kea/doc/guide/bind10-guide.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY mdash  "&#x2014;" >
<!ENTITY % version SYSTEM "version.ent">
%version;
]>

<!--
 - Copyright (C) 2010-2013  Internet Systems Consortium, Inc. ("ISC")
 -
 - Permission to use, copy, modify, and/or distribute this software for any
 - purpose with or without fee is hereby granted, provided that the above
 - copyright notice and this permission notice appear in all copies.
 -
 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 - PERFORMANCE OF THIS SOFTWARE.
-->

<book>
  <?xml-stylesheet href="bind10-guide.css" type="text/css"?>

  <bookinfo>
    <title>BIND 10 Guide</title>
    <subtitle>Administrator Reference for BIND 10</subtitle>

    <copyright>
      <year>2010-2013</year><holder>Internet Systems Consortium, Inc.</holder>
    </copyright>

    <abstract>
      <para>BIND 10 is a framework that features Domain Name System
      (DNS) suite and Dynamic Host Configuration Protocol (DHCP)
      servers with development managed by Internet Systems Consortium (ISC).
      It includes DNS libraries, modular components for controlling
      authoritative and recursive DNS servers, and experimental DHCPv4
      and DHCPv6 servers.
      </para>
      <para>
        This is the reference guide for BIND 10 version &__VERSION__;.
        The most up-to-date version of this document (in PDF, HTML,
        and plain text formats), along with other documents for
        BIND 10, can be found at <ulink url="http://bind10.isc.org/docs"/>.
        </para> </abstract>

      <releaseinfo>This is the reference guide for BIND 10 version
        &__VERSION__;.</releaseinfo>

  </bookinfo>

  <preface>
    <title>Preface</title>

    <section id="acknowledgements">
      <title>Acknowledgements</title>

      <para>BIND 10 is a sponsored development project, and would not
      be possible without the generous support of the sponsors.</para>

      <para><ulink url="http://jprs.co.jp/">JPRS</ulink> and
      <ulink url="http://cira.ca/">CIRA</ulink> are Patron Level
      sponsors.</para>

      <para><ulink url="https://www.afnic.fr/">AFNIC</ulink>,
      <ulink url="https://www.cnnic.net.cn/">CNNIC</ulink>,
      <ulink url="https://www.nic.cz/">CZ.NIC</ulink>,
      <ulink url="http://www.denic.de/">DENIC eG</ulink>,
      <ulink url="https://www.google.com/">Google</ulink>,
      <ulink url="https://www.ripe.net/">RIPE NCC</ulink>,
      <ulink url="https://registro.br/">Registro.br</ulink>,
      <ulink url="https://nzrs.net.nz/">.nz Registry Services</ulink>, and
      <ulink url="https://www.tcinet.ru/">Technical Center of Internet</ulink>
      are current sponsors.</para>

      <para><ulink url="https://www.afilias.info/">Afilias</ulink>,
      <ulink url="https://www.iis.se/">IIS.SE</ulink>,
      <ulink url="http://www.nominet.org.uk/">Nominet</ulink>, and
      <ulink url="https://www.sidn.nl/">SIDN</ulink> were founding
      sponsors of the project.</para>

<!-- DHCP sponsorship by Comcast -->

      <para>Support for BIND 10 development of the DHCPv4 and DHCPv6
      components is provided by
      <ulink url="http://www.comcast.com/">Comcast</ulink>.</para>

    </section>

  </preface>

  <chapter id="intro">
    <title>Introduction</title>
    <para>
      BIND is the popular implementation of a DNS server, developer
      interfaces, and DNS tools.
      BIND 10 is a rewrite of BIND 9 and ISC DHCP.
      BIND 10 is written in C++ and Python and provides a modular
      environment for serving, maintaining, and developing DNS and DHCP.
      BIND 10 provides a EDNS0- and DNSSEC-capable authoritative
      DNS server and a caching recursive name server which also
      provides forwarding.
      It also provides experimental DHCPv4 and DHCPv6 servers.
    </para>

    <para>
      This guide covers BIND 10 version &__VERSION__;.
    </para>

    <section>
      <title>Supported Platforms</title>
      <para>
  BIND 10 builds have been tested on (in no particular order)
  Debian GNU/Linux 6 and unstable, Ubuntu 9.10, NetBSD 5,
  Solaris 10 and 11, FreeBSD 7 and 8, CentOS Linux 5.3,
  MacOS 10.6 and 10.7, and OpenBSD 5.1.

  It has been tested on Sparc, i386, and amd64 hardware
  platforms.

        It is planned for BIND 10 to build, install and run on
        Windows and standard Unix-type platforms.
      </para>
    </section>

    <section id="required-software">
      <title>Required Software at Run-time</title>

      <para>
        Running BIND 10 uses various extra software which may
        not be provided in some operating systems' default
        installations nor standard packages collections. You may
        need to install this required software separately.
        (For the build requirements, also see
        <xref linkend="build-requirements"/>.)
      </para>

      <para>
        BIND 10 requires at least Python 3.1
        (<ulink url="http://www.python.org/"/>).
        It also works with Python 3.2.
      </para>

      <para>
        BIND 10 uses the Botan crypto library for C++
        (<ulink url="http://botan.randombit.net/"/>).
        It requires at least Botan version 1.8.
      </para>

      <para>
        BIND 10 uses the log4cplus C++ logging library
        (<ulink url="http://log4cplus.sourceforge.net/"/>).
        It requires at least log4cplus version 1.0.3.
<!-- TODO: It is recommended to use at least version .... -->
      </para>

      <para>
        The authoritative DNS server uses SQLite3
        (<ulink url="http://www.sqlite.org/"/>).
<!-- TODO: is this still required? -->
        It needs at least SQLite version 3.3.9.
      </para>

      <para>
        The <command>b10-ddns</command>, <command>b10-xfrin</command>,
        <command>b10-xfrout</command>, and <command>b10-zonemgr</command>
        components require the libpython3 library and the Python
        _sqlite3.so module (which is included with Python).
        Python modules need to be built for the corresponding Python 3.
      </para>
<!-- TODO: this will change ... -->
    </section>

    <section id="starting_stopping">
      <title>Starting and Stopping the Server</title>

      <para>
        BIND 10 is modular.  Part of this modularity is
        accomplished using multiple cooperating processes which, together,
        provide the server functionality.  This is a change from
        the previous generation of BIND software, which used a
        single process.
      </para>

      <para>
        At first, running many different processes may seem confusing.
        However, these processes are started by running a single
	command, <command>bind10</command>.  This command starts
	a master process, <command>b10-init</command>, which will
	start other required processes and other processes when
	configured.  The processes that may be started have names
	starting with "b10-", including:
      </para>

      <para>

        <itemizedlist>

          <listitem>
            <simpara>
              <command>b10-auth</command> &mdash;
              Authoritative DNS server.
              This process serves DNS requests.
            </simpara>
          </listitem>

          <listitem>
            <simpara>
              <command>b10-cfgmgr</command> &mdash;
              Configuration manager.
              This process maintains all of the configuration for BIND 10.
            </simpara>
          </listitem>

          <listitem>
            <simpara>
              <command>b10-cmdctl</command> &mdash;
              Command and control service.
              This process allows external control of the BIND 10 system.
            </simpara>
          </listitem>

          <listitem>
            <simpara>
              <command>b10-ddns</command> &mdash;
              Dynamic DNS update service.
              This process is used to handle incoming DNS update
              requests to allow granted clients to update zones
	      for which BIND 10 is serving as a primary server.
            </simpara>
          </listitem>

          <listitem>
            <simpara>
              <command>b10-msgq</command> &mdash;
              Message bus daemon.
              This process coordinates communication between all of the other
              BIND 10 processes.
            </simpara>
          </listitem>

          <listitem>
            <simpara>
              <command>b10-resolver</command> &mdash;
              Recursive name server.
              This process handles incoming DNS queries and provides
              answers from its cache or by recursively doing remote lookups.
              (This is an experimental proof of concept.)
            </simpara>
          </listitem>

          <listitem>
            <simpara>
              <command>b10-sockcreator</command> &mdash;
              Socket creator daemon.
              This process creates sockets used by
              network-listening BIND 10 processes.
            </simpara>
          </listitem>

          <listitem>
            <simpara>
              <command>b10-stats</command> &mdash;
              Statistics collection daemon.
              This process collects and reports statistics data.
            </simpara>
          </listitem>

          <listitem>
            <simpara>
              <command>b10-stats-httpd</command> &mdash;
              HTTP server for statistics reporting.
              This process reports statistics data in XML format over HTTP.
            </simpara>
          </listitem>

          <listitem>
            <simpara>
              <command>b10-xfrin</command> &mdash;
              Incoming zone transfer service.
              This process is used to transfer a new copy
              of a zone into BIND 10, when acting as a secondary server.
            </simpara>
          </listitem>

          <listitem>
            <simpara>
              <command>b10-xfrout</command> &mdash;
              Outgoing zone transfer service.
              This process is used to handle transfer requests to
              send a local zone to a remote secondary server.
            </simpara>
          </listitem>

          <listitem>
            <simpara>
              <command>b10-zonemgr</command> &mdash;
              Secondary zone manager.
              This process keeps track of timers and other
              necessary information for BIND 10 to act as a slave server.
            </simpara>
          </listitem>

        </itemizedlist>
      </para>

      <para>
        These do not need to be manually started independently.
      </para>

    </section>

    <section id="managing_once_running">
      <title>Managing BIND 10</title>

      <para>
        Once BIND 10 is running, a few commands are used to interact
        directly with the system:
        <itemizedlist>
          <listitem>
            <simpara>
              <command>bindctl</command> &mdash;
              Interactive administration interface.
              This is a low-level command-line tool which allows
              a developer or an experienced administrator to control
              BIND 10.
            </simpara>
          </listitem>
          <listitem>
            <simpara>
              <command>b10-loadzone</command> &mdash;
              Zone file loader.
              This tool will load standard masterfile-format zone files into
              BIND 10.
            </simpara>
          </listitem>
          <listitem>
            <simpara>
              <command>b10-cmdctl-usermgr</command> &mdash;
              User access control.
              This tool allows an administrator to authorize additional users
              to manage BIND 10.
            </simpara>
          </listitem>
  <!-- TODO usermgr -->
        </itemizedlist>
      </para>
    </section>

    <para>
      The tools and modules are covered in full detail in this guide.
<!-- TODO point to these -->
      In addition, manual pages are also provided in the default installation.
    </para>

<!--
bin/
  bindctl*
  host*
lib/
  libauth
  libdns
  libexceptions
  python3.1/site-packages/isc/{cc,config}
sbin/
  bind10
share/
  share/bind10/
    auth.spec
    b10-cmdctl.pem
    init.spec
    passwd.csv
  man/
var/
  bind10/b10-config.db
-->

    <para>
      BIND 10 also provides libraries and programmer interfaces
      for C++ and Python for the message bus, configuration backend,
      and, of course, DNS. These include detailed developer
      documentation and code examples.
<!-- TODO: DHCP also but no Python yet. -->
<!-- TODO point to this -->
    </para>

  </chapter>

  <chapter id="quickstart">
    <title>Quick start</title>

    <para>
        This quickly covers the standard steps for installing
        and deploying BIND 10.
        For further details, full customizations, and troubleshooting,
        see the respective chapters in the BIND 10 guide.
    </para>

    <section id="quick-start-auth-dns">
      <title>Quick start guide for authoritative DNS service</title>

      <orderedlist>

        <listitem>
          <simpara>
            Install required run-time and build dependencies.
          </simpara>
        </listitem>

        <listitem>
          <simpara>
            Download the BIND 10 source tar file from
            <ulink url="ftp://ftp.isc.org/isc/bind10/"/>.
          </simpara>
        </listitem>

        <listitem>
          <para>Extract the tar file:
          <screen>$ <userinput>gzcat bind10-<replaceable>VERSION</replaceable>.tar.gz | tar -xvf -</userinput></screen>
          </para>
        </listitem>

        <listitem>
          <para>Go into the source and run configure:
            <screen>$ <userinput>cd bind10-<replaceable>VERSION</replaceable></userinput>
  $ <userinput>./configure</userinput></screen>
          </para>
        </listitem>

        <listitem>
          <para>Build it:
            <screen>$ <userinput>make</userinput></screen>
          </para>
        </listitem>

        <listitem>
          <para>Install it as root (to default /usr/local):
            <screen>$ <userinput>make install</userinput></screen>
          </para>
        </listitem>

        <listitem>
          <para>Create a user for yourself:
            <screen>$ <userinput>cd /usr/local/etc/bind10/</userinput></screen>
            <screen>$ <userinput>/usr/local/sbin/b10-cmdctl-usermgr</userinput></screen>
          </para>
        </listitem>

        <listitem>
          <para>Start the server (as root):
            <screen>$ <userinput>/usr/local/sbin/bind10</userinput></screen>
          </para>
        </listitem>

        <listitem>
          <para>DNS and DHCP components are not started in the default
	    configuration.  In another console, enable the authoritative
	    DNS service (by using the <command>bindctl</command> utility
	    to configure the <command>b10-auth</command> component to
	    run): <screen>$ <userinput>bindctl</userinput></screen>
	    (Login with the username and password you used above to create a user.)
            <screen>
&gt; <userinput>config add Init/components b10-auth</userinput>
&gt; <userinput>config set Init/components/b10-auth/special auth</userinput>
&gt; <userinput>config set Init/components/b10-auth/kind needed</userinput>
&gt; <userinput>config commit</userinput>
&gt; <userinput>quit</userinput>
            </screen>
          </para>
        </listitem>

        <listitem>
         <para>Test it; for example:
            <screen>$ <userinput>dig @127.0.0.1 -c CH -t TXT version.bind</userinput></screen>
         </para>
        </listitem>

        <listitem>
          <para>Load desired zone file(s), for example:
            <screen>$ <userinput>b10-loadzone <replaceable>-c '{"database_file": "/usr/local/var/bind10/zone.sqlite3"}'</replaceable> <replaceable>your.zone.example.org</replaceable> <replaceable>your.zone.file</replaceable></userinput></screen>
          </para>
	  (If you use the sqlite3 data source with the default DB
	  file, you can omit the -c option).
        </listitem>

        <listitem>
          <simpara>
            Test the new zone.
          </simpara>
        </listitem>

