mirror of
https://github.com/Zeckmathederg/glfs.git
synced 2025-01-25 07:42:13 +08:00
1079 lines
36 KiB
XML
1079 lines
36 KiB
XML
<?xml version="1.0" encoding="ISO-8859-1"?>
|
|
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
|
<!ENTITY % general-entities SYSTEM "../../general.ent">
|
|
%general-entities;
|
|
|
|
<!ENTITY bind-download-http "https://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.xz">
|
|
<!ENTITY bind-download-ftp "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.xz">
|
|
<!ENTITY bind-md5sum "&bind-md5;">
|
|
<!ENTITY bind-size "5.2 MB">
|
|
<!ENTITY bind-buildsize "145 MB (26 MB installed)">
|
|
<!ENTITY bind-time "0.7 SBU (with parallelism=4; about 40 minutes somewhat processor independent, to run the complete test suite)">
|
|
]>
|
|
|
|
<sect1 id="bind" xreflabel="BIND-&bind-version;">
|
|
<?dbhtml filename="bind.html"?>
|
|
|
|
|
|
<title>BIND-&bind-version;</title>
|
|
|
|
<indexterm zone="bind">
|
|
<primary sortas="a-BIND">BIND</primary>
|
|
</indexterm>
|
|
|
|
<sect2 role="package">
|
|
<title>Introduction to BIND</title>
|
|
|
|
<para>
|
|
The <application>BIND</application> package provides a DNS server
|
|
and client utilities. If you are only interested in the utilities, refer
|
|
to the <xref linkend="bind-utils"/>.
|
|
</para>
|
|
|
|
&lfs113_checked;
|
|
|
|
<bridgehead renderas="sect3">Package Information</bridgehead>
|
|
<itemizedlist spacing="compact">
|
|
<listitem>
|
|
<para>
|
|
Download (HTTP): <ulink url="&bind-download-http;"/>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Download (FTP): <ulink url="&bind-download-ftp;"/>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Download MD5 sum: &bind-md5sum;
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Download size: &bind-size;
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Estimated disk space required: &bind-buildsize;
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Estimated build time: &bind-time;
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
<!--
|
|
<bridgehead renderas="sect3">Additional Downloads</bridgehead>
|
|
<itemizedlist spacing="compact">
|
|
<listitem>
|
|
<para>
|
|
Required patch:
|
|
<ulink url="&patch-root;/bind-&bind-version;-upstream_fixes-1.patch"/>
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
-->
|
|
<bridgehead renderas="sect3">BIND Dependencies</bridgehead>
|
|
|
|
<bridgehead renderas="sect4">Required</bridgehead>
|
|
<para role="required">
|
|
<xref linkend="libuv"/>
|
|
</para>
|
|
|
|
<bridgehead renderas="sect4">Recommended</bridgehead>
|
|
<para role="recommended">
|
|
<xref linkend="json-c"/> and
|
|
<xref linkend="libcap-pam"/>
|
|
</para>
|
|
|
|
<bridgehead renderas="sect4">Optional</bridgehead>
|
|
<para role="optional">
|
|
<xref linkend="curl"/>,
|
|
<xref linkend="libidn2"/>,
|
|
<xref linkend="libxml2"/>,
|
|
<xref linkend="lmdb"/>,
|
|
<xref linkend="mitkrb"/>,
|
|
<xref linkend="pytest"/>,
|
|
<xref linkend="sphinx"/> (required to build documentation),
|
|
<ulink url="https://cmocka.org/">cmocka</ulink>,
|
|
<ulink url="https://github.com/cjheath/geoip">geoip</ulink>,
|
|
<ulink url="https://github.com/jemalloc/jemalloc">jemalloc</ulink>,
|
|
<ulink url="&w3m-url;">w3m</ulink>
|
|
</para>
|
|
|
|
<bridgehead renderas="sect4">Optional database backends</bridgehead>
|
|
<para role="optional">
|
|
<xref linkend="db"/>,
|
|
<xref linkend="mariadb"/> or <ulink url="https://www.mysql.com/">MySQL</ulink>,
|
|
<xref linkend="openldap"/>,
|
|
<xref linkend="postgresql"/>, and
|
|
<xref linkend="unixodbc"/>
|
|
</para>
|
|
|
|
<bridgehead renderas="sect4">Optional (to run the test suite)</bridgehead>
|
|
<para role="optional">
|
|
<xref linkend="perl-net-dns"/>
|
|
</para>
|
|
|
|
<!-- docs are now all sphinx based
|
|
<bridgehead renderas="sect4">Optional (to rebuild the documentation)</bridgehead>
|
|
<para role="optional">
|
|
<xref linkend="doxygen"/>,
|
|
<xref linkend="libxslt"/>, and
|
|
<xref linkend="texlive"/> (or <xref linkend="tl-installer"/>)
|
|
</para>
|
|
-->
|
|
|
|
</sect2>
|
|
|
|
<sect2 role="installation">
|
|
<title>Installation of BIND</title>
|
|
|
|
<!--
|
|
<para>
|
|
To ensure <application>BIND</application> will build dnssec-keymgr,
|
|
install a python module as the <systemitem
|
|
class="username">root</systemitem> user:
|
|
</para>
|
|
|
|
<screen role="root"><userinput>pip3 install ply</userinput></screen>
|
|
-->
|
|
|
|
<para>
|
|
Install <application>BIND</application> by running the
|
|
following commands:
|
|
</para>
|
|
|
|
<screen><userinput>./configure --prefix=/usr \
|
|
--sysconfdir=/etc \
|
|
--localstatedir=/var \
|
|
--mandir=/usr/share/man \
|
|
--disable-static &&
|
|
make</userinput></screen>
|
|
|
|
<para>
|
|
Issue the following commands to run the complete suite of tests.
