4.4BSD/usr/src/contrib/bind-4.9/doc/BOG/files.me

Compare this file to the similar file:
Show the results in this format:

.\" ++Copyright++ 1986, 1988
.\" -
.\" Copyright (c) 1986, 1988 Regents of the University of California.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\" must display the following acknowledgement:
.\" This product includes software developed by the University of
.\" California, Berkeley and its contributors.
.\" 4. Neither the name of the University nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\" -
.\" Portions Copyright (c) 1993 by Digital Equipment Corporation.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies, and that
.\" the name of Digital Equipment Corporation not be used in advertising or
.\" publicity pertaining to distribution of the document or software without
.\" specific, written prior permission.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
.\" SOFTWARE.
.\" -
.\" --Copyright--
.\"
.\" @(#)files.me 6.8 (Berkeley) 9/19/89
.\"
.sh 1 "Files
.pp
The name server uses several files to load its data base.
This section covers the files and their formats needed for \fInamed\fP.
.sh 2 "Boot File"
.pp
This is the file that is first read when \fInamed\fP starts up.
This tells the server what type of server it is,
which
zones it has authority over and where to get its initial data.
The default location for this file is \fI/\|etc\|/\|named\|.\|boot\fP\|.
However this can be changed
by setting the \fIBOOTFILE\fP variable when you compile \fInamed\fP
or by specifying
the location on the command line when \fInamed\fP is started up.
.sh 3 "Domain"
.pp
A default domain may be specified for the nameserver
using a line such as
.(b l
.ta 0.5i +\w`secondary `u +\w`berkeley.edu `u +.5i +.5i
\fIdomain Berkeley\fP\fB\|.\|\fP\fIEdu\fP
.)b
.re
Older name servers use this information when they receive a query for a name
without a ``\fB.\fP'' that is not known. Newer designs assume that the
resolver library will append its own idea of a ``default domain'' to any
unqualified names. Though the name server can still be compiled with
support for the \fIdomain\fP directive in the boot file, the default is to
leave it out and we strenuously recommend against its use. If you use this
feature, clients outside your local domain which send you requests about
unqualified names will have the implicit qualification of your domain rather
than theirs. The proper place for this function is on the client, in their
\fB/etc/resolv.conf\fP (or equivalent) file. Use of the \fIdomain\fP
directive in your boot file is strongly discouraged.
.sh 3 "Directory"
.pp
The \fIdirectory\fP directive specifies the directory in which the nameserver
should run, allowing the other file names in the boot file to use relative path
names. There can be only one \fIdirectory\fP directive and it should be given
before any other directives that specify file names.
.(b l
.ta 0.5i +\w`secondary `u +\w`berkeley.edu `u +.5i +.5i
\fIdirectory /var/named\fP
.)b
.re
If you have more than a couple of named files to be maintained, you may wish
to place the named files in a directory such as /var/named and adjust the
directory command properly. The main purposes of this command are to make
sure named is in the proper directory when trying to include files by
relative path names with $Include and to allow named to run in a location
that is reasonable to dump core if it feels the urge.
.sh 3 "Primary Service"
.pp
The line in the boot file that designates the server as a primary server
for a zone looks as follows:
.(b l
.ta 0.5i +\w`secondary `u +\w`berkeley.edu `u +.5i +.5i
\fIprimary Berkeley\fP\fB\|.\|\fP\fIEdu ucbhosts\fP
.)b
.re
The first field specifies that the server is a primary one for the zone
stated in the second field.
The third field is the name of the file from which the data is read.
.sh 3 "Secondary Service"
.pp
The line for a secondary server is similar to the primary except
that it lists addresses of other servers (usually primary servers)
from which the zone data will be obtained.
.(b l
.ta 0.5i +\w`secondary `u +\w`berkeley.edu `u +\w`128.32.0.10 `u +\w`128.32.0.10 `u +.5i +.5i
\fIsecondary Berkeley\fP\fB\|.\|\fP\fIEdu 128\fP\fB.\fP\fI32\fP\fB.\fP\fI0\fP\fB.\fP\fI10 \fP\fI128\fP\fB.\fP\fI32\fP\fB.\fP\fI0\fP\fB.\fP\fI4\fP \fIucbhosts.bak\fP
.)b
.re
The first field specifies that the server is a secondary master server for
the zone stated in the second field.
