From ea648e70a989cca190cd7403fe892fd2dcc290b4 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 5 May 2024 20:37:14 +0200 Subject: Adding upstream version 1:9.11.5.P4+dfsg. Signed-off-by: Daniel Baumann --- doc/arm/Bv9ARM.html | 448 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 448 insertions(+) create mode 100644 doc/arm/Bv9ARM.html (limited to 'doc/arm/Bv9ARM.html') diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html new file mode 100644 index 0000000..f8df3c9 --- /dev/null +++ b/doc/arm/Bv9ARM.html @@ -0,0 +1,448 @@ + + + + + +BIND 9 Administrator Reference Manual + + + + + +
+ + + + + + + +
BIND 9 Administrator Reference Manual
   Next +
+
+
+
+
+
+

+BIND 9 Administrator Reference Manual

+

BIND Version 9.11.5-P4

+

Copyright © 2000-2019 Internet Systems Consortium, Inc. ("ISC")

+
+
+
+
+

Table of Contents

+
+
1. Introduction
+
+
Scope of Document
+
Organization of This Document
+
Conventions Used in This Document
+
The Domain Name System (DNS)
+
+
DNS Fundamentals
+
Domains and Domain Names
+
Zones
+
Authoritative Name Servers
+
Caching Name Servers
+
Name Servers in Multiple Roles
+
+
+
2. BIND Resource Requirements
+
+
Hardware requirements
+
CPU Requirements
+
Memory Requirements
+
Name Server Intensive Environment Issues
+
Supported Operating Systems
+
+
3. Name Server Configuration
+
+
Sample Configurations
+
+
A Caching-only Name Server
+
An Authoritative-only Name Server
+
+
Load Balancing
+
Name Server Operations
+
+
Tools for Use With the Name Server Daemon
+
Signals
+
+
+
4. Advanced DNS Features
+
+
Notify
+
Dynamic Update
+
The journal file
+
Incremental Zone Transfers (IXFR)
+
Split DNS
+
Example split DNS setup
+
TSIG
+
+
Generating a Shared Key
+
Loading A New Key
+
Instructing the Server to Use a Key
+
TSIG-Based Access Control
+
Errors
+
+
TKEY
+
SIG(0)
+
DNSSEC
+
+
Generating Keys
+
Signing the Zone
+
Configuring Servers
+
+
DNSSEC, Dynamic Zones, and Automatic Signing
+
+
Converting from insecure to secure
+
Dynamic DNS update method
+
Fully automatic zone signing
+
Private-type records
+
DNSKEY rollovers
+
Dynamic DNS update method
+
Automatic key rollovers
+
NSEC3PARAM rollovers via UPDATE
+
Converting from NSEC to NSEC3
+
Converting from NSEC3 to NSEC
+
Converting from secure to insecure
+
Periodic re-signing
+
NSEC3 and OPTOUT
+
+
Dynamic Trust Anchor Management
+
+
Validating Resolver
+
Authoritative Server
+
+
PKCS#11 (Cryptoki) support
+
+
Prerequisites
+
Native PKCS#11
+
OpenSSL-based PKCS#11
+
PKCS#11 Tools
+
Using the HSM
+
Specifying the engine on the command line
+
Running named with automatic zone re-signing
+
+
DLZ (Dynamically Loadable Zones)
+
+
Configuring DLZ
+
Sample DLZ Driver
+
+
DynDB (Dynamic Database)
+
+
Configuring DynDB
+
Sample DynDB Module
+
+
Catalog Zones
+
+
Principle of Operation
+
Configuring Catalog Zones
+
Catalog Zone format
+
+
IPv6 Support in BIND 9
+
+
Address Lookups Using AAAA Records
+
Address to Name Lookups Using Nibble Format
+
+
+
5. The BIND 9 Lightweight Resolver
+
+
The Lightweight Resolver Library
+
Running a Resolver Daemon
+
+
6. BIND 9 Configuration Reference
+
+
Configuration File Elements
+
+
Address Match Lists
+
Comment Syntax
+
+
Configuration File Grammar
+
+
acl Statement Grammar
+
acl Statement Definition and + Usage
+
controls Statement Grammar
+
controls Statement Definition and + Usage
+
include Statement Grammar
+
include Statement Definition and Usage
+
key Statement Grammar
+
key Statement Definition and Usage
+
logging Statement Grammar
+
logging Statement Definition and Usage
+
lwres Statement Grammar
+
lwres Statement Definition and Usage
+
masters Statement Grammar
+
masters Statement Definition and + Usage
+
options Statement Grammar
+
options Statement Definition and + Usage
+
server Statement Grammar
+
server Statement Definition and + Usage
+
statistics-channels Statement Grammar
+
