summaryrefslogtreecommitdiff
path: root/doc/arm/Bv9ARM.ch09.html
blob: 10e60eacbfa832ec7bf51b6182b1ec913f7f676a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
<!--
 - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
 - Copyright (C) 2000-2003 Internet Software Consortium.
 - 
 - Permission to use, copy, modify, and/or distribute this software for any
 - purpose with or without fee is hereby granted, provided that the above
 - copyright notice and this permission notice appear in all copies.
 - 
 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 - PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Appendix A. Appendices</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="prev" href="Bv9ARM.ch08.html" title="Chapter 8. Troubleshooting">
<link rel="next" href="Bv9ARM.ch10.html" title="Manual pages">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<div class="navheader">
<table width="100%" summary="Navigation header">
<tr><th colspan="3" align="center">Appendix A. Appendices</th></tr>
<tr>
<td width="20%" align="left">
<a accesskey="p" href="Bv9ARM.ch08.html">Prev</a> </td>
<th width="60%" align="center"> </th>
<td width="20%" align="right"> <a accesskey="n" href="Bv9ARM.ch10.html">Next</a>
</td>
</tr>
</table>
<hr>
</div>
<div class="appendix" lang="en">
<div class="titlepage"><div><div><h2 class="title">
<a name="Bv9ARM.ch09"></a>Appendix A. Appendices</h2></div></div></div>
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2604929">Acknowledgments</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2605100">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608312">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609719">Prerequisite</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609729">Compilation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609753">Installation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609784">Known Defects/Restrictions</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609861">The dns.conf File</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609888">Sample Applications</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2610929">Library References</a></span></dt>
</dl></dd>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2604929"></a>Acknowledgments</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="historical_dns_information"></a>A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym>
</h3></div></div></div>
<p>
            Although the "official" beginning of the Domain Name
            System occurred in 1984 with the publication of RFC 920, the
            core of the new system was described in 1983 in RFCs 882 and
            883. From 1984 to 1987, the ARPAnet (the precursor to today's
            Internet) became a testbed of experimentation for developing the
            new naming/addressing scheme in a rapidly expanding,
            operational network environment.  New RFCs were written and
            published in 1987 that modified the original documents to
            incorporate improvements based on the working model. RFC 1034,
            "Domain Names-Concepts and Facilities", and RFC 1035, "Domain
            Names-Implementation and Specification" were published and
            became the standards upon which all <acronym class="acronym">DNS</acronym> implementations are
            built.
          </p>
<p>
            The first working domain name server, called "Jeeves", was
            written in 1983-84 by Paul Mockapetris for operation on DEC
            Tops-20
            machines located at the University of Southern California's
            Information
            Sciences Institute (USC-ISI) and SRI International's Network
            Information
            Center (SRI-NIC). A <acronym class="acronym">DNS</acronym> server for
            Unix machines, the Berkeley Internet
            Name Domain (<acronym class="acronym">BIND</acronym>) package, was
            written soon after by a group of
            graduate students at the University of California at Berkeley
            under
            a grant from the US Defense Advanced Research Projects
            Administration
            (DARPA).
          </p>
<p>
            Versions of <acronym class="acronym">BIND</acronym> through
            4.8.3 were maintained by the Computer
            Systems Research Group (CSRG) at UC Berkeley. Douglas Terry, Mark
            Painter, David Riggle and Songnian Zhou made up the initial <acronym class="acronym">BIND</acronym>
            project team. After that, additional work on the software package
            was done by Ralph Campbell. Kevin Dunlap, a Digital Equipment
            Corporation
            employee on loan to the CSRG, worked on <acronym class="acronym">BIND</acronym> for 2 years, from 1985
            to 1987. Many other people also contributed to <acronym class="acronym">BIND</acronym> development
            during that time: Doug Kingston, Craig Partridge, Smoot
            Carl-Mitchell,
            Mike Muuss, Jim Bloom and Mike Schwartz. <acronym class="acronym">BIND</acronym> maintenance was subsequently
            handled by Mike Karels and Řivind Kure.
