4. Name Server Operations 4.名称服务器操作

转载来源：https://bind9.readthedocs.io/en/latest/chapter4.html

4.1. Tools for Use With the Name Server Daemon 4.1.与名称服务器守护程序一起使用的工具 

This section describes several indispensable diagnostic, administrative, and monitoring tools available to the system administrator for controlling and debugging the name server daemon. 本节描述了几个必不可少的诊断、管理和监视工具，系统管理员可以使用这些工具来控制和调试名称服务器守护程序。

4.1.1. Diagnostic Tools 4.1.1.诊断工具 

The dig, host, and nslookup programs are all command-line tools for manually querying name servers. They differ in style and output format. dig 、 host 和 nslookup 程序都是用于手动查询名称服务器的命令行工具。它们在风格和输出格式上有所不同。

• dig

  dig is the most versatile and complete of these lookup tools. It has two modes: simple interactive mode for a single query, and batch mode, which executes a query for each in a list of several query lines. All query options are accessible from the command line. dig 是这些查找工具中最通用和最完整的。它有两种模式：用于单个查询的简单交互模式和批处理模式，它对包含多个查询行的列表中的每个执行一个查询。所有查询选项都可以从命令行访问。For more information and a list of available commands and options, see dig – DNS lookup utility. 有关详细信息以及可用命令和选项的列表，请参阅 dig – DNS 查找实用程序。

• host

  The host utility emphasizes simplicity and ease of use. By default, it converts between host names and Internet addresses, but its functionality can be extended with the use of options. host 实用程序强调简单性和易用性。默认情况下，它在主机名和 Internet 地址之间进行转换，但可以使用选项扩展其功能。For more information and a list of available commands and options, see host – DNS lookup utility. 有关详细信息以及可用命令和选项的列表，请参阅主机 – DNS 查找实用程序。

• nslookup

  nslookup has two modes: interactive and non-interactive. Interactive mode allows the user to query name servers for information about various hosts and domains, or to print a list of hosts in a domain. nslookup 有两种模式：交互和非交互。交互模式允许用户查询名称服务器以获取有关各种主机和域的信息，或打印域中的主机列表。 Non-interactive mode is used to print just the name and requested information for a host or domain. 非交互模式用于仅打印主机或域的名称和请求的信息。Due to its arcane user interface and frequently inconsistent behavior, we do not recommend the use of nslookup. Use dig instead. 由于其神秘的用户界面和经常不一致的行为，我们不建议使用 nslookup 。请改用 dig 。

4.1.2. Administrative Tools 4.1.2.管理工具 

Administrative tools play an integral part in the management of a server. 管理工具在服务器管理中起着不可或缺的作用。

• named-checkconf

  The named-checkconf program checks the syntax of a named.conf file. named-checkconf 程序检查 named.conf 文件的语法。For more information and a list of available commands and options, see named-checkconf – named configuration file syntax checking tool. 有关更多信息以及可用命令和选项的列表，请参阅 named-checkconf – 命名配置文件语法检查工具。

• named-checkzone

  The named-checkzone program checks a zone file for syntax and consistency. named-checkzone 程序检查区域文件的语法和一致性。For more information and a list of available commands and options, see named-checkzone – zone file validation tool. 有关详细信息以及可用命令和选项的列表，请参阅 named-checkzone – 区域文件验证工具。

• named-compilezone

  This tool is similar to named-checkzone but it always dumps the zone content to a specified file (typically in a different format). 此工具类似于 named-checkzone ，但它始终将区域内容转储到指定文件（通常采用不同的格式）。For more information and a list of available commands and options, see named-compilezone – zone file converting tool. 有关详细信息以及可用命令和选项的列表，请参阅 named-compilezone – 区域文件转换工具。

• rndc

  The remote name daemon control (rndc) program allows the system administrator to control the operation of a name server. 远程名称守护程序控制 ( rndc ) 程序允许系统管理员控制名称服务器的操作。See rndc – name server control utility for details of the available rndc commands. 有关可用的 rndc 命令的详细信息，请参阅 rndc – 名称服务器控制实用程序。rndc requires a configuration file, since all communication with the server is authenticated with digital signatures that rely on a shared secret, and there is no way to provide that secret other than with a configuration file. The default location for the rndc configuration file is /etc/rndc.conf, but an alternate location can be specified with the -c option. If the configuration file is not found, rndc also looks in /etc/rndc.key (or whatever sysconfdir was defined when the BIND build was configured). The rndc.key file is generated by running rndc-confgen -a as described in controls. rndc 需要一个配置文件，因为与服务器的所有通信都使用依赖于共享机密的数字签名进行身份验证，并且除了使用配置文件之外，没有其他方法可以提供该机密。 rndc 配置文件的默认位置是 /etc/rndc.conf ，但可以使用 -c 选项指定备用位置。如果未找到配置文件， rndc 还会查找 /etc/rndc.key （或在配置 BIND 构建时定义的任何 sysconfdir ）。 rndc.key 文件是通过运行 rndc-confgen -a 生成的，如 controls 中所述。The format of the configuration file is similar to that of named.conf, but is limited to only three blocks: the options, key, server, and the include Directive. These blocks are what associate the secret keys to the servers with which they are meant to be shared. The order of blocks is not significant. 配置文件的格式与 named.conf 类似，但仅限于三个块： options 、 key 、 server 和 include 指令。这些块将密钥与要与之共享的服务器相关联。块的顺序并不重要。

