3 query, ipquery, mkhash, mkdb, mkhosts, cs, csquery, dns, dnstcp, dnsquery, dnsdebug, inform \- network database
116 The network database holds administrative information used by
117 network programs such as
124 searches the database
128 for an attribute of type
134 is not specified, all entries matched by the search are printed.
137 is specified, the value of the first pair with attribute
139 of all the matched entries normally is printed.
144 the values of all pairs with a
146 attribute within the first matching entry are printed.
151 all values of pairs with a
153 attribute within all entries are printed.
160 to search for the values of the attributes
162 corresponding to the system
163 with entries of attribute type
172 packet to a nameserver to associate the host's IPv4 address with its DNS name.
173 This is required if the domain's nameserver is
174 a Microsoft Windows Active Directory controller.
175 The host's domain name will be sent to the AD controller unless
178 is found in the host's
181 .SS "Database maintenance"
183 creates a hash file for all entries with attribute
187 The hash files are used by
189 and by the ndb library routines.
192 is used in concert with
195 uucp systems files and IP host files
197 It is very specific to the situation at Murray Hill.
199 When the database files change underfoot,
203 track them properly. Nonetheless, to keep the database searches efficient
204 it is necessary to run
206 whenever the files are modified.
207 It may be profitable to control this by a frequent
212 generates a BSD style
217 files from an ndb data base file specified on the
218 command line (default
219 .BR /lib/ndb/local ).
220 For local reasons the files are called
225 .SS "Connection service"
229 to translate network names.
230 It is started at boot time.
231 It finds out what networks are configured
235 It can also be told about networks by writing to
237 a message of the form:
239 .B "add net1 net2 ..."
242 also sets the system name in
244 if it can figure it out.
249 Only look up IPv4 addresses (A records) when consulting DNS.
250 The default is to also look up v6 addresses (AAAA records).
255 will toggle IP v6 look-ups.
258 supplies the name of the data base file to use,
263 causes cs to do nothing but set the system name.
266 specifies the mount point of the
273 to see how it resolves addresses.
275 prompts for addresses and prints what
285 prints their translations and immediately exits.
286 The exit status will be nil only if all addresses
287 were successfully translated.
290 flag sets exit status without printing any results.
293 .SS "Domain name service"
297 and remote systems by translating Internet domain names.
299 is started at boot time.
302 serves only requests written to
306 to offset 0 before reading or writing
314 sets the maximum time in seconds that an unreferenced
315 domain name will remain cached.
316 The default is one hour (3600).
319 supplies the name of the data base file to use,
324 whenever a DNS zone that we serve changes, send UDP NOTIFY
325 messages to any dns slaves for that zone
331 sets the goal for the number of domain names cached to
333 rather than the default of 8,000.
341 to assume that it straddles inside and outside networks
342 and that the outside network is mounted on
344 Queries for inside addresses will be sent via
348 in response to truncated replies)
349 and those for outside addresses via
355 suitable for serving non-Plan-9 systems in an organization with
356 firewalls, DNS proxies, etc.,
357 particularly if they don't work very well.
358 See `Straddling Server' below for details.
361 act as a resolver only:
362 send `recursive' queries, asking the other servers
366 must be a space-separated list of such DNS servers' IP addresses,
370 attributes name DNS servers to forward queries to.
373 ignore the `recursive' bit on incoming requests.
374 Do not complete lookups on behalf of remote systems.
377 also answer domain requests sent to UDP port 53.
380 specifies the mount point of the
384 whenever we receive a UDP NOTIFY message, run
386 with the domain name of the area as its argument.
