3 query, ipquery, mkhash, mkdb, mkhosts, cs, csquery, dns, dnstcp, dnsquery, dnsdebug, dnsgetip, inform \- network database
124 The network database holds administrative information used by
125 network programs such as
132 searches the database
136 for an attribute of type
142 is not specified, all entries matched by the search are printed.
145 is specified, the value of the first pair with attribute
147 of all the matched entries normally is printed.
152 the values of all pairs with a
154 attribute within the first matching entry are printed.
159 all values of pairs with a
161 attribute within all entries are printed.
168 to search for the values of the attributes
170 corresponding to the system
171 with entries of attribute type
180 packet to a nameserver to associate the host's IP address with its DNS name.
181 This is required if the domain's nameserver is
182 a Microsoft Windows Active Directory controller.
183 The host's domain name will be sent to the AD controller unless
186 is found in the host's
189 .SS "Database maintenance"
191 creates a hash file for all entries with attribute
195 The hash files are used by
197 and by the ndb library routines.
200 is used in concert with
203 uucp systems files and IP host files
205 It is very specific to the situation at Murray Hill.
207 When the database files change underfoot,
211 track them properly. Nonetheless, to keep the database searches efficient
212 it is necessary to run
214 whenever the files are modified.
215 It may be profitable to control this by a frequent
220 generates a BSD style
225 files from an ndb data base file specified on the
226 command line (default
227 .BR /lib/ndb/local ).
228 For local reasons the files are called
233 .SS "Connection service"
237 to translate network names.
238 It is started at boot time.
239 It finds out what networks are configured
243 It can also be told about networks by writing to
245 a message of the form:
247 .B "add net1 net2 ..."
250 also sets the system name in
252 if it can figure it out.
257 Only look up IPv4 addresses (A records) when consulting DNS.
258 The default is to also look up v6 addresses (AAAA records).
263 will toggle IP v4 look-ups.
266 Only look up IPv6 addresses in DNS.
274 supplies the name of the data base file to use,
279 causes cs to do nothing but set the system name.
282 specifies the mount point of the
289 to see how it resolves addresses.
291 prompts for addresses and prints what
301 prints their translations and immediately exits.
302 The exit status will be nil only if all addresses
303 were successfully translated.
306 flag sets exit status without printing any results.
309 .SS "Domain name service"
313 and remote systems by translating Internet domain names.
315 is started at boot time.
318 serves only requests written to
322 to offset 0 before reading or writing
330 sets the maximum time in seconds that an unreferenced
331 domain name will remain cached.
332 The default is one hour (3600).
335 supplies the name of the data base file to use,
340 whenever a DNS zone that we serve changes, send UDP NOTIFY
341 messages to any dns slaves for that zone
347 sets the goal for the number of domain names cached to
349 rather than the default of 8,000.
357 to assume that it straddles inside and outside networks
358 and that the outside network is mounted on
360 Queries for inside addresses will be sent via
364 in response to truncated replies)
365 and those for outside addresses via
371 suitable for serving non-Plan-9 systems in an organization with
372 firewalls, DNS proxies, etc.,
373 particularly if they don't work very well.
374 See `Straddling Server' below for details.
377 act as a resolver only:
378 send `recursive' queries, asking the other servers
382 must be a space-separated list of such DNS servers' IP addresses,
386 attributes name DNS servers to forward queries to.
389 ignore the `recursive' bit on incoming requests.
390 Do not complete lookups on behalf of remote systems.
393 also answer domain requests sent to UDP port 53.
396 specifies the mount point of the
400 whenever we receive a UDP NOTIFY message, run
402 with the domain name of the area as its argument.