• options 选项

  Grammar:options { default-key <string>; default-port <integer>; default-server <string>; default-source-address ( <ipv4_address> | * ); default-source-address-v6 ( <ipv6_address> | * ); };Blocks: topmostdefault-server 默认服务器 Grammar: default-server <string>;Blocks: optionsdefault-server takes a host name or address argument and represents the server that is contacted if no -s option is provided on the command line. default-server 采用主机名或地址参数，表示在命令行上未提供 -s 选项时联系的服务器。default-key 默认键 Grammar: default-key <string>;Blocks: optionsdefault-key takes the name of a key as its argument, as defined by a key block. default-key 将键的名称作为其参数，如 key 块所定义。default-port 默认端口 Grammar: default-port <integer>;Blocks: optionsdefault-port specifies the port to which rndc should connect if no port is given on the command line or in a server block. 如果在命令行或 server 块中没有给出端口， default-port 指定 rndc 应该连接的端口。default-source-address 默认源地址 Grammar: default-source-address ( <ipv4_address> | * );Blocks: optionsdefault-source-address-v6 默认源地址-v6 Grammar: default-source-address-v6 ( <ipv6_address> | * );Blocks: optionsdefault-source-address and default-source-address-v6 specify the IPv4 and IPv6 source address used to communicate with the server if no address is given on the command line or in a server block. 如果在命令行或 server 块中没有给出地址， default-source-address 和 default-source-address-v6 指定用于与服务器通信的 IPv4 和 IPv6 源地址。

• key 键

  Grammar server: key <string>; 语法服务器： key <string>;Grammar topmost:key <string> { algorithm <string>; secret <string>; }; // may occur multiple timesBlocks: topmost, server 块：最顶层，服务器The key block defines a key to be used by rndc when authenticating with named. Its syntax is identical to the key statement in named.conf. The keyword key is followed by a key name, which must be a valid domain name, though it need not actually be hierarchical; thus, a string like rndc_key is a valid name. The key block has two statements: algorithm and secret. key 块定义了 rndc 在使用 named 进行身份验证时使用的密钥。它的语法与 named.conf 中的 key 语句相同。关键字 key 后面跟着一个键名，它必须是一个有效的域名，尽管它实际上不需要是分层的；因此，像 rndc_key 这样的字符串是一个有效的名称。 key 块有两个语句： algorithm 和 secret 。algorithm 算法Grammar: algorithm <string>;Blocks: keyWhile the configuration parser accepts any string as the argument to algorithm, currently only the strings hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384, and hmac-sha512 have any meaning. 虽然配置解析器接受任何字符串作为 algorithm 的参数，但目前只有字符串 hmac-md5 、 hmac-sha1 、 hmac-sha224 、 hmac-sha256 、 hmac-sha384 和 hmac-sha512 具有任何意义。secret 秘密Grammar: secret <string>;Blocks: keyThe secret is a Base64-encoded string as specified in RFC 3548. 秘密是 RFC 3548 中指定的 Base64 编码字符串。

• server 服务器

  Grammar:server <string> { addresses { ( <quoted_string> [ port <integer> ] | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ); ... }; key <string>; port <integer>; source-address ( <ipv4_address> | * ); source-address-v6 ( <ipv6_address> | * ); }; // may occur multiple timesBlocks: topmostThe server block specifies connection parameters for a given server. The server can be specified as a host name or address. server 块指定给定服务器的连接参数。服务器可以指定为主机名或地址。addresses 地址Grammar: addresses { ( <quoted_string> [ port <integer> ] | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ); ... };Blocks: serverSpecifies one or more addresses to use when communicating with this server. 指定与此服务器通信时要使用的一个或多个地址。keyAssociates a key defined using the key statement with a server. 将使用 key 语句定义的键与服务器相关联。port 端口Grammar: port <integer>;Blocks: serverSpecifes the port rndc should connect to on the server. 指定端口 rndc 应该连接到服务器上。source-address 源地址Grammar: source-address ( <ipv4_address> | * );Blocks: serversource-address-v6 源地址-v6 Grammar: source-address-v6 ( <ipv6_address> | * );Blocks: serverOverrides default-source-address and default-source-address-v6 for this specific server. 覆盖此特定服务器的 default-source-address 和 default-source-address-v6 。A sample minimal configuration file is as follows: 示例最小配置文件如下：key rndc_key { algorithm "hmac-sha256"; secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K"; }; options { default-server 127.0.0.1; default-key rndc_key; };This file, if installed as /etc/rndc.conf, allows the command: 这个文件，如果安装为 /etc/rndc.conf ，允许命令：rndc reloadto connect to 127.0.0.1 port 953 and causes the name server to reload, if a name server on the local machine is running with the following controls statements: 连接到 127.0.0.1 端口 953 并导致名称服务器重新加载，如果本地计算机上的名称服务器正在使用以下控制语句运行：controls { inet 127.0.0.1 allow { localhost; } keys { rndc_key; }; };and it has an identical key block for rndc_key. 并且它有一个与 rndc_key 相同的密钥块。Running the rndc-confgen program conveniently creates an rndc.conf file, and also displays the corresponding controls statement needed to add to named.conf. Alternatively, it is possible to run rndc-confgen -a to set up an rndc.key file and not modify named.conf at all. 运行 rndc-confgen 程序很方便的创建了一个 rndc.conf 文件，同时也显示了需要添加到 named.conf 中的对应的 controls 语句。或者，可以运行 rndc-confgen -a 来设置 rndc.key 文件并且根本不修改 named.conf 。

