bind10-guide.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY mdash  "&#x2014;" >
<!ENTITY % version SYSTEM "version.ent">
%version;
]>

<!--
 - Copyright (C) 2010-2012  Internet Systems Consortium, Inc. ("ISC")
 -
 - Permission to use, copy, modify, and/or distribute this software for any
 - purpose with or without fee is hereby granted, provided that the above
 - copyright notice and this permission notice appear in all copies.
 -
 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 - PERFORMANCE OF THIS SOFTWARE.
-->

<book>
  <?xml-stylesheet href="bind10-guide.css" type="text/css"?>

  <bookinfo>
    <title>BIND 10 Guide</title>
    <subtitle>Administrator Reference for BIND 10</subtitle>

    <copyright>
      <year>2010-2012</year><holder>Internet Systems Consortium, Inc.</holder>
    </copyright>

    <abstract>
      <para>BIND 10 is a framework that features Domain Name System
      (DNS) suite and Dynamic Host Configuration Protocol (DHCP)
      servers managed by Internet Systems Consortium (ISC). It
      includes DNS libraries, modular components for controlling
      authoritative and recursive DNS servers, and experimental DHCPv4
      and DHCPv6 servers.
      </para>
      <para>
        This is the reference guide for BIND 10 version &__VERSION__;.
        The most up-to-date version of this document (in PDF, HTML,
        and plain text formats), along with other documents for
        BIND 10, can be found at <ulink url="http://bind10.isc.org/docs"/>.
        </para> </abstract>

      <releaseinfo>This is the reference guide for BIND 10 version
        &__VERSION__;.</releaseinfo>

  </bookinfo>

  <preface>
    <title>Preface</title>

    <section id="acknowledgements">
      <title>Acknowledgements</title>

      <para>ISC would like to acknowledge generous support for
      BIND 10 development of DHCPv4 and DHCPv6 components provided
      by <ulink url="http://www.comcast.com/">Comcast</ulink>.</para>

    </section>

  </preface>

  <chapter id="intro">
    <title>Introduction</title>
    <para>
      BIND is the popular implementation of a DNS server, developer
      interfaces, and DNS tools.
      BIND 10 is a rewrite of BIND 9.  BIND 10 is written in C++ and Python
      and provides a modular environment for serving and maintaining DNS.
      BIND 10 provides a EDNS0- and DNSSEC-capable authoritative
      DNS server and a caching recursive name server which also
      provides forwarding.
    </para>

    <para>
      This guide covers the experimental prototype of
      BIND 10 version &__VERSION__;.
    </para>

    <section>
      <title>Supported Platforms</title>
      <para>
  BIND 10 builds have been tested on Debian GNU/Linux 5 and unstable,
  Ubuntu 9.10, NetBSD 5, Solaris 10, FreeBSD 7 and 8, CentOS
  Linux 5.3, and MacOS 10.6.

  It has been tested on Sparc, i386, and amd64 hardware
  platforms.

        It is planned for BIND 10 to build, install and run on
        Windows and standard Unix-type platforms.
      </para>
    </section>

    <section id="required-software">
      <title>Required Software</title>
      <para>
        BIND 10 requires at least Python 3.1
        (<ulink url="http://www.python.org/"/>).
        It has also been tested with Python 3.2.
      </para>

      <para>
        BIND 10 uses the Botan crypto library for C++
        (<ulink url="http://botan.randombit.net/"/>).
        It requires at least Botan version 1.8.
      </para>

      <para>
        BIND 10 uses the log4cplus C++ logging library
        (<ulink url="http://log4cplus.sourceforge.net/"/>).
        It requires at least log4cplus version 1.0.3.
      </para>

      <para>
        The authoritative DNS server uses SQLite3
        (<ulink url="http://www.sqlite.org/"/>).
<!-- TODO: is this still required? -->
        It needs at least SQLite version 3.3.9.
      </para>

      <para>
        The <command>b10-xfrin</command>, <command>b10-xfrout</command>,
        and <command>b10-zonemgr</command> components require the
        libpython3 library and the Python _sqlite3.so module
        (which is included with Python).
        The Python module needs to be built for the corresponding Python 3.
      </para>
<!-- TODO: this will change ... -->

      <note>
        <para>
          Some operating systems do not provide these dependencies
          in their default installation nor standard packages
          collections.
          You may need to install them separately.
        </para>
      </note>
    </section>

    <section id="starting_stopping">
      <title>Starting and Stopping the Server</title>

