Index

A note on the digital index

A link in an index entry is displayed as the section title in which that entry appears. Because some sections have multiple index markers, it is not unusual for an entry to have several links to the same section. Clicking on any link will take you directly to the place in the text in which the marker appears.

Symbols

. (dot)

DNS database root node, The Domain Name System, in a Nutshell
trailing dot indicating FQDN, The BIND 4.9 and later search list

/ (slash), leading slash in full pathnames, The BIND 4.9 and later search list

/etc/hosts file

site-wide or workgroup, keeping for disasters, Coping with Disaster

“no” preceding nslookup option’s name, Option Settings

A

A (address) records

multiple, using to set up round-robin, Round-Robin Load Distribution
query statistics on BIND 8 nameserver, BIND 8 statistics

AAAA (address) records

example, AAAA and ip6.arpa

absolute pathnames, The Domain Name System, in a Nutshell

access lists, support in BIND 8 and 9, Getting BIND

ACE, Internationalized Domain Names

converting to and from Unicode, DNS and WINS
encoding utilities, Internationalized Domain Names

acl statement, Address Match Lists and ACLs, acl

using with view statement, Views

ACLs (access control lists), Address Match Lists and ACLs

applying to particular zone, Restricting queries in a particular zone
applying to zone transfers, Restricting queries in a particular zone
global, puttin on zone data, Protecting zone data on the bastion host

actions, The Windows XP Resolver

Active Directory, DNS, Windows, and Active Directory

handling servers, Handling Windows servers

address match lists, Address Match Lists and ACLs

named, Address Match Lists and ACLs

address sorting, Address and Alias Records

by nameserver, Nameserver Address Sorting

address type, The Internet Domain Namespace

address-to-name lookup, Setting Up Zone Data

advertising nameservers, “Advertising” nameserver configuration

aero domains, New top-level domains

AFSDB records, Additional Resource Records

algorithm field

DNSKEY records, The DNSKEY Record
RRSIG records, The RRSIG Record

aliases, The Domain Name System, in a Nutshell, Address and Alias Records

configuring mailers to identify, DNS and Email Authentication
not checked by mailers, The MX Algorithm

Alice’s Adventures in Wonderland, Quotations

allow-notify substatement (zone), accepting messages from nameservers other than zone master nameservers, Incremental Zone Transfer (IXFR)

allow-query substatement

placing global access list on zone data, Protecting zone data on the bastion host
restricting queries in a zone, Restricting queries in a particular zone
restricting queries to internal network, “Resolving” nameserver configuration

allow-recursion substatement, Avoiding a Bogus Nameserver

allow-transfer substatement, Restricting queries in a particular zone

allow-update substatement, Securing Your Nameserver

also-notify substatement (zone), DNS NOTIFY (Zone Change Notification)

suppressing NOTIFY messages to all nameservers except list, Incremental Zone Transfer (IXFR)

any (address match list), Address Match Lists and ACLs

ANY records, queries on BIND 8 nameserver, BIND 8 statistics

architecture, Architecture

DNS operations, Operations
external, authoritative DNS infrastructure, External, Authoritative DNS Infrastructure
forwarder infrastructure, Forwarder Infrastructure
internal DNS infrastructure, Internal DNS Infrastructure

arpa domain, Country-code top-level domains

ARPAnet, Background

asymmetric cryptographic algorithms, Public-Key Cryptography and Digital Signatures

attacks

spoofing attacks involving recursion, “Resolving” nameserver configuration

au top-level domain, New top-level domains

auth-nxdomain substatement, The ABCs of IPv6 Addressing

authentication

dynamic updates to signed zones, DNSSEC and Dynamic Update

email authentication and DNS, DNS and Email Authentication

SPF, The Sender Policy Framework

authoritative servers for a zone, nonrecursive nameserver as, Avoiding a Bogus Nameserver

AXFR records

IXFR versus, Incremental Zone Transfer (IXFR)
queries on BIND 8 nameserver, BIND 8 statistics

B

backbones, A (Very) Brief History of the Internet

base-64 encoding of a password, rndc and controls (BIND 9)

bastion host, Internet Forwarders

configuring for split namespace, Configuring the bastion host
forwarding mail to the Internet through, How internal nameservers use internal roots
split namespace, protecting zone data on, Protecting zone data on the bastion host
using views on, Using views on the bastion host

BIND (Berkeley Internet Name Domain)

compatibility matrix, BIND Compatibility Matrix

compiling and installing on Linux, Instructions for BIND 8

controlling the nameserver, Controlling the Nameserver

debugging, Reading BIND Debugging Output

forward zones, Forward Zones

forwarding, Forwarding

getting the software, Getting BIND

GSS-TSIG and, BIND and GSS-TSIG

history of, The History of BIND

logging, Logging

categories, Category Details
channels, The logging Statement
channels and categories, Logging

nameserver and resolver configuration, BIND Nameserver Boot File Directives and Configuration File Statements

nameserver statistics, Understanding the BIND Statistics

BIND 8, BIND 8 statistics
BIND 9, BIND 9 statistics
using, Using the BIND statistics

negative caching by nameservers, Caching

new update-policy mechanism (version 9), Versions

packet-filtering firewalls and BIND 8 or 9, Proxies

recent versions, advantages of, Getting BIND

resolver (version 8.4.6), The Resolver

resolver configuration

default search list, The Search List

security

recent versions, Securing Your Nameserver

setting up, Setting Up BIND

configuration file, Setting Up a BIND Configuration File
zone datafiles, Setting Up Zone Data, Setting the Zone’s Default TTL

source code for most recent versions, Getting BIND

support of DNS dynamic update (versions 8 and 9), DNS Dynamic Update

versions, Versions

views (BIND 9), Views

bitstring labels (IPv6 reverse mapping), DNAME records and reverse mapping

biz domains, New top-level domains, The generic top-level domains

blackhole substatement, System Tuning

bogus nameserver, avoiding, Avoiding a Bogus Nameserver

Boolean options (nslookup), Option Settings

BSD Unix operating system, A (Very) Brief History of the Internet

bstat tool, BIND 8 statistics

C

C programming

with resolver library routines, C Programming with the Resolver Library Routines

ca (Canada) domain, Nameservers and Zones

caching, Caching

cleaning stale cache entries, Limiting SOA queries

preventing a nameserver from building a cache, A Nonrecursive Nameserver

root nameservers, Resolution

TTL, Time to Live

values on cached records, TTLs

Windows XP resolver, Caching

negative caching, Caching

caching-only nameservers, Caching-Only Servers

not registering, Changing TTLs

Canada (ca) domain, Nameservers and Zones

canonical names

mailers looking for, The MX Algorithm

canonical, domain names, The Domain Name System, in a Nutshell

carriage return and a newline (Windows), The ABCs of IPv6 Addressing

Carroll, Lewis, Quotations

categories (logging), Logging, stderr channel

BIND 8, stderr channel
BIND 9, BIND 9 categories
config, Data formatting for all channels
default, Logging
logging to channels, Logging
specifying in channel logging statement, Logging
viewing all category messages, Viewing all category messages

chain of trust, The DS Record and the Chain of Trust

channels (logging), Logging

configuring, Logging
data formatting, stderr channel
discarding default category messages, Logging
file, File channels
logging categories to, Logging
null, null channel
severity levels of messages, Logging
stderr, stderr channel
syslog, File channels