The two network addresses specify the name servers which have data for the
zone. Note that at least one of these will be a \fIprimary\fP, and, unless
you are using some protocol other than \s-1IP/DNS\s+1 for your zone transfer
mechanism, the others will all be other \fIsecondary\fP servers. Having your
secondary server pull data from other secondary servers is usually unwise,
since you can add delay to the propagation of zone updates if your network's
connectivity varies in pathological but common ways. The intended use for
multiple addresses on a \fIsecondary\fP declaration is when the \fIprimary\fP
server has multiple network interfaces and therefore multiple host addresses.
The secondary server gets its data across the network from one of the listed
servers. The server addresses are tried in the order listed.
If a filename is present after the list of primary servers, data for the zone
will be dumped into that file as a backup.
When the server is first started, the data is loaded from the backup file
if possible, and a primary server is then consulted to check that the zone
is still up-to-date. Note that listing your server as a \fIsecondary\fP
server does not neccessarily make it one \(em the parent zone must
\fIdelegate\fP authority to your server as well as the primary and the
other secondaries, or you will be transferring a zone over for no reason;
no other server will have a reason to query you for that zone unless the
parent zone lists you as a server for the zone.
.sh 3 "Caching Server"
.pp
You do not need a special line to designate that a server is a caching
server. What denotes a ``caching only'' server is the absence of authority
lines, such as \fIsecondary\fP or \fIprimary\fP in the boot file.
.pp
All servers, including ``caching only'' servers, should have a line as
follows in the boot file to prime the name servers cache:
.(b l
\fIcache \fP\fB.\fP\fI root\fP\fB.\fP\fIcache\fP
.)b
All cache files listed will be read in at named boot time and any values
still valid will be reinstated in the cache and the root nameserver
information in the cache files will be used until a root query is
actually answered by one of the name servers in your cache file, at
which time that answer will be used until it times out and your cache
file will be ignored.
.pp
Do not put anything into your \fIcache\fP files other than root server
information.
.sh 3 "Forwarders"
.pp
Any server can make use of \fIforwarders\fP. A \fIforwarder\fP is another
server capable of processing recursive queries that is willing to try
resolving queries on behalf of other systems. The \fIforwarders\fP
command specifies forwarders by internet address as follows:
.(b l
\fIforwarders \fI128\fP\fB.\fP\fI32\fP\fB.\fP\fI0\fP\fB.\fP\fI10 \fP\fI128\fP\fB.\fP\fI32\fP\fB.\fP\fI0\fP\fB.\fP\fI4\fP
.)b
.re
There are two main reasons
for wanting to do so. First, some systems may not have full network
access and may be prevented from sending any IP packets into the rest of
the Internet and therefore must rely on a forwarder which does have
access to the full net. The second reason is that the forwarder sees
a union of all queries as they pass through his server and therefore it
builds up a very rich cache of data compared to the cache in a typical
workstation nameserver. In effect, the \fIforwarder\fP becomes a meta-cache
that all hosts can benefit from, thereby reducing the total number of queries
from that site to the rest of the net.
.pp
The effect of ``forwarders'' is to prepend some fixed addresses to the list
of name servers to be tried for every query. Normally that list is made up
only of higher-authority servers discovered via \fINS\fP record lookups for
the relevant domain. If the forwarders do not answer, then unless the
\fIslave\fP directive was given, the appropriate servers for the domains
will be queried directly.
.sh 3 "Slave Servers"
.pp
Slave mode is used if the use of forwarders is the only possible way
to resolve queries due to lack of full net access or if you wish to prevent
the nameserver from using other than the listed forwarders.
Slave mode is activated by placing the simple command
.(b l
\fIslave\fP
.)b
in the bootfile. If \fIslave\fP is used, then you must specify forwarders.
When in slave mode, the server will forward each query to each of the the
forwarders until an answer is found or the list of forwarders is exhausted.
The server will not try to contact any remote name server other than those
named in the \fIforwarders\fP list.
.pp
So while \fIforwarders\fP adds to the end of the ``server list'' for each
query, \fIslave\fP causes the ``server list'' to contain \fIonly\fP those
addresses listed in the \fIforwarders\fP declarations. Careless use of
the \fIslave\fP directive can cause really horrible forwarding loops, since
you could end up forwarding queries only to some set of hosts which are also
slaves, and one or several of them could be forwarding queries back to you.
.pp
Use of the \fIslave\fP directive should be considered very carefully.
.sh 3 "Zone Transfer Restrictions"
.pp
It may be the case that your organization does not wish to give complete
lists of your hosts to anyone on the Internet who can reach your name servers.
