file.lst

早期freebsd实现

           This  feature can be used to restrict access to a
      Hesiod password map or to seperate internal and exter-
      nal  internet address resolution on a firewall machine
      without needing to run a seperate named  for  internal
      and external address resolution.


33..  TTyyppeess ooff ZZoonneess

        A ``zone'' is a point of delegation in the DNS tree.
   It contains all names from a certain  point  ``downward''
   except  those  which  are  delegated to other servers.  A
   ``delegation point'' has one or more _N_S  records  in  the
   ``parent zone'', which should be matched by equivalent _N_S
   records at the root of the ``delegated zone'' (i.e.,  the
   ``@'' name in the zone file).

        Understanding  the difference between a ``zone'' and
   a ``domain'' is crucial to the proper operation of a name
   server.   As  an  example,  consider  the DEC.COM _d_o_m_a_i_n,
   which includes names such as POBOX1.PA.DEC.COM and  QUAB-
   BIN.CRL.DEC.COM  even  though  the  DEC.COM _z_o_n_e includes
   only  _d_e_l_e_g_a_t_i_o_n_s  for  the  PA.DEC.COM  and  CRL.DEC.COM
   zones.   A  zone  can map exactly to a single domain, but
   could also include only part of a  domain  (the  rest  of










SSMMMM::1100--66               NNaammee SSeerrvveerr OOppeerraattiioonnss GGuuiiddee ffoorr BBIINNDD


   which could be delegated to other name servers).  Techni-
   cally  speaking,  every  name  in  the  DNS  tree  is   a
   ``domain'',  even  if it is ``terminal'', that is, has no
   ``subdomains''.  Technically speaking, every subdomain is
   a  domain and every domain except the root is also a sub-
   domain.  The terminology is not intuitive and  you  would
   do well to read RFC's 1033, 1034, and 1035 to gain a com-
   plete understanding of this difficult and subtle topic.

        Though BIND is a _D_o_m_a_i_n Name Server, it  deals  pri-
   marily in terms of _z_o_n_e_s.  The _p_r_i_m_a_r_y and _s_e_c_o_n_d_a_r_y dec-
   larations in  the  _n_a_m_e_d_._b_o_o_t  file  specify  _z_o_n_e_s,  not
   _d_o_m_a_i_n_s.   When you ask someone if they are willing to be
   a secondary server for your ``domain'', you are  actually
   asking  for  secondary  service  for  some  collection of
   _z_o_n_e_s.

        Each zone will have one  ``primary''  server,  which
   loads  the  zone  contents  from some local file which is
   edited by humans or perhaps generated  mechanically  from
   some  other  local  file which is edited by humans.  Then
   there will be some number of ``secondary'' servers, which
   load  the  zone  contents using the IP/DNS protocol (that
   is, the secondary servers will contact  the  primary  and
   fetch  the  zone using IP/TCP).  This set of servers (the
   primary and all of the secondaries) should be  listed  in
   the  _N_S records in the parent zone, which will constitute
   a ``delegation''.  This  set  of  servers  must  also  be
   listed  in  the zone file itself, usually under the ``@''
   name which is a magic cookie that means the ``top level''
   or  ``root'' of current $ORIGIN.  You can list servers in
   the zone's top-level ``@'' _N_S records that are not in the
   parent's  _N_S  delegation,  but you cannot list servers in
   the parent's delegation  that  are  not  present  in  the
   zone's ``@''.  (This latter condition is one form of what
   is called a ``lame delegation''.)


44..  TTyyppeess ooff SSeerrvveerrss

        Servers do not really have ``types''.  A server  can
   be  a  primary for some zones and a secondary for others,
   or it can be only a primary, or only a secondary,  or  it
   can  serve  no  zones  and  just  answer  queries via its
   ``cache''.  Previous versions of this  document  referred
   to  servers  as  ``master'' and ``slave'' but we now feel
   that those  distinctions  --  and  the  assignment  of  a
   ``type'' to a name server -- are not useful.

   44..11..  CCaacchhiinngg OOnnllyy SSeerrvveerr

           All servers are caching servers.  This means that
      the server caches the information that it receives for










NNaammee SSeerrvveerr OOppeerraattiioonnss GGuuiiddee ffoorr BBIINNDD               SSMMMM::1100--77


      use  until the data expires.  A _C_a_c_h_i_n_g _O_n_l_y _S_e_r_v_e_r is
      a server that is not  authoritative  for  any  domain.
      This  server  services queries and asks other servers,
      who have the authority, for  the  information  needed.
      All  servers  keep  data in their cache until the data
      expires, based on a _T_T_L (``Time To Live'') field which
      is maintained for all resource records.

   44..22..  RReemmoottee SSeerrvveerr

           A  Remote Server is an option given to people who
      would like to use a name server from their workstation
      or  on  a  machine that has a limited amount of memory
      and CPU cycles.  With this option you can run  all  of
      the networking programs that use the name server with-
      out the name server running on the local machine.  All
      of  the  queries are serviced by a name server that is
      running on another machine on the network.  This  kind
      of  host is technically not a ``server'', since it has
      no cache and does not answer queries.   A  host  which
      has  an  _/_e_t_c_/_r_e_s_o_l_v_._c_o_n_f  file  listing  only  remote
      hosts, and which does not run a  name  server  of  its
      own,  is  sometimes  called  a  Remote Server but more
      often it is called simply a DNS Client.

