CONTENTS Title Page Copyright Page Preface 1 Introduction to DNS 1.1 DECnet-VAX Uses DNS 1.2 How DNS Works 1.3 What's in a Namespace? 1.3.1 Replicas and Their Contents 1.3.1.1 Object Entries 1.3.1.2 Soft Links 1.3.1.3 Child Pointers 1.3.2 Putting It All Together 1.4 How DECnet-VAX Uses the Namespace 1.4.1 Node Objects 1.4.2 Backtranslation Soft Links 1.4.3 Node Synonyms 1.5 How DNS Protects Names 1.5.1 Access Rights 1.5.2 Access Control Groups 2 How DNS Looks Up Names 2.1 The Structure of a Name 2.2 Translating From Names to Resources 2.3 How DNS Finds Names 3 How DNS Updates Data 3.1 Update Propagation 3.2 The Skulk Operation 3.3 How Timestamps Help Keep Data Consistent 4 DNS Naming Guidelines 4.1 General Naming Guidelines 4.2 Guidelines for Naming Clearinghouses 4.3 Guidelines for Naming Namespaces 5 Basic Namespace Planning 5.1 Step 1: Should You Have Multiple Namespaces? 5.1.1 What To Do If a Namespace Already Exists 5.2 Step 2: Plan a Naming Policy 5.3 Step 3: Should You Create a Directory Hierarchy? 5.4 Step 4: Plan an Access Control Policy 5.5 Step 5: Plan the Replication of Directories 5.6 Step 6: Select DNS Servers 5.6.1 Server Placement Guidelines for LANs and Extended LANs 5.6.2 Server Placement Guidelines for Sites Connected by a WAN 6 Advanced Namespace Planning 6.1 Planning a Directory Hierarchy 6.1.1 Consider Geographic and Functional Directory Names 6.1.2 Plan Access Along with Directory Structure 6.1.3 Other Directory Planning Tips 6.2 Replicating Directories in a Large Network 6.2.1 Replicating the DECnet Directories 6.2.2 How Clearinghouse Names Affect Replication 7 The Story of a Namespace Design 7.1 Part 1: Planning and Configuring the Namespace 7.1.1 Designing the Directory Structure 7.1.2 Choosing Servers and Planning Replication 7.2 Part 2: The Namespace Grows 8 Managing DNS 8.1 Using DNS$CONTROL 8.1.1 Requirements for Using DNS$CONTROL 8.1.2 Invoking DNS$CONTROL 8.1.3 Exiting DNS$CONTROL 8.1.4 Getting Help on DNS$CONTROL 8.1.5 DNS$CONTROL Command Syntax 8.2 Summary of DNS$CONTROL Commands 8.3 Managing Access Control 8.3.1 Displaying Access Rights 8.3.2 Users and Access Control 8.3.3 Creating and Managing Groups 8.3.3.1 Adding and Removing Group Members 8.3.3.2 Displaying Group Members 8.3.4 Types of Access Rights 8.3.5 Access Flags for the ADD ACCESS Command 8.3.6 Adding Access Rights 8.3.7 Removing Access 8.3.8 Determining Access 8.3.9 Required Access Rights for DNS Servers 8.3.10 Access Rights Summary 8.4 Constructing a Hierarchical Namespace 8.4.1 Creating a Hierarchical Namespace in a Single-Server Network 8.4.2 Creating a Hierarchical Namespace in a Multiserver Network 8.5 Displaying Information Stored in the Namespace 8.5.1 Displaying Access Control Information 8.5.2 Displaying Attribute Information 8.5.2.1 Displaying Attribute Values 8.5.2.2 Displaying the Names of Known Attributes 8.5.3 Displaying the Contents of Namespace Entries 8.5.3.1 Displaying the Contents of a Clearinghouse 8.5.3.2 Displaying the Contents of a Directory 8.5.3.3 Displaying the Contents of a Group 8.6 Preserving DNS Data 8.6.1 Preserving Data With DNS 8.6.2 Preserving Data With the VMS Backup Utility 8.7 Managing DNS Servers 8.7.1 Starting and Stopping Clearinghouses 8.7.2 Starting and Stopping DNS Servers 8.7.3 Reclaiming Unused Clearinghouse Space 8.7.4 Modifying Clearinghouse RMS Buffer Counts 8.7.5 Displaying Clearinghouse Information 8.7.6 Setting the DNS Timezone 8.7.6.1 Resetting the DNS Timezone Value 8.7.7 Using a Backup Copy of Database File 8.7.8 Maintaining and Tuning 8.7.8.1 Tuning 8.7.8.2 Using the Event Log 8.8 Distributing the Namespace 8.8.1 Installing Additional Servers 8.8.2 Naming Clearinghouses 8.8.2.1 Specifying the Location