BIND 9 Administrator Reference Manual

BIND 9 Administrator Reference Manual

BIND 9 Administrator Reference Manual BIND 9.11.31 (Extended Support Version) Copyright (C) 2000-2021 Internet Systems Consortium, Inc. ("ISC") This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. Internet Systems Consortium, Inc. PO Box 360 Newmarket, NH 03857 USA https://www.isc.org/ Contents 1 Introduction 1 1.1 Scope of Document . .1 1.2 Organization of This Document . .1 1.3 Conventions Used in This Document . .1 1.4 The Domain Name System (DNS) . .2 DNS Fundamentals . .2 Domains and Domain Names . .2 Zones . .3 Authoritative Name Servers . .3 The Primary Server . .3 Secondary Servers . .4 Stealth Servers . .4 Caching Name Servers . .4 Forwarding . .5 Name Servers in Multiple Roles . .5 2 BIND Resource Requirements7 2.1 Hardware requirements . .7 2.2 CPU Requirements . .7 2.3 Memory Requirements . .7 2.4 Name Server-Intensive Environment Issues . .7 2.5 Supported Operating Systems . .8 iii BIND 9.11.31 CONTENTS CONTENTS 3 Name Server Configuration9 3.1 Sample Configurations . .9 A Caching-only Name Server . .9 An Authoritative-only Name Server . .9 3.2 Load Balancing . 10 3.3 Name Server Operations . 11 Tools for Use With the Name Server Daemon . 11 Diagnostic Tools . 11 Administrative Tools . 12 Signals . 13 4 Advanced DNS Features 15 4.1 Notify . 15 4.2 Dynamic Update . 15 The Journal File . 16 4.3 Incremental Zone Transfers (IXFR) . 16 4.4 Split DNS . 17 Example Split DNS Setup . 17 4.5 TSIG . 20 Generating a Shared Key . 21 Loading a New Key . 21 Instructing the Server to Use a Key . 22 TSIG-Based Access Control . 22 Errors . 22 4.6 TKEY . 23 4.7 SIG(0) . 23 4.8 DNSSEC . 24 Generating Keys . 24 Signing the Zone . 24 Configuring Servers for DNSSEC . 25 4.9 DNSSEC, Dynamic Zones, and Automatic Signing . 27 Converting from insecure to secure . 27 Dynamic DNS Update Method . 28 Fully Automatic Zone Signing . 28 BIND 9.11.31 iv CONTENTS CONTENTS Private Type Records . 29 DNSKEY Rollovers . 30 Dynamic DNS Update Method . 30 Automatic Key Rollovers . 30 NSEC3PARAM Rollovers via UPDATE . 30 Converting From NSEC to NSEC3 . 31 Converting From NSEC3 to NSEC . 31 Converting From Secure to Insecure . 31 Periodic Re-signing . 31 NSEC3 and OPTOUT . 31 4.10 Dynamic Trust Anchor Management . 31 Validating Resolver . 32 Authoritative Server . 32 4.11 PKCS#11 (Cryptoki) Support . 33 Prerequisites . 33 Native PKCS#11 . 33 Building SoftHSMv2 . 34 OpenSSL-based PKCS#11 . 34 Patching OpenSSL . 35 Building OpenSSL for the AEP Keyper on Linux . 35 Building OpenSSL for the SCA 6000 on Solaris . 36 Building OpenSSL for SoftHSM . 36 Configuring BIND 9 for Linux with the AEP Keyper . 37 Configuring BIND 9 for Solaris with the SCA 6000 . 37 Configuring BIND 9 for SoftHSM . 38 PKCS#11 Tools . 38 Using the HSM . 38 Specifying the engine on the command line . 40 Running named with automatic zone re-signing . 40 4.12 DLZ (Dynamically Loadable Zones) . 41 Configuring DLZ . 41 Sample DLZ Driver . 42 4.13 Dynamic Database (DynDB) . 42 v BIND 9.11.31 CONTENTS CONTENTS Configuring DynDB . 43 Sample DynDB Module . 43 4.14 Catalog Zones . 43 Principle of Operation . 44 Configuring Catalog Zones . 45 Catalog Zone Format . 45 4.15 IPv6 Support in BIND 9 . 47 Address Lookups Using AAAA Records . 47 Address-to-Name Lookups Using Nibble Format . 48 5 The BIND 9 Lightweight Resolver 49 5.1 The Lightweight Resolver Library . 49 5.2 Running a Resolver Daemon . 49 6 BIND 9 Configuration Reference 51 6.1 Configuration File Elements . 51 Address Match Lists . 54 Syntax . ..

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    344 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us