CHAOS class, Classes

Class A, Class B, and Class C networks

subnetted Class A and B networks on nonoctet boundaries, /8 (Class A-sized) and /16 (Class B-sized) networks
subnetted Class C networks on nonoctet boundaries, /8 (Class A-sized) and /16 (Class B-sized) networks

classes

for internets, Resource Records
record types defined by, The Internet Domain Namespace

cleaning-interval substatement, Limiting SOA queries

client/server architecture of DNS, The Domain Name System, in a Nutshell

clients, limiting number served by nameserver concurrently, Changing the open files limit

CNAME (canonical name) records, Using CNAME Records

attached to interior nodes, Using CNAME Records
mailers and, The MX Algorithm
network or subnet hosts moved to new subdomain, Managing the Transition to Subdomains
query statistics on BIND 8 nameserver, BIND 8 statistics
using address records instead of, Address and Alias Records

com domain, The Internet Domain Namespace, The generic top-level domains

command line, changing nslookup options from, Option Settings

compatibility, nameservers, Compatibility

complete Internet access, Our Zone

compressing a domain name, ns_msg_id

conditions, nsswitch.conf

config category (logging), stderr channel

configuration files

format of, Setting Up Zone Data

connection-specific DNS suffixes, The Windows XP Resolver

continue action, The Windows XP Resolver

control statements, acl

zone datafiles, Using Several Directories

$INCLUDE, Including Other Zone Datafiles
$ORIGIN, Changing the Origin in a Zone Datafile

coop domains, New top-level domains

core size limit, Changing the core size limit

country top-level domains

second-level domains, Where in the World Do I Fit?

country-code top-level domains, Top-Level Domains

critical severity, Logging

cryptographic checksum, One-Way Hash Functions

cryptographic keys

KSKs, Zone-Signing Keys and Key-Signing Keys
public-key cryptography, The DNS Security Extensions
sending to be signed, Sending your keys to be signed
TSIG, TSIG
ZSKs, Zone-Signing Keys and Key-Signing Keys

cryptography, public-key, The DNS Security Extensions

CSNET class, Classes

D

daemon facility, Logging, File channels

data segment size, changing default limit on, Changing the stack size limit

database dumps

changing location of nameserver dump file, Logging

datafiles, Zone Datafiles

date command, BIND 9 statistics

db.cache file

getting current version, Setting Up a BIND Configuration File
temporary root nameserver, Really Long Outages (Weeks)

db.movie.edu.signed file (example), Signing your zone

db.root file, The db.root file

forwarding internal hosts’ mail to the Internet, How internal nameservers use internal roots

DC (Domain Controller), Handling Windows servers

debug message (example), stderr channel

debug severity, Logging

debugging

BIND

debugging levels, Debugging Levels
turning on, Turning On Debugging

Perl script converting IP addreses to names, Tools

default category (logging), Logging

BIND 8, stderr channel
BIND 9, BIND 9 categories

default-key substatement, rndc.conf file, Using rndc to control multiple servers

default-server substatement, rndc.conf options statement, Using rndc to control multiple servers

default_stderr channel (logging), stderr channel

delegation, Delegation

checking using host, Good Parenting

forward mapping, by internal roots, Forward-mapping delegation

in-addr.arpa zones, by internal roots, Forward-mapping delegation

managing

with stubs, Managing delegation with stubs

managing transition to subdomains, Managing the Transition to Subdomains

subdomains, Nameservers and Zones, Creating and Delegating a Subdomain

administrative overhead, When to Become a Parent
deciding on, How to Become a Parent: Creating Subdomains

to unsigned zones, Delegating to unsigned zones

zones, Nameservers and Zones

DHCP, DNS Dynamic Update

dial-up connections, Dial-up Connections

dig tool, Using dig

options, dig Options
specifying query aspects on command line, Using dig
zone transfers, Zone Transfers with dig, How to Use named-xfer

disasters, network

coping with, Coping with Disaster

long outages (days), Coping with Disaster

planning for, Planning for Disasters

dist file, Adding More Nameservers

dname parameter (res_search), res_send

DNAME records, IPv6 Forward and Reverse Mapping

reverse mapping and, DNAME records and reverse mapping

DNS (Domain Name System), The Domain Name System, in a Nutshell

architecture, Architecture

external, authoritative infrastructure, External, Authoritative DNS Infrastructure
forwarder infrastructure, Forwarder Infrastructure
internal infrastructure, Internal DNS Infrastructure
operations, Operations

dial-up Internet connections, A Limitation of MX Records

domain namespace, The Domain Namespace

electronic mail and, What’s Next?

email authentication, DNS and Email Authentication

SPF, The Sender Policy Framework

Internet firewalls and, DNS and Internet Firewalls

internal roots, Internal Roots
split namespace, A Split Namespace

master file format, Master File Format

message format, C Programming with the Resolver Library Routines

messages, DNS Messages

network failures, Planning for Disasters

parsing responses, ns_parserr

situations for using or not using DNS, The History of BIND

Windows 2000 DNS white paper, The Windows XP Resolver

Windows and Active Directory, DNS, Windows, and Active Directory

handling Windows cients, BIND and GSS-TSIG
handling Windows servers, Handling Windows servers

WINS and, DNS and WINS

DNS database, structure of, The Domain Name System, in a Nutshell

DNS resource records, The Zone Datafiles

DNSEXT, Handy Mailing Lists and Usenet Newsgroups

DNSKEY records, Islands of security, Zone-Signing Keys and Key-Signing Keys

adding to zone datafile, Signing your zone
algorithm field, The DNSKEY Record
flags field, The DNSKEY Record
in keyset file, Sending your keys to be signed
protocol field, The DNSKEY Record
public key, The DNSKEY Record
signed by dnssec-signzone, Signing your zone

DNSSEC (DNS Security Extensions), Versions, The DNS Security Extensions

algorithm number, Configuring TSIG

signing a zone

parent zone, Signing a parent zone
sending keys to be signed, Sending your keys to be signed

dnssec-keygen program

-a, -b, and -n options, Signing your zone
-f KSK option, Signing your zone

dnssec-signzone program, Signing your zone

creation of DS record, Sending your keys to be signed
keyset file, Sending your keys to be signed
options, Signing your zone
re-signing records, Sending your keys to be signed
re-signing zone, Sending your keys to be signed

