Latest Result of DNSSEC Validation

Total Page:16

File Type:pdf, Size:1020Kb

Latest Result of DNSSEC Validation BIND 9 Administrator Reference Manual Internet Systems Consortium Sep 23, 2021 CONTENTS 1 Introduction 1 1.1 Scope of Document ............................................ 1 1.2 Organization of This Document ..................................... 1 1.3 Conventions Used in This Document ................................... 1 1.4 The Domain Name System (DNS) .................................... 2 2 BIND Resource Requirements 7 2.1 Hardware Requirements ......................................... 7 2.2 CPU Requirements ............................................ 7 2.3 Memory Requirements .......................................... 7 2.4 Name Server-Intensive Environment Issues ............................... 7 2.5 Supported Operating Systems ...................................... 8 3 Name Server Configuration 9 3.1 Sample Configurations .......................................... 9 3.2 Load Balancing .............................................. 10 3.3 Name Server Operations ......................................... 11 3.4 Plugins .................................................. 13 4 BIND 9 Configuration Reference 15 4.1 Configuration File Elements ....................................... 15 4.2 Configuration File Grammar ....................................... 18 4.3 Zone File ................................................. 105 4.4 BIND 9 Statistics ............................................. 110 5 Advanced DNS Features 117 5.1 Notify ................................................... 117 5.2 Dynamic Update ............................................. 117 5.3 Incremental Zone Transfers (IXFR) ................................... 118 5.4 Split DNS ................................................. 119 5.5 TSIG ................................................... 122 5.6 TKEY ................................................... 124 5.7 SIG(0) .................................................. 124 5.8 DNSSEC ................................................. 125 5.9 DNSSEC, Dynamic Zones, and Automatic Signing ........................... 127 5.10 Dynamic Trust Anchor Management ................................... 131 5.11 PKCS#11 (Cryptoki) Support ...................................... 133 5.12 Dynamically Loadable Zones (DLZ) ................................... 136 5.13 Dynamic Database (DynDB) ....................................... 137 5.14 Catalog Zones ............................................... 138 i 5.15 IPv6 Support in BIND 9 ......................................... 141 6 BIND 9 Security Considerations 143 6.1 Access Control Lists ........................................... 143 6.2 Chroot and Setuid .......................................... 145 6.3 Dynamic Update Security ........................................ 145 7 Troubleshooting 147 7.1 Common Problems ............................................ 147 7.2 Incrementing and Changing the Serial Number .............................. 148 7.3 Where Can I Get Help? .......................................... 148 8 Release Notes 149 8.1 Introduction ................................................ 152 8.2 Supported Platforms ........................................... 152 8.3 Download ................................................. 152 8.4 Notes for BIND 9.17.18 ......................................... 152 8.5 Notes for BIND 9.17.18 ......................................... 153 8.6 Notes for BIND 9.17.17 ......................................... 154 8.7 Notes for BIND 9.17.16 ......................................... 155 8.8 Notes for BIND 9.17.15 ......................................... 156 8.9 Notes for BIND 9.17.14 ......................................... 157 8.10 Notes for BIND 9.17.13 ......................................... 157 8.11 Notes for BIND 9.17.12 ......................................... 158 8.12 Notes for BIND 9.17.11 ......................................... 159 8.13 Notes for BIND 9.17.10 ......................................... 161 8.14 Notes for BIND 9.17.9 .......................................... 162 8.15 Notes for BIND 9.17.8 .......................................... 163 8.16 Notes for BIND 9.17.7 .......................................... 164 8.17 Notes for BIND 9.17.6 .......................................... 165 8.18 Notes for BIND 9.17.5 .......................................... 165 8.19 Notes for BIND 9.17.4 .......................................... 166 8.20 Notes for BIND 9.17.3 .......................................... 168 8.21 Notes for BIND 9.17.2 .......................................... 169 8.22 Notes for BIND 9.17.1 .......................................... 171 8.23 Notes for BIND 9.17.0 .......................................... 172 8.24 License .................................................. 173 8.25 End of Life ................................................ 174 8.26 Thank You ................................................ 174 9 DNSSEC Guide 175 9.1 Preface .................................................. 175 9.2 Introduction ................................................ 176 9.3 Getting Started .............................................. 181 9.4 Validation ................................................. 184 9.5 Signing .................................................. 196 9.6 Basic DNSSEC Troubleshooting ..................................... 219 9.7 Advanced Discussions .......................................... 227 9.8 Recipes .................................................. 240 9.9 Commonly Asked Questions ....................................... 