[an error occurred while processing this directive]

HP OpenVMS Systems Documentation

HP TCP/IP Services for OpenVMS
Management

6.5.8.1 Changing the BIND Database

If multiple master BIND servers are running in a cluster, and a change is made to the common BIND database, the database must be reloaded on each node that is running the master BIND server. To reload the BIND database on every node in the cluster where the master BIND server is running, enter the following command:

TCPIP> SET NAME_SERVICE /INITIALIZE /CLUSTER=dev:[directory]

The /CLUSTER qualifier takes the directory specification of the common BIND directory as a value. If you omit the device and directory, they default to:

common_device:[TCPIP$BIND_COMMON]

In this case, common_device is generated automatically in the following manner:

If the SYSUAF logical is defined, the the common disk is determined from its definition.
If SYSUAF logical is not defined, the system uses SYS$SYSDEVICE as the default device.

6.6 Populating the BIND Server Databases

To populate the BIND server database files, use one of the following methods:

Convert an existing host database with the CONVERT/UNIX BIND command.
Manually edit the ZONE.DB files.

6.6.1 Using Existing Databases

To populate the BIND server database by copying information from the local hosts database and other database files, enter the CONVERT/UNIX BIND command. This command:

Creates a BIND server database (if needed).
Extracts data from the local hosts database. (The BIND server uses UNIX style formatted files.)
Extracts Mail Exchange (MX) information from the routes database.
Populates the BIND server database with the host and MX records.
Creates a forward translation file with the following characteristics:
- It has address, canonical name, and MX entries.
- If a file with the same name as the output file already exists, the serial number from that file's start-of-authority (SOA) entry increments and becomes the serial number of the new output file.
- If no previous version of the output file exists, the serial number for the new file is 1.
When you specify forward translation (by omitting the /DOMAIN qualifier), any host in the local hosts database that is not qualified with a domain is included in the target domain. For example, if the local domain is x.y.z. , the CONVERT/UNIX BIND command includes: a , b.x.y.z , c.x.y.z.z but does not include d.x.y.h .
Creates a reverse translation file if you specify /DOMAIN=(domain.name) and the end of domain.name is IN-ADDR.ARPA.
The created reverse translation file has the following characteristics:
- Only records applicable to the domain you specify are placed into the output file.
- The output file has domain name pointer entries.
- If a file with the same name as the output file already exists, the serial number from that file's SOA entry increments and becomes the serial number of the new output file.
- If no previous version of the output file exists, the serial number for the new file is 1.
- The file selects hosts with IP addresses that match the partial IP address from domain.name. For example, /DOMAIN=16.99.IN-ADDR.ARPA does a reverse translation and selects hosts whose addresses begin with 99.16.

If the BIND server's directory is SYS$SPECIFIC:[TCPIP$BIND] and you have specified domain abc.def.com , the default output file is named SYS$SPECIFIC:[TCPIP$BIND]ABC_DEF_COM.DB.

HP suggests that you do not change the default directory name. If you do, the file is created in your current directory.

On the command line, specify the full OpenVMS file specification. Do not specify a version number, and do not use wildcards. The following example uses the domain ucx.ern.sea.com , creates a UCX_ERN_SEA_COM.DB file, creates a 208_20_9_IN-ADDR_ARPA.DB file, and checks the results by displaying directory listings with the new file.

TCPIP> CONVERT/UNIX BIND /DOMAIN=UCX.ERN.SEA.COM
TCPIP> CONVERT/UNIX BIND /DOMAIN=208.20.9.IN-ADDR.ARPA


TCPIP> SET DEFAULT SYS$SPECIFIC:[TCPIP$BIND]
$ DIRECTORY

Directory SYS$SPECIFIC:[TCPIP$BIND]

127_0_0.DB;1        208_20_9_IN-ADDR_ARPA.DB;1
LOCALHOST.DB;1
LOGIN.COM;1         ROOT.HINT;1         TCPIP$BIND.CONF;1
TCPIP$BIND_CONF.TEMPLATE;1              TCPIP$BIND_RUN.LOG;4339
TCPIP$BIND_SERVER.PID;1                 UCX_ERN_SEA_COM.DB;5

6.6.2 Manually Editing Zone Files

All name server zone files use the same type of records to define domain database information. HP recommends that you review these resource records before you edit any BIND files. Table 6-23 describes the standard resource records (RRs).