|
|
First, as the <systemitem class="username">root</systemitem> user, set up
|
|
some test interfaces:
|
|
</para>
|
|
|
|
<note>
|
|
<para>
|
|
If IPv6 is not enabled in the kernel, there will be several
|
|
error messages: "RTNETLINK answers: Operation not permitted". These
|
|
messages do not affect the tests.
|
|
</para>
|
|
</note>
|
|
|
|
<screen role="root"
|
|
remap="test"><userinput>bin/tests/system/ifconfig.sh up</userinput></screen>
|
|
|
|
<para>
|
|
The test suite may indicate some skipped tests depending on
|
|
what configuration options are used. Some tests are marked
|
|
<quote>UNTESTED</quote> or do even fail if <xref linkend="perl-net-dns"/>
|
|
is not installed. <!--One test, <quote>CPU</quote>, is known to fail.-->
|
|
To run the tests, as an unprivileged user, execute:
|
|
</para>
|
|
|
|
<screen remap="test"><userinput>make -k check</userinput></screen>
|
|
|
|
<para>
|
|
Again as <systemitem class="username">root</systemitem>, clean up the
|
|
test interfaces:
|
|
</para>
|
|
|
|
<screen role="root"
|
|
remap="test"><userinput>bin/tests/system/ifconfig.sh down</userinput></screen>
|
|
|
|
<para>
|
|
Finally, install the package as the <systemitem
|
|
class="username">root</systemitem> user:
|
|
</para>
|
|
|
|
<!-- Documentation is an issue - The docs are now all in .rst format and appear
|
|
to be sphinx based. install source .rst files for now...
|
|
|
|
leave docs untouched as they does only use disk space when not
|
|
used to recreate the docs via Sphinx. I've added a note regarding
|
|
the documentation. (thomas)
|
|
|
|
<screen role="root"><userinput>make install &&
|
|
|
|
install -vdm 755 /usr/share/doc/bind-&bind-version;/{arm,dnssec-guide} &&
|
|
install doc/arm/* /usr/share/doc/bind-&bind-version;/arm &&
|
|
install doc/dnssec-guide/* /usr/share/doc/bind-&bind-version;/dnssec-guide</userinput></screen>
|
|
-->
|
|
<screen role="root"><userinput>make install</userinput></screen>
|
|
|
|
</sect2>
|
|
|
|
<sect2 role="commands">
|
|
<title>Command Explanations</title>
|
|
|
|
<para>
|
|
<parameter>--sysconfdir=/etc</parameter>: This parameter forces
|
|
<application>BIND</application> to look for configuration
|
|
files in <filename class='directory'>/etc</filename> instead of
|
|
<filename class='directory'>/usr/etc</filename>.
|
|
</para>
|
|
|
|
<!-- Seems to be removed in 9.18.0
|
|
<para>
|
|
<parameter>- -with-libtool</parameter>: This parameter forces the
|
|
building of dynamic libraries and links the installed binaries to these
|
|
libraries.
|
|
</para>
|
|
-->
|
|
|
|
<para>
|
|
<option>--with-libidn2</option>: This parameter enables
|
|
the IDNA2008 (Internationalized Domain Names in Applications)
|
|
support.
|
|
</para>
|
|
|
|
<para>
|
|
<option>--enable-fetchlimit</option>: Use this option if you want
|
|
to be able to limit the rate of recursive client queries. This may be
|
|
useful on servers which receive a large number of queries.
|
|
</para>
|
|
|
|
<para>
|
|
<option>--disable-linux-caps</option>: BIND can also be built without
|
|
capability support by using this option, at the cost of some loss of
|
|
security.