DO flag, DO, AD, and CD

Domain Controller (DC), Handling Windows servers

domain name aliases, The Domain Name System, in a Nutshell

domain names, The Domain Name System, in a Nutshell

choosing, Choosing a Domain Name
compression, Domain Name Compression
local domain name for resolver, Resolver Configuration
mapped to OSI Network Service Access Point addresses, BIND 8 statistics
mappings between aliases and, Providing Aliases
translating E.164 numbers to, ENUM

domain namespace, The Domain Namespace

Internet domain namespace, The Internet Domain Namespace
RRs, Resource Records

domains, The Domain Name System, in a Nutshell

deciding number of nameservers, How Many Nameservers?
delegating, Delegation
lifecycle of parent domain, The Life of a Parent
structure, mirroring organization structure, What to Name Your Children
subdomains, Domains
top-level, Top-Level Domains
zones versus, Nameservers and Zones

DS (delegation signer) records

creation by dnssec-signzone, Sending your keys to be signed

Dunlap, Kevin, The History of BIND

dynamic severity, Logging

dynamic updates (DNS), Versions, DNS Dynamic Update

access lists, Getting BIND
causing notification, DNS NOTIFY (Zone Change Notification)
restricting with TSIG, Securing Your Nameserver
use by Windows, DNS, Windows, and Active Directory

E

E.164 numbers, ENUM

mapping to URIs, ENUM

edu (educational) domain, The Domain Name System, in a Nutshell, The Internet Domain Namespace

edu zone, Nameservers and Zones

electronic mail, DNS and Electronic Mail

authentication, DNS and, DNS and Email Authentication

SPF, The Sender Policy Framework

forwarding for certain Internet domain names using internal roots, Mail to specific Internet domain names

mail exchangers, Movie.edu’s Mail Server

mail from internal hosts, sending through internal root, How internal nameservers use internal roots

mail server for example domain, Movie.edu’s Mail Server

MX algorithm, The MX Algorithm

MX records, MX Records

elliptic curve-based public-key algorithm, The DNSKEY Record

end-of-line sequences, Windows and Unix, The ABCs of IPv6 Addressing

ENUM (Telephone Number Mapping), Organization, ENUM

E.164 numbers, translating to domain names, ENUM
NAPTR records, The NAPTR Record

error severity, Logging

example programs in this book, Obtaining the Example Programs

expanded space (us domain), The generic top-level domains

expanding domain name, ns_name_skip

explicit argument (notify substatement), DNS NOTIFY (Zone Change Notification)

explicit views, zone statements within, Round-Robin Load Distribution

external DNS infrastructure, External, Authoritative DNS Infrastructure

external view, Views

recursion turned off, DNS and Internet Firewalls

extranets, On the Internet and Internets

F

facilities, syslog channels, File channels

fetch-glue substatement, A Nonrecursive Nameserver

file descriptors, Common Syslog Messages

requirements by named, Changing the open files limit

files

open, limiting number for named, Changing the open files limit

filesystem, DNS database, The Domain Name System, in a Nutshell

firewalls

Internet, DNS and, DNS and Internet Firewalls

internal roots, Internal Roots
proxies, Proxies
split namespace, A Split Namespace

forward mapping, Setting Up Zone Data

delegation by internal root nameservers, Forward-mapping delegation

IPv6, IPv6 Forward and Reverse Mapping

experimental, A6, DNAMEs, Bitstring Labels, and ip6.arpa

forward zones, Versions, Forward Zones, Configuring the bastion host

using, Using forward zones

forward-first mode, Forwarding

forward-only mode, A More Restricted Nameserver

forwarders, Forwarding, Forwarder Infrastructure

Internet, A Bad Example

problems with, The trouble with forwarding

nonrecursive nameservers, not listing as, Avoiding a Bogus Nameserver

selection by nameservers, Views

forwarders substatement, Forwarding

empty list of forwarders, Forward Zones

forwarding, Forwarding

forward zones, Forward Zones
problems with, The trouble with forwarding

forwarding mail, MX Records

FQDN (fully qualified domain name)

indicated with trailing dot (.), The BIND 4.9 and later search list

freeze zone command (rndc program), New rndc commands

G

global routing prefix (IPv6), The ABCs of IPv6 Addressing, A6 records and forward mapping

glue fetching, turning off, “Resolving” nameserver configuration

glue records, On the movie.edu Primary Nameserver

gov domain, The Internet Domain Namespace

GSS-TSIG, Secure Dynamic Update

BIND and, BIND and GSS-TSIG

gTLDs (generic top-level domains), Country-code top-level domains

choosing a domain name under, The generic top-level domains
new, New top-level domains

H

h2n script

deleting aliases for subdomain hosts created on parent, The Life of a Parent
other options, Generating Zone Datafiles from the Host Table

Harvest tool, BIND 8 statistics

Hesiod class, Classes

hidden primary, External, Authoritative DNS Infrastructure

HINFO (host information) records

query statistics on BIND 8 nameserver, BIND 8 statistics

HMAC-MD5 cryptographic algorithm, TSIG

host program, Good Parenting

download sites, Good Parenting
using to check delegation, Good Parenting

host tables

DNS advantages over, What’s Next?
example domain, Setting Up Zone Data
translating into DNS zone data, Setting Up Zone Data

host-statistics substatement, BIND 8 statistics

hostname

determining local domain from, Resolver Configuration

hosts

configuring, Configuring Hosts

electronic mail programs, Electronic Mail
nsswitch.conf file, Additional Configuration Files
resolver, Configuring Hosts
Windows XP resolver, The Windows XP Resolver

DNS information about, The Domain Namespace

domain name aliases, The Domain Name System, in a Nutshell

domain names, The Domain Name System, in a Nutshell

per-host statistics, BIND 8, BIND 8 statistics

represented by domain names, Domains

hosts database, Additional Configuration Files

listing with ypcat, Troubleshooting Tools and Techniques

human resources management industry (jobs) domain, New top-level domains

HUP signal, Using Signals

I

ICANN (Internet Corporation for Assigned Names and Numbers), New top-level domains

ICMP (Internet Control Message Protocol)

port unreachable message, Outages
port unreachable, host unreachable, or network unreachable, One nameserver configured

idle time, limiting for zone transfers, Limiting the frequency of zone transfers

IDN (Internationalized Domain Names), Organization

in-addr.arpa domains

subdomains of, Subdomains of in-addr.arpa Domains

in-addr.arpa zones

delegating, Delegating an in-addr.arpa Zone
delegation by internal roots, Forward-mapping delegation
registering nameservers, Registering Nameservers

include statement, acl

incremental zone transfer (IXFR), Versions, Incremental Zone Transfer (IXFR)

info domain, New top-level domains, The generic top-level domains

info severity, Logging

int (international organizations) domain, Country-code top-level domains

interface ID (IPv6 addresses), The ABCs of IPv6 Addressing

interface interval, Interface interval

internal view, Views

recursion turned on, DNS and Internet Firewalls

international organizations (int) domain, Country-code top-level domains

Internet

history of, A (Very) Brief History of the Internet
necessity of DNS, Must I Use DNS?
versus internets, On the Internet and Internets

Internet access, types of, Our Zone

Internet connections

dial-up, Dial-up Connections

Internet Corporation for Assigned Names and Numbers (ICANN), New top-level domains