**Table 6-23 Standard Resource Record Types**
Record Type	Description
A	A host address.
A6	An IPv6 address.
AAAA	An IPv6 address.
CERT	A digital certificate.
CNAME	The canonical name of an alias.
DNAME	Delegation of reverse addresses. Replaces the domain name specified with another name to be looked up. (Described in RFC 2672.)
GPOS	The global position. Superseded by LOC.
HINFO	The host's CPU and operating system.
KEY	A public key associated with a DNS name.
KX	A key exchanger for this DNS name.
MX	A mail exchange for the domain.
NAPTR	A name authority pointer.
NSAP	A network service access point.
NS	An authoritative name server for the domain. Limit of 32 per domain.
NXT	Used in DNSSEC to securely indicate that RRs with an owner name in a certain name interval do not exist in a zone and to indicate what RR types are present for an existing name. For more information, see RFC 2535.
PTR	A pointer to another part of the domain name space.
SIG	A signature. Contains data authenticated in the secure DNS. For more information, see RFC 2535.
SOA	The start of an authority zone.
SRV	Information about well-known network services. Replaces WKS.
TXT	Text records.
WKS	Information about the well-known network services, such as SMTP, that a domain supports. Replaced by WKS.
X25	Representation of X.25 network addresses. Experimental.

The format of DNS records is as follows:

[name] [ttl] IN type data

In this format:

name	Specifies the name of the domain object referenced by a resource record. The string entered for name is the current domain unless it ends with a dot. If the name field is blank, the record applies to the domain object last named.
ttl	Defines the length of time, in seconds, that the information in this resource record should be kept in cache. Usually, the time-to-live field is left blank, and the default ttl, set for the entire zone SOA record, is used.
IN	Identifies the record as an Internet DNS resource record.
type	Identifies what kind of resource record this is. (See Table 6-23 for the record types you can specify.)
data	Information specific to this type of resource record. For example, in an A record, this is the field that contains the actual IP address.

6.6.2.1 Setting TTLs

The time to live (TTL) of the RR field is a 32-bit integer that represents the number of seconds that an RR can be cached before it should be discarded. The following types of TTL values are used in a zone file:

SOA
The last field in the SOA is the negative caching TTL. This controls how long other servers cache no-such-domain (NXDOMAIN) responses from you.
The maximum time for negative caching is 3 hours (3h).
$TTL
The $TTL directive at the top of the zone file (before the SOA) gives a default TTL for every RR without a specific TTL set.
RR TTLs
Each RR can have a TTL as the second field in the RR, which controls how long other servers can cache it.

All of these TTLs default to units of seconds, though units can be explicitly specified (for example, 1h30m for 1 hour and 30 minutes).

6.6.2.2 Zone File Directives

While the master file format itself is class independent, all records in a master file must be of the same class. The master file directives are described in the following list:

$ORIGIN domain-name [comment ]
Sets the domain name that is appended to any unqualified records. When a zone is first read, an implicit $ORIGIN zone-name directive is applied.
If domain specified is not absolute, the current $ORIGIN is appended to it.
For example, the following are interpreted the same way:
$ORIGIN example.com WWW CNAME MAIN-SERVER
And:
WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
$INCLUDE filename [ origin ] [ comment ]
Reads and processes the specified file as if it were included into the file at this point. If origin is specified, the file is processed with $ORIGIN set to that value; otherwise, the current $ORIGIN is used.
Once the file has been read, the origin and the current domain name revert to the values they had prior to the $INCLUDE.
$TTL default-ttl [comment]
Sets the default time to live (TTL) for subsequent records with undefined TTLs. Valid TTLs are in the range of 0---2147483647 seconds.

6.6.3 Saving Backup Copies of Zone Data

A slave name server saves backup copies of the zone data in SYS$SPECIFIC:[TCPIP$BIND]. Do not delete these backup copies. When the master server is down and the slave server is running, the slave server cannot perform a zone transfer until the master server comes back up. However, with backup copies, the slave server has some data (though possibly out of date) to perform its basic tasks.

6.6.4 Sample Database Files

The following sections provide sample BIND database files.

6.6.4.1 Local Loopback

In the LOCALHOST.DB file, the local host address is usually 127.0.0.1. The following sample LOCALHOST.DB file shows the forward translation for the local loopback interface:

;
; File name:      LOCALHOST.DB
; Product:        HP TCP/IP Services for OpenVMS
; Version:        V5.4
;
; © Copyright 1976, 2003 Hewlett-Packard Development Company, L.P.
;
; BIND data file for local loopback interface (forward translation).
;
;
$ORIGIN localhost.
@                 1D IN SOA       @ root (
                                  42              ;Serial
                                  3H              ;Refresh
                                  15M             ;Retry
                                  1W              ;Expiry
                                  1D )            ;Minimum
;
                  1D IN NS        @
                  1D IN A         127.0.0.1

The following sample 127_0_0.DB file shows the reverse translation for the local loopback interface:

;
; File name:      127_0_0.DB
; Product:        HP TCP/IP Services for OpenVMS
; Version:        V5.4
;
; © Copyright 1976, 2003 Hewlett-Packard Development Company, L.P.
;
;
; BIND data file for local loopback interface (forward translation)
;
$ORIGIN 0.0.127.in-addr.arpa.
@                 1D IN SOA       localhost.root.localhost. (
                                  42              ;Serial
                                  3H              ;Refresh
                                  15M             ;Retry
                                  1W              ;Expiry
                                  1D )            ;Minimum
;
                  1D IN NS        localhost.
1                 1D IN PTR       localhost.