260 10 A Brief History of the DNS and BIND 263 11 General DNS Reference Information 265 11.1 IPv6 Addresses (AAAA) ......................................... 265 ii 11.2 Bibliography (and Suggested Reading) .................................. 265 11.3 Internet Standards ............................................ 266 11.4 Proposed Standards ............................................ 266 11.5 Informational RFCs ............................................ 268 11.6 Experimental RFCs ............................................ 269 11.7 Best Current Practice RFCs ....................................... 269 11.8 Historic RFCs .............................................. 270 11.9 RFCs of Type “Unknown” ........................................ 270 11.10 Obsoleted and Unimplemented Experimental RFCs ........................... 270 11.11 RFCs No Longer Supported in BIND 9 ................................. 271 12 Manual Pages 273 12.1 arpaname - translate IP addresses to the corresponding ARPA names .................. 273 12.2 delv - DNS lookup and validation utility ................................. 273 12.3 dig - DNS lookup utility ......................................... 277 12.4 dnssec-cds - change DS records for a child zone based on CDS/CDNSKEY ............... 285 12.5 dnssec-dsfromkey - DNSSEC DS RR generation tool .......................... 287 12.6 dnssec-importkey - import DNSKEY records from external systems so they can be managed ...... 289 12.7 dnssec-keyfromlabel - DNSSEC key generation tool ........................... 290 12.8 dnssec-keygen: DNSSEC key generation tool .............................. 293 12.9 dnssec-revoke - set the REVOKED bit on a DNSSEC key ........................ 297 12.10 dnssec-settime: set the key timing metadata for a DNSSEC key ..................... 298 12.11 dnssec-signzone - DNSSEC zone signing tool .............................. 300 12.12 dnssec-verify - DNSSEC zone verification tool .............................. 305 12.13 dnstap-read - print dnstap data in human-readable form ......................... 306 12.14 filter-aaaa.so - filter AAAA in DNS responses when A is present .................... 306 12.15 host - DNS lookup utility ......................................... 308 12.16 mdig - DNS pipelined lookup utility ................................... 310 12.17 named-checkconf - named configuration file syntax checking tool .................... 313 12.18 named-checkzone, named-compilezone - zone file validity checking or converting tool ......... 314 12.19 named-journalprint - print zone journal in human-readable form .................... 316 12.20 named-nzd2nzf - convert an NZD database to NZF text format ..................... 317 12.21 named-rrchecker - syntax checker for individual DNS resource records ................. 318 12.22 named.conf - configuration file for named ................................ 318 12.23 named - Internet domain name server .................................. 338 12.24 nsec3hash - generate NSEC3 hash .................................... 341 12.25 nslookup - query Internet name servers interactively ........................... 341 12.26 nsupdate - dynamic DNS update utility .................................. 344 12.27 rndc-confgen - rndc key generation tool ................................. 348 12.28 rndc.conf - rndc configuration file .................................... 349 12.29 rndc - name server control utility ..................................... 351 12.30 tsig-keygen, ddns-confgen - TSIG key generation tool .......................... 358 Index 361 iii iv CHAPTER ONE INTRODUCTION The Internet Domain Name System (DNS) consists of the syntax to specify the names of entities in the Internet in a hierarchical manner, the rules used for delegating authority over names, and the system implementation that actually maps names to Internet addresses. DNS data is maintained in a group of distributed hierarchical databases. 1.1 Scope of Document The Berkeley Internet Name Domain (BIND) implements a domain
Recommended publications
  • Knot DNS Resolver Release 1.2.0
    Knot DNS Resolver Release 1.2.0 CZ.NIC Labs Apr 25, 2017 Contents 1 Building project 3 1.1 Installing from packages.........................................3 1.2 Platform considerations.........................................3 1.3 Requirements...............................................3 1.4 Building from sources..........................................5 1.5 Getting Docker image..........................................7 2 Knot DNS Resolver library 9 2.1 Requirements...............................................9 2.2 For users.................................................9 2.3 For developers..............................................9 2.4 Writing layers.............................................. 11 2.5 APIs in Lua................................................ 12 2.6 API reference............................................... 15 3 Knot DNS Resolver daemon 47 3.1 Enabling DNSSEC............................................ 47 3.2 CLI interface............................................... 48 3.3 Scaling out................................................ 48 3.4 Running supervised........................................... 49 3.5 Configuration............................................... 49 3.6 Using CLI tools............................................. 64 4 Knot DNS Resolver modules 67 4.1 Static hints................................................ 67 4.2 Statistics collector............................................ 69 4.3 Query policies.............................................. 71 4.4 Views and ACLs............................................
