[an error occurred while processing this directive]
HP OpenVMS Systems Documentation |
HP TCP/IP Services for OpenVMS
|
Previous | Contents | Index |
The following sections describe how to set up BIND servers manually using the TCP/IP management command SET CONFIGURATION BIND.
This command creates a UCX Version 4.x configuration. If you set up your BIND name server using this command, you must also use the TCP/IP management command CONVERT/CONFIGURATION BIND command to convert the databases to the BIND Version 9 format. If you omit this step, your changes will not take effect. |
To instruct the master name server to read the appropriate database files using the information in TCPIP$CONFIGURATION.DAT, use the SET CONFIGURATION BIND command. Use the SHOW CONFIGURATION BIND command to display BIND information from the configuration database (TCPIP$CONFIGURATION.DAT).
The following commands tell the name server to read the appropriate files:
TCPIP> SET CONFIGURATION BIND /CACHE TCPIP> SET CONFIGURATION BIND - _TCPIP> /PRIMARY=(DOMAIN:0.0.127.IN-ADDR.ARPA, FILE:NAMED.LOCAL) TCPIP> SET CONFIGURATION BIND - _TCPIP> /PRIMARY=(DOMAIN:UCX.ERN.SEA.COM, FILE:UCX_ERN_SEA_COM.DB) TCPIP> SET CONFIGURATION BIND - _TCPIP> /PRIMARY=(DOMAIN:208.20.9.IN-ADDR.ARPA, FILE:208_20_9_IN-ADDR_ARPA.DB) |
To view these settings, use the SHOW CONFIGURATION BIND command.
6.8.2 Setting Up a Secondary (Slave) Name Server
You can configure a secondary server to populate itself by copying the DNS database files from the master server.
To configure a secondary server, enter the following commands:
TCPIP> SET CONFIGURATION BIND /CACHE TCPIP> SET CONFIGURATION BIND - _TCPIP> /PRIMARY=(DOMAIN:0.0.127.IN-ADDR.ARPA, FILE:NAMED.LOCAL) TCPIP> SET CONFIGURATION BIND - _TCPIP> /SECONDARY=(DOMAIN:UCX.ERN.SEA.COM, - _TCPIP> FILE:UCX_ERN_SEA_COM.DB,HOST:OWL) TCPIP> SET CONFIGURATION BIND - _TCPIP> /SECONDARY=(DOMAIN:208.20.9.IN-ADDR.ARPA, - _TCPIP> FILE:208_20_9_IN-ADDR_ARPA.DB, - _TCPIP> HOST:OWL.UCX.ERN.SEA.COM) |
To configure a cache-only server, enter the following command:
TCPIP> SET CONFIGURATION BIND /CACHE |
This command points the server to the file NAMED.CA.
6.8.4 Setting Up a Forwarder Name Server
To configure a forwarder server, enter the following command:
TCPIP> SET CONFIGURATION BIND /FORWARDERS=(HOST:host) |
In this command, host specifies the forwarding server.
You cannot set up a server to be both a forwarder and a caching server. |
Your host uses the BIND resolver to obtain information from a name server. When a request for name translation arrives, the resolver first searches the local host database for the host information. If the information is not found, the resolver then queries the BIND name server for host information.
The BIND resolver is based on the BIND Version 9 implementation of DNS. |
The resolver is automatically configured by TCPIP$CONFIG when you choose Option 1 --- Core Environment . To display your resolver configuration, enter the following TCP/IP management command:
TCPIP> SHOW NAME_SERVICE |
TCP/IP Services displays the following data:
BIND Resolver Parameters Local domain: ucx.ern.sea.com System State: Started, Enabled Transport: UDP Domain: ucx.ern.sea.com Retry: 2 Timeout: 5 Servers: lark Path: ucx.ern.sea.com,ern.sea.com,sea.com Process State: Enabled Transport: Domain: Retry: Timeout: Servers: Path: |
Here, host LARK in the current domain is the default name server. To add records to the local hosts database, use the SET HOST command. For example, the following command adds host birdy to the local hosts database. (For more information about using SET commands, see the HP TCP/IP Services for OpenVMS Management Command Reference manual.)
TCPIP> SET HOST birdy /ADDRESS=9.20.208.47 |
To delete server entries from the configuration database or to add new entries, enter the following command:
TCPIP> SET NAME_SERVICE /NOSERVER=LARK /SYSTEM |
This command modifies the volatile database. To make a change to the permanent database, enter the SET CONFIGURATION NAME_SERVICE command.
To view the results, enter the SHOW CONFIGURATION NAME_SERVICE command.
6.9.1 Changing the Default Configuration Using the TCP/IP Management Command Interface
You can also change the default configuration in the RESOLV.CONF configuration file (described in Section 6.9.3. If you use the configuration file, any BIND resolver configuration changes you make through the TCP/IP management command interface will be ignored. |
To add a new server and enable the BIND resolver, enter the following command:
TCPIP> SET NAME_SERVICE /SERVER=host /ENABLE /SYSTEM |
For host, specify the host name or IPv4 address of the BIND server or servers that the BIND resolver is to query.
