DNS and BIND, 5th Edition

Book description

DNS and BIND tells you everything you need to work with one of the Internet's fundamental building blocks: the distributed host information database that's responsible for translating names into addresses, routing mail to its proper destination, and even listing phone numbers with the new ENUM standard. This book brings you up-to-date with the latest changes in this crucial service.

The fifth edition covers BIND 9.3.2, the most recent release of the BIND 9 series, as well as BIND 8.4.7. BIND 9.3.2 contains further improvements in security and IPv6 support, and important new features such as internationalized domain names, ENUM (electronic numbering), and SPF (the Sender Policy Framework).

Whether you're an administrator involved with DNS on a daily basis or a user who wants to be more informed about the Internet and how it works, you'll find that this book is essential reading.

Topics include:

  • What DNS does, how it works, and when you need to use it
  • How to find your own place in the Internet's namespace
  • Setting up name servers
  • Using MX records to route mail
  • Configuring hosts to use DNS name servers
  • Subdividing domains (parenting)
  • Securing your name server: restricting who can query your server, preventing unauthorized zone transfers, avoiding bogus servers, etc.
  • The DNS Security Extensions (DNSSEC) and Transaction Signatures (TSIG)
  • Mapping one name to several servers for load sharing
  • Dynamic updates, asynchronous notification of change to a zone, and incremental zone transfers
  • Troubleshooting: using nslookup and dig, reading debugging output, common problems
  • DNS programming using the resolver library and Perl's Net::DNS module

Publisher resources

View/Submit Errata

Table of contents

  1. A Note Regarding Supplemental Files
  2. Preface
    1. Versions
    2. What’s New in the Fifth Edition?
    3. Organization
    4. Audience
    5. Obtaining the Example Programs
    6. How to Contact Us
    7. Conventions Used in This Book
    8. Using Code Examples
    9. Safari® Enabled
    10. Quotations
    11. Acknowledgments
  3. 1. Background
    1. 1.1. A (Very) Brief History of the Internet
    2. 1.2. On the Internet and Internets
      1. 1.2.1. The History of the Domain Name System
    3. 1.3. The Domain Name System, in a Nutshell
    4. 1.4. The History of BIND
    5. 1.5. Must I Use DNS?
  4. 2. How Does DNS Work?
    1. 2.1. The Domain Namespace
      1. 2.1.1. Domain Names
      2. 2.1.2. Domains
      3. 2.1.3. Resource Records
    2. 2.2. The Internet Domain Namespace
      1. 2.2.1. Top-Level Domains
        1. 2.2.1.1. Country-code top-level domains
        2. 2.2.1.2. New top-level domains
      2. 2.2.2. Further Down
      3. 2.2.3. Reading Domain Names
    3. 2.3. Delegation
    4. 2.4. Nameservers and Zones
      1. 2.4.1. Delegating Subdomains
      2. 2.4.2. Types of Nameservers
      3. 2.4.3. Zone Datafiles
    5. 2.5. Resolvers
    6. 2.6. Resolution
      1. 2.6.1. Root Nameservers
      2. 2.6.2. Recursion
      3. 2.6.3. Iteration
      4. 2.6.4. Choosing Between Authoritative Nameservers
      5. 2.6.5. The Whole Enchilada
      6. 2.6.6. Mapping Addresses to Names
    7. 2.7. Caching
      1. 2.7.1. Time to Live
  5. 3. Where Do I Start?
    1. 3.1. Getting BIND
      1. 3.1.1. Handy Mailing Lists and Usenet Newsgroups
      2. 3.1.2. Finding IP Addresses
    2. 3.2. Choosing a Domain Name
      1. 3.2.1. On Registrars and Registries
      2. 3.2.2. Where in the World Do I Fit?
        1. 3.2.2.1. whois
      3. 3.2.3. Back in the U.S.A.