While it is still possible for people to ``iterate'' through your address
range, looking for \fIPTR\fP records, and build a list of your hosts the
``slow'' way, it is still considered reasonable to restrict your export of
zones via the zone transfer protocol. To limit the list of neighbors who
can transfer zones from your server, use the
.(b l
\fIxfrnets\fP
.)b
directive. This directive has the same syntax as \fIforwarders\fP except
that you can list network numbers in addition to host addresses. For example,
you could add the directive \fIxfrnets 16.0.0.0\fP if you wanted to permit
only hosts on Class A network number 16 to transfer zones from your server.
This is not nearly granular enough, and a future version of \s-1BIND\s+1 will
permit such access-control to be specified on a per-zone basis rather than
the current ``global'' basis.
.pp
The \fIxfrnets\fP directive may also be given as \fItcplist\fP for
compatibility with interim releases of \s-1BIND\s+1 4.9.
.pp
Note that \fIxfrnets\fP support is a compile-time option which your vendor
may not have enabled when they built your operating system.
.sh 3 "Sorting Addresses"
.pp
If there are multiple addresses available for a name server which \s-1BIND\s+1
wants to contact, \s-1BIND\s+1 will try the ones it believes are ``closest''
first. ``Closeness'' is defined in terms of similarity-of-address; that is,
if one address is on the same \fIsubnet\fP as some interface of the local host,
then that address will be tried first. Failing that, an address which is on
the same \fInetwork\fP will be tried first. Failing that, they will be tried
in a more-or-less random order unless the \fIsortlist\fP directive was given
in the \fInamed.boot\fP file. \fIsortlist\fP has a syntax similar to
\fIforwarders\fP and \fIxfrnets\fP; you give it a list of networks and it
uses these to ``prefer'' some remote name server addresses over others. If
you are on a Class C net which has a Class B net between you and the rest of
the Internet, you could try to improve the name server's luck in getting
answers by listing the Class B network's number in a \fIsortlist\fP directive.
This should have the effect of trying ``closer'' servers before the more
``distant'' ones. Note that this behaviour is new in \s-1BIND 4.9\s+1.
.pp
The other and older effect of the \fIsortlist\fP directive is to cause
\s-1BIND\s+1 to sort the \fIA\fP records in any response it generates, so as
to put those which appear on the \fIsortlist\fP earlier than those which do
not. This is not as helpful as you might think, since many clients will
reorder the \fIA\fP records either at random or using \s-1LIFO\s+1.
.pp
In actual practice, noone uses this directive since it hardwires information
which changes rapidly; a network which is ``close'' today may be ``distant''
next month. Since \s-1BIND\s+1 builds up a cache of the remote name servers'
response times, it will quickly converge on ``reasonable'' behaviour, which
isn't the same as ``optimal'' but it's close enough. Future directions for
\s-1BIND\s+1 include choosing addresses based on local interface metrics (on
hosts which have more than one) and perhaps on routing table information. We
do not intend to solve the generalized ``multi-homed host'' problem, but we
should be able to do a little better than we're doing now. Likewise, we hope
to see a higher-level resolver library that sorts responses using topology
information that only exists on the client's host.

.sh 3 "Bogus Name Servers"
.pp
It happens occasionally that some remote name server goes ``bad''. You can
tell your name server to refuse to listen to or ask questions of certain
other name servers by listing them in a \fIbogusns\fP directive in your
\fInamed.boot\fP file. Its syntax is the same as \fIforwarders\fP \(em
you just give it a list of dotted-quad Internet addresses.
.pp
Note that \fIbogusns\fP support is a compile-time option which your vendor
may not have enabled when they built your operating system.
.sh 3 "Segmented Boot Files"
.pp
If you are secondary for a lot of zones, you may find it convenient to split
your \fInamed.boot\fP file into a static portion which hardly ever changes
(directives such as \fIdirectory\fP, \fIsortlist\fP, \fIxfrnets\fP and
\fIcache\fP could go here), and dynamic portions that change frequently
(all of your \fIprimary\fP directives might go in one file, and all of your
\fIsecondary\fP directives might go in another file \(em and either or both
of these might be fetched automatically from some neighbor so that they can
change your list of secondary zones without requiring your active
intervention). You can accomplish this via the \fIinclude\fP directive,
which takes just a single file name as its argument. No quotes are needed
around the file name. The file name will be evaluated after the name server
has changed its working directory to that specified in the \fIdirectory\fP
directive, so you can use relative pathnames if your system supports them.