    [Show full text]
  • Getting Started Computing at the Al Lab by Christopher C. Stacy Abstract
    MASSACHUSETTS INSTITUTE OF TECHNOLOGY ARTIFICIAL INTELLI..IGENCE LABORATORY WORKING PAPER 235 7 September 1982 Getting Started Computing at the Al Lab by Christopher C. Stacy Abstract This document describes the computing facilities at the M.I.T. Artificial Intelligence Laboratory, and explains how to get started using them. It is intended as an orientation document for newcomers to the lab, and will be updated by the author from time to time. A.I. Laboratory Working Papers are produced for internal circulation. and may contain information that is, for example, too preliminary or too detailed for formal publication. It is not intended that they should be considered papers to which reference can be made in the literature. a MASACHUSETS INSTITUTE OF TECHNOLOGY 1982 Getting Started Table of Contents Page i Table of Contents 1. Introduction 1 1.1. Lisp Machines 2 1.2. Timesharing 3 1.3. Other Computers 3 1.3.1. Field Engineering 3 1.3.2. Vision and Robotics 3 1.3.3. Music 4 1,3.4. Altos 4 1.4. Output Peripherals 4 1.5. Other Machines 5 1.6. Terminals 5 2. Networks 7 2.1. The ARPAnet 7 2.2. The Chaosnet 7 2.3. Services 8 2.3.1. TELNET/SUPDUP 8 2.3.2. FTP 8 2.4. Mail 9 2.4.1. Processing Mail 9 2.4.2. Ettiquette 9 2.5. Mailing Lists 10 2.5.1. BBoards 11 2.6. Finger/Inquire 11 2.7. TIPs and TACs 12 2.7.1. ARPAnet TAC 12 2.7.2. Chaosnet TIP 13 3.
    [Show full text]
  • Oracle Berkeley DB Installation and Build Guide Release 18.1
    Oracle Berkeley DB Installation and Build Guide Release 18.1 Library Version 18.1.32 Legal Notice Copyright © 2002 - 2019 Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. Berkeley DB, and Sleepycat are trademarks or registered trademarks of Oracle. All rights to these marks are reserved. No third- party use is permitted without the express prior written consent of Oracle. Other names may be trademarks of their respective owners. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs.
    [Show full text]
  • Safeguard for Privileged Passwords 6.0.9 LTS Release Notes
    Safeguard for Privileged Passwords 6.0.9 LTS Release Notes 03 March 2021, 06:20 These release notes provide information about the Safeguard for Privileged Passwords 6.0.9 LTS release. If you are updating a Safeguard for Privileged Passwords version prior to this release, read the release notes for the version found at: One Identity Safeguard for Privileged Passwords Technical Documentation. For the most recent documents and product information, see One Identity Safeguard for Privileged Passwords Technical Documentation. Release options Safeguard for Privileged Passwords includes two release versions: l Long Term Support (LTS) release, version 6.0.9 LTS l Feature release, version 6.9 The versions align with Safeguard for Privileged Sessions. For more information, see Long Term Support (LTS) and Feature Releases on page 13. About this release Safeguard for Privileged Passwords Version 6.0.9 LTS is a minor LTS release with resolved issues. For more details on the features and resolved issues, see: Safeguard for Privileged Passwords 6.0.9 LTS 1 Release Notes l Resolved issues NOTE: For a full list of key features in Safeguard for Privileged Passwords, see the Safeguard for Privileged Passwords Administration Guide. About the Safeguard product line The Safeguard for Privileged Passwords Appliance is built specifically for use only with the Safeguard for Privileged Passwords privileged management software, which is pre- installed and ready for immediate use. The appliance is hardened to ensure the system is secured at the hardware, operating system, and software levels. The hardened appliance approach protects the privileged management software from attacks while simplifying deployment and ongoing management and shortening the time frame to value.
    [Show full text]
  • Efficient Parallel I/O on Multi-Core Architectures
    Lecture series title/ lecture title Efficient parallel I/O on multi-core architectures Adrien Devresse CERN IT-SDC-ID Thematic CERN School of Computing 2014 1 Author(s) names – Affiliation Lecture series title/ lecture title How to make I/O bound application scale with multi-core ? What is an IO bound application ? → A server application → A job that accesses big number of files → An application that uses intensively network 2 Author(s) names – Affiliation Lecture series title/ lecture title Stupid example: Simple server monothreaded // create socket socket_desc = socket(AF_INET , SOCK_STREAM , 0); // bind the socket bind(socket_desc,(struct sockaddr *)&server , sizeof(server)); listen(socket_desc , 100); //accept connection from an incoming client while(1){ // declarations client_sock = accept(socket_desc, (struct sockaddr *)&client, &c); //Receive a message from client while( (read_size = recv(client_sock , client_message , 2000 , 0)) > 0{ // Wonderful, we have a client, do some useful work std::string msg("hello bob"); write(client_sock, msg.c_str(), msg.size()); } } 3 Author(s) names – Affiliation Lecture series title/ lecture title Stupid example: Let's make it parallel ! int main(int argc, char** argv){ // creat socket void do_work(int socket){ socket_desc = socket(AF_INET , SOCK_STREAM , 0); //Receive a message while( (read_size = // bind the socket recv(client_sock , bind(socket_desc, server , sizeof(server)); client_message , 2000 , 0)) > 0{ listen(socket_desc , 100); // Wonderful, we have a client // useful works //accept connection
    [Show full text]
  • Unbound: a New Secure and High Performance Open Source DNS Server
    New Open Source DNS Server Released Today Unbound – A Secure, High-Performance Alternative to BIND – Makes its Debut within Open Source Community Amsterdam, The Netherlands and Mountain View, CA – May 20, 2008 – Unbound – a new open source alternative to the BIND domain name system (DNS) server– makes its worldwide debut today with the worldwide public release of Unbound 1.0 at http://unbound.net. Released to open source developers by NLnet Labs, VeriSign, Inc. (NASDAQ: VRSN), Nominet, and Kirei, Unbound is a validating, recursive, and caching DNS server designed as a high- performance alternative for BIND (Berkeley Internet Name Domain). Unbound will be supported by NLnet Labs. An essential component of the Internet, the DNS ties domain names (such as www.verisign.com) to the IP addresses and other information that Web browsers need to access and interact with specific sites. Though it is unknown to the vast majority of Web users, DNS is at the heart of a range of Internet-based services beyond Web browsing, including email, messaging and Voice Over Internet Protocol (VOIP) telecommunications. Although BIND has been the de facto choice for DNS servers since the 1980s, a desire to seek an alternative server that excels in security, performance and ease of use prompted an effort to develop an open source DNS implementation. Unbound is the result of that effort. Mostly deployed by ISPs and enterprise users, Unbound will also be available for embedding in customer devices, such as dedicated DNS appliances and ADSL modems. By making Unbound code available to open source developers, its originators hope to enable rapid development of features that have not traditionally been associated with DNS.
