Commit f293a69b authored by Eric Luce's avatar Eric Luce

Add some flags to the nominum dsssl modification that hvae the HTML

files written out to something with more easily understood file
names (Bv9ARM.ch##.html) and remove the old HTML files. We were
not able to have XML just drop in replace them due to not being
able to use an XML id tag that begins with a number. Hence "ch01"
instead of "1."
parent 55c73d07
......@@ -9,7 +9,7 @@
<book>
<chapter>
<chapter id="ch01">
<title>Introduction </title>
<para>The Internet Domain Name System (<acronym>DNS</acronym>) consists of the syntax
to specify the names of entities in the Internet in a hierarchical
......@@ -307,7 +307,7 @@ for the zone are inaccessible.</para>
</sect1>
</chapter>
<chapter><title><acronym>BIND</acronym> Resource Requirements</title>
<chapter id="ch02"><title><acronym>BIND</acronym> Resource Requirements</title>
<sect1><title>Hardware requirements</title>
<para><acronym>DNS</acronym> hardware requirements have traditionally been quite modest.
For many installations, servers that have been pensioned off from
......@@ -377,7 +377,7 @@ systems:</para>
</sect1>
</chapter>
<chapter>
<chapter id="ch03">
<title>Nameserver Configuration</title>
<para>In this section we provide some suggested configurations along
with guidelines for their use. We also address the topic of reasonable
......@@ -806,7 +806,7 @@ reload the database. </para></entry>
</sect1>
</chapter>
<chapter>
<chapter id="ch04">
<title>Advanced Concepts</title>
<sect1 id="dynamic_update">
<title>Dynamic Update</title>
......@@ -1400,7 +1400,7 @@ allow-update { key host1-host2. ;};
<para><acronym>BIND</acronym> 9 includes a new lightweight resolver library and
resolver daemon which new applications may choose to use to avoid
the complexities of A6 chain following and bitstring labels,<xref
linkend="lightweight_resolver"/>.</para>
linkend="ch05"/>.</para>
<sect2>
<title>Address Lookups Using AAAA Records</title>
......@@ -1585,7 +1585,7 @@ $ORIGIN ipv6-rev.example.com.
</sect1>
</chapter>
<chapter id="lightweight_resolver"><title>The <acronym>BIND</acronym> 9 Lightweight Resolver</title>
<chapter id="ch05"><title>The <acronym>BIND</acronym> 9 Lightweight Resolver</title>
<sect1><title>The Lightweight Resolver Library</title>
<para>Traditionally applications have been linked with a stub resolver
library that sends recursive DNS queries to a local caching name
......@@ -1618,7 +1618,7 @@ to run on each host, it is designed to require no or minimal configuration.
in <filename>/etc/resolv.conf</filename> as forwarders, but is also
capable of doing the resolution autonomously if none are specified.</para></sect1></chapter>
<chapter><title><acronym>BIND</acronym> 9 Configuration Reference</title>
<chapter id="ch06"><title><acronym>BIND</acronym> 9 Configuration Reference</title>
<para><acronym>BIND</acronym> 9 configuration is broadly similar to <acronym>BIND</acronym> 8.x; however,
there are a few new areas of configuration, such as views. <acronym>BIND</acronym>
8.x configuration files should work with few alterations in <acronym>BIND</acronym>
......@@ -4383,7 +4383,7 @@ and not part of the standard zone file format.
</sect2>
</sect1>
</chapter>
<chapter><title><acronym>BIND</acronym> 9 Security Considerations</title>
<chapter id="ch07"><title><acronym>BIND</acronym> 9 Security Considerations</title>
<sect1 id="Access_Control_Lists"><title>Access Control Lists</title>
<para>Access Control Lists (ACLs), are address match lists that
you can set up and nickname for future use in <command>allow-query</command>, <command>allow-recursion</command>, <command>blackhole</command>, <command>allow-transfer</command>,
......@@ -4466,7 +4466,7 @@ way, the top-level zone containing critical data such as the IP addresses
of public web and mail servers need not allow dynamic update at
all.</para></sect1></chapter>
<chapter>
<chapter id="ch08">
<title>Troubleshooting</title>
<sect1>
<title>Common Problems</title>
......@@ -4526,7 +4526,7 @@ all.</para></sect1></chapter>
to read more.</para>
</sect1>
</chapter>
<appendix>
<appendix id="ch09">
<title>Appendices</title>
<sect1>
<title>Acknowledgements</title>
......
