linux-from-scratch/glfs
1
0
Fork 0
mirror of https://github.com/Zeckmathederg/glfs.git synced 2025-02-10 13:04:42 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
d7bbb4050d
glfs/server/major/bind.xml
Douglas R. Reno cdf010666f Update to gnome-online-accounts-3.34.1 
Update to libsoup-2.68.2
Update to dconf-editor-3.34.2
Update to parted-3.3
Update to samba-4.11.0
Update to gvfs-1.42.1
Fix the download size in Volume_Key
Correct the rndc-confgen command in BIND9, as well as update some paths.

Please be aware that this version of Samba does not support SMBv1 anymore, and clients
that utilize that protocol will be completely unable to connect to the server.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@22255 af4574ff-66df-0310-9fd7-8a98e5e911e0
2019-10-16 03:04:38 +00:00

910 lines
33 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
<!ENTITY bind-download-http " ">
<!ENTITY bind-download-ftp "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
<!ENTITY bind-md5sum "6f1fcdfcaecaaff13260b0045c83f113">
<!ENTITY bind-size "6.0 MB">
<!ENTITY bind-buildsize "124 MB (24 MB installed)">
<!ENTITY bind-time "0.9 SBU (with parallelism=4; add 30+ minutes, processor independent, to run the complete test suite)">
]>
<sect1 id="bind" xreflabel="BIND-&bind-version;">
<?dbhtml filename="bind.html"?>
<sect1info>
<othername>$LastChangedBy$</othername>
<date>$Date$</date>
</sect1info>
<title>BIND-&bind-version;</title>
<indexterm zone="bind">
<primary sortas="a-BIND">BIND</primary>
</indexterm>
<sect2 role="package">
<title>Introduction to BIND</title>
<para>The <application>BIND</application> package provides a DNS server
and client utilities. If you are only interested in the utilities, refer
to the <xref linkend="bind-utils"/>.</para>
&lfs90_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>Download (HTTP): <ulink url="&bind-download-http;"/></para>
</listitem>
<listitem>
<para>Download (FTP): <ulink url="&bind-download-ftp;"/></para>
</listitem>
<listitem>
<para>Download MD5 sum: &bind-md5sum;</para>
</listitem>
<listitem>
<para>Download size: &bind-size;</para>
</listitem>
<listitem>
<para>Estimated disk space required: &bind-buildsize;</para>
</listitem>
<listitem>
<para>Estimated build time: &bind-time;</para>
</listitem>
</itemizedlist>
<!--
<bridgehead renderas="sect3">Additional Downloads</bridgehead>
<itemizedlist spacing='compact'>
<listitem>
<para>Optional patch (if net-tools is not installed):
<ulink
url="&patch-root;/bind-&bind-version;-use_iproute2-1.patch"/></para>
</listitem>
</itemizedlist>
-->
<bridgehead renderas="sect3">BIND Dependencies</bridgehead>
<bridgehead renderas="sect4">Recommended</bridgehead>
<para role="optional">
<xref linkend="libcap-pam"/>
</para>
<bridgehead renderas="sect4">Optional</bridgehead>
<para role="optional">
<xref linkend="libidn2"/>,
<xref linkend="libxml2"/>,
<xref linkend="mitkrb"/>,
<ulink url="https://cmocka.org/">cmocka</ulink>, and
<ulink url='https://github.com/cjheath/geoip'>geoip</ulink>
</para>
<bridgehead renderas="sect4">Optional database backends</bridgehead>
<para role="optional">
<xref linkend="db"/>,
<xref linkend="mariadb"/> or <ulink url="http://www.mysql.com/">MySQL</ulink>,
<xref linkend="openldap"/>,
<xref linkend="postgresql"/>, and
<xref linkend="unixodbc"/>
</para>
<bridgehead renderas="sect4">Optional (to run the test suite)</bridgehead>
<para role="optional">
<xref linkend="perl-net-dns"/>
<!-- and
<xref linkend="net-tools"/> (you may omit net-tools by using the optional
patch to utilize iproute2, but the IPv6 tests will fail)
-->
</para>
<bridgehead renderas="sect4">Optional (to rebuild the documentation)</bridgehead>
<para role="optional">
<xref linkend="doxygen"/>,
<xref linkend="libxslt"/>, and
<xref linkend="texlive"/> (or <xref linkend="tl-installer"/>)
</para>
<para condition="html" role="usernotes">User Notes:
