diff --git a/README b/README index f8c472549afb9dd745f19d2b2fee80b788ac64ee..496297f3cab750af880bba0c3b212b0cbe708f1d 100644 --- a/README +++ b/README @@ -17,7 +17,8 @@ This release includes the bind10 master process, b10-msgq message bus, b10-auth authoritative DNS server (with SQLite3 backend), b10-cmdctl remote control daemon, b10-cfgmgr configuration manager, b10-xfrin AXFR inbound service, b10-xfrout outgoing AXFR service, -and a new libdns++ library for C++ with a python wrapper. +b10-zonemgr secondary manager, and a new libdns++ library for C++ +with a python wrapper. Documentation is included and also available via the BIND 10 website at http://bind10.isc.org/ diff --git a/doc/guide/bind10-guide.html b/doc/guide/bind10-guide.html index e28203c04376596637f5cd998445507f4a0ad3b4..e82dc4a49146b87de3e28995aec2daaa076e6528 100644 --- a/doc/guide/bind10-guide.html +++ b/doc/guide/bind10-guide.html @@ -1,8 +1,8 @@ -BIND 10 Guide

BIND 10 Guide

Administrator Reference for BIND 10


Chapter 1. Introduction

BIND is the popular implementation of a DNS server, developer interfaces, and DNS tools. BIND 10 is a rewrite of BIND 9. BIND 10 is written in C++ and Python @@ -11,10 +11,10 @@ This guide covers the experimental prototype version of BIND 10.

Note

- BIND 10, at this time, does not provide an recursive + BIND 10, at this time, does not provide a recursive DNS server. It does provide a EDNS0- and DNSSEC-capable authoritative DNS server. -

Supported Platforms

+

Supported Platforms

BIND 10 builds have been tested on Debian GNU/Linux 5, Ubuntu 9.10, NetBSD 5, Solaris 10, FreeBSD 7, and CentOS Linux 5.3. @@ -24,16 +24,16 @@ It is planned for BIND 10 to build, install and run on Windows and standard Unix-type platforms. -

Required Software

+

Required Software

BIND 10 requires Python 3.1. Later versions may work, but Python 3.1 is the minimum version which will work.

Note

For this development prototype release, the only supported data source backend is SQLite3. The authoritative server requires SQLite 3.3.9 or newer. - The b10-xfrin and b10-xfrout - modules require the libpython3 library and the Python - _sqlite3.so module. + The b10-xfrin, b10-xfrout, + and b10-zonemgr modules require the + libpython3 library and the Python _sqlite3.so module.

Note

Some operating systems do not provide these dependencies in their default installation nor standard packages @@ -83,6 +83,11 @@ This process is used to handle transfer requests to send a local zone to a remote secondary server, when acting as a master server. +

  • + b10-zonemgr — + Secondary manager. + This process keeps track of timers and other + necessary information for BIND 10 to act as a slave server.
  • These are ran automatically by bind10 @@ -116,7 +121,7 @@ and, of course, DNS. These include detailed developer documentation and code examples. -

    Chapter 2. Installation

    Building Requirements

    Note

    +

    Chapter 2. Installation

    Building Requirements

    Note

    Some operating systems have split their distribution packages into a run-time and a development package. You will need to install the development package versions, which include header files and @@ -176,14 +181,14 @@ the Subversion code revision control system or as a downloadable tar file. It may also be available in pre-compiled ready-to-use packages from operating system vendors. -

    Download Tar File

    +

    Download Tar File

    Downloading a release tar file is the recommended method to obtain the source code.