statistics-channels Statement Definition and + Usage
+
trusted-keys Statement Grammar
+
trusted-keys Statement Definition + and Usage
+
managed-keys Statement Grammar
+
managed-keys Statement Definition + and Usage
+
view Statement Grammar
+
view Statement Definition and Usage
+
zone + Statement Grammar
+
zone Statement Definition and Usage
+
+
Zone File
+
+
Types of Resource Records and When to Use Them
+
Discussion of MX Records
+
Setting TTLs
+
Inverse Mapping in IPv4
+
Other Zone File Directives
+
BIND Master File Extension: the $GENERATE Directive
+
Additional File Formats
+
+
BIND9 Statistics
+
+
The Statistics File
+
Statistics Counters
+
+
+
7. BIND 9 Security Considerations
+
+
Access Control Lists
+
Chroot and Setuid
+
+
The chroot Environment
+
Using the setuid Function
+
+
Dynamic Update Security
+
+
8. Troubleshooting
+
+
Common Problems
+
It's not working; how can I figure out what's wrong?
+
Incrementing and Changing the Serial Number
+
Where Can I Get Help?
+
+
A. Release Notes
+
+
Release Notes for BIND Version 9.11.5-P4
+
+
Introduction
+
Download
+
License Change
+
Legacy Windows No Longer Supported
+
Security Fixes
+
New Features
+
Removed Features
+
Feature Changes
+
Bug Fixes
+
End of Life
+
Thank You
+
+
+
B. A Brief History of the DNS and BIND
+
C. General DNS Reference Information
+
+
IPv6 addresses (AAAA)
+
Bibliography (and Suggested Reading)
+
+
Request for Comments (RFCs)
+
Internet Drafts
+
Other Documents About BIND
+
+
+
D. BIND 9 DNS Library Support
+
+
BIND 9 DNS Library Support
+
+
Installation
+
Known Defects/Restrictions
+
The dns.conf File
+
Sample Applications
+
Library References
+
+
+
I. Manual pages
+
+
+dig — DNS lookup utility +
+
+mdig — DNS pipelined lookup utility +
+
+host — DNS lookup utility +
+
+delv — DNS lookup and validation utility +
+
+nslookup — query Internet name servers interactively +
+
+dnssec-checkds — DNSSEC delegation consistency checking tool +
+
+dnssec-coverage — checks future DNSKEY coverage for a zone +
+
+dnssec-dsfromkey — DNSSEC DS RR generation tool +
+
+dnssec-importkey — import DNSKEY records from external systems so they can be managed +
+
+dnssec-keyfromlabel — DNSSEC key generation tool +
+
+dnssec-keygen — DNSSEC key generation tool +
+
+dnssec-keymgr — Ensures correct DNSKEY coverage for a zone based on a defined policy +
+
+dnssec-revoke — set the REVOKED bit on a DNSSEC key +
+
+dnssec-settime — set the key timing metadata for a DNSSEC key +
+
+dnssec-signzone — DNSSEC zone signing tool +
+
+dnssec-verify — DNSSEC zone verification tool +
+
+lwresd — lightweight resolver daemon +
+
+named — Internet domain name server +
+
+named.conf — configuration file for named +
+
+named-checkconf — named configuration file syntax checking tool +
+
+named-checkzone — zone file validity checking or converting tool +
+
+named-journalprint — print zone journal in human-readable form +
+
+named-nzd2nzf — + Convert an NZD database to NZF text format + +
+
+named-rrchecker — syntax checker for individual DNS resource records +
+
+nsupdate — Dynamic DNS update utility +
+
+rndc — name server control utility +
+
+rndc.conf — rndc configuration file +
+
+rndc-confgen — rndc key generation tool +
+
+ddns-confgen — ddns key generation tool +
+
+arpaname — translate IP addresses to the corresponding ARPA names +
+
+dnstap-read — print dnstap data in human-readable form +
+
+genrandom — generate a file containing random data +
+
+isc-hmac-fixup — fixes HMAC keys generated by older versions of BIND +
+
+nsec3hash — generate NSEC3 hash +
+
+pkcs11-destroy — destroy PKCS#11 objects +
+
+pkcs11-list — list PKCS#11 objects +
+
+pkcs11-keygen — generate keys on a PKCS#11 device +
+
+pkcs11-tokens — list PKCS#11 available tokens +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ + + + + + + + + + + +
   Next +
   Chapter 1. Introduction
+
+

BIND 9.11.5-P4 (Extended Support Version)

+ + -- cgit v1.2.3