      </orderedlist>

    </section>

  </chapter>

  <chapter id="installation">
    <title>Installation</title>

    <section id="packages">
      <title>Packages</title>

      <para>
        Some operating systems or software package vendors may
        provide ready-to-use, pre-built software packages for
        the BIND 10 suite.
        Installing a pre-built package means you do not need to
        install build-only prerequisites and do not need to
        <emphasis>make</emphasis> the software.
      </para>

      <para>
        FreeBSD ports, NetBSD pkgsrc, and Debian
        <emphasis>testing</emphasis> package collections provide
        all the prerequisite packages.
      </para>
    </section>

    <section id="install-hierarchy">
      <title>Install Hierarchy</title>
      <para>
        The following is the standard, common layout of the
        complete BIND 10 installation:
        <itemizedlist>
          <listitem>
           <simpara>
              <filename>bin/</filename> &mdash;
              general tools and diagnostic clients.
            </simpara>
          </listitem>
          <listitem>
          <simpara>
            <filename>etc/bind10/</filename> &mdash;
            configuration files.
          </simpara>
          </listitem>
          <listitem>
            <simpara>
              <filename>lib/</filename> &mdash;
              libraries and python modules.
            </simpara>
          </listitem>
          <listitem>
            <simpara>
              <filename>libexec/bind10/</filename> &mdash;
              executables that a user wouldn't normally run directly and
              are not run independently.
              These are the BIND 10 modules which are daemons started by
              the <command>b10-init</command> master process.
            </simpara>
          </listitem>
          <listitem>
            <simpara>
              <filename>sbin/</filename> &mdash;
              commands used by the system administrator.
            </simpara>
          </listitem>
          <listitem>
            <simpara>
              <filename>share/bind10/</filename> &mdash;
              configuration specifications.
            </simpara>
          </listitem>
          <listitem>
            <simpara>
              <filename>share/doc/bind10/</filename> &mdash;
              this guide and other supplementary documentation.
            </simpara>
          </listitem>
          <listitem>
            <simpara>
              <filename>share/man/</filename> &mdash;
              manual pages (online documentation).
            </simpara>
          </listitem>
          <listitem>
            <simpara>
              <filename>var/bind10/</filename> &mdash;
              data source and configuration databases.
            </simpara>
          </listitem>
        </itemizedlist>
      </para>
    </section>

    <section id="build-requirements">
      <title>Building Requirements</title>

        <para>
          In addition to the run-time requirements (listed in
          <xref linkend="required-software"/>), building BIND 10
          from source code requires various development include headers and
          program development tools.
        </para>

        <note>
          <simpara>
            Some operating systems have split their distribution packages into
            a run-time and a development package.  You will need to install
            the development package versions, which include header files and
            libraries, to build BIND 10 from source code.
          </simpara>
        </note>

        <para>
          Building from source code requires the Boost
          build-time headers
          (<ulink url="http://www.boost.org/"/>).
          At least Boost version 1.35 is required.
  <!-- TODO: we don't check for this version -->
  <!-- NOTE: jreed has tested with 1.34, 1.38, and 1.41. -->
        </para>

        <para>
          To build BIND 10, also install the Botan (at least version
          1.8) and the log4cplus (at least version 1.0.3)
          development include headers.
        </para>

<!--
TODO
Debian and Ubuntu:
 libgmp3-dev and libbz2-dev required for botan too
-->

<!-- NOTE: _sqlite3 is only needed at test time; it is already listed
as a dependency earlier -->

        <para>
          Building BIND 10 also requires a C++ compiler and
          standard development headers, make, and pkg-config.
          BIND 10 builds have been tested with GCC g++ 3.4.3, 4.1.2,
          4.1.3, 4.2.1, 4.3.2, and 4.4.1; Clang++ 2.8; and Sun C++ 5.10.
        </para>

        <para>
          Visit the user-contributed wiki at <ulink
          url="http://bind10.isc.org/wiki/SystemSpecificNotes" />
          for system-specific installation tips.
        </para>

    </section>

    <section id="install">
      <title>Installation from source</title>
      <para>
        BIND 10 is open source software written in C++ and Python.
        It is freely available in source code form from ISC as a
        downloadable tar file or via BIND 10's Git code revision control
        service. (It may also be available in pre-compiled ready-to-use
        packages from operating system vendors.)
      </para>

      <section>
        <title>Download Tar File</title>
        <para>
          Downloading a release tar file is the recommended method to
          obtain the source code.
        </para>

        <para>
          The BIND 10 releases are available as tar file downloads from
          <ulink url="ftp://ftp.isc.org/isc/bind10/"/>.
          Periodic development snapshots may also be available.
        </para>
  <!-- TODO -->
      </section>

      <section>
        <title>Retrieve from Git</title>
        <para>
          Downloading this "bleeding edge" code is recommended only for
          developers or advanced users.  Using development code in a production
          environment is not recommended.
        </para>

        <note>
          <para>
            When using source code retrieved via Git, additional
            software will be required:  automake (v1.11 or newer),
            libtoolize, and autoconf (2.59 or newer).
            These may need to be installed.
          </para>
        </note>

        <para>
          The latest development code (and temporary experiments
          and un-reviewed code) is available via the BIND 10 code revision
          control system. This is powered by Git and all the BIND 10
          development is public.
          The leading development is done in the <quote>master</quote>
          branch.
        </para>
        <para>
          The code can be checked out from
          <filename>git://git.bind10.isc.org/bind10</filename>;
          for example:

        <screen>$ <userinput>git clone git://git.bind10.isc.org/bind10</userinput></screen>
        </para>

        <para>
          When checking out the code from
          the code version control system, it doesn't include the
          generated configure script, Makefile.in files, nor their
          related build files.
          They can be created by running <command>autoreconf</command>
          with the <option>--install</option> switch.
          This will run <command>autoconf</command>,
          <command>aclocal</command>,
          <command>libtoolize</command>,
          <command>autoheader</command>,
          <command>automake</command>,
          and related commands.
        </para>

      </section>


      <section id="configure">
        <title>Configure before the build</title>
        <para>
          BIND 10 uses the GNU Build System to discover build environment
          details.
          To generate the makefiles using the defaults, simply run:
          <screen>$ <userinput>./configure</userinput></screen>
        </para>
        <para>
          Run <command>./configure</command> with the <option>--help</option>
          switch to view the different options. Some commonly-used options are:

          <variablelist>

          <varlistentry>
            <term>--prefix</term>
            <listitem>
              <simpara>Define the installation location (the
                default is <filename>/usr/local/</filename>).
              </simpara>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>--with-boost-include</term>
            <listitem>
              <simpara>Define the path to find the Boost headers.
              </simpara>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>--with-pythonpath</term>
            <listitem>
              <simpara>Define the path to Python 3.1 if it is not in the
                standard execution path.
              </simpara>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>--with-gtest</term>
            <listitem>
              <simpara>Enable building the C++ Unit Tests using the
                Google Tests framework. Optionally this can define the
                path to the gtest header files and library.
              </simpara>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>--without-werror</term>
            <listitem>
              <simpara>Disable the default use of the
		<option>-Werror</option> compiler flag so that
		compiler warnings aren't build failures.
              </simpara>
            </listitem>
          </varlistentry>

          </variablelist>
          <note>
            <para>
              For additional instructions concerning the building and installation of
              BIND 10 DHCP, see <xref linkend="dhcp-install-configure"/>.
            </para>
          </note>
        </para>
  <!-- TODO: lcov -->

        <para>
          For example, the following configures it to
    find the Boost headers, find the
    Python interpreter, and sets the installation location:

          <screen>$ <userinput>./configure \
      --with-boost-include=/usr/pkg/include \
      --with-pythonpath=/usr/pkg/bin/python3.1 \
      --prefix=/opt/bind10</userinput></screen>
        </para>

        <para>
          If the configure fails, it may be due to missing or old
          dependencies.
        </para>


      </section>

      <section>
        <title>Build</title>
        <para>
    After the configure step is complete, to build the executables
    from the C++ code and prepare the Python scripts, run:

          <screen>$ <userinput>make</userinput></screen>
        </para>
      </section>

      <section>
        <title>Install</title>
        <para>
          To install the BIND 10 executables, support files,
          and documentation, run:
          <screen>$ <userinput>make install</userinput></screen>
        </para>
        <note>
          <para>The install step may require superuser privileges.</para>
        </note>
        <para>
	  If required, run <command>ldconfig</command> as root with
	  <filename>/usr/local/lib</filename> (or with ${prefix}/lib if
	  configured with --prefix) in
	  <filename>/etc/ld.so.conf</filename> (or the relevant linker
	  cache configuration file for your OS):
	  <screen>$ <userinput>ldconfig</userinput></screen>
        </para>
        <note>
          <para>
	    If you do not run <command>ldconfig</command> where it is
	    required, you may see errors like the following:
            <screen>
	      program: error while loading shared libraries: libb10-something.so.1:
	      cannot open shared object file: No such file or directory
	    </screen>
	  </para>
        </note>
      </section>

  <!-- TODO: tests -->

    </section>

  <!--
      <section id="install.troubleshooting">
        <title>Troubleshooting</title>
        <para>
        </para>
      </section>
  -->

  </chapter>

  <chapter id="bind10">
    <title>Starting BIND 10 with <command>bind10</command></title>
    <para>
      BIND 10 is started with the <command>bind10</command> command.
      It runs the <command>b10-init</command> daemon which
      starts up the required processes, and
      will also restart some processes that exit unexpectedly.
      <command>bind10</command> is the only command needed to start
      the BIND 10 system.
    </para>

    <para>
      After starting the <command>b10-msgq</command> communications channel,
      <command>b10-init</command> connects to it,
      runs the configuration manager, and reads its own configuration.
      Then it starts the other modules.
    </para>

    <para>
      The <command>b10-sockcreator</command>, <command>b10-msgq</command> and
      <command>b10-cfgmgr</command>
      services make up the core. The <command>b10-msgq</command> daemon
      provides the communication channel between every part of the system.
      The <command>b10-cfgmgr</command> daemon is always needed by every
      module, if only to send information about themselves somewhere,
      but more importantly to ask about their own settings, and
      about other modules. The <command>b10-sockcreator</command> daemon
      helps allocate Internet addresses and ports as needed for BIND 10
      network services.
    </para>

    <para>
      In its default configuration, the <command>b10-init</command>
      master process will also start up
      <command>b10-cmdctl</command> for administration tools to
      communicate with the system, and
      <command>b10-stats</command> for statistics collection.
      The DNS and DHCP servers are not started by default.
      The configuration of components to start is covered in
      <xref linkend="bind10.components"/>.
    </para>

    <section id="start">
      <title>Starting BIND 10</title>
      <para>
        To start the BIND 10 service, simply run <command>bind10</command>
        as root.
        It will run in the foreground and your shell prompt will not
        be available. It will output various log messages as it starts up
        and is used.
        Run it with the <option>--verbose</option> switch to
        get additional debugging or diagnostic output.
      </para>

<!-- TODO: user switch -->

<!-- TODO:  example:  nohup /usr/local/sbin/bind10 1>bind10.log 2>&1 -->

      <note>
        <para>
          If the setproctitle Python module is detected at start up,
          the process names for the Python-based daemons will be renamed
          to better identify them instead of just <quote>python</quote>.
          This is not needed on some operating systems.
        </para>
      </note>

    </section>

  </chapter>

  <chapter id="msgq">
    <title>Command channel</title>

      <para>
        The BIND 10 components use the <command>b10-msgq</command>
        message routing daemon to communicate with other BIND 10 components.
        The <command>b10-msgq</command> implements what is called the
        <quote>Command Channel</quote>.
        Processes intercommunicate by sending messages on the command
        channel.
        Example messages include shutdown, get configurations, and set
        configurations.
        This Command Channel is not used for DNS message passing.
        It is used only to control and monitor the BIND 10 system.
      </para>

      <para>
        Administrators do not communicate directly with the
        <command>b10-msgq</command> daemon.
        By default, BIND 10 uses a UNIX domain socket file named
        <filename>/usr/local/var/bind10/msg_socket</filename>
        for this interprocess communication.
      </para>

  </chapter>

  <chapter id="cfgmgr">
    <title>Configuration manager</title>

      <para>
         The configuration manager, <command>b10-cfgmgr</command>,
         handles all BIND 10 system configuration.  It provides
         persistent storage for configuration, and notifies running
         modules of configuration changes.
      </para>

      <para>
        The <command>b10-auth</command> and <command>b10-xfrin</command>
        daemons and other components receive their configurations
        from the configuration manager over the <command>b10-msgq</command>
        command channel.
      </para>

      <para>The administrator doesn't connect to it directly, but
        uses a user interface to communicate with the configuration
        manager via <command>b10-cmdctl</command>'s REST-ful interface.
        <command>b10-cmdctl</command> is covered in <xref linkend="cmdctl"/>.
      </para>

<!-- TODO -->
      <note>
        <para>
          The current release only provides
          <command>bindctl</command> as a user interface to
          <command>b10-cmdctl</command>.
          Upcoming releases will provide another interactive command-line
          interface and a web-based interface.
        </para>
      </note>

      <para>
        The <command>b10-cfgmgr</command> daemon can send all
        specifications and all current settings to the
        <command>bindctl</command> client (via
        <command>b10-cmdctl</command>).
        <command>b10-cfgmgr</command> relays configurations received
        from <command>b10-cmdctl</command> to the appropriate modules.
      </para>
<!-- TODO:
        Configuration settings for itself are defined as ConfigManager.
TODO: show examples
-->

<!-- TODO:
config changes are actually commands to cfgmgr
-->

<!-- TODO: what about run time config to change this? -->
<!-- jelte: > config set cfgmgr/config_database <file> -->
<!-- TODO: what about command line switch to change this? -->
      <para>
        The stored configuration file is at
        <filename>/usr/local/var/bind10/b10-config.db</filename>.
        (The directory is what was defined at build configure time for
        <option>--localstatedir</option>.
        The default is <filename>/usr/local/var/</filename>.)
        The format is loosely based on JSON and is directly parseable
        python, but this may change in a future version.
        This configuration data file is not manually edited by the
        administrator.
      </para>

<!--

Well the specfiles have a more fixed format (they must contain specific
stuff), but those are also directly parseable python structures (and
'coincidentally', our data::element string representation is the same)

loosely based on json, tweaked to be directly parseable in python, but a
subset of that.
wiki page is http://bind10.isc.org/wiki/DataElementDesign

nope, spec files are written by module developers, and db should be done
through bindctl and friends

-->

    <para>
      The configuration manager does not have any command line arguments.
      Normally it is not started manually, but is automatically
      started using the <command>b10-init</command> master process
      (as covered in <xref linkend="bind10"/>).
    </para>

<!-- TODO: upcoming plans:
configuration for configuration manager itself. And perhaps we might
change the messaging protocol, but an admin should never see any of that
-->

<!-- TODO: show examples, test this -->
<!--
, so an admin can simply run bindctl,
do config show, and it shows all modules; config show >module> shows all
options for that module
-->

  </chapter>

  <chapter id="cmdctl">
    <title>Remote control daemon</title>

    <para>
      <command>b10-cmdctl</command> is the gateway between
      administrators and the BIND 10 system.
      It is a HTTPS server that uses standard HTTP Digest
      Authentication for username and password validation.
      It provides a REST-ful interface for accessing and controlling
      BIND 10.
    </para>
<!-- TODO: copy examples from wiki, try with wget -->

    <para>
      When <command>b10-cmdctl</command> starts, it firsts
      asks <command>b10-cfgmgr</command> about what modules are
      running and what their configuration is (over the
      <command>b10-msgq</command> channel). Then it will start listening
      on HTTPS for clients &mdash; the user interface &mdash; such
      as <command>bindctl</command>.
    </para>

    <para>
      <command>b10-cmdctl</command> directly sends commands
      (received from the user interface) to the specified component.
      Configuration changes are actually commands to
      <command>b10-cfgmgr</command> so are sent there.
    </para>

<!--
TODO:
"For bindctl to list a module's available configurations and
available commands, it communicates over the cmdctl REST interface.
cmdctl then asks cfgmgr over the msgq command channel. Then cfgmgr
asks the module for its specification and also cfgmgr looks in its
own configuration database for current values."