391 option is specified, the servers used come from the
393 attribute in the database. For example, to specify a set of dns servers that
394 will resolve requests for systems on the network
398 ipnet=mh-net ip=135.104.0.0 ipmask=255.255.0.0
399 dns=ns1.cs.bell-labs.com
400 dns=ns2.cs.bell-labs.com
401 dom=ns1.cs.bell-labs.com ip=135.104.1.11
402 dom=ns2.cs.bell-labs.com ip=135.104.1.12
405 The server for a domain is indicated by a database entry containing
414 ns=A.ROOT-SERVERS.NET
415 ns=B.ROOT-SERVERS.NET
416 ns=C.ROOT-SERVERS.NET
417 dom=A.ROOT-SERVERS.NET ip=198.41.0.4
418 dom=B.ROOT-SERVERS.NET ip=128.9.0.107
419 dom=C.ROOT-SERVERS.NET ip=192.33.4.12
422 The last three lines provide a mapping for the
423 server names to their ip addresses. This is only
424 a hint and will be superseded from whatever is learned
425 from servers owning the domain.
426 .SS "Authoritative Name Servers"
427 You can also serve a subtree of the domain name space from the local
428 database. You indicate subtrees that you would like to serve by adding an
430 attribute to the root entry.
431 For example, the Bell Labs CS research domain is:
434 dom=cs.bell-labs.com soa=
435 refresh=3600 ttl=3600
436 ns=plan9.bell-labs.com
437 ns=ns1.cs.bell-labs.com
438 ns=ns2.cs.bell-labs.com
439 mb=presotto@plan9.bell-labs.com
440 mx=mail.research.bell-labs.com pref=20
441 mx=plan9.bell-labs.com pref=10
442 dnsslave=nslocum.cs.bell-labs.com
443 dnsslave=vex.cs.bell-labs.com
448 entry is the mail address of the person responsible for the
453 entries list mail exchangers for the domain name and
457 define the area refresh interval and the minimum TTL for
458 records in this domain.
461 entries specify slave DNS servers that should be notified
462 when the domain changes. The notification also requires
467 .SS "Reverse Domains"
468 You can also serve reverse lookups (returning the name that
469 goes with an IP address) by adding an
471 attribute to the entry defining the root of the reverse space.
473 For example, to provide reverse lookup for all addresses in
479 must contain a record like:
482 dom=104.135.in-addr.arpa soa=
483 dom=d.f.ip6.arpa soa= # special case, rfc 4193
484 refresh=3600 ttl=3600
485 ns=plan9.bell-labs.com
486 ns=ns1.cs.bell-labs.com
487 ns=ns2.cs.bell-labs.com
490 Notice the form of the reverse address.
491 For IPv4, it's the bytes of the address range you are serving reversed
492 and expressed in decimal, and with
495 For IPv6, it's the nibbles (4-bit fields) of the address range you are serving
496 reversed and expressed in hexadecimal, and with
499 These are the standard forms for a domain name in a PTR record.
503 entry exists in the database, reverse addresses will
504 automatically be generated from any IP addresses in the database
505 that are under this root. For example
508 dom=ns1.cs.bell-labs.com ip=135.104.1.11
511 will automatically create both forward and reverse entries for
512 .BR ns1.cs.bell-labs.com .
513 Unlike other DNS servers, there's no way to generate
514 inconsistent forward and reverse entries.
515 .SS "Classless reverse delegation"
516 Following RFC 2317, it is possible to serve reverse DNS data
517 for IPv4 subnets smaller than /24.
518 Declare the non-/24 subnet, the reverse domain and the individual systems.
521 this is how to serve RFC-2317
523 records for the subnet
524 .LR 65.14.39.128/123 .
527 ipnet=our-t1 ip=65.14.39.128 ipmask=/123
528 dom=128.39.14.65.in-addr.arpa soa=
529 refresh=3600 ttl=3600
530 ns=ns1.our-domain.com
531 ns=ns2.our-domain.com
532 ip=65.14.39.129 dom=router.our-domain.com
535 .SS "Delegating Name Service Authority"
536 Delegation of a further subtree to another set of name servers
542 dom=bignose.cs.research.bell-labs.com
544 ns=anna.cs.research.bell-labs.com
545 ns=dj.cs.research.bell-labs.com
548 Nameservers within the delegated domain (as in this example)
549 must have their IP addresses listed elsewhere in
553 .SS "Wildcards, MX and CNAME records"
554 Wild-carded domain names can also be used.
555 For example, to specify a mail forwarder for all Bell Labs research systems:
558 dom=*.research.bell-labs.com
559 mx=research.bell-labs.com
562 `Cname' aliases may be established by adding a
564 attribute giving the real domain name;
565 the name attached to the
567 attribute is the alias.
