- Executando o BIND em ambiente chroot - http://www.psionic.com/papers/dns/dns-linux/
----------------------------------------------------------------
- Running Non-Root:

Recent versions of named can be invoked with options that specify a non-root
user and/or group for named.  Read the named man page for more information.
Note that if you run named as a user other than root, it will not be able to
find new interfaces that appear dynamically, such as during a PCMCIA card
insertion, or if you're running some flavors of IPSEC and/or IP over IP
tunnels.  If you can live with those limitations, feel free to edit the
/etc/init.d/bind script to add appropriate options to the invocation of named.
Because of the issues, I do *not* want to ship the Debian package running
non-root by default... it would be very confusing to many users.

-----------------------------------------------------------------
- O que  BIND
BIND (Berkeley Internet Name Domain) is an implementation of DNS, both
server and client.  Development of BIND is funded by the Internet Software
Consortium and is coordinated by Paul Vixie.  BIND has been ported to
Windows NT and VMS, but is most often found on Unix.  BIND source code is
freely available and very complex; most of the development on the DNS
protocols is based on this code; and most Unix vendors ship BIND-derived
DNS implementations.  As a result, the BIND name server is the most widely
used name server on the Internet.  In common usage, `BIND' usually refers
to the name server that is part of the BIND distribution, and sometimes to
name servers in general (whether BIND-derived or not).

Version 4 is the last "traditional" BIND -- the one everybody on the
Internet runs, except a few hundred sites running...

Version 8 has been called "BIND-ng" (Next Generation).   Many new features
are found in version 8.


BIND-8.1 has the following features:

* DNS Dynamic Updates (RFC 2136)
* DNS Change Notification (RFC 1996)
* Completely new configuration syntax
* Flexible, categorized logging system
* IP-address-based access control for queries, zone transfers, and updates
  that may be specified on a zone-by-zone basis
* More efficient zone transfers
* Improved performance for servers with thousands of zones
* The server no longer forks for outbound zone transfers
* Many bug fixes.

Esta seo do guia tem como base a verso 8 do <prgn>bind</prgn> mas nada 
impede que as configuraes mostradas sejam portadas para a verso 4 com certa 
facilidade. 


--------------------------------------------------------
Question 2.7.  How do you find the hostname given the TCP-IP address ?

 Mon Jun 15 21:32:57 EDT 1998

For an address a.b.c.d you can always do:

         % nslookup
         > set q=ptr
         > d.c.b.a.in-addr.arpa.

Most newer version of nslookup (since 4.8.3) will recognize an address, so
you can just say:

         % nslookup a.b.c.d

DiG will work like this also:

         % dig -x a.b.c.d

dig is included in the bind distribution.  host from the bind distribution
may also be used.
-----------------------------------------------
Como registrar um domnio?
Como criar seu prprio dominio para uma rede privada
-----------------------------------------------

In the case where the registration is done by the organization itself, it
still makes the whole process much easier if the ISP is approached for
secondary (see RFC 2182)  servers _before_  the InterNIC is  approached
for registration.

In any case, you will need at least two domain name servers when you
register your domain. Many ISP's are willing to provide primary and/or
secondary name service for their customers.  If you want to register a
domain name ending with .COM, .NET, .ORG, you'll want to take a look to
the InterNIC:

* http://www.internic.net/ -> Registration Services
* internic.net : /templates/domain-template.txt
* gopher://rs.internic.net/

Please note that the InterNIC charges a fee for domain names in the "COM",
"ORG", and "NET".  More information may be found from the Internic at

http://rs.internic.net/domain-info/fee-policy.html.

Note that InterNIC doesn't allocate and assign IP numbers any more. Please
refer to the answer to "How do I get my address assigned from the NIC?" in
this section.

Registration of domain names ending with country code suffixes (ISO 3166 -
.FR, .CH, .SE etc.) is being done by the national domain name registrars
(NICs). 


Many times, registration of a domain name can be initiated by sending
e-mail to the zone contact. You can obtain the contact in the SOA record
for the country, or in a whois server:

         $ nslookup -type=SOA fr.
         origin = ns1.nic.fr
         mail addr = nic.nic.fr
         ...

The mail address to contact in this case is 'nic@nic.fr' (you must
substitute an '@' for the first dot in the mail addr field).
----------------------------------------------------------
uestion 2.11.  How memory and CPU does DNS use ?

Date: Fri Dec  6 01:07:56 EST 1996

It can use quite a bit !  The main thing that BIND needs is memory.   It
uses very little CPU or network bandwidth.   The main  considerations to
keep in mind when planning are:

* How many zones do you have and how large are they ?
* How many clients do you expect to serve and how active are they ?

As an example, here is a snapshot of memory usage from CSIRO Division  of
Mathematics and Statistics, Australia

      Named takes several days to stabilize its memory usage.