of a Clearinghouse Object 8.8.2.2 Allowing Directories to Store Clearinghouse Objects 8.8.3 Creating Master and Read-Only Replicas 8.8.4 Distributing Read-Only Replicas to Multiple Clearinghouses 8.8.5 Updating Directories 8.8.6 Clearinghouse Update 8.9 Restructuring the Namespace 8.9.1 Moving a Clearinghouse 8.9.2 Deleting a Clearinghouse 8.9.3 Creating and Deleting Soft Links 8.9.4 Relocating a Master Replica in a New Clearinghouse 8.9.5 Removing Directory Replicas from Permanently Unavailable Clearinghouses 8.9.6 Deleting a Directory 8.9.7 Removing a Directory 9 DNS$CONTROL Commands ADD ACCESS ADD CLEARINGHOUSE ADD MEMBER COPY DIRECTORY CREATE DIRECTORY CREATE GROUP CREATE LINK DELETE CLEARINGHOUSE DELETE DIRECTORY DELETE GROUP DELETE LINK DELETE OBJECT EXIT HELP REBUILD CLEARINGHOUSE REBUILD DIRECTORY REMOVE ACCESS REMOVE CLEARINGHOUSE REMOVE DIRECTORY REMOVE MEMBER SET CLEARINGHOUSE SET DIRECTORY SET TIMEZONE SHOW ACCESS SHOW ACTIVE CLEARINGHOUSES SHOW CHARACTERISTICS SHOW CHILD SHOW CLEARINGHOUSE SHOW DIRECTORY SHOW GROUP SHOW KNOWN CLEARINGHOUSES SHOW LINK SHOW NAMESERVER SHOW OBJECT SHOW VERSION START CLEARINGHOUSE STOP CLEARINGHOUSE UPDATE DIRECTORY A Error Handling B Attribute Tables C DNS Events C.1 Event Messages C.2 Meaning of Event Messages and Action to Take D Valid Characters for DNS Names E Special Clearinghouse Rules E.1 Clearinghouse Rule 1 E.1.1 Using Clearinghouse Rule 1 E.2 Clearinghouse Rule 2 E.2.1 Using Rule 2 F Creating Logicals F.1 Naming Syntax F.2 Logical Names G DNS and DECdns Interoperability Glossary EXAMPLES 8-1 Adding Access Rights With the DEFAULT flag 8-2 Adding and Modifying Access Rights Without the DEFAULT Flag 8-3 Adding Access Rights With the BACKDOOR flag 8-4 Example of Removing Access Rights Without the DEFAULT Flag: 8-5 Showing Access to Clearinghouses 8-6 Showing Access to Directories 8-7 Showing Access to a Clearinghouse Object 8-8 Showing Access to an Object 8-9 Showing Access to a Soft Link 8-10 Showing Access to a Group 8-11 SHOW CHARACTERISTICS CLEARINGHOUSE Command Display 8-12 SHOW CHARACTERISTICS DIRECTORY Command Display 8-13 SHOW CHARACTERISTICS OBJECT Command Display 8-14 SHOW CHARACTERISTICS LINK Command Display 8-15 SHOW CHARACTERISTICS CHILD Command Display 8-16 SHOW ATTRIBUTE Command Display 8-17 SHOW KNOWN ATTRIBUTES Command Display 8-18 Using the SHOW DIRECTORY Command for Child Directories 8-19 Using the SHOW DIRECTORY Command for Objects 8-20 Using the SHOW DIRECTORY Command for Soft Links 8-21 SHOW GROUP Command Display 8-22 SHOW ACTIVE CLEARININGHOUSES Command Display 8-23 SHOW CLEARINGHOUSE Command Display 8-24 SHOW CLEARINGHOUSE Command Display 8-25 Using the REBUILD DIRECTORY Command FIGURES 1-1 Sample DNS LAN Configuration 1-2 A Simple Lookup 1-3 Sample Namespace Directory Hierarchy 1-4 Components of a DNS Server Node 2-1 Logical and Physical Views of a Namespace 2-2 A Node Object and a Node 2-3 Clearinghouse Objects and Clearinghouses 2-4 A Soft Link and Its Resolution 2-5 Child Pointers and Directories 2-6 How the Clerk Finds a Name 7-1 The IAF Network 7-2 IAF Namespace Hierarchy 7-3 Complete IAF Namespace Hierarchy 7-4 Replication Plan for New York Servers 7-5 Expanded IAF Network 7-6 New Servers and Their Contents 7-7 New York Server Contents a Year Later 8-1 Hierarchy of Directories in a Single-Server Network 8-2 Hierarchy of Directories in a Multiserver Network TABLES 7-1 IAF Corporation DNS Server Plan 8-1 DNS$CONTROL Commands and Functions 8-2 DNS Access Rights 8-3 Accessing Information Stored in DNS Attributes B-1 Global Attributes B-2 Summary of Global Attributes C-1 DNS Events D-1 Valid Character Codes in Unquoted DNS Names D-2 Valid Character Codes in Quoted DNS Names