568 `Cname' aliases are severely restricted;
569 the aliases may have no other attributes than
571 and are daily further restricted in their use by new RFCs.
574 cname=anna.cs.bell-labs.com dom=www.cs.bell-labs.com
579 a synonym for the canonical name
581 .SS "Straddling Server"
582 Many companies have an inside network
583 protected from outside access with firewalls.
584 They usually provide internal `root' DNS servers
585 (of varying reliability and correctness)
586 that serve internal domains and pass on DNS queries for
587 outside domains to the outside, relaying the results
588 back and caching them for future use.
589 Some companies don't even let DNS queries nor replies through
590 their firewalls at all, in either direction.
592 In such a situation, running
594 on a machine that imports access to the outside network via
596 from a machine that straddles the firewalls,
597 or that straddles the firewalls itself,
598 will let internal machines query such a machine
599 and receive answers from outside nameservers for outside addresses
600 and inside nameservers for inside addresses, giving the appearance
601 of a unified domain name space,
602 while bypassing the corporate DNS proxies or firewalls.
603 This is different from running
606 .B "dns -sRx /net.alt -f /lib/ndb/external"
608 which keeps the inside and outside namespaces entirely separate.
614 names are significant:
620 should contain a series of
622 pairs naming domains internal to the organization.
624 should contain a series of
626 pairs naming the internal DNS `root' servers.
628 should contain a series of
630 pairs naming the external DNS servers to consult.
631 .SS "Zone Transfers and TCP"
635 .BR /rc/bin/service/tcp53 ,
636 to answer DNS queries with long answers via TCP,
637 notably to transfer a zone within the database
641 to its invoker on the network at
645 Standard input will be read for DNS requests and the DNS answers
646 will appear on standard output.
647 Recursion is disabled by
649 acting as a pure resolver is enabled by
653 is provided, it is assumed to be a directory within
655 and is used to find the caller's address.
656 .SS "DNS Queries and Debugging"
660 to see how it resolves requests.
662 prompts for commands of the form
664 .I "domain-name request-type"
675 In the case of the inverse query type,
678 will reverse the ip address and tack on the
685 to query the dns server on
693 but bypasses the local server.
694 It communicates via UDP (and sometimes TCP) with the domain name servers
695 in the same way that the local resolver would and displays
696 all packets received.
697 The query can be specified on the command line or
699 The queries look like those of
703 can be directed to query a particular name server by
705 .BI @ name-server\f1.
706 From that point on, all queries go to that name server
707 rather than being resolved by
711 command returns query resolution to
713 Finally, any command preceded by a
715 sets the name server only for that command.
721 interface and the database file
725 option supplies the name of the data base file to use.
728 option is the same as for
746 % ndb/query sys helix
747 sys=helix dom=helix.research.bell-labs.com bootf=/mips/9powerboot
748 ip=135.104.117.31 ether=080069020427
754 .B plan9.bell-labs.com
755 and its IP address in the DNS.
759 > plan9.bell-labs.com ip
760 plan9.bell-labs.com ip 204.178.31.2
762 2.31.178.204.in-addr.arpa ptr plan9.bell-labs.com
763 2.31.178.204.in-addr.arpa ptr ampl.com
767 Print the names of all systems that boot via PXE.
770 % ndb/query -a bootf /386/9bootpxe sys
773 .TF /lib/ndb/local.*xxx
776 resolver's DNS servers' IP addresses.
779 first database file searched
809 databases are case-sensitive;
810 ethernet addresses must be in lower-case hexadecimal.