<ulink url="&blfs-wiki;/bind"/></para>
</sect2>
<sect2 role="installation">
<title>Installation of BIND</title>
<!--
<para>If you have chosen not to install net-tools, apply the iproute2
patch with the following command:</para>
<screen><userinput>patch -Np1 -i ../bind-&bind-version;-use_iproute2-1.patch</userinput></screen>
-->
<para>To ensure <application>BIND</application> will build dnssec-keymgr,
install a python module as the <systemitem
class="username">root</systemitem> user:</para>
<screen role="root"><userinput>pip3 install ply</userinput></screen>
<para>Install <application>BIND</application> by running the
following commands:</para>
<screen><userinput>./configure --prefix=/usr \
--sysconfdir=/etc \
--localstatedir=/var \
--mandir=/usr/share/man \
--with-libtool \
--disable-static &amp;&amp;
make</userinput></screen>
<para>Issue the following commands to run the complete suite of tests.
First, as the <systemitem class="username">root</systemitem> user, set up
some test interfaces:</para>
<note><para>If IPv6 is not enabled in the kernel, there will be several
error messages: "RTNETLINK answers: Operation not permitted". These
messages do not affect the tests.</para></note>
<screen role="root"
remap="test"><userinput>bin/tests/system/ifconfig.sh up</userinput></screen>
<para>The test suite may indicate some skipped tests depending on
what configuration options are used. Some tests are marked <quote>UNTESTED
</quote> if <xref linkend="perl-net-dns"/> is not installed.
To run the tests, as an unprivileged user, execute:</para>
<screen remap="test"><userinput>make -k check</userinput></screen>
<para>Again as <systemitem class="username">root</systemitem>, clean up the
test interfaces:</para>
<screen role="root"
remap="test"><userinput>bin/tests/system/ifconfig.sh down</userinput></screen>
<para>Finally, install the package as the <systemitem
class="username">root</systemitem> user:</para>
<screen role="root"><userinput>make install &amp;&amp;
install -v -m755 -d /usr/share/doc/bind-&bind-version;/arm &amp;&amp;
install -v -m644 doc/arm/*.html \
/usr/share/doc/bind-&bind-version;/arm</userinput></screen>
</sect2>
<!-- Documentation is an issue - make doc fails - some docbook problem
install -v -m644 doc/misc/{dnssec,ipv6,migrat*,options,rfc-compliance,roadmap,sdb} \
/usr/share/doc/bind-&bind-version;/misc</userinput></screen>
-->
<sect2 role="commands">
<title>Command Explanations</title>
<para><parameter>--sysconfdir=/etc</parameter>: This parameter forces
<application>BIND</application> to look for configuration
files in <filename class='directory'>/etc</filename> instead of
<filename class='directory'>/usr/etc</filename>.</para>
<!-- No longer available as of 9.14.2
<para><parameter>- -enable-threads</parameter>: This parameter enables
multi-threading capability.</para>
-->
<para><parameter>--with-libtool</parameter>: This parameter forces the
building of dynamic libraries and links the installed binaries to these
libraries.</para>
<para><parameter>--with-libidn2</parameter>: This parameter enables
the IDNA2008 (Internationalized Domain Names in Applications)
support.</para>
<!-- no longer available
<para><parameter>- -with-randomdev=/dev/urandom</parameter>: This parameter
specifes a non-blocking random device for use with digital signatures.</para>
-->
<para><option>--enable-fetchlimit</option>: Use this option if you want
to be able to limit the rate of recursive client queries. This may be
useful on servers which receive a large number of queries.</para>
<para><option>--disable-linux-caps</option>: BIND can also be built without
capability support by using this option, at the cost of some loss of
security.</para>
<para><option>--with-dlz-{mysql,bdb,filesystem,ldap,odbc,stub}</option>: Use
one (or more) of those options to add Dynamically Loadable Zones support.
