|
|
HP-UX Reference > Nnamed(1M)HP-UX 11i Version 2: December 2007 Update |
|
NAMEnamed — Internet domain name server SYNOPSISnamed [-4] [-c config_file] [-d debuglevel] [-f] [-g] [-n no_of_cpus] [-p port_number] [-t directory] [-u user_id] [-v] DESCRIPTIONnamed is the Internet domain name server. See RFC 1033, RFC 1034, and RFC 1035 for more information on the Domain Name System (DNS). Without any arguments, named reads the default configuration file /etc/named.conf, reads any initial data, and listens for queries. named requires superuser privileges to execute. Options
Any additional argument is taken as the name of the configuration file. The configuration file contains information about where the name server gets its initial data. If multiple configuration files are specified, only the last is used. Lines in the configuration file cannot be continued on subsequent lines. The following is a small example: // /* configuration file for name server */ # options { directory "/usr/local/domain"; forwarders { 10.0.0.78; 10.2.0.78; }; }; key rndc_key { algorithm "hmac-md5"; secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K"; }; controls { inet 127.0.0.1 allow { 127.0.0.1; } keys { rndc_key; }; }; zone "." { type hint; file "db.cache"; }; zone "berkeley.edu" { type master; file "db.berkeley"; }; zone "32.128.in-addr.arpa" { type master; file "db.128.32"; }; zone "cc.berkeley.edu" { type slave; file "db.cc"; masters { 128.32.137.8; }; }; The directory statement changes the working directory of the server to the directory specified. The working directory specified is relative to the new root directory if set by the -t option. This can be important for the correct processing of $INCLUDE files (described later) in primary server's master files. Files referenced in the configuration file contain data in the master file format described in RFC 1035. The key statement names a key with its string argument. The string has to be a valid domain name. However, this need not be hierarchical; thus, a string "rndc_key" is a valid name. The key statement has two clauses: algorithm and secret. The configuration parser will accept any string as the argument to algorithm. However, only the string "hmac-md5" is supported for accepting control messages from the utility, rndc. See rndc(1) and rndc.conf(4). The secret is a base-64 encoded string, typically generated with dnssec-keygen. The controls statement is used to configure the name server to accept connections from the utility, rndc which controls the name server. The key specified in this statement should match the one set in the rndc configuration file, rndc.conf. The forwarders line specifies the addresses of sitewide servers that will accept recursive queries from other servers. If the configuration file specifies one or more forwarders, then the server will send all queries for data not in the cache or in its authoritative data to the forwarders first. Each forwarder will be asked in turn until an answer is returned or the list is exhausted. If no answer is forthcoming from a forwarder, the server will continue as it would have without the forwarders line unless it is in forward-only mode. The forwarding facility is useful to cause a large sitewide cache to be generated on a master, and to reduce traffic over links to outside servers. The noforward line specifies that the DNS server will not forward any request for something in or below the listed domains, even if the forwarders directive exists. A server can access information from servers in other domains given a list of root name servers and their addresses. The zone "." line specifies that data in db.cache is to be placed in the backup cache. Its use is to prime the server with the locations of root domain servers. This information is used to find the current root servers and their addresses. The current root server information is placed in the operating cache. Data for the root name servers in the backup cache are never discarded. The zone "berkeley.edu" line states that the master file db.berkeley contains authoritative data for the berkeley.edu zone. A server authoritative for a zone has the most accurate information for the zone. All domain names are relative to the origin, in this case, berkeley.edu (see below for a more detailed description). The zone "32.128.in-addr.arpa" line states that the file db.128.32 contains authoritative data for the domain 32.128.in-addr.arpa. This domain is used to translate addresses in network 128.32 to hostnames. The zone "cc.berkeley.edu" line specifies that all authoritative data in the cc.berkeley.edu zone is to be transferred from the name server at Internet address 128.32.137.8 and will be saved in the backup file db.cc. Up to 10 addresses can be listed on this line. If a transfer fails, it will try the next address in the list. The secondary copy is also authoritative for the specified domain. The first non-Internet address on this line will be taken as a filename in which to backup the transferred zone. The name server will load the zone from this backup file (if it exists) when it boots, providing a complete copy, even if the master servers are unreachable. Whenever a new copy of the domain is received from one of the master servers, this file is updated. If no file name is given, a temporary file will be used and will be deleted after each successful zone transfer. This is not recommended because it causes a needless waste of bandwidth. IPv6 Options
Master File FormatThe master file consists of control information and a list of resource records for objects in the zone of the forms: $INCLUDE filename opt_domain $ORIGIN domain domain opt_ttl opt_class type resource_record_data where:
Resource records normally end at the end of a line, but may be continued across lines between opening and closing parentheses. Comments are introduced by semicolons and continue to the end of the line. NOTE: All the db files have to start with a $TTL value. There are other resource record types not shown here. You should consult the BIND Operations Guide (``BOG'') for the complete list. Some resource record types may have been standardized in newer RFCs but not yet implemented in this version of BIND. SOA Record FormatEach master zone file should begin with an SOA record for the zone. An example SOA record is as follows: @ IN SOA ucbvax.Berkeley.EDU. rwh.ucbvax.Berkeley.EDU. ( 1989020501 ; serial 10800 ; refresh 3600 ; retry 3600000 ; expire 86400 ) ; minimum The SOA specifies a serial number, which should be changed each time the master file is changed. Note that, it is not advisable to give the serial number as a dotted number, since the translation to normal integers is via concatenation rather than multiplication and addition. You can spell out the year, month, day of month, and 0..99 version number and still fit inside the unsigned 32-bit size of this field. (It's true that we will have to rethink this strategy in the year 4294.) Secondary servers check the serial number at intervals specified by the refresh time in seconds; if the serial number changes, a zone transfer will be done to load the new data. If a master server cannot be contacted when a refresh is due, the retry time specifies the interval at which refreshes should be attempted. If a master server cannot be contacted within the interval given by the expire time, all data from the zone is discarded by secondary servers. The minimum value is the time-to-live (``TTL'') used by records in the file with no explicit time-to-live value. NOTE: The boot file directives domain and suffixes have been obsoleted by a more useful, resolver-based implementation of suffixing for partially-qualified domain names. The prior mechanisms could fail under a number of situations, especially when then local name server did not have complete information. The following signals have the specified effect when sent to the server process using the kill(1) command:
Sending any other signals to the name server will have undefined outcome. sig_named(1M) can also be used for sending signals to the server process. DIAGNOSTICSAny errors encountered by named in the configuration file, master files, or in normal operation are logged with syslog and in the debug file, ./named.run, if debugging is on and named will quit. FILES
SEE ALSOdnssec-keygen(1), dnssec-makekeyset(1), dnssec-signkey(1), dnssec-signzone(1), host(1), kill(1), nsupdate(1), rndc(1), hosts_to_named(1M), lwresd(1M), signal(2), gethostent(3N), rndc.conf(4), hostname(5). RFC 882, RFC 883, RFC 973, RFC 974, RFC 1032, RFC 1033, RFC 1034, RFC 1035, RFC 1123. |
|