3 query, ipquery, mkhash, mkdb, mkhosts, cs, csquery, dns, dnstcp, dnsquery, dnsdebug, dnsgetip, inform \- network database
122 The network database holds administrative information used by
123 network programs such as
130 searches the database
134 for an attribute of type
140 is not specified, all entries matched by the search are printed.
143 is specified, the value of the first pair with attribute
145 of all the matched entries normally is printed.
150 the values of all pairs with a
152 attribute within the first matching entry are printed.
157 all values of pairs with a
159 attribute within all entries are printed.
166 to search for the values of the attributes
168 corresponding to the system
169 with entries of attribute type
178 packet to a nameserver to associate the host's IPv4 address with its DNS name.
179 This is required if the domain's nameserver is
180 a Microsoft Windows Active Directory controller.
181 The host's domain name will be sent to the AD controller unless
184 is found in the host's
187 .SS "Database maintenance"
189 creates a hash file for all entries with attribute
193 The hash files are used by
195 and by the ndb library routines.
198 is used in concert with
201 uucp systems files and IP host files
203 It is very specific to the situation at Murray Hill.
205 When the database files change underfoot,
209 track them properly. Nonetheless, to keep the database searches efficient
210 it is necessary to run
212 whenever the files are modified.
213 It may be profitable to control this by a frequent
218 generates a BSD style
223 files from an ndb data base file specified on the
224 command line (default
225 .BR /lib/ndb/local ).
226 For local reasons the files are called
231 .SS "Connection service"
235 to translate network names.
236 It is started at boot time.
237 It finds out what networks are configured
241 It can also be told about networks by writing to
243 a message of the form:
245 .B "add net1 net2 ..."
248 also sets the system name in
250 if it can figure it out.
255 Only look up IPv4 addresses (A records) when consulting DNS.
256 The default is to also look up v6 addresses (AAAA records).
261 will toggle IP v6 look-ups.
264 supplies the name of the data base file to use,
269 causes cs to do nothing but set the system name.
272 specifies the mount point of the
279 to see how it resolves addresses.
281 prompts for addresses and prints what
291 prints their translations and immediately exits.
292 The exit status will be nil only if all addresses
293 were successfully translated.
296 flag sets exit status without printing any results.
299 .SS "Domain name service"
303 and remote systems by translating Internet domain names.
305 is started at boot time.
308 serves only requests written to
312 to offset 0 before reading or writing
320 sets the maximum time in seconds that an unreferenced
321 domain name will remain cached.
322 The default is one hour (3600).
325 supplies the name of the data base file to use,
330 whenever a DNS zone that we serve changes, send UDP NOTIFY
331 messages to any dns slaves for that zone
337 sets the goal for the number of domain names cached to
339 rather than the default of 8,000.
347 to assume that it straddles inside and outside networks
348 and that the outside network is mounted on
350 Queries for inside addresses will be sent via
354 in response to truncated replies)
355 and those for outside addresses via
361 suitable for serving non-Plan-9 systems in an organization with
362 firewalls, DNS proxies, etc.,
363 particularly if they don't work very well.
364 See `Straddling Server' below for details.
367 act as a resolver only:
368 send `recursive' queries, asking the other servers
372 must be a space-separated list of such DNS servers' IP addresses,
376 attributes name DNS servers to forward queries to.
379 ignore the `recursive' bit on incoming requests.
380 Do not complete lookups on behalf of remote systems.
383 also answer domain requests sent to UDP port 53.
386 specifies the mount point of the
390 whenever we receive a UDP NOTIFY message, run
392 with the domain name of the area as its argument.
