You are previewing Pro DNS and BIND 10.
O'Reilly logo
Pro DNS and BIND 10

Book Description

Pro DNS and BIND 10 guides you through the challenging array of features surrounding DNS with a special focus on the latest release of BIND, the world's most popular DNS implementation. This book unravels the mysteries of DNS, offering insight into origins, evolution, and key concepts like domain names and zone files. This book focuses on running DNS systems based on BIND 10, the first stable release that includes support for the latest DNSSEC standards.

Whether you administer a DNS system, are thinking about running one, or you simply want to understand the DNS system, then this book for you. Pro DNS and BIND 10 starts with simple concepts, then moves on to full security-aware DNSSEC configurations. Various features, parameters, and Resource Records are described and illustrated with examples.

The book contains a complete reference to zone files, Resource Records, and BIND's configuration file parameters. You can treat the book as a simple paint-by-numbers guide to everything from a simple caching DNS to the most complex secure DNS (DNSSEC) implementation. Background information is included for when you need to know what to do and why you have to do it, and so that you can modify processes to meet your unique needs.

Table of Contents

  1. Copyright
  2. About the Author
  3. About the Technical Reviewer
  4. Acknowledgments
  5. Introduction
    1. Introduction to the Second Edition
    2. Who This Book Is For
    3. How This Book Is Structured
      1. Chapter 1, "An Introduction to DNS"
      2. Chapter 2, "Zone Files and Resource Records"
      3. Chapter 3, "DNS Operations"
      4. Chapter 4, "DNS Types"
      5. Chapter 5, "DNS and IPv6"
      6. Chapter 6, "Installing BIND"
      7. Chapter 7, "BIND Type Samples"
      8. Chapter 8, "DNS Techniques"
      9. Chapter 9, "DNS Diagnostics and Tools"
      10. Chapter 10, "DNS Secure Configurations"
      11. Chapter 11, "DNSSEC"
      12. Chapter 12, "BIND Configuration Reference"
      13. Chapter 13, "Zone File Reference"
      14. Chapter 14, "BIND APIs and Resolver Libraries"
      15. Chapter 15, "DNS Messages and Records"
      16. Appendix A, "Domain Name Registration"
      17. Appendix B, "DNS RFCs"
      18. Additional Material
    4. Conventions
    5. Contacting the Author
  6. I. Principles and Overview
    1. 1. An Introduction to DNS
      1. 1.1. A Brief History of Name Servers
      2. 1.2. Name Server Basics
      3. 1.3. The Internet Domain Name System
        1. 1.3.1. Domains and Delegation
        2. 1.3.2. Domain Authority
          1. 1.3.2.1. So What Is www.example.com?
      4. 1.4. DNS Implementation and Structure
      5. 1.5. Root DNS Operations
        1. 1.5.1. Top-Level Domains
          1. 1.5.1.1. Generic Top-Level Domains
      6. 1.6. DNS in Action
        1. 1.6.1. Zones and Zone Files
        2. 1.6.2. Master and Slave DNS Servers
      7. 1.7. DNS Software
      8. 1.8. Summary
    2. 2. Zone Files and Resource Records
      1. 2.1. Zone File Format
      2. 2.2. Zone File Contents
      3. 2.3. An Example Zone File
      4. 2.4. The $TTL Directive
      5. 2.5. The $ORIGIN Directive
      6. 2.6. The SOA Resource Record
      7. 2.7. The NS Resource Record
      8. 2.8. The MX Resource Record
      9. 2.9. The A Resource Record
      10. 2.10. CNAME Resource Record
        1. 2.10.1. When CNAME Records Must Be Used
      11. 2.11. Additional Resource Records
        1. 2.11.1. PTR Resource Records
        2. 2.11.2. TXT Resource Records
        3. 2.11.3. AAAA Resource Records
        4. 2.11.4. NSEC, RRSIG, DS, DNSKEY, and KEY Resource Records
        5. 2.11.5. SRV Resource Records
      12. 2.12. Standard Configuration File Scenarios
      13. 2.13. Summary
    3. 3. DNS Operations
      1. 3.1. The DNS Protocol
      2. 3.2. DNS Queries
        1. 3.2.1. Recursive Queries
          1. 3.2.1.1. Which Name Server Is Used
        2. 3.2.2. Iterative (Nonrecursive) Queries
        3. 3.2.3. Inverse Queries
