diff --git a/doc/arm/Bv9ARM.ch03.html b/doc/arm/Bv9ARM.ch03.html index 02b72d657d..2a13168896 100644 --- a/doc/arm/Bv9ARM.ch03.html +++ b/doc/arm/Bv9ARM.ch03.html @@ -471,14 +471,14 @@ CLASS="command" >also-notify, see Section 6.2.12.7Section 6.2.14.7. For more information about notify, see Section 6.2.12.1Section 6.2.14.1.

update-policy statement in Section 6.2.20.4Section 6.2.22.4.

BIND 9 ships with several tools +> 9 ships + with several tools that are used in this process, which are explained in more detail below. In all cases, the "-h" option prints a full list of parameters. Note that the DNSSEC tools require the - keyset and signedkey files to be in the working directory.

There must also be communication with the administrators of the parent and/or child zone to transmit keys and signatures. A @@ -1156,14 +1159,14 @@ CLASS="command" >dnssec-makekeyset -t 3600 -e +86400 Kchild.example.+003+12345 Kchild.example.+003+23456dnssec-makekeyset -t 3600 -e +864000 Kchild.example.+003+12345 Kchild.example.+003+23456

One output file is produced: child.example.keysetkeyset-child.example.. This file should be transmitted to the parent to be signed. It includes the keys, as well as signatures over the key set generated by the zone @@ -1207,14 +1210,14 @@ CLASS="filename" >dnssec-signkey grand.child.example.keyset Kchild.example.+003+12345 Kchild.example.+003+23456dnssec-signkey keyset-grand.child.example. Kchild.example.+003+12345 Kchild.example.+003+23456

One output file is produced: grand.child.example.signedkeysignedkey-grand.child.example.. This file should be both transmitted back to the child and retained. It includes all keys (the child's keys) from the keyset file and diff --git a/doc/arm/Bv9ARM.ch05.html b/doc/arm/Bv9ARM.ch05.html index dfc70ec6b6..46fca0ffe9 100644 --- a/doc/arm/Bv9ARM.ch05.html +++ b/doc/arm/Bv9ARM.ch05.html @@ -83,7 +83,7 @@ HREF="Bv9ARM.ch05.html#AEN988" >

5.2. Running a Resolver Daemon

5.2. Running a Resolver Daemon

lwresd.

Applications using the lightweight resolver library will make -UDP requests to the IPv4 loopback address (127.0.0.1) on port 921. - The daemon will try to find the answer to the questions "what are the -addresses for host By default, applications using the lightweight resolver library will make +UDP requests to the IPv4 loopback address (127.0.0.1) on port 921. The +address can be overriden by lwserver lines in +/etc/resolv.conf. +The daemon will try to find the answer to the questions "what are the +addresses for host +foo.example.com?" and "what are -the names for IPv4 address 204.152.184.79?"

The daemon currently only looks in the DNS, but in the future it may use other sources such as /etc/hosts, NIS, etc.

The lwresd daemon is essentially a stripped-down, +> daemon is essentially a caching-only name server that answers requests using the lightweight resolver protocol rather than the DNS protocol. Because it needs to run on each host, it is designed to require no or minimal configuration. - It uses the name servers listed on nameserver lines -in lines in /etc/resolv.conf as forwarders, but is also -capable of doing the resolution autonomously if none are specified.

+as forwarders, but is also capable of doing the resolution autonomously if +none are specified.

The lwresd daemon may also be configured with a +named.conf style configuration file, in +/etc/lwresd.conf by default. A name server may also +be configured to act as a lightweight resolver daemon using the +lwres{} statement in named.conf.

6.3. Zone File

6.1.1.1. Syntax

6.1.1.2. Definition and Usage
6.1.2. Comment Syntax
6.1.2.1. Syntax
6.1.2.2. Definition and Usage
6.2.1. acl
6.2.3. controls
6.2.4. controls
6.2.5. include
6.2.6. include
6.2.7. key
6.2.8. key
6.2.9. logging
6.2.10. logging
6.2.10.1. The channel
6.2.11. lwres Statement Grammar
 This is the grammar of the lwres
+      statement in the named.conf file:
lwres
+    [ listen-on { address_match_list }; ]
+    [ view view_name; ]
+    [ search { domain_name ; [ ip_addr ; ... ] }; ]
+    [ ndots number; ]
+

6.2.12. lwres Statement Definition and Usage

The lwres statement configures the name + server to also act as a lightweight resolver server, see + Section 5.2. There may be be multiple + lwres statements configuring + lightweight resolver servers with different properties.