For more information refer to
<ulink url="http://bind-dlz.sourceforge.net/">bind-dlz.sourceforge.net</ulink>.
</para>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../../xincludes/static-libraries.xml"/>
<para><command>cd doc; install ...</command>: These commands install
additional package documentation. Omit any or all of these commands if
desired.</para>
</sect2>
<sect2 role="configuration">
<title>Configuring BIND</title>
<sect3 id="bind-config">
<title>Config files</title>
<para><filename>named.conf</filename>,
<filename>root.hints</filename>,
<filename>127.0.0</filename>,
<filename>rndc.conf</filename> and
<filename>resolv.conf</filename></para>
<indexterm zone="bind bind-config">
<primary sortas="e-etc-named.conf">/etc/named.conf</primary>
</indexterm>
<indexterm zone="bind bind-config">
<primary sortas="e-etc-rndc.conf">/etc/rndc.conf</primary>
</indexterm>
<indexterm zone="bind bind-config">
<primary sortas="e-etc-resolv.conf">/etc/resolv.conf</primary>
</indexterm>
<indexterm zone="bind bind-config">
<primary
sortas="e-etc-namedb-root.hints">/etc/namedb/root.hints</primary>
</indexterm>
<indexterm zone="bind bind-config">
<primary
sortas="e-etc-namedb-pz-127.0.0.0">/etc/namedb/pz/127.0.0.0</primary>
</indexterm>
</sect3>
<sect3>
<title>Configuration Information</title>
<para><application>BIND</application> will be configured to run in a
<command>chroot</command> jail as an unprivileged user (<systemitem
class="username">named</systemitem>). This configuration is more secure
in that a DNS compromise can only affect a few files in the <systemitem
class="username">named</systemitem> user's <envar>HOME</envar>
directory.</para>
<para>Create the unprivileged user and group <systemitem
class="username">named</systemitem>:</para>
<screen role="root"><userinput>groupadd -g 20 named &amp;&amp;
useradd -c "BIND Owner" -g named -s /bin/false -u 20 named &amp;&amp;
install -d -m770 -o named -g named /srv/named</userinput></screen>
<para>Set up some files, directories and devices needed by
<application>BIND</application>:</para>
<screen role="root"><userinput>mkdir -p /srv/named &amp;&amp;
cd /srv/named &amp;&amp;
mkdir -p dev etc/namedb/{slave,pz} usr/lib/engines var/run/named &amp;&amp;
mknod /srv/named/dev/null c 1 3 &amp;&amp;
mknod /srv/named/dev/urandom c 1 9 &amp;&amp;
chmod 666 /srv/named/dev/{null,urandom} &amp;&amp;
cp /etc/localtime etc &amp;&amp;
touch /srv/named/managed-keys.bind</userinput></screen>
<para>The <filename>rndc.conf</filename> file contains information for
controlling <command>named</command> operations with the
<command>rndc</command> utility. Generate a key for use in the <filename>named.conf</filename> and <filename>rdnc.conf</filename> with the
<command>rndc-confgen</command> command:</para>
<screen role="root"><userinput>rndc-confgen -a -b 512 -t /srv/named &amp;&amp;
sed '/conf/d;/^#/!d;s:^# ::' /etc/rndc.conf > /srv/named/etc/named.conf</userinput></screen>
<para>Complete the <filename>named.conf</filename> file from which
<command>named</command> will read the location of zone files, root
name servers and secure DNS keys:</para>
<screen role="root"><?dbfo keep-together="auto"?><userinput>cat &gt;&gt; /srv/named/etc/named.conf &lt;&lt; "EOF"
<literal>options {
directory "/etc/named";
pid-file "/var/run/named.pid";
statistics-file "/var/run/named.stats";
};
zone "." {
type hint;
file "root.hints";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "pz/127.0.0";
};
// Bind 9 now logs by default through syslog (except debug).
