2 - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
3 - Copyright (C) 2000-2003 Internet Software Consortium.
5 - Permission to use, copy, modify, and/or distribute this software for any
6 - purpose with or without fee is hereby granted, provided that the above
7 - copyright notice and this permission notice appear in all copies.
9 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 - PERFORMANCE OF THIS SOFTWARE.
17 <!-- $Id: Bv9ARM.ch03.html,v 1.71.48.4 2010/01/24 01:55:25 tbox Exp $ -->
20 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
21 <title>Chapter 3. Name Server Configuration</title>
22 <meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
23 <link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
24 <link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
25 <link rel="prev" href="Bv9ARM.ch02.html" title="Chapter 2. BIND Resource Requirements">
26 <link rel="next" href="Bv9ARM.ch04.html" title="Chapter 4. Advanced DNS Features">
28 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
29 <div class="navheader">
30 <table width="100%" summary="Navigation header">
31 <tr><th colspan="3" align="center">Chapter 3. Name Server Configuration</th></tr>
33 <td width="20%" align="left">
34 <a accesskey="p" href="Bv9ARM.ch02.html">Prev</a> </td>
35 <th width="60%" align="center"> </th>
36 <td width="20%" align="right"> <a accesskey="n" href="Bv9ARM.ch04.html">Next</a>
42 <div class="chapter" lang="en">
43 <div class="titlepage"><div><div><h2 class="title">
44 <a name="Bv9ARM.ch03"></a>Chapter 3. Name Server Configuration</h2></div></div></div>
46 <p><b>Table of Contents</b></p>
48 <dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
50 <dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567764">A Caching-only Name Server</a></span></dt>
51 <dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567780">An Authoritative-only Name Server</a></span></dt>
53 <dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568007">Load Balancing</a></span></dt>
54 <dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568361">Name Server Operations</a></span></dt>
56 <dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568366">Tools for Use With the Name Server Daemon</a></span></dt>
57 <dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570006">Signals</a></span></dt>
62 In this chapter we provide some suggested configurations along
63 with guidelines for their use. We suggest reasonable values for
64 certain option settings.
66 <div class="sect1" lang="en">
67 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
68 <a name="sample_configuration"></a>Sample Configurations</h2></div></div></div>
69 <div class="sect2" lang="en">
70 <div class="titlepage"><div><div><h3 class="title">
71 <a name="id2567764"></a>A Caching-only Name Server</h3></div></div></div>
73 The following sample configuration is appropriate for a caching-only
74 name server for use by clients internal to a corporation. All
76 from outside clients are refused using the <span><strong class="command">allow-query</strong></span>
77 option. Alternatively, the same effect could be achieved using
81 <pre class="programlisting">
82 // Two corporate subnets we wish to allow queries from.
83 acl corpnets { 192.168.4.0/24; 192.168.7.0/24; };
85 directory "/etc/namedb"; // Working directory
86 allow-query { corpnets; };
88 // Provide a reverse mapping for the loopback address 127.0.0.1
89 zone "0.0.127.in-addr.arpa" {
96 <div class="sect2" lang="en">
97 <div class="titlepage"><div><div><h3 class="title">
98 <a name="id2567780"></a>An Authoritative-only Name Server</h3></div></div></div>
100 This sample configuration is for an authoritative-only server
101 that is the master server for "<code class="filename">example.com</code>"
102 and a slave for the subdomain "<code class="filename">eng.example.com</code>".
104 <pre class="programlisting">
106 directory "/etc/namedb"; // Working directory
107 allow-query-cache { none; }; // Do not allow access to cache
108 allow-query { any; }; // This is the default
109 recursion no; // Do not provide recursive service
112 // Provide a reverse mapping for the loopback address 127.0.0.1
113 zone "0.0.127.in-addr.arpa" {
115 file "localhost.rev";
118 // We are the master server for example.com
121 file "example.com.db";
122 // IP addresses of slave servers allowed to transfer example.com
128 // We are a slave server for eng.example.com
129 zone "eng.example.com" {
131 file "eng.example.com.bk";
132 // IP address of eng.example.com master server
133 masters { 192.168.4.12; };
138 <div class="sect1" lang="en">
139 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
140 <a name="id2568007"></a>Load Balancing</h2></div></div></div>
142 A primitive form of load balancing can be achieved in
143 the <acronym class="acronym">DNS</acronym> by using multiple records
144 (such as multiple A records) for one name.
147 For example, if you have three WWW servers with network addresses
148 of 10.0.0.1, 10.0.0.2 and 10.0.0.3, a set of records such as the
149 following means that clients will connect to each machine one third
152 <div class="informaltable"><table border="1">
184 Resource Record (RR) Data
191 <code class="literal">www</code>
196 <code class="literal">600</code>
201 <code class="literal">IN</code>
206 <code class="literal">A</code>
211 <code class="literal">10.0.0.1</code>
221 <code class="literal">600</code>
226 <code class="literal">IN</code>
231 <code class="literal">A</code>
236 <code class="literal">10.0.0.2</code>
246 <code class="literal">600</code>
251 <code class="literal">IN</code>
256 <code class="literal">A</code>
261 <code class="literal">10.0.0.3</code>
268 When a resolver queries for these records, <acronym class="acronym">BIND</acronym> will rotate
269 them and respond to the query with the records in a different
270 order. In the example above, clients will randomly receive
271 records in the order 1, 2, 3; 2, 3, 1; and 3, 1, 2. Most clients
272 will use the first record returned and discard the rest.
275 For more detail on ordering responses, check the
276 <span><strong class="command">rrset-order</strong></span> substatement in the
277 <span><strong class="command">options</strong></span> statement, see
278 <a href="Bv9ARM.ch06.html#rrset_ordering">RRset Ordering</a>.
281 <div class="sect1" lang="en">
282 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
283 <a name="id2568361"></a>Name Server Operations</h2></div></div></div>
284 <div class="sect2" lang="en">
285 <div class="titlepage"><div><div><h3 class="title">
286 <a name="id2568366"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
288 This section describes several indispensable diagnostic,
289 administrative and monitoring tools available to the system
290 administrator for controlling and debugging the name server
293 <div class="sect3" lang="en">
294 <div class="titlepage"><div><div><h4 class="title">
295 <a name="diagnostic_tools"></a>Diagnostic Tools</h4></div></div></div>
297 The <span><strong class="command">dig</strong></span>, <span><strong class="command">host</strong></span>, and
298 <span><strong class="command">nslookup</strong></span> programs are all command
300 for manually querying name servers. They differ in style and
303 <div class="variablelist"><dl>
304 <dt><span class="term"><a name="dig"></a><span><strong class="command">dig</strong></span></span></dt>
307 The domain information groper (<span><strong class="command">dig</strong></span>)
308 is the most versatile and complete of these lookup tools.
309 It has two modes: simple interactive
310 mode for a single query, and batch mode which executes a
312 each in a list of several query lines. All query options are
314 from the command line.
316 <div class="cmdsynopsis"><p><code class="command">dig</code> [@<em class="replaceable"><code>server</code></em>] <em class="replaceable"><code>domain</code></em> [<em class="replaceable"><code>query-type</code></em>] [<em class="replaceable"><code>query-class</code></em>] [+<em class="replaceable"><code>query-option</code></em>] [-<em class="replaceable"><code>dig-option</code></em>] [%<em class="replaceable"><code>comment</code></em>]</p></div>
318 The usual simple use of <span><strong class="command">dig</strong></span> will take the form
321 <span><strong class="command">dig @server domain query-type query-class</strong></span>
324 For more information and a list of available commands and
325 options, see the <span><strong class="command">dig</strong></span> man
329 <dt><span class="term"><span><strong class="command">host</strong></span></span></dt>
332 The <span><strong class="command">host</strong></span> utility emphasizes
334 and ease of use. By default, it converts
335 between host names and Internet addresses, but its
337 can be extended with the use of options.