      <para>
        BIND 10 is modular.  Part of this modularity is
        accomplished using multiple cooperating processes which, together,
        provide the server functionality.  This is a change from
        the previous generation of BIND software, which used a
        single process.
      </para>

      <para>
        At first, running many different processes may seem confusing.
        However, these processes are started, stopped, and maintained
        by a single command, <command>bind10</command>.
        This command starts a master process which will start other
        processes as needed.
        The processes started by the <command>bind10</command>
        command have names starting with "b10-", including:
      </para>

      <para>

        <itemizedlist>

          <listitem>
            <simpara>
              <command>b10-msgq</command> &mdash;
              Message bus daemon.
              This process coordinates communication between all of the other
              BIND 10 processes.
            </simpara>
          </listitem>

          <listitem>
            <simpara>
              <command>b10-auth</command> &mdash;
              Authoritative DNS server.
              This process serves DNS requests.
            </simpara>
          </listitem>

          <listitem>
            <simpara>
              <command>b10-cfgmgr</command> &mdash;
              Configuration manager.
              This process maintains all of the configuration for BIND 10.
            </simpara>
          </listitem>

          <listitem>
            <simpara>
              <command>b10-cmdctl</command> &mdash;
              Command and control service.
              This process allows external control of the BIND 10 system.
            </simpara>
          </listitem>

          <listitem>
            <simpara>
              <command>b10-resolver</command> &mdash;
              Recursive name server.
              This process handles incoming queries.
<!-- TODO: -->
            </simpara>
          </listitem>

          <listitem>
            <simpara>
              <command>b10-stats</command> &mdash;
              Statistics collection daemon.
              This process collects and reports statistics data.
            </simpara>
          </listitem>

          <listitem>
            <simpara>
              <command>b10-xfrin</command> &mdash;
              Incoming zone transfer service.
              This process is used to transfer a new copy
              of a zone into BIND 10, when acting as a secondary server.
            </simpara>
          </listitem>

          <listitem>
            <simpara>
              <command>b10-xfrout</command> &mdash;
              Outgoing zone transfer service.
              This process is used to handle transfer requests to
              send a local zone to a remote secondary server,
              when acting as a master server.
            </simpara>
          </listitem>

          <listitem>
            <simpara>
              <command>b10-zonemgr</command> &mdash;
              Secondary manager.
              This process keeps track of timers and other
              necessary information for BIND 10 to act as a slave server.
            </simpara>
          </listitem>

        </itemizedlist>
      </para>

      <para>
        These are ran automatically by <command>bind10</command>
        and do not need to be run manually.
      </para>

    </section>

    <section id="managing_once_running">
      <title>Managing BIND 10</title>

      <para>
        Once BIND 10 is running, a few commands are used to interact
        directly with the system:
        <itemizedlist>
          <listitem>
            <simpara>
              <command>bindctl</command> &mdash;
              interactive administration interface.
              This is a command-line tool which allows an administrator
              to control BIND 10.
            </simpara>
          </listitem>
          <listitem>
            <simpara>
              <command>b10-loadzone</command> &mdash;
              zone file loader.
              This tool will load standard masterfile-format zone files into
              BIND 10.
            </simpara>
          </listitem>
          <listitem>
            <simpara>
              <command>b10-cmdctl-usermgr</command> &mdash;
              user access control.
              This tool allows an administrator to authorize additional users
              to manage BIND 10.
            </simpara>
          </listitem>
  <!-- TODO usermgr -->
        </itemizedlist>
      </para>
    </section>

    <para>
      The tools and modules are covered in full detail in this guide.
<!-- TODO point to these -->
      In addition, manual pages are also provided in the default installation.
    </para>

<!--
bin/
  bindctl*
  host*
lib/
  libauth
  libdns
  libexceptions
  python3.1/site-packages/isc/{cc,config}
sbin/
  bind10
share/
  share/bind10/
    auth.spec
    b10-cmdctl.pem
    bob.spec
    passwd.csv
  man/
var/
  bind10/b10-config.db
-->

    <para>
      BIND 10 also provides libraries and programmer interfaces
      for C++ and Python for the message bus, configuration backend,
      and, of course, DNS. These include detailed developer
      documentation and code examples.
<!-- TODO point to this -->
    </para>

  </chapter>

  <chapter id="installation">
    <title>Installation</title>

    <section id="build-requirements">
      <title>Building Requirements</title>

        <para>
          In addition to the run-time requirements, building BIND 10
          from source code requires various development include headers.
        </para>

