BIND 9 Administrator Reference Manual BIND 9 Administrator Reference Manual Copyright © 2000, 2001 by Internet Software Consortium Table of Contents 1. Introduction............................................................................................................................................9 1.1. Scope of Document.....................................................................................................................9 1.2. Organization of This Document..................................................................................................9 1.3. Conventions Used in This Document..........................................................................................9 1.4. The Domain Name System (DNS)............................................................................................10 1.4.1. DNS Fundamentals.......................................................................................................10 1.4.2. Domains and Domain Names.......................................................................................10 1.4.3. Zones ............................................................................................................................11 1.4.4. Authoritative Name Servers .........................................................................................11 1.4.4.1. The Primary Master .........................................................................................12 1.4.4.2. Slave Servers....................................................................................................12 1.4.4.3. Stealth Servers .................................................................................................12 1.4.5. Caching Name Servers .................................................................................................12 1.4.5.1. Forwarding.......................................................................................................13 1.4.6. Name Servers in Multiple Roles...................................................................................13 2. BIND Resource Requirements............................................................................................................15 2.1. Hardware requirements .............................................................................................................15 2.2. CPU Requirements....................................................................................................................15 2.3. Memory Requirements..............................................................................................................15 2.4. Nameserver Intensive Environment Issues ...............................................................................15 2.5. Supported Operating Systems...................................................................................................16 3. Nameserver Configuration..................................................................................................................17 3.1. Sample Configurations..............................................................................................................17 3.1.1. A Caching-only Nameserver ........................................................................................17 3.1.2. An Authoritative-only Nameserver ..............................................................................17 3.2. Load Balancing .........................................................................................................................18 3.3. Notify ........................................................................................................................................19 3.4. Nameserver Operations.............................................................................................................19 3.4.1. Tools for Use With the Nameserver Daemon...............................................................19 3.4.1.1. Diagnostic Tools ..............................................................................................19 3.4.1.2. Administrative Tools........................................................................................20 3.4.2. Signals ..........................................................................................................................24 4. Advanced Concepts .............................................................................................................................25 4.1. Dynamic Update .......................................................................................................................25 4.1.1. The journal file .............................................................................................................25 4.2. Incremental Zone Transfers (IXFR)..........................................................................................25 4.3. Split DNS ..................................................................................................................................26 5 4.4. TSIG..........................................................................................................................................30 4.4.1. Generate Shared Keys for Each Pair of Hosts..............................................................30 4.4.1.1. Automatic Generation......................................................................................30 4.4.1.2. Manual Generation...........................................................................................31 4.4.2. Copying the Shared Secret to Both Machines..............................................................31 4.4.3. Informing the Servers of the Key’s Existence ..............................................................31 4.4.4. Instructing the Server to Use the Key...........................................................................31 4.4.5. TSIG Key Based Access Control .................................................................................32 4.4.6. Errors ............................................................................................................................32 4.5. TKEY ........................................................................................................................................32 4.6. SIG(0)........................................................................................................................................33 4.7. DNSSEC ...................................................................................................................................33 4.7.1. Generating Keys ...........................................................................................................34 4.7.2. Creating a Keyset..........................................................................................................34 4.7.3. Signing the Child’s Keyset ...........................................................................................35 4.7.4. Signing the Zone...........................................................................................................35 4.7.5. Configuring Servers......................................................................................................35 4.8. IPv6 Support in BIND 9............................................................................................................36 4.8.1. Address Lookups Using AAAA Records.....................................................................36 4.8.2. Address Lookups Using A6 Records ...........................................................................37 4.8.2.1. A6 Chains.........................................................................................................37 4.8.2.2. A6 Records for DNS Servers...........................................................................37 4.8.3. Address to Name Lookups Using Nibble Format ........................................................38 4.8.4. Address to Name Lookups Using Bitstring Format .....................................................38 4.8.5. Using DNAME for Delegation of IPv6 Reverse Addresses.........................................38 5. The BIND 9 Lightweight Resolver .....................................................................................................41 5.1. The Lightweight Resolver Library............................................................................................41 5.2. Running a Resolver Daemon ....................................................................................................41 6. BIND 9 Configuration Reference .......................................................................................................43 6.1. Configuration File Elements .....................................................................................................43 6.1.1. Address Match Lists.....................................................................................................44 6.1.1.1. Syntax ..............................................................................................................45 6.1.1.2. Definition and Usage........................................................................................45 6.1.2. Comment Syntax ..........................................................................................................46 6.1.2.1. Syntax ..............................................................................................................46 6.1.2.2. Definition and Usage........................................................................................46