          </p>
<p>
            <acronym class="acronym">BIND</acronym> versions 4.9 and 4.9.1 were
            released by Digital Equipment
            Corporation (now Compaq Computer Corporation). Paul Vixie, then
            a DEC employee, became <acronym class="acronym">BIND</acronym>'s
            primary caretaker. He was assisted
            by Phil Almquist, Robert Elz, Alan Barrett, Paul Albitz, Bryan
            Beecher, Andrew
            Partan, Andy Cherenson, Tom Limoncelli, Berthold Paffrath, Fuat
            Baran, Anant Kumar, Art Harkin, Win Treese, Don Lewis, Christophe
            Wolfhugel, and others.
          </p>
<p>
            In 1994, <acronym class="acronym">BIND</acronym> version 4.9.2 was sponsored by
            Vixie Enterprises. Paul
            Vixie became <acronym class="acronym">BIND</acronym>'s principal
            architect/programmer.
          </p>
<p>
            <acronym class="acronym">BIND</acronym> versions from 4.9.3 onward
            have been developed and maintained
            by the Internet Systems Consortium and its predecessor,
            the Internet Software Consortium,  with support being provided
            by ISC's sponsors.
          </p>
<p>
            As co-architects/programmers, Bob Halley and
            Paul Vixie released the first production-ready version of
            <acronym class="acronym">BIND</acronym> version 8 in May 1997.
          </p>
<p>
            BIND version 9 was released in September 2000 and is a
            major rewrite of nearly all aspects of the underlying
            BIND architecture.
          </p>
<p>
            BIND versions 4 and 8 are officially deprecated.
            No additional development is done
            on BIND version 4 or BIND version 8.
          </p>
<p>
            <acronym class="acronym">BIND</acronym> development work is made
            possible today by the sponsorship
            of several corporations, and by the tireless work efforts of
            numerous individuals.
          </p>
</div>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2605100"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="ipv6addresses"></a>IPv6 addresses (AAAA)</h3></div></div></div>
<p>
            IPv6 addresses are 128-bit identifiers for interfaces and
            sets of interfaces which were introduced in the <acronym class="acronym">DNS</acronym> to facilitate
            scalable Internet routing. There are three types of addresses: <span class="emphasis"><em>Unicast</em></span>,
            an identifier for a single interface;
            <span class="emphasis"><em>Anycast</em></span>,
            an identifier for a set of interfaces; and <span class="emphasis"><em>Multicast</em></span>,
            an identifier for a set of interfaces. Here we describe the global
            Unicast address scheme. For more information, see RFC 3587,
            "Global Unicast Address Format."
          </p>
<p>
            IPv6 unicast addresses consist of a
            <span class="emphasis"><em>global routing prefix</em></span>, a
            <span class="emphasis"><em>subnet identifier</em></span>, and an
            <span class="emphasis"><em>interface identifier</em></span>.
          </p>
<p>
            The global routing prefix is provided by the
            upstream provider or ISP, and (roughly) corresponds to the
            IPv4 <span class="emphasis"><em>network</em></span> section
            of the address range.

            The subnet identifier is for local subnetting, much the
            same as subnetting an
            IPv4 /16 network into /24 subnets.

            The interface identifier is the address of an individual
            interface on a given network; in IPv6, addresses belong to
            interfaces rather than to machines.
          </p>
<p>
            The subnetting capability of IPv6 is much more flexible than
            that of IPv4: subnetting can be carried out on bit boundaries,
            in much the same way as Classless InterDomain Routing
            (CIDR), and the DNS PTR representation ("nibble" format)
            makes setting up reverse zones easier.
          </p>
<p>
            The Interface Identifier must be unique on the local link,
            and is usually generated automatically by the IPv6
            implementation, although it is usually possible to
            override the default setting if necessary.  A typical IPv6
            address might look like:
            <span><strong class="command">2001:db8:201:9:a00:20ff:fe81:2b32</strong></span>
          </p>
<p>
            IPv6 address specifications often contain long strings
            of zeros, so the architects have included a shorthand for
            specifying
            them. The double colon (`::') indicates the longest possible
            string
            of zeros that can fit, and can be used only once in an address.