        1. 3.2.3.1. The generic top-level domains
        2. 3.2.3.2. Choosing a registrar
      4. 3.2.4. Checking That Your Network Is Registered
      5. 3.2.5. Registering Your Zones
  6. 4. Setting Up BIND
    1. 4.1. Our Zone
    2. 4.2. Setting Up Zone Data
      1. 4.2.1. The Zone Datafiles
      2. 4.2.2. Comments
      3. 4.2.3. Setting the Zone’s Default TTL
      4. 4.2.4. SOA Records
      5. 4.2.5. NS Records
      6. 4.2.6. Address and Alias Records
      7. 4.2.7. PTR Records
      8. 4.2.8. The Completed Zone Datafiles
      9. 4.2.9. The Loopback Address
      10. 4.2.10. The Root Hints Data
    3. 4.3. Setting Up a BIND Configuration File
    4. 4.4. Abbreviations
      1. 4.4.1. Appending Domain Names
      2. 4.4.2. The @ Notation
      3. 4.4.3. Repeat Last Name
      4. 4.4.4. The Shortened Zone Datafiles
    5. 4.5. Hostname Checking
    6. 4.6. Tools
      1. 4.6.1. BIND 9 Tools
    7. 4.7. Running a Primary Nameserver
      1. 4.7.1. Starting Up the Nameserver
      2. 4.7.2. Check for Syslog Errors
      3. 4.7.3. Testing Your Setup with nslookup
        1. 4.7.3.1. Set the local domain name
        2. 4.7.3.2. Look up a local domain name
        3. 4.7.3.3. Look up a local address
        4. 4.7.3.4. Look up a remote domain name
        5. 4.7.3.5. One more test
      4. 4.7.4. Editing the Startup Files
    8. 4.8. Running a Slave Nameserver
      1. 4.8.1. Setup
      2. 4.8.2. Backup Files
      3. 4.8.3. SOA Values
      4. 4.8.4. Multiple Master Servers
    9. 4.9. Adding More Zones
    10. 4.10. What’s Next?
  7. 5. DNS and Electronic Mail
    1. 5.1. MX Records
    2. 5.2. Movie.edu’s Mail Server
    3. 5.3. What’s a Mail Exchanger, Again?
    4. 5.4. The MX Algorithm
    5. 5.5. DNS and Email Authentication
      1. 5.5.1. The Sender Policy Framework
  8. 6. Configuring Hosts
    1. 6.1. The Resolver
    2. 6.2. Resolver Configuration
      1. 6.2.1. The Local Domain Name
      2. 6.2.2. The Search List
        1. 6.2.2.1. The BIND 4.9 and later search list
        2. 6.2.2.2. The BIND 4.8.3 search list
      3. 6.2.3. The search Directive
      4. 6.2.4. The nameserver Directive
        1. 6.2.4.1. One nameserver configured
        2. 6.2.4.2. More than one nameserver configured
      5. 6.2.5. The sortlist Directive
      6. 6.2.6. The options Directive
      7. 6.2.7. Comments
      8. 6.2.8. A Note on the 4.9 Resolver Directives
    3. 6.3. Sample Resolver Configurations
      1. 6.3.1. Resolver Only
      2. 6.3.2. Local Nameserver
    4. 6.4. Minimizing Pain and Suffering
      1. 6.4.1. Differences in Service Behavior
      2. 6.4.2. Electronic Mail
      3. 6.4.3. Updating .rhosts, hosts.equiv, etc.
