UNIX System Administration Handbook - Evi Nemeth [249]
named startup
named is started at boot time and runs continuously. For example, to start named from the scripts on a Solaris system:
if [ -f /usr/sbin/in.named -a -f /etc/named.conf ]; then
/usr/sbin/in.named; echo -n ' named' > /dev/console
fi
Recent versions of BIND come with a command-line interface to named called ndc or rndc, depending on the version of BIND. The usage is just
# ndc command
Some useful commands are start, stop, restart, and status, which have the obvious meanings. ndc is described in the BIND debugging section that starts on page 473.
named uses syslog, and therefore syslogd should be started before named. Do not use inetd to manage named; it will restart named every time it’s needed, slowing response times and preventing any useful cache from being developed.
See page 823 for more information about inetd.
Configuration files
The complete configuration for named consists of the config file, the hints file, and, for master servers, the zone data files that contain address mappings for each host. named’s config file has its own format; all the other files are collections of individual DNS data records that are formatted according to the DNS specification. We discuss the config file in the next two sections. The format of DNS data records is described beginning on page 436.
named’s configuration file specifies the role (master, slave, or stub) of this host relative to each zone and the way in which it should get its copy of the resource records that make up the local part of the database. It’s also the place where options are specified—both global options related to the operation of named itself and server or zone-specific options that affect only specific venues.
The format of named’s configuration file changed completely between BIND 4 and BIND 8, with the newer format resembling that of gated.conf. The name of the config file also changed: in BIND 4, it was /etc/named.boot, and in BIND 8 and 9 it is /etc/named.conf. The format of cache files and data files remains the same.
We describe the BIND 8/9 config file and skip BIND 4, hoping to encourage folks to beat on their vendors to upgrade or just do it themselves. As with any software, older versions of BIND may contain security vulnerabilities that have been patched in the current versions.
named.conf consists of a series of statements, each terminated by a semicolon. Tokens are separated by whitespace, which can include newlines. Curly braces are sometimes used for grouping, but only in specific contexts. The format is quite fragile—a missing semicolon can wreak havoc.
Comments can appear anywhere that whitespace is appropriate. C, C++, and shell-style comments are all understood:
/* This is a comment and can span lines. */
// Everything to the end of the line is a comment.
# Everything to the end of the line is a comment.
Each statement begins with a keyword that identifies the type of statement. There can be more than one instance of each type of statement, except for options and logging. Statements and parts of statements can also be left out, invoking default behavior for the missing items. Table 16.7 shows the statements included in BIND 9.
Table 16.7 Statement types used in named.conf
Before describing these statements and the way they are used to configure named, we need to describe a data structure that is used in many of the statements: the address match list. An address match list is a generalization of an IP address that can include:
• An IP address (e.g., 199.165.145.4)
• An IP network specified with a CIDR netmask (e.g., 199.165/16)
• The name of a previously defined access control list (see page 422)
• A cryptographic authentication key
• The ! character to negate things
Address match lists are used as parameters to many statements and options. Some examples: