BIND 9 Administrator Reference Manual
- 1. Introduction to DNS and BIND 9
- 2. Resource Requirements
- 3. Configurations and Zone Files
- 4. Name Server Operations
- 5. Advanced Configurations
- 5.1. Dynamic Update
- 5.2. Incremental Zone Transfers (IXFR)
- 5.3. Split DNS
- 5.4. IPv6 Support in BIND 9
- 5.5. Dynamically Loadable Zones (DLZ)
- 5.6. Dynamic Database (DynDB)
- 5.7. Catalog Zones
- 5.8. DNS Firewalls and Response Policy Zones
- 5.8.1. Why Use a DNS Firewall?
- 5.8.2. What Can a DNS Firewall Do?
- 5.8.3. Creating and Maintaining RPZ Rule Sets
- 5.8.4. Limitations of DNS RPZ
- 5.8.5. DNS Firewall Usage Examples
- 5.8.6. Keeping Firewall Policies Updated
- 5.8.7. Performance and Scalability When Using Multiple RPZs
- 5.8.8. Practical Tips for DNS Firewalls and DNS RPZ
- 5.8.9. Creating a Simple Walled Garden Triggered by IP Address
- 5.8.10. A Known Inconsistency in DNS RPZ’s NSDNAME and NSIP Rules
- 5.8.11. Example: Using RPZ to Disable Mozilla DoH-by-Default
- 6. Security Configurations
- 7. DNSSEC
- 7.1. DNSSEC Keys
- 7.2. DNSSEC, Dynamic Zones, and Automatic Signing
- 7.2.1. Converting From Insecure to Secure
- 7.2.2. Dynamic DNS Update Method
- 7.2.3. Fully Automatic Zone Signing
- 7.2.4. Private Type Records
- 7.2.5. DNSKEY Rollovers
- 7.2.6. Dynamic DNS Update Method
- 7.2.7. Automatic Key Rollovers
- 7.2.8. NSEC3PARAM Rollovers via UPDATE
- 7.2.9. Converting From NSEC to NSEC3
- 7.2.10. Converting From NSEC3 to NSEC
- 7.2.11. Converting From Secure to Insecure
- 7.2.12. Periodic Re-signing
- 7.2.13. NSEC3 and OPTOUT
- 7.3. Dynamic Trust Anchor Management
- 7.4. PKCS#11 (Cryptoki) Support
- 8. Configuration Reference
- 8.1. Configuration File Elements
- 8.2. Configuration File Grammar
- 8.2.1.
acl
Statement Grammar - 8.2.2.
acl
Statement Definition and Usage - 8.2.3.
controls
Statement Grammar - 8.2.4.
controls
Statement Definition and Usage - 8.2.5.
include
Statement Grammar - 8.2.6.
include
Statement Definition and Usage - 8.2.7.
key
Statement Grammar - 8.2.8.
key
Statement Definition and Usage - 8.2.9.
logging
Statement Grammar - 8.2.10.
logging
Statement Definition and Usage - 8.2.11.
parental-agents
Statement Grammar - 8.2.12.
parental-agents
Statement Definition and Usage - 8.2.13.
primaries
Statement Grammar - 8.2.14.
primaries
Statement Definition and Usage - 8.2.15.
options
Statement Grammar - 8.2.16.
options
Statement Definition and Usage - 8.2.17.
server
Statement Grammar - 8.2.18.
server
Statement Definition and Usage - 8.2.19.
statistics-channels
Statement Grammar - 8.2.20.
statistics-channels
Statement Definition and Usage - 8.2.21.
tls
Statement Grammar - 8.2.22.
tls
Statement Definition and Usage - 8.2.23.
http
Statement Grammar - 8.2.24.
http
Statement Definition and Usage - 8.2.25.
trust-anchors
Statement Grammar - 8.2.26.
trust-anchors
Statement Definition and Usage - 8.2.27.
dnssec-policy
Statement Grammar - 8.2.28.
dnssec-policy
Statement Definition and Usage - 8.2.29.
managed-keys
Statement Grammar - 8.2.30.
managed-keys
Statement Definition and Usage - 8.2.31.
trusted-keys
Statement Grammar - 8.2.32.
trusted-keys
Statement Definition and Usage - 8.2.33.
view
Statement Grammar - 8.2.34.
view
Statement Definition and Usage - 8.2.35.
zone
Statement Grammar - 8.2.36.
zone
Statement Definition and Usage
- 8.2.1.
- 8.3. BIND 9 Statistics
- 9. Troubleshooting
- 10. Building BIND 9
- Release Notes
- DNSSEC Guide
- A Brief History of the DNS and BIND
- General DNS Reference Information
- Manual Pages
- arpaname - translate IP addresses to the corresponding ARPA names
- ddns-confgen - TSIG key generation tool
- delv - DNS lookup and validation utility
- dig - DNS lookup utility
- dnssec-cds - change DS records for a child zone based on CDS/CDNSKEY
- dnssec-dsfromkey - DNSSEC DS RR generation tool
- dnssec-importkey - import DNSKEY records from external systems so they can be managed
- dnssec-keyfromlabel - DNSSEC key generation tool
- dnssec-keygen: DNSSEC key generation tool
- dnssec-revoke - set the REVOKED bit on a DNSSEC key
- dnssec-settime: set the key timing metadata for a DNSSEC key
- dnssec-signzone - DNSSEC zone signing tool
- dnssec-verify - DNSSEC zone verification tool
- dnstap-read - print dnstap data in human-readable form
- filter-aaaa.so - filter AAAA in DNS responses when A is present
- host - DNS lookup utility
- mdig - DNS pipelined lookup utility
- named-checkconf - named configuration file syntax checking tool
- named-checkzone - zone file validation tool
- named-compilezone - zone file converting tool
- named-journalprint - print zone journal in human-readable form
- named-nzd2nzf - convert an NZD database to NZF text format
- named-rrchecker - syntax checker for individual DNS resource records
- named.conf - configuration file for named
- named - Internet domain name server
- nsec3hash - generate NSEC3 hash
- nslookup - query Internet name servers interactively
- nsupdate - dynamic DNS update utility
- rndc-confgen - rndc key generation tool
- rndc.conf - rndc configuration file
- rndc - name server control utility
- tsig-keygen - TSIG key generation tool