(05:32:03) jelte: i think cmdctl doesn't request it upon a incoming
GET, but rather requests it once and then listens in for updates,
but you might wanna check with likun
-->

<!-- TODO: replace /usr/local -->
<!-- TODO: permissions -->
    <para>The HTTPS server requires a private key,
      such as a RSA PRIVATE KEY.
      The default location is at
      <filename>/usr/local/etc/bind10/cmdctl-keyfile.pem</filename>.
      (A sample key is at
      <filename>/usr/local/share/bind10/cmdctl-keyfile.pem</filename>.)
      It also uses a certificate located at
      <filename>/usr/local/etc/bind10/cmdctl-certfile.pem</filename>.
      (A sample certificate is at
      <filename>/usr/local/share/bind10/cmdctl-certfile.pem</filename>.)
      This may be a self-signed certificate or purchased from a
      certification authority.
    </para>

    <note><para>
      The HTTPS server doesn't support a certificate request from a
      client (at this time).
<!-- TODO: maybe allow request from server side -->
      The <command>b10-cmdctl</command> daemon does not provide a
      public service. If any client wants to control BIND 10, then
      a certificate needs to be first received from the BIND 10
      administrator.
      The BIND 10 installation provides a sample PEM bundle that matches
      the sample key and certificate.
    </para></note>
<!-- TODO: cross-ref -->

<!-- TODO
openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
but that is a single file, maybe this should go back to that format?
-->

<!--
    <para>
(08:20:56) shane: It is in theory possible to run without cmdctl.
(08:21:02) shane: I think we discussed this.
    </para>
-->

<!-- TODO: Please check https://bind10.isc.org/wiki/cmd-ctrld -->


    <para>
      The <command>b10-cmdctl</command> daemon also requires
      the user account file located at
      <filename>/usr/local/etc/bind10/cmdctl-accounts.csv</filename>.
      This comma-delimited file lists the accounts with a user name,
      hashed password, and salt.
    </para>

    <para>
      The administrator may create a user account with the
      <command>b10-cmdctl-usermgr</command> tool.
    </para>
<!-- TODO: show example -->

<!-- TODO: does cmdctl need to be restarted to change cert or key
or accounts database -->

    <para>
      By default the HTTPS server listens on the localhost port 8080.
      The port can be set by using the <option>--port</option> command line option.
      The address to listen on can be set using the <option>--address</option> command
      line argument.
      Each HTTPS connection is stateless and times out in 1200 seconds
      by default.  This can be
      redefined by using the <option>--idle-timeout</option> command line argument.
    </para>

    <section id="cmdctl.spec">
      <title>Configuration specification for b10-cmdctl</title>
      <para>
        The configuration items for <command>b10-cmdctl</command> are:
        <varname>accounts_file</varname> which defines the path to the
        user accounts database (the default is
        <filename>/usr/local/etc/bind10/cmdctl-accounts.csv</filename>);
        <varname>cert_file</varname> which defines the path to the
        PEM certificate file (the default is
        <filename>/usr/local/etc/bind10/cmdctl-certfile.pem</filename>);
        and
	<varname>key_file</varname> which defines the path to the
	PEM private key file (the default is
        <filename>/usr/local/etc/bind10/cmdctl-keyfile.pem</filename>).
      </para>

    </section>

<!--
TODO
(12:21:30) jinmei: I'd like to have sample session using a command line www client such as wget
-->

  </chapter>

  <chapter id="bindctl">
    <title>Control and configure user interface</title>

    <note><para>
      For the current release, <command>bindctl</command>
      is the only user interface. It is expected that upcoming
      releases will provide another interactive command-line
      interface and a web-based interface for controlling and
      configuring BIND 10.
    </para></note>

    <note><para>
      <command>bindctl</command> has an internal command history, as
      well as tab-completion for most of the commands and arguments.
      However, these are only enabled if the python readline module
      is available on the system. If not, neither of these
      features will be supported.
    </para></note>

    <para>
      The <command>bindctl</command> tool provides an interactive
      prompt for configuring, controlling, and querying the BIND 10
      components.
      It communicates directly with a REST-ful interface over HTTPS
      provided by <command>b10-cmdctl</command>. It doesn't
      communicate to any other components directly.
    </para>

    <section id="bindctl_commandline_options">
        <title>bindctl command-line options</title>
        <variablelist>
          <varlistentry>
            <term>-a <replaceable>&lt;address&gt;</replaceable>, --address=<replaceable>&lt;address&gt;</replaceable></term>
            <listitem>
              <simpara>
                  IP address that BIND 10's <command>b10-cmdctl</command>
                  module is listening on. By default, this is 127.0.0.1.
              </simpara>
            </listitem>
          </varlistentry>
          <varlistentry>
            <term>-c <replaceable>&lt;certificate file&gt;</replaceable>, --certificate-chain=<replaceable>&lt;certificate file&gt;</replaceable></term>
            <listitem>
              <simpara>
                  PEM-formatted server certificate file. When this option is
                  given, <command>bindctl</command> will verify the server
                  certificate using the given file as the root of the
                  certificate chain. If not specified, <command>bindctl
                  </command> does not validate the certificate.
              </simpara>
            </listitem>
          </varlistentry>
          <varlistentry>
            <term>--csv-file-dir=<replaceable>&lt;csv file&gt;</replaceable></term>
            <listitem>
              <simpara>
                  <command>bindctl</command> stores the username and
                  password for logging in in a file called
                  <filename>default_user.csv</filename>;
                  this option specifies the directory where this file is
                  stored and read from. When not specified,
                  <filename>~/.bind10/</filename> is used.
                  <note>Currently, this file contains an unencrypted password.</note>
              </simpara>
            </listitem>
          </varlistentry>
          <varlistentry>
            <term>-h, --help</term>
            <listitem>
              <simpara>
                  Shows a short overview of the command-line options of
                  <command>bindctl</command>, and exits.
              </simpara>
            </listitem>
          </varlistentry>
          <varlistentry>
            <term>--version</term>
            <listitem>
              <simpara>
                  Shows the version of <command>bindctl</command>, and exits.
              </simpara>
            </listitem>
          </varlistentry>
          <varlistentry>
            <term>-p <replaceable>&lt;port number&gt;</replaceable>, --port=<replaceable>&lt;port number&gt;</replaceable></term>
            <listitem>
              <simpara>
                  Port number that BIND 10's <command>b10-cmdctl</command>
                  module is listening on. By default, this is port 8080.
              </simpara>
            </listitem>
          </varlistentry>
        </variablelist>
    </section>

    <section id="bindctl_general_syntax">
        <title>General syntax of bindctl commands</title>
        The <command>bindctl</command> tool is an interactive
        command-line tool, with dynamic commands depending on the
        BIND 10 modules that are running. There are a number of
        fixed commands that have no module and that are always
        available.

        The general syntax of a command is

        <screen><userinput>&lt;module&gt; &lt;command&gt; <replaceable>[argument(s)]</replaceable></userinput></screen>

        For example, the Init module has a 'shutdown' command to shut down
        BIND 10, with an optional argument 'help':

        <screen>&gt; <userinput>Init shutdown help</userinput>
Command  shutdown 	(Shut down BIND 10)
		help (Get help for command)
This command has no parameters
        </screen>
        There are no mandatory arguments, only the optional 'help'.
    </section>

    <section id="bindctl_help">
        <title>Bindctl help</title>
        <command>help</command> is both a command and an option that is available to all other commands. When run as a command directly, it shows the available modules.
        <screen>&gt; <userinput>help</userinput>
usage: &lt;module name&gt; &lt;command name&gt; [param1 = value1 [, param2 = value2]]
Type Tab character to get the hint of module/command/parameters.
Type "help(? h)" for help on bindctl.
Type "&lt;module_name&gt; help" for help on the specific module.
Type "&lt;module_name&gt; &lt;command_name&gt; help" for help on the specific command.

Available module names:
<emphasis>(list of modules)</emphasis>
        </screen>

        When 'help' is used as a command to a module, it shows the supported commands for the module; for example:
        <screen>&gt; <userinput>Init help</userinput>
Module  Init 	Master process
Available commands:
    help        Get help for module.
    shutdown    Shut down BIND 10
    ping        Ping the Init process
    show_processes
            List the running BIND 10 processes
        </screen>

    And when added to a module command, it shows the description and parameters of that specific command; for example:
    <screen>&gt; <userinput>Auth loadzone help</userinput>
Command  loadzone 	((Re)load a specified zone)
		help (Get help for command)
Parameters:
    class (string, optional)
    origin (string, mandatory)
    </screen>

    </section>

    <section id="bindctl_command_arguments">
        <title>Command arguments</title>
        <simpara>
            Commands can have arguments, which can be either optional or
            mandatory. They can be specified by name
            (e.g. <command><replaceable>&lt;command&gt;</replaceable> <replaceable>&lt;argument name&gt;=&lt;argument value&gt;</replaceable></command>), or positionally,
            (e.g. <command><replaceable>&lt;command&gt;</replaceable> <replaceable>&lt;argument value 1&gt;</replaceable> <replaceable>&lt;argument value 2&gt;</replaceable></command>).
        </simpara>
        <simpara>
            <command><replaceable>&lt;command&gt;</replaceable> <replaceable>help</replaceable></command>
            shows the arguments a command supports and which of those are
            mandatory, and in which order the arguments are expected if
            positional arguments are used.
        </simpara>
        <simpara>
            For example, the <command>loadzone</command> command of the Auth
            module, as shown in the last example of the previous section, has
            two arguments, one of which is optional. The positional arguments in
            this case are class first and origin second; for example:
            <screen>&gt; <userinput>Auth loadzone IN example.com.</userinput></screen>
            But since the class is optional (defaulting to IN), leaving it out
            works as well:
            <screen>&gt; <userinput>Auth loadzone example.com.</userinput></screen>
        </simpara>
        <simpara>
            The arguments can also be provided with their names, in which
            case the order does not matter:
            <screen>&gt; <userinput>Auth loadzone origin="example.com." class="IN"</userinput></screen>
        </simpara>
    </section>

    <section id="bindctl_module_commands">
        <title>Module commands</title>
        Each module has its own set of commands (if any), which will only be
        available if the module is running. For instance, the
        Auth module has a <command>loadzone</command> command.
        The commands a module provides are documented in
        this guide in the section of that module or in the module's
        corresponding manual page.
    </section>

    <section>
        <title>Configuration commands</title>
        Configuration commands are used to view and change the configuration
        of BIND 10 and its modules. Module configuration is only shown if
        that module is running, but similar to commands, there are a number
        of top-level configuration items that are always available (for
        instance <varname>tsig_keys</varname> and
        <varname>data_sources</varname>).

        Configuration changes (set, unset, add and remove) are done locally
        first, and have no immediate effect. The changes can be viewed with
        <command>config diff</command>, and either reverted
        (<command>config revert</command>), or committed
        (<command>config commit</command>).
        In the latter case, all local changes are submitted
        to the configuration manager, which verifies them, and if they are
        accepted, applied and saved in persistent storage.