      4. 6.4.4. Providing Aliases
    5. 6.5. Additional Configuration Files
      1. 6.5.1. nsswitch.conf
    6. 6.6. The Windows XP Resolver
      1. 6.6.1. Caching
      2. 6.6.2. Subnet Prioritization
  9. 7. Maintaining BIND
    1. 7.1. Controlling the Nameserver
      1. 7.1.1. ndc and controls (BIND 8)
      2. 7.1.2. rndc and controls (BIND 9)
        1. 7.1.2.1. Using rndc to control multiple servers
        2. 7.1.2.2. New rndc commands
      3. 7.1.3. Using Signals
    2. 7.2. Updating Zone Datafiles
      1. 7.2.1. Adding and Deleting Hosts
      2. 7.2.2. SOA Serial Numbers
      3. 7.2.3. Starting Over with a New Serial Number
      4. 7.2.4. Additional Zone Datafile Entries
        1. 7.2.4.1. General text information
        2. 7.2.4.2. Responsible Person
      5. 7.2.5. Generating Zone Datafiles from the Host Table
      6. 7.2.6. Keeping the Root Hints Current
    3. 7.3. Organizing Your Files
      1. 7.3.1. Using Several Directories
      2. 7.3.2. Changing the Origin in a Zone Datafile
      3. 7.3.3. Including Other Zone Datafiles
    4. 7.4. Changing System File Locations
    5. 7.5. Logging
      1. 7.5.1. The logging Statement
      2. 7.5.2. Channel Details
        1. 7.5.2.1. File channels
        2. 7.5.2.2. syslog channels
        3. 7.5.2.3. stderr channel
        4. 7.5.2.4. null channel
        5. 7.5.2.5. Data formatting for all channels
      3. 7.5.3. Category Details
        1. 7.5.3.1. BIND 8 categories
        2. 7.5.3.2. BIND 9 categories
        3. 7.5.3.3. Viewing all category messages
    6. 7.6. Keeping Everything Running Smoothly
      1. 7.6.1. Common Syslog Messages
      2. 7.6.2. Understanding the BIND Statistics
        1. 7.6.2.1. BIND 8 statistics
        2. 7.6.2.2. BIND 9 statistics
        3. 7.6.2.3. Using the BIND statistics
  10. 8. Growing Your Domain
    1. 8.1. How Many Nameservers?
      1. 8.1.1. Where Do I Put My Nameservers?
      2. 8.1.2. Capacity Planning
    2. 8.2. Adding More Nameservers
      1. 8.2.1. Primary Master and Slave Servers
      2. 8.2.2. Caching-Only Servers
      3. 8.2.3. Partial-Slave Servers
    3. 8.3. Registering Nameservers
    4. 8.4. Changing TTLs
      1. 8.4.1. Changing Other SOA Values
    5. 8.5. Planning for Disasters
      1. 8.5.1. Outages
      2. 8.5.2. Recommendations
    6. 8.6. Coping with Disaster
      1. 8.6.1. Long Outages (Days)
      2. 8.6.2. Really Long Outages (Weeks)
  11. 9. Parenting
    1. 9.1. When to Become a Parent
    2. 9.2. How Many Children?
    3. 9.3. What to Name Your Children
    4. 9.4. How to Become a Parent: Creating Subdomains
      1. 9.4.1. Creating a Subdomain in the Parent’s Zone
      2. 9.4.2. Creating and Delegating a Subdomain
      3. 9.4.3. An fx.movie.edu Slave
      4. 9.4.4. On the movie.edu Primary Nameserver
      5. 9.4.5. Delegating an in-addr.arpa Zone
      6. 9.4.6. Adding a movie.edu Slave
    5. 9.5. Subdomains of in-addr.arpa Domains
      1. 9.5.1. Subnetting on an Octet Boundary
      2. 9.5.2. Subnetting on a Nonoctet Boundary
        1. 9.5.2.1. /8 (Class A-sized) and /16 (Class B-sized) networks
        2. 9.5.2.2. /24 (Class C-sized) networks
          1. 9.5.2.2.1. Solution 1
          2. 9.5.2.2.2. Solution 2
          3. 9.5.2.2.3. Solution 3
    6. 9.6. Good Parenting
      1. 9.6.1. Using host
      2. 9.6.2. Managing Delegation
        1. 9.6.2.1. Managing delegation with stubs
    7. 9.7. Managing the Transition to Subdomains
      1. 9.7.1. Removing Parent Aliases
    8. 9.8. The Life of a Parent
  12. 10. Advanced Features
    1. 10.1. Address Match Lists and ACLs
    2. 10.2. DNS Dynamic Update
      1. 10.2.1. Dynamic Update and Serial Numbers
