssec-keymgr, dnssec-revoke, dnssec-settime, dnssec-signzone,
611	dnssec-verify, host, mdig, named, named-checkconf,
612	named-checkzone, named-compilezone (symlink), named-journalprint,
613	named-nzd2nzf, named-rrchecker, nsec3hash, nslookup, nsupdate, rndc,
614	rndc-confgen, and tsig-keygen (symlink)</seg>
615
616	<seg>libbind9.so, libdns.so, libirs.so, libisc.so, libisccc.so,
617	libisccfg.so, and libns.so</seg>
618
619	<seg>/usr/include/{bind9,dns,dst,irs,isc,isccc,isccfg,ns,pk11,pkcs11},
620	/usr/lib/named, /usr/lib/python&python3-majorver;/site-packages/isc,
621	and /srv/named</seg>
622	</seglistitem>
623	</segmentedlist>
624
625	<variablelist>
626	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
627	<?dbfo list-presentation="list"?>
628	<?dbhtml list-presentation="table"?>
629
630	<varlistentry id="arpaname">
631	<term><command>arpaname</command></term>
632	<listitem>
633	<para>
634	translates IP addresses to the corresponding ARPA names
635	</para>
636	<indexterm zone="bind arpaname">
637	<primary sortas="b-arpaname">arpaname</primary>
638	</indexterm>
639	</listitem>
640	</varlistentry>
641
642	<!-- Not present as of 9.16.5
643	<varlistentry id="bind9-config">
644	<term><command>bind9-config</command></term>
645	<listitem>
646	<para>
647	is hardlinked to <command>isc-config.sh</command>.
648	</para>
649	<indexterm zone="bind bind9-config">
650	<primary sortas="b-bind9-config">bind9-config</primary>
651	</indexterm>
652	</listitem>
653	</varlistentry>
654	-->
655
656	<varlistentry id="ddns-confgen">
657	<term><command>ddns-confgen</command></term>
658	<listitem>
659	<para>
660	generates a key for use by nsupdate and named
661	</para>
662	<indexterm zone="bind ddns-confgen">
663	<primary sortas="b-ddns-confgen">ddns-confgen</primary>
664	</indexterm>
665	</listitem>
666	</varlistentry>
667
668	<varlistentry id="delv">
669	<term><command>delv</command></term>
670	<listitem>
671	<para>
672	is a new debugging tool that is a successor to
673	<command>dig</command>
674	</para>
675	<indexterm zone="bind delv">
676	<primary sortas="b-delv">delv</primary>
677	</indexterm>
678	</listitem>
679	</varlistentry>
680
681	<varlistentry id="dig">
682	<term><command>dig</command></term>
683	<listitem>
684	<para>
685	interrogates DNS servers
686	</para>
687	<indexterm zone="bind dig">
688	<primary sortas="b-dig">dig</primary>
689	</indexterm>
690	</listitem>
691	</varlistentry>
692
693	<varlistentry id="dnssec-cds">
694	<term><command>dnssec-cds</command></term>
695	<listitem>
696	<para>
697	changes DS records for a child zone based on
698	CDS/CDNSKEY
699	</para>
700	<indexterm zone="bind dnssec-cds">
701	<primary sortas="b-dnssec-cds">dnssec-cds</primary>
702	</indexterm>
703	</listitem>
704	</varlistentry>
705
706	<varlistentry id="dnssec-checkds">
707	<term><command>dnssec-checkds</command></term>
708	<listitem>
709	<para>
710	is a DNSSEC delegation consistency checking tool
711	</para>
712	<indexterm zone="bind dnssec-checkds">
713	<primary sortas="b-dnssec-checkds">dnssec-checkds</primary>
714	</indexterm>
715	</listitem>
716	</varlistentry>
717
718	<varlistentry id="dnssec-coverage">
719	<term><command>dnssec-coverage</command></term>
720	<listitem>
721	<para>
722	verifies that the DNSSEC keys for a given zone or a set of zones
723	have timing metadata set properly to ensure no future lapses
724	in DNSSEC coverage
725	</para>
726	<indexterm zone="bind dnssec-coverage">
727	<primary sortas="b-dnssec-coverage">dnssec-coverage</primary>
728	</indexterm>