        <note>
          <simpara>
            Some operating systems have split their distribution packages into
            a run-time and a development package.  You will need to install
            the development package versions, which include header files and
            libraries, to build BIND 10 from source code.
          </simpara>
        </note>

        <para>
          Building from source code requires the Boost
          build-time headers
          (<ulink url="http://www.boost.org/"/>).
          At least Boost version 1.35 is required.
  <!-- TODO: we don't check for this version -->
  <!-- NOTE: jreed has tested with 1.34, 1.38, and 1.41. -->
        </para>

        <para>
          To build BIND 10, also install the Botan (at least version
          1.8) and the log4cplus (at least version 1.0.3)
          development include headers.
        </para>

<!--
TODO
Debian and Ubuntu:
 libgmp3-dev and libbz2-dev required for botan too
-->

<!-- NOTE: _sqlite3 is only needed at test time; it is already listed
as a dependency earlier -->

        <para>
          Building BIND 10 also requires a C++ compiler and
          standard development headers, make, and pkg-config.
          BIND 10 builds have been tested with GCC g++ 3.4.3, 4.1.2,
          4.1.3, 4.2.1, 4.3.2, and 4.4.1; Clang++ 2.8; and Sun C++ 5.10.
        </para>

        <para>
          Visit the wiki at <ulink
          url="http://bind10.isc.org/wiki/SystemSpecificNotes" />
          for system-specific installation tips.
        </para>

    </section>

    <section id="quickstart">
      <title>Quick start</title>
      <note>
        <simpara>
          This quickly covers the standard steps for installing
          and deploying BIND 10 as an authoritative name server using
          its defaults. For troubleshooting, full customizations and further
          details, see the respective chapters in the BIND 10 guide.
        </simpara>
      </note>

      <para>
        To quickly get started with BIND 10, follow these steps.
      </para>

      <orderedlist>

        <listitem>
          <simpara>
            Install required run-time and build dependencies.
          </simpara>
        </listitem>

        <listitem>
          <simpara>
            Download the BIND 10 source tar file from
            <ulink url="ftp://ftp.isc.org/isc/bind10/"/>.
          </simpara>
        </listitem>

        <listitem>
          <para>Extract the tar file:
          <screen>$ <userinput>gzcat bind10-<replaceable>VERSION</replaceable>.tar.gz | tar -xvf -</userinput></screen>
          </para>
        </listitem>

        <listitem>
          <para>Go into the source and run configure:
            <screen>$ <userinput>cd bind10-<replaceable>VERSION</replaceable></userinput>
  $ <userinput>./configure</userinput></screen>
          </para>
        </listitem>

        <listitem>
          <para>Build it:
            <screen>$ <userinput>make</userinput></screen>
          </para>
        </listitem>

        <listitem>
          <para>Install it (to default /usr/local):
            <screen>$ <userinput>make install</userinput></screen>
          </para>
        </listitem>

        <listitem>
          <para>Start the server:
            <screen>$ <userinput>/usr/local/sbin/bind10</userinput></screen>
          </para>
        </listitem>

        <listitem>

         <para>Test it; for example:
            <screen>$ <userinput>dig @127.0.0.1 -c CH -t TXT authors.bind</userinput></screen>
         </para>
        </listitem>

        <listitem>
          <para>Load desired zone file(s), for example:
            <screen>$ <userinput>b10-loadzone <replaceable>your.zone.example.org</replaceable></userinput></screen>
          </para>
        </listitem>

        <listitem>
          <simpara>
            Test the new zone.
          </simpara>
        </listitem>

      </orderedlist>

    </section>

    <section id="install">
      <title>Installation from source</title>
      <para>
        BIND 10 is open source software written in C++ and Python.
        It is freely available in source code form from ISC via
        the Git code revision control system or as a downloadable
        tar file. It may also be available in pre-compiled ready-to-use
        packages from operating system vendors.
      </para>

      <section>
        <title>Download Tar File</title>
        <para>
          Downloading a release tar file is the recommended method to
          obtain the source code.
        </para>

        <para>
          The BIND 10 releases are available as tar file downloads from
          <ulink url="ftp://ftp.isc.org/isc/bind10/"/>.
          Periodic development snapshots may also be available.
        </para>
  <!-- TODO -->
      </section>

