- Copy stable/9 to releng/9.2 as part of the 9.2-RELEASE cycle.

[FreeBSD/releng/9.2.git] / contrib / bind9 / doc / arm / Bv9ARM.ch09.html

<!--
 - Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
 - Copyright (C) 2000-2003 Internet Software Consortium.
 - 
 - Permission to use, copy, modify, and/or distribute this software for any
 - purpose with or without fee is hereby granted, provided that the above
 - copyright notice and this permission notice appear in all copies.
 - 
 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 - PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Appendix A. Appendices</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="prev" href="Bv9ARM.ch08.html" title="Chapter 8. Troubleshooting">
<link rel="next" href="Bv9ARM.ch10.html" title="Manual pages">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<div class="navheader">
<table width="100%" summary="Navigation header">
<tr><th colspan="3" align="center">Appendix A. Appendices</th></tr>
<tr>
<td width="20%" align="left">
<a accesskey="p" href="Bv9ARM.ch08.html">Prev</a> </td>
<th width="60%" align="center"> </th>
<td width="20%" align="right"> <a accesskey="n" href="Bv9ARM.ch10.html">Next</a>
</td>
</tr>
</table>
<hr>
</div>
<div class="appendix" lang="en">
<div class="titlepage"><div><div><h2 class="title">
<a name="Bv9ARM.ch09"></a>Appendix A. Appendices</h2></div></div></div>
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603657">Acknowledgments</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603761">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2607177">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608265">Prerequisite</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608275">Compilation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608299">Installation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608330">Known Defects/Restrictions</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608680">The dns.conf File</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608707">Sample Applications</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609611">Library References</a></span></dt>
</dl></dd>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2603657"></a>Acknowledgments</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="historical_dns_information"></a>A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym>
</h3></div></div></div>
<p>
            Although the "official" beginning of the Domain Name
            System occurred in 1984 with the publication of RFC 920, the
            core of the new system was described in 1983 in RFCs 882 and
            883. From 1984 to 1987, the ARPAnet (the precursor to today's
            Internet) became a testbed of experimentation for developing the
            new naming/addressing scheme in a rapidly expanding,
            operational network environment.  New RFCs were written and
            published in 1987 that modified the original documents to
            incorporate improvements based on the working model. RFC 1034,
            "Domain Names-Concepts and Facilities", and RFC 1035, "Domain
            Names-Implementation and Specification" were published and
            became the standards upon which all <acronym class="acronym">DNS</acronym> implementations are
            built.
          </p>
<p>
            The first working domain name server, called "Jeeves", was
            written in 1983-84 by Paul Mockapetris for operation on DEC
            Tops-20
            machines located at the University of Southern California's
            Information
            Sciences Institute (USC-ISI) and SRI International's Network
            Information
            Center (SRI-NIC). A <acronym class="acronym">DNS</acronym> server for
            Unix machines, the Berkeley Internet
            Name Domain (<acronym class="acronym">BIND</acronym>) package, was
            written soon after by a group of
            graduate students at the University of California at Berkeley
            under
            a grant from the US Defense Advanced Research Projects
            Administration
            (DARPA).
          </p>
<p>
            Versions of <acronym class="acronym">BIND</acronym> through
            4.8.3 were maintained by the Computer
            Systems Research Group (CSRG) at UC Berkeley. Douglas Terry, Mark
            Painter, David Riggle and Songnian Zhou made up the initial <acronym class="acronym">BIND</acronym>
            project team. After that, additional work on the software package
            was done by Ralph Campbell. Kevin Dunlap, a Digital Equipment
            Corporation
            employee on loan to the CSRG, worked on <acronym class="acronym">BIND</acronym> for 2 years, from 1985
            to 1987. Many other people also contributed to <acronym class="acronym">BIND</acronym> development
            during that time: Doug Kingston, Craig Partridge, Smoot
            Carl-Mitchell,
            Mike Muuss, Jim Bloom and Mike Schwartz. <acronym class="acronym">BIND</acronym> maintenance was subsequently
            handled by Mike Karels and Øivind Kure.
          </p>
<p>
            <acronym class="acronym">BIND</acronym> versions 4.9 and 4.9.1 were
            released by Digital Equipment
            Corporation (now Compaq Computer Corporation). Paul Vixie, then
            a DEC employee, became <acronym class="acronym">BIND</acronym>'s
            primary caretaker. He was assisted
            by Phil Almquist, Robert Elz, Alan Barrett, Paul Albitz, Bryan
            Beecher, Andrew
            Partan, Andy Cherenson, Tom Limoncelli, Berthold Paffrath, Fuat
            Baran, Anant Kumar, Art Harkin, Win Treese, Don Lewis, Christophe
            Wolfhugel, and others.
          </p>
<p>
            In 1994, <acronym class="acronym">BIND</acronym> version 4.9.2 was sponsored by
            Vixie Enterprises. Paul
            Vixie became <acronym class="acronym">BIND</acronym>'s principal
            architect/programmer.
          </p>
<p>
            <acronym class="acronym">BIND</acronym> versions from 4.9.3 onward
            have been developed and maintained
            by the Internet Systems Consortium and its predecessor,
            the Internet Software Consortium,  with support being provided
            by ISC's sponsors.
          </p>
<p>
            As co-architects/programmers, Bob Halley and
            Paul Vixie released the first production-ready version of
            <acronym class="acronym">BIND</acronym> version 8 in May 1997.
          </p>
<p>
            BIND version 9 was released in September 2000 and is a
            major rewrite of nearly all aspects of the underlying
            BIND architecture.
          </p>
<p>
            BIND versions 4 and 8 are officially deprecated.
            No additional development is done
            on BIND version 4 or BIND version 8.
          </p>
<p>
            <acronym class="acronym">BIND</acronym> development work is made
            possible today by the sponsorship
            of several corporations, and by the tireless work efforts of
            numerous individuals.
          </p>
</div>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2603761"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="ipv6addresses"></a>IPv6 addresses (AAAA)</h3></div></div></div>
<p>
            IPv6 addresses are 128-bit identifiers for interfaces and
            sets of interfaces which were introduced in the <acronym class="acronym">DNS</acronym> to facilitate
            scalable Internet routing. There are three types of addresses: <span class="emphasis"><em>Unicast</em></span>,
            an identifier for a single interface;
            <span class="emphasis"><em>Anycast</em></span>,
            an identifier for a set of interfaces; and <span class="emphasis"><em>Multicast</em></span>,
            an identifier for a set of interfaces. Here we describe the global
            Unicast address scheme. For more information, see RFC 3587,
            "Global Unicast Address Format."
          </p>
<p>
            IPv6 unicast addresses consist of a
            <span class="emphasis"><em>global routing prefix</em></span>, a
            <span class="emphasis"><em>subnet identifier</em></span>, and an
            <span class="emphasis"><em>interface identifier</em></span>.
          </p>
<p>
            The global routing prefix is provided by the
            upstream provider or ISP, and (roughly) corresponds to the
            IPv4 <span class="emphasis"><em>network</em></span> section
            of the address range.

            The subnet identifier is for local subnetting, much the
            same as subnetting an
            IPv4 /16 network into /24 subnets.

            The interface identifier is the address of an individual
            interface on a given network; in IPv6, addresses belong to
            interfaces rather than to machines.
          </p>
<p>
            The subnetting capability of IPv6 is much more flexible than
            that of IPv4: subnetting can be carried out on bit boundaries,
            in much the same way as Classless InterDomain Routing
            (CIDR), and the DNS PTR representation ("nibble" format)
            makes setting up reverse zones easier.
          </p>
<p>
            The Interface Identifier must be unique on the local link,
            and is usually generated automatically by the IPv6
            implementation, although it is usually possible to
            override the default setting if necessary.  A typical IPv6
            address might look like:
            <span><strong class="command">2001:db8:201:9:a00:20ff:fe81:2b32</strong></span>
          </p>
<p>
            IPv6 address specifications often contain long strings
            of zeros, so the architects have included a shorthand for
            specifying
            them. The double colon (`::') indicates the longest possible
            string
            of zeros that can fit, and can be used only once in an address.
          </p>
</div>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="bibliography"></a>Bibliography (and Suggested Reading)</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="rfcs"></a>Request for Comments (RFCs)</h3></div></div></div>
<p>
            Specification documents for the Internet protocol suite, including
            the <acronym class="acronym">DNS</acronym>, are published as part of
            the Request for Comments (RFCs)
            series of technical notes. The standards themselves are defined
            by the Internet Engineering Task Force (IETF) and the Internet
            Engineering Steering Group (IESG). RFCs can be obtained online via FTP at:
          </p>
<p>
            <a href="ftp://www.isi.edu/in-notes/" target="_top">
              ftp://www.isi.edu/in-notes/RFC<em class="replaceable"><code>xxxx</code></em>.txt
            </a>
          </p>
<p>
            (where <em class="replaceable"><code>xxxx</code></em> is
            the number of the RFC). RFCs are also available via the Web at:
          </p>
<p>
            <a href="http://www.ietf.org/rfc/" target="_top">http://www.ietf.org/rfc/</a>.
          </p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2604017"></a>Bibliography</h4></div></div></div>
<div class="bibliodiv">
<h3 class="title">Standards</h3>
<div class="biblioentry">
<a name="id2604027"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
</div>
<div class="biblioentry">
<a name="id2604051"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
<a name="id2604074"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Implementation and
                  Specification</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<a name="proposed_standards"></a>Proposed Standards</h3>
<div class="biblioentry">
<a name="id2604110"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
                  Specification</i>. </span><span class="pubdate">July 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2604137"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
                  Queries</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2604163"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2604187"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2604211"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2604266"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2604293"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2604320"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2604381"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2604411"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2604441"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2604468"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
                       Key Transaction Authentication for DNS
                       (GSS-TSIG)</i>. </span><span class="pubdate">October 2003. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> Security Proposed Standards</h3>
<div class="biblioentry">
<a name="id2604618"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2604645"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
</div>
<div class="biblioentry">
<a name="id2604681"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
<a name="id2604746"></a><p>[<abbr class="abbrev">RFC4034</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
<a name="id2604811"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
                       Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Other Important RFCs About <acronym class="acronym">DNS</acronym>
                Implementation</h3>
<div class="biblioentry">
<a name="id2604885"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
                  Deployed <acronym class="acronym">DNS</acronym> Software.</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2604910"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
                  Errors and Suggested Fixes</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2605047"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2605082"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
                Queries for IPv6 Addresses</i>. </span><span class="pubdate">May 2005. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Resource Record Types</h3>
<div class="biblioentry">
<a name="id2605128"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
</div>
<div class="biblioentry">
<a name="id2605186"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2605223"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
                  the Domain Name System</i>. </span><span class="pubdate">June 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2605258"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
                  Domain
                  Name System</i>. </span><span class="pubdate">January 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2605313"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
                  Location of
                  Services.</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2605351"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
                  Distribute MIXER
                  Conformant Global Address Mapping</i>. </span><span class="pubdate">January 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2605377"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2605402"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2605429"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2605456"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2605495"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2605525"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2605555"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2605597"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2605630"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2605657"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2605681"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
                  version 6</i>. </span><span class="pubdate">October 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2605738"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> and the Internet</h3>
<div class="biblioentry">
<a name="id2605770"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
                  and Other Types</i>. </span><span class="pubdate">April 1989. </span></p>
</div>
<div class="biblioentry">
<a name="id2605796"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
                  Support</i>. </span><span class="pubdate">October 1989. </span></p>
</div>
<div class="biblioentry">
<a name="id2605818"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2605842"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2605888"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2605911"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> Operations</h3>
<div class="biblioentry">
<a name="id2605969"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide.</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
<a name="id2605992"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
                  Configuration Errors</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2606019"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
                  Configuration Errors</i>. </span><span class="pubdate">February 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2606045"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers.</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2606082"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
                  Network Services.</i>. </span><span class="pubdate">October 1997. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Internationalized Domain Names</h3>
<div class="biblioentry">
<a name="id2606128"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
                       and the Other Internet protocols</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2606160"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2606205"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2606241"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
                       for Internationalized Domain Names in
                       Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Other <acronym class="acronym">DNS</acronym>-related RFCs</h3>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
                  Note: the following list of RFCs, although
                  <acronym class="acronym">DNS</acronym>-related, are not
                  concerned with implementing software.