729	</listitem>
730	</varlistentry>
731
732	<varlistentry id="dnssec-dsfromkey">
733	<term><command>dnssec-dsfromkey</command></term>
734	<listitem>
735	<para>
736	outputs the Delegation Signer (DS) resource record (RR)
737	</para>
738	<indexterm zone="bind dnssec-dsfromkey">
739	<primary sortas="b-dnssec-dsfromkey">dnssec-dsfromkey</primary>
740	</indexterm>
741	</listitem>
742	</varlistentry>
743
744	<varlistentry id="dnssec-importkey">
745	<term><command>dnssec-importkey</command></term>
746	<listitem>
747	<para>
748	reads a public DNSKEY record and generates a pair of
749	.key/.private files
750	</para>
751	<indexterm zone="bind dnssec-importkey">
752	<primary sortas="b-dnssec-importkey">dnssec-importkey</primary>
753	</indexterm>
754	</listitem>
755	</varlistentry>
756
757	<varlistentry id="dnssec-keyfromlabel">
758	<term><command>dnssec-keyfromlabel</command></term>
759	<listitem>
760	<para>
761	gets keys with the given label from a cryptography hardware device
762	and builds key files for DNSSEC
763	</para>
764	<indexterm zone="bind dnssec-keyfromlabel">
765	<primary sortas="b-dnssec-keyfromlabel">dnssec-keyfromlabel</primary>
766	</indexterm>
767	</listitem>
768	</varlistentry>
769
770	<varlistentry id="dnssec-keygen">
771	<term><command>dnssec-keygen</command></term>
772	<listitem>
773	<para>
774	is a key generator for secure DNS
775	</para>
776	<indexterm zone="bind dnssec-keygen">
777	<primary sortas="b-dnssec-keygen">dnssec-keygen</primary>
778	</indexterm>
779	</listitem>
780	</varlistentry>
781
782	<varlistentry id="dnssec-keymgr">
783	<term><command>dnssec-keymgr</command></term>
784	<listitem>
785	<para>
786	ensures correct DNSKEY coverage based on a defined policy
787	</para>
788	<indexterm zone="bind dnssec-keymgr">
789	<primary sortas="b-dnssec-keymgr">dnssec-keymgr</primary>
790	</indexterm>
791	</listitem>
792	</varlistentry>
793
794	<varlistentry id="dnssec-revoke">
795	<term><command>dnssec-revoke</command></term>
796	<listitem>
797	<para>
798	sets the REVOKED bit on a DNSSEC key
799	</para>
800	<indexterm zone="bind dnssec-revoke">
801	<primary sortas="b-dnssec-revoke">dnssec-revoke</primary>
802	</indexterm>
803	</listitem>
804	</varlistentry>
805
806	<varlistentry id="dnssec-settime">
807	<term><command>dnssec-settime</command></term>
808	<listitem>
809	<para>
810	sets the key timing metadata for a DNSSEC key
811	</para>
812	<indexterm zone="bind dnssec-settime">
813	<primary sortas="b-dnssec-settime">dnssec-settime</primary>
814	</indexterm>
815	</listitem>
816	</varlistentry>
817
818	<varlistentry id="dnssec-signzone">
819	<term><command>dnssec-signzone</command></term>
820	<listitem>
821	<para>
822	generates signed versions of zone files
823	</para>
824	<indexterm zone="bind dnssec-signzone">
825	<primary sortas="b-dnssec-signzone">dnssec-signzone</primary>
826	</indexterm>
827	</listitem>
828	</varlistentry>
829
830	<varlistentry id="dnssec-verify">
831	<term><command>dnssec-verify</command></term>
832	<listitem>
833	<para>
834	verifies that a zone is fully signed for each algorithm found
835	in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
836	chains are complete
837	</para>
838	<indexterm zone="bind dnssec-verify">
839	<primary sortas="b-dnssec-verify">dnssec-verify</primary>
840	</indexterm>
841	</listitem>
842	</varlistentry>
843
844	<!-- No longer present with 9.16.5
845	<varlistentry id="genrandom">
846	<term><command>genrandom</command></term>
847	<listitem>
848	<para>
849	generates a file containing random data.