339 <div class="cmdsynopsis"><p><code class="command">host</code> [-aCdlnrsTwv] [-c <em class="replaceable"><code>class</code></em>] [-N <em class="replaceable"><code>ndots</code></em>] [-t <em class="replaceable"><code>type</code></em>] [-W <em class="replaceable"><code>timeout</code></em>] [-R <em class="replaceable"><code>retries</code></em>] [-m <em class="replaceable"><code>flag</code></em>] [-4] [-6] <em class="replaceable"><code>hostname</code></em> [<em class="replaceable"><code>server</code></em>]</p></div>
341 For more information and a list of available commands and
342 options, see the <span><strong class="command">host</strong></span> man
346 <dt><span class="term"><span><strong class="command">nslookup</strong></span></span></dt>
348 <p><span><strong class="command">nslookup</strong></span>
349 has two modes: interactive and
350 non-interactive. Interactive mode allows the user to
351 query name servers for information about various
352 hosts and domains or to print a list of hosts in a
353 domain. Non-interactive mode is used to print just
354 the name and requested information for a host or
357 <div class="cmdsynopsis"><p><code class="command">nslookup</code> [-option...] [[<em class="replaceable"><code>host-to-find</code></em>] | [- [server]]]</p></div>
359 Interactive mode is entered when no arguments are given (the
360 default name server will be used) or when the first argument
362 hyphen (`-') and the second argument is the host name or
367 Non-interactive mode is used when the name or Internet
369 of the host to be looked up is given as the first argument.
371 optional second argument specifies the host name or address
375 Due to its arcane user interface and frequently inconsistent
376 behavior, we do not recommend the use of <span><strong class="command">nslookup</strong></span>.
377 Use <span><strong class="command">dig</strong></span> instead.
382 <div class="sect3" lang="en">
383 <div class="titlepage"><div><div><h4 class="title">
384 <a name="admin_tools"></a>Administrative Tools</h4></div></div></div>
386 Administrative tools play an integral part in the management
389 <div class="variablelist"><dl>
391 <a name="named-checkconf"></a><span class="term"><span><strong class="command">named-checkconf</strong></span></span>
395 The <span><strong class="command">named-checkconf</strong></span> program
396 checks the syntax of a <code class="filename">named.conf</code> file.
398 <div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [-jvz] [-t <em class="replaceable"><code>directory</code></em>] [<em class="replaceable"><code>filename</code></em>]</p></div>
401 <a name="named-checkzone"></a><span class="term"><span><strong class="command">named-checkzone</strong></span></span>
405 The <span><strong class="command">named-checkzone</strong></span> program
406 checks a master file for
407 syntax and consistency.
409 <div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [-djqvD] [-c <em class="replaceable"><code>class</code></em>] [-o <em class="replaceable"><code>output</code></em>] [-t <em class="replaceable"><code>directory</code></em>] [-w <em class="replaceable"><code>directory</code></em>] [-k <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-n <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-W <em class="replaceable"><code>(ignore|warn)</code></em>] <em class="replaceable"><code>zone</code></em> [<em class="replaceable"><code>filename</code></em>]</p></div>
412 <a name="named-compilezone"></a><span class="term"><span><strong class="command">named-compilezone</strong></span></span>
415 Similar to <span><strong class="command">named-checkzone,</strong></span> but
416 it always dumps the zone content to a specified file
417 (typically in a different format).
420 <a name="rndc"></a><span class="term"><span><strong class="command">rndc</strong></span></span>
424 The remote name daemon control
425 (<span><strong class="command">rndc</strong></span>) program allows the
427 administrator to control the operation of a name server.
428 Since <acronym class="acronym">BIND</acronym> 9.2, <span><strong class="command">rndc</strong></span>
429 supports all the commands of the BIND 8 <span><strong class="command">ndc</strong></span>
430 utility except <span><strong class="command">ndc start</strong></span> and
431 <span><strong class="command">ndc restart</strong></span>, which were also
432 not supported in <span><strong class="command">ndc</strong></span>'s
434 If you run <span><strong class="command">rndc</strong></span> without any
436 it will display a usage message as follows:
438 <div class="cmdsynopsis"><p><code class="command">rndc</code> [-c <em class="replaceable"><code>config</code></em>] [-s <em class="replaceable"><code>server</code></em>] [-p <em class="replaceable"><code>port</code></em>] [-y <em class="replaceable"><code>key</code></em>] <em class="replaceable"><code>command</code></em> [<em class="replaceable"><code>command</code></em>...]</p></div>
439 <p>The <span><strong class="command">command</strong></span>
440 is one of the following:
442 <div class="variablelist"><dl>
443 <dt><span class="term"><strong class="userinput"><code>reload</code></strong></span></dt>
445 Reload configuration file and zones.
447 <dt><span class="term"><strong class="userinput"><code>reload <em class="replaceable"><code>zone</code></em>
448 [<span class="optional"><em class="replaceable"><code>class</code></em>
449 [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
451 Reload the given zone.
453 <dt><span class="term"><strong class="userinput"><code>refresh <em class="replaceable"><code>zone</code></em>
454 [<span class="optional"><em class="replaceable"><code>class</code></em>
455 [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
457 Schedule zone maintenance for the given zone.
459 <dt><span class="term"><strong class="userinput"><code>retransfer <em class="replaceable"><code>zone</code></em>
461 [<span class="optional"><em class="replaceable"><code>class</code></em>
462 [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
464 Retransfer the given zone from the master.
466 <dt><span class="term"><strong class="userinput"><code>freeze
467 [<span class="optional"><em class="replaceable"><code>zone</code></em>
468 [<span class="optional"><em class="replaceable"><code>class</code></em>
469 [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
471 Suspend updates to a dynamic zone. If no zone is
473 then all zones are suspended. This allows manual
474 edits to be made to a zone normally updated by dynamic
476 also causes changes in the journal file to be synced
478 and the journal file to be removed. All dynamic
480 be refused while the zone is frozen.
482 <dt><span class="term"><strong class="userinput"><code>thaw
483 [<span class="optional"><em class="replaceable"><code>zone</code></em>
484 [<span class="optional"><em class="replaceable"><code>class</code></em>
485 [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
487 Enable updates to a frozen dynamic zone. If no zone
489 specified, then all frozen zones are enabled. This
491 the server to reload the zone from disk, and
492 re-enables dynamic updates
493 after the load has completed. After a zone is thawed,
495 will no longer be refused.
497 <dt><span class="term"><strong class="userinput"><code>notify <em class="replaceable"><code>zone</code></em>
498 [<span class="optional"><em class="replaceable"><code>class</code></em>
499 [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
501 Resend NOTIFY messages for the zone.
503 <dt><span class="term"><strong class="userinput"><code>reconfig</code></strong></span></dt>
505 Reload the configuration file and load new zones,
506 but do not reload existing zone files even if they
508 This is faster than a full <span><strong class="command">reload</strong></span> when there
509 is a large number of zones because it avoids the need
511 modification times of the zones files.
513 <dt><span class="term"><strong class="userinput"><code>stats</code></strong></span></dt>
515 Write server statistics to the statistics file.
517 <dt><span class="term"><strong class="userinput"><code>querylog</code></strong></span></dt>
519 Toggle query logging. Query logging can also be enabled
520 by explicitly directing the <span><strong class="command">queries</strong></span>
521 <span><strong class="command">category</strong></span> to a
522 <span><strong class="command">channel</strong></span> in the
523 <span><strong class="command">logging</strong></span> section of
524 <code class="filename">named.conf</code> or by specifying
525 <span><strong class="command">querylog yes;</strong></span> in the
526 <span><strong class="command">options</strong></span> section of
527 <code class="filename">named.conf</code>.
529 <dt><span class="term"><strong class="userinput"><code>dumpdb
530 [<span class="optional">-all|-cache|-zone</span>]
531 [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>
533 Dump the server's caches (default) and/or zones to
535 dump file for the specified views. If no view is
539 <dt><span class="term"><strong class="userinput"><code>stop [<span class="optional">-p</span>]</code></strong></span></dt>
541 Stop the server, making sure any recent changes
542 made through dynamic update or IXFR are first saved to
543 the master files of the updated zones.
544 If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned.
545 This allows an external process to determine when <span><strong class="command">named</strong></span>
546 had completed stopping.