        When identifying items in configuration commands, the format is
        <screen><userinput>Module/example/item</userinput></screen>
        Sub-elements of names, lists and sets (see <xref linkend=
        "bindctl_configuration_data_types"/>) are separated with the '/'
        character, and list indices are identified with [<replaceable>&lt;index&gt;</replaceable>]; for example:

        <screen><userinput>Module/example/list[2]/foo</userinput></screen>

        <section id="bindctl_configuration_command_list">
        <title>List of configuration commands</title>
        The following configuration commands are available:
        <variablelist>
          <varlistentry>
            <term>show [all] [item name]</term>
            <listitem>
              <simpara>
                Shows the current configuration of the given item. If 'all'
                is given, it will recurse through the entire set, and show
                every nested value.
              </simpara>
            </listitem>
          </varlistentry>
          <varlistentry>
            <term>show_json [item name]</term>
            <listitem>
              <simpara>
                Shows the full configuration of the given item in JSON format.
              </simpara>
            </listitem>
          </varlistentry>
          <varlistentry>
            <term>add &lt;item name&gt; [value]</term>
            <listitem>
              <simpara>
                Add an entry to configuration list or a named set (see <xref
                linkend="bindctl_configuration_data_types"/>).
                When adding to a list, the command has one optional
                argument, a value to add to the list. The value must
                be in correct JSON and complete. When adding to a
                named set, it has one mandatory parameter (the name to
                add), and an optional parameter value, similar to when
                adding to a list. In either case, when no value is
                given, an entry will be constructed with default
                values.
              </simpara>
            </listitem>
          </varlistentry>
          <varlistentry>
            <term>remove</term>
            <listitem>
              <simpara>
                Remove an item from a configuration list or a named set.
                When removing an item for a list, either the index needs to
                be specified, or the complete value of the element to remove
                must be specified (in JSON format).
              </simpara>
            </listitem>
          </varlistentry>
          <varlistentry>
            <term>set &lt;item name&gt; &lt;value&gt;</term>
            <listitem>
              <simpara>
                  Directly set the value of the given item to the given value.
              </simpara>
            </listitem>
          </varlistentry>
          <varlistentry>
            <term>unset &lt;item name&gt;</term>
            <listitem>
              <simpara>
                  Remove any user-specified value for the given item.
              </simpara>
            </listitem>
          </varlistentry>
          <varlistentry>
            <term>diff</term>
            <listitem>
              <simpara>
                  Show all current local changes that have not been
                  committed yet.
              </simpara>
            </listitem>
          </varlistentry>
          <varlistentry>
            <term>revert</term>
            <listitem>
              <simpara>
                  Revert all local changes without committing them.
              </simpara>
            </listitem>
          </varlistentry>
          <varlistentry>
            <term>commit</term>
            <listitem>
              <simpara>
                  Send all local changes to the configuration manager, which
                  will validate them, and apply them if validation succeeds.
              </simpara>
            </listitem>
          </varlistentry>
          <varlistentry>
            <term>go</term>
            <listitem>
              <simpara>
                  Go to a specific configuration part, similar to the 'cd'
                  command in a shell.
                  <note>There are a number of problems with the current
                  implementation of go within <command>bindctl</command>,
                  and we recommend not using it for general cases.</note>
              </simpara>
            </listitem>
          </varlistentry>
        </variablelist>
      </section>

      <section id="bindctl_configuration_data_types">
        <title>Configuration data types</title>
        Configuration data can be of different types, which can be modified
        in ways that depend on the types. There are a few syntax
        restrictions on these types, but only basic ones. Modules may impose
        additional restrictions on the values of elements.
        <variablelist>
            <varlistentry>
                <term>integer</term>
                <listitem>
                    <simpara>
                        A basic integer; can be set directly with <command>config set</command>, to any integer value.
                    </simpara>
                </listitem>
            </varlistentry>
            <varlistentry>
                <term>real</term>
                <listitem>
                    <simpara>
                        A basic floating point number; can be set directly with <command>config set</command>, to any floating point value.
                    </simpara>
                </listitem>
            </varlistentry>
            <varlistentry>
                <term>boolean</term>
                <listitem>
                    <simpara>
                        A basic boolean value; can be set directly with <command>config set</command>, to either <command>true</command> or <command>false</command>.
                    </simpara>
                </listitem>
            </varlistentry>
            <varlistentry>
                <term>string</term>
                <listitem>
                    <simpara>
                        A basic string value; can be set directly with <command>config set,</command> so any string. Double quotation marks are optional.
                    </simpara>
                </listitem>
            </varlistentry>
            <varlistentry>
                <term>null</term>
                <listitem>
                    <simpara>
                        This is a special type representing 'no value at all'; usable in compound structures that have optional elements that are not set.
                    </simpara>
                </listitem>
            </varlistentry>

            <varlistentry>
                <term>maps</term>
                <listitem>
                    <simpara>
                        Maps are (pre-defined) compound collections of other
                        elements of any other type. They are not usually
                        modified directly, but their elements are. Every
                        top-level element for a module is a map containing
                        the configuration values for that map, which can
                        themselves be maps again. For instance, the Auth
                        module configuration is a map containing the
                        elements '<varname>listen_on</varname>' (list) and '<varname>tcp_recv_timeout</varname>'
                        (integer). When changing one of its values, they can
                        be modified directly with <command>config set
                        Auth/tcp_recv_timeout 3000</command>.
                    </simpara>
                    <simpara>
                        Some map entries are optional. If they are, and
                        currently have a value, the value can be unset by
                        using either <command>config unset
                        <replaceable>&lt;item name&gt;</replaceable>
                        </command> or <command>config set
                        <replaceable>&lt;item name&gt;</replaceable>
                        null</command>.

                    </simpara>
                    <simpara>
                        Maps <emphasis>can</emphasis> be modified as a whole,
                        but using the full JSON representation of
                        the entire map to set.

                        Since this involves a lot of text, this is usually
                        not recommended.
                    </simpara>
                    <simpara>
                        Another example is the Logging virtual module, which
                        is, like any module, a map, but it only contains one
                        element: a list of loggers. Normally, an
                        administrator would only modify that list (or its
                        elements) directly, but it is possible to set the
                        entire map in one command; for example:
                        <command> config set Logging { "loggers": [] } </command>
                    </simpara>
                </listitem>
            </varlistentry>

            <varlistentry>
                <term>list</term>
                <listitem>
                    <simpara>
                        A list is a compound list of other elements of the
                        same type. Elements can be added with <command>config
                        add <replaceable>&lt;list name&gt; [value]</replaceable></command>, and removed with
                        <command>config remove <replaceable>&lt;list name&gt; [value]</replaceable></command> or
                        <command>config remove <replaceable>&lt;list name&gt;</replaceable><replaceable>&lt;index&gt;</replaceable></command>.
                        The index is of the form <emphasis>square bracket, number,
                        square bracket</emphasis> (e.g.
                        <command>[0]</command>), and it immediately follows
                        the list name (there is no separator or space
                        between them). List indices start with 0 for the
                        first element.
                    </simpara>
                    <simpara>
                        For addition, if the value is omitted, an entry with
                        default values will be added. For removal, either
                        the index or the full value (in JSON format) needs
                        to be specified.
                    </simpara>
                    <simpara>
                        Lists can also be used with
                        <command>config set</command>,
                        but like maps, only by specifying the
                        entire list value in JSON format.
                    </simpara>
                    <simpara>
                        For example, this command shows the port number used for the second element of the list <varname>listen_on</varname> in the Auth module:
                        <command> config show Auth/listen_on[1]/port</command>
                    </simpara>
                </listitem>
            </varlistentry>

            <varlistentry>
                <term>named set</term>
                <listitem>
                    <simpara>
                        Named sets are similar to lists, in that they are
                        sets of elements of the same type, but they are not
                        indexed by numbers, but by strings.
                    </simpara>
                    <simpara>
                        Values can be added with
                        <command>config add <replaceable>&lt;item name&gt; &lt;string&gt; [value]</replaceable></command>
                        where 'string' is the name of the element. If 'value'
                        is ommitted, default values will be used. Elements
                        can be removed with <command>config remove
                        <replaceable>&lt;item
                        name&gt; &lt;string&gt;</replaceable></command>
                    </simpara>
                    <simpara>
                        Elements in a named set can be addressed similarly
                        to maps.
                    </simpara>
                    <simpara>
                        For example, the <command>Init/components</command>
                        elements is a named set;
                        adding, showing, and then removing an element
                        can be done with the following three commands (note
                        the '/'-character versus the space before
                        'example_module'):
                    </simpara>
                    <simpara>
                        <command>config add Init/components example_module</command>
                    </simpara>
                    <simpara>
                        <command>config show Init/components/example_module</command>
                    </simpara>
                    <simpara>
                        <command>config remove Init/components example_module</command>
                    </simpara>
                </listitem>
            </varlistentry>
            <varlistentry>
                <term>any</term>
                <listitem>
                    <simpara>
                        The 'any' type is a special type that can have any
                        form. Apart from that, it must consist of elements as
                        described in this chapter, there is no restriction
                        on which element types are used. This type is used
                        in places where different data formats could be
                        used. Element modification commands depend on the
                        actual type of the value. For instance, if the value
                        of an 'any' element is a list, <command>config add
                        </command> and <command>config remove</command> work
                        as for other lists.
                    </simpara>
                </listitem>
            </varlistentry>
        </variablelist>
      </section>
    </section>

    <section>
        <title>The execute command</title>
        The <command>execute</command> command executes a set of commands,
        either from a file
        or from a pre-defined set. Currently, the only predefined set is
        <command>init_authoritative_server</command>, which adds
        <command>b10-auth</command>, <command>b10-xfrin</command>, and
        <command>b10-xfrout</command> to the set of components to be
        started by BIND 10. This
        pre-defined set does not commit the changes, so these modules do not
        show up for commands or configuration until the user enters
        <command>config commit</command> after
        <command>execute init_authoritative_server</command>. For example:

        <screen>&gt; <userinput>execute init_authoritative_server</userinput></screen>

        <screen>&gt; <userinput>execute file /tmp/example_commands</userinput></screen>

        The optional argument <command>show</command> displays the exact set of
        commands that would be executed; for example:

        <screen>&gt; <userinput>execute init_authoritative_server show</userinput>
!echo adding Authoritative server component
config add /Init/components b10-auth
config set /Init/components/b10-auth/kind needed
config set /Init/components/b10-auth/special auth
!echo adding Xfrin component
config add /Init/components b10-xfrin
config set /Init/components/b10-xfrin/address Xfrin
config set /Init/components/b10-xfrin/kind dispensable
!echo adding Xfrout component
config add /Init/components b10-xfrout
config set /Init/components/b10-xfrout/address Xfrout
config set /Init/components/b10-xfrout/kind dispensable
!echo adding Zone Manager component
config add /Init/components b10-zonemgr
config set /Init/components/b10-zonemgr/address Zonemgr
config set /Init/components/b10-zonemgr/kind dispensable
!echo Components added. Please enter "config commit" to
!echo finalize initial setup and run the components.
        </screen>

        The optional <command>show</command> argument may also be used when
        executing a script from a file; for example:

        <screen>&gt; <userinput>execute file /tmp/example_commands show</userinput></screen>

        <section id="bindctl_execute_directives">
            <title>Execute directives</title>
            Within sets of commands to be run with the <command>execute</command>
            command, a number of directives are supported:
            <variablelist>
              <varlistentry>
                <term>!echo <replaceable>&lt;string&gt;</replaceable></term>
                <listitem>
                  <simpara>
                      Prints the given string to <command>bindctl</command>'s
                      output.
                  </simpara>
                </listitem>
              </varlistentry>
              <varlistentry>
                <term>!verbose on</term>
                <listitem>
                  <simpara>
                      Enables verbose mode; all following commands that are to
                      be executed are also printed.
                  </simpara>
                </listitem>
              </varlistentry>
              <varlistentry>
                <term>!verbose off</term>
                <listitem>
                  <simpara>
                      Disables verbose mode; following commands that are to
                      be executed are no longer printed.
                  </simpara>
                </listitem>
              </varlistentry>
            </variablelist>
        </section>

        <section id="bindctl_execute_notes">
            <title>Notes on execute scripts</title>
            Within scripts, you can add or remove modules with the normal
            configuration commands for <command>Init/components</command>.
            However, as module
            configuration and commands do not show up until the module is
            running, it is currently not possible to add a module and set
            its configuration in one script. This will be addressed in the
            future, but for now the only option is to add and configure
            modules in separate commands and execute scripts.
        </section>
    </section>
  </chapter>

  <chapter id="common">
    <title>Common configuration elements</title>

    <para>
      Some things are configured in the same or similar manner across
      many modules. So we show them here in one place.
    </para>

    <section id='common-tsig'>
      <title>TSIG keys</title>

      <para>
        TSIG is a way to sign requests and responses in DNS. It is defined in
        RFC 2845 and uses symmetric cryptography to sign the DNS messages. If
        you want to make any use of TSIG (to authenticate transfers or DDNS,
        for example), you need to set up shared secrets between the endpoints.
      </para>

      <para>
        BIND 10 uses a global key ring for the secrets. It doesn't currently
        mean they would be stored differently, they are just in one place of
        the configuration.
      </para>

      <section id='tsig-key-syntax'>
        <title>Key anatomy and syntax</title>

        <para>
          Each key has three attributes. One is a name by which it is referred
          both in DNS packets and the rest of the configuration. Another is the
          algorithm used to compute the signature. And the last part is a
          base64 encoded secret, which might be any blob of data.
        </para>

        <para>
          The parts are written into a string, concatenated together by colons.
          So if you wanted to have a key called "example.key", used as a
          HMAC-MD5 key with secret "secret", you'd write it as:
<screen>"example.key.:c2VjcmV0:hmac-md5"</screen>
        </para>

        <para>
          The HMAC-MD5 algorithm is the default, so you can omit it. You could
          write the same key as:
<screen>"example.key.:c2VjcmV0"</screen>
        </para>

        <para>
          You can also use these algorithms (which may not be omitted from the
          key definition if used):
          <itemizedlist>
            <listitem>hmac-sha1</listitem>
            <listitem>hmac-sha224</listitem>
            <listitem>hmac-sha256</listitem>
            <listitem>hmac-sha384</listitem>
            <listitem>hmac-sha512</listitem>
          </itemizedlist>
        </para>

        <para>
          The name of the key must be a valid DNS name.
        </para>
      </section>

      <section id='tsig-key-ring'>
        <title>Key ring</title>
        <para>
          The key ring lives in the configuration in "tsig_keys/keys". Most of
          the system uses the keys from there &mdash; ACLs, authoritative server to
          sign responses to signed queries, and <command>b10-xfrin</command>
          and <command>b10-xfrout</command> to sign transfers.
        </para>

        <para>
          The key ring is just a list of strings, each describing one key. So,
          to add a new key, you can do this:
          <screen>&gt; <userinput>config add tsig_keys/keys "example.key.:c2VjcmV0"</userinput>
&gt; <userinput>config show tsig_keys/keys</userinput>
tsig_keys/keys[0]   "example.key.:c2VjcmV0" string  (modified)
&gt; <userinput>config commit</userinput></screen>
        </para>

        <para>
          You can keep as many keys as you want in the key ring, but each must
          have a different name.
        </para>
      </section>
    </section>

    <section id='common-acl'>
      <title>ACLs</title>

      <para>
        An ACL, or Access Control List, is a way to describe if a request
        is allowed or disallowed. The principle is, there's a list of rules.
        Each rule is a name-value mapping (a dictionary, in the JSON
        terminology). Each rule must contain exactly one mapping called
        "action", which describes what should happen if the rule applies.
        There may be more mappings, called matches, which describe the
        conditions under which the rule applies.
      </para>

      <para>
        When there's a query, the first rule is examined. If it matches, the
        action in it is taken. If not, next rule is examined. If there are no
        more rules to examine, a default action is taken.
      </para>