      2. 10.2.2. Dynamic Update and Zone Datafiles
      3. 10.2.3. Update Access Control Lists
      4. 10.2.4. TSIG-Signed Updates
    3. 10.3. DNS NOTIFY (Zone Change Notification)
    4. 10.4. Incremental Zone Transfer (IXFR)
      1. 10.4.1. IXFR Limitations
      2. 10.4.2. IXFR from Differences
      3. 10.4.3. IXFR Files
      4. 10.4.4. BIND 8 IXFR Configuration
      5. 10.4.5. BIND 9 IXFR Configuration
    5. 10.5. Forwarding
      1. 10.5.1. A More Restricted Nameserver
      2. 10.5.2. Forward Zones
    6. 10.6. Views
    7. 10.7. Round-Robin Load Distribution
      1. 10.7.1. Multiple CNAMEs
      2. 10.7.2. The rrset-order Substatement
    8. 10.8. Nameserver Address Sorting
    9. 10.9. Preferring Nameservers on Certain Networks
    10. 10.10. A Nonrecursive Nameserver
    11. 10.11. Avoiding a Bogus Nameserver
    12. 10.12. System Tuning
      1. 10.12.1. Zone Transfers
        1. 10.12.1.1. Limiting transfers requested per nameserver
        2. 10.12.1.2. Limiting the total number of zone transfers requested
        3. 10.12.1.3. Limiting the total number of zone transfers served
        4. 10.12.1.4. Limiting the duration of a zone transfer
        5. 10.12.1.5. Limiting the frequency of zone transfers
        6. 10.12.1.6. More efficient zone transfers
      2. 10.12.2. Resource Limits
        1. 10.12.2.1. Changing the data segment size limit
        2. 10.12.2.2. Changing the stack size limit
        3. 10.12.2.3. Changing the core size limit
        4. 10.12.2.4. Changing the open files limit
        5. 10.12.2.5. Limiting the number of clients
        6. 10.12.2.6. Limiting SOA queries
      3. 10.12.3. Maintenance Intervals
        1. 10.12.3.1. Cleaning interval
        2. 10.12.3.2. Interface interval
        3. 10.12.3.3. Statistics interval
      4. 10.12.4. TTLs
    13. 10.13. Compatibility
    14. 10.14. The ABCs of IPv6 Addressing
    15. 10.15. Addresses and Ports
      1. 10.15.1. Configuring the IPv4 Transport
      2. 10.15.2. Configuring the IPv6 Transport
      3. 10.15.3. EDNS0
      4. 10.15.4. IPv6 Forward and Reverse Mapping
      5. 10.15.5. AAAA and ip6.arpa
      6. 10.15.6. A6, DNAMEs, Bitstring Labels, and ip6.arpa
        1. 10.15.6.1. A6 records and forward mapping
        2. 10.15.6.2. DNAME records and reverse mapping
  13. 11. Security
    1. 11.1. TSIG
      1. 11.1.1. One-Way Hash Functions
      2. 11.1.2. The TSIG Record
      3. 11.1.3. Configuring TSIG
      4. 11.1.4. Using TSIG
    2. 11.2. Securing Your Nameserver
      1. 11.2.1. BIND Version
      2. 11.2.2. Restricting Queries
        1. 11.2.2.1. Restricting all queries
        2. 11.2.2.2. Restricting queries in a particular zone
      3. 11.2.3. Preventing Unauthorized Zone Transfers
      4. 11.2.4. Running BIND with Least Privilege
      5. 11.2.5. Split-Function Nameservers
        1. 11.2.5.1. “Advertising” nameserver configuration
        2. 11.2.5.2. “Resolving” nameserver configuration
      6. 11.2.6. Two Nameservers in One
    3. 11.3. DNS and Internet Firewalls
      1. 11.3.1. Types of Firewall Software
        1. 11.3.1.1. Packet filters
        2. 11.3.1.2. Proxies
      2. 11.3.2. A Bad Example
      3. 11.3.3. Internet Forwarders
        1. 11.3.3.1. The trouble with forwarding
        2. 11.3.3.2. Using forward zones
      4. 11.3.4. Internal Roots
        1. 11.3.4.1. Where to put internal root nameservers
        2. 11.3.4.2. Forward-mapping delegation
        3. 11.3.4.3. in-addr.arpa delegation
        4. 11.3.4.4. The db.root file
        5. 11.3.4.5. Configuring other internal nameservers
        6. 11.3.4.6. How internal nameservers use internal roots