|
|
</para>
|
|
|
|
<para>
|
|
<option>--with-dlz-{mysql,bdb,filesystem,ldap,odbc,stub}</option>: Use
|
|
one (or more) of those options to add Dynamically Loadable Zones support.
|
|
For more information refer to <ulink
|
|
url="https://bind-dlz.sourceforge.net/">bind-dlz.sourceforge.net</ulink>.
|
|
</para>
|
|
|
|
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
href="../../xincludes/static-libraries.xml"/>
|
|
|
|
</sect2>
|
|
|
|
<sect2 role="configuration">
|
|
<title>Configuring BIND</title>
|
|
|
|
<sect3 id="bind-config">
|
|
<title>Config files</title>
|
|
|
|
<para>
|
|
<filename>named.conf</filename>,
|
|
<filename>root.hints</filename>,
|
|
<filename>127.0.0</filename>,
|
|
<filename>rndc.conf</filename>, and
|
|
<filename>resolv.conf</filename>
|
|
</para>
|
|
|
|
<indexterm zone="bind bind-config">
|
|
<primary sortas="e-etc-named.conf">/etc/named.conf</primary>
|
|
</indexterm>
|
|
|
|
<indexterm zone="bind bind-config">
|
|
<primary sortas="e-etc-rndc.conf">/etc/rndc.conf</primary>
|
|
</indexterm>
|
|
|
|
<indexterm zone="bind bind-config">
|
|
<primary sortas="e-etc-resolv.conf">/etc/resolv.conf</primary>
|
|
</indexterm>
|
|
|
|
<indexterm zone="bind bind-config">
|
|
<primary
|
|
sortas="e-etc-namedb-root.hints">/etc/namedb/root.hints</primary>
|
|
</indexterm>
|
|
|
|
<indexterm zone="bind bind-config">
|
|
<primary
|
|
sortas="e-etc-namedb-pz-127.0.0.0">/etc/namedb/pz/127.0.0.0</primary>
|
|
</indexterm>
|
|
</sect3>
|
|
|
|
<sect3>
|
|
<title>Configuration Information</title>
|
|
|
|
<para>
|
|
<application>BIND</application> will be configured to run in a
|
|
<command>chroot</command> jail as an unprivileged user (<systemitem
|
|
class="username">named</systemitem>). This configuration is more secure
|
|
in that a DNS compromise can only affect a few files in the <systemitem
|
|
class="username">named</systemitem> user's <envar>HOME</envar>
|
|
directory.
|
|
</para>
|
|
|
|
<para>
|
|
Create the unprivileged user and group <systemitem
|
|
class="username">named</systemitem>:
|
|
</para>
|
|
|
|
<screen role="root"><userinput>groupadd -g 20 named &&
|
|
useradd -c "BIND Owner" -g named -s /bin/false -u 20 named &&
|
|
install -d -m770 -o named -g named /srv/named</userinput></screen>
|
|
|
|
<para>
|
|
Set up some files, directories and devices needed by
|
|
<application>BIND</application>:
|
|
</para>
|
|
|
|
<screen role="root"><userinput>mkdir -p /srv/named &&
|
|
cd /srv/named &&
|
|
mkdir -p dev etc/named/{slave,pz} usr/lib/engines var/run/named &&
|
|
mknod /srv/named/dev/null c 1 3 &&
|
|
mknod /srv/named/dev/urandom c 1 9 &&
|
|
chmod 666 /srv/named/dev/{null,urandom} &&
|
|
cp /etc/localtime etc</userinput></screen>
|
|
|
|
<para>
|
|
The <filename>rndc.conf</filename> file contains information for
|
|
controlling <command>named</command> operations with the
|
|
<command>rndc</command> utility. Generate a key for use in the
|
|
<filename>named.conf</filename> and <filename>rndc.conf</filename>
|
|
with the <command>rndc-confgen</command> command:
|
|
</para>
|
|
|
|
<screen role="root"><userinput>rndc-confgen -a -b 512 -t /srv/named</userinput></screen>
|
|
|
|
<para>
|
|
Complete the <filename>named.conf</filename> file from which
|
|
<command>named</command> will read the location of zone files, root
|
|
name servers and secure DNS keys:
|
|
</para>
|
|
|
|
<screen role="root"><?dbfo keep-together="auto"?><userinput>cat >> /srv/named/etc/named.conf << "EOF"
|
|
<literal>options {
|
|
directory "/etc/named";
|
|
pid-file "/var/run/named.pid";
|
|
statistics-file "/var/run/named.stats";
|
|
|
|
};
|
|
zone "." {
|
|
type hint;
|
|
file "root.hints";
|
|
};
|
|
zone "0.0.127.in-addr.arpa" {
|
|
type master;
|
|
file "pz/127.0.0";
|
|
};
|
|
|
|
// Bind 9 now logs by default through syslog (except debug).