                </p>
</div>
<div class="biblioentry">
<a name="id2606354"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
                  Attributes</i>. </span><span class="pubdate">May 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2606376"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2606402"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
                  Balancing</i>. </span><span class="pubdate">April 1995. </span></p>
</div>
<div class="biblioentry">
<a name="id2606427"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2606451"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2606497"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2606520"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2606547"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
                       Shared Unicast Addresses</i>. </span><span class="pubdate">April 2002. </span></p>
</div>
<div class="biblioentry">
<a name="id2606572"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Obsolete and Unimplemented Experimental RFC</h3>
<div class="biblioentry">
<a name="id2606616"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
                  Location</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2606674"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2606700"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
                       and Renumbering</i>. </span><span class="pubdate">July 2000. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Obsoleted DNS Security RFCs</h3>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
                  Most of these have been consolidated into RFC4033,
                  RFC4034 and RFC4035 which collectively describe DNSSECbis.
                </p>
</div>
<div class="biblioentry">
<a name="id2606748"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2606788"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2606814"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2606844"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
                       Signing Authority</i>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2606870"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2606897"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
</div>
<div class="biblioentry">
<a name="id2606933"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2607037"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2607064"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
</div>
<div class="biblioentry">
<a name="id2607091"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
                      (RR) Secure Entry Point (SEP) Flag</i>. </span><span class="pubdate">April 2004. </span></p>
</div>
<div class="biblioentry">
<a name="id2607136"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
</div>
</div>
</div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="internet_drafts"></a>Internet Drafts</h3></div></div></div>
<p>
            Internet Drafts (IDs) are rough-draft working documents of
            the Internet Engineering Task Force. They are, in essence, RFCs
            in the preliminary stages of development. Implementors are
            cautioned not
            to regard IDs as archival, and they should not be quoted or cited
            in any formal documents unless accompanied by the disclaimer that
            they are "works in progress." IDs have a lifespan of six months
            after which they are deleted unless updated by their authors.
          </p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2607177"></a>Other Documents About <acronym class="acronym">BIND</acronym>
</h3></div></div></div>
<p></p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2607187"></a>Bibliography</h4></div></div></div>
<div class="biblioentry">
<a name="id2607189"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
</div>
</div>
</div>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="bind9.library"></a>BIND 9 DNS Library Support</h2></div></div></div>
<p>This version of BIND 9 "exports" its internal libraries so
  that they can be used by third-party applications more easily (we
  call them "export" libraries in this document). In addition to
  all major DNS-related APIs BIND 9 is currently using, the export
  libraries provide the following features:</p>
<div class="itemizedlist"><ul type="disc">
<li><p>The newly created "DNS client" module. This is a higher
      level API that provides an interface to name resolution,
      single DNS transaction with a particular server, and dynamic
      update. Regarding name resolution, it supports advanced
      features such as DNSSEC validation and caching. This module
      supports both synchronous and asynchronous mode.</p></li>
<li><p>The new "IRS" (Information Retrieval System) library.
      It provides an interface to parse the traditional resolv.conf
      file and more advanced, DNS-specific configuration file for
      the rest of this package (see the description for the
      dns.conf file below).</p></li>
<li><p>As part of the IRS library, newly implemented standard
      address-name mapping functions, getaddrinfo() and
      getnameinfo(), are provided. They use the DNSSEC-aware
      validating resolver backend, and could use other advanced
      features of the BIND 9 libraries such as caching. The
      getaddrinfo() function resolves both A and AAAA RRs
      concurrently (when the address family is unspecified).</p></li>
<li><p>An experimental framework to support other event
      libraries than BIND 9's internal event task system.</p></li>
</ul></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2608265"></a>Prerequisite</h3></div></div></div>
<p>GNU make is required to build the export libraries (other
  part of BIND 9 can still be built with other types of make). In
  the reminder of this document, "make" means GNU make. Note that
  in some platforms you may need to invoke a different command name
  than "make" (e.g. "gmake") to indicate it's GNU make.</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2608275"></a>Compilation</h3></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>./configure --enable-exportlib <em class="replaceable"><code>[other flags]</code></em></code></strong>
$ <strong class="userinput"><code>make</code></strong>
</pre>
<p>
  This will create (in addition to usual BIND 9 programs) and a
  separate set of libraries under the lib/export directory. For
  example, <code class="filename">lib/export/dns/libdns.a</code> is the archive file of the
  export version of the BIND 9 DNS library. Sample application
  programs using the libraries will also be built under the
  lib/export/samples directory (see below).</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2608299"></a>Installation</h3></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>cd lib/export</code></strong>
$ <strong class="userinput"><code>make install</code></strong>
</pre>
<p>
  This will install library object files under the directory
  specified by the --with-export-libdir configure option (default:
  EPREFIX/lib/bind9), and header files under the directory
  specified by the --with-export-includedir configure option
  (default: PREFIX/include/bind9).
  Root privilege is normally required.
  "<span><strong class="command">make install</strong></span>" at the top directory will do the
  same.
  </p>
<p>
  To see how to build your own
  application after the installation, see
  <code class="filename">lib/export/samples/Makefile-postinstall.in</code>.</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2608330"></a>Known Defects/Restrictions</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li><p>Currently, win32 is not supported for the export
      library. (Normal BIND 9 application can be built as
      before).</p></li>
<li>
<p>The "fixed" RRset order is not (currently) supported in
      the export library. If you want to use "fixed" RRset order
      for, e.g. <span><strong class="command">named</strong></span> while still building the
      export library even without the fixed order support, build
      them separately:
      </p>
<pre class="screen">
$ <strong class="userinput"><code>./configure --enable-fixed-rrset <em class="replaceable"><code>[other flags, but not --enable-exportlib]</code></em></code></strong>
$ <strong class="userinput"><code>make</code></strong>
$ <strong class="userinput"><code>./configure --enable-exportlib <em class="replaceable"><code>[other flags, but not --enable-fixed-rrset]</code></em></code></strong>
$ <strong class="userinput"><code>cd lib/export</code></strong>
$ <strong class="userinput"><code>make</code></strong>
</pre>
<p>
    </p>
</li>
<li><p>The client module and the IRS library currently do not
      support DNSSEC validation using DLV (the underlying modules
      can handle it, but there is no tunable interface to enable
      the feature).</p></li>
<li><p>RFC 5011 is not supported in the validating stub
      resolver of the export library. In fact, it is not clear
      whether it should: trust anchors would be a system-wide
      configuration which would be managed by an administrator,
      while the stub resolver will be used by ordinary applications
      run by a normal user.</p></li>
<li><p>Not all common <code class="filename">/etc/resolv.conf</code>
      options are supported
      in the IRS library. The only available options in this
      version are "debug" and "ndots".</p></li>
</ul></div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2608680"></a>The dns.conf File</h3></div></div></div>
<p>The IRS library supports an "advanced" configuration file
  related to the DNS library for configuration parameters that
  would be beyond the capability of the
  <code class="filename">resolv.conf</code> file.
  Specifically, it is intended to provide DNSSEC related
  configuration parameters. By default the path to this
  configuration file is <code class="filename">/etc/dns.conf</code>.
  This module is very
  experimental and the configuration syntax or library interfaces
  may change in future versions. Currently, only the
  <span><strong class="command">trusted-keys</strong></span>
  statement is supported, whose syntax is the same as the same name
  of statement for <code class="filename">named.conf</code>. (See
  <a href="Bv9ARM.ch06.html#trusted-keys" title="trusted-keys Statement Grammar">the section called &#8220;<span><strong class="command">trusted-keys</strong></span> Statement Grammar&#8221;</a> for details.)</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2608707"></a>Sample Applications</h3></div></div></div>
<p>Some sample application programs using this API are
  provided for reference. The following is a brief description of
  these applications.
  </p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2608715"></a>sample: a simple stub resolver utility</h4></div></div></div>
<p>
  It sends a query of a given name (of a given optional RR type) to a
  specified recursive server, and prints the result as a list of
  RRs. It can also act as a validating stub resolver if a trust
  anchor is given via a set of command line options.</p>
<p>
  Usage: sample [options] server_address hostname
  </p>
<p>
  Options and Arguments:
  </p>
<div class="variablelist"><dl>
<dt><span class="term">
  -t RRtype
  </span></dt>
<dd><p>
        specify the RR type of the query.  The default is the A RR.
  </p></dd>
<dt><span class="term">
  [-a algorithm] [-e] -k keyname -K keystring
  </span></dt>
<dd>
<p>
        specify a command-line DNS key to validate the answer.  For
        example, to specify the following DNSKEY of example.com:
</p>
<div class="literallayout"><p><br>
                example.com. 3600 IN DNSKEY 257 3 5 xxx<br>
</p></div>
<p>
        specify the options as follows:
</p>
<pre class="screen">
<strong class="userinput"><code>
          -e -k example.com -K "xxx"
</code></strong>
</pre>
<p>
        -e means that this key is a zone's "key signing key" (as known
        as "secure Entry point").