          </p>
</div>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="bibliography"></a>Bibliography (and Suggested Reading)</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="rfcs"></a>Request for Comments (RFCs)</h3></div></div></div>
<p>
            Specification documents for the Internet protocol suite, including
            the <acronym class="acronym">DNS</acronym>, are published as part of
            the Request for Comments (RFCs)
            series of technical notes. The standards themselves are defined
            by the Internet Engineering Task Force (IETF) and the Internet
            Engineering Steering Group (IESG). RFCs can be obtained online via FTP at:
          </p>
<p>
            <a href="ftp://www.isi.edu/in-notes/" target="_top">
              ftp://www.isi.edu/in-notes/RFC<em class="replaceable"><code>xxxx</code></em>.txt
            </a>
          </p>
<p>
            (where <em class="replaceable"><code>xxxx</code></em> is
            the number of the RFC). RFCs are also available via the Web at:
          </p>
<p>
            <a href="http://www.ietf.org/rfc/" target="_top">http://www.ietf.org/rfc/</a>.
          </p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2605288"></a>Bibliography</h4></div></div></div>
<div class="bibliodiv">
<h3 class="title">Standards</h3>
<div class="biblioentry">
<a name="id2605299"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
</div>
<div class="biblioentry">
<a name="id2605322"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
<a name="id2605346"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Implementation and
                  Specification</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<a name="proposed_standards"></a>Proposed Standards</h3>
<div class="biblioentry">
<a name="id2605382"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
                  Specification</i>. </span><span class="pubdate">July 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2605409"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
                  Queries</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2605434"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2605459"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2605482"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2605538"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2605564"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2605591"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2605653"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2605683"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2605713"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2605739"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
                       Key Transaction Authentication for DNS
                       (GSS-TSIG)</i>. </span><span class="pubdate">October 2003. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> Security Proposed Standards</h3>
<div class="biblioentry">
<a name="id2605821"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2605848"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
</div>
<div class="biblioentry">
<a name="id2605884"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
<a name="id2605949"></a><p>[<abbr class="abbrev">RFC4034</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
<a name="id2606014"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
                       Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Other Important RFCs About <acronym class="acronym">DNS</acronym>
                Implementation</h3>
<div class="biblioentry">
<a name="id2606088"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
                  Deployed <acronym class="acronym">DNS</acronym> Software.</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2606114"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
                  Errors and Suggested Fixes</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2606182"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2606217"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
                Queries for IPv6 Addresses</i>. </span><span class="pubdate">May 2005. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Resource Record Types</h3>
<div class="biblioentry">
<a name="id2606263"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
</div>
<div class="biblioentry">
<a name="id2606321"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2606358"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
                  the Domain Name System</i>. </span><span class="pubdate">June 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2606393"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
                  Domain
                  Name System</i>. </span><span class="pubdate">January 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2606516"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
                  Location of
                  Services.</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2606554"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
                  Distribute MIXER
                  Conformant Global Address Mapping</i>. </span><span class="pubdate">January 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2606580"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2606605"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2606632"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2606659"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2606698"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2606728"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2606758"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2606801"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2606834"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2606860"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2606884"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
                  version 6</i>. </span><span class="pubdate">October 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2606941"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> and the Internet</h3>
<div class="biblioentry">
<a name="id2606973"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
                  and Other Types</i>. </span><span class="pubdate">April 1989. </span></p>
</div>
<div class="biblioentry">
<a name="id2606999"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
                  Support</i>. </span><span class="pubdate">October 1989. </span></p>
</div>
<div class="biblioentry">
<a name="id2607021"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2607045"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2607091"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2607114"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> Operations</h3>
<div class="biblioentry">
<a name="id2607172"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide.</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
<a name="id2607195"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
                  Configuration Errors</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2607222"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
                  Configuration Errors</i>. </span><span class="pubdate">February 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2607249"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers.</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2607285"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
                  Network Services.</i>. </span><span class="pubdate">October 1997. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Internationalized Domain Names</h3>
<div class="biblioentry">
<a name="id2607399"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
                       and the Other Internet protocols</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2607431"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2607477"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2607512"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
                       for Internationalized Domain Names in
                       Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Other <acronym class="acronym">DNS</acronym>-related RFCs</h3>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
                  Note: the following list of RFCs, although
                  <acronym class="acronym">DNS</acronym>-related, are not
                  concerned with implementing software.