// These are the default logging rules.
logging {
category default { default_syslog; default_debug; };
category unmatched { null; };
channel default_syslog {
syslog daemon; // send to syslog's daemon
// facility
severity info; // only send priority info
// and higher
};
channel default_debug {
file "named.run"; // write to named.run in
// the working directory
// Note: stderr is used instead
// of "named.run"
// if the server is started
// with the '-f' option.
severity dynamic; // log at the server's
// current debug level
};
channel default_stderr {
stderr; // writes to stderr
severity info; // only send priority info
// and higher
};
channel null {
null; // toss anything sent to
// this channel
};
};</literal>
EOF</userinput></screen>
<para>Create a zone file with the following contents:</para>
<screen role="root"><userinput>cat &gt; /srv/named/etc/named/pz/127.0.0 &lt;&lt; "EOF"
<literal>$TTL 3D
@ IN SOA ns.local.domain. hostmaster.local.domain. (
1 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D) ; Minimum TTL
NS ns.local.domain.
1 PTR localhost.</literal>
EOF</userinput></screen>
<para>Create the <filename>root.hints</filename> file with the following
commands:</para>
<note>
<para>Caution must be used to ensure there are no leading spaces in
this file.</para>
</note>
<screen role="root"><userinput>cat &gt; /srv/named/etc/named/root.hints &lt;&lt; "EOF"
<literal>. 6D IN NS A.ROOT-SERVERS.NET.
. 6D IN NS B.ROOT-SERVERS.NET.
. 6D IN NS C.ROOT-SERVERS.NET.
. 6D IN NS D.ROOT-SERVERS.NET.
. 6D IN NS E.ROOT-SERVERS.NET.
. 6D IN NS F.ROOT-SERVERS.NET.
. 6D IN NS G.ROOT-SERVERS.NET.
. 6D IN NS H.ROOT-SERVERS.NET.
. 6D IN NS I.ROOT-SERVERS.NET.
. 6D IN NS J.ROOT-SERVERS.NET.
. 6D IN NS K.ROOT-SERVERS.NET.
. 6D IN NS L.ROOT-SERVERS.NET.
. 6D IN NS M.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
A.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:ba3e::2:30
B.ROOT-SERVERS.NET. 6D IN A 192.228.79.201
B.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:200::b
C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
C.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2::c
D.ROOT-SERVERS.NET. 6D IN A 199.7.91.13
D.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2d::d
E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
E.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:a8::e
F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
F.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2f::f
G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
G.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:12::d0d
H.ROOT-SERVERS.NET. 6D IN A 198.97.190.53
H.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:1::53
I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
I.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fe::53
J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30
J.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:c27::2:30
K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129
K.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fd::1
L.ROOT-SERVERS.NET. 6D IN A 199.7.83.42
L.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:9f::42
M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33
M.ROOT-SERVERS.NET. 6D IN AAAA 2001:dc3::35</literal>
EOF</userinput></screen>
<para>The <filename>root.hints</filename> file is a list of root name
servers. This file must be updated periodically with the
<command>dig</command> utility. A current copy of root.hints can be
obtained from <ulink url="ftp://rs.internic.net/domain/named.root" />.