      3. 3.3. DNS Reverse Mapping
        1. 3.3.1. IN-ADDR.ARPA Reverse-Mapping Domain
          1. 3.3.1.1. The PTR Resource Record
          2. 3.3.1.2. Reverse-Map Queries
      4. 3.4. Zone Maintenance
        1. 3.4.1. Full Zone Transfer (AXFR)
        2. 3.4.2. Incremental Zone Transfer (IXFR)
        3. 3.4.3. Notify (NOTIFY)
        4. 3.4.4. Dynamic Update
        5. 3.4.5. Alternative Dynamic DNS Approaches
        6. 3.4.6. Security Overview
          1. 3.4.6.1. Security Threats
          2. 3.4.6.2. Security Classification
      5. 3.5. Summary
    4. 4. DNS Types
      1. 4.1. Master (Primary) Name Servers
      2. 4.2. Slave (Secondary) Name Servers
        1. 4.2.1. Slave (Secondary) DNS Behavior
          1. 4.2.1.1. Slave vs. Cache
          2. 4.2.1.2. Change Propagation Using NOTIFY
      3. 4.3. Caching Name Servers
        1. 4.3.1. Caching Implications
      4. 4.4. Forwarding (Proxy) Name Servers
      5. 4.5. Stealth (DMZ or Split) Name Server
        1. 4.5.1. Stealth Servers and the View Clause
        2. 4.5.2. Stealth Server Configuration
      6. 4.6. Authoritative-only Name Server
      7. 4.7. Summary
    5. 5. DNS and IPv6
      1. 5.1. IPv6
        1. 5.1.1. IPv6 Address Notation
        2. 5.1.2. Prefix or Slash Notation
        3. 5.1.3. IPv6 Address Types
        4. 5.1.4. Global Unicast IPv6 Address Allocation
        5. 5.1.5. IPv6 Global Unicast Address Format
      2. 5.2. Status of IPv6 DNS Support
        1. 5.2.1. The AAAA vs. A6 Resource Record
        2. 5.2.2. Mixed IPv6 and IPv4 Network Support
      3. 5.3. IPv6 Resource Records
      4. 5.4. The AAAA Resource Record
      5. 5.5. Reverse IPv6 Mapping
        1. 5.5.1. IPv6 Reverse Map Issues
      6. 5.6. The IPv6 PTR Resource Record
      7. 5.7. Summary
  7. II. Get Something Running
    1. 6. Installing BIND
      1. 6.1. Ubuntu Server 10.04 Installation
        1. 6.1.1.
          1. 6.1.1.1. Post Ubuntu Server Installation
          2. 6.1.1.2. Version Upgrade
          3. 6.1.1.3. Ubuntu and Debian
          4. 6.1.1.4. Ubuntu Summary
      2. 6.2. FreeBSD 8.1 Installation
        1. 6.2.1.
          1. 6.2.1.1. Post Install Tasks
          2. 6.2.1.2. Installing BIND 9
          3. 6.2.1.3. BIND 9 Nonbase Install
          4. 6.2.1.4. BIND 9 Base Install
        2. 6.2.2. Freebsd Considerations
      3. 6.3. Building BIND from Source
        1. 6.3.1.
          1. 6.3.1.1. BIND 9 Configure Options
      4. 6.4. Windows Installation
      5. 6.5. Summary
    2. 7. BIND Type Samples
      1. 7.1. Before You Start
        1. 7.1.1. Configuration Layout
        2. 7.1.2. Configuration Conventions
        3. 7.1.3. Zone File Naming Convention
        4. 7.1.4. Required Zone Files
          1. 7.1.4.1. root.servers
          2. 7.1.4.2. master.localhost
          3. 7.1.4.3. IPv6 Localhost
          4. 7.1.4.4. Reverse-Map Zone Files
            1. 7.1.4.4.1. 0.0.127.IN-ADDR.ARPA
          5. 7.1.4.5. IPv6 Localhost Reverse Map
        5. 7.1.5. BIND named.conf File Format and Style
        6. 7.1.6. Standard Zone File
        7. 7.1.7. Common Configuration Elements
      2. 7.2. Master DNS Server
        1. 7.2.1. Master Name Server Configuration
      3. 7.3. Slave DNS Server
        1. 7.3.1. Slave Name Server Configuration
      4. 7.4. Resolver (Caching-only) DNS Server
        1. 7.4.1. Caching-only Name Server Configuration
      5. 7.5. Forwarding (a.k.a. Proxy, Client, Remote) DNS Server
        1. 7.5.1. Forwarding Name Server Configuration
      6. 7.6. Stealth (a.k.a. Split or DMZ) DNS Server
        1. 7.6.1. Stealth Configuration
          1. 7.6.1.1. Stealth (Private) Configuration Files
          2. 7.6.1.2. Public Configuration Files
      7. 7.7. Authoritative-only DNS Server
        1. 7.7.1. Authoritative-only Name Server Configuration
      8. 7.8. View-based Authoritative-only DNS Server
        1. 7.8.1. View-based Authoritative-only Name Server Configuration
        2. 7.8.2. Security and the view Section
      9. 7.9. Summary
    3. 8. DNS Techniques
      1. 8.1. Delegate a Subdomain (Subzone)