                </p>
</div>
<div class="biblioentry">
<a name="id2607557"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
                  Attributes</i>. </span><span class="pubdate">May 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2607579"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2607605"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
                  Balancing</i>. </span><span class="pubdate">April 1995. </span></p>
</div>
<div class="biblioentry">
<a name="id2607630"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2607654"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2607700"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2607723"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2607750"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
                       Shared Unicast Addresses</i>. </span><span class="pubdate">April 2002. </span></p>
</div>
<div class="biblioentry">
<a name="id2607776"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Obsolete and Unimplemented Experimental RFC</h3>
<div class="biblioentry">
<a name="id2607819"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
                  Location</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2607877"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2607904"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
                       and Renumbering</i>. </span><span class="pubdate">July 2000. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Obsoleted DNS Security RFCs</h3>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
                  Most of these have been consolidated into RFC4033,
                  RFC4034 and RFC4035 which collectively describe DNSSECbis.
                </p>
</div>
<div class="biblioentry">
<a name="id2607952"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2607991"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2608018"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2608048"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
                       Signing Authority</i>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2608073"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2608100"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
</div>
<div class="biblioentry">
<a name="id2608136"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2608172"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2608199"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
</div>
<div class="biblioentry">
<a name="id2608226"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
                      (RR) Secure Entry Point (SEP) Flag</i>. </span><span class="pubdate">April 2004. </span></p>
</div>
<div class="biblioentry">
<a name="id2608270"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
</div>
</div>
</div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="internet_drafts"></a>Internet Drafts</h3></div></div></div>
<p>
            Internet Drafts (IDs) are rough-draft working documents of
            the Internet Engineering Task Force. They are, in essence, RFCs
            in the preliminary stages of development. Implementors are
            cautioned not
            to regard IDs as archival, and they should not be quoted or cited
            in any formal documents unless accompanied by the disclaimer that
            they are "works in progress." IDs have a lifespan of six months
            after which they are deleted unless updated by their authors.
          </p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2608312"></a>Other Documents About <acronym class="acronym">BIND</acronym>
</h3></div></div></div>
<p></p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2608322"></a>Bibliography</h4></div></div></div>
<div class="biblioentry">
<a name="id2608324"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
</div>
</div>
</div>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="bind9.library"></a>BIND 9 DNS Library Support</h2></div></div></div>
<p>This version of BIND 9 "exports" its internal libraries so
  that they can be used by third-party applications more easily (we
  call them "export" libraries in this document). In addition to
  all major DNS-related APIs BIND 9 is currently using, the export
  libraries provide the following features:</p>
<div class="itemizedlist"><ul type="disc">
<li><p>The newly created "DNS client" module. This is a higher
      level API that provides an interface to name resolution,
      single DNS transaction with a particular server, and dynamic
      update. Regarding name resolution, it supports advanced
      features such as DNSSEC validation and caching. This module
      supports both synchronous and asynchronous mode.</p></li>
<li><p>The new "IRS" (Information Retrieval System) library.
      It provides an interface to parse the traditional resolv.conf
      file and more advanced, DNS-specific configuration file for
      the rest of this package (see the description for the
      dns.conf file below).</p></li>
<li><p>As part of the IRS library, newly implemented standard
      address-name mapping functions, getaddrinfo() and
      getnameinfo(), are provided. They use the DNSSEC-aware
      validating resolver backend, and could use other advanced
      features of the BIND 9 libraries such as caching. The
      getaddrinfo() function resolves both A and AAAA RRs
      concurrently (when the address family is unspecified).</p></li>
<li><p>An experimental framework to support other event
      libraries than BIND 9's internal event task system.</p></li>
</ul></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2609719"></a>Prerequisite</h3></div></div></div>
<p>GNU make is required to build the export libraries (other
  part of BIND 9 can still be built with other types of make). In
  the reminder of this document, "make" means GNU make. Note that
  in some platforms you may need to invoke a different command name
  than "make" (e.g. "gmake") to indicate it's GNU make.</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2609729"></a>Compilation</h3></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>./configure --enable-exportlib <em class="replaceable"><code>[other flags]</code></em></code></strong>
$ <strong class="userinput"><code>make</code></strong>
</pre>
<p>
  This will create (in addition to usual BIND 9 programs) and a
  separate set of libraries under the lib/export directory. For
  example, <code class="filename">lib/export/dns/libdns.a</code> is the archive file of the
  export version of the BIND 9 DNS library. Sample application
  programs using the libraries will also be built under the
  lib/export/samples directory (see below).</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2609753"></a>Installation</h3></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>cd lib/export</code></strong>
$ <strong class="userinput"><code>make install</code></strong>
</pre>
<p>
  This will install library object files under the directory
  specified by the --with-export-libdir configure option (default:
  EPREFIX/lib/bind9), and header files under the directory
  specified by the --with-export-includedir configure option
  (default: PREFIX/include/bind9).