      <section>
        <title>Retrieve from Git</title>
        <para>
          Downloading this "bleeding edge" code is recommended only for
          developers or advanced users.  Using development code in a production
          environment is not recommended.
        </para>

        <note>
          <para>
            When using source code retrieved via Git additional
            software will be required:  automake (v1.11 or newer),
            libtoolize, and autoconf (2.59 or newer).
            These may need to be installed.
          </para>
        </note>

        <para>
          The latest development code, including temporary experiments
          and un-reviewed code, is available via the BIND 10 code revision
          control system. This is powered by Git and all the BIND 10
          development is public.
          The leading development is done in the <quote>master</quote>.
        </para>
        <para>
          The code can be checked out from
          <filename>git://git.bind10.isc.org/bind10</filename>;
          for example:

        <screen>$ <userinput>git clone git://git.bind10.isc.org/bind10</userinput></screen>
        </para>

        <para>
          When checking out the code from
          the code version control system, it doesn't include the
          generated configure script, Makefile.in files, nor the
          related configure files.
          They can be created by running <command>autoreconf</command>
          with the <option>--install</option> switch.
          This will run <command>autoconf</command>,
          <command>aclocal</command>,
          <command>libtoolize</command>,
          <command>autoheader</command>,
          <command>automake</command>,
          and related commands.
        </para>

      </section>


      <section>
        <title>Configure before the build</title>
        <para>
          BIND 10 uses the GNU Build System to discover build environment
          details.
          To generate the makefiles using the defaults, simply run:
          <screen>$ <userinput>./configure</userinput></screen>
        </para>
        <para>
          Run <command>./configure</command> with the <option>--help</option>
          switch to view the different options. The commonly-used options are:

          <variablelist>

          <varlistentry>
            <term>--prefix</term>
            <listitem>
              <simpara>Define the installation location (the
                default is <filename>/usr/local/</filename>).
              </simpara>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>--with-boost-include</term>
            <listitem>
              <simpara>Define the path to find the Boost headers.
              </simpara>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>--with-pythonpath</term>
            <listitem>
              <simpara>Define the path to Python 3.1 if it is not in the
                standard execution path.
              </simpara>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>--with-gtest</term>
            <listitem>
              <simpara>Enable building the C++ Unit Tests using the
                Google Tests framework. Optionally this can define the
                path to the gtest header files and library.
              </simpara>
            </listitem>
          </varlistentry>

          </variablelist>

        </para>
  <!-- TODO: lcov -->

        <para>
          For example, the following configures it to
    find the Boost headers, find the
    Python interpreter, and sets the installation location:

          <screen>$ <userinput>./configure \
      --with-boost-include=/usr/pkg/include \
      --with-pythonpath=/usr/pkg/bin/python3.1 \
      --prefix=/opt/bind10</userinput></screen>
        </para>

        <para>
          If the configure fails, it may be due to missing or old
          dependencies.
        </para>

      </section>

      <section>
        <title>Build</title>
        <para>
    After the configure step is complete, to build the executables
    from the C++ code and prepare the Python scripts, run:

          <screen>$ <userinput>make</userinput></screen>
        </para>
      </section>

      <section>
        <title>Install</title>
        <para>
          To install the BIND 10 executables, support files,
          and documentation, run:
          <screen>$ <userinput>make install</userinput></screen>
        </para>
        <note>
          <para>The install step may require superuser privileges.</para>
        </note>

      </section>

  <!-- TODO: tests -->

      <section>
        <title>Install Hierarchy</title>
        <para>
          The following is the layout of the complete BIND 10 installation:
          <itemizedlist>
            <listitem>
              <simpara>
                <filename>bin/</filename> &mdash;
                general tools and diagnostic clients.
              </simpara>
            </listitem>
            <listitem>
            <simpara>
              <filename>etc/bind10-devel/</filename> &mdash;
              configuration files.
            </simpara>
            </listitem>
            <listitem>
              <simpara>
                <filename>lib/</filename> &mdash;
                libraries and python modules.
              </simpara>
            </listitem>
            <listitem>
              <simpara>
                <filename>libexec/bind10-devel/</filename> &mdash;
                executables that a user wouldn't normally run directly and
                are not run independently.
                These are the BIND 10 modules which are daemons started by
                the <command>bind10</command> tool.
              </simpara>
            </listitem>
            <listitem>
              <simpara>
                <filename>sbin/</filename> &mdash;
                commands used by the system administrator.
              </simpara>
            </listitem>
            <listitem>
              <simpara>
                <filename>share/bind10-devel/</filename> &mdash;
                configuration specifications.
              </simpara>
            </listitem>
            <listitem>
              <simpara>
                <filename>share/man/</filename> &mdash;
                manual pages (online documentation).
              </simpara>
            </listitem>
            <listitem>
              <simpara>
                <filename>var/bind10-devel/</filename> &mdash;
                data source and configuration databases.
              </simpara>
            </listitem>
          </itemizedlist>
        </para>
      </section>
    </section>