    The BIND 10 releases are available as tar file downloads from ftp://ftp.isc.org/isc/bind10/. Periodic development snapshots may also be available. -

    Retrieve from Subversion

    +

    Retrieve from Subversion

    Downloading this "bleeding edge" code is recommended only for developers or advanced users. Using development code in a production environment is not recommended. @@ -215,7 +220,7 @@ autoheader, automake, and related commands. -

    Configure before the build

    +

    Configure before the build

    BIND 10 uses the GNU Build System to discover build environment details. To generate the makefiles using the defaults, simply run: @@ -246,16 +251,16 @@

    If the configure fails, it may be due to missing or old dependencies. -

    Build

    +

    Build

    After the configure step is complete, to build the executables from the C++ code and prepare the Python scripts, run:

    $ make

    -

    Install

    +

    Install

    To install the BIND 10 executables, support files, and documentation, run:

    $ make install

    -

    Note

    The install step may require superuser privileges.

    Install Hierarchy

    +

    Note

    The install step may require superuser privileges.

    Install Hierarchy

    The following is the layout of the complete BIND 10 installation:

    • bin/ — @@ -307,8 +312,9 @@ The bind10 master process will also start up b10-cmdctl for admins to communicate with the system, b10-auth for Authoritative DNS service, - b10-xfrin for inbound DNS zone transfers. - and b10-xfrout for outbound DNS zone transfers. + b10-xfrin for inbound DNS zone transfers, + b10-xfrout for outbound DNS zone transfers, + and b10-zonemgr for secondary service.

      Starting BIND 10

      To start the BIND 10 service, simply run bind10. Run it with the --verbose switch to @@ -467,7 +473,7 @@ shutdown the details and relays (over a b10-msgq command channel) the configuration on to the specified module.

      -

      Chapter 8. Authoritative Server

      +

      Chapter 8. Authoritative Server

      The b10-auth is the authoritative DNS server. It supports EDNS0 and DNSSEC. It supports IPv6. Normally it is started by the bind10 master @@ -475,7 +481,7 @@ shutdown

      Note

      This development prototype release listens on all interfaces and the non-standard port 5300. -

      Server Configurations

      +

      Server Configurations

      b10-auth is configured via the b10-cfgmgr configuration manager. The module name is Auth. @@ -495,7 +501,7 @@ This may be a temporary setting until then.

      shutdown
      Stop the authoritative DNS server.

      -

      Data Source Backends

      Note

      +

      Data Source Backends

      Note

      For the development prototype release, b10-auth only supports the SQLite3 data source backend. Upcoming versions will be able to use multiple different @@ -508,7 +514,7 @@ This may be a temporary setting until then. The default is /usr/local/var/.) This data file location may be changed by defining the database_file configuration. -

      Loading Master Zones Files

      +

      Loading Master Zones Files

      RFC 1035 style DNS master zone files may imported into a BIND 10 data source by using the b10-loadzone utility. @@ -544,12 +550,12 @@ This may be a temporary setting until then. transfer. When received, it is stored in the BIND 10 data store, and its records can be served by b10-auth. - This allows the BIND 10 server to provide - secondary service. + In combination with b10-zonemgr (for + automated SOA checks), this allows the BIND 10 server to + provide secondary service.

      Note

      The current development release of BIND 10 only supports AXFR. (IXFR is not supported.) - It also does not yet support automated SOA checks.

      To manually trigger a zone transfer to retrieve a remote zone, you may use the bindctl utility. @@ -564,9 +570,24 @@ This may be a temporary setting until then. sends the zone. This is used to provide master DNS service to share zones to secondary name servers. + The b10-xfrout is also used to send + NOTIFY messages to slaves.

      Note

      The current development release of BIND 10 only supports AXFR. (IXFR is not supported.) - It also does not yet support NOTIFY. Access control is not yet provided. +

      Chapter 11. Secondary Manager

      + The b10-zonemgr process is started by + bind10. + It keeps track of SOA refresh, retry, and expire timers + and other details for BIND 10 to perform as a slave. + When the b10-auth authoritative DNS server + receives a NOTIFY message, b10-zonemgr + may tell b10-xfrin to do a refresh + to start an inbound zone transfer. + The secondary manager resets its counters when a new zone is + transferred in. +

      Note

      + Access control (such as allowing notifies) is not yet provided. + The primary/secondary service is not yet complete.