850	</para>
851	<indexterm zone="bind genrandom">
852	<primary sortas="b-genrandom">genrandom</primary>
853	</indexterm>
854	</listitem>
855	</varlistentry>
856	-->
857
858	<varlistentry id="host">
859	<term><command>host</command></term>
860	<listitem>
861	<para>
862	is a utility for DNS lookups
863	</para>
864	<indexterm zone="bind host">
865	<primary sortas="b-host">host</primary>
866	</indexterm>
867	</listitem>
868	</varlistentry>
869
870	<!-- No longer present with 9.16.5
871	<varlistentry id="isc-config.sh">
872	<term><command>isc-config.sh</command></term>
873	<listitem>
874	<para>
875	prints information related to the installed version of ISC BIND.
876	</para>
877	<indexterm zone="bind isc-config.sh">
878	<primary sortas="b-isc-config.sh">isc-config.sh</primary>
879	</indexterm>
880	</listitem>
881	</varlistentry>
882
883	<varlistentry id="isc-hmac-fixup">
884	<term><command>isc-hmac-fixup</command></term>
885	<listitem>
886	<para>
887	fixes HMAC keys generated by older versions of BIND.
888	</para>
889	<indexterm zone="bind isc-hmac-fixup">
890	<primary sortas="b-isc-hmac-fixup">isc-hmac-fixup</primary>
891	</indexterm>
892	</listitem>
893	</varlistentry>
894
895	<varlistentry id="lwresd">
896	<term><command>lwresd</command></term>
897	<listitem>
898	<para>
899	is a caching-only name server for local process use.
900	</para>
901	<indexterm zone="bind lwresd">
902	<primary sortas="b-lwresd">lwresd</primary>
903	</indexterm>
904	</listitem>
905	</varlistentry>
906	-->
907
908	<varlistentry id="mdig">
909	<term><command>mdig</command></term>
910	<listitem>
911	<para>
912	is a version of dig that allows multiple queries at once
913	</para>
914	<indexterm zone="bind mdig">
915	<primary sortas="b-mdig">mdig</primary>
916	</indexterm>
917	</listitem>
918	</varlistentry>
919
920	<varlistentry id="named">
921	<term><command>named</command></term>
922	<listitem>
923	<para>
924	is the name server daemon
925	</para>
926	<indexterm zone="bind named">
927	<primary sortas="b-named">named</primary>
928	</indexterm>
929	</listitem>
930	</varlistentry>
931
932	<varlistentry id="named-checkconf">
933	<term><command>named-checkconf</command></term>
934	<listitem>
935	<para>
936	checks the syntax of <filename>named.conf</filename>
937	files
938	</para>
939	<indexterm zone="bind named-checkconf">
940	<primary sortas="b-named-checkconf">named-checkconf</primary>
941	</indexterm>
942	</listitem>
943	</varlistentry>
944
945	<varlistentry id="named-checkzone">
946	<term><command>named-checkzone</command></term>
947	<listitem>
948	<para>
949	checks zone file validity
950	</para>
951	<indexterm zone="bind named-checkzone">
952	<primary sortas="b-named-checkzone">named-checkzone</primary>
953	</indexterm>
954	</listitem>
955	</varlistentry>
956
957	<varlistentry id="named-compilezone">
958	<term><command>named-compilezone</command></term>
959	<listitem>
960	<para>
961	is similar to <command>named-checkzone</command>, but it always
962	dumps the zone contents to a specified file in a specified format
963	</para>
964	<indexterm zone="bind named-compilezone">
965	<primary sortas="b-named-compilezone">named-compilezone</primary>
966	</indexterm>
967	</listitem>
968	</varlistentry>