548 <dt><span class="term"><strong class="userinput"><code>halt [<span class="optional">-p</span>]</code></strong></span></dt>
550 Stop the server immediately. Recent changes
551 made through dynamic update or IXFR are not saved to
552 the master files, but will be rolled forward from the
553 journal files when the server is restarted.
554 If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned.
555 This allows an external process to determine when <span><strong class="command">named</strong></span>
556 had completed halting.
558 <dt><span class="term"><strong class="userinput"><code>trace</code></strong></span></dt>
560 Increment the servers debugging level by one.
562 <dt><span class="term"><strong class="userinput"><code>trace <em class="replaceable"><code>level</code></em></code></strong></span></dt>
564 Sets the server's debugging level to an explicit
567 <dt><span class="term"><strong class="userinput"><code>notrace</code></strong></span></dt>
569 Sets the server's debugging level to 0.
571 <dt><span class="term"><strong class="userinput"><code>flush</code></strong></span></dt>
573 Flushes the server's cache.
575 <dt><span class="term"><strong class="userinput"><code>flushname</code></strong> <em class="replaceable"><code>name</code></em></span></dt>
577 Flushes the given name from the server's cache.
579 <dt><span class="term"><strong class="userinput"><code>status</code></strong></span></dt>
581 Display status of the server.
582 Note that the number of zones includes the internal <span><strong class="command">bind/CH</strong></span> zone
583 and the default <span><strong class="command">./IN</strong></span>
584 hint zone if there is not an
585 explicit root zone configured.
587 <dt><span class="term"><strong class="userinput"><code>recursing</code></strong></span></dt>
589 Dump the list of queries <span><strong class="command">named</strong></span> is currently recursing
592 <dt><span class="term"><strong class="userinput"><code>validation
593 [<span class="optional">on|off</span>]
594 [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]
595 </code></strong></span></dt>
597 Enable or disable DNSSEC validation.
598 Note <span><strong class="command">dnssec-enable</strong></span> also needs to be
599 set to <strong class="userinput"><code>yes</code></strong> to be effective.
600 It defaults to enabled.
604 A configuration file is required, since all
605 communication with the server is authenticated with
606 digital signatures that rely on a shared secret, and
607 there is no way to provide that secret other than with a
608 configuration file. The default location for the
609 <span><strong class="command">rndc</strong></span> configuration file is
610 <code class="filename">/etc/rndc.conf</code>, but an
612 location can be specified with the <code class="option">-c</code>
613 option. If the configuration file is not found,
614 <span><strong class="command">rndc</strong></span> will also look in
615 <code class="filename">/etc/rndc.key</code> (or whatever
616 <code class="varname">sysconfdir</code> was defined when
617 the <acronym class="acronym">BIND</acronym> build was
619 The <code class="filename">rndc.key</code> file is
621 running <span><strong class="command">rndc-confgen -a</strong></span> as
623 <a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and
624 Usage">the section called “<span><strong class="command">controls</strong></span> Statement Definition and
628 The format of the configuration file is similar to
629 that of <code class="filename">named.conf</code>, but
631 only four statements, the <span><strong class="command">options</strong></span>,
632 <span><strong class="command">key</strong></span>, <span><strong class="command">server</strong></span> and
633 <span><strong class="command">include</strong></span>
634 statements. These statements are what associate the
635 secret keys to the servers with which they are meant to
636 be shared. The order of statements is not
640 The <span><strong class="command">options</strong></span> statement has
642 <span><strong class="command">default-server</strong></span>, <span><strong class="command">default-key</strong></span>,
643 and <span><strong class="command">default-port</strong></span>.
644 <span><strong class="command">default-server</strong></span> takes a
645 host name or address argument and represents the server
647 be contacted if no <code class="option">-s</code>
648 option is provided on the command line.
649 <span><strong class="command">default-key</strong></span> takes
650 the name of a key as its argument, as defined by a <span><strong class="command">key</strong></span> statement.
651 <span><strong class="command">default-port</strong></span> specifies the
653 <span><strong class="command">rndc</strong></span> should connect if no
654 port is given on the command line or in a
655 <span><strong class="command">server</strong></span> statement.
