3 query, ipquery, mkhash, mkdb, mkhosts, cs, csquery, dns, dnstcp, dnsquery, dnsdebug, inform \- network database
113 The network database holds administrative information used by
114 network programs such as
121 searches the database
125 for an attribute of type
131 is not specified, all entries matched by the search are printed.
134 is specified, the value of the first pair with attribute
136 of all the matched entries normally is printed.
141 the values of all pairs with a
143 attribute within the first matching entry are printed.
148 all values of pairs with a
150 attribute within all entries are printed.
157 to search for the values of the attributes
159 corresponding to the system
160 with entries of attribute type
169 packet to a nameserver to associate the host's IPv4 address with its DNS name.
170 This is required if the domain's nameserver is
171 a Microsoft Windows Active Directory controller.
172 The host's domain name will be sent to the AD controller unless
175 is found in the host's
178 .SS "Database maintenance"
180 creates a hash file for all entries with attribute
184 The hash files are used by
186 and by the ndb library routines.
189 is used in concert with
192 uucp systems files and IP host files
194 It is very specific to the situation at Murray Hill.
196 When the database files change underfoot,
200 track them properly. Nonetheless, to keep the database searches efficient
201 it is necessary to run
203 whenever the files are modified.
204 It may be profitable to control this by a frequent
209 generates a BSD style
214 files from an ndb data base file specified on the
215 command line (default
216 .BR /lib/ndb/local ).
217 For local reasons the files are called
222 .SS "Connection service"
226 to translate network names.
227 It is started at boot time.
228 It finds out what networks are configured
232 It can also be told about networks by writing to
234 a message of the form:
236 .B "add net1 net2 ..."
239 also sets the system name in
241 if it can figure it out.
246 Only look up IPv4 addresses (A records) when consulting DNS.
247 The default is to also look up v6 addresses (AAAA records).
252 will toggle IP v6 look-ups.
255 supplies the name of the data base file to use,
260 causes cs to do nothing but set the system name.
263 specifies the mount point of the
270 to see how it resolves addresses.
272 prompts for addresses and prints what
282 prints their translations and immediately exits.
283 The exit status will be nil only if all addresses
284 were successfully translated.
287 flag sets exit status without printing any results.
290 .SS "Domain name service"
294 and remote systems by translating Internet domain names.
296 is started at boot time.
299 serves only requests written to
303 to offset 0 before reading or writing
311 sets the maximum time in seconds that an unreferenced
312 domain name will remain cached.
313 The default is one hour (3600).
316 supplies the name of the data base file to use,
321 whenever a DNS zone that we serve changes, send UDP NOTIFY
322 messages to any dns slaves for that zone
328 sets the goal for the number of domain names cached to
330 rather than the default of 8,000.
338 to assume that it straddles inside and outside networks
339 and that the outside network is mounted on
341 Queries for inside addresses will be sent via
345 in response to truncated replies)
346 and those for outside addresses via
352 suitable for serving non-Plan-9 systems in an organization with
353 firewalls, DNS proxies, etc.,
354 particularly if they don't work very well.
355 See `Straddling Server' below for details.
358 act as a resolver only:
359 send `recursive' queries, asking the other servers
363 must be a space-separated list of such DNS servers' IP addresses,
367 attributes name DNS servers to forward queries to.
370 ignore the `recursive' bit on incoming requests.
371 Do not complete lookups on behalf of remote systems.
374 also answer domain requests sent to UDP port 53.
377 specifies the mount point of the
381 whenever we receive a UDP NOTIFY message, run
383 with the domain name of the area as its argument.