        1. 8.1.1. Domain Name Server Configuration
        2. 8.1.2. Subdomain Name Server Configuration
      2. 8.2. Virtual Subdomains
        1. 8.2.1. Domain Name Server Configuration
      3. 8.3. Configure Mail Servers Fail-Over
      4. 8.4. Delegate Reverse Subnet Maps
        1. 8.4.1. Assignee Zone File
        2. 8.4.2. Assignor (End User) Zone File
      5. 8.5. DNS Load Balancing
        1. 8.5.1. Balancing Mail
        2. 8.5.2. Balancing Other Services
        3. 8.5.3. Balancing Services
        4. 8.5.4. Controlling the RRset Order
        5. 8.5.5. Effectiveness of DNS Load Balancing
      6. 8.6. Define an SPF Record
        1. 8.6.1. SPF RR Format
          1. 8.6.1.1. v=spf1 Field
          2. 8.6.1.2. pre Field
          3. 8.6.1.3. type Field
          4. 8.6.1.4. mod Field
            1. 8.6.1.4.1. redirect=domain Field
            2. 8.6.1.4.2. exp=text-rr Field
        2. 8.6.2. SPF type Values
          1. 8.6.2.1. Basic Mechanisms
          2. 8.6.2.2. Sender Mechanisms
            1. 8.6.2.2.1. Type ip4 Format
            2. 8.6.2.2.2. Type ip6 Format
            3. 8.6.2.2.3. Type a Format
            4. 8.6.2.2.4. Type mx Format
            5. 8.6.2.2.5. Type ptr Format
            6. 8.6.2.2.6. Type exists Format
          3. 8.6.2.3. Macro Expansion
        3. 8.6.3. SPF Record Examples
          1. 8.6.3.1. Single Domain Mail Server
          2. 8.6.3.2. SMTP Server Offsite
          3. 8.6.3.3. Virtual Mail Host
          4. 8.6.3.4. No Mail Domain
          5. 8.6.3.5. Using Macro Expansion
      7. 8.7. Define a DKIM Record
        1. 8.7.1. DKIM DNS TXT RR Format
          1. 8.7.1.1. DNS RR DKIM-Specific-Text
        2. 8.7.2. ADSP TXT RR Format
          1. 8.7.2.1. ADSP TXT RR Format - Text
        3. 8.7.3. Examples
          1. 8.7.3.1. All Mail Signed - One MTA, No Subdomains
          2. 8.7.3.2. Loose DKIM Signing
          3. 8.7.3.3. Multiple Subdomain DKIM Signing
      8. 8.8. Supporting http://example.com
        1. 8.8.1. Apache Configuration
      9. 8.9. Out-of-Sequence Serial Numbers
      10. 8.10. Use of Wildcards in Zone Files
      11. 8.11. Zone File Construction
      12. 8.12. Split Horizon DNS
      13. 8.13. DNSBL (DNS Blacklists)
        1. 8.13.1. Example blacklist zone file
        2. 8.13.2. Blacklist Return Addresses
        3. 8.13.3. Additional Usage
      14. 8.14. DNS TTLs and Time Values
      15. 8.15. Summary
    4. 9. DNS Diagnostics and Tools
      1. 9.1. DNS Utilities
      2. 9.2. The nslookup Utility
        1. 9.2.1. nslookup Command Format
        2. 9.2.2. Quick Examples
          1. 9.2.2.1. Interactive Format
        3. 9.2.3. Options
        4. 9.2.4. Examples: Command Line
        5. 9.2.5. Example: Interactive Mode
      3. 9.3. BIND dig Utility
        1. 9.3.1. Quick Examples
        2. 9.3.2. dig Syntax
        3. 9.3.3. dig Options
        4. 9.3.4. dig Examples
          1. 9.3.4.1. dig Host Query
          2. 9.3.4.2. dig Domain Query
          3. 9.3.4.3. dig Multiple Queries
        5. 9.3.5. dig Output
        6. 9.3.6. dig Response Values
          1. 9.3.6.1. DNS Flags
          2. 9.3.6.2. DNS Status
      4. 9.4. BIND named-compilezone Utility
      5. 9.5. BIND named-checkconf Utility
        1. 9.5.1. named-checkconf Syntax
        2. 9.5.2. named-checkconf Options
      6. 9.6. BIND named-checkzone/named-compilezone Utility
        1. 9.6.1. named-checkzone/named-compilezone Syntax
        2. 9.6.2. named-checkzone/named-compilezone Arguments
        3. 9.6.3. named-checkzone/named-compilezone Examples
      7. 9.7. rndc
        1. 9.7.1. rndc Syntax
        2. 9.7.2. rndc Options
        3. 9.7.3. rndc.conf Clauses and Statements
          1. 9.7.3.1. The options Clause
          2. 9.7.3.2. The server Clause
          3. 9.7.3.3. The key Clause
        4. 9.7.4. rndc Configuration Examples
        5. 9.7.5. rndc Commands
      8. 9.8. rndc-confgen Utility
        1. 9.8.1. rndc-confgen Syntax
        2. 9.8.2. rndc-confgen Options
      9. 9.9. BIND nsupdate Utility
        1. 9.9.1. nsupdate Syntax