   44..33..  SSllaavvee SSeerrvveerr

           A Slave Server is a server that  always  forwards
      queries  it  cannot satisfy from its cache, to a fixed
      list of _f_o_r_w_a_r_d_i_n_g servers instead of interacting with
      the master nameservers for the root and other domains.
      The queries to the _f_o_r_w_a_r_d_i_n_g  _s_e_r_v_e_r_s  are  recursive
      queries.  There may be one or more forwarding servers,
      and  they  are  tried  in  turn  until  the  list   is
      exhausted.   A  Slave  and  forwarder configuration is
      typically used when you do not wish all the servers at
      a  given  site  to be interacting with the rest of the
      Internet servers.  A typical scenario would involve  a
      number  of workstations and a departmental timesharing
      machine with Internet access.  The workstations  might
      be  administratively  prohibited  from having Internet
      access.  To give the workstations  the  appearance  of
      access to the Internet domain system, the workstations
      could be Slave  servers  to  the  timesharing  machine
      which  would  forward  the  queries  and interact with
      other nameservers to resolve the query before  return-
      ing  the  answer.   An added benefit of using the for-
      warding feature is that the central machine develops a
      much  more  complete cache of information that all the
      workstations can take advantage of.  The use of  Slave
      mode  and  forwarding  is  discussed further under the
      description of the named bootfile commands.











SSMMMM::1100--88               NNaammee SSeerrvveerr OOppeerraattiioonnss GGuuiiddee ffoorr BBIINNDD


           Note that a Slave  Server  still  needs  a  _c_a_c_h_e
      directive in its bootfile, since it will otherwise not
      be able to locate the root servers.  There is no  pro-
      hibition against declaring a server to be a _s_l_a_v_e even
      though it has _p_r_i_m_a_r_y and/or _s_e_c_o_n_d_a_r_y zones as  well;
      the  effect  will  still be that anything in the local
      server's cache or zones will be answered, and anything
      else will be forwarded using the _f_o_r_w_a_r_d_e_r_s list.


55..  SSeettttiinngg uupp YYoouurr OOwwnn DDoommaaiinn

        When  setting  up  a domain that is going to be on a
   public network the site administrator should contact  the
   organization  in  charge  of  the network and request the
   appropriate domain registration  form.   An  organization
   that  belongs  to multiple networks (such as the _I_n_t_e_r_n_e_t
   and _B_I_T_N_E_T) should register with only one network.

        The contacts are as follows:

   55..11..  IInntteerrnneett

           Sites on the Internet  who  need  information  on
      setting  up  a domain should contact the registrar for
      their network, which is one of the following:

      MILnet   HOSTMASTER@NIC..DDN..MIL
      other    HOSTMASTER@RS..INTERNIC..NET

      You may also want to be placed  on  the  BIND  mailing
      list, which is a mail group for people on the Internet
      who run BIND.  The group discusses future design deci-
      sions,  operational problems, and other related topic.
      The address to request being placed  on  this  mailing
      list is:

          _b_i_n_d_-_r_e_q_u_e_s_t_@_u_u_n_e_t.._u_u.._n_e_t


   55..22..  BBIITTNNEETT

           If  you  are  on  the BITNET and need to set up a
      domain, contact INFO@BITNIC.

   55..33..  SSuubbddoommaaiinnss ooff EExxiissttiinngg DDoommaaiinnss

           If you want a subdomain of some existing  domain,
      you  should  find  the  contact  point  for the parent
      domain rather than asking one of the  above  top-level
      registrars.   There should be a convention that rreeggiiss--
      ttrraarr@_d_o_m_a_i_n or hhoossttmmaasstteerr@_d_o_m_a_i_n for any given  domain











NNaammee SSeerrvveerr OOppeerraattiioonnss GGuuiiddee ffoorr BBIINNDD               SSMMMM::1100--99


      will  always  be  an alias for that domain's registrar
      (somewhat analogous to ppoossttmmaasstteerr), but  there  is  no
      such  convention.   Try it as a last resort, but first
      you should examine the _S_O_A record for the  domain  and
      send mail to the ``responsible person'' shown therein.


66..  FFiilleess

        The name server uses several files to load its  data
   base.   This  section  covers the files and their formats
   needed for _n_a_m_e_d.

   66..11..  BBoooott FFiillee

           This is the file that is first  read  when  _n_a_m_e_d
      starts  up.  This tells the server what type of server
      it is, which zones it has authority over and where  to
      get  its  initial data.  The default location for this
      file is _/_e_t_c_/_n_a_m_e_d_._b_o_o_t.  However this can be  changed
      by  setting  the  _B_O_O_T_F_I_L_E  variable  when you compile
      _n_a_m_e_d or by specifying the  location  on  the  command
      line when _n_a_m_e_d is started up.

      66..11..11..  DDoommaaiinn

              A  default  domain  may  be  specified for the
         nameserver using a line such as

             _d_o_m_a_i_n           _B_e_r_k_e_l_e_y.._E_d_u

         Older name servers use this information  when  they
         receive  a query for a name without a ``..'' that is
         not known.  Newer designs assume that the  resolver
         library  will  append  its  own idea of a ``default
         domain'' to any unqualified names.  Though the name
         server  can  still be compiled with support for the
         _d_o_m_a_i_n directive in the boot file, the  default  is
         to  leave  it  out  and  we  strenuously  recommend
         against its use.  If you use this feature,  clients
         outside  your  local domain which send you requests
         about unqualified  names  will  have  the  implicit
         qualification  of  your  domain rather than theirs.
         The proper  place  for  this  function  is  on  the
         client,  in  their //eettcc//rreessoollvv..ccoonnff (or equivalent)
         file.  Use of the _d_o_m_a_i_n  directive  in  your  boot
         file is strongly discouraged.

      66..11..22..  DDiirreeccttoorryy

              The  _d_i_r_e_c_t_o_r_y  directive specifies the direc-
         tory in which the nameserver should  run,  allowing
         the  other  file  names  in  the  boot  file to use