Open System Services Management and Operations Guide (G06.27+, H06.04+)
Managing Servers
Open System Services Management and Operations Guide—527191-003
4-7
Configuration Files
The secure version of named can be used with the DNS security extensions. The DNS
security extensions (DNSSEC) are a collection of resource records and protocol
modifications that add data origin authentication and data integrity to the DNS. Domain
name servers that employ DNSSEC add digital signatures to their zone files. By
checking the signature, other security-aware domain name servers can verify the
integrity and authenticity of DNS data. For more information on this implementation of
DNS, see RFCs 1033, 1034, and 1035, the BIND 9 Administrator Reference Manual,
and the DNS Configuration and Management Manual.
The lightweight resolver utility, lwresd, is available for use with specific application
program interface (API) functions. The lwresd server provides certain services for
applications when the T0709 APIs in product T0709 are used.
The rndc utility provides a control interface for named and also starts from an OSS
shell. The nsupdate dynamic DNS update utility submits dynamic DNS update
requests (as defined in RFC 2136) to named. This utility allows resource records to be
added or removed from a zone without manually editing the zone file. A single update
request can contain requests to add or remove more than one resource record.
See the named(8), lwresd(8), rndc(8), and nsupdate(8) reference pages
online for more information about the nonsecure version of these BIND 9 programs.
See the dnssec_named(8), lwresd(8), dnssec_rndc(8), and
dnssec_nsupdate(8) reference pages online for more information about the secure
version of these BIND 9 programs.
Configuration Files
Each OSS server has its own configuration file requirements. Some OSS servers
share database files. Other servers use text files created in the OSS file system or
maintained in the Guardian environment.
The following subsections describe the configuration files used by each OSS server. All
these files should be secured according to site security procedures so that only a
system administrator can alter or remove them; see the recommendations in
Preventing Security Problems on page 8-28.
Configuration Files Used for the OSS Name Servers
The OSS Monitor uses the following configuration files to manage OSS name server
operation and OSS file access:
•
The ZOSSFSET File on page 4-8
•
The ZOSSPARM File on page 4-13
•
The ZOSSSERV File on page 4-14
•
The Storage-Pool Files on page 4-17
Caution. If any of these configuration files are accidentally deleted, the current configuration
of the OSS environment is lost. You should make frequent backups for these files.