388 option is specified, the servers used come from the
390 attribute in the database. For example, to specify a set of dns servers that
391 will resolve requests for systems on the network
395 ipnet=mh-net ip=135.104.0.0 ipmask=255.255.0.0
396 dns=ns1.cs.bell-labs.com
397 dns=ns2.cs.bell-labs.com
398 dom=ns1.cs.bell-labs.com ip=135.104.1.11
399 dom=ns2.cs.bell-labs.com ip=135.104.1.12
402 The server for a domain is indicated by a database entry containing
411 ns=A.ROOT-SERVERS.NET
412 ns=B.ROOT-SERVERS.NET
413 ns=C.ROOT-SERVERS.NET
414 dom=A.ROOT-SERVERS.NET ip=198.41.0.4
415 dom=B.ROOT-SERVERS.NET ip=128.9.0.107
416 dom=C.ROOT-SERVERS.NET ip=192.33.4.12
419 The last three lines provide a mapping for the
420 server names to their ip addresses. This is only
421 a hint and will be superseded from whatever is learned
422 from servers owning the domain.
423 .SS "Authoritative Name Servers"
424 You can also serve a subtree of the domain name space from the local
425 database. You indicate subtrees that you would like to serve by adding an
427 attribute to the root entry.
428 For example, the Bell Labs CS research domain is:
431 dom=cs.bell-labs.com soa=
432 refresh=3600 ttl=3600
433 ns=plan9.bell-labs.com
434 ns=ns1.cs.bell-labs.com
435 ns=ns2.cs.bell-labs.com
436 mb=presotto@plan9.bell-labs.com
437 mx=mail.research.bell-labs.com pref=20
438 mx=plan9.bell-labs.com pref=10
439 dnsslave=nslocum.cs.bell-labs.com
440 dnsslave=vex.cs.bell-labs.com
445 entry is the mail address of the person responsible for the
450 entries list mail exchangers for the domain name and
454 define the area refresh interval and the minimum TTL for
455 records in this domain.
458 entries specify slave DNS servers that should be notified
459 when the domain changes. The notification also requires
464 .SS "Reverse Domains"
465 You can also serve reverse lookups (returning the name that
466 goes with an IP address) by adding an
468 attribute to the entry defining the root of the reverse space.
470 For example, to provide reverse lookup for all addresses in
476 must contain a record like:
479 dom=104.135.in-addr.arpa soa=
480 dom=d.f.ip6.arpa soa= # special case, rfc 4193
481 refresh=3600 ttl=3600
482 ns=plan9.bell-labs.com
483 ns=ns1.cs.bell-labs.com
484 ns=ns2.cs.bell-labs.com
487 Notice the form of the reverse address.
488 For IPv4, it's the bytes of the address range you are serving reversed
489 and expressed in decimal, and with
492 For IPv6, it's the nibbles (4-bit fields) of the address range you are serving
493 reversed and expressed in hexadecimal, and with
496 These are the standard forms for a domain name in a PTR record.
500 entry exists in the database, reverse addresses will
501 automatically be generated from any IP addresses in the database
502 that are under this root. For example
505 dom=ns1.cs.bell-labs.com ip=135.104.1.11
508 will automatically create both forward and reverse entries for
509 .BR ns1.cs.bell-labs.com .
510 Unlike other DNS servers, there's no way to generate
511 inconsistent forward and reverse entries.
512 .SS "Classless reverse delegation"
513 Following RFC 2317, it is possible to serve reverse DNS data
514 for IPv4 subnets smaller than /24.
515 Declare the non-/24 subnet, the reverse domain and the individual systems.
518 this is how to serve RFC-2317
520 records for the subnet
521 .LR 65.14.39.128/123 .
524 ipnet=our-t1 ip=65.14.39.128 ipmask=/123
525 dom=128.39.14.65.in-addr.arpa soa=
526 refresh=3600 ttl=3600
527 ns=ns1.our-domain.com
528 ns=ns2.our-domain.com
529 ip=65.14.39.129 dom=router.our-domain.com
532 .SS "Delegating Name Service Authority"
533 Delegation of a further subtree to another set of name servers
539 dom=bignose.cs.research.bell-labs.com
541 ns=anna.cs.research.bell-labs.com
542 ns=dj.cs.research.bell-labs.com
545 Nameservers within the delegated domain (as in this example)
546 must have their IP addresses listed elsewhere in
550 .SS "Wildcards, MX and CNAME records"
551 Wild-carded domain names can also be used.
552 For example, to specify a mail forwarder for all Bell Labs research systems:
555 dom=*.research.bell-labs.com
556 mx=research.bell-labs.com
559 `Cname' aliases may be established by adding a
561 attribute giving the real domain name;
562 the name attached to the
564 attribute is the alias.