This diff is collapsed.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
<!--
- Copyright (C) 2000 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
- THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
- DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
- INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
- FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
- NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
- WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.2.html,v 1.10 2000/08/01 01:17:49 tale Exp $ -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="Adobe FrameMaker 5.5/HTML Export Filter">
<LINK REL="STYLESHEET" HREF="Bv9ARM.css">
<TITLE> Section 2. BIND Resource Requirements</TITLE></HEAD>
<BODY BGCOLOR="#ffffff">
<OL>
<H1 CLASS="1Level">
<A NAME="pgfId=997350">
</A>
Section 2. BIND Resource Requirements</H1>
</OL>
<DIV>
<OL>
<H3 CLASS="2Level">
<A NAME="pgfId=997351">
</A>
2.1 Hardware requirements</H3>
</OL>
<P CLASS="2LevelContinued">
<A NAME="pgfId=997352">
</A>
DNS hardware requirements have traditionally been quite modest. For many installations, servers that have been pensioned off from active duty have performed admirably as DNS servers.</P>
<P CLASS="2LevelContinued">
<A NAME="pgfId=997353">
</A>
The DNSSEC and IPv6 features of BIND&nbsp;9 may prove to be quite CPU intensive however, so organizations that make heavy use of these features may wish to consider larger systems for these applications. BIND&nbsp;9 is now fully multithreaded, allowing full utilization of multiprocessor systems for installations that need it.</P>
</DIV>
<DIV>
<OL>
<H3 CLASS="2Level">
<A NAME="pgfId=997354">
</A>
2.2 CPU Requirements</H3>
</OL>
<P CLASS="2LevelContinued">
<A NAME="pgfId=997355">
</A>
CPU requirements for BIND&nbsp;9 range from i486-class machines for serving of static zones without caching, to enterprise-class machines if you intend to process many dynamic updates and DNSSEC signed zones, serving many thousands of queries per second.</P>
</DIV>
<DIV>
<OL>
<H3 CLASS="2Level">
<A NAME="pgfId=997356">
</A>
2.3 Memory Requirements </H3>
</OL>
<P CLASS="2LevelContinued">
<A NAME="pgfId=997357">
</A>
The memory of the server has to be large enough to fit the cache and zones loaded off disk. Future releases of BIND&nbsp;9 will provide methods to limit the amount of memory used by the cache, at the expense of reducing cache hit rates and causing more DNS traffic. It is still good practice to have enough memory to load all zone and cache data into memory--unfortunately, the best way to determine this for a given installation is to watch the nameserver in operation. After a few weeks the server process should reach a relatively stable size where entries are expiring from the cache as fast as they are being inserted. Ideally, the resource limits should be set higher than this stable size.</P>
</DIV>
<DIV>
<OL>
<H3 CLASS="2Level">
<A NAME="pgfId=997358">
</A>
2.4 Nameserver Intensive Environment Issues</H3>
</OL>
<P CLASS="2LevelContinued">
<A NAME="pgfId=997359">
</A>
For nameserver intensive environments, there are two alternative configurations that may be used. The first is where clients and any second-level internal nameservers query a main nameserver, which has enough memory to build a large cache. This approach minimizes the bandwidth used by external name lookups. The second alternative is to set up second-level internal nameservers to make queries independently. In this configuration, none of the individual machines needs to have as much memory or CPU power as in the first alternative, but this has the disadvantage of making many more external queries, as none of the nameservers share their cached data.</P>
</DIV>
<DIV>
<OL>
<H3 CLASS="2Level">
<A NAME="pgfId=997360">
</A>
2.5 Supported Operating Systems</H3>
</OL>
<P CLASS="2LevelContinued">
<A NAME="pgfId=997361">
</A>
ISC BIND&nbsp;9 compiles and runs on the following operating systems:</P>
<P CLASS="2LevelContinued">
<A NAME="pgfId=997362">
</A>
IBM AIX 4.3<BR>
Compaq Digital/Tru64 UNIX 4.0D<BR>
HP HP-UX 11<BR>
IRIX64 6.5<BR>
Red Hat Linux 6.0, 6.1<BR>
Sun Solaris 2.6, 7, 8 (beta)<BR>
FreeBSD 3.4-STABLE<BR>
NetBSD-current with &quot;unproven&quot; pthreads</P>
</DIV>
<HR ALIGN="center">
<p>Return to <A href="Bv9ARM.html">BIND 9 Administrator Reference Manual</A> table of contents.</p>
</BODY>
</HTML>
This diff is collapsed.