969
970	<varlistentry id="named-journalprint">
971	<term><command>named-journalprint</command></term>
972	<listitem>
973	<para>
974	prints the zone journal in human-readable form
975	</para>
976	<indexterm zone="bind named-journalprint">
977	<primary sortas="b-named-journalprint">named-journalprint</primary>
978	</indexterm>
979	</listitem>
980	</varlistentry>
981
982	<varlistentry id="named-rrchecker">
983	<term><command>named-rrchecker</command></term>
984	<listitem>
985	<para>
986	reads an individual DNS resource record from standard input and
987	checks if it is syntactically correct
988	</para>
989	<indexterm zone="bind named-rrchecker">
990	<primary sortas="b-named-rrchecker">named-rrchecker</primary>
991	</indexterm>
992	</listitem>
993	</varlistentry>
994
995	<varlistentry id="named-nzd2nzf">
996	<term><command>named-nzd2nzf</command></term>
997	<listitem>
998	<para>
999	converts an NZD database to NZF text format
1000	</para>
1001	<indexterm zone="bind named-nzd2nzf">
1002	<primary sortas="b-named-nzd2nzf">named-nzd2nzf</primary>
1003	</indexterm>
1004	</listitem>
1005	</varlistentry>
1006
1007	<varlistentry id="nsec3hash">
1008	<term><command>nsec3hash</command></term>
1009	<listitem>
1010	<para>
1011	generates an NSEC3 hash based on a set of NSEC3 parameters
1012	</para>
1013	<indexterm zone="bind nsec3hash">
1014	<primary sortas="b-nsec3hash">nsec3hash</primary>
1015	</indexterm>
1016	</listitem>
1017	</varlistentry>
1018
1019	<varlistentry id="nslookup">
1020	<term><command>nslookup</command></term>
1021	<listitem>
1022	<para>
1023	is a program used to query Internet domain nameservers
1024	</para>
1025	<indexterm zone="bind nslookup">
1026	<primary sortas="b-nslookup">nslookup</primary>
1027	</indexterm>
1028	</listitem>
1029	</varlistentry>
1030
1031	<varlistentry id="nsupdate">
1032	<term><command>nsupdate</command></term>
1033	<listitem>
1034	<para>
1035	is used to submit DNS update requests
1036	</para>
1037	<indexterm zone="bind nsupdate">
1038	<primary sortas="b-nsupdate">nsupdate</primary>
1039	</indexterm>
1040	</listitem>
1041	</varlistentry>
1042
1043	<varlistentry id="rndc">
1044	<term><command>rndc</command></term>
1045	<listitem>
1046	<para>
1047	controls the operation of <application>BIND</application>
1048	</para>
1049	<indexterm zone="bind rndc">
1050	<primary sortas="b-rndc">rndc</primary>
1051	</indexterm>
1052	</listitem>
1053	</varlistentry>
1054
1055	<varlistentry id="rndc-confgen">
1056	<term><command>rndc-confgen</command></term>
1057	<listitem>
1058	<para>
1059	generates <filename>rndc.conf</filename> files
1060	</para>
1061	<indexterm zone="bind rndc-confgen">
1062	<primary sortas="b-rndc-confgen">rndc-confgen</primary>
1063	</indexterm>
1064	</listitem>
1065	</varlistentry>
1066
1067	<varlistentry id="tsig-keygen">
1068	<term><command>tsig-keygen</command></term>
1069	<listitem>
1070	<para>
1071	is a symlink to <command>ddns-confgen</command>
1072	</para>
1073	<indexterm zone="bind tsig-keygen">
1074	<primary sortas="b-tsig-keygen">tsig-keygen</primary>
1075	</indexterm>
1076	</listitem>
1077	</varlistentry>
1078
1079	</variablelist>
1080
1081	</sect2>
1082
1083	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: