named.conf at all.
-clients-per-query - and max-clients-per-query set the - initial value (minimum) and maximum number of recursive - simultanious clients for any given query - (<qname,qtype,qclass>) that the server will accept - before dropping additional clients. named will attempt to - self tune this value and changes will be logged. The - default values are 10 and 100. -
-- This value should reflect how many queries come in for - a given name in the time it takes to resolve that name. - If the number of queries exceed this value named will - assume that it is dealing with a non-responsive zone - and will drop additional queries. If it gets a response - after dropping queries it will raise the estimate. The - estimate will then be lowered in 20 minutes if it has - remained unchanged. -
-- If clients-per-query is set to zero - then there is no limit on the number of clients per query - and no queries will be dropped. -
-- If max-clients-per-query is set to zero - then there is no upper bound other than imposed by - recurive-clients. -
-Certain UNIX signals cause the name server to take specific actions, as described in the following table. These signals can diff --git a/doc/arm/Bv9ARM.ch04.html b/doc/arm/Bv9ARM.ch04.html index fdf401464a..a33f58e147 100644 --- a/doc/arm/Bv9ARM.ch04.html +++ b/doc/arm/Bv9ARM.ch04.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - +
@@ -49,28 +49,28 @@Setting up different views, or visibility, of the DNS space to internal and external resolvers is usually referred to as a @@ -479,7 +479,7 @@ nameserver 172.16.72.4
A shared secret is generated to be shared between host1 and host2. An arbitrary key name is chosen: "host1-host2.". The key name must @@ -487,7 +487,7 @@ nameserver 172.16.72.4
The following command will generate a 128 bit (16 byte) HMAC-MD5 key as described above. Longer keys are better, but shorter keys @@ -512,7 +512,7 @@ nameserver 172.16.72.4
The shared secret is simply a random sequence of bits, encoded in base-64. Most ASCII strings are valid base-64 strings (assuming @@ -527,7 +527,7 @@ nameserver 172.16.72.4
This is beyond the scope of DNS. A secure transport mechanism should be used. This could be secure FTP, ssh, telephone, etc. @@ -535,7 +535,7 @@ nameserver 172.16.72.4
Imagine host1 and host 2 are @@ -564,7 +564,7 @@ key host1-host2. {
Since keys are shared between two hosts only, the server must
be told when keys are to be used. The following is added to the named.conf file
@@ -596,7 +596,7 @@ server 10.1.2.3 {
BIND allows IP addresses and ranges to be specified in ACL @@ -624,7 +624,7 @@ allow-update { key host1-host2. ;};
The processing of TSIG signed messages can result in several errors. If a signed message is sent to a non-TSIG aware @@ -650,7 +650,7 @@ allow-update { key host1-host2. ;};
TKEY is a mechanism for automatically generating a shared secret between two hosts. There are several "modes" of @@ -686,7 +686,7 @@ allow-update { key host1-host2. ;};
BIND 9 partially supports DNSSEC SIG(0) transaction signatures as specified in RFC 2535 and RFC2931. @@ -747,7 +747,7 @@ allow-update { key host1-host2. ;};
The dnssec-keygen program is used to generate keys. @@ -798,7 +798,7 @@ allow-update { key host1-host2. ;};
The dnssec-signzone program is used to @@ -842,7 +842,7 @@ allow-update { key host1-host2. ;};
Unlike BIND 8, BIND 9 does not verify signatures on @@ -859,7 +859,7 @@ allow-update { key host1-host2. ;};
BIND 9 fully supports all currently defined forms of IPv6 @@ -898,7 +898,7 @@ allow-update { key host1-host2. ;};
The IPv6 AAAA record is a parallel to the IPv4 A record, and, unlike the deprecated A6 record, specifies the entire @@ -917,7 +917,7 @@ host 3600 IN AAAA 2001:db8::1
When looking up an address in nibble format, the address components are simply reversed, just as in IPv4, and diff --git a/doc/arm/Bv9ARM.ch05.html b/doc/arm/Bv9ARM.ch05.html index 241a22b110..1bc5509bc0 100644 --- a/doc/arm/Bv9ARM.ch05.html +++ b/doc/arm/Bv9ARM.ch05.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - +
@@ -45,13 +45,13 @@Table of Contents
Traditionally applications have been linked with a stub resolver library that sends recursive DNS queries to a local caching name diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html index 309bb5d9ba..809d376730 100644 --- a/doc/arm/Bv9ARM.ch06.html +++ b/doc/arm/Bv9ARM.ch06.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - +
@@ -48,30 +48,30 @@address_match_list= address_match_list_element ; [ address_match_list_element; ... ]address_match_list_element= [ ! ] (ip_address [/length] | @@ -437,7 +437,7 @@Address match lists are primarily used to determine access control for various server operations. They are also used in @@ -514,7 +514,7 @@
The BIND 9 comment syntax allows for comments to appear @@ -524,7 +524,7 @@
/* This is a BIND comment as in C */@@ -539,7 +539,7 @@Comments may appear anywhere that whitespace may appear in a BIND configuration file. @@ -773,7 +773,7 @@
acl acl-name { address_match_list }; @@ -856,7 +856,7 @@controls { [ inet ( ip_addr | * ) [ port ip_port ] allow {address_match_list} keys {key_list}; ] @@ -978,12 +978,12 @@includefilename;The include statement inserts the @@ -998,7 +998,7 @@
keykey_id{ algorithmstring; secretstring; @@ -1007,7 +1007,7 @@The key statement defines a shared secret key for use with TSIG (see the section called “TSIG”) @@ -1050,7 +1050,7 @@
logging { [ channelchannel_name{ ( filepath name@@ -1074,7 +1074,7 @@The logging statement configures a @@ -1108,7 +1108,7 @@
All log output goes to one or more channels; you can make as many of them as you want. @@ -1627,7 +1627,7 @@ category notify { null; };
This is the grammar of the lwres statement in the
named.conffile: @@ -1642,7 +1642,7 @@ category notify { null; };The lwres statement configures the name @@ -1693,14 +1693,14 @@ category notify { null; };
mastersname[portip_port] { (masters_list|ip_addr[portip_port] [keykey] ) ; [...] };masters lists allow for a common set of masters to be easily used by @@ -1709,7 +1709,7 @@ category notify { null; };
This is the grammar of the options statement in the
named.conffile: @@ -2706,7 +2706,7 @@ options {The forwarding facility can be used to create a large site-wide cache on a few servers, reducing traffic over links to external @@ -2750,7 +2750,7 @@ options {
Dual-stack servers are used as servers of last resort to work around @@ -2915,7 +2915,7 @@ options {
The interfaces and ports that the server will answer queries from may be specified using the listen-on option. listen-on takes @@ -2995,7 +2995,7 @@ listen-on-v6 port 1234 { !2001:db8::/32; any; };
If the server doesn't know the answer to a question, it will query other name servers. query-source specifies @@ -3250,7 +3250,7 @@ query-source-v6 address * port *;
avoid-v4-udp-ports and avoid-v6-udp-ports specify a list of IPv4 and IPv6 UDP ports that will not be used as system @@ -3264,7 +3264,7 @@ query-source-v6 address * port *;
The server's usage of many system resources can be limited. Scaled values are allowed when specifying resource limits. For @@ -3324,7 +3324,7 @@ query-source-v6 address * port *;
The following options set limits on the server's resource consumption that are enforced internally by the @@ -3402,7 +3402,7 @@ query-source-v6 address * port *;
- cleaning-interval
- +
@@ -3820,6 +3820,40 @@ query-source-v6 address * port *; view block in the configuration file.
- +clients-per-query, max-clients-per-query +
+- +
clients-per-query + and max-clients-per-query set the + initial value (minimum) and maximum number of recursive + simultanious clients for any given query + (<qname,qtype,qclass>) that the server will accept + before dropping additional clients. named will attempt to + self tune this value and changes will be logged. The + default values are 10 and 100. +
++ This value should reflect how many queries come in for + a given name in the time it takes to resolve that name. + If the number of queries exceed this value named will + assume that it is dealing with a non-responsive zone + and will drop additional queries. If it gets a response + after dropping queries it will raise the estimate. The + estimate will then be lowered in 20 minutes if it has + remained unchanged. +
++ If clients-per-query is set to zero + then there is no limit on the number of clients per query + and no queries will be dropped. +
++ If max-clients-per-query is set to zero + then there is no upper bound other than imposed by + recurive-clients. +
+diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html index 058629b053..a83b3b33ca 100644 --- a/doc/arm/Bv9ARM.ch07.html +++ b/doc/arm/Bv9ARM.ch07.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -46,10 +46,10 @@Table of Contents
@@ -116,7 +116,7 @@ zone "example.com" {On UNIX servers, it is possible to run BIND in a chrooted environment (chroot()) by specifying the "
-t" @@ -139,7 +139,7 @@ zone "example.com" {In order for a chroot() environment to @@ -167,7 +167,7 @@ zone "example.com" {
Prior to running the named daemon, use diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html index fcbec4ec9e..6df7d45b8a 100644 --- a/doc/arm/Bv9ARM.ch08.html +++ b/doc/arm/Bv9ARM.ch08.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - +
@@ -45,18 +45,18 @@Table of Contents
The best solution to solving installation and configuration issues is to take preventative measures by setting @@ -68,7 +68,7 @@
Zone serial numbers are just numbers-they aren't date related. A lot of people set them to a number that represents a @@ -95,7 +95,7 @@
The Internet Systems Consortium (ISC) offers a wide range diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html index 2e83e12b08..5099a6edb3 100644 --- a/doc/arm/Bv9ARM.ch09.html +++ b/doc/arm/Bv9ARM.ch09.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - +
@@ -45,7 +45,7 @@Table of Contents
diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html index 8787f34e90..4fefdee702 100644 --- a/doc/arm/Bv9ARM.html +++ b/doc/arm/Bv9ARM.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -83,7 +83,7 @@- Name Server Operations
- 4. Advanced DNS Features
@@ -92,33 +92,33 @@- Dynamic Update
- Incremental Zone Transfers (IXFR)
-- Split DNS
+- Split DNS
- TSIG
- -
-
- Generate Shared Keys for Each Pair of Hosts
-- Copying the Shared Secret to Both Machines
-- Informing the Servers of the Key's Existence
-- Instructing the Server to Use the Key
-- TSIG Key Based Access Control
-- Errors
+- Generate Shared Keys for Each Pair of Hosts
+- Copying the Shared Secret to Both Machines
+- Informing the Servers of the Key's Existence
+- Instructing the Server to Use the Key
+- TSIG Key Based Access Control
+- Errors
- TKEY
-- SIG(0)
+- TKEY
+- SIG(0)
- DNSSEC
- -
- IPv6 Support in BIND 9
+- IPv6 Support in BIND 9
- 5. The BIND 9 Lightweight Resolver
- 6. BIND 9 Configuration Reference
@@ -126,30 +126,30 @@- Configuration File Elements
- Configuration File Grammar
-
- acl Statement Grammar
+- acl Statement Grammar
- acl Statement Definition and Usage
-- controls Statement Grammar
+- controls Statement Grammar
- controls Statement Definition and Usage
-- include Statement Grammar
-- include Statement Definition and +
- include Statement Grammar
+- include Statement Definition and Usage
-- key Statement Grammar
-- key Statement Definition and Usage
-- logging Statement Grammar
-- logging Statement Definition and +
- key Statement Grammar
+- key Statement Definition and Usage
+- logging Statement Grammar
+- logging Statement Definition and Usage
-- lwres Statement Grammar
-- lwres Statement Definition and Usage
-- masters Statement Grammar
-- masters Statement Definition and +
- lwres Statement Grammar
+- lwres Statement Definition and Usage
+- masters Statement Grammar
+- masters Statement Definition and Usage
-- options Statement Grammar
+- options Statement Grammar
- options Statement Definition and Usage
- server Statement Grammar
@@ -178,23 +178,23 @@- 7. BIND 9 Security Considerations
- 8. Troubleshooting
- A. Appendices
-
- Acknowledgments
+- Acknowledgments
- General DNS Reference Information
- diff --git a/doc/arm/man.dig.html b/doc/arm/man.dig.html index d80e37295c..517daa426b 100644 --- a/doc/arm/man.dig.html +++ b/doc/arm/man.dig.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -52,7 +52,7 @@
dig[global-queryopt...] [query...]-DESCRIPTION
+DESCRIPTION
dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and @@ -91,7 +91,7 @@
-OPTIONS
+OPTIONS
The
-boption sets the source IP address of the query toaddress. This must be a valid @@ -236,7 +236,7 @@-QUERY OPTIONS
+QUERY OPTIONS
dig provides a number of query options which affect the way in which lookups are made and the results displayed. Some of diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html index 3cbb812751..e12e38f205 100644 --- a/doc/arm/man.dnssec-keygen.html +++ b/doc/arm/man.dnssec-keygen.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - +
@@ -50,7 +50,7 @@
dnssec-keygen{-aalgorithm} {-bkeysize} {-nnametype} [-c] [class-e] [-f] [flag-g] [generator-h] [-k] [-p] [protocol-r] [randomdev-s] [strength-t] [type-v] {name}level-DESCRIPTION
+DESCRIPTION
dnssec-keygen generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC <TBA\>. It can also generate keys for use with @@ -58,7 +58,7 @@
-GENERATED KEYS
+GENERATED KEYS
When dnssec-keygen completes successfully, diff --git a/doc/arm/man.dnssec-signzone.html b/doc/arm/man.dnssec-signzone.html index 4a9c455cf7..fc111b9ef2 100644 --- a/doc/arm/man.dnssec-signzone.html +++ b/doc/arm/man.dnssec-signzone.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - +
@@ -50,7 +50,7 @@
dnssec-signzone[-a] [-c] [class-d] [directory-e] [end-time-f] [output-file-g] [-h] [-k] [key-l] [domain-i] [interval-I] [input-format-j] [jitter-n] [nthreads-o] [origin-O] [output-format-p] [-r] [randomdev-s] [start-time-t] [-v] [level-z] {zonefile} [key...]-DESCRIPTION
+DESCRIPTION
dnssec-signzone signs a zone. It generates NSEC and RRSIG records and produces a signed version of the @@ -61,7 +61,7 @@
-diff --git a/doc/arm/man.host.html b/doc/arm/man.host.html index 4690e73e24..690cfc8e30 100644 --- a/doc/arm/man.host.html +++ b/doc/arm/man.host.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -50,7 +50,7 @@EXAMPLE
+EXAMPLE
The following command signs the
example.comzone with the DSA key generated in the dnssec-keygen @@ -264,14 +264,14 @@
host[-aCdlnrsTwv] [-c] [class-N] [ndots-R] [number-t] [type-W] [wait-m] [flag-4] [-6] {name} [server]-DESCRIPTION
+DESCRIPTION
host is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa. @@ -202,7 +202,7 @@
-IDN SUPPORT
+IDN SUPPORT
If host has been built with IDN (internationalized domain name) support, it can accept and display non-ASCII domain names. @@ -216,12 +216,12 @@
-SEE ALSO
+SEE ALSO
dig(1), named(8).
