-
Notifications
You must be signed in to change notification settings - Fork 5
/
metazone.5.html
201 lines (190 loc) · 8.44 KB
/
metazone.5.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
<!--
HTML for nsnotifyd web pages
Written by Tony Finch <[email protected]> in Cambridge.
Permission is hereby granted to use, copy, modify, and/or
distribute this software for any purpose with or without fee.
This software is provided 'as is', without warranty of any kind.
In no event shall the authors be liable for any damages arising
from the use of this software.
SPDX-License-Identifier: 0BSD OR MIT-0
-->
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8"/>
<link rel="stylesheet" href="mandoc.css" type="text/css" media="all"/>
<link rel="stylesheet" href="nsnotifyd.css" type="text/css" media="all"/>
<title>nsnotifyd: scripted DNS NOTIFY handler</title>
</head>
<body>
<header>
<h1>
<a href="https://dotat.at/prog/nsnotifyd/">
<img src="https://dotat.at/graphics/dotat-32.png" alt="dotat">
<tt>nsnotifyd</tt>: scripted DNS NOTIFY handler
</a>
</h1>
</header>
<table class="head">
<tr>
<td class="head-ltitle">METAZONE(5)</td>
<td class="head-vol">File Formats Manual (dns file formats manual)</td>
<td class="head-rtitle">METAZONE(5)</td>
</tr>
</table>
<div class="manual-text">
<section class="Sh">
<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1>
<p class="Pp"><code class="Nm">metazone</code> — <span class="Nd">BIND
configuration in a DNS zone</span></p>
</section>
<section class="Sh">
<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1>
<p class="Pp">A “metazone” is a DNS zone that describes the
configuration of other DNS zones.</p>
<p class="Pp">Metazones allow you to use standard DNS mechanisms - AXFR, IXFR,
NOTIFY, UPDATE - to control the configuration of multiple name servers,
instead of using a separate out-of-band distribution system.</p>
<p class="Pp">The <code class="Nm">metazone</code> program converts between
metazones and <span class="Pa">named.conf</span> fragments in either
direction.</p>
</section>
<section class="Sh">
<h1 class="Sh" id="STRUCTURE"><a class="permalink" href="#STRUCTURE">STRUCTURE</a></h1>
<section class="Ss">
<h2 class="Ss" id="Apex"><a class="permalink" href="#Apex">Apex</a></h2>
<p class="Pp">A metazone has apex SOA and NS resource records as required by the
DNS protocol. The SOA record is used for zone refresh timing and to locate
the primary master, in the usual way. The NS resource records will never be
used and are just placeholders required by the protocol.</p>
<p class="Pp">The SOA MINIMUM field is used for the version number of the
metazone format. The format specified in this manual is 44.</p>
</section>
<section class="Ss">
<h2 class="Ss" id="Views"><a class="permalink" href="#Views">Views</a></h2>
<p class="Pp">Immediately under the apex are a number of single-label
subdomains. When the metazone is converted to
<span class="Pa">named.conf</span> syntax, the zone configurations are
written to multiple files, one for each subdomain:</p>
<p class="Pp"></p>
<div class="Bd
Bd-indent"><span class="Pa">named.zones.</span>⟨view⟩</div>
<p class="Pp">This allows you to have a single metazone containing the
configuration for multiple views. (When you have <b class="Sy">in-view</b>
zones, the configurations for multiple views must be updated in sync.)</p>
<p class="Pp">A number of view names are reserved for compatibility with other
metazone formats:</p>
<table class="Bl-column Bd-indent">
<tr id="allow-query">
<td><a class="permalink" href="#allow-query"><b class="Sy">allow-query</b></a></td>
<td><a class="permalink" href="#allow-transfer"><b class="Sy" id="allow-transfer">allow-transfer</b></a></td>
<td><a class="permalink" href="#also-notify"><b class="Sy" id="also-notify">also-notify</b></a></td>
</tr>
<tr id="server-addresses">
<td><a class="permalink" href="#server-addresses"><b class="Sy">server-addresses</b></a></td>
<td><a class="permalink" href="#server-names"><b class="Sy" id="server-names">server-names</b></a></td>
<td><a class="permalink" href="#servers"><b class="Sy" id="servers">servers</b></a></td>