        2. 9.9.2. nsupdate Options
        3. 9.9.3. nsupdate Command Format
        4. 9.9.4. nsupdate Example
        5. 9.9.5. nsupdate and DNSSEC Signed Zones
      10. 9.10. dnssec-keygen Utility
        1. 9.10.1. BIND HSM Support (cryptoki)
        2. 9.10.2. dnssec-keygen Syntax
        3. 9.10.3. dnssec-keygen Arguments
          1. 9.10.3.1. Timing Metadata (TMD)
        4. 9.10.4. dnssec-keygen Examples
      11. 9.11. dnssec-revoke Utility
        1. 9.11.1. dnssec-revoke Syntax
        2. 9.11.2. dnssec-revoke Arguments
        3. 9.11.3. dnssec-revoke Example
      12. 9.12. dnssec-settime Utility
        1. 9.12.1. dnssec-settime Syntax
        2. 9.12.2. dnssec-settime Arguments
      13. 9.13. dnssec-signzone Utility
        1. 9.13.1. dnssec-signzone Syntax
        2. 9.13.2. dnssec-signzone Arguments
        3. 9.13.3. dnssec-signzone Examples
      14. 9.14. Diagnosing DNS Problems
        1. 9.14.1. Before the Problem Happens
          1. 9.14.1.1. Log All Changes
          2. 9.14.1.2. Back Up Files
          3. 9.14.1.3. Logging
          4. 9.14.1.4. Tools
          5. 9.14.1.5. External Sources
        2. 9.14.2. When the Problem Occurs
          1. 9.14.2.1. Make No Assumptions
          2. 9.14.2.2. Describe the Problem
          3. 9.14.2.3. Scope the Problem
          4. 9.14.2.4. Check Your Logs
          5. 9.14.2.5. Start Digging
          6. 9.14.2.6. Diagnosing the Problem
      15. 9.15. Summary
  8. III. DNS Security
    1. 10. DNS Secure Configurations
      1. 10.1. Security Overview and Audit
        1. 10.1.1. DNS Normal Data Flow
        2. 10.1.2. Security Classification
      2. 10.2. Administrative Security
        1. 10.2.1. Up-to-Date Software
        2. 10.2.2. Limit Functionality
          1. 10.2.2.1. Defensive Configuration
          2. 10.2.2.2. Deny All, Allow Selectively
          3. 10.2.2.3. Remote Access
        3. 10.2.3. Limit Permissions
        4. 10.2.4. Running BIND 9 As Nonroot
          1. 10.2.4.1. Setting the Run Time UID of BIND
          2. 10.2.4.2. Setting Permissions for the UID
        5. 10.2.5. BIND 9 in a Chroot Jail
          1. 10.2.5.1. Fedora Core bind-chroot Package
          2. 10.2.5.2. FreeBSD 8.x
          3. 10.2.5.3. Manual Configuration of Chroot Jail
            1. 10.2.5.3.1. Linux (Ubuntu Server 10.04) Chroot
            2. 10.2.5.3.2. FreeBSD 8.1 Chroot
          4. 10.2.5.4. Dedicated Server
        6. 10.2.6. Stream the Log
        7. 10.2.7. Software Diversity
      3. 10.3. A Cryptographic Overview
        1. 10.3.1. Symmetric Cryptography
        2. 10.3.2. Asymmetric Cryptography
        3. 10.3.3. Message Digests
        4. 10.3.4. Message Authentication Codes
        5. 10.3.5. Digital Signatures
        6. 10.3.6. DNS Cryptographic Use
      4. 10.4. Securing Zone Transfers
        1. 10.4.1. Authentication and Integrity of Zone Transfers
        2. 10.4.2. TSIG Configuration
      5. 10.5. Securing Dynamic Updates
        1. 10.5.1. TSIG DDNS Configuration
        2. 10.5.2. SIG(0) Configuration
      6. 10.6. Summary
    2. 11. DNSSEC
      1. 11.1. Base DNSSEC Theory
        1. 11.1.1. Islands of Security
        2. 11.1.2. Chains of Trust
        3. 11.1.3. Securing or Signing the Zone
        4. 11.1.4. Secure Zone Maintenance
          1. 11.1.4.1. The Prepublish Method
          2. 11.1.4.2. The Double-Signing Method
          3. 11.1.4.3. Key Rollover Summary
        5. 11.1.5. Secure Delegation
        6. 11.1.6. Dynamic DNS and DNSSEC
        7. 11.1.7. DNSSEC and Performance
      2. 11.2. DNSSEC Base Examples
        1. 11.2.1. Securing the example.com Zone
          1. 11.2.1.1. Verifying the Signed Zone
          2. 11.2.1.2. PNE with Signed Zones
        2. 11.2.2. Establishing a Trusted Anchor
          1. 11.2.2.1. Using a Trusted Anchor
          2. 11.2.2.2. DNSSEC Logging
        3. 11.2.3. Signing the sub.example.com Zone
        4. 11.2.4. Creating the Chain of Trust
        5. 11.2.5. Key Rollover
          1. 11.2.5.1. Prepublish ZSK Rollover
          2. 11.2.5.2. Double-signing KSK Rollover