For details, consult the "BIND 9 Administrator Reference Manual", included
in every source archive of BIND 9 distributed by ISC, in HTML and PDF
formats, also available at
<ulink url="ftp://ftp.isc.org/isc/bind9/cur/&bind-minor-version;/doc/arm/Bv9ARM.html">
BIND 9 Administrator Reference Manual</ulink>.</para>
<para>Create or modify <filename>resolv.conf</filename> to use the new
name server with the following commands:</para>
<note>
<para>Replace <replaceable>&lt;yourdomain.com&gt;</replaceable> with
your own valid domain name.</para>
</note>
<screen role="root"><userinput>cp /etc/resolv.conf /etc/resolv.conf.bak &amp;&amp;
cat &gt; /etc/resolv.conf &lt;&lt; "EOF"
<literal>search <replaceable>&lt;yourdomain.com&gt;</replaceable>
nameserver 127.0.0.1</literal>
EOF</userinput></screen>
<para>Set permissions on the <command>chroot</command> jail with the
following command:</para>
<screen role="root"><userinput>chown -R named:named /srv/named</userinput></screen>
</sect3>
<sect3 id="bind-init">
<title><phrase revision="sysv">Boot Script</phrase>
<phrase revision="systemd">Systemd Unit</phrase></title>
<para>To start the DNS server at boot, install the
<phrase revision="sysv"><filename>/etc/rc.d/init.d/bind</filename> init
script</phrase>
<phrase revision="systemd"><filename>named.service</filename>
unit</phrase> included in the
<xref linkend="bootscripts" revision="sysv"/>
<xref linkend="systemd-units" revision="systemd"/> package.</para>
<indexterm zone="bind bind-init">
<primary sortas="f-bind">bind</primary>
</indexterm>
<screen role="root" revision="sysv"><userinput>make install-bind</userinput></screen>
<screen role="root" revision="systemd"><userinput>make install-named</userinput></screen>
<para>Now start <application>BIND</application> with
the following command:</para>
<screen role="root" revision="sysv"><userinput>/etc/rc.d/init.d/bind start</userinput></screen>
<screen role="root" revision="systemd"><userinput>systemctl start named</userinput></screen>
</sect3>
<sect3>
<title>Testing BIND</title>
<para>Test out the new <application>BIND</application> 9 installation.
First query the local host address with <command>dig</command>:</para>
<screen><userinput>dig -x 127.0.0.1</userinput></screen>
<para>Now try an external name lookup, taking note of the speed
difference in repeated lookups due to the caching. Run the
<command>dig</command> command twice on the same address:</para>
<screen><userinput>dig www.&lfs-domainname; &amp;&amp;
dig www.&lfs-domainname;</userinput></screen>
<para>You can see almost instantaneous results with the named caching
lookups. Consult the <application>BIND</application> Administrator
Reference Manual located at <filename>doc/arm/Bv9ARM.html</filename>
in the package source tree, for further configuration options.</para>
</sect3>
</sect2>
<sect2 role="content">
<title>Contents</title>
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Libraries</segtitle>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>arpaname, bind9-config hardlinked to isc-config.sh, ddns-confgen,
delv, dig, dnssec-dsfromkey,
dnssec-importkey, dnssec-keyfromlabel, dnssec-keygen, dnssec-revoke,
dnssec-settime, dnssec-signzone, dnssec-verify, genrandom, host,
isc-hmac-fixup, lwresd hardlinked to named, named-checkconf,
named-checkzone, named-compilezone (symlink), named-journalprint,
named-rrchecker, nsec3hash, nslookup, nsupdate, rndc, rndc-confgen,
and tsig-keygen (symlink)</seg>
<seg>libbind9.so, libdns.so, libirs.so, libisc.so, libisccc.so,
libisccfg.so, and liblwres.so</seg>
<seg>/usr/include/{bind9,dns,dst,irs,isc,isccc,isccfg,lwres,pk11,pkcs11},
/usr/share/doc/bind-&bind-version; and /srv/named</seg>
</seglistitem>
</segmentedlist>
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
<?dbhtml list-presentation="table"?>
<varlistentry id="arpaname">
<term><command>arpaname</command></term>
<listitem>
<para>
translates IP addresses to the corresponding ARPA names.
</para>
<indexterm zone="bind arpaname">
<primary sortas="b-arpaname">arpaname</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="bind9-config">
<term><command>bind9-config</command></term>
<listitem>
<para>
is hardlinked to <command>isc-config.sh</command>.
</para>
<indexterm zone="bind bind9-config">
<primary sortas="b-bind9-config">bind9-config</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ddns-confgen">
<term><command>ddns-confgen</command></term>
<listitem>
<para>
generates a key for use by nsupdate and named.