.sh 2 "Resolver Configuration"
.pp
The resolver will try to contact a nameserver on the localhost if it cannot
find its configuration file. You should install the configuration file
on every host anyway, since you can list the local host's address if the
localhost runs a nameserver, and there is no other recommended way to
specify a system-level default domain. Note that if you wish to list the
local host in your resolver configuration file, you should probably use its
primary Internet address rather than a localhost alias such as 127.0.0.1 or
0.0.0.0. This is due to a bug in the handling of connected \s-1SOCK_DGRAM\s+1
sockets in some versions of the \s+1BSD\s-1 networking code. If you must use
an address-alias, you should prefer 0.0.0.0 (or simply ``0'') over 127.0.0.1,
though be warned that depending on the vintage of your \s-1BSD\s+1-derived
networking code, both of them are capable of failing in their own ways.
.pp
The configuration file's name is \fI/\|etc/\|resolv\|.\|conf\fP.
This file designates the name servers on the network that should
be sent queries.
It is considered reasonable to create this file even if you run a local
server, since its contents will be cached by each client of the resolver
library when the client makes its first call to a resolver routine. If
you run a name server locally, list it in your \fIresolv.conf\fP file.
.pp
The \fIresolv.conf\fP file contains directives, one per line, of the
following forms:
.(l I
; comment
# another comment
domain \fIlocal-domain\fP
search \fIsearch-list\fP
nameserver \fIserver-address\fP
.)l
The \fIdomain\fP and \fIsearch\fP directives should be given exactly once.
If the \fIsearch\fP directive is given, the first item in the given
\fIsearch-list\fP will override any previously-specified \fIlocal-domain\fP.
The \fInameserver\fP directive may be given up to three times; additional
\fInameserver\fP directives will be ignored. Comments may be given by
starting a line with a ``\fB\|;\|\fP'' or ``\fB\|#\|\fP''; note that
comments were not permitted in versions of the resolver earlier than the one
included with \s-1BIND 4.9\s+1 \(em so if your vendor's resolver supports
comments, you know they are really on the ball.
.pp
The \fIlocal-domain\fP will be appended to any query-name that does not
contain a ``\fB\|.\|\fP''. \fIlocal-domain\fP can be overridden on a
per-process basis by setting the \s-1LOCALDOMAIN\s+1 environment variable.
Note that \fIlocal-domain\fP processing can be disabled by setting an
option in the resolver.
.pp
The \fIsearch-list\fP is a list of domains which are tried, in order,
as qualifying domains for query-names which do not contain a ``\fB\|.\|\fP''.
Note that \fIsearch-list\fP processing can be disabled by setting an
option in the resolver.
.pp
The \fIserver-address\fP\|'s are aggregated and then used as the default
destination of queries generated through the resolver. This is, in other
words, the way you tell the resolver which name servers it should use. It
is possible for a given client application to override this list, and this
is often done inside the name server (which is itself a \fIresolver\fP
client) and in test programs such as \fInslookup\fP.
.pp
Finally, if the environment variable \s-1HOSTALIASES\s+1 is set, it is taken
to contain the name of a file which in turn contains resolver-level aliases.
These aliases are applied only to names which do not contain any
``\fB\|.\|\fP'' characters, and they are applied to query-names before the
query is generated. Note that the resolver options governing the operation
of \fIlocal-domain\fP and \fIsearch-list\fP do not apply to
\s-1HOSTALIASES\s+1.

.sh 2 "Cache Initialization"
.sh 3 root.cache
.pp
The name server needs to know the servers that are the authoritative
name servers for the root domain of the network.
To do this we have to prime the name server's cache with the addresses
of these higher authorities.
The location of this file is specified in the boot file.
This file uses the Standard Resource Record Format (aka. Masterfile Format)
covered further on
in this paper.
.sh 3 named\|.\|local
.pp
This file specifies the \fIPTR\fP record for the local loopback interface,
better known as \fIlocalhost\fP, whose network address is 127.0.0.1.
The location of this file is specified in the boot file. It is vitally
important to the proper operation of every name server that the 127.0.0.1
address have a \fIPTR\fP record pointing back to the name
``\fBlocalhost.\fP\fImy.dom.ain\fP''. The name of this \fIPTR\fP
record is always ``\fB1.0.0.127.\s-1IN-ADDR.ARPA\s+1\fP''. This
is neccessary if you want your users to be able to use hostname-authentication
(\fIhosts.equiv\fP or \fI~/.rhosts\fP) on the name ``\fBlocalhost\fP''.
As implied by this \fIPTR\fP record, there should be an \fIA\fP record
in your domain specifying that ``\fBlocalhost.\fP\fImy.dom.ain\fP'' has
the Internet address 127.0.0.1.

.sh 2 "Domain Data Files"
.pp
There are two standard files for specifying the data for a
domain. These are \fIhosts\fP and \fIhost\|.\|rev\fP.
