1<!-- 2 - Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") 3 - Copyright (C) 2000-2003 Internet Software Consortium. 4 - 5 - Permission to use, copy, modify, and/or distribute this software for any 6 - purpose with or without fee is hereby granted, provided that the above 7 - copyright notice and this permission notice appear in all copies. 8 - 9 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15 - PERFORMANCE OF THIS SOFTWARE. 16--> 17<!-- $Id$ --> 18<html> 19<head> 20<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> 21<title>Appendix�A.�Appendices</title> 22<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> 23<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual"> 24<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual"> 25<link rel="prev" href="Bv9ARM.ch08.html" title="Chapter�8.�Troubleshooting"> 26<link rel="next" href="Bv9ARM.ch10.html" title="Manual pages"> 27</head> 28<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"> 29<div class="navheader"> 30<table width="100%" summary="Navigation header"> 31<tr><th colspan="3" align="center">Appendix�A.�Appendices</th></tr> 32<tr> 33<td width="20%" align="left"> 34<a accesskey="p" href="Bv9ARM.ch08.html">Prev</a>�</td> 35<th width="60%" align="center">�</th> 36<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch10.html">Next</a> 37</td> 38</tr> 39</table> 40<hr> 41</div> 42<div class="appendix" lang="en"> 43<div class="titlepage"><div><div><h2 class="title"> 44<a name="Bv9ARM.ch09"></a>Appendix�A.�Appendices</h2></div></div></div> 45<div class="toc"> 46<p><b>Table of Contents</b></p> 47<dl> 48<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603536">Acknowledgments</a></span></dt> 49<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd> 50<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603707">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt> 51<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd> 52<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt> 53<dd><dl> 54<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt> 55<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt> 56<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2607124">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt> 57</dl></dd> 58<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bind9.library">BIND 9 DNS Library Support</a></span></dt> 59<dd><dl> 60<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608280">Prerequisite</a></span></dt> 61<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608290">Compilation</a></span></dt> 62<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608314">Installation</a></span></dt> 63<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608345">Known Defects/Restrictions</a></span></dt> 64<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608422">The dns.conf File</a></span></dt> 65<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608449">Sample Applications</a></span></dt> 66<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609490">Library References</a></span></dt> 67</dl></dd> 68</dl> 69</div> 70<div class="sect1" lang="en"> 71<div class="titlepage"><div><div><h2 class="title" style="clear: both"> 72<a name="id2603536"></a>Acknowledgments</h2></div></div></div> 73<div class="sect2" lang="en"> 74<div class="titlepage"><div><div><h3 class="title"> 75<a name="historical_dns_information"></a>A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym> 76</h3></div></div></div> 77<p> 78 Although the "official" beginning of the Domain Name 79 System occurred in 1984 with the publication of RFC 920, the 80 core of the new system was described in 1983 in RFCs 882 and 81 883. From 1984 to 1987, the ARPAnet (the precursor to today's 82 Internet) became a testbed of experimentation for developing the 83 new naming/addressing scheme in a rapidly expanding, 84 operational network environment. New RFCs were written and 85 published in 1987 that modified the original documents to 86 incorporate improvements based on the working model. RFC 1034, 87 "Domain Names-Concepts and Facilities", and RFC 1035, "Domain 88 Names-Implementation and Specification" were published and 89 became the standards upon which all <acronym class="acronym">DNS</acronym> implementations are 90 built. 91 </p> 92<p> 93 The first working domain name server, called "Jeeves", was 94 written in 1983-84 by Paul Mockapetris for operation on DEC 95 Tops-20 96 machines located at the University of Southern California's 97 Information 98 Sciences Institute (USC-ISI) and SRI International's Network 99 Information 100 Center (SRI-NIC). A <acronym class="acronym">DNS</acronym> server for 101 Unix machines, the Berkeley Internet 102 Name Domain (<acronym class="acronym">BIND</acronym>) package, was 103 written soon after by a group of 104 graduate students at the University of California at Berkeley 105 under 106 a grant from the US Defense Advanced Research Projects 107 Administration 108 (DARPA). 109 </p> 110<p> 111 Versions of <acronym class="acronym">BIND</acronym> through 112 4.8.3 were maintained by the Computer 113 Systems Research Group (CSRG) at UC Berkeley. Douglas Terry, Mark 114 Painter, David Riggle and Songnian Zhou made up the initial <acronym class="acronym">BIND</acronym> 115 project team. After that, additional work on the software package 116 was done by Ralph Campbell. Kevin Dunlap, a Digital Equipment 117 Corporation 118 employee on loan to the CSRG, worked on <acronym class="acronym">BIND</acronym> for 2 years, from 1985 119 to 1987. Many other people also contributed to <acronym class="acronym">BIND</acronym> development 120 during that time: Doug Kingston, Craig Partridge, Smoot 121 Carl-Mitchell, 122 Mike Muuss, Jim Bloom and Mike Schwartz. <acronym class="acronym">BIND</acronym> maintenance was subsequently 123 handled by Mike Karels and �ivind Kure. 124 </p> 125<p> 126 <acronym class="acronym">BIND</acronym> versions 4.9 and 4.9.1 were 127 released by Digital Equipment 128 Corporation (now Compaq Computer Corporation). Paul Vixie, then 129 a DEC employee, became <acronym class="acronym">BIND</acronym>'s 130 primary caretaker. He was assisted 131 by Phil Almquist, Robert Elz, Alan Barrett, Paul Albitz, Bryan 132 Beecher, Andrew 133 Partan, Andy Cherenson, Tom Limoncelli, Berthold Paffrath, Fuat 134 Baran, Anant Kumar, Art Harkin, Win Treese, Don Lewis, Christophe 135 Wolfhugel, and others. 