407 option is specified, the servers used come from the
409 attribute in the database. For example, to specify a set of dns servers that
410 will resolve requests for systems on the network
414 ipnet=mh-net ip=135.104.0.0 ipmask=255.255.0.0
415 dns=ns1.cs.bell-labs.com
416 dns=ns2.cs.bell-labs.com
417 dom=ns1.cs.bell-labs.com ip=135.104.1.11
418 dom=ns2.cs.bell-labs.com ip=135.104.1.12
421 The server for a domain is indicated by a database entry containing
430 ns=A.ROOT-SERVERS.NET
431 ns=B.ROOT-SERVERS.NET
432 ns=C.ROOT-SERVERS.NET
433 dom=A.ROOT-SERVERS.NET ip=198.41.0.4
434 dom=B.ROOT-SERVERS.NET ip=128.9.0.107
435 dom=C.ROOT-SERVERS.NET ip=192.33.4.12
438 The last three lines provide a mapping for the
439 server names to their ip addresses. This is only
440 a hint and will be superseded from whatever is learned
441 from servers owning the domain.
442 .SS "Authoritative Name Servers"
443 You can also serve a subtree of the domain name space from the local
444 database. You indicate subtrees that you would like to serve by adding an
446 attribute to the root entry.
447 For example, the Bell Labs CS research domain is:
450 dom=cs.bell-labs.com soa=
451 refresh=3600 ttl=3600
452 ns=plan9.bell-labs.com
453 ns=ns1.cs.bell-labs.com
454 ns=ns2.cs.bell-labs.com
455 mb=presotto@plan9.bell-labs.com
456 mx=mail.research.bell-labs.com pref=20
457 mx=plan9.bell-labs.com pref=10
458 dnsslave=nslocum.cs.bell-labs.com
459 dnsslave=vex.cs.bell-labs.com
464 entry is the mail address of the person responsible for the
469 entries list mail exchangers for the domain name and
473 define the area refresh interval and the minimum TTL for
474 records in this domain.
477 entries specify slave DNS servers that should be notified
478 when the domain changes. The notification also requires
483 .SS "Reverse Domains"
484 You can also serve reverse lookups (returning the name that
485 goes with an IP address) by adding an
487 attribute to the entry defining the root of the reverse space.
489 For example, to provide reverse lookup for all addresses in
495 must contain a record like:
498 dom=104.135.in-addr.arpa soa=
499 dom=d.f.ip6.arpa soa= # special case, rfc 4193
500 refresh=3600 ttl=3600
501 ns=plan9.bell-labs.com
502 ns=ns1.cs.bell-labs.com
503 ns=ns2.cs.bell-labs.com
506 Notice the form of the reverse address.
507 For IPv4, it's the bytes of the address range you are serving reversed
508 and expressed in decimal, and with
511 For IPv6, it's the nibbles (4-bit fields) of the address range you are serving
512 reversed and expressed in hexadecimal, and with
515 These are the standard forms for a domain name in a PTR record.
519 entry exists in the database, reverse addresses will
520 automatically be generated from any IP addresses in the database
521 that are under this root. For example
524 dom=ns1.cs.bell-labs.com ip=135.104.1.11
527 will automatically create both forward and reverse entries for
528 .BR ns1.cs.bell-labs.com .
529 Unlike other DNS servers, there's no way to generate
530 inconsistent forward and reverse entries.
531 .SS "Classless reverse delegation"
532 Following RFC 2317, it is possible to serve reverse DNS data
533 for IPv4 subnets smaller than /24.
534 Declare the non-/24 subnet, the reverse domain and the individual systems.
537 this is how to serve RFC-2317
539 records for the subnet
540 .LR 65.14.39.128/123 .
543 ipnet=our-t1 ip=65.14.39.128 ipmask=/123
544 dom=128.39.14.65.in-addr.arpa soa=
545 refresh=3600 ttl=3600
546 ns=ns1.our-domain.com
547 ns=ns2.our-domain.com
548 ip=65.14.39.129 dom=router.our-domain.com
551 .SS "Delegating Name Service Authority"
552 Delegation of a further subtree to another set of name servers
558 dom=bignose.cs.research.bell-labs.com
560 ns=anna.cs.research.bell-labs.com
561 ns=dj.cs.research.bell-labs.com
564 Nameservers within the delegated domain (as in this example)
565 must have their IP addresses listed elsewhere in
569 .SS "Wildcards, MX and CNAME records"
570 Wild-carded domain names can also be used.
571 For example, to specify a mail forwarder for all Bell Labs research systems:
574 dom=*.research.bell-labs.com
575 mx=research.bell-labs.com
578 `Cname' aliases may be established by adding a
580 attribute giving the real domain name;
581 the name attached to the
583 attribute is the alias.