        When -a is omitted rsasha1 will be used by default.
  </p>
</dd>
<dt><span class="term">
  -s domain:alt_server_address
  </span></dt>
<dd><p>
         specify a separate recursive server address for the specific
        "domain".  Example: -s example.com:2001:db8::1234
  </p></dd>
<dt><span class="term">server_address</span></dt>
<dd><p>
        an IP(v4/v6) address of the recursive server to which queries
        are sent.
  </p></dd>
<dt><span class="term">hostname</span></dt>
<dd><p>
        the domain name for the query
  </p></dd>
</dl></div>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2608806"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div>
<p>
  Similar to "sample", but accepts a list
  of (query) domain names as a separate file and resolves the names
  asynchronously.</p>
<p>
    Usage: sample-async [-s server_address] [-t RR_type] input_file</p>
<p>
 Options and Arguments:
  </p>
<div class="variablelist"><dl>
<dt><span class="term">
   -s server_address
   </span></dt>
<dd>
   an IPv4 address of the recursive server to which queries are sent.
  (IPv6 addresses are not supported in this implementation)
  </dd>
<dt><span class="term">
   -t RR_type
  </span></dt>
<dd>
  specify the RR type of the queries. The default is the A
  RR.
  </dd>
<dt><span class="term">
   input_file
  </span></dt>
<dd>
   a list of domain names to be resolved. each line
  consists of a single domain name. Example:
  <div class="literallayout"><p><br>
  www.example.com<br>
  mx.examle.net<br>
  ns.xxx.example<br>
</p></div>
</dd>
</dl></div>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2608859"></a>sample-request: a simple DNS transaction client</h4></div></div></div>
<p>
  It sends a query to a specified server, and
  prints the response with minimal processing. It doesn't act as a
  "stub resolver": it stops the processing once it gets any
  response from the server, whether it's a referral or an alias
  (CNAME or DNAME) that would require further queries to get the
  ultimate answer. In other words, this utility acts as a very
  simplified <span><strong class="command">dig</strong></span>.
  </p>
<p>
  Usage: sample-request [-t RRtype] server_address hostname
  </p>
<p>
    Options and Arguments:
  </p>
<div class="variablelist"><dl>
<dt><span class="term">
   -t RRtype
  </span></dt>
<dd><p>
  specify the RR type of
  the queries. The default is the A RR.
  </p></dd>
<dt><span class="term">
  server_address
  </span></dt>
<dd><p>
   an IP(v4/v6)
  address of the recursive server to which the query is sent.
  </p></dd>
<dt><span class="term">
  hostname
  </span></dt>
<dd><p>
  the domain name for the query
  </p></dd>
</dl></div>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2608992"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div>
<p>
  This is a test program
  to check getaddrinfo() and getnameinfo() behavior. It takes a
  host name as an argument, calls getaddrinfo() with the given host
  name, and calls getnameinfo() with the resulting IP addresses
  returned by getaddrinfo(). If the dns.conf file exists and
  defines a trust anchor, the underlying resolver will act as a
  validating resolver, and getaddrinfo()/getnameinfo() will fail
  with an EAI_INSECUREDATA error when DNSSEC validation fails.
  </p>
<p>
  Usage: sample-gai hostname
  </p>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2609006"></a>sample-update: a simple dynamic update client program</h4></div></div></div>
<p>
  It accepts a single update command as a
  command-line argument, sends an update request message to the
  authoritative server, and shows the response from the server. In
  other words, this is a simplified <span><strong class="command">nsupdate</strong></span>.
  </p>
<p>
   Usage: sample-update [options] (add|delete) "update data"
  </p>
<p>
  Options and Arguments:
  </p>
<div class="variablelist"><dl>
<dt><span class="term">
  -a auth_server
   </span></dt>
<dd><p>
        An IP address of the authoritative server that has authority
        for the zone containing the update name.  This should normally
        be the primary authoritative server that accepts dynamic
        updates.  It can also be a secondary server that is configured
        to forward update requests to the primary server.
   </p></dd>
<dt><span class="term">
  -k keyfile
   </span></dt>
<dd><p>
        A TSIG key file to secure the update transaction.  The keyfile
        format is the same as that for the nsupdate utility.