</tr>
<tr id="in-view">
<td><a class="permalink" href="#in-view"><b class="Sy">in-view</b></a></td>
<td><a class="permalink" href="#masters"><b class="Sy" id="masters">masters</b></a></td>
<td><a class="permalink" href="#zones"><b class="Sy" id="zones">zones</b></a></td>
</tr>
<tr id="view">
<td><a class="permalink" href="#view"><b class="Sy">view</b></a></td>
<td><a class="permalink" href="#zones~2"><b class="Sy" id="zones~2">zones</b></a></td>
<td><b class="Sy"></b></td>
</tr>
</table>
</section>
<section class="Ss">
<h2 class="Ss" id="Zones"><a class="permalink" href="#Zones">Zones</a></h2>
<p class="Pp">Each zone configuration is represented in the metazone using one
TXT resource record. The owner of the TXT record is</p>
<p class="Pp"></p>
<div class="Bd
Bd-indent">⟨<var class="Ar">zone</var>⟩.⟨<var class="Ar">view</var>⟩.⟨<var class="Ar">metazone</var>⟩</div>
<p class="Pp">The TXT RDATA contains the zone's configuration clause.</p>
<p class="Pp">Note that if you need a configuration clause longer than 255
bytes, you can use one TXT record containing multiple strings. The strings
are concatenated to form the configuration clause. You must not use multiple
TXT records because you cannot control their order.</p>
</section>
</section>
<section class="Sh">
<h1 class="Sh" id="EXAMPLE"><a class="permalink" href="#EXAMPLE">EXAMPLE</a></h1>
<div class="Bd Li">
<pre>; This name for the metazone cannot collide with a real domain.
$ORIGIN _metazone.
; The required apex records.
$TTL 1h
@ SOA localhost. hostmaster.localhost. (
1436531696 1h 1h 1w 44 )
@ NS localhost.
; Configuration for the "int" view
$ORIGIN int._metazone.
example.org TXT ( "{"
" type slave;"
" masters { ns-pri-int; };"
" allow-query { internal; };"
" allow-transfer { internal; };"
"};" )
; Configuration for the "ext" view
$ORIGIN ext._metazone.
example.org TXT ( "{"
" type slave;"
" masters { ns-pri-ext; };"
" allow-transfer { xfer-2nd; };"
" also-notify { notify-2nd; };"
"};" )</pre>
</div>
</section>
<section class="Sh">
<h1 class="Sh" id="COMPATIBILITY"><a class="permalink" href="#COMPATIBILITY">COMPATIBILITY</a></h1>
<p class="Pp">The metazone structure described in this manual is significantly
different from the original metazone design by Paul Vixie.</p>
<p class="Pp">We use Vixie's format numbering scheme. Vixie metazones have
format number 42. Our metazones have format number 44. The reserved view
names in our scheme are a superset of the keywords used by Vixie
metazones.</p>
<p class="Pp">Vixie metazones encode the configuration for a zone in multiple
RRsets. This encoding requires a relatively complicated translated into a
name server configuration. However, Vixie metazones are designed to be
interoperable across multiple name server implementations.</p>
<p class="Pp">Our metazones are specific to BIND, since they include literal
<span class="Pa">named.conf</span> snippets, and do not make any attempt to
support other name server implementations.</p>
</section>
<section class="Sh">
<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE
ALSO</a></h1>
<p class="Pp"><a class="Xr">metazone(1)</a>, <a class="Xr">nsnotifyd(1)</a>,
<a class="Xr">named.conf(5)</a></p>
<p class="Pp"><cite class="Rs"><span class="RsA">Paul Vixie</span>,
<span class="RsT">Federated domain name service using DNS metazones</span>,
<a class="RsU" href="http://ss.vix.su/~vixie/mz.pdf">http://ss.vix.su/~vixie/mz.pdf</a>,
<span class="RsD">June 2005</span>.</cite></p>
</section>
<section class="Sh">
<h1 class="Sh" id="AUTHOR"><a class="permalink" href="#AUTHOR">AUTHOR</a></h1>
<p class="Pp"><span class="An">Tony Finch</span>
⟨<code class="Li">[email protected]</code>⟩</p>
</section>
</div>
<table class="foot">
<tr>
<td class="foot-date">December 5, 2024</td>
<td class="foot-os">DNS</td>
</tr>
</table>
<!-- SPDX-License-Identifier: 0BSD OR MIT-0 -->
<footer>
<address>
<a href="https://dotat.at/prog/nsnotifyd/"><tt>nsnotifyd</tt></a>
was written by
<a href="https://dotat.at/">Tony Finch</a>
<<a href="mailto:[email protected]">[email protected]</a>>
</address>
</footer>
</body>
</html>