This diff is collapsed.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
<!--
- Copyright (C) 2000 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
- THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
- DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
- INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
- FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
- NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
- WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.5.html,v 1.10 2000/08/01 01:17:54 tale Exp $ -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="Adobe FrameMaker 5.5/HTML Export Filter">
<LINK REL="STYLESHEET" HREF="Bv9ARM.css">
<TITLE> Section 5. The BIND 9 Lightweight Resolver</TITLE></HEAD>
<BODY BGCOLOR="#ffffff">
<OL>
<H1 CLASS="1Level">
<A NAME="pgfId=1001240">
</A>
Section 5. <A NAME="22731">
</A>
The BIND&nbsp;9 Lightweight Resolver</H1>
</OL>
<DIV>
<OL>
<H3 CLASS="2Level">
<A NAME="pgfId=1001241">
</A>
5.1 The Lightweight Resolver Library</H3>
</OL>
<P CLASS="2LevelContinued">
<A NAME="pgfId=1001242">
</A>
Traditionally applications have been linked with a stub resolver library that sends recursive DNS queries to a local caching name server.</P>
<P CLASS="2LevelContinued">
<A NAME="pgfId=1001243">
</A>
IPv6 introduces new complexity into the resolution process, such as following A6 chains and DNAME records, and simultaneous lookup of IPv4 and IPv6 addresses. These are hard or impossible to implement in a traditional stub resolver.</P>
<P CLASS="2LevelContinued">
<A NAME="pgfId=1001244">
</A>
Instead, BIND&nbsp;9 provides resolution services to local clients using a combination of a lightweight resolver library and a resolver daemon process running on the local host. These communicate using a simple UDP-based protocol, the &quot;lightweight resolver protocol&quot; that is distinct from and simpler than the full DNS protocol.</P>
</DIV>
<DIV>
<OL>
<H3 CLASS="2Level">
<A NAME="pgfId=1001245">
</A>
5.2 Running a Resolver Daemon</H3>
</OL>
<P CLASS="2LevelContinued">
<A NAME="pgfId=1001246">
</A>
To use the lightweight resolver interface, the system must run the resolver daemon <CODE CLASS="Program-Process">
lwresd</CODE>
.</P>
<P CLASS="2LevelContinued">
<A NAME="pgfId=1001247">
</A>
Applications using the lightweight resolver library will make UDP requests to the IPv4 loopback address (127.0.0.1) on port 921. The daemon will try to find the answer to the questions &quot;what are the addresses for host <EM CLASS="URL">
foo.example.com</EM>
?&quot; and &quot;what are the names for IPv4 address 204.152.184.79?&quot;</P>
<P CLASS="2LevelContinued">
<A NAME="pgfId=1001248">
</A>
The daemon currently only looks in the DNS, but in the future it may use other sources such as <EM CLASS="grammar_literal">
/etc/hosts</EM>
, NIS, etc.</P>
<P CLASS="2LevelContinued">
<A NAME="pgfId=1001249">
</A>
The <CODE CLASS="Program-Process">
lwresd</CODE>