    [Show full text]
  • Message Passing and Network Programming
    Message Passing and Network Programming Advanced Operating Systems Lecture 13 Colin Perkins | https://csperkins.org/ | Copyright © 2017 | This work is licensed under the Creative Commons Attribution-NoDerivatives 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nd/4.0/ or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042, USA. Lecture Outline • Actors, sockets, and network protocols • Asynchronous I/O frameworks • Higher level abstractions Colin Perkins | https://csperkins.org/ | Copyright © 2017 2 Message Passing and Network Protocols • Recap: • Actor-based framework for message passing Send to • Each actor has a receive loop other actors Mailbox Actor Calls to one function per state Queue • Receive Message • Messages delivered by runtime system; Receiver processed sequentially Message Done Message Process • Actor can send messages in reply; Message Dispatcher return identity of next state Dequeue • Can we write network code this way? Request next • Send data by sending a message to an actor representing a socket • Receive messages representing data received on a socket Colin Perkins | https://csperkins.org/ | Copyright © 2017 3 Integrating Actors and Sockets Sending Thread Send to other actors Encoder Network Socket Mailbox Actor Queue Parser Receive Message Receiver Message Done Receiving Thread Message Process Message Dispatcher • Conceptually straightforward to integrate Dequeue actors with network code Request next • Runtime system maintains sending and
    [Show full text]
  • Copyright by Tongliang Liao 2017
    Copyright by Tongliang Liao 2017 The Thesis committee for Tongliang Liao certifies that this is the approved version of the following thesis: TAI: Threaded Asynchronous I/O Library for Performance and Portability APPROVED BY SUPERVISING COMMITTEE: Vijaychidambaram Velayudhan Pillai, Supervisor Simon Peter TAI: Threaded Asynchronous I/O Library for Performance and Portability by Tongliang Liao Thesis Presented to the Faculty of the Graduate School of the University of Texas at Austin in Partial Fulfillment of the Requirements for the Degree of Master of Science in Computer Science The University of Texas at Austin Dec 2017 TAI: Threaded Asynchronous I/O Library for Performance and Portability by Tongliang Liao, M.S.C.S The University of Texas at Austin, 2017 Supervisor: Vijaychidambaram Velayudhan Pillai In this paper, we investigate the behavior and performance of disk I/O using different types of libraries. We analyze the scenario where we can benefit from asyn- chronous I/O, and propose our cross-platform library design called TAI (Threaded Async I/O). TAI is designed to be a C++17 library with developer-friendly API. Our benchmark shows it can out-perform other libraries when asynchronous I/O is beneficial, and keep competitive speed in other cases. It also demonstrates TAI’s ability to retrieve 20% - 60% speedup on poorly scaled serial code by a simple library replacement. iv Table of Contents 1 Introduction 1 1.1 Related Work .................................................................................. 2 1.2 Background ..................................................................................... 2 1.2.1 POSIX Sync I/O ................................................................... 3 1.2.2 POSIX AIO .......................................................................... 3 1.2.3 C/C++ Standard I/O Functions............................................
    [Show full text]
  • A Sense of Time for Node.Js: Timeouts As a Cure for Event Handler Poisoning
    A Sense of Time for Node.js: Timeouts as a Cure for Event Handler Poisoning Anonymous Abstract—The software development community has begun to new Denial of Service attack that can be used against EDA- adopt the Event-Driven Architecture (EDA) to provide scalable based services. Our Event Handler Poisoning attack exploits web services. Though the Event-Driven Architecture can offer the most important limited resource in the EDA: the Event better scalability than the One Thread Per Client Architecture, Handlers themselves. its use exposes service providers to a Denial of Service attack that we call Event Handler Poisoning (EHP). The source of the EDA’s scalability is also its Achilles’ heel. Multiplexing unrelated work onto the same thread re- This work is the first to define EHP attacks. After examining EHP vulnerabilities in the popular Node.js EDA framework and duces overhead, but it also moves the burden of time sharing open-source npm modules, we explore various solutions to EHP- out of the thread library or operating system and into the safety. For a practical defense against EHP attacks, we propose application itself. Where OTPCA-based services can rely on Node.cure, which defends a large class of Node.js applications preemptive multitasking to ensure that resources are shared against all known EHP attacks by making timeouts a first-class fairly, using the EDA requires the service to enforce its own member of the JavaScript language and the Node.js framework. cooperative multitasking [89]. An EHP attack identifies a way to defeat the cooperative multitasking used by an EDA-based Our evaluation shows that Node.cure is effective, broadly applicable, and offers strong security guarantees.