      diff --git a/src/bin/auth/b10-auth.8 b/src/bin/auth/b10-auth.8 index 61f11119d7101a8b80d65c8981d5438e2163f73b..144caf287c82c7707451c71241e90ab9259f5923 100644 --- a/src/bin/auth/b10-auth.8 +++ b/src/bin/auth/b10-auth.8 @@ -137,6 +137,7 @@ configuration is not defined\&. \fBb10-cmdctl\fR(8), \fBb10-loadzone\fR(8), \fBb10-msgq\fR(8), +\fBb10-zonemgr\fR(8), \fBbind10\fR(8), BIND 10 Guide\&. .SH "HISTORY" diff --git a/src/bin/bind10/bind10.8 b/src/bin/bind10/bind10.8 index d9d0500907dd03e619f3aa65d6e8db1ff12873d6..0bef8679d42d7e2f82041ea77d3f4c086511512e 100644 --- a/src/bin/bind10/bind10.8 +++ b/src/bin/bind10/bind10.8 @@ -101,6 +101,8 @@ and its child processes\&. \fBb10-cmdctl\fR(8), \fBb10-msgq\fR(8), \fBb10-xfrin\fR(8), +\fBb10-xfrout\fR(8), +\fBb10-zonemgr\fR(8), BIND 10 Guide\&. .SH "HISTORY" .PP diff --git a/src/bin/xfrin/b10-xfrin.8 b/src/bin/xfrin/b10-xfrin.8 index 6c7a9e7147c792ae9936f86861be70887add1455..d0723b515a7cc2a7f015626a0aceb76b3d3ceb03 100644 --- a/src/bin/xfrin/b10-xfrin.8 +++ b/src/bin/xfrin/b10-xfrin.8 @@ -2,12 +2,12 @@ .\" Title: b10-xfrin .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.75.2 -.\" Date: March 17, 2010 +.\" Date: September 8, 2010 .\" Manual: BIND10 .\" Source: BIND10 .\" Language: English .\" -.TH "B10\-XFRIN" "8" "March 17, 2010" "BIND10" "BIND10" +.TH "B10\-XFRIN" "8" "September 8, 2010" "BIND10" "BIND10" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -47,7 +47,6 @@ The Y1 prototype release only supports AXFR\&. IXFR is not implemented\&. .sp .5v .RE .PP - This daemon communicates with BIND 10 over a \fBb10-msgq\fR(8) C\-Channel connection\&. If this connection is not established, @@ -60,24 +59,59 @@ receives its configurations from \fBb10-cfgmgr\fR(8)\&. .SH "CONFIGURATION AND COMMANDS" .PP -The configurable setting is +The configurable settings are: +.PP +\fImaster_addr\fR +The default is 127\&.0\&.0\&.1\&. +.PP +\fImaster_port\fR +The default is 53\&. +.PP \fItransfers\-in\fR -which defines the maximum number of inbound zone transfers that can run concurrently\&. The default is 10\&. +defines the maximum number of inbound zone transfers that can run concurrently\&. The default is 10\&. .PP The configuration commands are: .PP -\fBshutdown\fR -stops all incoming zone transfers and exits -\fBb10\-xfrin\fR\&. (Note that the BIND 10 boss process will restart this service\&.) +\fBnotify\fR +is sent by +\fBb10-zonemgr\fR(8) +when a DNS NOTIFY message is received to initiate a zone transfer\&. +This is an internal command and not exposed to the administrator\&. +.PP + +\fBrefresh\fR +triggers the transfer in for a single zone\&. It is the same as +\fBretransfer\fR +except it checks the SOA serial first\&. +This is an internal command and not exposed to the administrator\&. + +.PP + +\fBrefresh_from_zonemgr\fR +is sent by +\fBb10-zonemgr\fR(8) +according to the SOA\'s REFRESH time to tell +\fBb10\-xfrin\fR +that the zone needs to do a zone refresh\&. This is an internal command and not exposed to the administrator\&. .PP \fBretransfer\fR triggers the transfer in for a single zone without checking the zone\'s serial number\&. It has the following arguments: \fIzone_name\fR -to define the zone to request and +to define the zone to request, +\fIzone_class\fR +to define the class (defaults to +\(lqIN\(rq), \fImaster\fR -to define the IP address of the authoritative server to transfer from\&. +to define the IP address of the authoritative server to transfer from, and +\fIport\fR +to define the port number on the authoritative server (defaults to 53)\&. +.PP + +\fBshutdown\fR +stops all incoming zone transfers and exits +\fBb10\-xfrin\fR\&. (Note that the BIND 10 boss process will restart this service\&.) .if n \{\ .sp .