565 `Cname' aliases are severely restricted;
566 the aliases may have no other attributes than
568 and are daily further restricted in their use by new RFCs.
571 cname=anna.cs.bell-labs.com dom=www.cs.bell-labs.com
576 a synonym for the canonical name
578 .SS "Straddling Server"
579 Many companies have an inside network
580 protected from outside access with firewalls.
581 They usually provide internal `root' DNS servers
582 (of varying reliability and correctness)
583 that serve internal domains and pass on DNS queries for
584 outside domains to the outside, relaying the results
585 back and caching them for future use.
586 Some companies don't even let DNS queries nor replies through
587 their firewalls at all, in either direction.
589 In such a situation, running
591 on a machine that imports access to the outside network via
593 from a machine that straddles the firewalls,
594 or that straddles the firewalls itself,
595 will let internal machines query such a machine
596 and receive answers from outside nameservers for outside addresses
597 and inside nameservers for inside addresses, giving the appearance
598 of a unified domain name space,
599 while bypassing the corporate DNS proxies or firewalls.
600 This is different from running
603 .B "dns -sRx /net.alt -f /lib/ndb/external"
605 which keeps the inside and outside namespaces entirely separate.
611 names are significant:
617 should contain a series of
619 pairs naming domains internal to the organization.
621 should contain a series of
623 pairs naming the internal DNS `root' servers.
625 should contain a series of
627 pairs naming the external DNS servers to consult.
628 .SS "Zone Transfers and TCP"
632 .BR /rc/bin/service/tcp53 ,
633 to answer DNS queries with long answers via TCP,
634 notably to transfer a zone within the database
638 to its invoker on the network at
642 Standard input will be read for DNS requests and the DNS answers
643 will appear on standard output.
644 Recursion is disabled by
646 acting as a pure resolver is enabled by
650 is provided, it is assumed to be a directory within
652 and is used to find the caller's address.
653 .SS "DNS Queries and Debugging"
657 to see how it resolves requests.
659 prompts for commands of the form
661 .I "domain-name request-type"
672 In the case of the inverse query type,
675 will reverse the ip address and tack on the
682 but bypasses the local server.
683 It communicates via UDP (and sometimes TCP) with the domain name servers
684 in the same way that the local resolver would and displays
685 all packets received.
686 The query can be specified on the command line or
688 The queries look like those of
692 can be directed to query a particular name server by
694 .BI @ name-server\f1.
695 From that point on, all queries go to that name server
696 rather than being resolved by
700 command returns query resolution to
702 Finally, any command preceded by a
704 sets the name server only for that command.
710 interface and the database file
714 option supplies the name of the data base file to use.
717 option is the same as for
735 % ndb/query sys helix
736 sys=helix dom=helix.research.bell-labs.com bootf=/mips/9powerboot
737 ip=135.104.117.31 ether=080069020427
743 .B plan9.bell-labs.com
744 and its IP address in the DNS.
748 > plan9.bell-labs.com ip
749 plan9.bell-labs.com ip 204.178.31.2
751 2.31.178.204.in-addr.arpa ptr plan9.bell-labs.com
752 2.31.178.204.in-addr.arpa ptr ampl.com
756 Print the names of all systems that boot via PXE.
759 % ndb/query -a bootf /386/9bootpxe sys
762 .TF /lib/ndb/local.*xxx
765 resolver's DNS servers' IP addresses.
768 first database file searched
798 databases are case-sensitive;
799 ethernet addresses must be in lower-case hexadecimal.