136 </p> 137<p> 138 In 1994, <acronym class="acronym">BIND</acronym> version 4.9.2 was sponsored by 139 Vixie Enterprises. Paul 140 Vixie became <acronym class="acronym">BIND</acronym>'s principal 141 architect/programmer. 142 </p> 143<p> 144 <acronym class="acronym">BIND</acronym> versions from 4.9.3 onward 145 have been developed and maintained 146 by the Internet Systems Consortium and its predecessor, 147 the Internet Software Consortium, with support being provided 148 by ISC's sponsors. 149 </p> 150<p> 151 As co-architects/programmers, Bob Halley and 152 Paul Vixie released the first production-ready version of 153 <acronym class="acronym">BIND</acronym> version 8 in May 1997. 154 </p> 155<p> 156 BIND version 9 was released in September 2000 and is a 157 major rewrite of nearly all aspects of the underlying 158 BIND architecture. 159 </p> 160<p> 161 BIND versions 4 and 8 are officially deprecated. 162 No additional development is done 163 on BIND version 4 or BIND version 8. 164 </p> 165<p> 166 <acronym class="acronym">BIND</acronym> development work is made 167 possible today by the sponsorship 168 of several corporations, and by the tireless work efforts of 169 numerous individuals. 170 </p> 171</div> 172</div> 173<div class="sect1" lang="en"> 174<div class="titlepage"><div><div><h2 class="title" style="clear: both"> 175<a name="id2603707"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div> 176<div class="sect2" lang="en"> 177<div class="titlepage"><div><div><h3 class="title"> 178<a name="ipv6addresses"></a>IPv6 addresses (AAAA)</h3></div></div></div> 179<p> 180 IPv6 addresses are 128-bit identifiers for interfaces and 181 sets of interfaces which were introduced in the <acronym class="acronym">DNS</acronym> to facilitate 182 scalable Internet routing. There are three types of addresses: <span class="emphasis"><em>Unicast</em></span>, 183 an identifier for a single interface; 184 <span class="emphasis"><em>Anycast</em></span>, 185 an identifier for a set of interfaces; and <span class="emphasis"><em>Multicast</em></span>, 186 an identifier for a set of interfaces. Here we describe the global 187 Unicast address scheme. For more information, see RFC 3587, 188 "Global Unicast Address Format." 189 </p> 190<p> 191 IPv6 unicast addresses consist of a 192 <span class="emphasis"><em>global routing prefix</em></span>, a 193 <span class="emphasis"><em>subnet identifier</em></span>, and an 194 <span class="emphasis"><em>interface identifier</em></span>. 195 </p> 196<p> 197 The global routing prefix is provided by the 198 upstream provider or ISP, and (roughly) corresponds to the 199 IPv4 <span class="emphasis"><em>network</em></span> section 200 of the address range. 201 202 The subnet identifier is for local subnetting, much the 203 same as subnetting an 204 IPv4 /16 network into /24 subnets. 205 206 The interface identifier is the address of an individual 207 interface on a given network; in IPv6, addresses belong to 208 interfaces rather than to machines. 209 </p> 210<p> 211 The subnetting capability of IPv6 is much more flexible than 212 that of IPv4: subnetting can be carried out on bit boundaries, 213 in much the same way as Classless InterDomain Routing 214 (CIDR), and the DNS PTR representation ("nibble" format) 215 makes setting up reverse zones easier. 216 </p> 217<p> 218 The Interface Identifier must be unique on the local link, 219 and is usually generated automatically by the IPv6 220 implementation, although it is usually possible to 221 override the default setting if necessary. A typical IPv6 222 address might look like: 223 <span><strong class="command">2001:db8:201:9:a00:20ff:fe81:2b32</strong></span> 224 </p> 225<p> 226 IPv6 address specifications often contain long strings 227 of zeros, so the architects have included a shorthand for 228 specifying 229 them. The double colon (`::') indicates the longest possible 230 string 231 of zeros that can fit, and can be used only once in an address. 232 </p> 233</div> 234</div> 235<div class="sect1" lang="en"> 236<div class="titlepage"><div><div><h2 class="title" style="clear: both"> 237<a name="bibliography"></a>Bibliography (and Suggested Reading)</h2></div></div></div> 238<div class="sect2" lang="en"> 239<div class="titlepage"><div><div><h3 class="title"> 240<a name="rfcs"></a>Request for Comments (RFCs)</h3></div></div></div> 241<p> 242 Specification documents for the Internet protocol suite, including 243 the <acronym class="acronym">DNS</acronym>, are published as part of 244 the Request for Comments (RFCs) 245 series of technical notes. The standards themselves are defined 246 by the Internet Engineering Task Force (IETF) and the Internet 247 Engineering Steering Group (IESG). RFCs can be obtained online via FTP at: 248 </p> 249<p> 250 <a href="ftp://www.isi.edu/in-notes/" target="_top"> 251 ftp://www.isi.edu/in-notes/RFC<em class="replaceable"><code>xxxx</code></em>.txt 252 </a> 253 </p> 254<p> 255 (where <em class="replaceable"><code>xxxx</code></em> is 256 the number of the RFC). RFCs are also available via the Web at: 257 </p> 258<p> 259 <a href="http://www.ietf.org/rfc/" target="_top">http://www.ietf.org/rfc/</a>. 