Internet domain namespace, The Internet Domain Namespace

top-level domains, Top-Level Domains

Internet firewalls

DNS and, proxies, Proxies

Internet root nameservers, Root Nameservers

Internet Systems Consortium, The History of BIND

internets

TCP/IP-based, deciding on use of DNS, Must I Use DNS?
versus the Internet, On the Internet and Internets

InterNIC

Network Modification form, Registering Nameservers
site, Choosing a registrar

intranets, On the Internet and Internets

IP addresses

assignment by DHCP, DNS Dynamic Update
converting to names in debugging output, Tools
nameserver address sorting, Nameserver Address Sorting

IP prefixes, Address Match Lists and ACLs

ip6.arpa, IPv6 Forward and Reverse Mapping

IPv4 transport, configuring, Addresses and Ports

IPv6

addresses, Compatibility

:: notation, The ABCs of IPv6 Addressing
allocation of addresses to sites, Addresses and Ports
global routing prefix, The ABCs of IPv6 Addressing
interface ID, The ABCs of IPv6 Addressing
prefixes, The ABCs of IPv6 Addressing
subnet ID, The ABCs of IPv6 Addressing
suffixes, The ABCs of IPv6 Addressing

forward and reverse mapping, A6, DNAMEs, Bitstring Labels, and ip6.arpa

A6 records and forward mapping, A6 records and forward mapping
DNAME records and reverse mapping, DNAME records and reverse mapping
using AAAA records and ip6.arpa, Versions

ISC (Internet Software Consortium)

BIND web page, Handy Mailing Lists and Usenet Newsgroups
web site for BIND source code, Getting BIND

ISC DHCP server, Handling Windows clients

ISO 3166 top-level domains

country-code abbreviations, Country-code top-level domains
uk model, New top-level domains
United States model, New top-level domains

ISPs (Internet service providers)

assignment of IP addresses by DHCP, DNS Dynamic Update

iterative queries, Recursion

IXFR records, Incremental Zone Transfer (IXFR)

J

JEEVES, The History of BIND

.jnl (journal) files

configuring maximum size, Forwarding

jobs domain, New top-level domains

K

key statements, acl

defining for multiple nameservers, New rndc commands
within view statement, Views

keyset file, Sending your keys to be signed

KSKs (key-signing keys), Signing your zone

L

lame delegation, Registering Nameservers

lame TTL, TTLs

LANs (local area networks), On the Internet and Internets

deciding whether to use DNS, Must I Use DNS?
volume of DNS traffic, Capacity Planning

least privilege, Running BIND with Least Privilege

limited Internet access, Our Zone

Linux, compiling and insalling BIND on, Instructions for BIND 8

listen-on substatement, Addresses and Ports

load balancing, Round-Robin Load Distribution

load distribution, Round-Robin Load Distribution

shuffle address records, Round-Robin Load Distribution

LOC records, LOC

Local Area Connection Properties (Windows XP), The Windows XP Resolver

local domain name, The Local Domain Name

inability to look up, Problem Symptoms

local0 facility, syslog channel using, File channels

LOCALDOMAIN environment variable, The Local Domain Name

localhost (address match list), Address Match Lists and ACLs

locality space (us domain), The generic top-level domains

localnets (address match list), Address Match Lists and ACLs

log.msgs file, Logging

logfiles, Dynamic Update and Zone Datafiles

dynamic updates, Dynamic Update and Zone Datafiles

logging

BIND, Changing System File Locations

categories, Category Details
channels, The logging Statement
channels and categories, Logging
NOTIFY message information, DNS NOTIFY (Zone Change Notification)

queries, Logging Queries

logging statement, Logging, logging

category specification, Logging
syntax, The logging Statement
viewing all category log messages (BIND 8), Keeping Everything Running Smoothly

loopback address

IPv6, The ABCs of IPv6 Addressing
not using with multiple nameserver directives, One nameserver configured

lwres statement, logging

M

mail exchangers, MX Records, Movie.edu’s Mail Server

good mail exchangers, qualities of, What’s a Mail Exchanger, Again?
inability to use IP address instead of domain name to identify, Movie.edu’s Mail Server
preference value or priority, MX Records

mail servers, example domain, Movie.edu’s Mail Server

mail-routing loops, preventing

MX algorithm, The MX Algorithm
preventing, MX Records

mailing lists, BIND users

updated db.cache file, Setting Up a BIND Configuration File

maintenance intervals, nameservers, Limiting SOA queries

cleaning interval, Cleaning interval
interface interval, Interface interval
statistics interval, Statistics interval

many-answers transfer format, Limiting the frequency of zone transfers

master file format, Setting Up Zone Data, Master File Format

master server, Types of Nameservers

masters substatement, DNS NOTIFY (Zone Change Notification), The ABCs of IPv6 Addressing, masters

specifying alternate port, Addresses and Ports

match-clients substatement, Views

match-destinations substatement, Views

match-recursive-only substatement, Views

max-journal-size substatement, Forwarding

max-ncache-ttl substatement, Interface interval

max-refresh-time and min-refresh-time substatements, Limiting the frequency of zone transfers

max-retry-time substatement, Limiting the frequency of zone transfers

max-transfer-idle-in substatement, Limiting the frequency of zone transfers

max-transfer-idle-out substatement, Limiting the frequency of zone transfers

max-transfer-time-in substatement, Limiting the total number of zone transfers served

max-transfer-time-out substatement, Limiting the total number of zone transfers served

MD5 cryptographic algorithm, TSIG

memory

limits on use by named process stack, Changing the stack size limit

message digest, One-Way Hash Functions

Microsoft DHCP Server, Problems with Active Directory and BIND

Microsoft DNS Server, DNS and WINS

Active Directory-integrated zones, Compatibility
interoperability problems, Interoperability and Version Problems
support of DNS NOTIFY, DNS NOTIFY (Zone Change Notification)

Microsoft Knowledge Base article Q246804, Problems with Active Directory and BIND

mil domain, Country-code top-level domains

min-refresh-time substatement, Limiting the frequency of zone transfers

min-retry-time substatement, Limiting the frequency of zone transfers

MNAME field (zone SOA record), listing primary nameserver, DNS Dynamic Update

mobi domain (mobile devices), New top-level domains

Mockapetris, Paul, The Domain Name System, in a Nutshell, The History of BIND

multi-master zone substatement, The ABCs of IPv6 Addressing

museum domains, New top-level domains

MX records, MX Records

backup mail server, identifying, Movie.edu’s Mail Server
destinations with A record and no MX record, MX Records
explanation of, What’s a Mail Exchanger, Again?
limitation of, A Limitation of MX Records
MX algorithm, The MX Algorithm
preference value, MX Records
query statistics on BIND 8 nameserver, BIND 8 statistics
wildcard, Mail from internal hosts to the Internet, Wildcards