  <!--
      <section id="install.troubleshooting">
        <title>Troubleshooting</title>
        <para>
        </para>
      </section>
  -->

  </chapter>

  <chapter id="bind10">
    <title>Starting BIND10 with <command>bind10</command></title>
    <para>
      BIND 10 provides the <command>bind10</command> command which
      starts up the required processes.
      <command>bind10</command>
      will also restart some processes that exit unexpectedly.
      This is the only command needed to start the BIND 10 system.
    </para>

    <para>
      After starting the <command>b10-msgq</command> communications channel,
      <command>bind10</command> connects to it,
      runs the configuration manager, and reads its own configuration.
      Then it starts the other modules.
    </para>

    <para>
      The <command>b10-sockcreator</command>, <command>b10-msgq</command> and
      <command>b10-cfgmgr</command>
      services make up the core. The <command>b10-msgq</command> daemon
      provides the communication channel between every part of the system.
      The <command>b10-cfgmgr</command> daemon is always needed by every
      module, if only to send information about themselves somewhere,
      but more importantly to ask about their own settings, and
      about other modules. The <command>b10-sockcreator</command> will
      allocate sockets for the rest of the system.
    </para>

    <para>
      In its default configuration, the <command>bind10</command>
      master process will also start up
      <command>b10-cmdctl</command> for admins to communicate with the
      system, <command>b10-auth</command> for authoritative DNS service,
      <command>b10-stats</command> for statistics collection,
      <command>b10-xfrin</command> for inbound DNS zone transfers,
      <command>b10-xfrout</command> for outbound DNS zone transfers,
      and <command>b10-zonemgr</command> for secondary service.
    </para>

    <section id="start">
      <title>Starting BIND 10</title>
      <para>
        To start the BIND 10 service, simply run <command>bind10</command>.
        Run it with the <option>--verbose</option> switch to
        get additional debugging or diagnostic output.
      </para>
<!-- TODO: note it doesn't go into background -->

      <note>
        <para>
          If the setproctitle Python module is detected at start up,
          the process names for the Python-based daemons will be renamed
          to better identify them instead of just <quote>python</quote>.
          This is not needed on some operating systems.
        </para>
      </note>

    </section>
    <section id="bind10.config">
      <title>Configuration of started processes</title>
      <para>
        The processes to be started can be configured, with the exception
        of the <command>b10-sockcreator</command>, <command>b10-msgq</command>
        and <command>b10-cfgmgr</command>.
      </para>

      <para>
        The configuration is in the Boss/components section. Each element
        represents one component, which is an abstraction of a process
        (currently there's also one component which doesn't represent
        a process). If you didn't want to transfer out at all (your server
        is a slave only), you would just remove the corresponding component
        from the set, like this and the process would be stopped immediately
        (and not started on the next startup):
      <screen>&gt; <userinput>config remove Boss/components b10-xfrout</userinput>
&gt; <userinput>config commit</userinput></screen>
      </para>

      <para>
        To add a process to the set, let's say the resolver (which not started
        by default), you would do this:
        <screen>&gt; <userinput>config add Boss/components b10-resolver</userinput>
&gt; <userinput>config set Boss/components/b10-resolver/special resolver</userinput>
&gt; <userinput>config set Boss/components/b10-resolver/kind needed</userinput>
&gt; <userinput>config set Boss/components/b10-resolver/priority 10</userinput>
&gt; <userinput>config commit</userinput></screen></para>

      <para>
        Now, what it means. We add an entry called b10-resolver. It is both a
        name used to reference this component in the configuration and the
        name of the process to start. Then we set some parameters on how to
        start it.
      </para>