260 </p> 261<div class="bibliography"> 262<div class="titlepage"><div><div><h4 class="title"> 263<a name="id2603895"></a>Bibliography</h4></div></div></div> 264<div class="bibliodiv"> 265<h3 class="title">Standards</h3> 266<div class="biblioentry"> 267<a name="id2603906"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p> 268</div> 269<div class="biblioentry"> 270<a name="id2603929"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names — Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p> 271</div> 272<div class="biblioentry"> 273<a name="id2603953"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names — Implementation and 274 Specification</i>. </span><span class="pubdate">November 1987. </span></p> 275</div> 276</div> 277<div class="bibliodiv"> 278<h3 class="title"> 279<a name="proposed_standards"></a>Proposed Standards</h3> 280<div class="biblioentry"> 281<a name="id2603989"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym> 282 Specification</i>. </span><span class="pubdate">July 1997. </span></p> 283</div> 284<div class="biblioentry"> 285<a name="id2604016"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym> 286 Queries</i>. </span><span class="pubdate">March 1998. </span></p> 287</div> 288<div class="biblioentry"> 289<a name="id2604041"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p> 290</div> 291<div class="biblioentry"> 292<a name="id2604066"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p> 293</div> 294<div class="biblioentry"> 295<a name="id2604089"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p> 296</div> 297<div class="biblioentry"> 298<a name="id2604145"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p> 299</div> 300<div class="biblioentry"> 301<a name="id2604171"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p> 302</div> 303<div class="biblioentry"> 304<a name="id2604198"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p> 305</div> 306<div class="biblioentry"> 307<a name="id2604260"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p> 308</div> 309<div class="biblioentry"> 310<a name="id2604290"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p> 311</div> 312<div class="biblioentry"> 313<a name="id2604320"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p> 314</div> 315<div class="biblioentry"> 316<a name="id2604346"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret 317 Key Transaction Authentication for DNS 318 (GSS-TSIG)</i>. </span><span class="pubdate">October 2003. </span></p> 319</div> 320</div> 321<div class="bibliodiv"> 322<h3 class="title"> 323<acronym class="acronym">DNS</acronym> Security Proposed Standards</h3> 324<div class="biblioentry"> 325<a name="id2604428"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p> 326</div> 327<div class="biblioentry"> 328<a name="id2604455"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p> 329</div> 330<div class="biblioentry"> 331<a name="id2604491"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p> 332</div> 333<div class="biblioentry"> 334<a name="id2604625"></a><p>[<abbr class="abbrev">RFC4034</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p> 335</div> 336<div class="biblioentry"> 337<a name="id2604690"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS 338 Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p> 339</div> 340</div> 341<div class="bibliodiv"> 342<h3 class="title">Other Important RFCs About <acronym class="acronym">DNS</acronym> 343 Implementation</h3> 344<div class="biblioentry"> 345<a name="id2604763"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely 346 Deployed <acronym class="acronym">DNS</acronym> Software.</i>. </span><span class="pubdate">October 1993. </span></p> 347</div> 348<div class="biblioentry"> 349<a name="id2604789"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation 350 Errors and Suggested Fixes</i>. </span><span class="pubdate">October 1993. </span></p> 351</div> 352<div class="biblioentry"> 353<a name="id2604857"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p> 354</div> 355<div class="biblioentry"> 356<a name="id2604892"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym> 357 Queries for IPv6 Addresses</i>. </span><span class="pubdate">May 2005. </span></p> 358</div> 359</div> 360<div class="bibliodiv"> 361<h3 class="title">Resource Record Types</h3> 362<div class="biblioentry"> 363<a name="id2604938"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p> 364</div> 365<div class="biblioentry"> 366<a name="id2604996"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p> 367</div> 368<div class="biblioentry"> 369<a name="id2605033"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using 370 the Domain Name System</i>. </span><span class="pubdate">June 1997. </span></p> 371</div> 372<div class="biblioentry"> 373<a name="id2605137"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the 374 Domain 375 Name System</i>. </span><span class="pubdate">January 1996. </span></p> 376</div> 377<div class="biblioentry"> 378<a name="id2605191"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the 379 Location of 380 Services.