These files use the Standard Resource Record Format covered later
in this paper. Note that the file names are arbitrary; many network
administrators prefer to name their zone files after the domains they
contain, especially in the average case which is where a given server
is primary and/or secondary for many different zones.
.sh 3 hosts
.pp
This file contains all the data about the machines in this zone.
The location of this file is specified in the boot file.
.sh 3 hosts\|.\|rev
.pp
This file specifies the IN-ADDR\|.\|ARPA domain.
This is a special domain for allowing address to name mapping.
As internet host addresses do not fall within domain boundaries,
this special domain was formed to allow inverse mapping.
The IN-ADDR\|.\|ARPA domain has four
labels preceding it. These labels correspond to the 4 octets of
an Internet address.
All four octets must be specified even if an octets is zero.
The Internet address 128.32.0.4 is located in the domain
4\|.\|0\|.\|32\|.\|128\|.\|IN-ADDR\|.\|ARPA.
This reversal of the address is awkward to read but allows
for the natural grouping of hosts in a network.
.sh 2 "Standard Resource Record Format"
.pp
The records in the name server data files are called resource records.
The Standard Resource Record Format (RR) is specified in RFC1035.
The following is a general description of these records:
.TS
l l l l l.
\fI{name} {ttl} addr-class Record Type Record Specific data\fP
.TE
Resource records have a standard format shown above.
The first field is always the name of the domain record
and it must always start in column 1.
For all RR's other than the first in a file, the name may be left blank;
in that case it takes on the name of the previous RR.
The second field is an optional time to live field.
This specifies how long this data will be stored in the data base.
By leaving this field blank the default time to live is specified
in the \fIStart Of Authority\fP resource record (see below).
The third field is the address class; currently, only one class is supported:
\fIIN\fP for internet addresses and other internet information. Limited
support is included for the \fIHS\fP class, which is for MIT/Athena ``Hesiod''
information.
The fourth field states the type of the resource record.
The fields after that are dependent on the type of the RR.
Case is preserved in names and data fields when loaded into the name server.
All comparisons and lookups in the name server data base are case insensitive.
.bl
.b
The following characters have special meanings:
.ip ``\fB.\fP''
A free standing dot in the name field refers to the current domain.
.ip ``@''
A free standing @ in the name field denotes the current origin.
.ip "``\fB.\|.\fP''"
Two free standing dots represent the null domain name of the root when used in
the name field.
.ip "``\eX''"
Where X is any character other than a digit (0-9),
quotes that character so that its special meaning does not apply.
For example, ``\e.'' can be used to place a dot character in a label.
.ip "``\eDDD''"
Where each D is a digit, is the octet corresponding to the
decimal number described by DDD.
The resulting octet is assumed to be text and
is not checked for special meaning.
.ip "``( )''"
Parentheses are used to group data that crosses a line.
In effect, line terminations are not recognized within parentheses.
.ip "``;''"
Semicolon starts a comment; the remainder of the line is ignored.
.ip "``*''"
An asterisk signifies wildcarding. Note that this is just another data
character whose special meaning comes about only during internal name
server search operations. Wildcarding is only meaningful for some RR
types (notably \fIMX\fP), and then only in the name field \(em not in
the data fields.
.pp
Anywhere a name appears \(em either in the name field or in some data field
defined to contain names \(em the current origin will be appended if the
name does not end in a ``\fB\|.\|\fP''.
This is useful for appending the current domain name to the data,
such as machine names, but may cause problems where you do not want
this to happen.
A good rule of thumb is that, if the name is not in the domain for which
you are creating the data file, end the name with a ``\fB.\fP''.
.sh 3 $INCLUDE
.pp
An include line begins with $INCLUDE, starting in column 1,
and is followed by a file name, and, optionally, by a new
temporary $ORIGIN to be used while reading this file.
This feature is
particularly useful for separating different types of data into multiple files.
An example would be:
.(b l
$INCLUDE /usr/local/adm/named/data/mail-exchangers
.)b
The line would be interpreted as a request to load the file
\fI/usr/named/data/mail-exchangers\fP. The $INCLUDE command does not cause
data to be loaded into a different zone or tree. This is simply a way to
allow data for a given primary zone to be organized in separate files.
Not even the ``temporary $ORIGIN'' feature described above is sufficient
to cause your data to branch out into some other zone \(em zone boundaries
can only be introduced in the boot file.