      3. 11.3. DNSSEC Enhancements
        1. 11.3.1. NSEC3/Opt-Out
        2. 11.3.2. Validating Resolvers
        3. 11.3.3. Key Handling Automation
          1. 11.3.3.1. Compromised Key Recovery
          2. 11.3.3.2. Removing a Trusted-Anchor
          3. 11.3.3.3. Key Handling Summary
      4. 11.4. DNSSEC Lookaside Validation
        1. 11.4.1. DLV Service
      5. 11.5. DNSSEC Implementation
        1. 11.5.1. DNSSEC Algorithms and Keys
          1. 11.5.1.1. Key Management
          2. 11.5.1.2. Key Sizes and Algorithms
          3. 11.5.1.3. Key Life Cycle Management
          4. 11.5.1.4. Key Life-Cycle Examples
        2. 11.5.2. BIND Signing Models
          1. 11.5.2.1. Offline vs. Online
          2. 11.5.2.2. Offline Smart Signing
        3. 11.5.3. DNSSEC Implementation - A Plan
      6. 11.6. Summary
    3. 12. BIND 9 Configuration Reference
      1. 12.1. BIND Command Line
        1. 12.1.1. BIND Debug Levels
        2. 12.1.2. BIND Signals
      2. 12.2. BIND Configuration Overview
        1. 12.2.1. Layout Styles
        2. 12.2.2. named-checkconf Is Your Friend
      3. 12.3. BIND Clauses
        1. 12.3.1. BIND address_match_list Definition
        2. 12.3.2. BIND acl Clause
          1. 12.3.2.1. acl Clause Syntax
        3. 12.3.3. BIND controls Clause
        4. 12.3.4. BIND include Statement
        5. 12.3.5. BIND key Clause
          1. 12.3.5.1. key Clause Syntax
        6. 12.3.6. BIND logging Clause
          1. 12.3.6.1. logging Clause Syntax
        7. 12.3.7. BIND lwres Clause
          1. 12.3.7.1. lwres Clause Syntax
        8. 12.3.8. BIND managed-keys Clause
          1. 12.3.8.1. managed-keys Clause Syntax
        9. 12.3.9. BIND masters Clause
          1. 12.3.9.1. masters Clause Syntax
        10. 12.3.10. BIND options Clause
          1. 12.3.10.1. options Clause Syntax
        11. 12.3.11. BIND server Clause
          1. 12.3.11.1. server Clause Syntax
        12. 12.3.12. BIND statistics-channels Clause
        13. 12.3.13. BIND trusted-keys Clause
        14. 12.3.14. BIND view Clause
          1. 12.3.14.1. view Clause Syntax
        15. 12.3.15. BIND zone Clause
          1. 12.3.15.1. zone Clause Syntax
      4. 12.4. BIND Statements
      5. 12.5. BIND controls Statements
        1. 12.5.1. inet Statement
          1. 12.5.1.1. inet Statement Syntax
      6. 12.6. BIND logging Statements
        1. 12.6.1. channel Statement
          1. 12.6.1.1. channel Statement Syntax
        2. 12.6.2. category Statement
          1. 12.6.2.1. category Statement Syntax
      7. 12.7. BIND lwres Statements
        1. 12.7.1. view
        2. 12.7.2. search
        3. 12.7.3. ndots
      8. 12.8. BIND Transfer Statements
        1. 12.8.1. allow-notify
        2. 12.8.2. allow-transfer
        3. 12.8.3. allow-update-forwarding
        4. 12.8.4. also-notify
        5. 12.8.5. alt-transfer-source, alt-transfer-source-v6
        6. 12.8.6. ixfr-from-differences
        7. 12.8.7. max-journal-size
        8. 12.8.8. max-refresh-time, min-refresh-time
        9. 12.8.9. max-retry-time, min-retry-time
        10. 12.8.10. max-transfer-idle-in
        11. 12.8.11. max-transfer-idle-out
        12. 12.8.12. max-transfer-time-in
        13. 12.8.13. max-transfer-time-out
        14. 12.8.14. multi-master
        15. 12.8.15. notify
        16. 12.8.16. notify-delay
        17. 12.8.17. notify-source, notify-source-v6
        18. 12.8.18. notify-to-soa
        19. 12.8.19. provide-ixfr
        20. 12.8.20. request-ixfr
        21. 12.8.21. serial-query-rate
        22. 12.8.22. transfer-format
        23. 12.8.23. transfer-source, transfer-source-v6
        24. 12.8.24. transfers-in
        25. 12.8.25. transfers-per-ns
        26. 12.8.26. transfers-out
        27. 12.8.27. use-alt-transfer-source
      9. 12.9. BIND Operations Statements
        1. 12.9.1. avoid-v4-udp-ports, avoid-v6-udp-ports
        2. 12.9.2. check-names
        3. 12.9.3. check-dup-records, check-mx, check-wildcard
        4. 12.9.4. check-integrity, check-mx-cname, check-sibling, check-srv-cname
        5. 12.9.5. cleaning-interval
        6. 12.9.6. coresize
        7. 12.9.7. database
        8. 12.9.8. datasize
        9. 12.9.9. dialup
        10. 12.9.10. directory
        11. 12.9.11. disable-empty-zone, empty-contact, empty-server, empty-zones-enable
        12. 12.9.12. dual-stack-server
        13. 12.9.13. dump-file
        14. 12.9.14. files
        15. 12.9.15. flush-zones-on-shutdown
        16. 12.9.16. heartbeat-interval
        17. 12.9.17. hostname
        18. 12.9.18. interface-interval
        19. 12.9.19. journal
        20. 12.9.20. lame-ttl
        21. 12.9.21. listen-on
        22. 12.9.22. listen-on-v6
        23. 12.9.23. match-mapped-addresses
        24. 12.9.24. max-cache-size
        25. 12.9.25. max-cache-ttl
        26. 12.9.26. max-journal-size
        27. 12.9.27. max-ncache-ttl
        28. 12.9.28. memstatistics
        29. 12.9.29. memstatistics-file
        30. 12.9.30. pid-file
        31. 12.9.31. port
        32. 12.9.32. preferred-glue
        33. 12.9.33. querylog
        34. 12.9.34. recursing-file
        35. 12.9.35. request-nsid
        36. 12.9.36. reserved-sockets
        37. 12.9.37. server-id
        38. 12.9.38. stacksize
        39. 12.9.39. statistics-file
        40. 12.9.40. tcp-clients
        41. 12.9.41. tcp-listen-queue
        42. 12.9.42. try-tcp-refresh
        43. 12.9.43. version
        44. 12.9.44. zone-statistics
        45. 12.9.45. zero-nosoa-ttl, zero-no-soa-ttl-cache
      10. 12.10. BIND Performance Statements
        1. 12.10.1. acache-cleaning-interval, acache-enable, max-acache-size
        2. 12.10.2. attach-cache
        3. 12.10.3. edns-udp-size
        4. 12.10.4. max-udp-size
        5. 12.10.5. minimal-responses
      11. 12.11. BIND Query Statements
        1. 12.11.1. additional-from-auth, additional-from-cache
        2. 12.11.2. allow-query, allow-query-on
        3. 12.11.3. allow-query-cache, allow-query-cache-on
        4. 12.11.4. allow-recursion, allow-recursion-on
        5. 12.11.5. auth-nxdomain
        6. 12.11.6. blackhole
        7. 12.11.7. clients-per-query, max-clients-per-query
        8. 12.11.8. delegation-only
        9. 12.11.9. forward
        10. 12.11.10. forwarders
        11. 12.11.11. query-source, query-source-v6
        12. 12.11.12. recursion
        13. 12.11.13. recursive-clients
        14. 12.11.14. root-delegation-only
        15. 12.11.15. rrset-order
        16. 12.11.16. sortlist
          1. 12.11.16.1. sortlist Statement Syntax
      12. 12.12. BIND Security Statements
        1. 12.12.1. algorithm
        2. 12.12.2. allow-update
        3. 12.12.3. auto-dnssec
        4. 12.12.4. bindkeys-file
        5. 12.12.5. deny-answer-addresses, deny-answer-aliases
        6. 12.12.6. disable-algorithms
        7. 12.12.7. dnssec-accept-expired
        8. 12.12.8. dnssec-dnskey-kskonly
        9. 12.12.9. dnssec-enable
        10. 12.12.10. dnssec-lookaside
        11. 12.12.11. dnssec-must-be-secure
        12. 12.12.12. dnssec-secure-to-insecure
        13. 12.12.13. dnssec-validation
        14. 12.12.14. key-directory
        15. 12.12.15. managed-keys-directory
        16. 12.12.16. random-device
        17. 12.12.17. secret
        18. 12.12.18. secroots-file
        19. 12.12.19. session-keyfile, session-keyname, session-keyalg
        20. 12.12.20. sig-signing-nodes, sig-signing-signatures
        21. 12.12.21. sig-signing-type
        22. 12.12.22. sig-validity-interval
        23. 12.12.23. tkey-dhkey
        24. 12.12.24. tkey-domain
        25. 12.12.25. tkey-gssapi-credential
        26. 12.12.26. update-check-ksk
        27. 12.12.27. use-v4-udp-ports, use-v6-udp-ports
        28. 12.12.28. update-policy
      13. 12.13. BIND server Statements
        1. 12.13.1. bogus
        2. 12.13.2. edns
        3. 12.13.3. keys
        4. 12.13.4. transfers
      14. 12.14. BIND view Statements
        1. 12.14.1. match-clients
        2. 12.14.2. match-destinations
        3. 12.14.3. match-recursive-only
      15. 12.15. BIND zone Statements
        1. 12.15.1. check-names