</i>. </span><span class="pubdate">October 1996. </span></p> 381</div> 382<div class="biblioentry"> 383<a name="id2605229"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to 384 Distribute MIXER 385 Conformant Global Address Mapping</i>. </span><span class="pubdate">January 1998. </span></p> 386</div> 387<div class="biblioentry"> 388<a name="id2605255"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p> 389</div> 390<div class="biblioentry"> 391<a name="id2605281"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p> 392</div> 393<div class="biblioentry"> 394<a name="id2605307"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p> 395</div> 396<div class="biblioentry"> 397<a name="id2605334"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p> 398</div> 399<div class="biblioentry"> 400<a name="id2605373"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p> 401</div> 402<div class="biblioentry"> 403<a name="id2605403"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p> 404</div> 405<div class="biblioentry"> 406<a name="id2605433"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p> 407</div> 408<div class="biblioentry"> 409<a name="id2605476"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p> 410</div> 411<div class="biblioentry"> 412<a name="id2605509"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p> 413</div> 414<div class="biblioentry"> 415<a name="id2605536"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p> 416</div> 417<div class="biblioentry"> 418<a name="id2605559"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP 419 version 6</i>. </span><span class="pubdate">October 2003. </span></p> 420</div> 421<div class="biblioentry"> 422<a name="id2605617"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p> 423</div> 424</div> 425<div class="bibliodiv"> 426<h3 class="title"> 427<acronym class="acronym">DNS</acronym> and the Internet</h3> 428<div class="biblioentry"> 429<a name="id2605649"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names 430 and Other Types</i>. </span><span class="pubdate">April 1989. </span></p> 431</div> 432<div class="biblioentry"> 433<a name="id2605674"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and 434 Support</i>. </span><span class="pubdate">October 1989. </span></p> 435</div> 436<div class="biblioentry"> 437<a name="id2605697"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p> 438</div> 439<div class="biblioentry"> 440<a name="id2605720"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p> 441</div> 442<div class="biblioentry"> 443<a name="id2605766"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p> 444</div> 445<div class="biblioentry"> 446<a name="id2605789"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p> 447</div> 448</div> 449<div class="bibliodiv"> 450<h3 class="title"> 451<acronym class="acronym">DNS</acronym> Operations</h3> 452<div class="biblioentry"> 453<a name="id2605847"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide.</i>. </span><span class="pubdate">November 1987. </span></p> 454</div> 455<div class="biblioentry"> 456<a name="id2605870"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File 457 Configuration Errors</i>. </span><span class="pubdate">October 1993. </span></p> 458</div> 459<div class="biblioentry"> 460<a name="id2605897"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and 461 Configuration Errors</i>. </span><span class="pubdate">February 1996. </span></p> 462</div> 463<div class="biblioentry"> 464<a name="id2605924"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers.</i>. </span><span class="pubdate">October 1996. </span></p> 465</div> 466<div class="biblioentry"> 467<a name="id2605960"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for 468 Network Services.</i>. </span><span class="pubdate">October 1997. </span></p> 469</div> 470</div> 471<div class="bibliodiv"> 472<h3 class="title">Internationalized Domain Names</h3> 473<div class="biblioentry"> 474<a name="id2606006"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names, 475 and the Other Internet protocols</i>. </span><span class="pubdate">May 2000. </span></p> 476</div> 477<div class="biblioentry"> 478<a name="id2606038"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p> 479</div> 480<div class="biblioentry"> 481<a name="id2606084"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p> 482</div> 483<div class="biblioentry"> 484<a name="id2606119"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode 485 for Internationalized Domain Names in 486 Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p> 487</div> 488</div> 489<div class="bibliodiv"> 490<h3 class="title">Other <acronym class="acronym">DNS</acronym>-related RFCs</h3> 491<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"> 492<h3 class="title">Note</h3> 493<p> 494 Note: the following list of RFCs, although 495 <acronym class="acronym">DNS</acronym>-related, are not 496 concerned with implementing software. 497 </p> 498</div> 499<div class="biblioentry"> 500<a name="id2606164"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String 501 Attributes</i>. </span><span class="pubdate">May 1993. </span></p> 502</div> 503<div class="biblioentry"> 504<a name="id2606186"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p> 505</div> 506<div class="biblioentry"> 507<a name="id2606212"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load 508 Balancing</i>. </span><span class="pubdate">April 1995. </span></p> 509</div> 510<div class="biblioentry"> 511<a name="id2606306"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p> 512</div> 513<div class="biblioentry"> 514<a name="id2606329"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p> 515</div> 516<div class="biblioentry"> 517<a name="id2606375"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p> 518</div> 519<div class="biblioentry"> 520<a name="id2606398"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p> 521</div> 522<div class="biblioentry"> 523<a name="id2606425"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via 524 Shared Unicast Addresses</i>. </span><span class="pubdate">April 