      <para>
        There are three possible "action" values. The "ACCEPT" value means
        the query is handled. If it is "REJECT", the query is not answered,
        but a polite error message is sent back (if that makes sense in the
        context). The "DROP" action acts like a black hole. The query is
        not answered and no error message is sent.
      </para>

      <para>
        If there are multiple matching conditions inside the rule, all of
        them must be satisfied for the rule to apply. This can be used,
        for example, to require the query to be signed by a TSIG key and
        originate from given address.
      </para>

      <para>
        This is encoded in form of JSON. Semi-formal description could look
        something like this. It is described in more details below.
<!-- FIXME: Is <screen> really the correct one?-->
        <screen>ACL := [ RULE, RULE, ... ]
RULE := { "action": "ACCEPT"|"REJECT"|"DROP", MATCH, MATCH, ... }
RULE_RAW := { MATCH, MATCH, ... }
MATCH := FROM_MATCH|KEY_MATCH|NOT_MATCH|OR_MATCH|AND_MATCH|...
FROM_MATCH := "from": [RANGE, RANGE, RANGE, ...] | RANGE
RANGE := "&lt;ip range&gt;"
KEY_MATCH := "key": [KEY, KEY, KEY, ...] | KEY
KEY := "&lt;key name&gt;"
NOT_MATCH := "NOT": RULE_RAW
OR_MATCH := "ANY": [ RULE_RAW, RULE_RAW, ... ]
AND_MATCH := "ALL": [ RULE_RAW, RULE_RAW, ... ]
</screen>
      </para>

      <section>
        <title>Matching properties</title>

        <para>
          The first thing you can check against is the source address
          of request. The name is <varname>from</varname> and the value
          is a string containing either a single IPv4 or IPv6 address,
          or a range in the usual slash notation (eg. "192.0.2.0/24").
        </para>

        <para>
          The other is TSIG key by which the message was signed. The ACL
          contains only the name (under the name "key"), the key itself
	  must be stored in the global key ring (see <xref
	  linkend="tsig-key-ring"/>).
          This property is applicable only to the DNS context.
        </para>

        <para>
          More properties to match are planned &mdash; the destination
          address, ports, matches against the packet content.
        </para>
      </section>

      <section>
        <title>More complicated matches</title>

        <para>
          From time to time, you need to express something more complex
          than just a single address or key.
        </para>

        <para>
          You can specify a list of values instead of single value. Then
          the property needs to match at least one of the values listed
          &mdash; so you can say <quote>"from": ["192.0.2.0/24",
          "2001:db8::/32"]</quote> to match any address in the ranges
          set aside for documentation. The keys or any future properties
          will work in a similar way.
        </para>

        <para>
          If that is not enough, you can compose the matching conditions
          to logical expressions. They are called "ANY", "ALL" and "NOT".
          The "ANY" and "ALL" ones contain lists of subexpressions &mdash;
          each subexpression is a similar dictionary, just not containing
          the "action" element. The "NOT" contains single subexpression.
          Their function should be obvious &mdash; "NOT" matches if and
          only if the subexpression does not match. The "ALL" matches exactly
          when each of the subexpressions matches and "ANY" when at least
          one matches.
        </para>
      </section>

      <section>
        <title>Examples</title>

        <para>
          All the examples here is just the JSON representing the ACL,
          nicely formatted and split across lines. They are out of any
          surrounding context. This is similar to what you'd get from
          <command>config show_json</command> called on the entry containing
          the ACL.
        </para>

        <para>
          In the first example, the ACL accepts queries from two known hosts.
          Each host has an IP addresses (both IPv4 and IPv6) and a TSIG
          key. Other queries are politely rejected. The last entry in the list
          has no conditions &mdash; making it match any query.

          <screen>[
  {
    "from": ["192.0.2.1", "2001:db8::1"],
    "key": "first.key",
    "action": "ACCEPT"
  },
  {
    "from": ["192.0.2.2", "2001:db8::2"],
    "key": "second.key",
    "action": "ACCEPT"
  },
  {
    "action": "REJECT"
  }
]</screen>
        </para>

        <para>
          Now we show two ways to accept only the queries from private ranges.
          This is the same as rejecting anything that is outside.

          <screen>[
  {
    "from": [
      "10.0.0.0/8",
      "172.16.0.0/12",
      "192.168.0.0/16",
      "fc00::/7"
    ],
    "action": "ACCEPT"
  },
  {
    "action": "REJECT"
  }
]</screen>

          <screen>[
  {
    "NOT": {
       "ANY": [
         {"from": "10.0.0.0/8"},
         {"from": "172.16.0.0/12"},
         {"from": "192.168.0.0/16"},
         {"from": "fc00::/7"}
       ]
    },
    "action": "REJECT"
  },
  {
    "action": "ACCEPT"
  }
]</screen>
        </para>
      </section>

      <section>
        <title>Interaction with <command>bindctl</command></title>

        <para>
          Currently, <command>bindctl</command> has hard time coping with
          the variable nature of the ACL syntax. This technical limitation
          makes it impossible to edit parts of the entries. You need to
          set the whole entry at once, providing the whole JSON value.
        </para>

        <para>
          This limitation is planned to be solved soon at least partially.
        </para>

        <para>
          You'd do something like this to create the second example.
          Note that the whole JSON must be on a single line.

          <screen>&gt; <userinput>config add somewhere/acl</userinput>
&gt; <userinput>config set somewhere/acl[0] { "from": [ "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16", "fc00::/7" ], "action": "ACCEPT" }</userinput>
&gt; <userinput>config add somewhere/acl</userinput>
&gt; <userinput>config set somewhere/acl[1] { "action": "REJECT" }</userinput>
&gt; <userinput>config commit</userinput></screen>
        </para>
      </section>
    </section>
  </chapter>

  <chapter id="bind10.config">
    <title>bind10 Control and Configuration</title>

    <para>
      This chapter explains how to control and configure the
      <command>b10-init</command> parent.
      The startup of this resident process that runs the BIND 10
      daemons is covered in <xref linkend="bind10"/>.
    </para>

    <section id="bind10.shutdown">
      <title>Stopping bind10</title>
      <para>
        The BIND 10 suite may be shut down by stopping the
        parent <command>b10-init</command> process. This may be done
        by running the <userinput>Init shutdown</userinput> command
        at the <command>bindctl</command> prompt.
      </para>
    </section>

    <section id="bind10.components">
      <title>Configuration to start processes</title>

      <para>
	The processes to be used can be configured for
	<command>b10-init</command> to start, with the exception
	of the required <command>b10-sockcreator</command>,
	<command>b10-msgq</command> and <command>b10-cfgmgr</command>
	components.
	The configuration is in the <varname>Init/components</varname>
	section. Each element represents one component, which is
	an abstraction of a process.
      </para>

      <para>
	To add a process to the set, let's say the resolver (which
	is not started by default), you would do this:
        <screen>&gt; <userinput>config add Init/components b10-resolver</userinput>
&gt; <userinput>config set Init/components/b10-resolver/special resolver</userinput>
&gt; <userinput>config set Init/components/b10-resolver/kind needed</userinput>
&gt; <userinput>config set Init/components/b10-resolver/priority 10</userinput>
&gt; <userinput>config commit</userinput></screen></para>

      <para>
	Now, what it means. We add an entry called
	<quote>b10-resolver</quote>. It is both a name used to
	reference this component in the configuration and the name
	of the process to start. Then we set some parameters on
	how to start it.
      </para>

      <para>
	The <varname>special</varname> setting is for components
	that need some kind of special care during startup or
	shutdown. Unless specified, the component is started in a
	usual way. This is the list of components that need to be
	started in a special way, with the value of special used
	for them:
<!-- TODO: this still doesn't explain why they are special -->
        <table>
          <title>Special startup components</title>
          <tgroup cols='3' align='left'>
          <colspec colname='component'/>
          <colspec colname='special'/>
          <colspec colname='description'/>
          <thead><row><entry>Component</entry><entry>Special</entry><entry>Description</entry></row></thead>
          <tbody>
            <row><entry>b10-auth</entry><entry>auth</entry><entry>Authoritative DNS server</entry></row>
            <row><entry>b10-resolver</entry><entry>resolver</entry><entry>DNS resolver</entry></row>
            <row><entry>b10-cmdctl</entry><entry>cmdctl</entry><entry>Command control (remote control interface)</entry></row>
            <!-- TODO Either add xfrin and xfrout as well or clean up the workarounds in b10-init before the release -->
          </tbody>
          </tgroup>
        </table>
      </para>

      <para>
	The <varname>kind</varname> specifies how a failure of the
	component should be handled.  If it is set to
	<quote>dispensable</quote> (the default unless you set
	something else), it will get started again if it fails. If
	it is set to <quote>needed</quote> and it fails at startup,
	the whole <command>b10-init</command> shuts down and exits
	with an error exit code. But if it fails some time later, it
	is just started again. If you set it to <quote>core</quote>,
	you indicate that the system is not usable without the
	component and if such component fails, the system shuts
	down no matter when the failure happened.  This is the
	behavior of the core components (the ones you can't turn
	off), but you can declare any other components as core as
	well if you wish (but you can turn these off, they just
	can't fail).
      </para>

      <para>
	The <varname>priority</varname> defines order in which the
	components should start.  The ones with higher numbers are
	started sooner than the ones with lower ones. If you don't
	set it, 0 (zero) is used as the priority.  Usually, leaving
	it at the default is enough.
      </para>

      <para>
        There are other parameters we didn't use in our example.
        One of them is <varname>address</varname>. It is the address
        used by the component on the <command>b10-msgq</command>
        message bus. The special components already know their
        address, but the usual ones don't. The address is by
        convention the thing after <emphasis>b10-</emphasis>, with
        the first letter capitalized (eg. <command>b10-stats</command>
        would have <quote>Stats</quote> as its address).
<!-- TODO: this should be simplified so we don't even have to document it -->
      </para>

<!-- TODO: what does "The special components already know their
address, but the usual ones don't." mean? -->

<!-- TODO: document params when is enabled -->

      <para>
	The last one is <varname>process</varname>. It is the name
	of the process to be started.  It defaults to the name of
	the component if not set, but you can use this to override
	it. (The special components also already know their
        executable name.)
      </para>

      <!-- TODO Add parameters when they work, not implemented yet-->

      <note>
        <para>
          The configuration is quite powerful, but that includes
          a lot of space for mistakes. You could turn off the
          <command>b10-cmdctl</command>, but then you couldn't
          change it back the usual way, as it would require it to
          be running (you would have to find and edit the configuration
          directly).  Also, some modules might have dependencies:
          <command>b10-stats-httpd</command> needs
          <command>b10-stats</command>, <command>b10-xfrout</command>
          needs <command>b10-auth</command> to be running, etc.

<!-- TODO: should we define dependencies? -->

        </para>
        <para>
          In short, you should think twice before disabling something here.
        </para>
      </note>
      <para>
        It is possible to start some components multiple times (currently
        <command>b10-auth</command> and <command>b10-resolver</command>).
        You might want to do that to gain more performance (each one uses only
        single core). Just put multiple entries under different names, like
        this, with the same config:
        <screen>&gt; <userinput>config add Init/components b10-resolver-2</userinput>
&gt; <userinput>config set Init/components/b10-resolver-2/special resolver</userinput>
&gt; <userinput>config set Init/components/b10-resolver-2/kind needed</userinput>
&gt; <userinput>config commit</userinput></screen>
      </para>
      <para>
        However, this is work in progress and the support is not yet complete.
        For example, each resolver will have its own cache, each authoritative
        server will keep its own copy of in-memory data and there could be
        problems with locking the sqlite database, if used. The configuration
        might be changed to something more convenient in future.
	Other components don't expect such a situation, so it would
	probably not do what you want. Such support is yet to be
	implemented.
      </para>

      <para>
        The running processes started by <command>b10-init</command>
        may be listed by running <userinput>Init show_processes</userinput>
        using <command>bindctl</command>.
      </para>

    </section>
  </chapter>

  <chapter id="authserver">
    <title>Authoritative Server</title>

    <para>
      The <command>b10-auth</command> is the authoritative DNS server.
      It supports EDNS0, DNSSEC, IPv6, and SQLite3 and in-memory zone
      data backends.
      Normally it is started by the <command>b10-init</command> master
      process.
    </para>

    <section>
      <title>Server Configurations</title>

<!-- TODO: offers command line options but not used
since we used bind10 -->

      <para>
        <command>b10-auth</command> is configured via the
        <command>b10-cfgmgr</command> configuration manager.
        The module name is <quote>Auth</quote>.
        The configuration data items are:

        <variablelist>

          <varlistentry>
            <term>database_file</term>
            <listitem>
              <simpara>This is an optional string to define the path to find
                 the SQLite3 database file.
<!-- TODO: -->
Note: This may be a temporary setting because the DNS server
can use various data source backends.
              </simpara>
            </listitem>
          </varlistentry>

<!-- NOTE: docs pulled in verbatim from the b10-auth.xml manual page.
     TODO: automate this if want this or rewrite
-->
          <varlistentry>
            <term>datasources</term>
            <listitem>
              <simpara>
      <varname>datasources</varname> configures data sources.
      The list items include:
      <varname>type</varname> to define the required data source type
      (such as <quote>memory</quote>);
      <varname>class</varname> to optionally select the class
      (it defaults to <quote>IN</quote>);
      and
      <varname>zones</varname> to define
      the <varname>file</varname> path name,
      the <varname>filetype</varname> (<quote>sqlite3</quote> to load
      from a SQLite3 database file or <quote>text</quote> to
      load from a master text file),
      and the <varname>origin</varname> (default domain).

      By default, this is empty.