To specify multiple hosts, list them by request preference. A maximum of three BIND servers will be listed. The BIND resolver sends the first lookup request to the first host on the list.
If you define a server list and then add a new server with the SET NAME_SERVICE /SERVER command, the new server is added to the end of the list.
SET commands affect the volatile database. To save your changes to the permanent database, use the SET CONFIGURATION commands. The changes you make with the SET CONFIGURATION commands take effect the next time the software starts up. For example:
TCPIP> SET CONFIGURATION NAME_SERVICE /SERVER=host /ENABLE |
TCPIP> SHOW CONFIGURATION NAME_SERVICE BIND Resolver Configuration Transport: UDP Domain: ucx.ern.sea.com Retry: 2 Timeout: 5 Servers: 9.20.208.47, 9.20.208.53 Path: No values defined |
The following command defines hosts PARROT, SORA, and JACANA as systemwide BIND servers and enables the BIND resolver:
PARROT> TCPIP TCPIP> SET NAME_SERVICE /SERVER=(PARROT,SORA,JACANA) /SYSTEM /ENABLE |
The following example defines, for the current login session, host OSPREY as the BIND server. As a result, the servers that are defined systemwide are not queried.
TCPIP> SET NAME_SERVICE /SERVER=OSPREY |
You can configure the BIND resolver using the ASCII configuration file TCPIP$ETC:RESOLV.CONF.
When you configure the resolver using TCPIP$CONFIG.COM (as described in the HP TCP/IP Services for OpenVMS Installation and Configuration, the template file TCPIP$ETC:RESOLV_CONF.TEMPLATE is created. To configure the BIND resolver, rename this file to TCPIP$ETC:RESOLV.CONF.
The RESOLV.CONF file supersedes any configuration settings you implement with the TCP/IP management command interface (described in Section 6.9.1. The two configuration methods cannot be used in combination with one another.
The following is a sample RESOLV.CONF file:
File name: RESOLV.CONF Product: HP TCP/IP Services for OpenVMS Version: T5.6-3V © Copyright 1976, 2005 Hewlett-Packard Development Company, L.P. DESCRIPTION: The RESOLV.CONF file lists name-value pairs that provide information to the BIND resolver. SYNTAX: Caution: White space entered after the domain name is not ignored; it is interpreted as part of the domain name. domain <domainname> local domain name nameserver <address> Internet address of a name server that the resolver should query search <domainname> ... search list for host-name lookup options <option> ... list of options separated by a space; must be all lower case; available options are: debug turn on resolver diagnostics ndots:<N> the minimum number of dots a domain name must contain before an initial absolute query will be made. default: 1 timeout:<N> amount of time the resolver will wait for a response before retrying the query via a different nameserver. default: 5 seconds attempts:<N> number of times the resolver will send a query to each nameserver before giving up. default: 2 no-tld-query do not attempt to resolve a top level domain name no-check-names disables sanity checks for valid characters in hostnames edns attach OPT pseudo-RR for EDNS0 extension to inform DNS server of our receive buffer size dname evaluate DNAME records when querying IPv6 addresses nibble:<suffix> determine the base domain for reverse- resolving IPv6 addresses in nibble mode default: ip6.arpa nibble2:<suffix> determine the base domain for reverse- resolving IPv6 addresses in nibble mode default: ip6.int v6revmode:<mode> determine the strategy for reverse- resolving IPv6 addresses. <mode> can be one of: single query using a base domain of ip6.arpa both query using ip6.arpa and ip6.int There are two logical names that can override values in this file: LOCALDOMAIN <domainname> local domain name TCPIP$BIND_RES_OPTIONS <"options ..."> set resolver options domain a.b.c.d nameserver 1.2.3.4 nameserver 5.6.7.8 options debug |
You can use RESOLV.CONF to specify nameservers with IPv6 addresses. The BIND resolver then uses the IPv6 transport to contact the nameserver and for subsequent communications.
A maximum of three nameservers may be specified in the RESOLV.CONF file. If you specify nameservers with IPv6 addresses, the TCP/IP management command SHOW HOST will use the IPv6 transport to contact the nameserver, but will not display the IPv6 address of the server queried. Instead it will display:
server: IPv6 |
To obtain more detailed information, including the name and IP address
of the nameserver used for resolution, use the
dig
utility, described in Section 6.12.1.
6.9.3.2 Resolver Default Retry and Timeout
The BIND resolver searches the local hosts database (TCPIP$HOST.DAT), and then TCPIP$ETC:IPNODES.DAT. If the information is not found, the resolver queries the BIND nameserver for host information.
The timeout is the length of time that the resolver will wait for a response from a nameserver before sending another query. If the resolver encounters an error that indicates the nameserver is actually down or unreachable, or if it times out, it doubles the timeout and queries the nameserver again. This process is repeated up to three more times, until the default of four retry attempts is reached. The default is two retries and a timeout of five seconds. Therefore, only one set of retries (a total of two queries) will be made to each nameserver. This reduces the amount of time a user must wait for the resolver to return if none of the nameservers are responding.