  Root privilege is normally required.
  "<span><strong class="command">make install</strong></span>" at the top directory will do the
  same.
  </p>
<p>
  To see how to build your own
  application after the installation, see
  <code class="filename">lib/export/samples/Makefile-postinstall.in</code>.</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2609784"></a>Known Defects/Restrictions</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li><p>Currently, win32 is not supported for the export
      library. (Normal BIND 9 application can be built as
      before).</p></li>
<li>
<p>The "fixed" RRset order is not (currently) supported in
      the export library. If you want to use "fixed" RRset order
      for, e.g. <span><strong class="command">named</strong></span> while still building the
      export library even without the fixed order support, build
      them separately:
      </p>
<pre class="screen">
$ <strong class="userinput"><code>./configure --enable-fixed-rrset <em class="replaceable"><code>[other flags, but not --enable-exportlib]</code></em></code></strong>
$ <strong class="userinput"><code>make</code></strong>
$ <strong class="userinput"><code>./configure --enable-exportlib <em class="replaceable"><code>[other flags, but not --enable-fixed-rrset]</code></em></code></strong>
$ <strong class="userinput"><code>cd lib/export</code></strong>
$ <strong class="userinput"><code>make</code></strong>
</pre>
<p>
    </p>
</li>
<li><p>The client module and the IRS library currently do not
      support DNSSEC validation using DLV (the underlying modules
      can handle it, but there is no tunable interface to enable
      the feature).</p></li>
<li><p>RFC 5011 is not supported in the validating stub
      resolver of the export library. In fact, it is not clear
      whether it should: trust anchors would be a system-wide
      configuration which would be managed by an administrator,
      while the stub resolver will be used by ordinary applications
      run by a normal user.</p></li>
<li><p>Not all common <code class="filename">/etc/resolv.conf</code>
      options are supported
      in the IRS library. The only available options in this
      version are "debug" and "ndots".</p></li>
</ul></div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2609861"></a>The dns.conf File</h3></div></div></div>
<p>The IRS library supports an "advanced" configuration file
  related to the DNS library for configuration parameters that
  would be beyond the capability of the
  <code class="filename">resolv.conf</code> file.
  Specifically, it is intended to provide DNSSEC related
  configuration parameters. By default the path to this
  configuration file is <code class="filename">/etc/dns.conf</code>.
  This module is very
  experimental and the configuration syntax or library interfaces
  may change in future versions. Currently, only the
  <span><strong class="command">trusted-keys</strong></span>
  statement is supported, whose syntax is the same as the same name
  of statement for <code class="filename">named.conf</code>. (See
  <a href="Bv9ARM.ch06.html#trusted-keys" title="trusted-keys Statement Grammar">the section called &#8220;<span><strong class="command">trusted-keys</strong></span> Statement Grammar&#8221;</a> for details.)</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2609888"></a>Sample Applications</h3></div></div></div>
<p>Some sample application programs using this API are
  provided for reference. The following is a brief description of
  these applications.
  </p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2609896"></a>sample: a simple stub resolver utility</h4></div></div></div>
<p>
  It sends a query of a given name (of a given optional RR type) to a
  specified recursive server, and prints the result as a list of
  RRs. It can also act as a validating stub resolver if a trust
  anchor is given via a set of command line options.</p>
<p>
  Usage: sample [options] server_address hostname
  </p>
<p>
  Options and Arguments:
  </p>
<div class="variablelist"><dl>
<dt><span class="term">
  -t RRtype
  </span></dt>
<dd><p>
        specify the RR type of the query.  The default is the A RR.
  </p></dd>
<dt><span class="term">
  [-a algorithm] [-e] -k keyname -K keystring
  </span></dt>
<dd>
<p>
        specify a command-line DNS key to validate the answer.  For
        example, to specify the following DNSKEY of example.com:
</p>
<div class="literallayout"><p><br>
                example.com. 3600 IN DNSKEY 257 3 5 xxx<br>
</p></div>
<p>
        specify the options as follows:
</p>
<pre class="screen">
<strong class="userinput"><code>
          -e -k example.com -K "xxx"
</code></strong>
</pre>
<p>
        -e means that this key is a zone's "key signing key" (as known
        as "secure Entry point").
