mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-01 06:55:30 +00:00
Code Issues Releases Wiki Activity

Split Configuration chapter in the ARM into chapters 3 and 4

Browse Source
This commit is contained in:
Ron Aitchison
2022-03-21 22:13:29 +00:00
committed by Petr Špaček
parent 63e12b511f
commit cd1c230ff6
7 changed files with 162 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
doc/arm/Makefile.am
View File

@@ -8,9 +8,12 @@ EXTRA_DIST = \
chapter10.rst \ chapter10.rst \
chapter1.rst \ chapter1.rst \
chapter2.rst \ chapter2.rst \
configuration.rst \ chapter3.rst \
chapter4.rst \
configuration.inc.rst \
conf.py \ conf.py \
dlz.inc.rst \ dlz.inc.rst \
dns-ops.inc.rst \
dnssec-guide.rst \ dnssec-guide.rst \
dnssec.inc.rst \ dnssec.inc.rst \
dns-security-overview.dia \ dns-security-overview.dia \

12
doc/arm/chapter3.rst Normal file
View File

@@ -0,0 +1,12 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
.. include:: configuration.inc.rst

13
doc/arm/chapter4.rst Normal file
View File

@@ -0,0 +1,13 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
.. include:: dns-ops.inc.rst
.. include:: plugins.inc.rst