2002. </span></p> 525</div> 526<div class="biblioentry"> 527<a name="id2606451"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p> 528</div> 529</div> 530<div class="bibliodiv"> 531<h3 class="title">Obsolete and Unimplemented Experimental RFC</h3> 532<div class="biblioentry"> 533<a name="id2606494"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical 534 Location</i>. </span><span class="pubdate">November 1994. </span></p> 535</div> 536<div class="biblioentry"> 537<a name="id2606552"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p> 538</div> 539<div class="biblioentry"> 540<a name="id2606579"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation 541 and Renumbering</i>. </span><span class="pubdate">July 2000. </span></p> 542</div> 543</div> 544<div class="bibliodiv"> 545<h3 class="title">Obsoleted DNS Security RFCs</h3> 546<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"> 547<h3 class="title">Note</h3> 548<p> 549 Most of these have been consolidated into RFC4033, 550 RFC4034 and RFC4035 which collectively describe DNSSECbis. 551 </p> 552</div> 553<div class="biblioentry"> 554<a name="id2606695"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p> 555</div> 556<div class="biblioentry"> 557<a name="id2606734"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p> 558</div> 559<div class="biblioentry"> 560<a name="id2606761"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p> 561</div> 562<div class="biblioentry"> 563<a name="id2606791"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC) 564 Signing Authority</i>. </span><span class="pubdate">November 2000. </span></p> 565</div> 566<div class="biblioentry"> 567<a name="id2606817"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p> 568</div> 569<div class="biblioentry"> 570<a name="id2606843"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p> 571</div> 572<div class="biblioentry"> 573<a name="id2606880"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p> 574</div> 575<div class="biblioentry"> 576<a name="id2606916"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p> 577</div> 578<div class="biblioentry"> 579<a name="id2606942"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p> 580</div> 581<div class="biblioentry"> 582<a name="id2607037"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record 583 (RR) Secure Entry Point (SEP) Flag</i>. </span><span class="pubdate">April 2004. </span></p> 584</div> 585<div class="biblioentry"> 586<a name="id2607082"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p> 587</div> 588</div> 589</div> 590</div> 591<div class="sect2" lang="en"> 592<div class="titlepage"><div><div><h3 class="title"> 593<a name="internet_drafts"></a>Internet Drafts</h3></div></div></div> 594<p> 595 Internet Drafts (IDs) are rough-draft working documents of 596 the Internet Engineering Task Force. They are, in essence, RFCs 597 in the preliminary stages of development. Implementors are 598 cautioned not 599 to regard IDs as archival, and they should not be quoted or cited 600 in any formal documents unless accompanied by the disclaimer that 601 they are "works in progress." IDs have a lifespan of six months 602 after which they are deleted unless updated by their authors. 603 </p> 604</div> 605<div class="sect2" lang="en"> 606<div class="titlepage"><div><div><h3 class="title"> 607<a name="id2607124"></a>Other Documents About <acronym class="acronym">BIND</acronym> 608</h3></div></div></div> 609<p></p> 610<div class="bibliography"> 611<div class="titlepage"><div><div><h4 class="title"> 612<a name="id2607133"></a>Bibliography</h4></div></div></div> 613<div class="biblioentry"> 614<a name="id2607136"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright � 1998 Sebastopol, CA: O'Reilly and Associates. </span></p> 615</div> 616</div> 617</div> 618</div> 619<div class="sect1" lang="en"> 620<div class="titlepage"><div><div><h2 class="title" style="clear: both"> 621<a name="bind9.library"></a>BIND 9 DNS Library Support</h2></div></div></div> 622<p>This version of BIND 9 "exports" its internal libraries so 623 that they can be used by third-party applications more easily (we 624 call them "export" libraries in this document). In addition to 625 all major DNS-related APIs BIND 9 is currently using, the export 626 libraries provide the following features:</p> 627<div class="itemizedlist"><ul type="disc"> 628<li><p>The newly created "DNS client" module. This is a higher 629 level API that provides an interface to name resolution, 630 single DNS transaction with a particular server, and dynamic 631 update. Regarding name resolution, it supports advanced 632 features such as DNSSEC validation and caching. This module 633 supports both synchronous and asynchronous mode.</p></li> 634<li><p>The new "IRS" (Information Retrieval System) library. 635 It provides an interface to parse the traditional resolv.conf 636 file and more advanced, DNS-specific configuration file for 637 the rest of this package (see the description for the 638 dns.conf file below).</p></li> 639<li><p>As part of the IRS library, newly implemented standard 640 address-name mapping functions, getaddrinfo() and 641 getnameinfo(), are provided. They use the DNSSEC-aware 642 validating resolver backend, and could use other advanced 643 features of the BIND 9 libraries such as caching. The 644 getaddrinfo() function resolves both A and AAAA RRs 645 concurrently (when the address family is unspecified).</p></li> 646<li><p>An experimental framework to support other event 647 libraries than BIND 9's internal event task system.