Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Download
Standard view
Full view
of .
Look up keyword or section
Like this
0Activity

Table Of Contents

Introduction
1.1 Scope of Document
1.2 Organization of This Document
1.3 Conventions Used in This Document
1.4 The Domain Name System (DNS)
1.4.1 DNS Fundamentals
1.4.2 Domains and Domain Names
1.4.3 Zones
1.4.4 Authoritative Name Servers
1.4.4.1 The Primary Master
1.4.4.2 Slave Servers
1.4.4.3 Stealth Servers
1.4.5 Caching Name Servers
1.4.5.1 Forwarding
1.4.6 Name Servers in Multiple Roles
BIND Resource Requirements
2.1 Hardware requirements
2.2 CPU Requirements
2.3 Memory Requirements
2.4 Name Server Intensive Environment Issues
2.5 Supported Operating Systems
Name Server Configuration
3.1 Sample Configurations
3.1.1 A Caching-only Name Server
3.1.2 An Authoritative-only Name Server
3.2 Load Balancing
3.3 Name Server Operations
3.3.1 Tools for Use With the Name Server Daemon
3.3.1.1 Diagnostic Tools
3.3.1.2 Administrative Tools
3.3.2 Signals
Advanced DNS Features
4.1 Notify
4.2 Dynamic Update
4.2.1 The journal file
4.3 Incremental Zone Transfers (IXFR)
4.4 Split DNS
4.4.1 Example split DNS setup
4.5 TSIG
4.5.1 Generate Shared Keys for Each Pair of Hosts
4.5.1.1 Automatic Generation
4.5.1.2 Manual Generation
4.5.2 Copying the Shared Secret to Both Machines
4.5.3 Informing the Servers of the Key’s Existence
4.5.4 Instructing the Server to Use the Key
4.5.5 TSIG Key Based Access Control
4.5.6 Errors
4.6 TKEY
4.7 SIG(0)
4.8 DNSSEC
4.8.1 Generating Keys
4.8.2 Signing the Zone
4.8.3 Configuring Servers
4.9 DNSSEC, Dynamic Zones, and Automatic Signing
4.9.1 Converting from insecure to secure
4.9.2 Dynamic DNS update method
4.9.3 Fully automatic zone signing
4.9.4 Private-type records
4.9.5 DNSKEY rollovers
4.9.6 Dynamic DNS update method
4.9.7 Automatic key rollovers
4.9.8 NSEC3PARAM rollovers via UPDATE
4.9.9 Converting from NSEC to NSEC3
4.9.10 Converting from NSEC3 to NSEC
4.9.11 Converting from secure to insecure
4.9.12 Periodic re-signing
4.9.13 NSEC3 and OPTOUT
4.10 Dynamic Trust Anchor Management
4.10.1 Validating Resolver
4.10.2 Authoritative Server
4.11 PKCS #11 (Cryptoki) support
4.11.1 Prerequisites
4.11.1.1 Building OpenSSL for the AEP Keyper on Linux
4.11.1.2 Building OpenSSL for the SCA 6000 on Solaris
4.11.2 Building BIND 9 with PKCS#11
4.11.2.1 Configuring BIND 9 for Linux
4.11.2.2 Configuring BIND 9 for Solaris
4.11.3 PKCS #11 Tools
4.11.4 Using the HSM
4.11.5 Specifying the engine on the command line
4.11.6 Running named with automatic zone re-signing
4.12 IPv6 Support in BIND 9
4.12.1 Address Lookups Using AAAA Records
4.12.2 Address to Name Lookups Using Nibble Format
The BIND 9 Lightweight Resolver
5.1 The Lightweight Resolver Library
5.2 Running a Resolver Daemon
BIND 9 Configuration Reference
6.1 Configuration File Elements
6.1.1 Address Match Lists
6.1.1.1 Syntax
6.1.1.2 Definition and Usage
6.1.2 Comment Syntax
6.1.2.1 Syntax
6.1.2.2 Definition and Usage
6.2 Configuration File Grammar
6.2.1 acl Statement Grammar
6.2.2 acl Statement Definition and Usage
6.2.3 controls Statement Grammar
6.2.4 controls Statement Definition and Usage
6.2.5 include Statement Grammar
6.2.6 include Statement Definition and Usage
6.2.7 key Statement Grammar
6.2.8 key Statement Definition and Usage
6.2.9 logging Statement Grammar
6.2.10 logging Statement Definition and Usage
6.2.10.1 The channel Phrase
6.2.10.2 The category Phrase
6.2.10.3 The query-errors Category
6.2.11 lwres Statement Grammar
6.2.12 lwres Statement Definition and Usage
6.2.13 masters Statement Grammar
6.2.14 masters Statement Definition and Usage