      <note><simpara>
        Currently this is only used for the memory data source.
        Only the IN class is supported at this time.
        By default, the memory data source is disabled.
        Also, currently the zone file must be canonical such as
        generated by <command>named-compilezone -D</command>, or
        must be an SQLite3 database.
      </simpara></note>

              </simpara>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>listen_on</term>
            <listitem>
              <simpara>
      <varname>listen_on</varname> is a list of addresses and ports for
      <command>b10-auth</command> to listen on.
      The list items are the <varname>address</varname> string
      and <varname>port</varname> number.
      By default, <command>b10-auth</command> listens on port 53
      on the IPv6 (::) and IPv4 (0.0.0.0) wildcard addresses.
      <note>
        <simpara>
          The default configuration is currently not appropriate for a multi-homed host.
          In case you have multiple public IP addresses, it is possible the
          query UDP packet comes through one interface and the answer goes out
          through another. The answer will probably be dropped by the client, as it
          has a different source address than the one it sent the query to. The
          client would fallback on TCP after several attempts, which works
          well in this situation, but is clearly not ideal.
        </simpara>
        <simpara>
          There are plans to solve the problem such that the server handles
          it by itself. But until it is actually implemented, it is recommended to
          alter the configuration &mdash; remove the wildcard addresses and list all
          addresses explicitly. Then the server will answer on the same
          interface the request came on, preserving the correct address.
        </simpara>
      </note>
              </simpara>
            </listitem>
          </varlistentry>
          <varlistentry>
            <term>tcp_recv_timeout</term>
            <listitem>
              <simpara>
                <varname>tcp_recv_timeout</varname> is the timeout used on
                incoming TCP connections, in milliseconds. If the query
                is not sent within this time, the connection is closed.
                Setting this to 0 will disable TCP timeouts completely.
              </simpara>
            </listitem>
          </varlistentry>
        </variablelist>

      </para>

      <para>

        The configuration commands are:

        <variablelist>

          <varlistentry>
            <term>loadzone</term>
            <listitem>
              <simpara>
      <command>loadzone</command> tells <command>b10-auth</command>
      to load or reload a zone file. The arguments include:
      <varname>class</varname> which optionally defines the class
      (it defaults to <quote>IN</quote>);
      <varname>origin</varname> is the domain name of the zone;
      and
      <varname>datasrc</varname> optionally defines the type of datasource
      (it defaults to <quote>memory</quote>).

      <note><simpara>
        Currently this only supports the
        IN class and the memory data source.
      </simpara></note>
              </simpara>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>getstats</term>
            <listitem>
              <simpara>
      <command>getstats</command> requests <command>b10-auth</command>
      to send its statistics data to
      <citerefentry><refentrytitle>b10-stats</refentrytitle>
      <manvolnum>8</manvolnum></citerefentry>
      as a response of the command.
              </simpara>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>shutdown</term>
            <listitem>
              <simpara>Stop the authoritative DNS server.
      This has an optional <varname>pid</varname> argument to
      select the process ID to stop.
      (Note that the BIND 10 init process may restart this service
      if configured.)
              </simpara>
            </listitem>
          </varlistentry>

        </variablelist>

      </para>

<!-- TODO: examples of setting or running above? -->

    </section>

    <section id='datasrc'>
      <title>Data Source Backends</title>

      <para>
        Bind 10 has the concept of data sources. A data source is a place
        where authoritative zone data reside and where they can be served
        from. This can be a master file, a database or something completely
        different.
      </para>

      <para>
        Once a query arrives, <command>b10-auth</command> goes through a
        configured list of data sources and finds the one containing a best
        matching zone. From the equally good ones, the first one is taken.
        This data source is then used to answer the query.
      </para>

      <note><para>
        In the current release, <command>b10-auth</command>
        can serve data from a SQLite3 data source backend and from master
        files.
        Upcoming versions will be able to use multiple different
        data sources, such as MySQL and Berkeley DB.
      </para></note>

      <para>
        The configuration is located in data_sources/classes. Each item there
        represents one RR class and a list used to answer queries for that
        class. The default contains two classes. The CH class contains a
        built-in data source &mdash; one that serves things like
        <quote>AUTHORS.BIND.</quote>. The IN class contains single SQLite3
        data source with database file located at
        <filename>/usr/local/var/bind10/zone.sqlite3</filename>.
      </para>

      <para>
        Each data source has several options. The first one is
        <varname>type</varname>, which specifies the type of data source to
        use. Valid types include the ones listed below, but BIND 10 uses
        dynamically loaded modules for them, so there may be more in your
        case. This option is mandatory.
      </para>

      <para>
        Another option is <varname>params</varname>. This option is type
        specific; it holds different data depending on the type
        above. Also, depending on the type, it could be possible to omit it.
      </para>

      <para>
        There are two options related to the so-called cache. If you enable
        cache, zone data from the data source are loaded into memory.
        Then, when answering a query, <command>b10-auth</command> looks
        into the memory only instead of the data source, which speeds
        answering up. The first option is <varname>cache-enable</varname>,
        a boolean value turning the cache on and off (off is the default).
        The second one, <varname>cache-zones</varname>, is a list of zone
        origins to load into in-memory.

<!-- NOT YET:  http://bind10.isc.org/ticket/2240
 Once the cache is enabled,
        the zones in the data source not listed in
        <varname>cache-zones</varname> will not be loaded and will
        not be available at all.
-->
      </para>

      <section id='datasource-types'>
        <title>Data source types</title>
        <para>
          As mentioned, the type used by default is <quote>sqlite3</quote>.
          It has single configuration option inside <varname>params</varname>
          &mdash; <varname>database_file</varname>, which contains the path
          to the SQLite3 file containing the data.
        </para>

        <para>
          Another type is called <quote>MasterFiles</quote>. This one is
          slightly special. The data are stored in RFC1034 master files.
          Because answering directly from them would be impractical,
          this type mandates the cache to be enabled. Also, the list of
          zones (<varname>cache-zones</varname>) should be omitted. The
          <varname>params</varname> is a dictionary mapping from zone
          origins to the files they reside in.
        </para>
      </section>

      <section id='datasrc-examples'>
        <title>Examples</title>
        <para>
          As this is one of the more complex configurations of BIND 10,
          we show some examples. They all assume they start with default
          configuration.
        </para>

        <para>
          First, let's disable the built-in data source
          (<quote>VERSION.BIND</quote> and friends). As it is the only
          data source in the CH class, we can remove the whole class.

          <screen>&gt; <userinput>config remove data_sources/classes CH</userinput>
&gt; <userinput>config commit</userinput></screen>
        </para>

        <para>
          Another one, let's say our default data source contains zones
          <quote>example.org.</quote> and <quote>example.net.</quote>.
          We want them to be served from memory to make the answering
          faster.

          <screen>&gt; <userinput>config set data_sources/classes/IN[0]/cache-enable true</userinput>
&gt; <userinput>config add data_sources/classes/IN[0]/cache-zones example.org.</userinput>
&gt; <userinput>config add data_sources/classes/IN[0]/cache-zones example.net.</userinput>
&gt; <userinput>config commit</userinput></screen>

          Now every time the zone in the data source is changed by the
          operator, the authoritative server needs to be told to reload it, by
          <screen>&gt; <userinput>Auth loadzone example.org</userinput></screen>
          You don't need to do this when the zone is modified by
          <command>b10-xfrin</command>; it does so automatically.
        </para>

        <para>
          Now, the last example is when there are master files we want to
          serve in addition to whatever is inside the SQLite3 database.

          <screen>&gt; <userinput>config add data_sources/classes/IN</userinput>
&gt; <userinput>config set data_sources/classes/IN[1]/type MasterFiles</userinput>
&gt; <userinput>config set data_sources/classes/IN[1]/cache-enable true</userinput>
&gt; <userinput>config set data_sources/classes/IN[1]/params { "example.org": "/path/to/example.org", "example.com": "/path/to/example.com" }</userinput>
&gt; <userinput>config commit</userinput></screen>

          Initially, a map value has to be set, but this value may be an
          empty map. After that, key/value pairs can be added with 'config
          add' and keys can be removed with 'config remove'. The initial
          value may be an empty map, but it has to be set before zones are
          added or removed.

          <screen>
&gt; <userinput>config set data_sources/classes/IN[1]/params {}</userinput>
&gt; <userinput>config add data_sources/classes/IN[1]/params another.example.org /path/to/another.example.org</userinput>
&gt; <userinput>config add data_sources/classes/IN[1]/params another.example.com /path/to/another.example.com</userinput>
&gt; <userinput>config remove data_sources/classes/IN[1]/params another.example.org</userinput>
          </screen>

          <command>bindctl</command>. To reload a zone, you the same command
          as above.
        </para>
      </section>

      <note>
      <para>
        There's also <varname>Auth/database_file</varname> configuration
        variable, pointing to a SQLite3 database file. This is no longer
        used by <command>b10-auth</command>, but it is left in place for
        now, since other modules use it. Once <command>b10-zonemgr</command>,
        <command>b10-xfrout</command> and <command>b10-ddns</command>
        are ported to the new configuration, this will disappear. But for
        now, make sure that if you use any of these modules, the new
        and old configuration correspond. The defaults are consistent, so
        unless you tweaked either the new or the old configuration, you're
        good.
      </para>
      </note>

    </section>

    <section>
      <title>Loading Master Zones Files</title>

      <para>
        RFC 1035 style DNS master zone files may imported
        into a BIND 10 SQLite3 data source by using the
        <command>b10-loadzone</command> utility.
      </para>

      <para>
        <command>b10-loadzone</command> supports the following
        special directives (control entries):

        <variablelist>

          <varlistentry>
            <term>$INCLUDE</term>
            <listitem>
              <simpara>Loads an additional zone file. This may be recursive.
              </simpara>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>$ORIGIN</term>
            <listitem>
              <simpara>Defines the relative domain name.
              </simpara>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term>$TTL</term>
            <listitem>
              <simpara>Defines the time-to-live value used for following
                records that don't include a TTL.
              </simpara>
            </listitem>
          </varlistentry>

        </variablelist>

      </para>

      <note>
      <para>
        In the current release, only the SQLite3 back
        end is used by <command>b10-loadzone</command>.
        Multiple zones are stored in a single SQLite3 zone database.
      </para>
      </note>

      <para>
        If you reload a zone already existing in the database,
        all records from that prior zone disappear and a whole new set
        appears.
      </para>

<!--TODO: permissions for xfrin or loadzone to create the file -->

    </section>

<!--
TODO
    <section>
      <title>Troubleshooting</title>
      <para>
      </para>
    </section>
-->

  </chapter>

  <chapter id="xfrin">
    <title>Incoming Zone Transfers</title>

    <para>
      Incoming zones are transferred using the <command>b10-xfrin</command>
      process which is started by <command>b10-init</command>.
      When received, the zone is stored in the corresponding BIND 10
      data source, and its records can be served by
      <command>b10-auth</command>.
      In combination with <command>b10-zonemgr</command> (for
      automated SOA checks), this allows the BIND 10 server to
      provide <emphasis>secondary</emphasis> service.
    </para>

    <para>
      The <command>b10-xfrin</command> process supports both AXFR and
      IXFR.
    </para>

    <section>
      <title>Configuration for Incoming Zone Transfers</title>
      <para>
	In order to enable incoming zone transfers for a secondary
	zone, you will first need to make the zone "exist" in some
	data source.
	One easy way to do this is to create an empty zone using the
	<command>b10-loadzone</command> utility.
	For example, this makes an empty zone (or empties any existing
	content of the zone) "example.com" in the default data source
	for <command>b10-loadzone</command> (which is SQLite3-based
	data source):
            <screen>$ <userinput>b10-loadzone <replaceable>-e</replaceable> <replaceable>example.com</replaceable></userinput></screen>
      </para>

      <para>
        Next, you need to specify a list of secondary zones to
        enable incoming zone transfers for these zones in most
        practical cases (you can still trigger a zone transfer
        manually, without a prior configuration (see below)).
      </para>

      <para>
        For example, to enable zone transfers for a zone named "example.com"
        (whose master address is assumed to be 2001:db8::53 here),
        run the following at the <command>bindctl</command> prompt:

      <screen>&gt; <userinput>config add Xfrin/zones</userinput>
&gt; <userinput>config set Xfrin/zones[0]/name "<option>example.com</option>"</userinput>
&gt; <userinput>config set Xfrin/zones[0]/master_addr "<option>2001:db8::53</option>"</userinput>
&gt; <userinput>config commit</userinput></screen>

      (We assume there has been no zone configuration before).
      </para>

      <note>
        <simpara>
	  There is a plan to revise overall zone management
	  configuration (which are primary and secondary zones, which
	  data source they are stored, etc) so it can be configured
	  more consistently and in a unified way among various BIND 10 modules.
	  When it's done, part or all of the initial configuration
	  setup described in this section may be deprecated.
	</simpara>
      </note>
    </section>

    <section>
        <title>TSIG</title>
        If you want to use TSIG for incoming transfers, a system wide TSIG
        key ring must be configured (see <xref linkend="tsig-key-ring"/>).
        To specify a key to use, set tsig_key value to the name of the key
        to use from the key ring.
&gt; <userinput>config set Xfrin/zones[0]/tsig_key "<option>example.key</option>"</userinput>
    </section>

    <section id="request_ixfr">
      <title>Control the use of IXFR</title>
      <para>
	By default, <command>b10-xfrin</command> uses IXFR for
	transferring zones specified in
	the <varname>Xfrin/zones</varname> list of the configuration,
	unless it doesn't know the current SOA serial of the zone
	(including the case where the zone has never transferred or
	locally loaded), in which case it automatically uses AXFR.
	If the attempt of IXFR fails, <command>b10-xfrin</command>
	automatically retries the transfer using AXFR.
	In general, this works for any master server implementations
	including those that don't support IXFR and in any local state
	of the zone.  So there should normally be no need to configure
	on whether to use IXFR.
      </para>

      <para>
	In some cases, however, it may be desirable to specify how and
	whether to use IXFR and AXFR.
	The <varname>request_ixfr</varname> configuration item under
	<varname>Xfrin/zones</varname> can be used to control such
	policies.
	It can take the following values.
      </para>
      <variablelist>
	<varlistentry>
	  <term>yes</term>
	  <listitem>
	    <simpara>
	      This is the default behavior as described above.
	    </simpara>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term>no</term>
	  <listitem>
	    <simpara>
	      Only use AXFR.  Note that this value normally shouldn't
	      be needed thanks to the automatic fallback from IXFR to IXFR.
	      A possible case where this value needs to be used is
	      that the master server has a bug and crashes if it
	      receives an IXFR request.
	    </simpara>
	  </listitem>
	</varlistentry>
	<varlistentry>
	  <term>only</term>
	  <listitem>
	    <simpara>
	      Only use IXFR except when the current SOA serial is not
	      known.
	      This value has a severe drawback, that is, if the master
	      server does not support IXFR zone transfers never
	      succeed (except for the very first one, which will use AXFR),
	      and the zone will eventually expire.
	      Therefore it should not be used in general.
	      Still, in some special cases the use of this value may
	      make sense.  For example, if the operator is sure that
	      the master server supports IXFR and the zone is very
	      large, they may want to avoid falling back to AXFR as
	      it can be more expensive.
	    </simpara>
	  </listitem>
	</varlistentry>
      </variablelist>

      <note>
        <simpara>
	  There used to be a boolean configuration item named
	  <varname>use_ixfr</varname>.
	  It was deprecated for the finer control described above.
	  The <varname>request_ixfr</varname> item should be used instead.
	</simpara>
      </note>

    </section>

<!-- TODO:

how to tell bind10 you are a secondary?

when will it first attempt to check for new zone? (using REFRESH?)
what if zonemgr is not running?

what if a NOTIFY is sent?