When making the plans to set up your servers, you may want to also
consider the following issues:

        A) Server O/S limitations/capacities (which tend to be widely
           divergent from vendor to vendor)
        B) Client resolver behavior (even more widely divergent)
        C) Expected query response time
        D) Redundancy
        E) Desired speed of change propagation
        F) Network bandwidth availability
        G) Number of zones/subdomain-levels desired
        H) Richness of data stored (redundant MX records? HINFO records?)
        I) Ease of administration desired
        J) Network topology (impacts reverse-zone volume)

  Assuming a best-possible case for the factors above, particularly (A), (B),
  (C), (F), (G) & (H), it would be possible to run a 1000-node domain
  using a single lowly 25 or 40 MHz 386 PC with a fairly modest amount of RAM 
  by today's standards, e.g. 4 or 8 Meg.   However, this configuration would 
  be slow, unreliable, and would provide no functionality beyond your basic 
  address-to-name and name-to-address mappings.
 
  Beyond that baseline case, depending on what factors listed above,
  you may want look at other strategies, such splitting up the DNS
  traffic among several machines strategically located, possibly larger ones,
  and/or subdividing your domain itself. There are many options, tradeoffs, 
  and DNS architectural paradigms from which to choose.
-------------------------------------------------------------
uestion 2.19.  What is the cache file

Date: Fri Dec  6 01:15:22 EST 1996

From the "Name Server Operations Guide"

      6.3.  Cache Initialization
 
         6.3.1.  root.cache
 
                 The name server needs to know the servers that
            are  the  authoritative  name  servers for the root
            domain of the network.  To do this we have to prime
            the name server's cache with the addresses of these
            higher authorities.  The location of this  file  is
            specified  in  the  boot  file. ...
--------------------------------------
Question 2.20.  Obtaining the latest cache file

Date: Fri Dec  6 01:15:22 EST 1996

If you have a version of dig running, you may obtain the information with
the command

      dig @a.root-servers.net. . ns

A perl script to handle some possible problems when using this method
from behind a firewall and that can also be used to periodically obtain
the latest cache file was posted to comp.protocols.tcp-ip.domains  during
early October, 1996.  It was posted with the subject "Keeping  db.cache
current". It is available at
http://www.intac.com/~cdp/cptd-faq/current_db_cache.txt.

The latest cache file may also be obtained from the InterNIC via ftp  or
gopher:

      ;       This file is made available by InterNIC registration services
      ;       under anonymous FTP as
      ;           file                /domain/named.root
      ;           on server           FTP.RS.INTERNIC.NET
      ;       -OR- under Gopher at    RS.INTERNIC.NET
      ;           under menu          InterNIC Registration Services (NSI)
      ;              submenu          InterNIC Registration Archives
      ;           file                named.root

-----------------------------------------------------------------------------            

Question 2.25.  What version of bind is running on a server ?

Date: Mon Mar  9 22:15:11 EST 1998

On 4.9+ servers, you may obtain the version of bind running with the
following command:

dig @server.to.query txt chaos version.bind.

and optionally pipe that into 'grep VERSION'.  Please note that this will
not work on an older nameserver.


------------------------------------------------------------------------------


(1) World wide gTLDs - maintained by the InterNIC:
    - COM - Intended for commercial entities - companies, corporations etc.
    - NET - Intended for Internet service providers and similar entities.
    - ORG - Intended for other organizations, which don't fit to the above.

(2) Special status gTLDs
    - EDU - Restricted to 4 year colleges and universities only.
    - INT - Intended for international treaties and infrastructural databases.

(3) US restricted gTLDs
    - GOV - Intended for US Government offices and agencies.
    - MIL - Intended for the US military.
-------------------------------------------------------------------------------
     # of     # of
      bits in  bits in
      network   host
Class  field    field   Internet Protocol address in binary  Ranges
============================================================================
  A      7       24      0NNNNNNN.HHHHHHHH.HHHHHHHH.HHHHHHHH    1-127.x.x.x
  B     14       16      10NNNNNN.NNNNNNNN.HHHHHHHH.HHHHHHHH  128-191.x.x.x
  C     21        8      110NNNNN.NNNNNNNN.NNNNNNNN.HHHHHHHH  192-223.x.x.x
  D     NOTE 1           1110xxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx  224-239.x.x.x
  E     NOTE 2           11110xxx.xxxxxxxx.xxxxxxxx.xxxxxxxx  240-247.x.x.x

   where N represents part of the network address and H represents part of 
   the host address.   When the subnet address is defined, the needed bits 
   are assigned from the host address space.

   NOTE 1: Reserved for multicast groups - RFC 1112
   NOTE 2: Reserved for future use

   127.0.0.1 is reserved for local loopback.

-------------------------------------------------------------------------------


The documentation for BIND 4.9.2 says that the hostname should be set  to
the full domain style name (i.e host.our.domain rather than host).  What
advantages are there in this, and are there any adverse consequences if we
don't?

Paul Vixie likes to do it :-)  He lists a few reasons -

* Sendmail can be configured to just use Dj$w rather than Dj$w.mumble
  where "mumble" is something you have to edit in by hand.  Granted, most
  people use "mumble" elsewhere in their config files ("tack on local
  domain", etc) but why should it be a requirement ?
* The real reason is that not doing it violates a very useful invariant:
    gethostbyname(gethostname) == gethostbyaddr(primary_interface_address)
-------------------------------------------------------------------------------
        