        When -a is omitted rsasha1 will be used by default.
  </p>
</dd>
<dt><span class="term">
  -s domain:alt_server_address
  </span></dt>
<dd><p>
         specify a separate recursive server address for the specific
        "domain".  Example: -s example.com:2001:db8::1234
  </p></dd>
<dt><span class="term">server_address</span></dt>
<dd><p>
        an IP(v4/v6) address of the recursive server to which queries
        are sent.
  </p></dd>
<dt><span class="term">hostname</span></dt>
<dd><p>
        the domain name for the query
  </p></dd>
</dl></div>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2609987"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div>
<p>
  Similar to "sample", but accepts a list
  of (query) domain names as a separate file and resolves the names
  asynchronously.</p>
<p>
    Usage: sample-async [-s server_address] [-t RR_type] input_file</p>
<p>
 Options and Arguments:
  </p>
<div class="variablelist"><dl>
<dt><span class="term">
   -s server_address
   </span></dt>
<dd>
   an IPv4 address of the recursive server to which queries are sent.
  (IPv6 addresses are not supported in this implementation)
  </dd>
<dt><span class="term">
   -t RR_type
  </span></dt>
<dd>
  specify the RR type of the queries. The default is the A
  RR.
  </dd>
<dt><span class="term">
   input_file
  </span></dt>
<dd>
   a list of domain names to be resolved. each line
  consists of a single domain name. Example:
  <div class="literallayout"><p><br>
  www.example.com<br>
  mx.examle.net<br>
  ns.xxx.example<br>
</p></div>
</dd>
</dl></div>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2610313"></a>sample-request: a simple DNS transaction client</h4></div></div></div>
<p>
  It sends a query to a specified server, and
  prints the response with minimal processing. It doesn't act as a
  "stub resolver": it stops the processing once it gets any
  response from the server, whether it's a referral or an alias
  (CNAME or DNAME) that would require further queries to get the
  ultimate answer. In other words, this utility acts as a very
  simplified <span><strong class="command">dig</strong></span>.
  </p>
<p>
  Usage: sample-request [-t RRtype] server_address hostname
  </p>
<p>
    Options and Arguments:
  </p>
<div class="variablelist"><dl>
<dt><span class="term">
   -t RRtype
  </span></dt>
<dd><p>
  specify the RR type of
  the queries. The default is the A RR.
  </p></dd>
<dt><span class="term">
  server_address
  </span></dt>
<dd><p>
   an IP(v4/v6)
  address of the recursive server to which the query is sent.
  </p></dd>
<dt><span class="term">
  hostname
  </span></dt>
<dd><p>
  the domain name for the query
  </p></dd>
</dl></div>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2610377"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div>
<p>
  This is a test program
  to check getaddrinfo() and getnameinfo() behavior. It takes a
  host name as an argument, calls getaddrinfo() with the given host
  name, and calls getnameinfo() with the resulting IP addresses
  returned by getaddrinfo(). If the dns.conf file exists and
  defines a trust anchor, the underlying resolver will act as a
  validating resolver, and getaddrinfo()/getnameinfo() will fail
  with an EAI_INSECUREDATA error when DNSSEC validation fails.
  </p>
<p>
  Usage: sample-gai hostname
  </p>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2610392"></a>sample-update: a simple dynamic update client program</h4></div></div></div>
<p>
  It accepts a single update command as a
  command-line argument, sends an update request message to the
  authoritative server, and shows the response from the server. In
  other words, this is a simplified <span><strong class="command">nsupdate</strong></span>.
  </p>
<p>
   Usage: sample-update [options] (add|delete) "update data"
  </p>
<p>
  Options and Arguments:
  </p>
<div class="variablelist"><dl>
<dt><span class="term">
  -a auth_server
   </span></dt>
<dd><p>
        An IP address of the authoritative server that has authority
        for the zone containing the update name.  This should normally
        be the primary authoritative server that accepts dynamic
        updates.  It can also be a secondary server that is configured
        to forward update requests to the primary server.
   </p></dd>
<dt><span class="term">
  -k keyfile
   </span></dt>
<dd><p>
        A TSIG key file to secure the update transaction.  The keyfile
        format is the same as that for the nsupdate utility.