daemon is essentially a stripped-down, caching-only name server that answers requests using the lightweight resolver protocol rather than the DNS protocol. Because it needs to run on each host, it is designed to require no or minimal configuration. It uses the name servers listed on <CODE CLASS="Program-Process">
nameserver</CODE>
lines in <EM CLASS="pathname">
/etc/resolv.conf</EM>
as forwarders, but is also capable of doing the resolution autonomously if none are specified.</P>
</DIV>
<HR ALIGN="center">
<p>Return to <A href="Bv9ARM.html">BIND 9 Administrator Reference Manual</A> table of contents.</p>
</BODY>
</HTML>
This diff is collapsed.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
<!--
- Copyright (C) 2000 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
- THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
- DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
- INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
- FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
- NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
- WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.7.html,v 1.10 2000/08/01 01:17:57 tale Exp $ -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="Adobe FrameMaker 5.5/HTML Export Filter">
<LINK REL="STYLESHEET" HREF="Bv9ARM.css">
<TITLE> Section 7. BIND&nbsp;9 Security Considerations</TITLE></HEAD>
<BODY BGCOLOR="#ffffff">
<OL>
<H1 CLASS="1Level">
<A NAME="pgfId=997350">
</A>
Section 7. BIND&nbsp;9 Security Considerations</H1>
</OL>
<DIV>
<OL>
<H3 CLASS="2Level">
<A NAME="pgfId=997352">
</A>
7.1 <A NAME="32222">
</A>
Access Control Lists</H3>
</OL>
<P CLASS="2LevelContinued">
<A NAME="pgfId=997353">
</A>
Access Control Lists (ACLs), are address match lists that you can set up and nickname for future use in <CODE CLASS="Program-Process">
allow-query</CODE>
, <CODE CLASS="Program-Process">
allow-recursion</CODE>
, <CODE CLASS="Program-Process">
blackhole</CODE>
, <CODE CLASS="Program-Process">
allow-transfer</CODE>
, etc.</P>
<P CLASS="2LevelContinued">
<A NAME="pgfId=997354">
</A>
Using ACLs allows you to have finer control over who can access your nameserver, without cluttering up your config files with huge lists of IP addresses.</P>
<P CLASS="2LevelContinued">
<A NAME="pgfId=997355">
</A>
It is a <EM CLASS="Emphasis">
good idea</EM>
to use ACLs, and to control access to your server. Limiting access to your server by outside parties can help prevent spoofing and DoS attacks against your server.</P>
<P CLASS="2LevelContinued">
<A NAME="pgfId=997356">
</A>
Here is an example of how to properly apply ACLs:</P>
<PRE>
<CODE><STRONG>// Set up an ACL named &quot;bogusnets&quot; that will block RFC1918 space,
// which is commonly used in spoofing attacks.
acl bogusnets { 0.0.0.0/8; 1.0.0.0/8; 2.0.0.0/8; 192.0.2.0/24; 224.0.0.0/3;
10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16; };
// Set up an ACL called our-nets. Replace this with the real IP numbers.
acl our-nets { x.x.x.x/24; x.x.x.x/21; };
options {
...
...
allow-query { our-nets; };
allow-recursion { our-nets; };
...
blackhole { bogusnets; };
...
