DNSSEC: Support in zone generator script

[nsc-5.git] / README

diff --git a/README b/README
index 00b31e5db31e792e29c7e01112fa3a9dbb16d145..032e9dab4996e0d29ac6607d690bcf2704ba317d 100644 (file)
--- a/README
+++ b/README
@@ -1,29 +1,29 @@
 
 

-           Domain Name Server Configuration Utilities -- NSC 3.0.2
+            Domain Name Server Configuration Utilities -- NSC 4.0

 
 

-                   (c) 1997--2008 Martin Mares <mj@ucw.cz>
+                   (c) 1997--2011 Martin Mares <mj@ucw.cz>

 
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 ------------------------------------------------------------------------------------
 
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 ------------------------------------------------------------------------------------

-WARNING: NSC has undergone significant changes between versions 2.3 and 2.99b.
-See NEWS for the summary of changes. Most importantly, the configuration files are
-NOT compatible with the old releases.
+WARNING: There were several incompatible changes between versions 3.1 and 4.0.
+         See NEWS for the summary of changes.

 ------------------------------------------------------------------------------------
 
 
    NSC is a set of shell and M4 scripts for easy maintenance of DNS zone files
 ------------------------------------------------------------------------------------
 
 
    NSC is a set of shell and M4 scripts for easy maintenance of DNS zone files

-and name server daemon configuration (currently available only for BIND 8.X,
+and name server daemon configuration (currently available only for BIND 8.x/9.x,

 but easily portable for other daemons). It has been designed to make administration
 of a DNS server a piece of cake (unlike other utilities which resemble more
 an English pudding :-) ), which includes automatic generation of reverse records
 for all your hosts, handling of classless reverse delegations and support for IPv6
 but easily portable for other daemons). It has been designed to make administration
 of a DNS server a piece of cake (unlike other utilities which resemble more
 an English pudding :-) ), which includes automatic generation of reverse records
 for all your hosts, handling of classless reverse delegations and support for IPv6

-(AAAA and PTR in in6.arpa, not A6 and DNAME which seem to be dying out).
+(AAAA and PTR in ip6.arpa, not A6 and DNAME which seem to be dying out).

 
 

-   NSC requires GNU m4 and a POSIX-compatible shell, some of the extra utilities
-require Perl 5. I've tested everything on Linux (Debian Woody), but the whole
-package should run on other unices as well.
+   NSC requires GNU m4, a POSIX-compatible shell and the `md5sum' utility (which
+is present for examile in GNU coreutils). Some of the extra utilities require
+Perl 5. I've tested everything on Linux (Debian Squeeze), but the whole package
+should run on other unices as well.

 
    The whole package can be used and distributed according to the terms of the
 GNU General Public License. See file COPYING in any of the GNU utility archives
 
    The whole package can be used and distributed according to the terms of the
 GNU General Public License. See file COPYING in any of the GNU utility archives


@@ -37,8 +37,8 @@ GNU General Public License. See file COPYING in any of the GNU utility archives
        - Create a directory where all NSC files will reside (e.g., /etc/named)
          and copy everything from the NSC distribution here.
 
        - Create a directory where all NSC files will reside (e.g., /etc/named)
          and copy everything from the NSC distribution here.
 

-       - Symlink /etc/bind/named.conf (or /etc/named.conf or where the config file
-         of your installation of BIND resides) to /etc/named/named.conf
+       - Add an include directive to your BIND configuration file (usually
+         /etc/bind/named.conf), referring to /etc/named/named.conf.

 
        - Change directory to /etc/named
 
 
        - Change directory to /etc/named
 


@@ -48,6 +48,9 @@ GNU General Public License. See file COPYING in any of the GNU utility archives
        - Create cf/<domain-name> for all domains (again, you can easily follow
          the example domains).
 
        - Create cf/<domain-name> for all domains (again, you can easily follow
          the example domains).
 

+       - If you are using BIND 9.x, make the `bak' directory writable
+         by the bind user.
+

        - Run bin/nsconfig (Makefile and named.conf will be generated).
 
        - Run make.
        - Run bin/nsconfig (Makefile and named.conf will be generated).
 
        - Run make.


@@ -55,7 +58,9 @@ GNU General Public License. See file COPYING in any of the GNU utility archives
        - Enjoy your new DNS setup. If everything goes OK, be happy. Else
          write a bug report :-)
 
        - Enjoy your new DNS setup. If everything goes OK, be happy. Else
          write a bug report :-)
 

-       - Every time you modify the domain files
+       - Every time you modify the domain files, re-run make. If you have
+         added or removed domains or changed options which affect named.conf,
+         re-run bin/nsconfig before make.

 
    An interesting companion to this package is the DNS Sleuth -- a DNS zone
 consistency checker. It's a simple utility written in Perl with help of the
 
    An interesting companion to this package is the DNS Sleuth -- a DNS zone
 consistency checker. It's a simple utility written in Perl with help of the


@@ -78,6 +83,7 @@ files and subdirectories:
        m4/                     - M4 scripts (used by the commands)
        zone/                   - primary zone files
        bak/                    - backups of zones we serve as a secondary NS for
        m4/                     - M4 scripts (used by the commands)
        zone/                   - primary zone files
        bak/                    - backups of zones we serve as a secondary NS for

+       hash/                   - hashes of zone files used for detection of changes

        ver/                    - version files where NSC remembers version
                                  numbers of the primary zones
 
        ver/                    - version files where NSC remembers version
                                  numbers of the primary zones
 


@@ -109,6 +115,9 @@ PRIMARY(zone, [extra-files...])
                concatenated to produce a single configuration). See the next
                section for a look inside these files.
 
                concatenated to produce a single configuration). See the next
                section for a look inside these files.
 