   </p></dd>
<dt><span class="term">
  -p prerequisite
   </span></dt>
<dd><p>
        A prerequisite for the update (only one prerequisite can be
        specified).  The prerequisite format is the same as that is
        accepted by the nsupdate utility.
   </p></dd>
<dt><span class="term">
  -r recursive_server
   </span></dt>
<dd><p>
        An IP address of a recursive server that this utility will
        use.  A recursive server may be necessary to identify the
        authoritative server address to which the update request is
        sent.
   </p></dd>
<dt><span class="term">
  -z zonename
   </span></dt>
<dd><p>
        The domain name of the zone that contains
   </p></dd>
<dt><span class="term">
  (add|delete)
   </span></dt>
<dd><p>
        Specify the type of update operation.  Either "add" or "delete"
        must be specified.
   </p></dd>
<dt><span class="term">
  "update data"
   </span></dt>
<dd><p>
        Specify the data to be updated.  A typical example of the data
        would look like "name TTL RRtype RDATA".
  </p></dd>
</dl></div>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>In practice, either -a or -r must be specified.  Others can
   be optional; the underlying library routine tries to identify the
   appropriate server and the zone name for the update.</div>
<p>
   Examples: assuming the primary authoritative server of the
   dynamic.example.com zone has an IPv6 address 2001:db8::1234,
   </p>
<pre class="screen">
$ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key add "foo.dynamic.example.com 30 IN A 192.168.2.1"</code></strong></pre>
<p>
     adds an A RR for foo.dynamic.example.com using the given key.
   </p>
<pre class="screen">
$ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dynamic.example.com 30 IN A"</code></strong></pre>
<p>
     removes all A RRs for foo.dynamic.example.com using the given key.
   </p>
<pre class="screen">   
$ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dynamic.example.com"</code></strong></pre>
<p>
     removes all RRs for foo.dynamic.example.com using the given key.
   </p>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2610865"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div>
<p>
  It checks a set
  of domains to see the name servers of the domains behave
  correctly in terms of RFC 4074. This is included in the set of
  sample programs to show how the export library can be used in a
  DNS-related application.
  </p>
<p>
 Usage: nsprobe [-d] [-v [-v...]] [-c cache_address] [input_file]
  </p>
<p>
   Options
  </p>
<div class="variablelist"><dl>
<dt><span class="term">
  -d
  </span></dt>
<dd><p>
        run in the "debug" mode.  with this option nsprobe will dump
        every RRs it receives.
  </p></dd>
<dt><span class="term">
  -v
  </span></dt>
<dd><p>
        increase verbosity of other normal log messages.  This can be
        specified multiple times
  </p></dd>
<dt><span class="term">
  -c cache_address
  </span></dt>
<dd><p>
        specify an IP address of a recursive (caching) name server.
        nsprobe uses this server to get the NS RRset of each domain and
        the A and/or AAAA RRsets for the name servers.  The default
        value is 127.0.0.1.
  </p></dd>
<dt><span class="term">
  input_file
  </span></dt>
<dd><p>
        a file name containing a list of domain (zone) names to be
        probed.  when omitted the standard input will be used.  Each
        line of the input file specifies a single domain name such as
        "example.com".  In general this domain name must be the apex
        name of some DNS zone (unlike normal "host names" such as
        "www.example.com").  nsprobe first identifies the NS RRsets for
        the given domain name, and sends A and AAAA queries to these
        servers for some "widely used" names under the zone;
        specifically, adding "www" and "ftp" to the zone name.
  </p></dd>
</dl></div>
</div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2610929"></a>Library References</h3></div></div></div>
<p>As of this writing, there is no formal "manual" of the
  libraries, except this document, header files (some of them
  provide pretty detailed explanations), and sample application
  programs.</p>
</div>
</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left">
<a accesskey="p" href="Bv9ARM.ch08.html">Prev</a> </td>
<td width="20%" align="center"> </td>
<td width="40%" align="right"> <a accesskey="n" href="Bv9ARM.ch10.html">Next</a>
</td>
</tr>
<tr>
<td width="40%" align="left" valign="top">Chapter 8. Troubleshooting </td>
<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
<td width="40%" align="right" valign="top"> Manual pages</td>
</tr>
</table>
</div>
</body>
</html>