};
zone &quot;example.com&quot; {
type master;
file &quot;m/example.com&quot;;
allow-query { any; };
};
</STRONG></CODE>
</PRE>
<P CLASS="2LevelContinued">
<A NAME="pgfId=997363">
</A>
This allows recursive queries of the server from the outside unless recursion has been previously disabled.</P>
<P CLASS="2LevelContinued">
<A NAME="pgfId=1028031">
</A>
For more information on how to use ACLs to protect your server, see the <EM CLASS="Emphasis">
AUSCERT</EM>
advisory at<BR>
<a href="ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos">
ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos</a>
</DIV>
<DIV>
<OL>
<H3 CLASS="2Level">
<A NAME="pgfId=997365">
</A>
7.2 <CODE CLASS="Program-Process">
chroot</CODE>
and <CODE CLASS="Program-Process">
setuid</CODE>
(for UNIX servers)</H3>
</OL>
<P CLASS="2LevelContinued">
<A NAME="pgfId=997366">
</A>
On UNIX servers, it is possible to run BIND in a <EM CLASS="Emphasis">
chrooted</EM>
environment (<CODE CLASS="Program-Process">
chroot()</CODE>
) by specifying the &quot;<CODE CLASS="Program-Process">
-t</CODE>
&quot; option. This can help improve system security by placing BIND in a &quot;sandbox,&quot; which will limit the damage done if a server is compromised.</P>
<P CLASS="2LevelContinued">
<A NAME="pgfId=997367">
</A>
Another useful feature in the UNIX version of BIND is the ability to run the daemon as a nonprivileged user ( <CODE CLASS="Program-Process">
-u</CODE>
<EM CLASS="variable">
user</EM>
). We suggest running as a nonprivileged user when using the <CODE CLASS="Program-Process">
chroot</CODE>
feature.</P>
<P CLASS="2LevelContinued">
<A NAME="pgfId=997368">
</A>
Here is an example command line to load BIND in a <CODE CLASS="Program-Process">
chroot()</CODE>
sandbox, <BR>
<CODE CLASS="Program-Process">
<STRONG>/var/named</STRONG></CODE>
, and to run <CODE CLASS="Program-Process">
<STRONG>named setuid</STRONG></CODE>
to user 202:</P>
<PRE>
<CODE><STRONG>/usr/local/bin/named -u 202 -t /var/named
</STRONG></CODE></PRE>
<DIV>
<OL>
<H4 CLASS="3Level">
<A NAME="pgfId=997370">
</A>
7.2.1 The <CODE CLASS="Program-Process">
chroot</CODE>
Environment</H4>
</OL>
<P CLASS="3LevelContinued">
<A NAME="pgfId=997371">
</A>
In order for a <CODE CLASS="Program-Process">
chroot()</CODE>
environment to work properly in a particular directory (for example, <EM CLASS="pathname">
/var/named</EM>
), you will need to set up an environment that includes everything BIND needs to run. From BIND's point of view, <EM CLASS="pathname">
/var/named</EM>
is the root of the filesystem. You will need <EM CLASS="pathname">
/dev/null</EM>
, and any library directories and files that BIND needs to run on your system. Please consult your operating system's instructions if you need help figuring out which library files you need to copy over to the <CODE CLASS="Program-Process">
chroot()</CODE>
sandbox.</P>
<P CLASS="3LevelContinued">
<A NAME="pgfId=997372">
</A>
If you are running an operating system that supports static binaries, you can also compile BIND statically and avoid the need to copy system libraries over to your <CODE CLASS="Program-Process">
chroot()</CODE>
sandbox.</P>
</DIV>
<DIV>
<OL>
<H4 CLASS="3Level">
<A NAME="pgfId=997373">
</A>
7.2.2 Using the <CODE CLASS="Program-Process">
setuid</CODE>
Function </H4>
</OL>
<P CLASS="3LevelContinued">
<A NAME="pgfId=997374">
</A>
Prior to running the <CODE CLASS="Program-Process">
named</CODE>
daemon, use the <CODE CLASS="Program-Process">
touch</CODE>
utility (to change file access and modification times) or the <CODE CLASS="Program-Process">
chown</CODE>
utility (to set the user id and/or group id) on files to which you want BIND to write.</P>
</DIV>
</DIV>
<DIV>
<OL>
<H3 CLASS="2Level">
<A NAME="pgfId=997375">
</A>
7.3 Dynamic Updates</H3>
</OL>
<P CLASS="2LevelContinued">
<A NAME="pgfId=997376">
</A>
Access to the dynamic update facility should be strictly limited. In earlier versions of BIND the only way to do this was based on the IP address of the host requesting the update. BIND&nbsp;9BIND&nbsp;9 also supports authenticating updates cryptographically by means of transaction signatures (TSIG). The use of TSIG is strongly recommended.</P>
<P CLASS="2LevelContinued">