|
|
// These are the default logging rules.
|
|
|
|
logging {
|
|
category default { default_syslog; default_debug; };
|
|
category unmatched { null; };
|
|
|
|
channel default_syslog {
|
|
syslog daemon; // send to syslog's daemon
|
|
// facility
|
|
severity info; // only send priority info
|
|
// and higher
|
|
};
|
|
|
|
channel default_debug {
|
|
file "named.run"; // write to named.run in
|
|
// the working directory
|
|
// Note: stderr is used instead
|
|
// of "named.run"
|
|
// if the server is started
|
|
// with the '-f' option.
|
|
severity dynamic; // log at the server's
|
|
// current debug level
|
|
};
|
|
|
|
channel default_stderr {
|
|
stderr; // writes to stderr
|
|
severity info; // only send priority info
|
|
// and higher
|
|
};
|
|
|
|
channel null {
|
|
null; // toss anything sent to
|
|
// this channel
|
|
};
|
|
};</literal>
|
|
EOF</userinput></screen>
|
|
|
|
<para>
|
|
Create a zone file with the following contents:
|
|
</para>
|
|
|
|
<screen role="root"><userinput>cat > /srv/named/etc/named/pz/127.0.0 << "EOF"
|
|
<literal>$TTL 3D
|
|
@ IN SOA ns.local.domain. hostmaster.local.domain. (
|
|
1 ; Serial
|
|
8H ; Refresh
|
|
2H ; Retry
|
|
4W ; Expire
|
|
1D) ; Minimum TTL
|
|
NS ns.local.domain.
|
|
1 PTR localhost.</literal>
|
|
EOF</userinput></screen>
|
|
|
|
<para>
|
|
Create the <filename>root.hints</filename> file with the following
|
|
commands:
|
|
</para>
|
|
|
|
<note>
|
|
<para>
|
|
Caution must be used to ensure there are no leading spaces in
|
|
this file.
|
|
</para>
|
|
</note>
|
|
|
|
<screen role="root"><userinput>cat > /srv/named/etc/named/root.hints << "EOF"
|
|
<literal>. 6D IN NS A.ROOT-SERVERS.NET.
|
|
. 6D IN NS B.ROOT-SERVERS.NET.
|
|
. 6D IN NS C.ROOT-SERVERS.NET.
|
|
. 6D IN NS D.ROOT-SERVERS.NET.
|
|
. 6D IN NS E.ROOT-SERVERS.NET.
|
|
. 6D IN NS F.ROOT-SERVERS.NET.
|
|
. 6D IN NS G.ROOT-SERVERS.NET.
|
|
. 6D IN NS H.ROOT-SERVERS.NET.
|
|
. 6D IN NS I.ROOT-SERVERS.NET.
|
|
. 6D IN NS J.ROOT-SERVERS.NET.
|
|
. 6D IN NS K.ROOT-SERVERS.NET.
|
|
. 6D IN NS L.ROOT-SERVERS.NET.
|
|
. 6D IN NS M.ROOT-SERVERS.NET.
|
|
A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
|
|
A.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:ba3e::2:30
|
|
B.ROOT-SERVERS.NET. 6D IN A 199.9.14.201
|
|
B.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:200::b
|
|
C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
|
|
C.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2::c
|
|
D.ROOT-SERVERS.NET. 6D IN A 199.7.91.13
|
|
D.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2d::d
|
|
E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
|
|
E.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:a8::e
|
|
F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
|
|
F.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2f::f
|
|
G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
|
|
G.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:12::d0d
|
|
H.ROOT-SERVERS.NET. 6D IN A 198.97.190.53
|
|
H.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:1::53
|
|
I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
|
|
I.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fe::53
|
|
J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30
|
|
J.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:c27::2:30
|
|
K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129
|
|
K.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fd::1
|
|
L.ROOT-SERVERS.NET. 6D IN A 199.7.83.42
|
|
L.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:9f::42
|
|
M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33
|
|
M.ROOT-SERVERS.NET. 6D IN AAAA 2001:dc3::35</literal>
|
|
EOF</userinput></screen>
|
|
|
|
<para>
|
|
The <filename>root.hints</filename> file is a list of root name
|
|
servers. This file must be updated periodically with the
|
|
<command>dig</command> utility. A current copy of root.hints can be
|
|
obtained from <ulink url="https://www.internic.net/domain/named.root"/>.
|
|
For details, consult the "BIND 9 Administrator Reference Manual".