When multiple nameservers are configured, and the resolver has queried all of them with no response, it updates the timeout and cycles through them again. The timeout for this next round of queries is based on the number of configured nameservers. The timeout is ten seconds divided by the total number of configured nameservers, rounded down. After one set of retransmissions (a total of two timeouts for each configured nameserver), the resolver gives up trying to query name servers. The default timeout behavior is expressed in the following table:
Name Servers Configured | |||
---|---|---|---|
Retry | 1 | 2 | 3 |
0 | 5 sec | (2x)5 sec | (3x)5 sec |
1 | 10 sec | (2x)5 sec | (3x)3 sec |
Total | 15 sec | 20 sec | 24 sec |
Therefore, if you configure three nameservers, the resolver queries the
first server with a timeout period of five seconds. If that query times
out, the resolver queries the second server with the same timeout, and
similarly for the third. If the resolver cycles through all three
servers, it doubles the timeout period and divides by three (rounded
down), resulting in three seconds, and queries the first nameserver
again.
6.9.4 Resolver Default Search Behavior
By default, if no search list is defined and the host name as you typed it has no dot (.) in the name, the BIND resolver performs a lookup using the following forms of the host name (in this order):
For example, suppose you enter the following command:
TCPIP> SHOW HOST OWL |
Assuming that the default domain is ucx.ern.sea.com , the resolver performs lookups as follows:
This behavior is different than the resolver lookup behavior in
previous releases (UCX BIND Version 4.x.). The following
section provides more information.
6.9.5 Resolver Search Behavior in Earlier Releases
In previous releases, the resolver performed lookups as follows:
For each unsuccessful lookup, this procedure was repeated until only two labels remained in the resulting domain name.
If all these attempts failed, the resolver tried just the host name as typed (as long as it contained at least one dot).
For example, suppose you entered the following command:
TCPIP> SHOW HOST OWL |
Assuming the default domain was ucx.ern.sea.com , the resolver performed lookups as follows:
The search list is provided to make entering lookup commands easier by
not requiring you to type fully qualified domain names. The search list
consists of domain names that the resolver uses when performing
lookups. By default, the search list consists of only the default
domain, which is stored in the TCPIP$CONFIGURATION.DAT file.
6.9.6.1 Setting the Search List with TCP/IP Management Commands
You can change the elements in the search list by entering the SET NAME_SERVICE command, as shown in the following example:
TCPIP> SET NAME_SERVICE /PATH=(ucx.ern.sea.com,dux.sea.com,mux.ern.sea.com)/SYSTEM |
For example, suppose you enter the following command:
TCPIP> SHOW HOST CANARY |
The resolver performs lookups as follows:
In the following output of the SHOW NAME_SERVICE command, the PATH: label shows the search list information entered with the SET NAME_SERVICE /PATH command. This command displays systemwide information and process-specific information (if process-specific information is set).
TCPIP> SHOW NAME_SERVICE BIND Resolver Parameters Local domain: ucx.ern.sea.com System State: Started, Enabled Transport: UDP Domain: ucx.ern.sea.com Retry: 2 Timeout: 5 Servers: ucx, lemng, 16.99.0.10 Path: ucx.ern.sea.com, dux.ern.sea.com, mux.ern.sea.com Process State: Enabled Transport: Domain: Retry: Timeout: Servers: Path: $ |
Any additions you make are appended to the end of the search list.
To remove an element from the search list, enter the following command:
TCPIP> SET NAME_SERVICE /NOPATH=dux.ern.sea.com /SYSTEM |
To configure the resolver search list in the RESOLV.CONF configuration file, change the directives in the search list using the search directive. For example:
search ucx.ern.sea com dux.sea.com mux.ern.sea.com |
When you run TCPIP$CONFIG.COM after upgrading from UCX to TCP/IP Services for OpenVMS, the system creates a domain search list that is consistent with the UCX default lookup behavior. TCPIP$CONFIG.COM uses the default domain to create a search list consisting of each parent domain. For example, if the default domain is ucx.ern.sea.com , the resulting search list is ucx.ern.sea.com,ern.sea.com,sea.com . You can modify the current search list by using the SET CONFIGURATION NAME_SERVER /PATH command. |
The following administrative tools play an integral part in the management of a server.
To use these utilities, you must have system management privileges. Run the TCPIP$DEFINE_COMMANDS.COM procedure to define the commands described in the following reference sections.
In this version of TCP/IP Services, the BIND Server and related utilities have been updated to use the OpenSSL shareable image SSL$LIBCRYPTO_SHR32.EXE. There is now a requirement that this shareable image from OpenSSL V1.2 or higher be installed on the system prior to starting the BIND Server. It must also be installed prior to using the following BIND utilities:
|
Previous | Next | Contents | Index |