6.2.15 options Statement Grammar
6.2.16 options Statement Definition and Usage
6.2.16.1 Boolean Options
6.2.16.2 Forwarding
6.2.16.6 Query Address
6.2.16.7 Zone Transfers
6.2.16.8 UDP Port Lists
6.2.16.9 Operating System Resource Limits
6.2.16.10 Server Resource Limits
6.2.16.11 Periodic Task Intervals
6.2.16.12 Topology
6.2.16.13 The sortlist Statement
6.2.16.14 RRset Ordering
6.2.16.15 Tuning
6.2.16.16 Built-in server information zones
6.2.16.17 Built-in Empty Zones
6.2.16.18 Additional Section Caching
6.2.16.19 Content Filtering
6.2.17 server Statement Grammar
6.2.18 server Statement Definition and Usage
6.2.19 statistics-channels Statement Grammar
6.2.20 statistics-channels Statement Definition and Usage
6.2.21 trusted-keys Statement Grammar
6.2.22 trusted-keys Statement Definition and Usage
6.2.23 managed-keys Statement Grammar
6.2.24 managed-keys Statement Definition and Usage
6.2.25 view Statement Grammar
6.2.26 view Statement Definition and Usage
6.2.27 zone Statement Grammar
6.2.28 zone Statement Definition and Usage
6.2.28.1 Zone Types
6.2.28.2 Class
6.2.28.3 Zone Options
6.2.28.4 Dynamic Update Policies
6.3 Zone File
6.3.1 Types of Resource Records and When to Use Them
6.3.1.1 Resource Records
6.3.1.2 Textual expression of RRs
6.3.2 Discussion of MX Records
6.3.3 Setting TTLs
6.3.4 Inverse Mapping in IPv4
6.3.5 Other Zone File Directives
6.3.5.1 The @ (at-sign)
6.3.5.2 The $ORIGIN Directive
6.3.5.3 The $INCLUDE Directive
6.3.5.4 The $TTL Directive
6.3.6 BIND Master File Extension: the $GENERATE Directive
6.3.7 Additional File Formats
6.4 BIND9 Statistics
6.4.0.1 The Statistics File
6.4.1 Statistics Counters
6.4.1.1 Name Server Statistics Counters
6.4.1.2 Zone Maintenance Statistics Counters
6.4.1.3 Resolver Statistics Counters
6.4.1.4 Socket I/O Statistics Counters
6.4.1.5 Compatibility withBIND8 Counters
BIND 9 Security Considerations
7.1 Access Control Lists
7.2 Chroot and Setuid
7.2.1 The chroot Environment
7.2.2 Using the setuid Function
7.3 Dynamic Update Security
Troubleshooting
8.1 Common Problems
8.1.1 It’s not working; how can I figure out what’s wrong?
8.2 Incrementing and Changing the Serial Number
8.3 Where Can I Get Help?
Appendices
A.1 Acknowledgments
A.1.1 A Brief History of the DNS and BIND
A.2 General DNS Reference Information
A.2.1 IPv6 addresses (AAAA)
A.3 Bibliography (and Suggested Reading)
A.3.1 Request for Comments (RFCs)
Standards
A.3.2 Internet Drafts
A.3.3 Other Documents About BIND
A.4 BIND 9 DNS Library Support
A.4.6.4 sample-gai: getaddrinfo() and getnameinfo() test code
A.4.6.5 sample-update: a simple dynamic update client program
A.4.6.6 nsprobe: domain/name server checker in terms of RFC 4074
A.4.7 Library References
Manual pages
B.1 dig
B.2 host
B.3 dnssec-dsfromkey
B.4 dnssec-keyfromlabel
B.5 dnssec-keygen
B.6 dnssec-revoke
B.7 dnssec-settime
B.8 dnssec-signzone
B.10 named-checkzone
B.11 named
B.12 named-journalprint
B.13 nsupdate
B.14 rndc
0 of .
Results for:
No results containing your search query
P. 1
Bv9ARM

Bv9ARM

Ratings: (0)|Views: 6|Likes:
Published by Ana Arrojo Onrubia

More info:

Published by: Ana Arrojo Onrubia on Mar 12, 2013
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

03/12/2013

pdf

text

original

You're Reading a Free Preview
Pages 4 to 67 are not shown in this preview.
You're Reading a Free Preview
Page 71 is not shown in this preview.
You're Reading a Free Preview
Pages 75 to 127 are not shown in this preview.
You're Reading a Free Preview
Pages 131 to 155 are not shown in this preview.
You're Reading a Free Preview
Pages 159 to 176 are not shown in this preview.

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->