397 option is specified, the servers used come from the
399 attribute in the database. For example, to specify a set of dns servers that
400 will resolve requests for systems on the network
404 ipnet=mh-net ip=135.104.0.0 ipmask=255.255.0.0
405 dns=ns1.cs.bell-labs.com
406 dns=ns2.cs.bell-labs.com
407 dom=ns1.cs.bell-labs.com ip=135.104.1.11
408 dom=ns2.cs.bell-labs.com ip=135.104.1.12
411 The server for a domain is indicated by a database entry containing
420 ns=A.ROOT-SERVERS.NET
421 ns=B.ROOT-SERVERS.NET
422 ns=C.ROOT-SERVERS.NET
423 dom=A.ROOT-SERVERS.NET ip=198.41.0.4
424 dom=B.ROOT-SERVERS.NET ip=128.9.0.107
425 dom=C.ROOT-SERVERS.NET ip=192.33.4.12
428 The last three lines provide a mapping for the
429 server names to their ip addresses. This is only
430 a hint and will be superseded from whatever is learned
431 from servers owning the domain.
432 .SS "Authoritative Name Servers"
433 You can also serve a subtree of the domain name space from the local
434 database. You indicate subtrees that you would like to serve by adding an
436 attribute to the root entry.
437 For example, the Bell Labs CS research domain is:
440 dom=cs.bell-labs.com soa=
441 refresh=3600 ttl=3600
442 ns=plan9.bell-labs.com
443 ns=ns1.cs.bell-labs.com
444 ns=ns2.cs.bell-labs.com
445 mb=presotto@plan9.bell-labs.com
446 mx=mail.research.bell-labs.com pref=20
447 mx=plan9.bell-labs.com pref=10
448 dnsslave=nslocum.cs.bell-labs.com
449 dnsslave=vex.cs.bell-labs.com
454 entry is the mail address of the person responsible for the
459 entries list mail exchangers for the domain name and
463 define the area refresh interval and the minimum TTL for
464 records in this domain.
467 entries specify slave DNS servers that should be notified
468 when the domain changes. The notification also requires
473 .SS "Reverse Domains"
474 You can also serve reverse lookups (returning the name that
475 goes with an IP address) by adding an
477 attribute to the entry defining the root of the reverse space.
479 For example, to provide reverse lookup for all addresses in
485 must contain a record like:
488 dom=104.135.in-addr.arpa soa=
489 dom=d.f.ip6.arpa soa= # special case, rfc 4193
490 refresh=3600 ttl=3600
491 ns=plan9.bell-labs.com
492 ns=ns1.cs.bell-labs.com
493 ns=ns2.cs.bell-labs.com
496 Notice the form of the reverse address.
497 For IPv4, it's the bytes of the address range you are serving reversed
498 and expressed in decimal, and with
501 For IPv6, it's the nibbles (4-bit fields) of the address range you are serving
502 reversed and expressed in hexadecimal, and with
505 These are the standard forms for a domain name in a PTR record.
509 entry exists in the database, reverse addresses will
510 automatically be generated from any IP addresses in the database
511 that are under this root. For example
514 dom=ns1.cs.bell-labs.com ip=135.104.1.11
517 will automatically create both forward and reverse entries for
518 .BR ns1.cs.bell-labs.com .
519 Unlike other DNS servers, there's no way to generate
520 inconsistent forward and reverse entries.
521 .SS "Classless reverse delegation"
522 Following RFC 2317, it is possible to serve reverse DNS data
523 for IPv4 subnets smaller than /24.
524 Declare the non-/24 subnet, the reverse domain and the individual systems.
527 this is how to serve RFC-2317
529 records for the subnet
530 .LR 65.14.39.128/123 .
533 ipnet=our-t1 ip=65.14.39.128 ipmask=/123
534 dom=128.39.14.65.in-addr.arpa soa=
535 refresh=3600 ttl=3600
536 ns=ns1.our-domain.com
537 ns=ns2.our-domain.com
538 ip=65.14.39.129 dom=router.our-domain.com
541 .SS "Delegating Name Service Authority"
542 Delegation of a further subtree to another set of name servers
548 dom=bignose.cs.research.bell-labs.com
550 ns=anna.cs.research.bell-labs.com
551 ns=dj.cs.research.bell-labs.com
554 Nameservers within the delegated domain (as in this example)
555 must have their IP addresses listed elsewhere in
559 .SS "Wildcards, MX and CNAME records"
560 Wild-carded domain names can also be used.
561 For example, to specify a mail forwarder for all Bell Labs research systems:
564 dom=*.research.bell-labs.com
565 mx=research.bell-labs.com
568 `Cname' aliases may be established by adding a
570 attribute giving the real domain name;
571 the name attached to the
573 attribute is the alias.