N

name collisions, The Domain Name System, in a Nutshell

name domains, New top-level domains

name-to-address lookup, Setting Up Zone Data

name-to-address mappings, Address and Alias Records

named

finding process ID and sending signal, Updating Zone Datafiles
stack size limit, Changing the stack size limit

named address match list, Address Match Lists and ACLs

named-conf file, trusted-keys statement, Islands of security

named-xfer file, Troubleshooting Tools and Techniques

named.conf file

address match list defined with acl statement, Address Match Lists and ACLs

bastion host for split namespace, Configuring the bastion host

bastion host nameserver in split namespace, The final configuration

caching-only nameserver, Caching-Only Servers

complete example, Views

controls substatement, Using rndc to control multiple servers

db.root file for root nameservers, Configuring other internal nameservers

limiting total number of zone transfers, Limiting the total number of zone transfers requested

parent zone authoritative nameservers configured as stub for child zone, Managing the Transition to Subdomains

primary nameserver

configured as slave, Subdomains of in-addr.arpa Domains

reconfiguring slave nameserver as primary, Coping with Disaster

rndc-confgen, using with, Using rndc to control multiple servers

named.run file, Logging, Turning On Debugging

named.stats file, Logging, BIND 8 statistics, BIND 9 statistics

named_dump.db file, Logging

nameserver directive (resolvers)

multiple nameservers configured, One nameserver configured
one nameserver configured, One nameserver configured
using multiple, The nameserver Directive

nameservers, Preface, The History of the Domain Name System, Nameservers and Zones

adding, Adding More Nameservers

caching-only, Caching-Only Servers
partial-slave, Partial-Slave Servers
primary master and slave, Adding More Nameservers

address sorting, Nameserver Address Sorting

authority for a zone, Nameservers and Zones

blackhole list, Avoiding a Bogus Nameserver

bogus, avoiding, Avoiding a Bogus Nameserver

caching, Caching

TTL, Time to Live

compatibility with resolvers and other nameservers, Compatibility

configuring to use internal root nameserver, Configuring other internal nameservers

controlling, Maintaining BIND

deciding on number, How Many Nameservers?

guidelines, How Many Nameservers?

designating as forwarder, Forwarding

emulation by nslookup, Is nslookup a Good Tool?

external, authoritative, Architecture

forward-first mode, Forwarding

forwarder selection, Views

IPv4 configuration, Addresses and Ports

iterative resolution, Iteration

logging, Logging

categories, Category Details
channels, The logging Statement
channels and categories, Logging

nonrecursive, A Nonrecursive Nameserver

organizing your files, Organizing Your Files

preferring on certain networks, Preferring Nameservers on Certain Networks

preventative maintenance, Keeping Everything Running Smoothly

recursive resolution, Recursion

registering, Registering Nameservers

caching-only, Registering Nameservers
some of your nameservers, Registering Nameservers

resolution, Resolution

securing, Using TSIG

BIND versions, Securing Your Nameserver
unauthorized zone transfers, Restricting queries in a particular zone

serving as internal root and authoritative nameserver, Configuring other internal nameservers

setting up, Setting Up BIND

zone data, Setting Up Zone Data
zones, Setting Up BIND

specified for Windows XP resolver, The Windows XP Resolver

stub zones (BIND 8 and 9), Managing delegation with stubs

tuning, System Tuning

maintenance intervals, Limiting SOA queries
zone transfers, Limiting transfers requested per nameserver

types of, Types of Nameservers

updating zone datafiles, Updating Zone Datafiles

root hints, Keeping the Root Hints Current
TXT records, General text information

zone datafiles, Zone Datafiles

namespace, domain, The Domain Namespace

namespaces

shadow, A Split Namespace
split, A Split Namespace

naming services, hosts database, Additional Configuration Files

naming, views, Views

NAPTR records, The NAPTR Record

ndc program

getting statistics from BIND 8 nameserver, BIND 8 statistics
help, ndc and controls (BIND 8)
support for commands by rndc program, New rndc commands
toggling query logging, Updating Zone Datafiles

negative caching, Caching

BIND 8, The Resolver Search Algorithm and Negative Caching (BIND 8)
BIND 9, The Resolver Search Algorithm and Negative Caching (BIND 9)
max-ncache-ttl options substatement, Interface interval
TTL, Changing TTLs
Windows XP resolver, Caching

negative responses

format of, Compatibility

net domain, Country-code top-level domains

Net::DNS module, Perl Programming with Net::DNS

Net::DNS Perl module, Using TSIG

NetBIOS names, DNS and WINS

network infrastructure, organizatins providing, Country-code top-level domains

network interfaces, scanning for nameserver host, Interface interval

Network Modification form, Registering Nameservers

network resources, mirrored, Round-Robin Load Distribution

Network Solutions, Inc., Choosing a registrar

networks

deciding number of nameservers, How Many Nameservers?

failures, coping with, Coping with Disaster

long outages (days), Coping with Disaster

failures, planning for, Planning for Disasters

names and numbers, Network Names and Numbers

newlines, The ABCs of IPv6 Addressing

NIS (Network Information Service), Must I Use DNS?

deciding if problem is caused by, Is NIS Really Your Problem?

nodes, DNS database, The Domain Name System, in a Nutshell

noncommercial organizations, Top-Level Domains

none (address match list), Address Match Lists and ACLs

nonrecursive queries

sent between nameservers, Forwarding

:: notation, IPv6 addresses, The ABCs of IPv6 Addressing

NOTFOUND condition, Additional Configuration Files

notice severity, Logging

NOTIFY, What’s New in the Fifth Edition?, Primary Master and Slave Servers, DNS NOTIFY (Zone Change Notification)

adding nameservers besides those in zone NS records to list, DNS NOTIFY (Zone Change Notification)
announcement identification, DNS NOTIFY (Zone Change Notification)
announcements sent by slave after zone transfer, DNS NOTIFY (Zone Change Notification)
BIND slave nameservers not supporting (NOTIMP error), DNS NOTIFY (Zone Change Notification)
response by slave to NOTIFY announcement, DNS NOTIFY (Zone Change Notification)
turning off, DNS NOTIFY (Zone Change Notification)
zone transfer scheme, complex, DNS NOTIFY (Zone Change Notification)

notify substatement (zone), explicit argument, DNS NOTIFY (Zone Change Notification)

NS (nameserver) records

delegated subdomain

checking on parent zone nameserver, Good Parenting

explicit TTL specified on, Registering Nameservers

query statistics on BIND 8 nameserver, BIND 8 statistics

NSAP records, queries on BIND 8 nameserver, BIND 8 statistics

NSEC records, Delegating to unsigned zones

signed for parent zone, Signing a parent zone

NSFNET, A (Very) Brief History of the Internet

traffic report, Capacity Planning

nslookup

common tasks, Avoiding the Search List

looking up record types, Avoiding the Search List

emulation of resolver or nameserver, Is nslookup a Good Tool?