.sh 3 ``$ORIGIN''
.pp
The origin is a way of changing the origin in a data file. The line starts
in column 1, and is followed by a domain origin. This seems like it could
be useful for putting more then one zone into a data file, but that's not
how it works. The name server fundamentally requires that a given zone map
entirely to some specific file. You should therefore be very careful to use
$ORIGIN only once at the top of a file, or, within a file, to change to a
``lower'' domain in the zone \(em never to some other zone altogether.
.sh 3 "SOA - Start Of Authority"
.(b L
.TS
l l l l l l.
\fIname {ttl} addr-class SOA Origin Person in charge\fP
@ IN SOA ucbvax\fB.\fPBerkeley\fB.\fPEdu\fB.\fP kjd\fB.\fPucbvax\fB.\fPBerkeley\fB.\fPEdu\fB.\fP (
1993041403 ; Serial
10800 ; Refresh
1800 ; Retry
3600000 ; Expire
259200 ) ; Minimum
.TE
.)b
The \fIStart of Authority, SOA,\fP record designates the start of a zone.
The name is the name of the zone.
Origin is the name of the host on which this data file resides.
Person in charge is the mailing address for the person responsible
for the name server.
The serial number is the version number of this data file;
this number should be incremented whenever a change is made to the data.
Older servers permitted the use of a phantom ``.'' in this and other
numbers in a zone file; the meaning of n.m was ``n000m'' rather than the
more intuitive ``n*1000+m'' (such that 1.234 translated to 1000234 rather
than to 1234). This feature has been deprecated due to its
obscurity, unpredictability, and lack of neccessity.
Note that using a ``YYYYMMDDNN'' notation you can still make 100 changes
per day until the year 4294. You should choose a notation that works for
you. If you're a clever \fIperl\fP programmer you could even use \fIRCS\fP
version numbers to help generate your zone serial numbers.
The refresh indicates how often, in seconds, the secondary name servers
are to check with the primary name server to see if an update is needed.
The retry indicates how long, in seconds, a secondary server should wait
before retrying a failed zone transfer.
Expire is the upper limit, in seconds, that a secondary name server
is to use the data before it expires for lack of getting a refresh.
Minimum is the default number of seconds to be used for the Time To Live
field on resource records which do not specify one in the zone file.
It is also an enforced minimum on Time To Live if it is specified on an RR.
There should only be one \fISOA\fP record per zone.
.sh 3 "NS - Name Server"
.TS
l l l l l.
\fI{name} {ttl} addr-class NS Name servers name\fP
IN NS ucbarpa\fB\|.\|\fPBerkeley\fB\|.\|\fPEdu\fB.\fP
.TE
The \fIName Server\fP record, \fINS\fP, lists a name server responsible
for a given domain.
The first name field lists the domain that is serviced by
the listed name server.
There should be one \fINS\fP record for each name server for the domain,
and every domain should have at least two nameservers.
.sh 3 "A - Address"
.TS
l l l l l.
\fI{name} {ttl} addr-class A address\fP
ucbarpa IN A 128\fB.\fP32\fB.\fP0\fB.\fP4
IN A 10\fB.\fP0\fB.\fP0\fB.\fP78
.TE
The \fIAddress\fP record, \fIA\fP, lists the address for a given machine.
The name field is the machine name and the address is the network address.
There should be one \fIA\fP record for each address of the machine.
.sh 3 "HINFO - Host Information"
.TS
l l l l l l.
\fI{name} {ttl} addr-class HINFO Hardware OS\fP
IN HINFO VAX-11/780 UNIX
.TE
\fIHost Information\fP resource record, \fIHINFO\fP, is for host specific
data. This lists the hardware and operating system that are running at the
listed host. If you want to include a space in the machine name you must
quote the name. There could be one \fIHINFO\fP record for each host, though
for security reasons most domains don't have any \fIHINFO\fP records at all.
No application depends on them.
.(b L
.sh 3 "WKS - Well Known Services"
.TS
l l l l l l l.
\fI{name} {ttl} addr-class WKS address protocol list of services\fP
IN WKS 128\fB.\fP32\fB.\fP0\fB.\fP10 UDP who route timed domain
IN WKS 128\fB.\fP32\fB.\fP0\fB.\fP10 TCP ( echo telnet
discard sunrpc sftp
uucp-path systat daytime
netstat qotd nntp
link chargen ftp
auth time whois mtp
pop rje finger smtp
supdup hostnames
domain
nameserver )
.TE
The \fIWell Known Services\fP record, \fIWKS\fP, describes the well known
services supported by a particular protocol at a specified address. The
list of services and port numbers come from the list of services specified
in \fI/etc/services.\fP There should be only one \fIWKS\fP record per
protocol per address. Note that RFC 1123 says of \fIWKS\fP records:
.)b
.(l L
2.2 Using Domain Name Service
...