These local host databases provide forward and reverse translation for the widely used LOCALHOST name. The LOCALHOST name is always associated with the IP address 127.0.0.1 and is used for local loopback traffic.

6.6.4.2 Hint File

This file contains root name server hints. Any name server running on a host without direct Internet connectivity should list the internal roots in its hint file.

The following sample shows a ROOT.HINT file. In earlier releases, this file was called NAMED.CA:

;
; File name:      ROOT.HINT
; Product:        HP TCP/IP Services for OpenVMS
; Version:        V5.4
;
; © Copyright 1976, 2003 Hewlett-Packard Development Company, L.P.
;
;
; DESCRIPTION:
;
;    Data file for initial cache data for root domain servers.
;
; <<>> DiG 9.2.1 <<>>
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11672
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13

;; QUESTION SECTION:
;.                              IN      NS

;; ANSWER SECTION:
.                       102059  IN      NS      A.ROOT-SERVERS.NET.
.                       102059  IN      NS      B.ROOT-SERVERS.NET.
.                       102059  IN      NS      C.ROOT-SERVERS.NET.
.                       102059  IN      NS      D.ROOT-SERVERS.NET.
.                       102059  IN      NS      E.ROOT-SERVERS.NET.
.                       102059  IN      NS      F.ROOT-SERVERS.NET.
.                       102059  IN      NS      G.ROOT-SERVERS.NET.
.                       102059  IN      NS      H.ROOT-SERVERS.NET.
.                       102059  IN      NS      I.ROOT-SERVERS.NET.
.                       102059  IN      NS      J.ROOT-SERVERS.NET.
.                       102059  IN      NS      K.ROOT-SERVERS.NET.
.                       102059  IN      NS      L.ROOT-SERVERS.NET.
.                       102059  IN      NS      M.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET.     188459  IN      A       198.41.0.4
B.ROOT-SERVERS.NET.     188459  IN      A       128.9.0.107
C.ROOT-SERVERS.NET.     188459  IN      A       192.33.4.12
D.ROOT-SERVERS.NET.     188459  IN      A       128.8.10.90
E.ROOT-SERVERS.NET.     188459  IN      A       192.203.230.10
F.ROOT-SERVERS.NET.     188459  IN      A       192.5.5.241
G.ROOT-SERVERS.NET.     188459  IN      A       192.112.36.4
H.ROOT-SERVERS.NET.     188459  IN      A       128.63.2.53
I.ROOT-SERVERS.NET.     188459  IN      A       192.36.148.17
J.ROOT-SERVERS.NET.     188459  IN      A       192.58.128.30
K.ROOT-SERVERS.NET.     188459  IN      A       193.0.14.129
L.ROOT-SERVERS.NET.     188459  IN      A       198.32.64.12
M.ROOT-SERVERS.NET.     188459  IN      A       202.12.27.33

;; Query time: 1069 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue May  6 11:06:27 2003
;; MSG SIZE  rcvd: 436

This cache initialization file contains NS records that name root servers and A records that provide the addresses of root servers.

To create a ROOT.HINT file:

Run TCPIP$CONFIG.
Select the Server Components menu.
Select the BIND server.
Enable the BIND server.

This procedure creates the ROOT.HINT file and places the file in the SYS$SPECIFIC:[TCPIP$BIND] directory.

6.6.4.3 Forward Translation File

The forward translation file, domain_name.DB, stores host-name-to-address mapping. For example, the database file UCX_ERN_SEA_COM.DB is created for the domain UCX.ERN.SEA.COM.

The following example shows a domain_name.DB file:

