103 lines
7.0 KiB
HTML
103 lines
7.0 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="reference" />
|
||
|
<meta name="DC.Title" content="BIND 8 features" />
|
||
|
<meta name="abstract" content="Besides dynamic updates, BIND 8 offers several features to enhance performance of your Domain Name System (DNS) server." />
|
||
|
<meta name="description" content="Besides dynamic updates, BIND 8 offers several features to enhance performance of your Domain Name System (DNS) server." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzakkconceptparent.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzakkinstalling.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzakkscenario5.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzakkconceptdynamic.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzakkplanningsecurity.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2004, 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2004, 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="rzakkconceptbind" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>BIND 8 features</title>
|
||
|
</head>
|
||
|
<body id="rzakkconceptbind"><a name="rzakkconceptbind"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">BIND 8 features</h1>
|
||
|
<div><p>Besides dynamic updates, BIND 8 offers several features to enhance
|
||
|
performance of your Domain Name System (DNS) server.</p>
|
||
|
<div class="section"><p>DNS has been redesigned to use BIND 8 for OS/400<sup>®</sup> V5R1. If you do not have PASE
|
||
|
installed, you can continue to configure and run the previously released OS/400 DNS
|
||
|
server based on BIND 4.9.3. The DNS system requirements topic explains what
|
||
|
you need to run BIND 8-based DNS on your iSeries™ server. Using the new DNS allows
|
||
|
you to take advantage of the following features:</p>
|
||
|
</div>
|
||
|
<div class="section"><h4 class="sectiontitle">Multiple DNS servers running on a single iSeries</h4><p>In
|
||
|
previous releases, only one DNS server can be configured. Now you can configure
|
||
|
multiple DNS servers, or instances. This allows you to set up logical division
|
||
|
between servers. When you create multiple instances, you must explicitly define
|
||
|
the listen-on interface IP addresses for each one. Two DNS instances cannot
|
||
|
listen on the same interface.</p>
|
||
|
<p>One practical application of multiple
|
||
|
servers is split DNS, where one server is authoritative for an internal network,
|
||
|
and a second server is used for external queries. </p>
|
||
|
</div>
|
||
|
<div class="section"><h4 class="sectiontitle">Conditional forwarding</h4><p>Conditional forwarding allows
|
||
|
you to configure your DNS server to fine-tune your forwarding preferences.
|
||
|
You can set a server to forward all queries for which it does not know the
|
||
|
answer. You can set forwarding at a global level, but add exceptions to domains
|
||
|
for which you want to force normal iterative resolution. Or, you can set normal
|
||
|
iterative resolution at the global level, then force forwarding within certain
|
||
|
domains.</p>
|
||
|
</div>
|
||
|
<div class="section"><h4 class="sectiontitle">Secure dynamic updates</h4><p>Dynamic Host Configuration
|
||
|
Protocol (DHCP) and other authorized sources can send dynamic resource record
|
||
|
updates, using Transaction Signatures (TSIG) or source IP address authorization,
|
||
|
or both. This reduces the need for manual updates of zone data while ensuring
|
||
|
that only authorized sources are used for updates.</p>
|
||
|
</div>
|
||
|
<div class="section"><h4 class="sectiontitle">NOTIFY</h4><p>When NOTIFY is turned on, the DNS NOTIFY
|
||
|
function is activated whenever zone data is updated on the primary server.
|
||
|
The primary server sends out a message indicating that data has changed to
|
||
|
all known secondary servers. Secondary servers can then respond with a zone
|
||
|
transfer request for updated zone data. This helps improve secondary server
|
||
|
support by keeping backup zone data current.</p>
|
||
|
</div>
|
||
|
<div class="section"><h4 class="sectiontitle">Zone transfers (IXFR and AXFR)</h4><p> In the past, whenever
|
||
|
secondary servers needed to reload zone data, they had to load the entire
|
||
|
data set in an All zone transfer (AXFR). BIND 8 supports a new zone transfer
|
||
|
method: incremental zone transfer (IXFR). IXFR is a way that other servers
|
||
|
can transfer only changed data, instead of the entire zone.</p>
|
||
|
<p>When enabled
|
||
|
on the primary server, data changes are assigned a flag to indicate that a
|
||
|
change has occurred. When a secondary server requests a zone update in an
|
||
|
IXFR, the primary server will send just the new data. IXFR is especially useful
|
||
|
when a zone is dynamically updated. This transfer reduces the traffic load
|
||
|
by sending smaller amounts of data.</p>
|
||
|
<div class="note"><span class="notetitle">Note:</span> Both the primary server and secondary
|
||
|
server must be IXFR-enabled to use this feature.</div>
|
||
|
</div>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzakkconceptparent.htm" title="This topic explains what Domain Name System (DNS) is and how it works. It also shows the different types of zones that can be defined on a DNS server.">Domain Name System concepts</a></div>
|
||
|
</div>
|
||
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
||
|
<div><a href="rzakkinstalling.htm" title="This topic describes the software requirements to run Domain Name System (DNS) on your iSeries server.">Domain Name System requirements</a></div>
|
||
|
<div><a href="rzakkconceptdynamic.htm" title="OS/400 V5R1 DNS based on BIND 8 supports dynamic updates. These allow outside sources, such as Dynamic Host Configuration Protocol (DHCP), to send updates to the Domain Name System (DNS) server.">Dynamic updates</a></div>
|
||
|
</div>
|
||
|
<div class="relref"><strong>Related reference</strong><br />
|
||
|
<div><a href="rzakkscenario5.htm" title="This example depicts Domain Name System (DNS) operating over a firewall to protect internal data from the Internet, while allowing internal users to access data on the Internet.">Example: Split Domain Name System over firewall</a></div>
|
||
|
<div><a href="rzakkplanningsecurity.htm" title="Domain Name System (DNS) provides security options to limit outside access to your server.">Plan security measures</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|