The listen-on statement specifies a list of + addresses (and ports) that this instance of a lightweight resolver daemon + should accept requests on. If this statement is omitted, requests + will be accepted on 127.0.0.1, port 53.

The view statement binds this instance of a + lightweight resolver daemon to a view in the DNS namespace, so that the + response will be constructed in the same manner as a normal DNS query + matching this view. If this statement is omitted, the default view is + used, and if there is no default view, an error is triggered.

The search statement is equivalent to the + search statement in + /etc/resolv.conf. It provides a list of domains + which are appended to relative names in queries.

The ndots statement is equivalent to the + ndots statement in + /etc/resolv.conf. It indicates the minimum + number of dots in a relative domain name that should result in an + exact match lookup before search path elements are appended.

6.2.13. options Statement Grammar

yes_or_no | explicit; ] [

6.2.12. 6.2.14. options Statement Definition and @@ -3719,7 +3869,7 @@ CLASS="sect3" CLASS="sect3" >6.2.12.1. Boolean Options6.2.14.1. Boolean Options

Section 3.3. The messages are sent to the +servers listed in the zone's NS records (except the master server identified +in the SOA MNAME field), and to any servers listed in the +also-notify option. +

If explicit, notifies are sent only to +servers explicitly listed using also-notify. -The no, no notifies are sent. +

The notify option may also be specified in the

6.2.12.2. Forwarding6.2.14.2. Forwarding

The forwarding facility can be used to create a large site-wide @@ -4544,7 +4720,7 @@ CLASS="command" > behavior, or not forward at all, see Section 6.2.19Section 6.2.21.

6.2.12.3. Name Checking6.2.14.3. Name Checking

The server can check domain names based upon their expected @@ -4689,7 +4865,7 @@ CLASS="sect3" CLASS="sect3" >6.2.12.4. Access Control6.2.14.4. Access Control

Access to the server can be restricted based on the IP address @@ -4818,20 +4994,6 @@ CLASS="userinput" >none.

-

Note: Not yet implemented in BIND 9.

6.2.12.5. Interfaces6.2.14.5. Interfaces

The interfaces and ports that the server will answer queries @@ -4940,8 +5102,8 @@ CLASS="sect3" >

6.2.12.6. Query Address6.2.14.6. Query Address

If the server doesn't know the answer to a question, it will @@ -5000,7 +5162,7 @@ CLASS="sect3" CLASS="sect3" >6.2.12.7. Zone Transfers6.2.14.7. Zone Transfers

Defines a global list of IP addresses +>Defines a global list of IP addresses of name servers that are also sent NOTIFY messages whenever a fresh copy of the -zone is loaded. This helps to ensure that copies of the zones will +zone is loaded, in addition to the servers listed in the zone's NS records. +This helps to ensure that copies of the zones will quickly converge on stealth servers. If an also-notify

6.2.12.8. Resource Limits6.2.14.8. Resource Limits

The server's usage of many system resources can be @@ -5764,8 +5927,8 @@ CLASS="sect3" >

6.2.12.9. Periodic Task Intervals6.2.14.9. Periodic Task Intervals

6.2.12.10. Topology6.2.14.10. Topology

All other things being equal, when the server chooses a nameserver @@ -5966,7 +6129,7 @@ CLASS="sect3" CLASS="sect3" >6.2.12.11. The 6.2.14.11. The sortlist Statement statement does (Section 6.2.12.10Section 6.2.14.10). Each top level statement in the sortlist6.2.12.12. RRset Ordering6.2.14.12. RRset Ordering

When multiple records are returned in an answer it may be @@ -6323,7 +6486,7 @@ CLASS="sect3" CLASS="sect3" >6.2.12.13. Tuning6.2.14.13. Tuning

6.2.12.14. Deprecated Features6.2.14.14. Deprecated Features

option in Section 6.2.14Section 6.2.16. See also 6.2.13. 6.2.15. server @@ -6637,7 +6800,7 @@ CLASS="sect2" CLASS="sect2" >6.2.14. 6.2.16. server Statement Definition @@ -6659,23 +6822,6 @@ CLASS="command" CLASS="command" >no.