\} @@ -99,6 +133,7 @@ This prototype version uses SQLite3 as its data source backend\&. Future version \fBb10-cfgmgr\fR(8), \fBb10-msgq\fR(8), +\fBb10-zonemgr\fR(8), \fBbind10\fR(8), BIND 10 Guide\&. .SH "HISTORY" diff --git a/src/bin/xfrout/b10-xfrout.8 b/src/bin/xfrout/b10-xfrout.8 index 15cccf5eb1b1a6989b265a90d0892ea19103f325..49107231cb7cb346f12e71f001cba1042a1d80dc 100644 --- a/src/bin/xfrout/b10-xfrout.8 +++ b/src/bin/xfrout/b10-xfrout.8 @@ -2,12 +2,12 @@ .\" Title: b10-xfrout .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.75.2 -.\" Date: April 20, 2010 +.\" Date: September 8, 2010 .\" Manual: BIND10 .\" Source: BIND10 .\" Language: English .\" -.TH "B10\-XFROUT" "8" "April 20, 2010" "BIND10" "BIND10" +.TH "B10\-XFROUT" "8" "September 8, 2010" "BIND10" "BIND10" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -27,7 +27,7 @@ b10-xfrout \- Outbound DNS zone transfer service .PP The \fBb10\-xfrout\fR -daemon provides the BIND 10 outgoing DNS zone transfer service\&. Normally it is started by the +daemon provides the BIND 10 outgoing DNS zone transfer service\&. It is also used to send outgoing NOTIFY messages\&. Normally it is started by the \fBbind10\fR(8) boss process\&. When the \fBb10\-auth\fR @@ -67,13 +67,13 @@ receives its configurations from The configurable settings are: .PP -\fItransfers\-out\fR -defines the maximum number of outgoing zone transfers that can run concurrently\&. The default is 10\&. -.PP - \fIdb_file\fR defines the path to the SQLite3 data store file\&. The default is /usr/local/var/bind10\-devel/zone\&.sqlite3\&. +.PP + +\fItransfers_out\fR +defines the maximum number of outgoing zone transfers that can run concurrently\&. The default is 10\&. .if n \{\ .sp .\} @@ -91,25 +91,34 @@ This prototype version uses SQLite3 as its data source backend\&. Future version .sp .5v .RE .PP -The configuration command is: +The configuration commands are: .PP \fBshutdown\fR stops all outbound zone transfers and exits \fBb10\-xfrout\fR\&. (Note that the BIND 10 boss process will restart this service\&.) +.PP + +\fBzone_new_data_ready\fR +is sent from +\fBb10-xfrin\fR(8) +to indicate that the zone transferred in successfully\&. This triggers +\fBb10\-xfrout\fR +to send NOTIFY message(s)\&. This is an internal command and not exposed to the administrator\&. .SH "SEE ALSO" .PP \fBb10-auth\fR(8), \fBb10-cfgmgr\fR(8), \fBb10-msgq\fR(8), +\fBb10-xfrin\fR(8), \fBbind10\fR(8), BIND 10 Guide\&. .SH "HISTORY" .PP The \fBb10\-xfrout\fR -daemon was implemented in March 2010 by Zhang Likun of CNNIC for the ISC BIND 10 project\&. +daemon was first implemented in March 2010 by Zhang Likun of CNNIC for the ISC BIND 10 project\&. .SH "COPYRIGHT" .br Copyright \(co 2010 Internet Systems Consortium, Inc. ("ISC")