-->

    <section id="zonemgr">
      <title>Secondary Manager</title>

      <para>
        The <command>b10-zonemgr</command> process is started by
        <command>b10-init</command>.
        It keeps track of SOA refresh, retry, and expire timers
        and other details for BIND 10 to perform as a slave.
        When the <command>b10-auth</command> authoritative DNS server
        receives a NOTIFY message, <command>b10-zonemgr</command>
        may tell <command>b10-xfrin</command> to do a refresh
        to start an inbound zone transfer.
        The secondary manager resets its counters when a new zone is
        transferred in.
      </para>

      <note><simpara>
        Access control (such as allowing notifies) is not yet provided.
        The primary/secondary service is not yet complete.
      </simpara></note>

      <para>
        The following example shows using <command>bindctl</command>
        to configure the server to be a secondary for the example zone:

      <screen>&gt; <userinput>config add Zonemgr/secondary_zones</userinput>
&gt; <userinput>config set Zonemgr/secondary_zones[0]/name "<option>example.com</option>"</userinput>
&gt; <userinput>config commit</userinput></screen>

      </para>

      <para>
        If the zone does not exist in the data source already
        (i.e. no SOA record for it), <command>b10-zonemgr</command>
        will automatically tell <command>b10-xfrin</command>
        to transfer the zone in.
      </para>

    </section>

    <section>
      <title>Trigger an Incoming Zone Transfer Manually</title>

      <para>
        To manually trigger a zone transfer to retrieve a remote zone,
        you may use the <command>bindctl</command> utility.
        For example, at the <command>bindctl</command> prompt run:

        <screen>&gt; <userinput>Xfrin retransfer zone_name="<option>foo.example.org</option>" master=<option>192.0.2.99</option></userinput></screen>
      </para>

      <para>
	The <command>retransfer</command> command always uses AXFR.
	To use IXFR for a zone that has already been transferred once,
	use the <command>refresh</command> command.
	It honors the <varname>Xfrin/zones/request_ixfr</varname>
	configuration item (see <xref linkend="request_ixfr"/>.), and
	if it's configured to use IXFR, it will be used.
      </para>

      <para>
	Both the <command>retransfer</command>
	and <command>refresh</command> commands can be used for
	an initial transfer before setting up secondary
	configurations.
	In this case AXFR will be used for the obvious reason.
      </para>
    </section>

    <section>
      <title>Incoming Transfers with In-memory Datasource</title>

      <para>
        In the case of an incoming zone transfer, the received zone is
        first stored in the corresponding BIND 10 datasource. In
        case the secondary zone is served by an in-memory datasource
        with an SQLite3 backend, <command>b10-auth</command> is
        automatically sent a <varname>loadzone</varname> command to
        reload the corresponding zone into memory from the backend.
      </para>
<!-- TODO: currently it delays the queries; see
http://bind10.isc.org/wiki/ScalableZoneLoadDesign#a7.2UpdatingaZone
-->

      <para>
	The administrator doesn't have to do anything for
	<command>b10-auth</command> to serve the new version of the
	zone, except for the configuration such as the one described in
	<xref linkend="datasrc" />.
      </para>
    </section>

<!-- TODO: what if doesn't exist at that master IP? -->

  </chapter>

  <chapter id="xfrout">
    <title>Outbound Zone Transfers</title>
    <para>
      The <command>b10-xfrout</command> process is started by
      <command>b10-init</command>.
      When the <command>b10-auth</command> authoritative DNS server
      receives an AXFR or IXFR request, <command>b10-auth</command>
      internally forwards the request to <command>b10-xfrout</command>,
      which handles the rest of this request processing.
      This is used to provide primary DNS service to share zones
      to secondary name servers.
      The <command>b10-xfrout</command> is also used to send
      NOTIFY messages to secondary servers.
    </para>

    <para>
      A global or per zone <option>transfer_acl</option> configuration
      can be used to control accessibility of the outbound zone
      transfer service.
      By default, <command>b10-xfrout</command> allows any clients to
      perform zone transfers for any zones.
    </para>

      <screen>&gt; <userinput>config show Xfrout/transfer_acl</userinput>
Xfrout/transfer_acl[0]	{"action": "ACCEPT"}	any	(default)</screen>

    <para>
      If you want to require TSIG in access control, a system wide TSIG
      key ring must be configured (see <xref linkend="tsig-key-ring"/>).
      In this example, we allow client matching both the IP address
      and key.
    </para>

    <screen>&gt; <userinput>config set tsig_keys/keys ["key.example:&lt;base64-key&gt;"]</userinput>
&gt; <userinput>config set Xfrout/zone_config[0]/transfer_acl [{"action": "ACCEPT", "from": "192.0.2.1", "key": "key.example"}]</userinput>
&gt; <userinput>config commit</userinput></screen>

    <para>Both <command>b10-xfrout</command> and <command>b10-auth</command>
      will use the system wide key ring to check
      TSIGs in the incoming messages and to sign responses.</para>

    <para>
      For further details on ACL configuration, see
      <xref linkend="common-acl" />.
    </para>

    <note><simpara>
        The way to specify zone specific configuration (ACLs, etc) is
        likely to be changed.
    </simpara></note>

<!--
TODO:
xfrout section:
auth servers checks for AXFR query
sends the XFR query to the xfrout module
uses /tmp/auth_xfrout_conn which is a socket
what is XfroutClient xfr_client??
/tmp/auth_xfrout_conn is not removed
-->

  </chapter>

  <chapter id="ddns">
    <title>Dynamic DNS Update</title>

    <para>
      BIND 10 supports the server side of the Dynamic DNS Update
      (DDNS) protocol as defined in RFC 2136.
      This service is provided by the <command>b10-ddns</command>
      component, which is started by the <command>b10-init</command>
      process if configured so.
    </para>

    <para>
      When the <command>b10-auth</command> authoritative DNS server
      receives an UPDATE request, it internally forwards the request
      to <command>b10-ddns</command>, which handles the rest of
      this request processing.
      When the processing is completed, <command>b10-ddns</command>
      will send a response to the client as specified in RFC 2136
      (NOERROR for successful update, REFUSED if rejected due to
      ACL check, etc).
      If the zone has been changed as a result, it will internally
      notify <command>b10-xfrout</command> so that other secondary
      servers will be notified via the DNS NOTIFY protocol.
      In addition, if <command>b10-auth</command> serves the updated
      zone (as described in
      <xref linkend="datasrc" />),
      <command>b10-ddns</command> will also
      notify <command>b10-auth</command> so that <command>b10-auth</command>
      will re-cache the updated zone content if necessary.
    </para>

    <para>
      The <command>b10-ddns</command> component supports requests over
      both UDP and TCP, and both IPv6 and IPv4; for TCP requests,
      however, it terminates the TCP connection immediately after
      each single request has been processed.  Clients cannot reuse the
      same TCP connection for multiple requests. (This is a current
      implementation limitation of <command>b10-ddns</command>.
      While RFC 2136 doesn't specify anything about such reuse of TCP
      connection, there is no reason for disallowing it as RFC 1035
      generally allows multiple requests sent over a single TCP
      connection.  BIND 9 supports such reuse.)
    </para>

    <para>
      As of this writing <command>b10-ddns</command> does not support
      update forwarding for secondary zones.
      If it receives an update request for a secondary zone, it will
      immediately return a <quote>not implemented</quote> response.
      <note><simpara>
	  For feature completeness, update forwarding should be
	  eventually supported.  But currently it's considered a lower
	  priority task and there is no specific plan of implementing
	  this feature.
<!-- See Trac #2063 -->
      </simpara></note>
    </para>

    <section>
      <title>Enabling Dynamic Update</title>
      <para>
        First off, it must be made sure that a few components on which
        <command>b10-ddns</command> depends are configured to run,
        which are <command>b10-auth</command>
        and <command>b10-zonemgr</command>.
        In addition, <command>b10-xfrout</command> should also be
        configured to run; otherwise the notification after an update
        (see above) will fail with a timeout, suspending the DDNS
        service while <command>b10-ddns</command> waits for the
        response (see the description of the <ulink
        url="bind10-messages.html#DDNS_UPDATE_NOTIFY_FAIL">DDNS_UPDATE_NOTIFY_FAIL</ulink>
        log message for further details).
        If BIND 10 is already configured to provide authoritative DNS
        service they should normally be configured to run already.
      </para>

      <para>
        Second, for the obvious reason dynamic update requires that the
        underlying data source storing the zone data be writable.
        In the current implementation this means the zone must be stored
        in an SQLite3-based data source.
<!-- TODO -->
	Also, in this current version, the <command>b10-ddns</command>
	component configures itself with the data source referring to the
        <varname>database_file</varname> configuration parameter of
        <command>b10-auth</command>.
        So this information must be configured correctly before starting
        <command>b10-ddns</command>.

        <note><simpara>
            The way to configure data sources is now being revised.
            Configuration on the data source for DDNS will be very
            likely to be changed in a backward incompatible manner in
            a near future version.
        </simpara></note>
      </para>

      <para>
	In general, if something goes wrong regarding the dependency
	described above, <command>b10-ddns</command> will log the
	related event at the warning or error level.
	It's advisable to check the log message when you first enable
	DDNS or if it doesn't work as you expect to see if there's any
	warning or error log message.
      </para>

      <para>
        Next, to enable the DDNS service, <command>b10-ddns</command>
        needs to be explicitly configured to run.
        It can be done by using the <command>bindctl</command>
        utility.  For example:
      <screen>
&gt; <userinput>config add Init/components b10-ddns</userinput>
&gt; <userinput>config set Init/components/b10-ddns/address DDNS</userinput>
&gt; <userinput>config set Init/components/b10-ddns/kind dispensable</userinput>
&gt; <userinput>config commit</userinput>
</screen>
      <note><simpara>
	  In theory <varname>kind</varname> could be omitted because
	  "dispensable" is its default.
	  But there's some peculiar behavior (which should be a
	  bug and should be fixed eventually; see Trac ticket #2064)
	  with <command>bindctl</command> and you'll still need to
	  specify that explicitly.  Likewise, <varname>address</varname>
	  may look unnecessary because <command>b10-ddns</command>
	  would start and work without specifying it.  But for it
	  to shutdown gracefully this parameter should also be
	  specified.
      </simpara></note>
      </para>
    </section>

    <section>
      <title>Access Control</title>
      <para>
        By default, <command>b10-ddns</command> rejects any update
        requests from any clients by returning a REFUSED response.
        To allow updates to take effect, an access control rule
        (called update ACL) with a policy allowing updates must explicitly be
        configured.
        Update ACL must be configured per zone basis in the
        <varname>zones</varname> configuration parameter of
        <command>b10-ddns</command>.
        This is a list of per-zone configurations regarding DDNS.
        Each list element consists of the following parameters:
        <variablelist>
          <varlistentry>
            <term>origin</term>
            <listitem>
              <simpara>The zone's origin name</simpara>
            </listitem>
          </varlistentry>
          <varlistentry>
            <term>class</term>
            <listitem>
              <simpara>The RR class of the zone
                (normally <quote>IN</quote>, and in that case
		can be omitted in configuration)</simpara>
            </listitem>
          </varlistentry>
          <varlistentry>
            <term>update_acl</term>
            <listitem>
              <simpara>List of access control rules (ACL) for the zone</simpara>
            </listitem>
          </varlistentry>
        </variablelist>
        The syntax of the ACL is the same as ACLs for other
        components.
        Specific examples are given below.
      </para>

      <para>
        In general, an update ACL rule that allows an update request
        should be configured with a TSIG key.
        This is an example update ACL that allows updates to the zone
        named <quote>example.org</quote> (of default RR class <quote>IN</quote>)
        from clients that send requests signed with a TSIG whose
        key name is "key.example.org" (and refuses all others):
      <screen>
&gt; <userinput>config add DDNS/zones</userinput>
&gt; <userinput>config set DDNS/zones[0]/origin example.org</userinput>
&gt; <userinput>config add DDNS/zones[0]/update_acl {"action": "ACCEPT", "key": "key.example.org"}</userinput>
&gt; <userinput>config commit</userinput>
</screen>
      The TSIG key must be configured system wide
      (see <xref linkend="common-tsig"/>).
      </para>

      <para>
	The full description of ACLs can be found in <xref
	linkend="common-acl" />.
      </para>

      <note><simpara>
          The <command>b10-ddns</command> component accepts an ACL
          rule that just allows updates from a specific IP address
          (i.e., without requiring TSIG), but this is highly
          discouraged (remember that requests can be made over UDP and
          spoofing the source address of a UDP packet is often pretty
          easy).
          Unless you know what you are doing and that you can accept
          its consequence, any update ACL rule that allows updates
          should have a TSIG key in its constraints.
      </simpara></note>

      <para>
        Currently update ACL can only control updates per zone basis;
        it's not possible to specify access control with higher
        granularity such as for particular domain names or specific
        types of RRs.
<!-- See Trac ticket #2065 -->
      </para>

      <note><simpara>
        Contrary to what RFC 2136 (literally) specifies,
        <command>b10-ddns</command> checks the update ACL before
        checking the prerequisites of the update request.
        This is a deliberate implementation decision.
        This counter intuitive specification has been repeatedly
        discussed among implementers and in the IETF, and it is now
        widely agreed that it does not make sense to strictly follow
        that part of RFC.
        One known specific bad result of following the RFC is that it
        could leak information about which name or record exists or does not
        exist in the zone as a result of prerequisite checks even if a
        zone is somehow configured to reject normal queries from
        arbitrary clients.
        There have been other troubles that could have been avoided if
        the ACL could be checked before the prerequisite check.
      </simpara></note>
    </section>

    <section>
      <title>Miscellaneous Operational Issues</title>
      <para>
        Unlike BIND 9, BIND 10 currently does not support automatic
        re-signing of DNSSEC-signed zone when it's updated via DDNS.
        It could be possible to re-sign the updated zone afterwards
        or make sure the update request also updates related DNSSEC
        records, but that will be pretty error-prone operation.
        In general, it's not advisable to allow DDNS for a signed zone
        at this moment.
      </para>