4.2. Signals 4.2.信号 

Certain Unix signals cause the name server to take specific actions, as described in the following table. These signals can be sent using the kill command. 某些 Unix 信号会导致名称服务器采取特定操作，如下表所述。可以使用 kill 命令发送这些信号。

4.3. Plugins 4.3.插件

Plugins are a mechanism to extend the functionality of named using dynamically loadable libraries. By using plugins, core server functionality can be kept simple for the majority of users; more complex code implementing optional features need only be installed by users that need those features. 插件是一种使用动态可加载库扩展 named 功能的机制。通过使用插件，核心服务器功能可以为大多数用户保持简单；实现可选功能的更复杂的代码只需要由需要这些功能的用户安装。

The plugin interface is a work in progress, and is expected to evolve as more plugins are added. Currently, only “query plugins” are supported; these modify the name server query logic. Other plugin types may be added in the future. 插件界面正在进行中，预计会随着更多插件的添加而发展。目前只支持“查询插件”；这些修改名称服务器查询逻辑。将来可能会添加其他插件类型。

The only plugin currently included in BIND is filter-aaaa.so, which replaces the filter-aaaa feature that previously existed natively as part of named. The code for this feature has been removed from named and can no longer be configured using standard named.conf syntax, but linking in the filter-aaaa.so plugin provides identical functionality. 当前包含在 BIND 中的唯一插件是 filter-aaaa.so ，它取代了以前作为 named 的一部分原生存在的 filter-aaaa 功能。此功能的代码已从 named 中删除，不能再使用标准 named.conf 语法进行配置，但 filter-aaaa.so 插件中的链接提供了相同的功能。

4.4. Configuring Plugins 4.4.配置插件

• plugin 插件

  Grammar: plugin ( query ) <string> [ { <unspecified-text> } ]; // may occur multiple timesBlocks: topmost, view 块：最顶层，视图Tags: serverConfigures plugins in named.conf. 在 named.conf 中配置插件。

A plugin is configured with the plugin statement in named.conf: 在 named.conf 中使用 plugin 语句配置插件：

plugin query "library.so" {
    parameters
};

In this example, file library.so is the plugin library. query indicates that this is a query plugin. 在此示例中，文件 library.so 是插件库。 query 表示这是一个查询插件。

Multiple plugin statements can be specified, to load different plugins or multiple instances of the same plugin. 可以指定多个 plugin 语句，以加载不同的插件或同一插件的多个实例。

parameters are passed as an opaque string to the plugin’s initialization routine. Configuration syntax differs depending on the module. parameters 作为不透明字符串传递给插件的初始化例程。配置语法因模块而异。

4.5. Developing Plugins 4.5.开发插件

Each plugin implements four functions: 每个插件实现四个功能：

• plugin_register to allocate memory, configure a plugin instance, and attach to hook points within named , plugin_register 分配内存，配置插件实例，并附加到 named 内的挂钩点，
• plugin_destroy to tear down the plugin instance and free memory, plugin_destroy 拆除插件实例并释放内存，
• plugin_version to check that the plugin is compatible with the current version of the plugin API, plugin_version 检查插件是否与当前版本的插件 API 兼容，
• plugin_check to test syntactic correctness of the plugin parameters. plugin_check 测试插件参数的句法正确性。

At various locations within the named source code, there are “hook points” at which a plugin may register itself. When a hook point is reached while named is running, it is checked to see whether any plugins have registered themselves there; if so, the associated “hook action” – a function within the plugin library – is called. 在 named 源代码中的不同位置，存在插件可以注册自身的“挂钩点”。当 named 运行时到达挂钩点时，将检查是否有任何插件已在那里注册；如果是这样，相关的“挂钩动作”——插件库中的一个函数——被调用。 Hook actions may examine the runtime state and make changes: for example, modifying the answers to be sent back to a client or forcing a query to be aborted. More details can be found in the file lib/ns/include/ns/hooks.h. 挂钩操作可以检查运行时状态并进行更改：例如，修改要发送回客户端的答案或强制中止查询。可以在文件 lib/ns/include/ns/hooks.h 中找到更多详细信息。