        2. 12.15.2. file
        3. 12.15.3. masterfile-format
        4. 12.15.4. masters
        5. 12.15.5. type
      16. 12.16. Summary
    4. 13. Zone File Reference
      1. 13.1. DNS Zone File Structure
      2. 13.2. DNS Directives
        1. 13.2.1. The $ORIGIN Directive
          1. 13.2.1.1. The $ORIGIN Substitution Rule
          2. 13.2.1.2. The $ORIGIN Syntax
        2. 13.2.2. The $INCLUDE Directive
          1. 13.2.2.1. $INCLUDE Syntax
        3. 13.2.3. The $TTL Directive
          1. 13.2.3.1. $TTL Syntax
        4. 13.2.4. The $GENERATE Directive
          1. 13.2.4.1. $GENERATE Syntax
      3. 13.3. DNS Resource Records
        1. 13.3.1. Resource Record Common Format
          1. 13.3.1.1. The name Field
          2. 13.3.1.2. Internationalized Domain Names for Applications (IDNA)
          3. 13.3.1.3. The ttl Field
          4. 13.3.1.4. The class Field
          5. 13.3.1.5. The type Field
          6. 13.3.1.6. The type-specific-data Field
          7. 13.3.1.7. Bit Labels
        2. 13.3.2. RRsets
      4. 13.4. Resource Record Descriptions
        1. 13.4.1. IPv4 Address (A) Record
          1. 13.4.1.1. A RR Syntax
        2. 13.4.2. Experimental IPv6 Address (A6) Record
          1. 13.4.2.1. A6 RR Syntax
        3. 13.4.3. IPv6 Address (AAAA) Record
          1. 13.4.3.1. AAAA RR Syntax
        4. 13.4.4. AFS Database (AFSDB) Record
          1. 13.4.4.1. AFSDB RR Syntax
        5. 13.4.5. Address Prefix List (APL) Record
          1. 13.4.5.1. APL RR Syntax
        6. 13.4.6. ATM Address (ATMA) Record
        7. 13.4.7. Certificate (CERT) Record
          1. 13.4.7.1. CERT RR Syntax
        8. 13.4.8. Canonical Name (CNAME) Record
          1. 13.4.8.1. CNAME RR Syntax
        9. 13.4.9. Delegation of Reverse Names (DNAME) Record
          1. 13.4.9.1. DNAME RR Syntax
        10. 13.4.10. DHCID Record
          1. 13.4.10.1. DHCID RR Syntax
        11. 13.4.11. DLV Record
        12. 13.4.12. DNSKEY Record
          1. 13.4.12.1. DNSKEY RR Syntax
        13. 13.4.13. Delegation Signer (DS) Record
          1. 13.4.13.1. DS RR Syntax
        14. 13.4.14. System Information (HINFO) Record
          1. 13.4.14.1. HINFO RR Syntax
        15. 13.4.15. Host Identity Protocol (HIP) Record
          1. 13.4.15.1. HIP RR Syntax
        16. 13.4.16. Integrated Services Digital Network (ISDN) Record
          1. 13.4.16.1. ISDN RR Syntax
        17. 13.4.17. IPSEC Key (IPSECKEY) Record
          1. 13.4.17.1. IPSECKEY RR Syntax
        18. 13.4.18. Public Key (KEY) Record
          1. 13.4.18.1. KEY RR Syntax
        19. 13.4.19. Key Exchanger (KX) Record
          1. 13.4.19.1. KX RR Syntax
        20. 13.4.20. Location (LOC) Record
          1. 13.4.20.1. LOC RR Syntax
        21. 13.4.21. Mailbox (MB) Record
          1. 13.4.21.1. MB RR Syntax
        22. 13.4.22. Mail Group (MG) Record
          1. 13.4.22.1. MG RR Syntax
        23. 13.4.23. Mailbox Renamed (MR) Record
          1. 13.4.23.1. MR RR Syntax
        24. 13.4.24. Mailbox Mail List Information (MINFO) Record
          1. 13.4.24.1. MINFO RR Syntax
        25. 13.4.25. Mail Exchange (MX) Record
          1. 13.4.25.1. MX RR Syntax
          2. 13.4.25.2. Subdomain MX Records
        26. 13.4.26. Naming Authority Pointer (NAPTR) Record
          1. 13.4.26.1. NAPTR RR Syntax
        27. 13.4.27. Name Server (NS) Record
          1. 13.4.27.1. NS RR Syntax
        28. 13.4.28. Network Service Access Point (NSAP) Record
          1. 13.4.28.1. NSAP RR Syntax
        29. 13.4.29. Next Secure (NSEC) Record
          1. 13.4.29.1. NSEC RR Syntax
        30. 13.4.30. Next Secure 3 (NSEC3) RR
          1. 13.4.30.1. NSEC3 RR Syntax
        31. 13.4.31. Next Secure 3 Parameter (NECS3PARAM) RR
          1. 13.4.31.1. NSEC3PARAM RR Syntax
        32. 13.4.32. Pointer (PTR) Record
          1. 13.4.32.1. PTR RR Syntax
        33. 13.4.33. X.400 to RFC 822 E-mail (PX) Record
          1. 13.4.33.1. PX RR Syntax
        34. 13.4.34. Responsible Person (RP) Record
          1. 13.4.34.1. RP RR Syntax