      <para>
        The special one is for components that need some kind of special care
        during startup or shutdown. Unless specified, the component is started
        in usual way. This is the list of components that need to be started
        in a special way, with the value of special used for them:
        <table>
          <tgroup cols='3' align='left'>
          <colspec colname='component'/>
          <colspec colname='special'/>
          <colspec colname='description'/>
          <thead><row><entry>Component</entry><entry>Special</entry><entry>Description</entry></row></thead>
          <tbody>
            <row><entry>b10-auth</entry><entry>auth</entry><entry>Authoritative server</entry></row>
            <row><entry>b10-resolver</entry><entry>resolver</entry><entry>The resolver</entry></row>
            <row><entry>b10-cmdctl</entry><entry>cmdctl</entry><entry>The command control (remote control interface)</entry></row>
            <!-- TODO Either add xfrin and xfrout as well or clean up the workarounds in boss before the release -->
          </tbody>
          </tgroup>
        </table>
      </para>

      <para>
        The kind specifies how a failure of the component should
        be handled.  If it is set to <quote>dispensable</quote>
        (the default unless you set something else), it will get
        started again if it fails. If it is set to <quote>needed</quote>
        and it fails at startup, the whole <command>bind10</command>
        shuts down and exits with error exit code. But if it fails
        some time later, it is just started again. If you set it
        to <quote>core</quote>, you indicate that the system is
        not usable without the component and if such component
        fails, the system shuts down no matter when the failure
        happened.  This is the behaviour of the core components
        (the ones you can't turn off), but you can declare any
        other components as core as well if you wish (but you can
        turn these off, they just can't fail).
      </para>

      <para>
        The priority defines order in which the components should start.
        The ones with higher number are started sooner than the ones with
        lower ones. If you don't set it, 0 (zero) is used as the priority.
        Usually, leaving it at the default is enough.
      </para>

      <para>
        There are other parameters we didn't use in our example.
        One of them is <quote>address</quote>. It is the address
        used by the component on the <command>b10-msgq</command>
        message bus. The special components already know their
        address, but the usual ones don't. The address is by
        convention the thing after <emphasis>b10-</emphasis>, with
        the first letter capital (eg. <command>b10-stats</command>
        would have <quote>Stats</quote> as its address).
<!-- TODO: this should be simplified so we don't even have to document it -->
      </para>

<!-- TODO: what does "The special components already know their
address, but the usual ones don't." mean? -->

<!-- TODO: document params when is enabled -->

      <para>
        The last one is process. It is the name of the process to be started.
        It defaults to the name of the component if not set, but you can use
        this to override it.
      </para>

      <!-- TODO Add parameters when they work, not implemented yet-->

      <note>
        <para>
          This system allows you to start the same component multiple times
          (by including it in the configuration with different names, but the
          same process setting). However, the rest of the system doesn't expect
          such situation, so it would probably not do what you want. Such
          support is yet to be implemented.
        </para>
      </note>

      <note>
        <para>
          The configuration is quite powerful, but that includes
          a lot of space for mistakes. You could turn off the
          <command>b10-cmdctl</command>, but then you couldn't
          change it back the usual way, as it would require it to
          be running (you would have to find and edit the configuration
          directly).  Also, some modules might have dependencies
          -- <command>b10-stats-httpd</command> need
          <command>b10-stats</command>, <command>b10-xfrout</command>
          needs the <command>b10-auth</command> to be running, etc.

<!-- TODO: should we define dependencies? -->

        </para>
        <para>
          In short, you should think twice before disabling something here.
        </para>
      </note>
      <para>
        It is possible to start some components multiple times (currently
        <command>b10-auth</command> and <command>b10-resolzer</command>).
        You might want to do that to gain more performance (each one uses only
        single core). Just put multiple entries under different names, like
        this, with the same config:
        <screen>&gt; <userinput>config add Boss/components b10-resolver-2</userinput>
&gt; <userinput>config set Boss/components/b10-resolver-2/special resolver</userinput>
&gt; <userinput>config set Boss/components/b10-resolver-2/kind needed</userinput>
&gt; <userinput>config commit</userinput></screen>
      </para>
      <para>
        However, this is work in progress and the support is not yet complete.
        For example, each resolver will have its own cache, each authoritative
        server will keep its own copy of in-memory data and there could be
        problems with locking the sqlite database, if used. The configuration
        might be changed to something more convenient in future.
      </para>
    </section>

  </chapter>

  <chapter id="msgq">
    <title>Command channel</title>

      <para>
        The BIND 10 components use the <command>b10-msgq</command>
        message routing daemon to communicate with other BIND 10 components.
        The <command>b10-msgq</command> implements what is called the
        <quote>Command Channel</quote>.
        Processes intercommunicate by sending messages on the command
        channel.
        Example messages include shutdown, get configurations, and set
        configurations.
        This Command Channel is not used for DNS message passing.
        It is used only to control and monitor the BIND 10 system.
      </para>

