BIND 9 Administrator Reference Manual

• 1. Introduction to DNS and BIND 9
  • 1.1. Scope of Document
  • 1.2. Organization of This Document
  • 1.3. Conventions Used in This Document
  • 1.4. The Domain Name System (DNS)
  • 1.5. DNS Security Overview
• 2. Resource Requirements
  • 2.1. Hardware Requirements
  • 2.2. CPU Requirements
  • 2.3. Memory Requirements
  • 2.4. Name Server-Intensive Environment Issues
  • 2.5. Supported Platforms
  • 2.6. Unsupported Platforms
  • 2.7. Installing BIND 9
• 3. Configurations and Zone Files
  • 3.1. Introduction
  • 3.2. Authoritative Name Servers
  • 3.3. Resolver (Caching Name Servers)
  • 3.4. Load Balancing
  • 3.5. Zone File
• 4. Name Server Operations
  • 4.1. Tools for Use With the Name Server Daemon
  • 4.2. Signals
  • 4.3. Plugins
  • 4.4. Configuring Plugins
  • 4.5. Developing Plugins
• 5. DNSSEC
  • 5.1. Zone Signing
  • 5.2. Secure Delegation
  • 5.3. DNSSEC Validation
  • 5.4. Dynamic Trust Anchor Management
  • 5.5. PKCS#11 (Cryptoki) Support
• 6. Advanced Configurations
  • 6.1. Dynamic Update
  • 6.2. NOTIFY
  • 6.3. Incremental Zone Transfers (IXFR)
  • 6.4. Split DNS
  • 6.5. IPv6 Support in BIND 9
  • 6.6. Dynamically Loadable Zones (DLZ)
  • 6.7. Dynamic Database (DynDB)
  • 6.8. Catalog Zones
  • 6.9. DNS Firewalls and Response Policy Zones
• 7. Security Configurations
  • 7.1. Security Assumptions
  • 7.2. Access Control Lists
  • 7.3. Chroot and Setuid
  • 7.4. Dynamic Update Security
  • 7.5. TSIG
  • 7.6. SIG(0)
• 8. Configuration Reference
  • 8.1. Configuration File (named.conf)
  • 8.2. Blocks
  • 8.3. Statements
  • 8.4. Statements by Tag
  • 8.5. BIND 9 Statistics
• 9. Troubleshooting
  • 9.1. Common Problems
  • 9.2. Incrementing and Changing the Serial Number
  • 9.3. Where Can I Get Help?
• 10. Building BIND 9
  • 10.1. Required Libraries
  • 10.2. Optional Features
  • 10.3. macOS

Appendices

• Release Notes
  • Introduction
  • Supported Platforms
  • Download
  • Known Issues
  • Notes for BIND 9.21.3
  • Notes for BIND 9.21.2
  • Notes for BIND 9.21.1
  • Notes for BIND 9.21.0
  • License
  • End of Life
  • Thank You
• Changelog
  • BIND 9.21.3
  • BIND 9.21.2
  • BIND 9.21.1
  • BIND 9.21.0
  • Changes prior to 9.20.1
• DNSSEC Guide
  • Preface
  • Introduction
  • Getting Started
  • Validation
  • Signing
  • Basic DNSSEC Troubleshooting
  • Advanced Discussions
  • Recipes
  • Commonly Asked Questions
• A Brief History of the DNS and BIND
• General DNS Reference Information
  • Requests for Comment (RFCs)
  • Notes
  • Internet Drafts
• Manual Pages
  • arpaname - translate IP addresses to the corresponding ARPA names
  • ddns-confgen - TSIG key generation tool
  • delv - DNS lookup and validation utility
  • dig - DNS lookup utility
  • dnssec-cds - change DS records for a child zone based on CDS/CDNSKEY
  • dnssec-dsfromkey - DNSSEC DS RR generation tool
  • dnssec-importkey - import DNSKEY records from external systems so they can be managed
  • dnssec-keyfromlabel - DNSSEC key generation tool
  • dnssec-keygen: DNSSEC key generation tool
  • dnssec-ksr - Create signed key response (SKR) files for offline KSK setups
  • dnssec-revoke - set the REVOKED bit on a DNSSEC key
  • dnssec-settime: set the key timing metadata for a DNSSEC key
  • dnssec-signzone - DNSSEC zone signing tool
  • dnssec-verify - DNSSEC zone verification tool
  • dnstap-read - print dnstap data in human-readable form
  • filter-aaaa.so - filter AAAA in DNS responses when A is present
  • host - DNS lookup utility
  • mdig - DNS pipelined lookup utility
  • named-checkconf - named configuration file syntax checking tool
  • named-checkzone - zone file validation tool
  • named-compilezone - zone file converting tool
  • named-journalprint - print zone journal in human-readable form
  • named-nzd2nzf - convert an NZD database to NZF text format
  • named-rrchecker - syntax checker for individual DNS resource records
  • named.conf - configuration file for named
  • named - Internet domain name server
  • nsec3hash - generate NSEC3 hash
  • nslookup - query Internet name servers interactively
  • nsupdate - dynamic DNS update utility
  • rndc-confgen - rndc key generation tool
  • rndc.conf - rndc configuration file
  • rndc - name server control utility
  • tsig-keygen - TSIG key generation tool