|
|
</para>
|
|
|
|
<para>
|
|
Create or modify <filename>resolv.conf</filename> to use the new
|
|
name server with the following commands:
|
|
</para>
|
|
|
|
<note>
|
|
<para>
|
|
Replace <replaceable><yourdomain.com></replaceable> with
|
|
your own valid domain name.
|
|
</para>
|
|
</note>
|
|
|
|
<screen role="root"><userinput>cp /etc/resolv.conf /etc/resolv.conf.bak &&
|
|
cat > /etc/resolv.conf << "EOF"
|
|
<literal>search <replaceable><yourdomain.com></replaceable>
|
|
nameserver 127.0.0.1</literal>
|
|
EOF</userinput></screen>
|
|
|
|
<para>
|
|
Set permissions on the <command>chroot</command> jail with the
|
|
following command:
|
|
</para>
|
|
|
|
<screen role="root"><userinput>chown -R named:named /srv/named</userinput></screen>
|
|
|
|
</sect3>
|
|
|
|
<sect3 id="bind-init">
|
|
<title><phrase revision="sysv">Boot Script</phrase>
|
|
<phrase revision="systemd">Systemd Unit</phrase></title>
|
|
|
|
<para>
|
|
To start the DNS server at boot, install the
|
|
<phrase revision="sysv"><filename>/etc/rc.d/init.d/bind</filename> init
|
|
script</phrase>
|
|
<phrase revision="systemd"><filename>named.service</filename>
|
|
unit</phrase> included in the
|
|
<xref linkend="bootscripts" revision="sysv"/>
|
|
<xref linkend="systemd-units" revision="systemd"/> package:
|
|
</para>
|
|
|
|
<indexterm zone="bind bind-init">
|
|
<primary sortas="f-bind">bind</primary>
|
|
</indexterm>
|
|
|
|
<screen role="root" revision="sysv"><userinput>make install-bind</userinput></screen>
|
|
<screen role="root" revision="systemd"><userinput>make install-named</userinput></screen>
|
|
|
|
<para>
|
|
Now start <application>BIND</application> with the following command:
|
|
</para>
|
|
|
|
<screen role="root" revision="sysv"><userinput>/etc/rc.d/init.d/bind start</userinput></screen>
|
|
<screen role="root" revision="systemd"><userinput>systemctl start named</userinput></screen>
|
|
|
|
</sect3>
|
|
|
|
<sect3>
|
|
<title>Testing BIND</title>
|
|
|
|
<para>
|
|
Test out the new <application>BIND</application> 9 installation.
|
|
First query the local host address with <command>dig</command>:
|
|
</para>
|
|
|
|
<screen><userinput>dig -x 127.0.0.1</userinput></screen>
|
|
|
|
<para>
|
|
Now try an external name lookup, taking note of the speed
|
|
difference in repeated lookups due to the caching. Run the
|
|
<command>dig</command> command twice on the same address:
|
|
</para>
|
|
|
|
<screen><userinput>dig www.&lfs-domainname; &&
|
|
dig www.&lfs-domainname;</userinput></screen>
|
|
|
|
<para>
|
|
You can see almost instantaneous results with the named caching
|
|
lookups. Consult the <application>BIND</application> Administrator
|
|
Reference Manual (see below) for further configuration options.
|
|
</para>
|
|
|
|
</sect3>
|
|
|
|
</sect2>
|
|
|
|
<sect2>
|
|
<title>Administrator Reference Manual (ARM)</title>
|
|
|
|
<para>
|
|
The ARM documentation (do not confuse with the processor architecture)
|
|
is included in the source package. The documentation is in .rst
|
|
format which means, it can be converted in human readable formats
|
|
if <xref linkend="sphinx"/> is installed.
|
|
</para>
|
|
|
|
<para>
|
|
When <application>BIND</application> is set up, especially when
|
|
to operate in a real live scenario, it is <emphasis>highly</emphasis>
|
|
recommended to consult the ARM documentation. ISC provides an
|
|
updated set of excellent documentation along with every release
|
|
so it can be easily viewed and/or downloaded – so there is
|
|
no excuse to not read the docs. The formats ISC provides are PDF,
|
|
epub and html at <ulink url="https://downloads.isc.org/isc/bind9/&bind-version;/doc/arm/"/>.