The

6.2.15. 6.2.17. trusted-keys Statement Grammar

6.2.16. 6.2.18. trusted-keys Statement Definition @@ -6926,8 +7072,8 @@ CLASS="sect2" >

6.2.17. 6.2.19. view Statement Grammar

6.2.18. 6.2.20. view Statement Definition and Usage6.2.19. 6.2.21. zone @@ -7407,6 +7553,11 @@ CLASS="replaceable" >yes_or_no | explicit ; ] [

6.2.20. 6.2.22. zone Statement Definition and Usage

6.2.20.1. Zone Types6.2.22.1. Zone Types

-

Note: Domain-specific -forwarding is not yet implemented in BIND 9.

6.2.20.2. Class6.2.22.2. Class

The zone's name may optionally be followed by a class. If @@ -7778,8 +7915,8 @@ CLASS="sect3" >

6.2.20.3. Zone Options6.2.22.3. Zone Options

allow-query in Section 6.2.12.4Section 6.2.14.4

allow-transfer in Section 6.2.12.4Section 6.2.14.4.

Specifies a "Simple Secure Update" policy. See Section 6.2.20.4Section 6.2.22.4.

Specifies which hosts are allowed to submit Dynamic DNS updates to slave zones to be forwarded to the -master. The default is to deny update forwarding from all hosts.

Note: Update -forwarding is not yet implemented.

+

See Section 6.2.12.3Section 6.2.14.3.

dialup under Section 6.2.12.1Section 6.2.14.1.

would allow a normal lookup to be tried.

-

Note: Not yet implemented in BIND 9.

forward, no forwarding is done for the zone; the global options are not used.

Note: Not -yet implemented in BIND 9.

+max-transfer-time-in under Section 6.2.12.7Section 6.2.14.7.

max-transfer-idle-in under Section 6.2.12.7Section 6.2.14.7.

max-transfer-time-out under Section 6.2.12.7Section 6.2.14.7.

max-transfer-idle-out under Section 6.2.12.7Section 6.2.14.7.

notify under Section 6.2.12.1Section 6.2.14.1.

sig-validity-interval under Section 6.2.12.13Section 6.2.14.13.

6.2.20.4. Dynamic Update Policies6.2.22.4. Dynamic Update Policies

6.3. Zone File

6.3.1.1. Resource Records

Section 6.2.12.11Section 6.2.14.11 and Section 6.2.12.12Section 6.2.14.12.

The components of a Resource Record are:

6.3.1.2. Textual expression of RRs

6.3.2. Discussion of MX Records

6.3.4. Inverse Mapping in IPv4

6.3.5. Other Zone File Directives

6.3.5.1. The $ORIGIN

6.3.5.2. The $INCLUDE

6.3.5.3. The $TTL

6.3.6. BINDlhs side are replaced by the iterator -value. To get a $ in the output use a double $ +using a backslash \, e.g. $$. If the \$. The $ may optionally be followed +by modifiers which change the offset from the interator, field width and base. +Modifiers are introduced by a { immediately following the +$ as ${offset[,width[,base]]}. +e.g. ${-20,3,d} which subtracts 20 from the current value, +prints the result as a decimal in a zero padded field of with 3. Available +output forms are decimal (d), octal (o) +and hexadecimal (x or X for uppercase). +The default modifier is ${0,0,d}. +If the lhs is not @@ -10510,6 +10660,13 @@ CLASS="command" >$ORIGIN is appended to the name.

+

For compatability with earlier versions $$ is still +recognised a indicating a literal $ in the output.

BIND extension -and not part of the standard zone file format. -

Note: It is not yet implemented in BIND 9.

-

7.2. chroot
7.3. Dynamic Updates

7.2. chroot

7.2.1. The chroot

7.2.2. Using the setuid

7.3. Dynamic Updates

8.1. Common Problems
8.2. Incrementing and Changing the Serial Number
8.3. Where Can I Get Help?

8.1. Common Problems

8.1.1. It's not working; how can I figure out what's wrong?

8.2. Incrementing and Changing the Serial Number

8.3. Where Can I Get Help?

A.1. Acknowledgements
A.3. General DNS

A.1. Acknowledgements

A.1.1. A Brief History of the DNS

A.2.1.1. HS = hesiod

A.2.1.2. CH = chaos

A.3. General DNS

A.3.1. IPv6 addresses (A6)

.