</para>
<indexterm zone="bind ddns-confgen">
<primary sortas="b-ddns-confgen">ddns-confgen</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="delv">
<term><command>delv</command></term>
<listitem>
<para>
is a new debugging tool that is a successor to
<command>dig</command>.
</para>
<indexterm zone="bind delv">
<primary sortas="b-delv">delv</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="dig">
<term><command>dig</command></term>
<listitem>
<para>interrogates DNS servers.</para>
<indexterm zone="bind dig">
<primary sortas="b-dig">dig</primary>
</indexterm>
</listitem>
</varlistentry>
<!--
<varlistentry id="dnssec-checkds">
<term><command>dnssec-checkds</command></term>
<listitem>
<para>
is a DNSSEC delegation consistency checking tool.
</para>
<indexterm zone="bind dnssec-checkds">
<primary sortas="b-dnssec-checkds">dnssec-checkds</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="dnssec-coverage">
<term><command>dnssec-coverage</command></term>
<listitem>
<para>
verifies that the DNSSEC keys for a given zone or a set of zones
have timing metadata set properly to ensure no future lapses
in DNSSEC coverage.
</para>
<indexterm zone="bind dnssec-coverage">
<primary sortas="b-dnssec-coverage">dnssec-coverage</primary>
</indexterm>
</listitem>
</varlistentry>-->
<varlistentry id="dnssec-dsfromkey">
<term><command>dnssec-dsfromkey</command></term>
<listitem>
<para>
outputs the Delegation Signer (DS) resource record (RR).
</para>
<indexterm zone="bind dnssec-dsfromkey">
<primary sortas="b-dnssec-dsfromkey">dnssec-dsfromkey</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="dnssec-importkey">
<term><command>dnssec-importkey</command></term>
<listitem>
<para>
reads a public DNSKEY record and generates a pair of
.key/.private files.
</para>
<indexterm zone="bind dnssec-importkey">
<primary sortas="b-dnssec-importkey">dnssec-importkey</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="dnssec-keyfromlabel">
<term><command>dnssec-keyfromlabel</command></term>
<listitem>
<para>
gets keys with the given label from a crypto hardware and builds
key files for DNSSEC.
</para>
<indexterm zone="bind dnssec-keyfromlabel">
<primary sortas="b-dnssec-keyfromlabel">dnssec-keyfromlabel</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="dnssec-keygen">
<term><command>dnssec-keygen</command></term>
<listitem>
<para>is a key generator for secure DNS.</para>
<indexterm zone="bind dnssec-keygen">
<primary sortas="b-dnssec-keygen">dnssec-keygen</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="dnssec-revoke">
<term><command>dnssec-revoke</command></term>
<listitem>
<para>
sets the REVOKED bit on a DNSSEC key.
</para>
<indexterm zone="bind dnssec-revoke">
<primary sortas="b-dnssec-revoke">dnssec-revoke</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="dnssec-settime">
<term><command>dnssec-settime</command></term>
<listitem>
<para>
sets the key timing metadata for a DNSSEC key.
</para>
<indexterm zone="bind dnssec-settime">
<primary sortas="b-dnssec-settime">dnssec-settime</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="dnssec-signzone">
<term><command>dnssec-signzone</command></term>
<listitem>
<para>generates signed versions of zone files.</para>
<indexterm zone="bind dnssec-signzone">
<primary sortas="b-dnssec-signzone">dnssec-signzone</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="dnssec-verify">
<term><command>dnssec-verify</command></term>
<listitem>
<para>
verifies that a zone is fully signed for each algorithm found
in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
chains are complete.
</para>
<indexterm zone="bind dnssec-verify">
<primary sortas="b-dnssec-verify">dnssec-verify</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="genrandom">
<term><command>genrandom</command></term>
<listitem>
<para>
generates a file containing random data.