<A NAME="pgfId=1006806">
</A>
Some sites choose to keep all dynamically updated DNS data in a subdomain and delegate that subdomain to a separate zone. This way, the top-level zone containing critical data such as the IP addresses of public web and mail servers need not allow dynamic update at all.</P>
</DIV>
<HR ALIGN="center">
<p>Return to <A href="Bv9ARM.html">BIND 9 Administrator Reference Manual</A> table of contents.</p>
</BODY>
</HTML>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
<!--
- Copyright (C) 2000 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
- THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
- DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
- INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
- FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
- NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
- WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.8.html,v 1.10 2000/08/01 01:17:58 tale Exp $ -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="Adobe FrameMaker 5.5/HTML Export Filter">
<LINK REL="STYLESHEET" HREF="Bv9ARM.css">
<TITLE> Section 8. Troubleshooting</TITLE></HEAD>
<BODY BGCOLOR="#ffffff">
<OL>
<H1 CLASS="1Level">
<A NAME="pgfId=997350">
</A>
Section 8. Troubleshooting</H1>
</OL>
<DIV>
<OL>
<H3 CLASS="2Level">
<A NAME="pgfId=997382">
</A>
8.1 Common Problems</H3>
</OL>
<DIV>
<OL>
<H4 CLASS="3Level">
<A NAME="pgfId=997383">
</A>
8.1.1 It's not working; how can I figure out what's wrong?</H4>
</OL>
<P CLASS="3LevelContinued">
<A NAME="pgfId=997384">
</A>
The best solution to solving installation and configuration issues is to take preventative measures by setting up logging files beforehand. (See the <A HREF="Bv9ARM.3.html#30164" CLASS="XRef">sample configurations</A>) in Section 3. The log files provide a source of hints and information that can be used to figure out what went wrong and how to fix the problem.</P>
</DIV>
</DIV>
<DIV>
<OL>
<H3 CLASS="2Level">
<A NAME="pgfId=997388">
</A>
8.2 Incrementing and Changing the Serial Number</H3>
</OL>
<P CLASS="2LevelContinued">
<A NAME="pgfId=1001230">
</A>
Zone serial numbers are just numbers--they aren't date related. A lot of people set them to a number that represents a date, usually of the form YYYYMMDDRR. A number of people have been testing these numbers for Y2K compliance and have set the number to the year 2000 to see if it will work. They then try to restore the old serial number. This will cause problems because serial numbers are used to indicate that a zone has been updated. If the serial number on the slave server is lower than the serial number on the master, the slave server will attempt to update its copy of the zone.</P>
<P CLASS="2LevelContinued">
<A NAME="pgfId=997390">
</A>
Setting the serial number to a lower number on the master server than the slave server means that the slave will not perform updates to its copy of the zone.</P>
<P CLASS="2LevelContinued">
<A NAME="pgfId=997391">
</A>
The solution to this is to add 2147483647 (2^31-1) to the number, reload the zone and make sure all slaves have updated to the new zone serial number, then reset the number to what you want it to be, and reload the zone again.</P>
</DIV>
<DIV>
<OL>
<H3 CLASS="2Level">
<A NAME="pgfId=997392">
</A>
8.3 Where Can I Get Help?</H3>
</OL>
<P CLASS="2LevelContinued">
<A NAME="pgfId=1001264">
</A>
The Internet Software Consortium (ISC) offers a wide range of support and service agreements for BIND and DHCP servers. Four levels of premium support are available and each level includes support for all ISC programs, significant discounts on products and training, and a recognized priority on bug fixes and non-funded feature requests. In addition, ISC offers a standard support agreement package which includes services ranging from bug fix announcements to remote support. It also includes training in BIND and DHCP.</P>
<P CLASS="2LevelContinued">
<A NAME="pgfId=997394">
</A>
To discuss arrangements for support, contact
<A HREF="mailto:info@isc.org">info@isc.org</A>
<CODE CLASS="Program-Process">
</CODE>
or visit the ISC web page at<BR>
<A HREF="http://www.isc.org/services/support/">
http://www.isc.org/services/support/</A> to read more.</P>