UNIX System Administration Handbook - Evi Nemeth [241]
Creating your own subdomains
The procedure for creating a subdomain is similar to that for creating a second-level domain, except that the central authority is now local (or more accurately, within your own organization). Specifically, the steps are as follows.
• Choose a name that is unique in the local context.
• Identify two or more hosts to be servers for your new domain.
• Coordinate with the administrator of the parent domain.
Parent domains should check to be sure that a child domain’s name servers are up and running before performing the delegation. If the servers are not working, a “lame delegation” results, and you might receive nasty email asking you to clean up your DNS act. Page 478 covers lame delegations in more detail.
16.6 THE BIND SOFTWARE
BIND, the Berkeley Internet Name Domain system, is an open source software package from ISC that implements the DNS protocol and provides name service on UNIX systems (and now, on Windows NT).
Versions of BIND
There have been three main flavors of BIND: BIND 4, BIND 8, and BIND 9. BIND 4 has been around since the late 1980s (roughly corresponding to the release of RFCs 1034 and 1035). BIND 8 was released in 1997, and BIND 9 in mid-2000. There is no BIND 5, 6, or 7; BIND 8 was such a significant update that the authors felt it merited a version number twice as big as the old one.6
Well, not really ... BIND 8 was released with 4.4BSD, for which all version numbers were raised to 8. sendmail also skipped a few numbers and went to version 8 at the same time.
BIND 8 incorporated numerous technical advances that improved efficiency, robustness, and security. BIND 9 raises the ante even further with multiprocessor support, thread-safe operation, real security (public key cryptography), IPv6 support, incremental zone transfers, and a host of other features. A new data structure (at least, new to BIND), the red-black tree, stores zone data in memory. BIND 9 is a complete redesign and reimplementation. It isolates the OS-specific parts of the code, making it easier to port BIND to non-UNIX systems. The internals of BIND 9 are significantly different, but its configuration procedure remains the same.
BIND 4 is only maintained with respect to security patches, and it will soon be discontinued. It is expected that a year or two after BIND 9 is stable and in common use, BIND 8 will be discontinued as well. We were tempted to cover only BIND 9 in this book, but since V9’s configuration language is a superset of V8’s and since we don’t yet have much operational experience with V9, we cover both.
Many sites postpone upgrading because they are hesitant to mess with working code. If you are still using BIND 4, the Perl script named-bootconf.pl that ships with the V8 and V9 distributions can convert a V4 configuration file to its V8 or V9 equivalent. The actual database of DNS records does not need to change. A configuration file converted from version 4 will not use any of the new BIND 8 and BIND 9 features, but it should provide a good starting point for you to expand upon.
Finding out what version you have
It often doesn’t seem to occur to vendors to document which version of an external software package they have included with their systems, so you might have to do some sleuthing to find out exactly what software you are dealing with. In the case of BIND, you can sometimes determine the version number with a sneaky query from dig, a command that comes with BIND. The command
dig @server version.bind txt chaos
returns the version number unless someone has decided to withhold that information by changing it in the config file. For example, the command works on vix.com:
% dig @bb.rc.vix.com version.bind txt chaos
VERSION.BIND. 0S CHAOS TXT "8.2.3-T4B"
but not on cs.colorado.edu:
% dig @mroe.cs.colorado.edu