</para>
<indexterm zone="bind genrandom">
<primary sortas="b-genrandom">genrandom</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="host">
<term><command>host</command></term>
<listitem>
<para>is a utility for DNS lookups.</para>
<indexterm zone="bind host">
<primary sortas="b-host">host</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="isc-config.sh">
<term><command>isc-config.sh</command></term>
<listitem>
<para>
prints information related to the installed version of ISC BIND.
</para>
<indexterm zone="bind isc-config.sh">
<primary sortas="b-isc-config.sh">isc-config.sh</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="isc-hmac-fixup">
<term><command>isc-hmac-fixup</command></term>
<listitem>
<para>
fixes HMAC keys generated by older versions of BIND.
</para>
<indexterm zone="bind isc-hmac-fixup">
<primary sortas="b-isc-hmac-fixup">isc-hmac-fixup</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="lwresd">
<term><command>lwresd</command></term>
<listitem>
<para>is a caching-only name server for local process use.</para>
<indexterm zone="bind lwresd">
<primary sortas="b-lwresd">lwresd</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="named">
<term><command>named</command></term>
<listitem>
<para>is the name server daemon.</para>
<indexterm zone="bind named">
<primary sortas="b-named">named</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="named-checkconf">
<term><command>named-checkconf</command></term>
<listitem>
<para>checks the syntax of <filename>named.conf</filename>
files.</para>
<indexterm zone="bind named-checkconf">
<primary sortas="b-named-checkconf">named-checkconf</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="named-checkzone">
<term><command>named-checkzone</command></term>
<listitem>
<para>checks zone file validity.</para>
<indexterm zone="bind named-checkzone">
<primary sortas="b-named-checkzone">named-checkzone</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="named-compilezone">
<term><command>named-compilezone</command></term>
<listitem>
<para>
is similar to <command>named-checkzone</command>, but it always
dumps the zone contents to a specified file in a specified format.
</para>
<indexterm zone="bind named-compilezone">
<primary sortas="b-named-compilezone">named-compilezone</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="named-journalprint">
<term><command>named-journalprint</command></term>
<listitem>
<para>
prints the zone journal in human-readable form.
</para>
<indexterm zone="bind named-journalprint">
<primary sortas="b-named-journalprint">named-journalprint</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="named-rrchecker">
<term><command>named-rrchecker</command></term>
<listitem>
<para>
reads an individual DNS resource record from standard input and
checks if it is syntactically correct.
</para>
<indexterm zone="bind named-rrchecker">
<primary sortas="b-named-rrchecker">named-rrchecker</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="nsec3hash">
<term><command>nsec3hash</command></term>
<listitem>
<para>
generates an NSEC3 hash based on a set of NSEC3 parameters.
</para>
<indexterm zone="bind nsec3hash">
<primary sortas="b-nsec3hash">nsec3hash</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="nslookup">
<term><command>nslookup</command></term>
<listitem>
<para>is a program used to query Internet domain nameservers.</para>
<indexterm zone="bind nslookup">
<primary sortas="b-nslookup">nslookup</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="nsupdate">
<term><command>nsupdate</command></term>
<listitem>
<para>is used to submit DNS update requests.</para>
<indexterm zone="bind nsupdate">
<primary sortas="b-nsupdate">nsupdate</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="rndc">
<term><command>rndc</command></term>
<listitem>
<para>controls the operation of <application>BIND</application>.</para>
<indexterm zone="bind rndc">
<primary sortas="b-rndc">rndc</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="rndc-confgen">
<term><command>rndc-confgen</command></term>
<listitem>
<para>generates <filename>rndc.conf</filename> files.</para>
<indexterm zone="bind rndc-confgen">
<primary sortas="b-rndc-confgen">rndc-confgen</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="tsig-keygen">
<term><command>tsig-keygen</command></term>
<listitem>
<para>
is a symlink to <command>ddns-confgen</command>.
</para>
<indexterm zone="bind tsig-keygen">
<primary sortas="b-tsig-keygen">tsig-keygen</primary>
</indexterm>
</listitem>
</varlistentry>
</variablelist>
</sect2>
</sect1>
Reference in New Issue View Git Blame Copy Permalink