|
|
</para>
|
|
</sect2>
|
|
|
|
<sect2 role="content">
|
|
<title>Contents</title>
|
|
|
|
<segmentedlist>
|
|
<segtitle>Installed Programs</segtitle>
|
|
<segtitle>Installed Libraries</segtitle>
|
|
<segtitle>Installed Directories</segtitle>
|
|
|
|
<seglistitem>
|
|
|
|
<seg>arpaname, <!--bind9-config hardlinked to isc-config.sh,-->
|
|
ddns-confgen, delv, dig, dnssec-cds, <!-- dnssec-checkds, dnssec-coverage,-->
|
|
dnssec-dsfromkey, dnssec-importkey, dnssec-keyfromlabel, dnssec-keygen,
|
|
<!--dnssec-keymgr,--> dnssec-revoke, dnssec-settime, dnssec-signzone,
|
|
dnssec-verify, host, mdig, named, named-checkconf,
|
|
named-checkzone, named-compilezone, named-journalprint,
|
|
named-nzd2nzf, named-rrchecker, nsec3hash, nslookup, nsupdate, rndc,
|
|
rndc-confgen, and tsig-keygen (symlink)</seg>
|
|
|
|
<seg>libbind9.so, libdns.so, libirs.so, libisc.so, libisccc.so,
|
|
libisccfg.so, and libns.so</seg>
|
|
|
|
<seg>/usr/include/{bind9,dns,dst,irs,isc,isccc,isccfg,ns},
|
|
/usr/lib/bind, <!--/usr/lib/python&python3-majorver;/site-packages/isc,-->
|
|
and /srv/named</seg>
|
|
</seglistitem>
|
|
</segmentedlist>
|
|
|
|
<variablelist>
|
|
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
|
|
<?dbfo list-presentation="list"?>
|
|
<?dbhtml list-presentation="table"?>
|
|
|
|
<varlistentry id="arpaname">
|
|
<term><command>arpaname</command></term>
|
|
<listitem>
|
|
<para>
|
|
translates IP addresses to the corresponding ARPA names
|
|
</para>
|
|
<indexterm zone="bind arpaname">
|
|
<primary sortas="b-arpaname">arpaname</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<!-- Not present as of 9.16.5
|
|
<varlistentry id="bind9-config">
|
|
<term><command>bind9-config</command></term>
|
|
<listitem>
|
|
<para>
|
|
is hardlinked to <command>isc-config.sh</command>.
|
|
</para>
|
|
<indexterm zone="bind bind9-config">
|
|
<primary sortas="b-bind9-config">bind9-config</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
-->
|
|
|
|
<varlistentry id="ddns-confgen">
|
|
<term><command>ddns-confgen</command></term>
|
|
<listitem>
|
|
<para>
|
|
generates a key for use by nsupdate and named
|
|
</para>
|
|
<indexterm zone="bind ddns-confgen">
|
|
<primary sortas="b-ddns-confgen">ddns-confgen</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="delv">
|
|
<term><command>delv</command></term>
|
|
<listitem>
|
|
<para>
|
|
is a new debugging tool that is a successor to
|
|
<command>dig</command>
|
|
</para>
|
|
<indexterm zone="bind delv">
|
|
<primary sortas="b-delv">delv</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="dig">
|
|
<term><command>dig</command></term>
|
|
<listitem>
|
|
<para>
|
|
interrogates DNS servers
|
|
</para>
|
|
<indexterm zone="bind dig">
|
|
<primary sortas="b-dig">dig</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="dnssec-cds">
|
|
<term><command>dnssec-cds</command></term>
|
|
<listitem>
|
|
<para>
|
|
changes DS records for a child zone based on
|
|
CDS/CDNSKEY
|
|
</para>
|
|
<indexterm zone="bind dnssec-cds">
|
|
<primary sortas="b-dnssec-cds">dnssec-cds</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<!-- Removed in 9.18.x
|
|
<varlistentry id="dnssec-checkds">
|
|
<term><command>dnssec-checkds</command></term>
|
|
<listitem>
|
|
<para>
|
|
is a DNSSEC delegation consistency checking tool
|
|
</para>
|
|
<indexterm zone="bind dnssec-checkds">
|
|
<primary sortas="b-dnssec-checkds">dnssec-checkds</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="dnssec-coverage">
|
|
<term><command>dnssec-coverage</command></term>
|
|
<listitem>
|
|
<para>
|
|
verifies that the DNSSEC keys for a given zone or a set of zones
|
|
have timing metadata set properly to ensure no future lapses
|
|
in DNSSEC coverage
|
|
</para>
|
|
<indexterm zone="bind dnssec-coverage">
|
|
<primary sortas="b-dnssec-coverage">dnssec-coverage</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
-->
|
|
<varlistentry id="dnssec-dsfromkey">
|
|
<term><command>dnssec-dsfromkey</command></term>
|
|
<listitem>
|
|
<para>
|
|
outputs the Delegation Signer (DS) resource record (RR)
|
|
</para>
|
|
<indexterm zone="bind dnssec-dsfromkey">
|
|
<primary sortas="b-dnssec-dsfromkey">dnssec-dsfromkey</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="dnssec-importkey">