      <para>
        Administrators do not communicate directly with the
        <command>b10-msgq</command> daemon.
        By default, BIND 10 uses port 9912 for the
        <command>b10-msgq</command> service.
        It listens on 127.0.0.1.
      </para>

<!-- TODO: this is broken, see Trac #111
      <para>
        To select an alternate port for the <command>b10-msgq</command> to
        use, run <command>bind10</command> specifying the option:
        <screen> $ <userinput>bind10 -TODO-msgq-port 9912</userinput></screen>
      </para>
-->

<!-- TODO: upcoming plans:
Unix domain sockets
-->

  </chapter>

  <chapter id="cfgmgr">
    <title>Configuration manager</title>

      <para>
         The configuration manager, <command>b10-cfgmgr</command>,
         handles all BIND 10 system configuration.  It provides
         persistent storage for configuration, and notifies running
         modules of configuration changes.
      </para>

      <para>
        The <command>b10-auth</command> and <command>b10-xfrin</command>
        daemons and other components receive their configurations
        from the configuration manager over the <command>b10-msgq</command>
        command channel.
      </para>

      <para>The administrator doesn't connect to it directly, but
        uses a user interface to communicate with the configuration
        manager via <command>b10-cmdctl</command>'s REST-ful interface.
        <command>b10-cmdctl</command> is covered in <xref linkend="cmdctl"/>.
      </para>

<!-- TODO -->
      <note>
        <para>
          The development prototype release only provides the
          <command>bindctl</command> as a user interface to
          <command>b10-cmdctl</command>.
          Upcoming releases will provide another interactive command-line
          interface and a web-based interface.
        </para>
      </note>

      <para>
        The <command>b10-cfgmgr</command> daemon can send all
        specifications and all current settings to the
        <command>bindctl</command> client (via
        <command>b10-cmdctl</command>).
      </para>

      <para>
        <command>b10-cfgmgr</command> relays configurations received
        from <command>b10-cmdctl</command> to the appropriate modules.
      </para>
<!-- TODO:
        Configuration settings for itself are defined as ConfigManager.
TODO: show examples
-->

<!-- TODO:
config changes are actually commands to cfgmgr
-->

<!-- TODO: what about run time config to change this? -->
<!-- jelte: > config set cfgmgr/config_database <file> -->
<!-- TODO: what about command line switch to change this? -->
      <para>
        The stored configuration file is at
        <filename>/usr/local/var/bind10-devel/b10-config.db</filename>.
        (The full path is what was defined at build configure time for
        <option>--localstatedir</option>.
        The default is <filename>/usr/local/var/</filename>.)
        The format is loosely based on JSON and is directly parseable
        python, but this may change in a future version.
        This configuration data file is not manually edited by the
        administrator.
      </para>

<!--

Well the specfiles have a more fixed format (they must contain specific
stuff), but those are also directly parseable python structures (and
'coincidentally', our data::element string representation is the same)

loosely based on json, tweaked to be directly parseable in python, but a
subset of that.
wiki page is http://bind10.isc.org/wiki/DataElementDesign

nope, spec files are written by module developers, and db should be done
through bindctl and friends

-->

    <para>
      The configuration manager does not have any command line arguments.
      Normally it is not started manually, but is automatically
      started using the <command>bind10</command> master process
      (as covered in <xref linkend="bind10"/>).
    </para>

<!-- TODO: upcoming plans:
configuration for configuration manager itself. And perhaps we might
change the messaging protocol, but an admin should never see any of that
-->

<!-- TODO: show examples, test this -->
<!--
, so an admin can simply run bindctl,
do config show, and it shows all modules; config show >module> shows all
options for that module
-->

  </chapter>

  <chapter id="cmdctl">
    <title>Remote control daemon</title>

    <para>
      <command>b10-cmdctl</command> is the gateway between
      administrators and the BIND 10 system.
      It is a HTTPS server that uses standard HTTP Digest
      Authentication for username and password validation.
      It provides a REST-ful interface for accessing and controlling
      BIND 10.
    </para>
<!-- TODO: copy examples from wiki, try with wget -->

    <para>
      When <command>b10-cmdctl</command> starts, it firsts
      asks <command>b10-cfgmgr</command> about what modules are
      running and what their configuration is (over the
      <command>b10-msgq</command> channel). Then it will start listening
      on HTTPS for clients &mdash; the user interface &mdash; such
      as <command>bindctl</command>.
    </para>

    <para>
      <command>b10-cmdctl</command> directly sends commands
      (received from the user interface) to the specified component.
      Configuration changes are actually commands to
      <command>b10-cfgmgr</command> so are sent there.
    </para>

<!--
TODO:
"For bindctl to list a module's available configurations and
available commands, it communicates over the cmdctl REST interface.
cmdctl then asks cfgmgr over the msgq command channel. Then cfgmgr
asks the module for its specification and also cfgmgr looks in its
own configuration database for current values."