</p></li> 648</ul></div> 649<div class="sect2" lang="en"> 650<div class="titlepage"><div><div><h3 class="title"> 651<a name="id2608280"></a>Prerequisite</h3></div></div></div> 652<p>GNU make is required to build the export libraries (other 653 part of BIND 9 can still be built with other types of make). In 654 the reminder of this document, "make" means GNU make. Note that 655 in some platforms you may need to invoke a different command name 656 than "make" (e.g. "gmake") to indicate it's GNU make.</p> 657</div> 658<div class="sect2" lang="en"> 659<div class="titlepage"><div><div><h3 class="title"> 660<a name="id2608290"></a>Compilation</h3></div></div></div> 661<pre class="screen"> 662$ <strong class="userinput"><code>/configure --enable-exportlib <em class="replaceable"><code>[other flags]</code></em></code></strong> 663$ <strong class="userinput"><code>make</code></strong> 664</pre> 665<p> 666 This will create (in addition to usual BIND 9 programs) and a 667 separate set of libraries under the lib/export directory. For 668 example, <code class="filename">lib/export/dns/libdns.a</code> is the archive file of the 669 export version of the BIND 9 DNS library. Sample application 670 programs using the libraries will also be built under the 671 lib/export/samples directory (see below).</p> 672</div> 673<div class="sect2" lang="en"> 674<div class="titlepage"><div><div><h3 class="title"> 675<a name="id2608314"></a>Installation</h3></div></div></div> 676<pre class="screen"> 677$ <strong class="userinput"><code>cd lib/export</code></strong> 678$ <strong class="userinput"><code>make install</code></strong> 679</pre> 680<p> 681 This will install library object files under the directory 682 specified by the --with-export-libdir configure option (default: 683 EPREFIX/lib/bind9), and header files under the directory 684 specified by the --with-export-includedir configure option 685 (default: PREFIX/include/bind9). 686 Root privilege is normally required. 687 "<span><strong class="command">make install</strong></span>" at the top directory will do the 688 same. 689 </p> 690<p> 691 To see how to build your own 692 application after the installation, see 693 <code class="filename">lib/export/samples/Makefile-postinstall.in</code>.</p> 694</div> 695<div class="sect2" lang="en"> 696<div class="titlepage"><div><div><h3 class="title"> 697<a name="id2608345"></a>Known Defects/Restrictions</h3></div></div></div> 698<div class="itemizedlist"><ul type="disc"> 699<li><p>Currently, win32 is not supported for the export 700 library. (Normal BIND 9 application can be built as 701 before).</p></li> 702<li> 703<p>The "fixed" RRset order is not (currently) supported in 704 the export library. If you want to use "fixed" RRset order 705 for, e.g. <span><strong class="command">named</strong></span> while still building the 706 export library even without the fixed order support, build 707 them separately: 708 </p> 709<pre class="screen"> 710$ <strong class="userinput"><code>/configure --enable-fixed-rrset <em class="replaceable"><code>[other flags, but not --enable-exportlib]</code></em></code></strong> 711$ <strong class="userinput"><code>make</code></strong> 712$ <strong class="userinput"><code>/configure --enable-exportlib <em class="replaceable"><code>[other flags, but not --enable-fixed-rrset]</code></em></code></strong> 713$ <strong class="userinput"><code>cd lib/export</code></strong> 714$ <strong class="userinput"><code>make</code></strong> 715</pre> 716<p> 717 </p> 718</li> 719<li><p>The client module and the IRS library currently do not 720 support DNSSEC validation using DLV (the underlying modules 721 can handle it, but there is no tunable interface to enable 722 the feature).</p></li> 723<li><p>RFC 5011 is not supported in the validating stub 724 resolver of the export library. In fact, it is not clear 725 whether it should: trust anchors would be a system-wide 726 configuration which would be managed by an administrator, 727 while the stub resolver will be used by ordinary applications 728 run by a normal user.</p></li> 729<li><p>Not all common <code class="filename">/etc/resolv.conf</code> 730 options are supported 731 in the IRS library. The only available options in this 732 version are "debug" and "ndots".</p></li> 733</ul></div> 734</div> 735<div class="sect2" lang="en"> 736<div class="titlepage"><div><div><h3 class="title"> 737<a name="id2608422"></a>The dns.conf File</h3></div></div></div> 738<p>The IRS library supports an "advanced" configuration file 739 related to the DNS library for configuration parameters that 740 would be beyond the capability of the 741 <code class="filename">resolv.conf</code> file. 742 Specifically, it is intended to provide DNSSEC related 743 configuration parameters. By default the path to this 744 configuration file is <code class="filename">/etc/dns.conf</code>. 745 This module is very 746 experimental and the configuration syntax or library interfaces 747 may change in future versions. Currently, only the 748 <span><strong class="command">trusted-keys</strong></span> 749 statement is supported, whose syntax is the same as the same name 750 of statement for <code class="filename">named.conf</code>. (See 751 <a href="Bv9ARM.ch06.html#trusted-keys" title="trusted-keys Statement Grammar">the section called “<span><strong class="command">trusted-keys</strong></span> Statement Grammar”</a> for details.)</p> 752</div> 753<div class="sect2" lang="en"> 754<div class="titlepage"><div><div><h3 class="title"> 755<a name="id2608449"></a>Sample Applications</h3></div></div></div> 756<p>Some sample application programs using this API are 757 provided for reference. The following is a brief description of 758 these applications. 