An application SHOULD NOT rely on the ability to locate a WKS
record containing an accurate listing of all services at a
particular host address, since the WKS RR type is not often used
by Internet sites. To confirm that a service is present, simply
attempt to use it.
...
5.2.12 WKS Use in MX Processing: RFC-974, p. 5

RFC-974 [SMTP:3] recommended that the domain system be queried
for WKS ("Well-Known Service") records, to verify that each
proposed mail target does support SMTP. Later experience has
shown that WKS is not widely supported, so the WKS step in MX
processing SHOULD NOT be used.
...
6.1.3.6 Status of RR Types
...
The TXT and WKS RR types have not been widely used by
Internet sites; as a result, an application cannot rely
on the the existence of a TXT or WKS RR in most
domains.
.)l
.sh 3 "CNAME - Canonical Name"
.TS
l l l l l.
\fIaliases {ttl} addr-class CNAME Canonical name\fP
ucbmonet IN CNAME monet
.TE
The \fICanonical Name\fP resource record, \fICNAME\fP, specifies an
alias or nickname for the official, or canonical, host name.
This record should be the only one associated with the alias name.
All other resource records should be
associated with the canonical name, not with the nickname.
Any resource records that include a domain name as their value
(e.g., NS or MX) \fImust\fP list the canonical name, not the nickname.
.pp
Nicknames are also useful when a host changes its name. In that
case, it is usually a good idea to have a \fICNAME\fP record so that
people still using the old name will get to the right place.
.sh 3 "PTR - Domain Name Pointer"
.TS
l l l l l.
\fIname {ttl} addr-class PTR real name\fP
7.0 IN PTR monet\fB\|.\|\fPBerkeley\fB\|.\|\fPEdu\fB\|.\fP
.TE
A \fIDomain Name Pointer\fP record, \fIPTR\fP, allows special names to point
to some other location in the domain. The above example of a \fIPTR\fP
record is used in setting up reverse pointers for the special
\fIIN-ADDR\fP\fB\|.\|\fP\fIARPA\fP domain. This line is from the example
\fIhosts.rev\fP file. \fIPTR\fP records are needed by the
\fIgethostbyaddr\fP function. Note the trailing ``\fB\|.\|\fP'' which
prevents \s-1BIND\s+1 from appending the current \s-1$ORIGIN\s+1.
.sh 3 "MX - Mail Exchanger"
.TS
l l l l l l.
\fIname {ttl} addr-class MX preference value mail exchanger\fP
Munnari\fB\|.\|\fPOZ\fB\|.\|\fPAU\fB\|.\fP IN MX 0 Seismo\fB\|.\|\fPCSS\fB\|.\|\fPGOV\fB\|.\fP
*\fB\|.\|\fPIL\fB\|.\fP IN MX 0 RELAY\fB\|.\|\fPCS\fB\|.\|\fPNET\fB\|.\fP
.TE
\fIMail eXchanger\fP records, \fIMX\fP, are used to specify a list of hosts
which are configured to receive mail sent to this domain name. Every name
which receives mail should have an \fIMX\fP since if one is not found at the
time mail is being delivered, an \fIMX\fP will be ``imputed'' with a cost
of 0 and a destination of the host itself. If you want a host to receive
its own mail, you should create an \fIMX\fP for your host's name, pointing
at your host's name. It is better to have this be explicit than to let it
be imputed by remote mailers.
In the first example, above,
Seismo\fB\|.\|\fPCSS\fB\|.\|\fPGOV\fB\|.\fP is a mail gateway that knows how
to deliver mail to Munnari\fB\|.\|\fPOZ\fB\|.\|\fPAU\fB\|.\fP. These two
machines may have a private connection or use a different transport medium.
The preference value is the order that a mailer should follow when there is
more then one way to deliver mail to a single machine. Note that lower
numbers indicate higher precedence, and that mailers are supposed to randomize
same-valued \fIMX\fP hosts so as to distribute the load evenly if the costs
are equal. See RFC 974 for more detailed information.
.pp
Wildcard names containing the character ``*'' may be used for mail routing
with \fIMX\fP records. There are likely to be servers on the network that
simply state that any mail to a domain is to be routed through a relay.