   </p></dd>
<dt><span class="term">
  -p prerequisite
   </span></dt>
<dd><p>
        A prerequisite for the update (only one prerequisite can be
        specified).  The prerequisite format is the same as that is
        accepted by the nsupdate utility.
   </p></dd>
<dt><span class="term">
  -r recursive_server
   </span></dt>
<dd><p>
        An IP address of a recursive server that this utility will
        use.  A recursive server may be necessary to identify the
        authoritative server address to which the update request is
        sent.
   </p></dd>
<dt><span class="term">
  -z zonename
   </span></dt>
<dd><p>
        The domain name of the zone that contains
   </p></dd>
<dt><span class="term">
  (add|delete)
   </span></dt>
<dd><p>
        Specify the type of update operation.  Either "add" or "delete"
        must be specified.
   </p></dd>
<dt><span class="term">
  "update data"
   </span></dt>
<dd><p>
        Specify the data to be updated.  A typical example of the data
        would look like "name TTL RRtype RDATA".
  </p></dd>
</dl></div>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>In practice, either -a or -r must be specified.  Others can
   be optional; the underlying library routine tries to identify the
   appropriate server and the zone name for the update.</div>
<p>
   Examples: assuming the primary authoritative server of the
   dynamic.example.com zone has an IPv6 address 2001:db8::1234,
   </p>
<pre class="screen">
$ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key add "foo.dynamic.example.com 30 IN A 192.168.2.1"</code></strong></pre>
<p>
     adds an A RR for foo.dynamic.example.com using the given key.
   </p>
<pre class="screen">
$ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dynamic.example.com 30 IN A"</code></strong></pre>
<p>
     removes all A RRs for foo.dynamic.example.com using the given key.
   </p>
<pre class="screen">   
$ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dynamic.example.com"</code></strong></pre>
<p>
     removes all RRs for foo.dynamic.example.com using the given key.
   </p>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2609138"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div>
<p>
  It checks a set
  of domains to see the name servers of the domains behave
  correctly in terms of RFC 4074. This is included in the set of
  sample programs to show how the export library can be used in a
  DNS-related application.
  </p>
<p>
 Usage: nsprobe [-d] [-v [-v...]] [-c cache_address] [input_file]
  </p>
<p>
   Options
  </p>
<div class="variablelist"><dl>
<dt><span class="term">
  -d
  </span></dt>
<dd><p>
        run in the "debug" mode.  with this option nsprobe will dump
        every RRs it receives.
  </p></dd>
<dt><span class="term">
  -v
  </span></dt>
<dd><p>
        increase verbosity of other normal log messages.  This can be
        specified multiple times
  </p></dd>
<dt><span class="term">
  -c cache_address
  </span></dt>
<dd><p>
        specify an IP address of a recursive (caching) name server.
        nsprobe uses this server to get the NS RRset of each domain and
        the A and/or AAAA RRsets for the name servers.  The default
        value is 127.0.0.1.
  </p></dd>
<dt><span class="term">
  input_file
  </span></dt>
<dd><p>
        a file name containing a list of domain (zone) names to be
        probed.  when omitted the standard input will be used.  Each
        line of the input file specifies a single domain name such as
        "example.com".  In general this domain name must be the apex
        name of some DNS zone (unlike normal "host names" such as
        "www.example.com").  nsprobe first identifies the NS RRsets for
        the given domain name, and sends A and AAAA queries to these
        servers for some "widely used" names under the zone;
        specifically, adding "www" and "ftp" to the zone name.
  </p></dd>
</dl></div>
</div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2609611"></a>Library References</h3></div></div></div>
<p>As of this writing, there is no formal "manual" of the
  libraries, except this document, header files (some of them
  provide pretty detailed explanations), and sample application
  programs.</p>
</div>
</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left">
<a accesskey="p" href="Bv9ARM.ch08.html">Prev</a> </td>
<td width="20%" align="center"> </td>
<td width="40%" align="right"> <a accesskey="n" href="Bv9ARM.ch10.html">Next</a>
</td>
</tr>
<tr>
<td width="40%" align="left" valign="top">Chapter 8. Troubleshooting </td>
<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
<td width="40%" align="right" valign="top"> Manual pages</td>
</tr>
</table>
</div>
</body>
</html>