759 </p> 760<div class="sect3" lang="en"> 761<div class="titlepage"><div><div><h4 class="title"> 762<a name="id2608457"></a>sample: a simple stub resolver utility</h4></div></div></div> 763<p> 764 It sends a query of a given name (of a given optional RR type) to a 765 specified recursive server, and prints the result as a list of 766 RRs. It can also act as a validating stub resolver if a trust 767 anchor is given via a set of command line options.</p> 768<p> 769 Usage: sample [options] server_address hostname 770 </p> 771<p> 772 Options and Arguments: 773 </p> 774<div class="variablelist"><dl> 775<dt><span class="term"> 776 -t RRtype 777 </span></dt> 778<dd><p> 779 specify the RR type of the query. The default is the A RR. 780 </p></dd> 781<dt><span class="term"> 782 [-a algorithm] [-e] -k keyname -K keystring 783 </span></dt> 784<dd> 785<p> 786 specify a command-line DNS key to validate the answer. For 787 example, to specify the following DNSKEY of example.com: 788</p> 789<div class="literallayout"><p><br> 790����������������example.com.�3600�IN�DNSKEY�257�3�5�xxx<br> 791</p></div> 792<p> 793 specify the options as follows: 794</p> 795<pre class="screen"> 796<strong class="userinput"><code> 797 -e -k example.com -K "xxx" 798</code></strong> 799</pre> 800<p> 801 -e means that this key is a zone's "key signing key" (as known 802 as "secure Entry point"). 803 When -a is omitted rsasha1 will be used by default. 804 </p> 805</dd> 806<dt><span class="term"> 807 -s domain:alt_server_address 808 </span></dt> 809<dd><p> 810 specify a separate recursive server address for the specific 811 "domain". Example: -s example.com:2001:db8::1234 812 </p></dd> 813<dt><span class="term">server_address</span></dt> 814<dd><p> 815 an IP(v4/v6) address of the recursive server to which queries 816 are sent. 817 </p></dd> 818<dt><span class="term">hostname</span></dt> 819<dd><p> 820 the domain name for the query 821 </p></dd> 822</dl></div> 823</div> 824<div class="sect3" lang="en"> 825<div class="titlepage"><div><div><h4 class="title"> 826<a name="id2608548"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div> 827<p> 828 Similar to "sample", but accepts a list 829 of (query) domain names as a separate file and resolves the names 830 asynchronously.</p> 831<p> 832 Usage: sample-async [-s server_address] [-t RR_type] input_file</p> 833<p> 834 Options and Arguments: 835 </p> 836<div class="variablelist"><dl> 837<dt><span class="term"> 838 -s server_address 839 </span></dt> 840<dd> 841 an IPv4 address of the recursive server to which queries are sent. 842 (IPv6 addresses are not supported in this implementation) 843 </dd> 844<dt><span class="term"> 845 -t RR_type 846 </span></dt> 847<dd> 848 specify the RR type of the queries. The default is the A 849 RR. 850 </dd> 851<dt><span class="term"> 852 input_file 853 </span></dt> 854<dd> 855 a list of domain names to be resolved. each line 856 consists of a single domain name. Example: 857 <div class="literallayout"><p><br> 858��www.example.com<br> 859��mx.examle.net<br> 860��ns.xxx.example<br> 861</p></div> 862</dd> 863</dl></div> 864</div> 865<div class="sect3" lang="en"> 866<div class="titlepage"><div><div><h4 class="title"> 867<a name="id2608601"></a>sample-request: a simple DNS transaction client</h4></div></div></div> 868<p> 869 It sends a query to a specified server, and 870 prints the response with minimal processing. It doesn't act as a 871 "stub resolver": it stops the processing once it gets any 872 response from the server, whether it's a referral or an alias 873 (CNAME or DNAME) that would require further queries to get the 874 ultimate answer. In other words, this utility acts as a very 875 simplified <span><strong class="command">dig</strong></span>. 876 </p> 877<p> 878 Usage: sample-request [-t RRtype] server_address hostname 879 </p> 880<p> 881 Options and Arguments: 882 </p> 883<div class="variablelist"><dl> 884<dt><span class="term"> 885 -t RRtype 886 </span></dt> 887<dd><p> 888 specify the RR type of 889 the queries. The default is the A RR. 890 </p></dd> 891<dt><span class="term"> 892 server_address 893 </span></dt> 894<dd><p> 895 an IP(v4/v6) 896 address of the recursive server to which the query is sent. 897 </p></dd> 898<dt><span class="term"> 899 hostname 900 </span></dt> 901<dd><p> 902 the domain name for the query 903 </p></dd> 904</dl></div> 905</div> 906<div class="sect3" lang="en"> 907<div class="titlepage"><div><div><h4 class="title"> 908<a name="id2608733"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div> 909<p> 910 This is a test program 911 to check getaddrinfo() and getnameinfo() behavior. It takes a 912 host name as an argument, calls getaddrinfo() with the given host 913 name, and calls getnameinfo() with the resulting IP addresses 914 returned by getaddrinfo(). If the dns.conf file exists and 915 defines a trust anchor, the underlying resolver will act as a 916 validating resolver, and getaddrinfo()/getnameinfo() will fail 917 with an EAI_INSECUREDATA error when DNSSEC validation fails. 918 </p> 919<p> 920 Usage: sample-gai hostname 921 </p> 922</div> 923<div class="sect3" lang="en"> 924<div class="titlepage"><div><div><h4 class="title"> 925<a name="id2608748"></a>sample-update: a simple dynamic update client program</h4></div></div></div> 926<p> 927 It accepts a single update command as a 928 command-line argument, sends an update request message to the 929 authoritative server, and shows the response from the server. In 930 other words, this is a simplified <span><strong class="command">nsupdate</strong></span>. 