+               When the zone name contains a slash (as happens in classless
+               reverse zones), it is replaced by "@" in the cf file name.
+

 SECONDARY(zone, primary)
                Define a zone we run a secondary name server for.
                "primary" is an IP address of the primary name server.
 SECONDARY(zone, primary)
                Define a zone we run a secondary name server for.
                "primary" is an IP address of the primary name server.


@@ -136,6 +145,23 @@ REVERSE(network, primary-files...)
                You can also use the REV macro explicitly, which can be handy
                for example in SECONDARY declarations.
 
                You can also use the REV macro explicitly, which can be handy
                for example in SECONDARY declarations.
 

+ROOTHINT()
+               Insert a definition of hints for reaching root servers into named.conf.
+               This is necessary if you want your DNS server to resolve foreign
+               domains; otherwise, it will only give out authoritative answers
+               for locally defined zones and forward queries. The location of the
+               file with the hints can be set by the ROOTCACHE directive (see below).
+
+FORWARDED(zone, ip...)
+               Define a forwarding zone. All queries are forwarded to the
+               specified name servers.
+
+BLACKHOLE(zone)
+               Define an empty zone according to RFC 6303. This is usually done
+               for zones for which clients are known to erroneously ask queries
+               (e.g., reverse resolving of link-local addresses). The contents
+               served for these zones is taken from cf/blackhole.
+

 ZONE_OPTIONS(`options;
        more options;
 ')
 ZONE_OPTIONS(`options;
        more options;
 ')


@@ -302,12 +328,13 @@ semicolons, text outside macros is ignored.
 The following variables are available:
 
 NAMED_RESTART_CMD      Shell command for restarting the name server daemon
 The following variables are available:
 
 NAMED_RESTART_CMD      Shell command for restarting the name server daemon

-                       (default: ndc restart)
+                       (default: rndc reload)

 
 ROOT                   Root directory of the whole package (default: /etc/named)
 CFDIR                  Directory with config files (default: cf)
 ZONEDIR                        Directory with zone files (default: zone)
 BAKDIR                 Directory with backup files (default: bak)
 
 ROOT                   Root directory of the whole package (default: /etc/named)
 CFDIR                  Directory with config files (default: cf)
 ZONEDIR                        Directory with zone files (default: zone)
 BAKDIR                 Directory with backup files (default: bak)

+HASHDIR                        Directory with zone hashes (default: hash)

 VERSDIR                        Directory with version files (default: var)
 ROOTCACHE              File with the cache of root name servers
 
 VERSDIR                        Directory with version files (default: var)
 ROOTCACHE              File with the cache of root name servers
 


@@ -318,27 +345,19 @@ MINTTL
 NSNAME                 Origin server (default: hostname of your machine)
 MAINTNAME              Domain maintainer name (default: root@NSNAME)
 
 NSNAME                 Origin server (default: hostname of your machine)
 MAINTNAME              Domain maintainer name (default: root@NSNAME)
 

-BIND_OPTIONS           Extra options to put to the options { ... } section of named.conf
-

 For the timing parameters, the following shortcuts are available:
 
 HOURS(n)               Convert hours to seconds
 MINUTES(n)             Convert minutes to seconds
 DAYS(n)                        Convert days to seconds
 
 For the timing parameters, the following shortcuts are available:
 
 HOURS(n)               Convert hours to seconds
 MINUTES(n)             Convert minutes to seconds
 DAYS(n)                        Convert days to seconds
 

-For the BIND_OPTIONS, we offer:
-
-FORWARD(ip...)         Try to ask the given name servers first to see if they
-                       have the reply cached.
-SLAVE(ip...)           Pass all non-local requests to the given name servers.
-

 
 5. Makefile targets
 ~~~~~~~~~~~~~~~~~~~
 The Makefile generated by NSC offers the following targets:
 
        all (default)           - update all zone files and reload the daemon
 
 5. Makefile targets
 ~~~~~~~~~~~~~~~~~~~
 The Makefile generated by NSC offers the following targets:
 
        all (default)           - update all zone files and reload the daemon

-       clean                   - clean all generated zone files and backups
+       clean                   - clean all generated zone files, backups, and hashes

        clobber                 - clean + delete Makefile and named.conf
                                  (wise to do after major reconfigurations)
        distclean               - clobber + delete all version files (use only
        clobber                 - clean + delete Makefile and named.conf
                                  (wise to do after major reconfigurations)
        distclean               - clobber + delete all version files (use only


@@ -442,7 +461,7 @@ However, there is a couple of things you need to care about:
      for the NSC itself and unless documented, messing with them can
      bring surprising results. If you need to use such a name in your
      zone file (maybe you like to shout in your host names :-) ),
      for the NSC itself and unless documented, messing with them can
      bring surprising results. If you need to use such a name in your
      zone file (maybe you like to shout in your host names :-) ),

-     quote it with ` and '.
+     quote it like `this'.

 
   o  Don't use commas, quotes nor parentheses in your record names.
 
 
   o  Don't use commas, quotes nor parentheses in your record names.