diff --git a/doc/arm/man.named-checkconf.html b/doc/arm/man.named-checkconf.html index 153894b406..265e9f87c2 100644 --- a/doc/arm/man.named-checkconf.html +++ b/doc/arm/man.named-checkconf.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -50,14 +50,14 @@
named-checkconf[-v] [-j] [-t] {filename} [directory-z]-DESCRIPTION
+DESCRIPTION
named-checkconf checks the syntax, but not the semantics, of a named configuration file.
-diff --git a/doc/arm/man.named-checkzone.html b/doc/arm/man.named-checkzone.html index 54a43d5e6b..ad5d25318d 100644 --- a/doc/arm/man.named-checkzone.html +++ b/doc/arm/man.named-checkzone.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -51,7 +51,7 @@RETURN VALUES
+RETURN VALUES
named-checkconf returns an exit status of 1 if errors were detected and 0 otherwise.
named-compilezone[-d] [-j] [-q] [-v] [-c] [class-f] [format-F] [format-i] [mode-k] [mode-m] [mode-n] [mode-o] [filename-s] [style-t] [directory-w] [directory-D] [-W] {zonename} {filename}mode-DESCRIPTION
+DESCRIPTION
named-checkzone checks the syntax and integrity of a zone file. It performs the same checks as named does when loading a @@ -71,7 +71,7 @@
-diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html index 0076cfc251..6df2eef226 100644 --- a/doc/arm/man.named.html +++ b/doc/arm/man.named.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -50,7 +50,7 @@RETURN VALUES
+RETURN VALUES
named-checkzone returns an exit status of 1 if errors were detected and 0 otherwise.
named[-4] [-6] [-c] [config-file-d] [debug-level-f] [-g] [-n] [#cpus-p] [port-s] [-t] [directory-u] [user-v] [-x]cache-file-DESCRIPTION
+DESCRIPTION
named is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC. For more @@ -65,7 +65,7 @@
-SIGNALS
+SIGNALS
In routine operation, signals should not be used to control the nameserver; rndc should be used @@ -219,7 +219,7 @@
-diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html index 4bb601a4aa..f7de427b04 100644 --- a/doc/arm/man.rndc-confgen.html +++ b/doc/arm/man.rndc-confgen.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -48,7 +48,7 @@CONFIGURATION
+CONFIGURATION
The named configuration file is too complex to describe in detail here. A complete description is provided @@ -228,7 +228,7 @@
rndc-confgen[-a] [-b] [keysize-c] [keyfile-h] [-k] [keyname-p] [port-r] [randomfile-s] [address-t] [chrootdir-u]user-diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html index 0f382154fb..6f122d5bc9 100644 --- a/doc/arm/man.rndc.conf.html +++ b/doc/arm/man.rndc.conf.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -50,7 +50,7 @@DESCRIPTION
+DESCRIPTION
rndc-confgen generates configuration files for rndc. It can be used as a @@ -64,7 +64,7 @@
rndc.conf-DESCRIPTION
+DESCRIPTION
rndc.confis the configuration file for rndc, the BIND 9 name server control utility. This file has a similar structure and syntax to @@ -135,7 +135,7 @@-diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html index 086ae2a915..7fb8246bba 100644 --- a/doc/arm/man.rndc.html +++ b/doc/arm/man.rndc.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -50,7 +50,7 @@NAME SERVER CONFIGURATION
+NAME SERVER CONFIGURATION
The name server must be configured to accept rndc connections and to recognize the key specified in the
rndc.conf@@ -219,7 +219,7 @@
rndc[-b] [source-address-c] [config-file-k] [key-file-s] [server-p] [port-V] [-y] {command}key_id