        7. 11.3.4.7. Mail from internal hosts to the Internet
        8. 11.3.4.8. Mail to specific Internet domain names
        9. 11.3.4.9. The trouble with internal roots
      5. 11.3.5. A Split Namespace
        1. 11.3.5.1. Configuring the bastion host
        2. 11.3.5.2. Protecting zone data on the bastion host
        3. 11.3.5.3. The final configuration
        4. 11.3.5.4. Using views on the bastion host
    4. 11.4. The DNS Security Extensions
      1. 11.4.1. Public-Key Cryptography and Digital Signatures
      2. 11.4.2. The DNSKEY Record
      3. 11.4.3. The RRSIG Record
      4. 11.4.4. The NSEC Record
      5. 11.4.5. The DS Record and the Chain of Trust
        1. 11.4.5.1. Islands of security
        2. 11.4.5.2. Delegating to unsigned zones
      6. 11.4.6. DO, AD, and CD
      7. 11.4.7. How the Records Are Used
      8. 11.4.8. DNSSEC and Performance
      9. 11.4.9. Zone-Signing Keys and Key-Signing Keys
      10. 11.4.10. Signing a Zone
        1. 11.4.10.1. Generating your key pairs
        2. 11.4.10.2. Signing your zone
        3. 11.4.10.3. Sending your keys to be signed
        4. 11.4.10.4. Signing a parent zone
      11. 11.4.11. DNSSEC and Dynamic Update
      12. 11.4.12. Changing Keys
      13. 11.4.13. What Was That All About?
  14. 12. nslookup and dig
    1. 12.1. Is nslookup a Good Tool?
      1. 12.1.1. Multiple Servers
      2. 12.1.2. Timeouts
      3. 12.1.3. The Search List
      4. 12.1.4. Zone Transfers
      5. 12.1.5. Using NIS and /etc/hosts
    2. 12.2. Interactive Versus Noninteractive
    3. 12.3. Option Settings
      1. 12.3.1. The .nslookuprc File
    4. 12.4. Avoiding the Search List
    5. 12.5. Common Tasks
      1. 12.5.1. Looking Up Different Record Types
      2. 12.5.2. Authoritative Versus Nonauthoritative Answers
      3. 12.5.3. Switching Nameservers
    6. 12.6. Less Common Tasks
      1. 12.6.1. Showing the Query and Response Messages
      2. 12.6.2. Querying Like a BIND Nameserver
      3. 12.6.3. Zone Transfers
    7. 12.7. Troubleshooting nslookup Problems
      1. 12.7.1. Looking Up the Right Data
      2. 12.7.2. No Response from Server
      3. 12.7.3. No PTR Record for Nameserver’s Address
      4. 12.7.4. Query Refused
      5. 12.7.5. First resolv.conf Nameserver Not Responding
      6. 12.7.6. Finding Out What Is Being Looked Up
      7. 12.7.7. Unspecified Error
    8. 12.8. Best of the Net
    9. 12.9. Using dig
      1. 12.9.1. dig’s Output Format
      2. 12.9.2. Zone Transfers with dig
      3. 12.9.3. dig Options
  15. 13. Reading BIND Debugging Output
    1. 13.1. Debugging Levels
      1. 13.1.1. What Information Is at Each Level?
        1. 13.1.1.1. BIND 8 debugging levels
        2. 13.1.1.2. BIND 9 debugging levels
    2. 13.2. Turning On Debugging
      1. 13.2.1. Debugging Command-Line Option
      2. 13.2.2. Changing the Debugging Level with Control Messages
    3. 13.3. Reading Debugging Output
      1. 13.3.1. Nameserver Startup (BIND 8, Debug Level 1)
      2. 13.3.2. Nameserver Startup (BIND 9, Debug Level 1)
      3. 13.3.3. A Successful Lookup (BIND 8, Debug Level 1)
      4. 13.3.4. A Successful Lookup (BIND 9, Debug Level 1)
      5. 13.3.5. A Successful Lookup with Retransmissions (BIND 8, Debug Level 1)
      6. 13.3.6. A Slave Nameserver Checking Its Zone (BIND 8, Debug Level 1)
      7. 13.3.7. A Slave Nameserver Checking Its Zone (BIND 9 Debug Level 1)
    4. 13.4. The Resolver Search Algorithm and Negative Caching (BIND 8)
    5. 13.5. The Resolver Search Algorithm and Negative Caching (BIND 9)
    6. 13.6. Tools
  16. 14. Troubleshooting DNS and BIND
    1. 14.1. Is NIS Really Your Problem?