128
doc/arm/configuration.inc.rst Normal file
View File

@@ -0,0 +1,128 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
.. _configuration:
Configurations and Zone Files
=============================
In this chapter we provide some suggested configurations, along with
guidelines for their use. We suggest reasonable values for certain
option settings.
.. _sample_configuration:
Sample Configurations
---------------------
.. _cache_only_sample:
A Caching-only Name Server
~~~~~~~~~~~~~~~~~~~~~~~~~~
The following sample configuration is appropriate for a caching-only
name server for use by clients internal to a corporation. All queries
from outside clients are refused using the ``allow-query`` option.
The same effect can be achieved using suitable firewall
rules.
::
// Two corporate subnets we wish to allow queries from.
acl corpnets { 192.168.4.0/24; 192.168.7.0/24; };
options {
allow-query { corpnets; };
};
// Provide a reverse mapping for the loopback
// address 127.0.0.1
zone "0.0.127.in-addr.arpa" {
type primary;
file "localhost.rev";
notify no;
};
.. _auth_only_sample:
An Authoritative-only Name Server
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This sample configuration is for an authoritative-only server that is
the primary server for ``example.com`` and a secondary server for the subdomain
``eng.example.com``.
::
options {
// Do not allow access to cache
allow-query-cache { none; };
// This is the default
allow-query { any; };
// Do not provide recursive service
recursion no;
};
// Provide a reverse mapping for the loopback
// address 127.0.0.1
zone "0.0.127.in-addr.arpa" {
type primary;
file "localhost.rev";
notify no;
};
// We are the primary server for example.com
zone "example.com" {
type primary;
file "example.com.db";
// IP addresses of secondary servers allowed to
// transfer example.com
allow-transfer {
192.168.4.14;
192.168.5.53;
};
};
// We are a secondary server for eng.example.com
zone "eng.example.com" {
type secondary;
file "eng.example.com.bk";
// IP address of eng.example.com primary server
primaries { 192.168.4.12; };
};
.. _load_balancing:
Load Balancing
--------------
A primitive form of load balancing can be achieved in the DNS by using
multiple records (such as multiple A records) for one name.
For example, assuming three HTTP servers with network addresses of
10.0.0.1, 10.0.0.2, and 10.0.0.3, a set of records such as the following
means that clients will connect to each machine one-third of the time:
+-----------+------+----------+----------+----------------------------+
| Name | TTL | CLASS | TYPE | Resource Record (RR) Data |
+-----------+------+----------+----------+----------------------------+
| www | 600 | IN | A | 10.0.0.1 |
+-----------+------+----------+----------+----------------------------+
| | 600 | IN | A | 10.0.0.2 |
+-----------+------+----------+----------+----------------------------+
| | 600 | IN | A | 10.0.0.3 |
+-----------+------+----------+----------+----------------------------+
When a resolver queries for these records, BIND rotates them and
responds to the query with the records in a different order. In the
example above, clients randomly receive records in the order 1, 2,
3; 2, 3, 1; and 3, 1, 2. Most clients use the first record returned
and discard the rest.
For more detail on ordering responses, check the ``rrset-order``
sub-statement in the ``options`` statement; see :ref:`rrset_ordering`.

120
doc/arm/configuration.rst → doc/arm/dns-ops.inc.rst
View File

@@ -9,123 +9,6 @@
.. See the COPYRIGHT file distributed with this work for additional .. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership. .. information regarding copyright ownership.
.. Configuration:
Name Server Configuration
=========================
In this chapter we provide some suggested configurations, along with
guidelines for their use. We suggest reasonable values for certain
option settings.
.. _sample_configuration:
Sample Configurations
---------------------
.. _cache_only_sample:
A Caching-only Name Server
~~~~~~~~~~~~~~~~~~~~~~~~~~
The following sample configuration is appropriate for a caching-only
name server for use by clients internal to a corporation. All queries
from outside clients are refused using the ``allow-query`` option.
The same effect can be achieved using suitable firewall
rules.
::
// Two corporate subnets we wish to allow queries from.
acl corpnets { 192.168.4.0/24; 192.168.7.0/24; };
options {
allow-query { corpnets; };
};
// Provide a reverse mapping for the loopback
// address 127.0.0.1
zone "0.0.127.in-addr.arpa" {
type primary;
file "localhost.rev";
notify no;
};
.. _auth_only_sample:
An Authoritative-only Name Server
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This sample configuration is for an authoritative-only server that is
the primary server for ``example.com`` and a secondary server for the subdomain
``eng.example.com``.
::
options {
// Do not allow access to cache
allow-query-cache { none; };
// This is the default
allow-query { any; };
// Do not provide recursive service
recursion no;
};
// Provide a reverse mapping for the loopback
// address 127.0.0.1
zone "0.0.127.in-addr.arpa" {
type primary;
file "localhost.rev";
notify no;
};
// We are the primary server for example.com
zone "example.com" {
type primary;
file "example.com.db";
// IP addresses of secondary servers allowed to
// transfer example.com
allow-transfer {
192.168.4.14;
192.168.5.53;
};
};
// We are a secondary server for eng.example.com
zone "eng.example.com" {
type secondary;
file "eng.example.com.bk";
// IP address of eng.example.com primary server
primaries { 192.168.4.12; };
};
.. _load_balancing:
Load Balancing
--------------
A primitive form of load balancing can be achieved in the DNS by using
multiple records (such as multiple A records) for one name.
For example, assuming three HTTP servers with network addresses of
10.0.0.1, 10.0.0.2, and 10.0.0.3, a set of records such as the following
means that clients will connect to each machine one-third of the time:
+-----------+------+----------+----------+----------------------------+
| Name | TTL | CLASS | TYPE | Resource Record (RR) Data |
+-----------+------+----------+----------+----------------------------+
| www | 600 | IN | A | 10.0.0.1 |
+-----------+------+----------+----------+----------------------------+
| | 600 | IN | A | 10.0.0.2 |
+-----------+------+----------+----------+----------------------------+
| | 600 | IN | A | 10.0.0.3 |
+-----------+------+----------+----------+----------------------------+
When a resolver queries for these records, BIND rotates them and
responds to the query with the records in a different order. In the
example above, clients randomly receive records in the order 1, 2,
3; 2, 3, 1; and 3, 1, 2. Most clients use the first record returned
and discard the rest.
For more detail on ordering responses, check the ``rrset-order``
sub-statement in the ``options`` statement; see :ref:`rrset_ordering`.
.. _ns_operations: .. _ns_operations:
Name Server Operations Name Server Operations
@@ -206,6 +89,8 @@ server.
For more information and a list of available commands and options, For more information and a list of available commands and options,
see :ref:`man_named-compilezone`. see :ref:`man_named-compilezone`.
.. _ops_rndc:
:iscman:`rndc` :iscman:`rndc`
The remote name daemon control (:iscman:`rndc`) program allows the system The remote name daemon control (:iscman:`rndc`) program allows the system
administrator to control the operation of a name server. administrator to control the operation of a name server.
@@ -312,4 +197,3 @@ described in the following table. These signals can be sent using the
| ``SIGINT`` | Causes the server to clean up and exit. | | ``SIGINT`` | Causes the server to clean up and exit. |
+--------------+-------------------------------------------------------------+ +--------------+-------------------------------------------------------------+
.. include:: plugins.inc.rst

3
doc/arm/index.rst
View File

@@ -19,7 +19,8 @@ BIND 9 Administrator Reference Manual
chapter1 chapter1
chapter2 chapter2
configuration chapter3
chapter4
reference reference
advanced advanced
security security

2
doc/arm/plugins.inc.rst
View File

@@ -12,7 +12,7 @@
.. _module-info: .. _module-info:
Plugins Plugins
------- ~~~~~~~
Plugins are a mechanism to extend the functionality of :iscman:`named` using Plugins are a mechanism to extend the functionality of :iscman:`named` using
dynamically loadable libraries. By using plugins, core server dynamically loadable libraries. By using plugins, core server