        35. 13.4.35. Resource Record Signature (RRSIG) Record
          1. 13.4.35.1. RRSIG RR Syntax
        36. 13.4.36. Route Through (RT) Record
          1. 13.4.36.1. RT RR Syntax
        37. 13.4.37. Signature (SIG) Record
          1. 13.4.37.1. SIG RR Syntax
        38. 13.4.38. Start of Authority (SOA) Record
          1. 13.4.38.1. SOA RR Syntax
        39. 13.4.39. Sender Policy Framework (SPF) Record
        40. 13.4.40. Services (SRV) Record
          1. 13.4.40.1. SRV RR Syntax
        41. 13.4.41. SSH Key Fingerprint (SSHFP) Record
          1. 13.4.41.1. SSHFP RR Syntax
        42. 13.4.42. Text (TXT) Record
          1. 13.4.42.1. TXT RR Syntax
        43. 13.4.43. Well-Known Service (WKS) Record
          1. 13.4.43.1. WKS RR Syntax
        44. 13.4.44. X.25 Address (X25) Record
          1. 13.4.44.1. X25 RR Syntax
        45. 13.4.45. Alternative Cryptographic Algorithms
      5. 13.5. User-Defined RRs
      6. 13.6. Summary
  9. IV. Programming
    1. 14. BIND APIs and Resolver Libraries
      1. 14.1. DNS Libraries and APIs
      2. 14.2. POSIX Library
      3. 14.3. BIND 9 DNS Libraries
        1. 14.3.1. Building BIND 9 Libraries
        2. 14.3.2. DNSSEC Aware getaddrinfo() and getnameinfo()
        3. 14.3.3. DNSSEC POSIX enhanced Calls
        4. 14.3.4. Configuring for DNSSEC Validation
        5. 14.3.5. Including Enhanced POSIX Functions in Applications
        6. 14.3.6. BIND Library Functions
      4. 14.4. BIND API Overview
        1. 14.4.1. Advanced Database API (adb)
        2. 14.4.2. Simple Database API (sdb)
      5. 14.5. The Simple Database API (sdb)
        1. 14.5.1. Callback Overview
          1. 14.5.1.1. create()
          2. 14.5.1.2. destroy()
          3. 14.5.1.3. lookup()
          4. 14.5.1.4. authority()
          5. 14.5.1.5. allnodes()
        2. 14.5.2. Registering the Callbacks
          1. 14.5.2.1. dns_sdb_register() Function
          2. 14.5.2.2. dns_sdc_unregister() Function
          3. 14.5.2.3. isc_result_t Return Codes
        3. 14.5.3. Adding the Driver to BIND
          1. 14.5.3.1. Header File Insertion
          2. 14.5.3.2. Initialization Function Insertion
          3. 14.5.3.3. Termination Function Insertion
          4. 14.5.3.4. Makefile.in Insertion
        4. 14.5.4. The Callback Functions
          1. 14.5.4.1. create() Callback Function
          2. 14.5.4.2. destroy() Callback Function
          3. 14.5.4.3. lookup() Callback Function
          4. 14.5.4.4. authority() Callback Function
          5. 14.5.4.5. allnodes() Callback Function
        5. 14.5.5. Returning RRs
          1. 14.5.5.1. dns_sdb_putrr() Function
          2. 14.5.5.2. dns_sdb_putrdata() Function
          3. 14.5.5.3. dns_sdb_putsoa() Function
          4. 14.5.5.4. dns_sdb_putnamedrr() Function
          5. 14.5.5.5. dsn_sdb_putnamedrdata() Function
        6. 14.5.6. Memory Management for Drivers
          1. 14.5.6.1. isc_mem_get() Function
          2. 14.5.6.2. isc_mem_free() Function
        7. 14.5.7. Logging for Drivers
          1. 14.5.7.1. isc_log_write() Function
        8. 14.5.8. Testing the Driver
          1. 14.5.8.1. Building BIND
        9. 14.5.9. sdb Sample Driver
          1. 14.5.9.1. Source Module (example.c)
          2. 14.5.9.2. Header File (example.h)
      6. 14.6. Summary
    2. 15. DNS Messages and Records
      1. 15.1. DNS Message Formats
        1. 15.1.1. DNS Message Overview
        2. 15.1.2. DNS Message Format
        3. 15.1.3. DNS Message Header
        4. 15.1.4. DNS QUESTION SECTION
        5. 15.1.5. DNS ANSWER, AUTHORITY, and ADDITIONAL SECTIONS
          1. 15.1.5.1. NAME Field Format
          2. 15.1.5.2. Non-EDNS0 Record Format
        6. 15.1.6. EDNS0 Transactions
        7. 15.1.7. OPT Pseudo RR Format
      2. 15.2. DNS Binary RR Format
        1. 15.2.1. Security Algorithm Formats
          1. 15.2.1.1. Algorithm 5 (RSA-SHA-1) and 7 (RSASHA1-NSEC3-SHA1)
        2. 15.2.2. NSEC/NSEC3 Bitmap Format
      3. 15.3. Summary
  10. V. Appendixes
    1. A. DNS Registration and Governance
      1. A.1. Answers
    2. B. DNS RFCs