584 `Cname' aliases are severely restricted;
585 the aliases may have no other attributes than
587 and are daily further restricted in their use by new RFCs.
590 cname=anna.cs.bell-labs.com dom=www.cs.bell-labs.com
595 a synonym for the canonical name
597 .SS "Straddling Server"
598 Many companies have an inside network
599 protected from outside access with firewalls.
600 They usually provide internal `root' DNS servers
601 (of varying reliability and correctness)
602 that serve internal domains and pass on DNS queries for
603 outside domains to the outside, relaying the results
604 back and caching them for future use.
605 Some companies don't even let DNS queries nor replies through
606 their firewalls at all, in either direction.
608 In such a situation, running
610 on a machine that imports access to the outside network via
612 from a machine that straddles the firewalls,
613 or that straddles the firewalls itself,
614 will let internal machines query such a machine
615 and receive answers from outside nameservers for outside addresses
616 and inside nameservers for inside addresses, giving the appearance
617 of a unified domain name space,
618 while bypassing the corporate DNS proxies or firewalls.
619 This is different from running
622 .B "dns -sRx /net.alt -f /lib/ndb/external"
624 which keeps the inside and outside namespaces entirely separate.
630 names are significant:
636 should contain a series of
638 pairs naming domains internal to the organization.
640 should contain a series of
642 pairs naming the internal DNS `root' servers.
644 should contain a series of
646 pairs naming the external DNS servers to consult.
647 .SS "Zone Transfers and TCP"
651 .BR /rc/bin/service/tcp53 ,
652 to answer DNS queries with long answers via TCP,
653 notably to transfer a zone within the database
657 to its invoker on the network at
661 Standard input will be read for DNS requests and the DNS answers
662 will appear on standard output.
663 Recursion is disabled by
665 acting as a pure resolver is enabled by
669 flag is provided, clients requesting DNS zone transfer must be listed
672 attribute for the relevant domain.
675 is provided, it is assumed to be a directory within
677 and is used to find the caller's address.
678 .SS "DNS Queries and Debugging"
682 to see how it resolves requests.
684 prompts for commands of the form
686 .I "domain-name request-type"
697 In the case of the inverse query type,
700 will reverse the ip address and tack on the
707 to query the dns server on
715 but bypasses the local server.
716 It communicates via UDP (and sometimes TCP) with the domain name servers
717 in the same way that the local resolver would and displays
718 all packets received.
719 The query can be specified on the command line or
721 The queries look like those of
725 can be directed to query a particular name server by
727 .BI @ name-server\f1.
728 From that point on, all queries go to that name server
729 rather than being resolved by
733 command returns query resolution to
735 Finally, any command preceded by a
737 sets the name server only for that command.
743 interface and the database file
747 option supplies the name of the data base file to use.
750 option is the same as for
763 option enables caching which is handy for debugging the dns code.
766 resolves and prints A and AAAA records without consulting
770 queries A records first and then AAAA records. As with
776 attributes are used as the DNS server. The
778 flag will return all records. The
782 to query the dns server through
793 % ndb/query sys helix
794 sys=helix dom=helix.research.bell-labs.com bootf=/mips/9powerboot
795 ip=135.104.117.31 ether=080069020427
801 .B plan9.bell-labs.com
802 and its IP address in the DNS.
806 > plan9.bell-labs.com ip
807 plan9.bell-labs.com ip 204.178.31.2
809 2.31.178.204.in-addr.arpa ptr plan9.bell-labs.com
810 2.31.178.204.in-addr.arpa ptr ampl.com
814 Print the names of all systems that boot via PXE.
817 % ndb/query -a bootf /386/9bootpxe sys
820 .TF /lib/ndb/local.*xxx
823 resolver's DNS servers' IP addresses.
826 first database file searched
856 databases are case-sensitive;
857 ethernet addresses must be in lower-case hexadecimal.