(05:32:03) jelte: i think cmdctl doesn't request it upon a incoming
GET, but rather requests it once and then listens in for updates,
but you might wanna check with likun
-->

<!-- TODO: replace /usr/local -->
<!-- TODO: permissions -->
    <para>The HTTPS server requires a private key,
      such as a RSA PRIVATE KEY.
      The default location is at
      <filename>/usr/local/etc/bind10-devel/cmdctl-keyfile.pem</filename>.
      (A sample key is at
      <filename>/usr/local/share/bind10-devel/cmdctl-keyfile.pem</filename>.)
      It also uses a certificate located at
      <filename>/usr/local/etc/bind10-devel/cmdctl-certfile.pem</filename>.
      (A sample certificate is at
      <filename>/usr/local/share/bind10-devel/cmdctl-certfile.pem</filename>.)
      This may be a self-signed certificate or purchased from a
      certification authority.
    </para>

    <note><para>
      The HTTPS server doesn't support a certificate request from a
      client (at this time).
<!-- TODO: maybe allow request from server side -->
      The <command>b10-cmdctl</command> daemon does not provide a
      public service. If any client wants to control BIND 10, then
      a certificate needs to be first received from the BIND 10
      administrator.
      The BIND 10 installation provides a sample PEM bundle that matches
      the sample key and certificate.
    </para></note>
<!-- TODO: cross-ref -->

<!-- TODO
openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
but that is a single file, maybethis should go back to that format?
-->

<!--
    <para>
(08:20:56) shane: It is in theory possible to run without cmdctl.
(08:21:02) shane: I think we discussed this.
    </para>
-->

<!-- TODO: Please check https://bind10.isc.org/wiki/cmd-ctrld -->


    <para>
      The <command>b10-cmdctl</command> daemon also requires
      the user account file located at
      <filename>/usr/local/etc/bind10-devel/cmdctl-accounts.csv</filename>.
      This comma-delimited file lists the accounts with a user name,
      hashed password, and salt.
      (A sample file is at
      <filename>/usr/local/share/bind10-devel/cmdctl-accounts.csv</filename>.
      It contains the user named <quote>root</quote> with the password
      <quote>bind10</quote>.)
    </para>

    <para>
      The administrator may create a user account with the
      <command>b10-cmdctl-usermgr</command> tool.
    </para>
<!-- TODO: show example -->

<!-- TODO: does cmdctl need to be restarted to change cert or key
or accounts database -->

    <para>
      By default the HTTPS server listens on the localhost port 8080.
      The port can be set by using the <option>--port</option> command line option.
      The address to listen on can be set using the <option>--address</option> command
      line argument.
      Each HTTPS connection is stateless and timesout in 1200 seconds
      by default.  This can be
      redefined by using the <option>--idle-timeout</option> command line argument.
    </para>

    <section id="cmdctl.spec">
      <title>Configuration specification for b10-cmdctl</title>
      <para>
        The configuration items for <command>b10-cmdctl</command> are:
key_file
cert_file
accounts_file
      </para>
<!-- TODO -->

      <para>
        The control commands are:
print_settings
<!-- TODO: remove that -->

shutdown
      </para>
<!-- TODO -->
    </section>

<!--
TODO
(12:21:30) jinmei: I'd like to have sample session using a command line www client such as wget
(12:21:33) jinmei: btw
-->

  </chapter>

  <chapter id="bindctl">
    <title>Control and configure user interface</title>

    <note><para>
      For this development prototype release, <command>bindctl</command>
      is the only user interface. It is expected that upcoming
      releases will provide another interactive command-line
      interface and a web-based interface for controlling and
      configuring BIND 10.
    </para></note>

    <para>
      The <command>bindctl</command> tool provides an interactive
      prompt for configuring, controlling, and querying the BIND 10
      components.
      It co