574 `Cname' aliases are severely restricted;
575 the aliases may have no other attributes than
577 and are daily further restricted in their use by new RFCs.
580 cname=anna.cs.bell-labs.com dom=www.cs.bell-labs.com
585 a synonym for the canonical name
587 .SS "Straddling Server"
588 Many companies have an inside network
589 protected from outside access with firewalls.
590 They usually provide internal `root' DNS servers
591 (of varying reliability and correctness)
592 that serve internal domains and pass on DNS queries for
593 outside domains to the outside, relaying the results
594 back and caching them for future use.
595 Some companies don't even let DNS queries nor replies through
596 their firewalls at all, in either direction.
598 In such a situation, running
600 on a machine that imports access to the outside network via
602 from a machine that straddles the firewalls,
603 or that straddles the firewalls itself,
604 will let internal machines query such a machine
605 and receive answers from outside nameservers for outside addresses
606 and inside nameservers for inside addresses, giving the appearance
607 of a unified domain name space,
608 while bypassing the corporate DNS proxies or firewalls.
609 This is different from running
612 .B "dns -sRx /net.alt -f /lib/ndb/external"
614 which keeps the inside and outside namespaces entirely separate.
620 names are significant:
626 should contain a series of
628 pairs naming domains internal to the organization.
630 should contain a series of
632 pairs naming the internal DNS `root' servers.
634 should contain a series of
636 pairs naming the external DNS servers to consult.
637 .SS "Zone Transfers and TCP"
641 .BR /rc/bin/service/tcp53 ,
642 to answer DNS queries with long answers via TCP,
643 notably to transfer a zone within the database
647 to its invoker on the network at
651 Standard input will be read for DNS requests and the DNS answers
652 will appear on standard output.
653 Recursion is disabled by
655 acting as a pure resolver is enabled by
659 is provided, it is assumed to be a directory within
661 and is used to find the caller's address.
662 .SS "DNS Queries and Debugging"
666 to see how it resolves requests.
668 prompts for commands of the form
670 .I "domain-name request-type"
681 In the case of the inverse query type,
684 will reverse the ip address and tack on the
691 to query the dns server on
699 but bypasses the local server.
700 It communicates via UDP (and sometimes TCP) with the domain name servers
701 in the same way that the local resolver would and displays
702 all packets received.
703 The query can be specified on the command line or
705 The queries look like those of
709 can be directed to query a particular name server by
711 .BI @ name-server\f1.
712 From that point on, all queries go to that name server
713 rather than being resolved by
717 command returns query resolution to
719 Finally, any command preceded by a
721 sets the name server only for that command.
727 interface and the database file
731 option supplies the name of the data base file to use.
734 option is the same as for
747 resolves and prints A and AAAA records without consulting
751 queries A records first and then AAAA records. As with
757 attributes are used as the DNS server. The
759 flag will return all records. The
763 to query the dns server through
774 % ndb/query sys helix
775 sys=helix dom=helix.research.bell-labs.com bootf=/mips/9powerboot
776 ip=135.104.117.31 ether=080069020427
782 .B plan9.bell-labs.com
783 and its IP address in the DNS.
787 > plan9.bell-labs.com ip
788 plan9.bell-labs.com ip 204.178.31.2
790 2.31.178.204.in-addr.arpa ptr plan9.bell-labs.com
791 2.31.178.204.in-addr.arpa ptr ampl.com
795 Print the names of all systems that boot via PXE.
798 % ndb/query -a bootf /386/9bootpxe sys
801 .TF /lib/ndb/local.*xxx
804 resolver's DNS servers' IP addresses.
807 first database file searched
837 databases are case-sensitive;
838 ethernet addresses must be in lower-case hexadecimal.