less common tasks, Less Common Tasks

options, Option Settings

abbreviating, Option Settings
BIND 9.3.2, Option Settings
Boolean and value, Option Settings
changing, Option Settings
listed, Option Settings

search list, The Search List

avoiding, Avoiding the Search List

timeouts, Timeouts

troubleshooting, Troubleshooting nslookup Problems

looking up right data, Troubleshooting nslookup Problems
no response from server, No Response from Server
unspecified error, Unspecified Error

using NIS, Troubleshooting Tools and Techniques

versions, Versions

zone transfers, Zone Transfers, How to Use named-xfer

nsswitch.conf file, Additional Configuration Files, Troubleshooting Tools and Techniques

nsupdate program, DNS Dynamic Update

-k option, key files generated by dnssec-keygen, Securing Your Nameserver
-y option, Securing Your Nameserver
commands, DNS Dynamic Update
TSIG-signed dynamic updates, Using TSIG

ns_get32 routine, ns_get16 and ns_put16

ns_init_parse routine, ns_get16 and ns_put16

ns_msg_count routine, ns_msg_base, ns_msg_end, and ns_msg_size

ns_msg_get_flag routine, ns_msg_base, ns_msg_end, and ns_msg_size

ns_msg_id routine, ns_msg_id

ns_name_compress routine, ns_msg_id

ns_name_skip routine, ns_name_skip

ns_name_uncompress routine, ns_name_skip

ns_parserr routine, ns_parserr

ns_put32 routine, ns_get16 and ns_put16

ns_update( ) resolver routine, DNS Dynamic Update

null channel (logging), Logging, stderr channel

null label (” “), The Domain Name System, in a Nutshell

O

one-way hash functions, TSIG

open files limit, Changing the open files limit

operating systems

compiling BIND source code, Getting BIND

operations, DNS, Operations

options statement

allow-query substatement

global ACL on zone data, Protecting zone data on the bastion host

allow-recursion substatement, Avoiding a Bogus Nameserver

allow-transfer substatement, Restricting queries in a particular zone

auth-nxdomain substatement, The ABCs of IPv6 Addressing

BIND 8, options, masters

BIND 9, BIND 9 Options Statement

blackhole substatement, System Tuning

cleaning-interval substatement, Limiting SOA queries

fetch-glue substatement, A Nonrecursive Nameserver

forwarders substatement, Forwarding

host-statistics substatement, BIND 8 statistics

lame-ttl substatement, Compatibility

listen-on substatement, Addresses and Ports

max-journal-size substatement, Forwarding

max-ncache-ttl substatement, Interface interval

max-refresh-time substatement, Limiting the frequency of zone transfers

max-transfer-idle-in substatement, Limiting the frequency of zone transfers

max-transfer-idle-out substatement, Limiting the frequency of zone transfers

max-transfer-time-in substatement, Limiting the total number of zone transfers served

max-transfer-time-out substatement, Limiting the total number of zone transfers served

min-refresh-time substatement, Limiting the frequency of zone transfers

query-source substatement, Proxies

recursive-clients substatement, Changing the open files limit

rfc2308-type1 substatement, Compatibility

serial-queries substatement, Limiting SOA queries

setting host-statistics, BIND 8 statistics

sortlist substatement, Nameserver Address Sorting

statistics-interval substatement, Interface interval

transfers-out substatement, Limiting the total number of zone transfers served

transfers-per-ns, Limiting transfers requested per nameserver

use-id-pool substatement, “Resolving” nameserver configuration

view statement and, Views

options statement (rndc.conf)

default-server substatement, Using rndc to control multiple servers

options substatements (zone)

allow-notify, DNS NOTIFY (Zone Change Notification)
speficying also-notify as, DNS NOTIFY (Zone Change Notification)
within view statement, Views

org domain, Country-code top-level domains, The generic top-level domains

$ORIGIN statement, Organizing Your Files

OSI Network Service Access Point addresses, domain names mapped to, BIND 8 statistics

P

packet-filtering firewalls, Packet filters

popular commercial firewalls, Proxies
problems with BIND 8 or 9, Proxies

parent zones

registering nameservers, Registering Nameservers
signing, Signing a parent zone

partial-slave nameservers

registering, Registering Nameservers

Perl module, Net::DNS, Securing Your Nameserver

Perl scripts, converting IP addresses to names in debugging output, Tools

Perl, programming with Net::DNS, Perl Programming with Net::DNS

PID files, Updating Zone Datafiles

polling mechanism to determine need for zone transfer, DNS NOTIFY (Zone Change Notification)

port unreachable message, Outages

ports

configuring for IPv4, Addresses and Ports
specifying for nameserver listening, IPv4, Addresses and Ports

post (postal community) domain, New top-level domains

preference values (MX records), MX Records, The MX Algorithm

mailer at highest preference, The MX Algorithm

prefixes, IPv6 addresses, The ABCs of IPv6 Addressing

primary DNS suffix, The Windows XP Resolver

Primary DNS suffix of this computer, Handling Windows clients

primary master nameservers

datafiles, Zone Datafiles

primary nameservers

adding, Adding More Nameservers
configured to use forwarder, Forwarding
delegated subdomain, configuring as slave, Subdomains of in-addr.arpa Domains
hidden, External, Authoritative DNS Infrastructure
listing in MNAME field of zone SOA record, DNS Dynamic Update
registering, Registering Nameservers
TTL, Changing TTLs

private key, Public-Key Cryptography and Digital Signatures

KSKs, Zone-Signing Keys and Key-Signing Keys
specifying for dnssec-signzone, Signing your zone

pro (professionals) domains, New top-level domains

processing mail, MX Records

professionals (pro) domains, New top-level domains

program examples in this book, Obtaining the Example Programs

proxies, Proxies

ps command, finding process ID of nameserver, Updating Zone Datafiles

pstree program, Updating Zone Datafiles

PTR (pointer) records, PTR Records

mapping network number to a name, Network Names and Numbers
query statistics on BIND 8 nameserver, BIND 8 statistics

public key, Public-Key Cryptography and Digital Signatures

public-key cryptography, The DNS Security Extensions

Q

queries

access lists, Getting BIND
IXFR type, Incremental Zone Transfer (IXFR)
refused, Query Refused

query logging, Logging Queries

query-source substatement, Proxies

querylog command

rndc program, New rndc commands

querytype option (nslookup), Avoiding the Search List

R

rdist tool, Adding More Nameservers

reconfig command, rndc program, New rndc commands

recursion, Recursion

nonrecursive nameserver, A Nonrecursive Nameserver
turning off, “Resolving” nameserver configuration

recursive queries, Recursion

forwarders, nonrecursive nameservers and, Avoiding a Bogus Nameserver
resolving nameserver for, “Resolving” nameserver configuration
sent by nameservers to forwarder, Forwarding

recursive-clients substatement, Changing the open files limit

refresh intervals, DNS NOTIFY (Zone Change Notification)

limiting zone transfer frequency, Limiting the frequency of zone transfers

refresh zone command (rndc program), New rndc commands

registering

nameservers, Registering Nameservers

caching-only, Registering Nameservers
partial-slave, Registering Nameservers
some of your nameservers, Registering Nameservers

registrars, On Registrars and Registries, whois

choosing, Choosing a registrar
registration policies and procedures, Registering Your Zones

registration, On Registrars and Registries

anon-nameserver, Registration of a non-nameserver
zones, Checking That Your Network Is Registered

registries, On Registrars and Registries

RIRs, Checking That Your Network Is Registered

relative pathnames, The Domain Name System, in a Nutshell

reload command

rndc program, New rndc commands

resolution, Resolution

caching, Caching
iterative, Recursion
recursive, Recursion
root nameservers, Resolution

resolv.conf file, Resolver Configuration

comments in, Comments
nonrecursive servers, not listed in, A Nonrecursive Nameserver
sample configurations, local nameserver, Minimizing Pain and Suffering

resolver routine, ns_update( ), DNS Dynamic Update

resolvers, The Domain Name System, in a Nutshell, Configuring Hosts

address sorting, Nameserver Address Sorting

configuring, Resolver Configuration

comments, Comments
local domain name, Resolver Configuration
search directive, The BIND 4.8.3 search list
search list, The Search List
timeouts in BIND 4.9 to 8.2, More than one nameserver configured

emulation by nslookup, Is nslookup a Good Tool?