931 </p> 932<p> 933 Usage: sample-update [options] (add|delete) "update data" 934 </p> 935<p> 936 Options and Arguments: 937 </p> 938<div class="variablelist"><dl> 939<dt><span class="term"> 940 -a auth_server 941 </span></dt> 942<dd><p> 943 An IP address of the authoritative server that has authority 944 for the zone containing the update name. This should normally 945 be the primary authoritative server that accepts dynamic 946 updates. It can also be a secondary server that is configured 947 to forward update requests to the primary server. 948 </p></dd> 949<dt><span class="term"> 950 -k keyfile 951 </span></dt> 952<dd><p> 953 A TSIG key file to secure the update transaction. The keyfile 954 format is the same as that for the nsupdate utility. 955 </p></dd> 956<dt><span class="term"> 957 -p prerequisite 958 </span></dt> 959<dd><p> 960 A prerequisite for the update (only one prerequisite can be 961 specified). The prerequisite format is the same as that is 962 accepted by the nsupdate utility. 963 </p></dd> 964<dt><span class="term"> 965 -r recursive_server 966 </span></dt> 967<dd><p> 968 An IP address of a recursive server that this utility will 969 use. A recursive server may be necessary to identify the 970 authoritative server address to which the update request is 971 sent. 972 </p></dd> 973<dt><span class="term"> 974 -z zonename 975 </span></dt> 976<dd><p> 977 The domain name of the zone that contains 978 </p></dd> 979<dt><span class="term"> 980 (add|delete) 981 </span></dt> 982<dd><p> 983 Specify the type of update operation. Either "add" or "delete" 984 must be specified. 985 </p></dd> 986<dt><span class="term"> 987 "update data" 988 </span></dt> 989<dd><p> 990 Specify the data to be updated. A typical example of the data 991 would look like "name TTL RRtype RDATA". 992 </p></dd> 993</dl></div> 994<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"> 995<h3 class="title">Note</h3>In practice, either -a or -r must be specified. Others can 996 be optional; the underlying library routine tries to identify the 997 appropriate server and the zone name for the update.</div> 998<p> 999 Examples: assuming the primary authoritative server of the 1000 dynamic.example.com zone has an IPv6 address 2001:db8::1234, 1001 </p> 1002<pre class="screen"> 1003$ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key add "foo.dynamic.example.com 30 IN A 192.168.2.1"</code></strong></pre> 1004<p> 1005 adds an A RR for foo.dynamic.example.com using the given key. 1006 </p> 1007<pre class="screen"> 1008$ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dynamic.example.com 30 IN A"</code></strong></pre> 1009<p> 1010 removes all A RRs for foo.dynamic.example.com using the given key. 1011 </p> 1012<pre class="screen"> 1013$ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dynamic.example.com"</code></strong></pre> 1014<p> 1015 removes all RRs for foo.dynamic.example.com using the given key. 1016 </p> 1017</div> 1018<div class="sect3" lang="en"> 1019<div class="titlepage"><div><div><h4 class="title"> 1020<a name="id2609426"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div> 1021<p> 1022 It checks a set 1023 of domains to see the name servers of the domains behave 1024 correctly in terms of RFC 4074. This is included in the set of 1025 sample programs to show how the export library can be used in a 1026 DNS-related application. 1027 </p> 1028<p> 1029 Usage: nsprobe [-d] [-v [-v...]] [-c cache_address] [input_file] 1030 </p> 1031<p> 1032 Options 1033 </p> 1034<div class="variablelist"><dl> 1035<dt><span class="term"> 1036 -d 1037 </span></dt> 1038<dd><p> 1039 run in the "debug" mode. with this option nsprobe will dump 1040 every RRs it receives. 1041 </p></dd> 1042<dt><span class="term"> 1043 -v 1044 </span></dt> 1045<dd><p> 1046 increase verbosity of other normal log messages. This can be 1047 specified multiple times 1048 </p></dd> 1049<dt><span class="term"> 1050 -c cache_address 1051 </span></dt> 1052<dd><p> 1053 specify an IP address of a recursive (caching) name server. 1054 nsprobe uses this server to get the NS RRset of each domain and 1055 the A and/or AAAA RRsets for the name servers. The default 1056 value is 127.0.0.1. 1057 </p></dd> 1058<dt><span class="term"> 1059 input_file 1060 </span></dt> 1061<dd><p> 1062 a file name containing a list of domain (zone) names to be 1063 probed. when omitted the standard input will be used. Each 1064 line of the input file specifies a single domain name such as 1065 "example.com". In general this domain name must be the apex 1066 name of some DNS zone (unlike normal "host names" such as 1067 "www.example.com"). nsprobe first identifies the NS RRsets for 1068 the given domain name, and sends A and AAAA queries to these 1069 servers for some "widely used" names under the zone; 1070 specifically, adding "www" and "ftp" to the zone name. 1071 </p></dd> 1072</dl></div> 1073</div> 1074</div> 1075<div class="sect2" lang="en"> 1076<div class="titlepage"><div><div><h3 class="title"> 1077<a name="id2609490"></a>Library References</h3></div></div></div> 1078<p>As of this writing, there is no formal "manual" of the 1079 libraries, except this document, header files (some of them 1080 provide pretty detailed explanations), and sample application 1081 programs.</p> 1082</div> 1083</div> 1084</div> 1085<div class="navfooter"> 1086<hr> 1087<table width="100%" summary="Navigation footer"> 1088<tr> 1089<td width="40%" align="left"> 1090<a accesskey="p" href="Bv9ARM.ch08.html">Prev</a>�</td> 1091<td width="20%" align="center">�</td> 1092<td width="40%" align="right">�<a accesskey="n" href="Bv9ARM.ch10.html">Next</a> 1093</td> 1094</tr> 1095<tr> 1096<td width="40%" align="left" valign="top">Chapter�8.�Troubleshooting�</td> 1097<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td> 1098<td width="40%" align="right" valign="top">�Manual pages</td> 1099</tr> 1100</table> 1101</div> 1102</body> 1103</html> 1104