658 The <span><strong class="command">key</strong></span> statement defines a
660 by <span><strong class="command">rndc</strong></span> when authenticating
662 <span><strong class="command">named</strong></span>. Its syntax is
664 <span><strong class="command">key</strong></span> statement in <code class="filename">named.conf</code>.
665 The keyword <strong class="userinput"><code>key</code></strong> is
666 followed by a key name, which must be a valid
667 domain name, though it need not actually be hierarchical;
669 a string like "<strong class="userinput"><code>rndc_key</code></strong>" is a valid
671 The <span><strong class="command">key</strong></span> statement has two
673 <span><strong class="command">algorithm</strong></span> and <span><strong class="command">secret</strong></span>.
674 While the configuration parser will accept any string as the
676 to algorithm, currently only the string "<strong class="userinput"><code>hmac-md5</code></strong>"
677 has any meaning. The secret is a base-64 encoded string
678 as specified in RFC 3548.
681 The <span><strong class="command">server</strong></span> statement
683 defined using the <span><strong class="command">key</strong></span>
684 statement with a server.
685 The keyword <strong class="userinput"><code>server</code></strong> is followed by a
686 host name or address. The <span><strong class="command">server</strong></span> statement
687 has two clauses: <span><strong class="command">key</strong></span> and <span><strong class="command">port</strong></span>.
688 The <span><strong class="command">key</strong></span> clause specifies the
690 to be used when communicating with this server, and the
691 <span><strong class="command">port</strong></span> clause can be used to
692 specify the port <span><strong class="command">rndc</strong></span> should
697 A sample minimal configuration file is as follows:
699 <pre class="programlisting">
701 algorithm "hmac-md5";
702 secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
705 default-server 127.0.0.1;
706 default-key rndc_key;
710 This file, if installed as <code class="filename">/etc/rndc.conf</code>,
711 would allow the command:
714 <code class="prompt">$ </code><strong class="userinput"><code>rndc reload</code></strong>
717 to connect to 127.0.0.1 port 953 and cause the name server
718 to reload, if a name server on the local machine were
720 following controls statements:
722 <pre class="programlisting">
724 inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
728 and it had an identical key statement for
729 <code class="literal">rndc_key</code>.
732 Running the <span><strong class="command">rndc-confgen</strong></span>
734 conveniently create a <code class="filename">rndc.conf</code>
735 file for you, and also display the
736 corresponding <span><strong class="command">controls</strong></span>
737 statement that you need to
738 add to <code class="filename">named.conf</code>.
740 you can run <span><strong class="command">rndc-confgen -a</strong></span>
742 a <code class="filename">rndc.key</code> file and not
744 <code class="filename">named.conf</code> at all.
750 <div class="sect2" lang="en">
751 <div class="titlepage"><div><div><h3 class="title">
752 <a name="id2570006"></a>Signals</h3></div></div></div>
754 Certain UNIX signals cause the name server to take specific
755 actions, as described in the following table. These signals can
756 be sent using the <span><strong class="command">kill</strong></span> command.
758 <div class="informaltable"><table border="1">
766 <p><span><strong class="command">SIGHUP</strong></span></p>
770 Causes the server to read <code class="filename">named.conf</code> and
777 <p><span><strong class="command">SIGTERM</strong></span></p>
781 Causes the server to clean up and exit.
787 <p><span><strong class="command">SIGINT</strong></span></p>
791 Causes the server to clean up and exit.
800 <div class="navfooter">
802 <table width="100%" summary="Navigation footer">
804 <td width="40%" align="left">
805 <a accesskey="p" href="Bv9ARM.ch02.html">Prev</a> </td>
806 <td width="20%" align="center"> </td>
807 <td width="40%" align="right"> <a accesskey="n" href="Bv9ARM.ch04.html">Next</a>
811 <td width="40%" align="left" valign="top">Chapter 2. <acronym class="acronym">BIND</acronym> Resource Requirements </td>
812 <td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
813 <td width="40%" align="right" valign="top"> Chapter 4. Advanced DNS Features</td>
projects / FreeBSD / releng / 8.1.git / blob