Bibliography

Standards

[RFC974] C. Partridge,

[RFC1034] P.V. Mockapetris,

[RFC1035] P. V. Mockapetris,

[RFC2181] R., R. Bush Elz,

[RFC2308] M. Andrews,

[RFC1995] M. Ohta,

[RFC1996] P. Vixie,

[RFC2136] P. Vixie, S. Thomson, Y. Rekhter, and J. Bound,

[RFC2845] P. Vixie, O. Gudmundsson, D. Eastlake, 3rd, and B. Wellington,

Proposed Standards Still Under Development

[RFC1886] S. Thomson and C. Huitema,

[RFC2065] D. Eastlake, 3rd and C. Kaufman,

[RFC2137] D. Eastlake, 3rd,

Other Important RFCs About DNS

[RFC1535] E. Gavron,

[RFC1536] A. Kumar, J. Postel, C. Neuman, P. Danzig, and S. Miller,

[RFC1982] R. Elz and R. Bush,

Resource Record Types

[RFC1183] C.F. Everhart, L. A. Mamakos, R. Ullmann, and P. Mockapetris,

[RFC1706] B. Manning and R. Colella,

[RFC2168] R. Daniel and M. Mealling,

[RFC1876] C. Davis, P. Vixie, T., and I. Dickinson,

[RFC2052] A. Gulbrandsen and P. Vixie,

[RFC2163] A. Allocchio,

[RFC2230] R. Atkinson,

DNS

[RFC1101] P. V. Mockapetris,

[RFC1123] Braden,

[RFC1591] J. Postel,

[RFC2317] H. Eidnes, G. de Groot, and P. Vixie,

DNS

[RFC1537] P. Beertema,

[RFC1912] D. Barr,

[RFC1912] D. Barr,

[RFC2010] B. Manning and P. Vixie,

[RFC2219] M. Hamilton and R. Wright,

Other DNS

[RFC1464] R. Rosenbaum,

[RFC1713] A. Romao,

[RFC1794] T. Brisco,

[RFC2240] O. Vaughan,

[RFC2345] J. Klensin, T. Wolf, and G. Oglesby,

[RFC2352] O. Vaughan,

Obsolete and Unimplemented Experimental RRs

[RFC1712] C. Farrell, M. Schulze, S. Pleitner, and D. Baldoni,

A.4.3. Other Documents About BIND

Bibliography

Paul Albitz and Cricket Liu,

5.2. Running a Resolver Daemon
6.1.2. Comment Syntax
6.2.1. acl
6.2.3. controls
6.2.4. controls
6.2.5. include
6.2.6. include
6.2.7. key
6.2.8. key
6.2.9. logging
6.2.10. logging
6.2.11. lwres Statement Grammar
6.2.12. lwres Statement Definition and Usage
6.2.13. options Statement Grammar
6.2.12. 6.2.14. options
6.2.13. 6.2.15.
6.2.14. 6.2.16.
6.2.15. 6.2.17. trusted-keys Statement Grammar
6.2.16. 6.2.18. trusted-keys
6.2.17. 6.2.19. view Statement Grammar
6.2.18. 6.2.20. view Statement Definition and Usage
6.2.19. 6.2.21.
6.2.20. 6.2.22. zone
6.3. Zone File
6.3.2. Discussion of MX Records
6.3.4. Inverse Mapping in IPv4
6.3.5. Other Zone File Directives
6.3.6. BIND
7.2. chroot
7.2.1. The chroot
7.2.2. Using the setuid
7.3. Dynamic Updates
8.1. Common Problems
8.1.1. It's not working; how can I figure out what's wrong?
8.2. Incrementing and Changing the Serial Number
8.3. Where Can I Get Help?
A.1. Acknowledgements
A.1.1. A Brief History of the DNS
A.3. General DNS
A.3.1. IPv6 addresses (A6)
A.4.3. Other Documents About BIND