|
|
<term><command>dnssec-importkey</command></term>
|
|
<listitem>
|
|
<para>
|
|
reads a public DNSKEY record and generates a pair of
|
|
.key/.private files
|
|
</para>
|
|
<indexterm zone="bind dnssec-importkey">
|
|
<primary sortas="b-dnssec-importkey">dnssec-importkey</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="dnssec-keyfromlabel">
|
|
<term><command>dnssec-keyfromlabel</command></term>
|
|
<listitem>
|
|
<para>
|
|
gets keys with the given label from a cryptography hardware device
|
|
and builds key files for DNSSEC
|
|
</para>
|
|
<indexterm zone="bind dnssec-keyfromlabel">
|
|
<primary sortas="b-dnssec-keyfromlabel">dnssec-keyfromlabel</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<!-- Removed in 9.18.x
|
|
<varlistentry id="dnssec-keygen">
|
|
<term><command>dnssec-keygen</command></term>
|
|
<listitem>
|
|
<para>
|
|
is a key generator for secure DNS
|
|
</para>
|
|
<indexterm zone="bind dnssec-keygen">
|
|
<primary sortas="b-dnssec-keygen">dnssec-keygen</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
-->
|
|
|
|
<varlistentry id="dnssec-keymgr">
|
|
<term><command>dnssec-keymgr</command></term>
|
|
<listitem>
|
|
<para>
|
|
ensures correct DNSKEY coverage based on a defined policy
|
|
</para>
|
|
<indexterm zone="bind dnssec-keymgr">
|
|
<primary sortas="b-dnssec-keymgr">dnssec-keymgr</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="dnssec-revoke">
|
|
<term><command>dnssec-revoke</command></term>
|
|
<listitem>
|
|
<para>
|
|
sets the REVOKED bit on a DNSSEC key
|
|
</para>
|
|
<indexterm zone="bind dnssec-revoke">
|
|
<primary sortas="b-dnssec-revoke">dnssec-revoke</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="dnssec-settime">
|
|
<term><command>dnssec-settime</command></term>
|
|
<listitem>
|
|
<para>
|
|
sets the key timing metadata for a DNSSEC key
|
|
</para>
|
|
<indexterm zone="bind dnssec-settime">
|
|
<primary sortas="b-dnssec-settime">dnssec-settime</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="dnssec-signzone">
|
|
<term><command>dnssec-signzone</command></term>
|
|
<listitem>
|
|
<para>
|
|
generates signed versions of zone files
|
|
</para>
|
|
<indexterm zone="bind dnssec-signzone">
|
|
<primary sortas="b-dnssec-signzone">dnssec-signzone</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="dnssec-verify">
|
|
<term><command>dnssec-verify</command></term>
|
|
<listitem>
|
|
<para>
|
|
verifies that a zone is fully signed for each algorithm found
|
|
in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
|
|
chains are complete
|
|
</para>
|
|
<indexterm zone="bind dnssec-verify">
|
|
<primary sortas="b-dnssec-verify">dnssec-verify</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<!-- No longer present with 9.16.5
|
|
<varlistentry id="genrandom">
|
|
<term><command>genrandom</command></term>
|
|
<listitem>
|
|
<para>
|
|
generates a file containing random data.
|
|
</para>
|
|
<indexterm zone="bind genrandom">
|
|
<primary sortas="b-genrandom">genrandom</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
-->
|
|
|
|
<varlistentry id="host">
|
|
<term><command>host</command></term>
|
|
<listitem>
|
|
<para>
|
|
is a utility for DNS lookups
|
|
</para>
|
|
<indexterm zone="bind host">
|
|
<primary sortas="b-host">host</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<!-- No longer present with 9.16.5
|
|
<varlistentry id="isc-config.sh">
|
|
<term><command>isc-config.sh</command></term>
|
|
<listitem>
|
|
<para>
|
|
prints information related to the installed version of ISC BIND.
|
|
</para>
|
|
<indexterm zone="bind isc-config.sh">
|
|
<primary sortas="b-isc-config.sh">isc-config.sh</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="isc-hmac-fixup">
|
|
<term><command>isc-hmac-fixup</command></term>
|
|
<listitem>
|
|
<para>
|
|
fixes HMAC keys generated by older versions of BIND.
|
|
</para>
|
|
<indexterm zone="bind isc-hmac-fixup">
|
|
<primary sortas="b-isc-hmac-fixup">isc-hmac-fixup</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="lwresd">
|
|
<term><command>lwresd</command></term>
|
|
<listitem>
|
|
<para>
|
|
is a caching-only name server for local process use.