$TTL 86400
$ORIGIN ucx.ern.sea.com.
@               IN      SOA     owl.ucx.ern.sea.com. pmaster.owl.ern.sea.com.
(
                                23      ; Serial
                                600     ; Refresh
                                300     ; Retry
                                172800  ; Expire
                                43200 ) ; Minimum
;
                IN      NS      owl.ucx.ern.sea.com.
                IN      NS      condor.ucx.ern.sea.com.
;
thrush          IN      A       9.20.208.53
condor          IN      A       9.20.208 or 90
birdy           IN      A       9.20.208.47
                IN      MX      10 birdy.ucx.ern.sea.com.
                IN      MX      100 inet-gw-1.pa.emu.com.
                IN      MX      100 mts-gw.pa.emu.com.
                IN      MX      200 crl.emu.com.
                IN      MX      300 nester.emu.com.
seagull         IN      A       9.20.208.30
                IN      MX      10 seagull.ucx.ern.sea.com.
                IN      MX      100 inet-gw-1.pa.emu.com.
                IN      MX      100 mts-gw.pa.emu.com.
                IN      MX      200 crl.emu.com.
                IN      MX      300 nester.emu.com.
owl             IN      A       9.20.208.72
                IN      MX      10 owl.ucx.ern.sea.com.
                IN      MX      100 inet-gw-1.pa.emu.com.
                IN      MX      100 mts-gw.pa.emu.com.
                IN      MX      200 crl.emu.com.
                IN      MX      300 nester.emu.com.
peacock         IN      A       9.20.208.73
                IN      MX      10 pultdown.ucx.ern.sea.com.
                IN      MX      100 inet-gw-1.pa.emu.com.
                IN      MX      100 mts-gw.pa.emu.com.
                IN      MX      200 crl.emu.com.
                IN      MX      300 nester.emu.com.
redwing         IN      A       9.20.208.79
                IN      MX      10 redwing.ucx.ern.sea.com.
                IN      MX      100 inet-gw-1.pa.emu.com.
                IN      MX      100 mts-gw.pa.emu.com.
                IN      MX      200 crl.emu.com.
                IN      MX      300 nester.emu.com.
robin           IN      A       9.20.208.47
                IN      A       9.20.208.30
                IN      A       9.20.208.72

This file is created only for the master server. All other servers obtain this information from the master server. This file contains most of the domain information and has the following characteristics:

Begins with an SOA record and a few NS records that define the domain and its servers.
Maps host names to IP addresses.
Contains A, MX, CNAME, and other records.

MX records identify the servers in a domain that are used for forwarding mail. Use MX records and preference numbers to define the order in which mail servers are used. The lower the preference number, the more desirable the server.

6.6.4.4 Reverse Translation File

The reverse translation file, address.DB, stores address-to-host-name mapping (reverse mapping) information. For example, the database file 208_20_9_IN-ADDR_ARPA.DB is created for the domain 208.20.9.IN-ADDR.ARPA.

The following example shows an address.DB file:

$TTL 86400
$ORIGIN 208.20.9.in-addr.arpa.
@     IN   SOA   owl.ucx.ern.sea.com. pmaster.owl.ucx.ern.sea.com.
(
                          1       ; Serial
                          600     ; Refresh
                          300     ; Retry
                          172800  ; Expire
                          43200 ) ; Minimum
;
      IN      NS      owl.ucx.ern.sea.com.
      IN      NS      condor.ucx.ern.sea.com.
;
53              IN      PTR     thrush.ucx.ern.sea.com.
10              IN      PTR     condor.ucx.ern.sea.com.
47              IN      PTR     birdy.ucx.ern.sea.com.
30              IN      PTR     seagull.ucx.ern.sea.com.
72              IN      PTR     owl.ucx.ern.sea.com.
73              IN      PTR     peacock.ucx.ern.sea.com.
79              IN      PTR     redwing.ucx.ern.sea.com.

PTR records predominate in this file because they are used to translate addresses to host names.

6.7 Examining Name Server Statistics

The BIND server collects statistics that record server activity. To examine BIND statistics, use one of the following commands:

The TCP/IP management command SHOW NAME_SERVICE /STATISTICS
The rndc stats command

Statistics are logged to the TCPIP$BIND.STATS file, located in SYS$SPECIFIC:[TCPIP$BIND].

The following sample shows a statistics log:

+++ Statistics Dump +++ (1004986341)
success 17
referral 0
nxrrset 1
nxdomain 1
recursion 6
failure 0
--- Statistics Dump --- (1004986341)

The statistics dump begins with the line +++ Statistics Dump +++ (973798949) . The number in parentheses is a standard UNIX timestamp, measured as seconds since January 1, 1970. Following that line are a series of lines containing a counter type, the value of the counter, a zone name (optional), and a view name (optional).

The lines without view and zone listed are global statistics for the entire server. Lines with a zone and view name are for the given view and zone. (The view name is omitted for the default view.)

The statistics dump ends with the line --- Statistics Dump --- (973798949) The number in parentheses is identical to the number in the beginning line.

The following statistics counters are maintained:

success
The number of successful queries made to the server or zone. A successful query is defined as query that returns a NOERROR response other than a referral response.
referral
The number of queries that resulted in referral responses.
nxrrset
The number of queries that resulted in NOERROR responses with no data.
nxdomain
The number of queries that resulted in NXDOMAIN responses.
recursion
The number of queries that caused the server to perform recursion in order to find the final answer.
failure
The number of queries that resulted in a failure response other than those described in the previous counters.

Contents

Index