library routines, Domain Name Compression

nameserver serving, “Resolving” nameserver configuration

nonrecursive nameservers and, A Nonrecursive Nameserver

query messages, Querying Like a BIND Nameserver

sample configurations

local nameserver, Local Nameserver

search algorithm, The Resolver Search Algorithm and Negative Caching (BIND 8)

Windows XP, The Windows XP Resolver

advanced configuration, The Windows XP Resolver
automatic registration, The Windows XP Resolver
DNS suffixes, The Windows XP Resolver
negative answers, The Windows XP Resolver
retransmission algorithm, The Windows XP Resolver

resolving nameserver, “Resolving” nameserver configuration

resource limits for nameservers

core files size limit, Changing the stack size limit
data segment size limit, Changing the data segment size limit
limiting number of clients, Changing the open files limit
limiting SOA queries, Limiting SOA queries
open files limit, Changing the open files limit
stack size limit, Changing the stack size limit

responses

from unexpected source, 13. Response from Unexpected Source
parsing, ns_parserr

res_init routine, herror and h_errno

res_mkquery routine, herror and h_errno

res_query routine, res_query

res_search routine, res_query

res_send routine, res_send

retransfer zone command (rndc program), New rndc commands

return action, The Windows XP Resolver

reverse mapping, Setting Up Zone Data

IPv6, IPv6 Forward and Reverse Mapping

bitstring labels, DNAME records and reverse mapping
DNAME records, DNAME records and reverse mapping
experimental, A6, DNAMEs, Bitstring Labels, and ip6.arpa

queries for domain names sent to forwarders, Using forward zones

rfc2308-type1 substatement, Compatibility

RIPE Network Coordination Centre, Checking That Your Network Is Registered

rndc program

-p option, New rndc commands
-s option, New rndc commands
controlling multiple servers, Using rndc to control multiple servers
getting BIND 9 nameserver statistics, BIND 9 statistics
new commands (BIND 9.3.2), New rndc commands
rndc-confgen command, Using rndc to control multiple servers
trace command, Logging

root hints

caching-only nameserver, Caching-Only Servers

root nameservers

internal, Using forward zones

configuring all internal nameservers to use them, Configuring other internal nameservers
db.root file, The db.root file
forward-mapping delegation, Forward-mapping delegation
in-addr.arpa delegation, in-addr.arpa delegation
mail from internal hosts to the Internet, How internal nameservers use internal roots
mail to specific Internet domains, Mail to specific Internet domain names
problems with, The trouble with internal roots
use by other internal nameservers, How internal nameservers use internal roots

recursion and, A Nonrecursive Nameserver

resolution, Resolution

root node, DNS database, The Domain Name System, in a Nutshell

round robin, Address and Alias Records

round-robin load distribution, Round-Robin Load Distribution

routing loops, preventing for mail, MX Records

MX algorithm, The MX Algorithm

RR (resource records) (DNS), Additional Resource Records

adding/deleting in zone with DNS dynamic update, DNS Dynamic Update

CLASS fields, Classes

classes, Resource Records

CNAME, Address and Alias Records

data, Data Transmission Order

DNSKEY record, The DNSKEY Record

DNSSEC records, How the Records Are Used

DS, The DS Record and the Chain of Trust

looking up different types with nslookup, Avoiding the Search List

MX, MX Records

nonexistent for a domain, Troubleshooting nslookup Problems

ns_parserr routine and, ns_parserr

re-signing DNSSEC records with dnssec-signzone, Sending your keys to be signed

rotation by nameserver for a domain, Round-Robin Load Distribution

TTL

changing, Changing TTLs
tuning values, Interface interval

rrset-order substatement

order for records returned by nameserver, Nameserver Address Sorting

RRsets

adding or deleting with dynamic update, DNS Dynamic Update

RRSIG records, Delegating to unsigned zones, How the Records Are Used

algorithm field, The RRSIG Record
for DS record, Signing a parent zone
labels field, The RRSIG Record
signature expiration and inception fields, The RRSIG Record
signature field, The RRSIG Record
signer’s name field, The RRSIG Record

rsync tool, Adding More Nameservers

RTT (round-trip time)

choosing between nameservers based on, Preferring Nameservers on Certain Networks

S

search algorithm, resolver, The Resolver Search Algorithm and Negative Caching (BIND 8)

search directive (BIND resolvers), The BIND 4.8.3 search list

search list, The Search List

application by dig tool, Using dig
avoiding with nslookup, Avoiding the Search List
BIND 4.8.3 resolvers, The BIND 4.8.3 search list
BIND 4.9 and later, The BIND 4.9 and later search list
BIND versions 4.8.3 to 4.9, The BIND 4.9 and later search list
nslookup, Is nslookup a Good Tool?

second-level domain, Domains

security, Security

BIND, latest versions, Getting BIND

DNS and Internet firewalls, DNS and Internet Firewalls

internal roots, Internal Roots
split namespace, A Split Namespace

DNSSEC, The DNS Security Extensions

ENUM, The NAPTR Record

nameservers, Securing Your Nameserver

BIND versions, Securing Your Nameserver
unauthorized zone transfers, Restricting queries in a particular zone

TSIG, TSIG

sendmail

adding alias to sendfmail.cf file, DNS and Email Authentication
ANY record queries, BIND 8 statistics
CNAME queries to canonicalize mail address, BIND 8 statistics
destinations with A record and no MX record, MX Records
getting mail to Internet without configuration changes, How internal nameservers use internal roots
mail-routing loop, error message, The MX Algorithm

sequence space arithmetic, Starting Over with a New Serial Number

serial numbers

Active Directory-integrated zones, Microsoft DNS Server, The ABCs of IPv6 Addressing
forgetting to increment, Potential Problem List

serial-queries substatement, Limiting SOA queries

serial-query-rate options substatement, Limiting SOA queries

server statement, server, server

associating nameserver with key, New rndc commands
transfers substatement, Limiting the total number of zone transfers requested
within view statement, Views

set command, changing nslookup options, Option Settings

set type=any command (nslookup), Troubleshooting nslookup Problems

severities

debug level 1, stderr channel
logging messages, Logging
specifying for file channel, File channels

shadow namespace, A Split Namespace

zone datafile, A Split Namespace

shell scripts, programming with nslookup or dig, Shell Script Programming with nslookup

shuffle address records, Round-Robin Load Distribution

signing, Public-Key Cryptography and Digital Signatures

zones

parent zone, Signing a parent zone
sending keys to be signed, Sending your keys to be signed