    2. 14.2. Troubleshooting Tools and Techniques
      1. 14.2.1. How to Use named-xfer
      2. 14.2.2. What if I Don’t Have named-xfer?
      3. 14.2.3. How to Read a BIND 8 Database Dump
      4. 14.2.4. How to Read a BIND 9 Database Dump
      5. 14.2.5. Logging Queries
    3. 14.3. Potential Problem List
      1. 14.3.1. 1. Forgot to Increment Serial Number
      2. 14.3.2. 2. Forgot to Reload Primary Nameserver
      3. 14.3.3. 3. Slave Nameserver Can’t Load Zone Data
      4. 14.3.4. 4. Added Name to Zone Datafile but Forgot to Add PTR Record
      5. 14.3.5. 5. Syntax Error in Configuration File or Zone Datafile
      6. 14.3.6. 6. Missing Dot at the End of a Domain Name in a Zone Datafile
      7. 14.3.7. 7. Missing Root Hints Data
      8. 14.3.8. 8. Loss of Network Connectivity
      9. 14.3.9. 9. Missing Subdomain Delegation
      10. 14.3.10. 10. Incorrect Subdomain Delegation
      11. 14.3.11. 11. Syntax Error in resolv.conf
      12. 14.3.12. 12. Local Domain Name Not Set
      13. 14.3.13. 13. Response from Unexpected Source
    4. 14.4. Transition Problems
      1. 14.4.1. Resolver Behavior
      2. 14.4.2. Nameserver Behavior
    5. 14.5. Interoperability and Version Problems
      1. 14.5.1. Zone Transfer Fails Because of Proprietary WINS Record
      2. 14.5.2. Nameserver Reports “no NS RR for SOA MNAME”
      3. 14.5.3. Nameserver Reports “Too many open files”
      4. 14.5.4. Resolver Reports “asked for PTR, got CNAME”
      5. 14.5.5. Nameserver Startup Fails Because UDP Checksums Disabled
      6. 14.5.6. Other Nameservers Don’t Cache Your Negative Answers
      7. 14.5.7. TTL Not Set
    6. 14.6. TSIG Errors
    7. 14.7. Problem Symptoms
      1. 14.7.1. Local Name Can’t Be Looked Up
      2. 14.7.2. Remote Names Can’t Be Looked Up
      3. 14.7.3. Wrong or Inconsistent Answer
      4. 14.7.4. Lookups Take a Long Time
      5. 14.7.5. rlogin and rsh to Host Fails Access Check
      6. 14.7.6. Access to Services Denied
      7. 14.7.7. Can’t Get Rid of Old Data
        1. 14.7.7.1. Old delegation information
        2. 14.7.7.2. Registration of a non-nameserver
        3. 14.7.7.3. What have I got?