    [Show full text]
  • Stateless DNS
    Technical Report KN{2014{DiSy{004 Distributed System Laboratory Stateless DNS Daniel Kaiser, Matthias Fratz, Marcel Waldvogel, Valentin Dietrich, Holger Strittmatter Distributed Systems Laboratory Department of Computer and Information Science University of Konstanz { Germany Konstanzer Online-Publikations-System (KOPS) URL: http://nbn-resolving.de/urn:nbn:de:bsz:352-0-267760 Abstract. Several network applications, like service discovery, file dis- covery in P2P networks, distributed hash tables, and distributed caches, use or would benefit from distributed key value stores. The Domain Name System (DNS) is a key value store which has a huge infrastructure and is accessible from almost everywhere. Nevertheless storing information in this database makes it necessary to be authoritative for a domain or to be \registered" with a domain, e.g. via DynDNS, to be allowed to store and update resource records using nsupdate . Applications like the ones listed above would greatly benefit from a configurationless approach, giving users a much more convenient experience. In this report we describe a technique we call Stateless DNS, which allows to store data in the cache of the local DNS server. It works without any infrastructure updates; it just needs our very simple, configurationless echo DNS server that can parse special queries containing information desired to be stored, process this information, and generate DNS answers in a way that the DNS cache that was asked the special query will store the desired information. Because all this happens in the authority zone of our echo DNS server, we do not cause cache poisoning. Our tests show that Stateless DNS works with a huge number of public DNS servers.
    [Show full text]
  • Design of an Ethernet Monitor and Protocol Analyzer Gwenna S
    Iowa State University Capstones, Theses and Retrospective Theses and Dissertations Dissertations 1990 Design of an Ethernet monitor and protocol analyzer Gwenna S. Jacobson Iowa State University Follow this and additional works at: https://lib.dr.iastate.edu/rtd Part of the Hardware Systems Commons Recommended Citation Jacobson, Gwenna S., "Design of an Ethernet monitor and protocol analyzer" (1990). Retrospective Theses and Dissertations. 16878. https://lib.dr.iastate.edu/rtd/16878 This Thesis is brought to you for free and open access by the Iowa State University Capstones, Theses and Dissertations at Iowa State University Digital Repository. It has been accepted for inclusion in Retrospective Theses and Dissertations by an authorized administrator of Iowa State University Digital Repository. For more information, please contact [email protected]. Design of an Ethernet monitor and protocol analyzer by Gwenna S. Jacobson A Thesis Submitted to the Graduate Faculty in Partial Fulfillment of the Requirements for the Degree of MASTER OF SCIENCE Department: Electrical Engineering and Computer Engineering Major: Computer Engineering Signatures have been redacted for privacy Iowa State University Ames, Iowa 1990 11 TABLE OF CONTENTS ACKNOWLEDGEMENTS VIll 1. INTRODUCTION ... 1 2. MONITORING TECHNIQUES 3 2.1 C en t ralized ~Ioni tor 3 2.1.1 Probe Monitor 3 2.1.2 Spy Monitor. 3 2.2 Distributed Monitor 4 2.3 Hybrid l\Ionitor ... 4 3. NETWORK PROTOCOLS .5 3.1 OSlo 5 3.1.1 Physical Layer. 6 3.1.2 Data Link Layer 6 3.1.3 Network Layer 8 3.1.4 Transport Layer. 11 3.1.5 Session Layer .
    [Show full text]
  • Internet Systems Consortium, Inc
    BIND 9 Administrator Reference Manual I S C Copyright c 2004, 2005, 2006, 2007, 2008, 2009, 2010 Internet Systems Consortium, Inc. (”ISC”) Copyright c 2000, 2001, 2002, 2003 Internet Software Consortium. Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED ”AS IS” AND ISC DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 2 Contents 1 Introduction 9 1.1 Scope of Document . 9 1.2 Organization of This Document . 9 1.3 Conventions Used in This Document . 9 1.4 The Domain Name System (DNS) . 10 1.4.1 DNS Fundamentals . 10 1.4.2 Domains and Domain Names . 10 1.4.3 Zones . 10 1.4.4 Authoritative Name Servers . 11 1.4.4.1 The Primary Master . 11 1.4.4.2 Slave Servers . 11 1.4.4.3 Stealth Servers . 11 1.4.5 Caching Name Servers . 12 1.4.5.1 Forwarding . 12 1.4.6 Name Servers in Multiple Roles . 12 2 BIND Resource Requirements 13 2.1 Hardware requirements . 13 2.2 CPU Requirements . 13 2.3 Memory Requirements .
    [Show full text]