Manualshelf

Open System Services Management and Operations Guide (G06.30+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
919293949596979899100
The named process provides services comparable to the older Guardian-based T6021 DNS product
but implements part of the Berkeley Internet Name Domain (BIND) 9 distribution from the Internet
Software Consortium (ISC). Two versions of named are available:
Product T0685, a version based upon BIND 9.2.3, without security features
Product T0708, a secure version based upon BIND 9.3
Both versions can be run on an HP NonStop node at the same time if they have been started on
different IP addresses and configured to maintain their own sets of data files.
The secure version of named can be used with the DNS security extensions. The DNS security
extensions (DNSSEC) are a collection of resource records and protocol modifications that add
data origin authentication and data integrity to the DNS. Domain name servers that employ DNSSEC
add digital signatures to their zone files. By checking the signature, other security-aware domain
name servers can verify the integrity and authenticity of DNS data. For more information on this
implementation of DNS, see RFCs 1033, 1034, and 1035, the BIND 9 Administrator Reference
Manual, and the DNS Configuration and Management Manual.
The lightweight resolver utility, lwresd, is available for use with specific application program
interface (API) functions. The lwresd server provides certain services for applications when the
T0709 APIs in product T0709 are used.
The rndc utility provides a control interface for named and also starts from an OSS shell. The
nsupdate dynamic DNS update utility submits dynamic DNS update requests (as defined in RFC
2136) to named. This utility allows resource records to be added or removed from a zone without
manually editing the zone file. A single update request can contain requests to add or remove
more than one resource record.
See the named(8), lwresd(8), rndc(8), and nsupdate(8) reference pages online for more
information about the nonsecure version of these BIND 9 programs. See the dnssec_named(8),
lwresd(8), dnssec_rndc(8), and dnssec_nsupdate(8) reference pages online for more
information about the secure version of these BIND 9 programs.
Configuration Files
Each OSS server has its own configuration file requirements. Some OSS servers share database
files. Other servers use text files created in the OSS file system or maintained in the Guardian
environment.
The following subsections describe the configuration files used by each OSS server. All these files
should be secured according to site security procedures so that only a system administrator can
alter or remove them; see the recommendations in “Preventing Security Problems” (page 227).
CAUTION: If any of these configuration files are accidentally deleted, the current configuration
of the OSS environment is lost. You should make frequent backups for these files.
Configuration Files Used for the OSS Name Servers
The OSS Monitor uses the following configuration files to manage OSS name server operation
and OSS file access:
“The ZOSSFSET File” (page 101)
“The ZOSSPARM File” (page 106)
“The ZOSSSERV File” (page 107)
“The Storage-Pool Files” (page 110)
These files must be in the subvolume $SYSTEM.ZXOSSMON. Beginning with the G05.00 release
version update (RVU), all these files except the storage-pool files are created automatically if they
are missing when the OSS Monitor is started.
100 Managing Servers