|
|
</para>
|
|
<indexterm zone="bind lwresd">
|
|
<primary sortas="b-lwresd">lwresd</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
-->
|
|
|
|
<varlistentry id="mdig">
|
|
<term><command>mdig</command></term>
|
|
<listitem>
|
|
<para>
|
|
is a version of dig that allows multiple queries at once
|
|
</para>
|
|
<indexterm zone="bind mdig">
|
|
<primary sortas="b-mdig">mdig</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="named">
|
|
<term><command>named</command></term>
|
|
<listitem>
|
|
<para>
|
|
is the name server daemon
|
|
</para>
|
|
<indexterm zone="bind named">
|
|
<primary sortas="b-named">named</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="named-checkconf">
|
|
<term><command>named-checkconf</command></term>
|
|
<listitem>
|
|
<para>
|
|
checks the syntax of <filename>named.conf</filename>
|
|
files
|
|
</para>
|
|
<indexterm zone="bind named-checkconf">
|
|
<primary sortas="b-named-checkconf">named-checkconf</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="named-checkzone">
|
|
<term><command>named-checkzone</command></term>
|
|
<listitem>
|
|
<para>
|
|
checks zone file validity
|
|
</para>
|
|
<indexterm zone="bind named-checkzone">
|
|
<primary sortas="b-named-checkzone">named-checkzone</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="named-compilezone">
|
|
<term><command>named-compilezone</command></term>
|
|
<listitem>
|
|
<para>
|
|
is similar to <command>named-checkzone</command>, but it always
|
|
dumps the zone contents to a specified file in a specified format
|
|
</para>
|
|
<indexterm zone="bind named-compilezone">
|
|
<primary sortas="b-named-compilezone">named-compilezone</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="named-journalprint">
|
|
<term><command>named-journalprint</command></term>
|
|
<listitem>
|
|
<para>
|
|
prints the zone journal in human-readable form
|
|
</para>
|
|
<indexterm zone="bind named-journalprint">
|
|
<primary sortas="b-named-journalprint">named-journalprint</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="named-rrchecker">
|
|
<term><command>named-rrchecker</command></term>
|
|
<listitem>
|
|
<para>
|
|
reads an individual DNS resource record from standard input and
|
|
checks if it is syntactically correct
|
|
</para>
|
|
<indexterm zone="bind named-rrchecker">
|
|
<primary sortas="b-named-rrchecker">named-rrchecker</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="named-nzd2nzf">
|
|
<term><command>named-nzd2nzf</command></term>
|
|
<listitem>
|
|
<para>
|
|
converts an NZD database to NZF text format
|
|
</para>
|
|
<indexterm zone="bind named-nzd2nzf">
|
|
<primary sortas="b-named-nzd2nzf">named-nzd2nzf</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="nsec3hash">
|
|
<term><command>nsec3hash</command></term>
|
|
<listitem>
|
|
<para>
|
|
generates an NSEC3 hash based on a set of NSEC3 parameters
|
|
</para>
|
|
<indexterm zone="bind nsec3hash">
|
|
<primary sortas="b-nsec3hash">nsec3hash</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="nslookup">
|
|
<term><command>nslookup</command></term>
|
|
<listitem>
|
|
<para>
|
|
is a program used to query Internet domain nameservers
|
|
</para>
|
|
<indexterm zone="bind nslookup">
|
|
<primary sortas="b-nslookup">nslookup</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="nsupdate">
|
|
<term><command>nsupdate</command></term>
|
|
<listitem>
|
|
<para>
|
|
is used to submit DNS update requests
|
|
</para>
|
|
<indexterm zone="bind nsupdate">
|
|
<primary sortas="b-nsupdate">nsupdate</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="rndc">
|
|
<term><command>rndc</command></term>
|
|
<listitem>
|
|
<para>
|
|
controls the operation of <application>BIND</application>
|
|
</para>
|
|
<indexterm zone="bind rndc">
|
|
<primary sortas="b-rndc">rndc</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="rndc-confgen">
|
|
<term><command>rndc-confgen</command></term>
|
|
<listitem>
|
|
<para>
|
|
generates <filename>rndc.conf</filename> files
|
|
</para>
|
|
<indexterm zone="bind rndc-confgen">
|
|
<primary sortas="b-rndc-confgen">rndc-confgen</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="tsig-keygen">
|
|
<term><command>tsig-keygen</command></term>
|
|
<listitem>
|
|
<para>
|
|
is a symlink to <command>ddns-confgen</command>
|
|
</para>
|
|
<indexterm zone="bind tsig-keygen">
|
|
<primary sortas="b-tsig-keygen">tsig-keygen</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</sect2>
|
|
|
|
</sect1>
|