Simple Mail Transfer Protocol (SMTP), MX Records

size substatement (file channel), File channels

slave nameservers, Types of Nameservers

AXFR queries to initiate zone transfers, BIND 8 statistics
configured to use forwarder, Forwarding
datafiles, Zone Datafiles
network traffic between hidden primary and, External, Authoritative DNS Infrastructure
NOTIFY announcements, sending after zone transfer, DNS NOTIFY (Zone Change Notification)
NOTIFY announcment response to master, DNS NOTIFY (Zone Change Notification)
polling mechanism to determine need for zone transfer, DNS NOTIFY (Zone Change Notification)
reconfiguring as primary during outages, Coping with Disaster
registering, Registering Nameservers
TTL, Changing TTLs

SMTP (Simple Mail Transfer Protocol), MX Records

SOA (start of authority) records

changing values

refresh value, Changing Other SOA Values

limiting number of queries on nameserver, Limiting SOA queries

MNAME field, listing primary nameserver for a zone, DNS Dynamic Update

query statistics on BIND 8 nameserver, BIND 8 statistics

sortlist substatement, Nameserver Address Sorting

SPF (Sender Policy Framework), Versions

split namespaces, The trouble with internal roots

configuring the bastion host, Configuring the bastion host
protecting zone data on bastion host, Protecting zone data on the bastion host
security precautions on bastion host nameserver, Protecting zone data on the bastion host
views, using on bastion host, Using views on the bastion host

sponsored TLDs (sTLDs), New top-level domains

spoofing attacks

involving recursion, “Resolving” nameserver configuration
NAPTR records, The NAPTR Record
response from unexpected source, 13. Response from Unexpected Source

SRV records

fields, SRV

stack size limit, changing for named, Changing the stack size limit

statistics

BIND, understanding

BIND 8, BIND 8 statistics
BIND 9, BIND 9 statistics
using BIND statistics, Using the BIND statistics

statistics-interval substatement, Interface interval

stats command

rndc program, New rndc commands, BIND 9 statistics

stderr channel (logging), stderr channel

stealth slave, Internal DNS Infrastructure

sTLDs (sponsored TLDs), New top-level domains

stub resolver, Resolvers

stub zones, Managing delegation with stubs

subdomains, The Domain Name System, in a Nutshell, Domains, Parenting

creating, How to Become a Parent: Creating Subdomains

deciding on delegation, How to Become a Parent: Creating Subdomains

deciding how many to implement, When to Become a Parent

delegated, Delegation

signed and unsigned, Islands of security

delegating, Delegating Subdomains

delegation

checking using host, Good Parenting

domain name, Domains

lifecycle of parent domain, The Life of a Parent

managing transition to, Managing the Transition to Subdomains

naming, What to Name Your Children

establishing conventions, What to Name Your Children

of generic top-level domains, The generic top-level domains

of in-addr.arpa domains, Subdomains of in-addr.arpa Domains

reasons for implementing, When to Become a Parent

responsibility for, The Domain Name System, in a Nutshell

rules for dividing domain into, What to Name Your Children

subnet ID (IPv6), The ABCs of IPv6 Addressing

subnets

looking up name for IP address, Network Names and Numbers

SUCCESS condition, Additional Configuration Files

suffixes

DNS, using with Windows XP resolver, The Windows XP Resolver
IPv6 addresses, The ABCs of IPv6 Addressing

symmetric encryption algorithms, Public-Key Cryptography and Digital Signatures

syslog

common messages

bad owner name, Common Syslog Messages
lame server, Common Syslog Messages
Malformed response, Common Syslog Messages
reloading nameserver, Common Syslog Messages
Response from unexpected source, Common Syslog Messages

configuring channel to go to, Logging

logging channels directed to, File channels

NOTIFY message information, DNS NOTIFY (Zone Change Notification)

severity levels, Logging

T

TCP/IP (Transmission Control Protocol/Internet Protocol), A (Very) Brief History of the Internet

thaw zone command (rndc program), New rndc commands

Through the Looking-Glass, Quotations

timeouts

BIND

versions 4.9 to 8.2, More than one nameserver configured
versions 8.2 and later, More than one nameserver configured

top-level domains

country code, Country-code top-level domains

existing or reserved names, not using to name subdomains, How to Become a Parent: Creating Subdomains

Internet domain namespace, The Internet Domain Namespace

new, New top-level domains

generic top-level domains, New top-level domains

traditions and extent to which they are followed, New top-level domains

topology feature (BIND 8), Preferring Nameservers on Certain Networks

trace command

rndc program, Logging

traceroute, 8. Loss of Network Connectivity

transfers substatement, Limiting the total number of zone transfers requested

transports

IPv4, Addresses and Ports

travel domain, New top-level domains

tree structure, DNS database, The Domain Name System, in a Nutshell

troubleshooting, Troubleshooting DNS and BIND

forgot to increment serial number, Potential Problem List
local name can’t be looked up, Problem Symptoms
NIS, Is NIS Really Your Problem?
response from unexpected source, 13. Response from Unexpected Source
using named-xfer, Troubleshooting Tools and Techniques

trust anchor, Islands of security

trusted-keys statement, Islands of security, Signing a parent zone, server, server

TRYAGAIN condition, Additional Configuration Files

TSIG (transaction signatures), Versions, TSIG

configuring

keys, Configuring TSIG
time synchronization, Configuring TSIG

errors, TSIG Errors

GSS-TSIG, Secure Dynamic Update

limitations of, The DNS Security Extensions

one-way hash functions, TSIG

records, TSIG

TTL (time to live), Interface interval

changing, Changing TTLs
explicit, specified on NS records, Registering Nameservers
raising default for zones not changing frequently, Planning for Disasters
records in root hints file, Setting Up a BIND Configuration File

TXT records

queries on BIND 8 nameserver, BIND 8 statistics

SPF, The Sender Policy Framework

common mechanisms used in, The Sender Policy Framework

U

UDP

datagrams, EDNS0

uk domain, organizationally oriented subdomains, New top-level domains

UNAVAIL condition, Additional Configuration Files

uncompressing domain names, ns_name_skip

Unicode, Internationalized Domain Names

converting ACE to and from, DNS and WINS

Unix

BIND software included with, Getting BIND
domain sockets, rndc and controls (BIND 9)
end-of-line sequence, Compatibility
networking commands, search list applied to domain name argument, The BIND 4.9 and later search list

Unix epoch, converting to date, BIND 9 statistics

Unix filesystem, DNS database versus, The Domain Name System, in a Nutshell

unsigned zones, delegating to, Islands of security

unsponsored gTLDs, New top-level domains

update forwarding, DNS Dynamic Update