Second example, above, all mail to hosts in the domain IL is routed through
RELAY.CS.NET. This is done by creating a wildcard resource record, which
states that *.IL has an \fIMX\fP of RELAY.CS.NET. Wildcard \fIMX\fP records
are not very useful in practice, though, since once a mail message gets to
the gateway for a given domain it still has to be routed \fIwithin\fP that
domain and it is not currently possible to have an apparently-different set
of \fIMX\fP records inside and outside of a domain. If you won't be needing
any Mail Exchangers inside your domain, go ahead and use a wildcard. If you
want to use both wildcard ``top-level'' and specific ``interior'' \fIMX\fP
records, note that each specific record will have to ``end with'' a complete
recitation of the same data that is carried in the top-level record. This
is because the specific \fIMX\fP records will take precedence over the
top-level wildcard records, and must be able to perform the top-level's
if a given interior domain is to be able to receive mail from outside the
gateway. Wildcard \fIMX\fP records are very subtle and you should be careful
with them.
.sh 3 "TXT - Text"
.TS
l l l l l l.
\fIname {ttl} addr-class TXT string\fP
Munnari\fB\|.\|\fPOZ\fB\|.\|\fPAU\fB\|.\fP IN TXT "foo"
.TE
A \fITXT\fP record contains free-form textual data. The syntax of the text
depends on the domain where it is found; several systems use \fITXT\fP records
to encode the local user database (\fI/etc/passwd\fP) and other administrative
data. MIT Hesiod is one such system, which, though it uses an addr-class of
\fIHS\fP rather than \fIIN\fP, implements its database with \fITXT\fP records
in the \s-1DNS\s+1.
.sh 3 "RP - Responsible Person"
.TS
l l l l l l.
\fIowner {ttl} addr-class RP mbox-domain-name TXT-domain-name\fP
franklin IN RP ben.franklin.berkeley.edu. sysadmins.berkeley.edu.
.TE
.pp
The Responsible Person record, \fIRP\fP, identifies the name or group name of
the responsible person for a host. Often it is desirable to be able to
identify the responsible entity for a particular host. When that host
is down or malfunctioning, you would want to contact those parties
who might be able to repair the host.
.pp
The first field, \fImbox-domain-name\fP, is a domain name that specifies the
mailbox for the responsible person. Its format in master files uses
the \s-1DNS\s+1 convention for mailbox encoding, identical to that used for
the \fIPerson-in-charge\fP mailbox field in the SOA record.
In the example above, the mbox domain name shows the encoding for
``\fB<ben@franklin.berkeley.edu>\fP''.
The root domain name (just ``\fB\|.\|\fP'') may be specified
to indicate that no mailbox is available.
.pp
The second field, \fITXT-domain-name\fP,
is a domain name for which \fITXT\fP records exist. A
subsequent query can be performed to retrieve the associated \fITXT\fP
resource records at \fITXT\fP domain name. This provides a
level of indirection so that the entity can be referred to from
multiple places in the \s-1DNS\s+1. The root domain name (just
``\fB\|.\|\fP'') may be specified for TXT domain name to indicate that no
associated \fITXT\fP RR exists. In the example above,
``\fBsysadmins.berkeley.edu.\fP'' is the name of a
TXT record that might contain some text with names and phone numbers.
.pp
The format of the \fIRP\fP record is class-insensitive.
Multiple \fIRP\fP records at a single name may be present in the database,
though they should have identical TTLs.
.pp
The \fIRP\fP record is still experimental; not all name servers implement
or recognize it.
.sh 2 "Discussion about the TTL"
.pp
The Time To Live assigned to the records and to the zone via the
Minimum field in the SOA record is very important. High values will
lead to lower BIND network traffic and faster response time. Lower
values will tend to generate lots of requests but will allow faster
propagation of changes.
.pp
Only changes and deletions from the zone are affected by the TTLs.
Additions propagate according to the Refresh value in the SOA.
.pp
Experience has shown that sites use default TTLs for their zones varying
from around 0.5 day to around 7 days. You may wish to consider boosting
the default TTL shown in former versions of this guide from one day
(86400 seconds) to three days (259200 seconds). This will drastically
reduce the number of requests made to your name servers.
.pp
If you need fast propagation of changes and deletions, it might be wise
to reduce the Minimum field a few days before the change, then do the
modification itself and augment the TTL to its former value.
.pp
If you know that your zone is pretty stable (you mainly add new records
without changing regularly old ones) then you may even wish to consider
a TTL higher than three days.
.pp
Note that in any case, it makes no sense to have records with a TTL
below the SOA Refresh delay, as Delay is the time required for secondaries
to get a copy of the newly modified zone.
.sh 2 "Sample Files"
.pp
The following section contains sample files for the name server.
This covers example boot files for the different types of servers
and example domain data base files.