  17. 15. Programming with the Resolver and Nameserver Library Routines
    1. 15.1. Shell Script Programming with nslookup
      1. 15.1.1. A Typical Problem
      2. 15.1.2. Solving This Problem with a Script
    2. 15.2. C Programming with the Resolver Library Routines
      1. 15.2.1. DNS Message Format
      2. 15.2.2. Domain Name Storage
      3. 15.2.3. Domain Name Compression
      4. 15.2.4. The Resolver Library Routines
        1. 15.2.4.1. herror and h_errno
        2. 15.2.4.2. res_init
        3. 15.2.4.3. res_mkquery
        4. 15.2.4.4. res_query
        5. 15.2.4.5. res_search
        6. 15.2.4.6. res_send
      5. 15.2.5. The _res Structure
      6. 15.2.6. The Nameserver Library Routines
        1. 15.2.6.1. ns_get16 and ns_put16
        2. 15.2.6.2. ns_get32 and ns_put32
        3. 15.2.6.3. ns_initparse
        4. 15.2.6.4. ns_msg_base, ns_msg_end, and ns_msg_size
        5. 15.2.6.5. ns_msg_count
        6. 15.2.6.6. ns_msg_get_flag
        7. 15.2.6.7. ns_msg_id
        8. 15.2.6.8. ns_name_compress
        9. 15.2.6.9. ns_name_skip
        10. 15.2.6.10. ns_name_uncompress
        11. 15.2.6.11. ns_parserr
        12. 15.2.6.12. ns_rr routines
      7. 15.2.7. Parsing DNS Responses
      8. 15.2.8. A Sample Program: check_soa
    3. 15.3. Perl Programming with Net::DNS
      1. 15.3.1. Resolver Objects
      2. 15.3.2. Packet Objects
      3. 15.3.3. Header Objects
      4. 15.3.4. Question Objects
      5. 15.3.5. Resource Record Objects
      6. 15.3.6. A Perl Version of check_soa
  18. 16. Architecture
    1. External, Authoritative DNS Infrastructure
    2. Forwarder Infrastructure
    3. Internal DNS Infrastructure
    4. Operations
    5. Keeping Up with DNS and BIND
  19. 17. Miscellaneous
    1. 17.1. Using CNAME Records
      1. 17.1.1. CNAMEs Attached to Interior Nodes
      2. 17.1.2. CNAMEs Pointing to CNAMEs
      3. 17.1.3. CNAMEs in the Resource Record Data
      4. 17.1.4. Multiple CNAME Records
      5. 17.1.5. Looking Up CNAMEs
      6. 17.1.6. Finding Out a Host’s Aliases
    2. 17.2. Wildcards
    3. 17.3. A Limitation of MX Records
    4. 17.4. Dial-up Connections
      1. 17.4.1. What Causes Dialouts
      2. 17.4.2. Avoiding Dialouts
      3. 17.4.3. Manual Dial-up with One Host
      4. 17.4.4. Manual Dial-up with Multiple Hosts
      5. 17.4.5. Dial-on-Demand with One Host
      6. 17.4.6. Dial-on-Demand with Multiple Hosts
      7. 17.4.7. Running Authoritative Nameservers over Dial-on-Demand
    5. 17.5. Network Names and Numbers
    6. 17.6. Additional Resource Records
      1. 17.6.1. AFSDB
      2. 17.6.2. LOC
      3. 17.6.3. SRV
    7. 17.7. ENUM
      1. 17.7.1. Translating E.164 Numbers into Domain Names
      2. 17.7.2. The NAPTR Record
      3. 17.7.3. Registering ENUM Domain Names
      4. 17.7.4. Privacy and Security Issues with ENUM
    8. 17.8. Internationalized Domain Names
    9. 17.9. DNS and WINS
    10. 17.10. DNS, Windows, and Active Directory
      1. 17.10.1. How Windows Uses Dynamic Update
      2. 17.10.2. Problems with Active Directory and BIND
      3. 17.10.3. Secure Dynamic Update
        1. 17.10.3.1. BIND and GSS-TSIG
      4. 17.10.4. What to Do?
        1. 17.10.4.1. Handling Windows clients
        2. 17.10.4.2. Handling Windows servers
  20. A. DNS Message Format and Resource Records
    1. A.1. Master File Format
      1. A.1.1. Character Case
      2. A.1.2. Types
        1. A.1.2.1. A address
        2. A.1.2.2. CNAME canonical name
        3. A.1.2.3. HINFO host information
        4. A.1.2.4. MX mail exchanger
        5. A.1.2.5. NS name server
        6. A.1.2.6. PTR pointer
        7. A.1.2.7. SOA start of authority
        8. A.1.2.8. TXT text
        9. A.1.2.9. WKS well-known services
      3. A.1.3. New Types from RFC 1183
        1. A.1.3.1. AFSDB Andrew File System Data Base (experimental)
        2. A.1.3.2. ISDN Integrated Services Digital Network address (experimental)
        3. A.1.3.3. RP Responsible Person (experimental)
        4. A.1.3.4. RT Route Through (experimental)
        5. A.1.3.5. X25 X.25 address (experimental)
      4. A.1.4. New Types from RFC 1664
        1. A.1.4.1. PX pointer to X.400/RFC 822 mapping information
      5. A.1.5. New Types from RFC 3596
        1. A.1.5.1. AAAA IPv6 Address
      6. A.1.6. New Types from RFC 2782
        1. A.1.6.1. SRV Locate Services
      7. A.1.7. New Types from RFC 2915
        1. A.1.7.1. NAPTR Naming Authority Pointer
      8. A.1.8. Classes
    2. A.2. DNS Messages
      1. A.2.1. Message Format
      2. A.2.2. Header Section Format
      3. A.2.3. Question Section Format
        1. A.2.3.1. QCLASS values
        2. A.2.3.2. QTYPE values
      4. A.2.4. Answer, Authority, and Additional Section Format
      5. A.2.5. Data Transmission Order
    3. A.3. Resource Record Data
      1. A.3.1. Data Format
        1. A.3.1.1. Character string
        2. A.3.1.2. Domain name
        3. A.3.1.3. Message compression
  21. B. BIND Compatibility Matrix
  22. C. Compiling and Installing BIND on Linux
    1. C.1. Instructions for BIND 8
      1. C.1.1. Get the Source Code
      2. C.1.2. Unpack the Source Code
      3. C.1.3. Use the Proper Compiler Settings
      4. C.1.4. Build Everything
    2. C.2. Instructions for BIND 9
      1. C.2.1. Get the Source Code
      2. C.2.2. Unpack the Source Code
      3. C.2.3. Run configure, and Build Everything
  23. D. Top-Level Domains
  24. E. BIND Nameserver and Resolver Configuration
    1. E.1. BIND Nameserver Boot File Directives and Configuration File Statements
    2. E.2. BIND 8 Configuration File Statements
      1. E.2.1.  
        1. E.2.1.1. acl
        2. E.2.1.2. controls (8.2+)
        3. E.2.1.3. include
        4. E.2.1.4. key (8.2+)
        5. E.2.1.5. logging
        6. E.2.1.6. options
        7. E.2.1.7. server
        8. E.2.1.8. trusted-keys (8.2+)
        9. E.2.1.9. zone
    3. E.3. BIND 9 Configuration File Statements
      1. E.3.1. Comments
        1. E.3.1.1. acl
        2. E.3.1.2. controls
        3. E.3.1.3. include
        4. E.3.1.4. key
        5. E.3.1.5. logging
        6. E.3.1.6. lwres
        7. E.3.1.7. masters
        8. E.3.1.8. options
        9. E.3.1.9. server
        10. E.3.1.10. trusted-keys
        11. E.3.1.11. view
        12. E.3.1.12. zone
    4. E.4. BIND Resolver Statements
      1. E.4.1.  
        1. E.4.1.1. ; and #
        2. E.4.1.2. domain
        3. E.4.1.3. nameserver
        4. E.4.1.4. options attempts (8.2+)
        5. E.4.1.5. options debug
        6. E.4.1.6. options ndots
        7. E.4.1.7. options no-check-names (8.2+)
        8. E.4.1.8. options timeout (8.2+)
        9. E.4.1.9. options rotate (8.2+)
        10. E.4.1.10. search
        11. E.4.1.11. sortlist
    5. E.5. BIND 9 Options Statement
      1. E.5.1. Definition and Usage
      2. E.5.2. Boolean Options
      3. E.5.3. Forwarding
      4. E.5.4. Dual-Stack Servers
      5. E.5.5. Access Control
      6. E.5.6. Interfaces
      7. E.5.7. Query Address
      8. E.5.8. Zone Transfers
      9. E.5.9. Bad UDP Port Lists
      10. E.5.10. Operating System Resource Limits
      11. E.5.11. Server Resource Limits
      12. E.5.12. Periodic Task Intervals
      13. E.5.13. Topology
      14. E.5.14. The sortlist Statement
      15. E.5.15. RRset Ordering
      16. E.5.16. Tuning
      17. E.5.17. Built-in Server Information Zones
  25. Index
  26. About the Authors
  27. Colophon
  28. Copyright

Product information

  • Title: DNS and BIND, 5th Edition
  • Author(s): Cricket Liu, Paul Albitz
  • Release date: May 2006
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 9780596100575