      <para>
        Also unlike BIND 9, it's currently not possible
        to <quote>freeze</quote> a zone temporarily in order to
        suspend DDNS while you manually update the zone.
        If you need to make manual updates to a dynamic zone,
        you'll need to temporarily reject any updates to the zone via
        the update ACLs.
      </para>

      <para>
        Dynamic updates are only applicable to primary zones.
        In order to avoid updating secondary zones via DDNS requests,
        <command>b10-ddns</command> refers to the
        <quote>secondary_zones</quote> configuration of
        <command>b10-zonemgr</command>.  Zones listed in
        <quote>secondary_zones</quote> will never be updated via DDNS
        regardless of the update ACL configuration;
	<command>b10-ddns</command> will return a NOTAUTH (server
        not authoritative for the zone) response.
        If you have a "conceptual" secondary zone whose content is a
        copy of some external source but is not updated via the
        standard zone transfers and therefore not listed in
        <quote>secondary_zones</quote>, be careful not to allow DDNS
        for the zone; it would be quite likely to lead to inconsistent
        state between different servers.
        Normally this should not be a problem because the default
        update ACL rejects any update requests, but you may want to
        take an extra care about the configuration if you have such
        type of secondary zones.
      </para>
      <para>
        The difference of two versions of a zone, before and after a
        DDNS transaction, is automatically recorded in the underlying
        data source, and can be retrieved in the form of outbound
        IXFR.
        This is done automatically; it does not require specific
        configuration to make this possible.
      </para>
    </section>
  </chapter>

  <chapter id="resolverserver">
    <title>Recursive Name Server</title>

    <note><simpara>
      The <command>b10-resolver</command> is an experimental proof
      of concept.
    </simpara></note>

    <para>
      The <command>b10-resolver</command> daemon provides an
      iterative caching and forwarding DNS server.
      The process is started by <command>b10-init</command>.
<!-- TODO
      It provides a resolver so DNS clients can ask it to do recursion
      and it will return answers.
-->
    </para>

    <para>
      The main <command>b10-init</command> process can be configured
      to select to run either the authoritative or resolver or both.
      By default, it doesn't start either one. You may change this using
      <command>bindctl</command>, for example:

      <screen>
&gt; <userinput>config add Init/components b10-resolver</userinput>
&gt; <userinput>config set Init/components/b10-resolver/special resolver</userinput>
&gt; <userinput>config set Init/components/b10-resolver/kind needed</userinput>
&gt; <userinput>config set Init/components/b10-resolver/priority 10</userinput>
&gt; <userinput>config commit</userinput>
</screen>

    </para>

    <para>
       The master <command>b10-init</command> process will stop and start
       the desired services.
    </para>

    <para>
      By default, the resolver listens on port 53 for 127.0.0.1 and ::1.
      The following example shows how it can be configured to
      listen on an additional address (and port):

      <screen>
&gt; <userinput>config add Resolver/listen_on</userinput>
&gt; <userinput>config set Resolver/listen_on[<replaceable>2</replaceable>]/address "192.168.1.1"</userinput>
&gt; <userinput>config set Resolver/listen_on[<replaceable>2</replaceable>]/port 53</userinput>
&gt; <userinput>config commit</userinput>
</screen>
    </para>

     <simpara>(Replace the <quote><replaceable>2</replaceable></quote>
       as needed; run <quote><userinput>config show
       Resolver/listen_on</userinput></quote> if needed.)</simpara>
<!-- TODO: this example should not include the port, ticket #1185 -->

    <section>
      <title>Access Control</title>

      <para>
        By default, the <command>b10-resolver</command> daemon only accepts
        DNS queries from the localhost (127.0.0.1 and ::1).
        The <option>Resolver/query_acl</option> configuration may
        be used to reject, drop, or allow specific IPs or networks.
        See <xref linkend="common-acl" />.
      </para>

      <para>
	The following session is an example of extending the ACL to also
	allow queries from 192.0.2.0/24:
        <screen>
> <userinput>config show Resolver/query_acl</userinput>
Resolver/query_acl[0]   {"action": "ACCEPT", "from": "127.0.0.1"}   any (default)
Resolver/query_acl[1]   {"action": "ACCEPT", "from": "::1"} any (default)
> <userinput>config add Resolver/query_acl</userinput>
> <userinput>config set Resolver/query_acl[2] {"action": "ACCEPT", "from": "192.0.2.0/24"}</userinput>
> <userinput>config add Resolver/query_acl</userinput>
> <userinput>config show Resolver/query_acl</userinput>
Resolver/query_acl[0]   {"action": "ACCEPT", "from": "127.0.0.1"}   any (modified)
Resolver/query_acl[1]   {"action": "ACCEPT", "from": "::1"} any (modified)
Resolver/query_acl[2]   {"action": "ACCEPT", "from": "192.0.2.0/24"}  any (modified)
Resolver/query_acl[3]   {"action": "REJECT"}    any (modified)
> <userinput>config commit</userinput></screen>
	Note that we didn't set the value of the last final rule
	(query_acl[3]) -- in the case of resolver, rejecting all queries is
	the default value of a new rule.  In fact, this rule can even be
	omitted completely, as the default, when a query falls off the list,
	is rejection.
      </para>

    </section>

    <section>
      <title>Forwarding</title>

      <para>

        To enable forwarding, the upstream address and port must be
        configured to forward queries to, such as:

        <screen>
&gt; <userinput>config set Resolver/forward_addresses [{ "address": "<replaceable>192.168.1.1</replaceable>", "port": 53 }]</userinput>
&gt; <userinput>config commit</userinput>
</screen>

        (Replace <replaceable>192.168.1.1</replaceable> to point to your
        full resolver.)
      </para>

      <para>
        Normal iterative name service can be re-enabled by clearing the
        forwarding address(es); for example:

        <screen>
&gt; <userinput>config set Resolver/forward_addresses []</userinput>
&gt; <userinput>config commit</userinput>
</screen>
      </para>

    </section>

<!-- TODO: later try this

> config set Resolver/forward_addresses[0]/address "192.168.8.8"
> config set Resolver/forward_addresses[0]/port 53
then change those defaults with config set Resolver/forward_addresses[0]/address "1.2.3.4"
> config set Resolver/forward_addresses[0]/address "1.2.3.4"
-->

  </chapter>

  <chapter id="dhcp">
  <title>DHCP</title>
     <para>The Dynamic Host Configuration Protocol for IPv4 (DHCP or
    DHCPv4) and Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
    are protocols that allow one node (server) to provision
    configuration parameters to many hosts and devices (clients). To
    ease deployment in larger networks, additional nodes (relays) may
    be deployed that facilitate communication between servers and
    clients. Even though principles of both DHCPv4 and DHCPv6 are
    somewhat similar, these are two radically different
    protocols. BIND 10 offers two server implementations, one for DHCPv4
    and one for DHCPv6.</para>
    <para>This chapter covers those parts of BIND 10 that are common to
    both servers.  DHCPv4-specific details are covered in <xref linkend="dhcp4"/>,
    while those details specific to DHCPv6 are described in <xref linkend="dhcp6"/>
    </para>

    <note>
      <simpara>
	In this release of BIND 10, the DHCPv4 and DHCPv6 servers
	must be considered experimental.
      </simpara>
    </note>

    <section id="dhcp-install-configure">
      <title>DHCP Database Installation and Configuration</title>
      <para>
      BIND 10 DHCP stores its leases in a lease database.  The software has been written in
      a way that makes it possible to choose which database product should be used to
      store the lease information.  At present, only support for MySQL is provided, and that support must
      be explicitly included when BIND 10 is built.  This section covers the building of
      BIND 10 with MySQL and the creation of the lease database.
      </para>
      <section>
        <title>Install MySQL</title>
        <para>
          Install MySQL according to the instructions for your system.  The client development
          libraries must be installed.
        </para>
      </section>
      <section>
        <title>Build and Install BIND 10</title>
        <para>
          Build and install BIND 10 as described in <xref linkend="installation"/>, with
          the following modification: to enable the MySQL database code, at the
          "configure" step (see <xref linkend="configure"/>), specify the location of the
          MySQL configuration program "mysql_config" with the "--with-dhcp-mysql" switch,
          i.e.
          <screen><userinput>./configure [other-options] --with-dhcp-mysql</userinput></screen>
          ...if MySQL was installed in the default location, or:
          <screen><userinput>./configure [other-options] --with-dhcp-mysql=<replaceable>path-to-mysql_config</replaceable></userinput></screen>
          ...if not.
        </para>
      </section>
      <section id="dhcp-database-create">
        <title>Create MySQL Database and BIND 10 User</title>
        <para>
          The next task is to create both the lease database and the user under which the servers will
          access it. A number of steps are required:
        </para>
        <para>
          1. Log into MySQL as "root":
          <screen>$ <userinput>mysql -u root -p</userinput>
Enter password:<userinput/>
   :<userinput/>
mysql></screen>
        </para>
        <para>
          2. Create the database:
          <screen>mysql> <userinput>CREATE DATABASE <replaceable>database-name</replaceable>;</userinput></screen>
          ... <replaceable>database-name</replaceable> is the name you have chosen for the database.
        </para>
         <para>
          3. Create the database tables:
          <screen>mysql> <userinput>CONNECT <replaceable>database-name</replaceable>;</userinput>
mysql> <userinput>SOURCE <replaceable>path-to-bind10</replaceable>/share/bind10/dhcpdb_create.mysql</userinput></screen>
        </para>
         <para>
          4. Create the user under which BIND 10 will access the database (and give it a password), then grant it access to the database tables:
          <screen>mysql> <userinput>CREATE USER '<replaceable>user-name</replaceable>'@'localhost' IDENTIFIED BY '<replaceable>password</replaceable>';</userinput>
mysql> <userinput>GRANT ALL ON <replaceable>database-name</replaceable>.* TO '<replaceable>user-name</replaceable>'@'localhost';</userinput></screen>
        </para>
        <para>
          5. Exit MySQL:
          <screen>mysql> <userinput>quit</userinput>
Bye<userinput/>
$</screen>
       </para>
     </section>
   </section>

  </chapter>

  <chapter id="dhcp4">
    <title>The DHCPv4 Server</title>

    <section id="dhcp4-start-stop">
      <title>Starting and Stopping the DHCPv4 Server</title>

      <para>
        <command>b10-dhcp4</command> is the BIND 10 DHCPv4 server and, like other
        parts of BIND 10, is configured through the <command>bindctl</command>
        program.
      </para>
      <para>
        After starting BIND 10 and entering bindctl, the first step
        in configuring the server is to add it to the list of running BIND 10 services.
<screen>
&gt; <userinput>config add Init/components b10-dhcp4</userinput>
&gt; <userinput>config set Init/components/b10-dhcp4/kind dispensable</userinput>
&gt; <userinput>config commit</userinput>
</screen>
      </para>
      <para>
         To remove <command>b10-dhcp4</command> from the set of running services,
         the <command>b10-dhcp4</command> is removed from list of Init components:
<screen>
&gt; <userinput>config remove Init/components b10-dhcp4</userinput>
&gt; <userinput>config commit</userinput>
</screen>
      </para>

      <para>
        On start-up, the server will detect available network interfaces
        and will attempt to open UDP sockets on all interfaces that
        are up, running, are not loopback, and have IPv4 address
        assigned.

        The server will then listen to incoming traffic. Currently
        supported client messages are DISCOVER and REQUEST. The server
        will respond to them with OFFER and ACK, respectively.

        Since the DHCPv4 server opens privileged ports, it requires root
        access. Make sure you run this daemon as root.
      </para>

    </section>

    <section id="dhcp4-configuration">
      <title>Configuring the DHCPv4 Server</title>
      <para>
        Once the server is started, it can be configured. To view the
        current configuration, use the following command in <command>bindctl</command>:
        <screen>
&gt; <userinput>config show Dhcp4</userinput></screen>
        When starting the DHCPv4 daemon for the first time, the default configuration
        will be available. It will look similar to this:
<screen>
&gt; <userinput>config show Dhcp4</userinput>
Dhcp4/interface/	list	(default)
Dhcp4/renew-timer	1000	integer	(default)
Dhcp4/rebind-timer	2000	integer	(default)
Dhcp4/valid-lifetime	4000	integer	(default)
Dhcp4/option-data	[]	list	(default)
Dhcp4/lease-database/type	"memfile"	string	(default)
Dhcp4/lease-database/name	""	string	(default)
Dhcp4/lease-database/user	""	string	(default)
Dhcp4/lease-database/host	""	string	(default)
Dhcp4/lease-database/password	""	string	(default)
Dhcp4/subnet4	[]	list	(default)
</screen>
      </para>

      <para>
        To change one of the parameters, simply follow
        the usual <command>bindctl</command> procedure. For example, to make the
        leases longer, change their valid-lifetime parameter:
        <screen>
&gt; <userinput>config set Dhcp4/valid-lifetime 7200</userinput>
&gt; <userinput>config commit</userinput></screen>
        Please note that most Dhcp4 parameters are of global scope
        and apply to all defined subnets, unless they are overridden on a
        per-subnet basis.
      </para>

      <section>
      <title>Database Configuration</title>
      <para>
      All leases issued by the server are stored in the lease database.  Currently,
      the only supported database is MySQL
      <footnote>
      <para>
      The server comes with an in-memory database ("memfile") configured as the default
      database. This is used for internal testing and is not supported.  In addition,
      it does not store lease information on disk: lease information will be lost if the
      server is restarted.
      </para>
      </footnote>, and so the server must be configured to
      access the correct database with the appropriate credentials.
      </para>
        <note>
            <para>
            Database access information must be configured for the DHCPv4 server, even if
            it has already been configured for the DHCPv6 server.  The servers store their
            information independently, so each server can use a separate
            database or both servers can use the same database.
            </para>
        </note>
      <para>
      Database configuration is controlled through the Dhcp4/lease-database parameters.
      The type of the database must be set to MySQL (although the string entered is "mysql"):
<screen>
&gt; <userinput>config set Dhcp4/lease-database/type "mysql"</userinput>
</screen>
      Next, the name of the database is to hold the leases must be set: this is the
      name used when the lease database was created (see <xref linkend="dhcp-database-create"/>).
<screen>
&gt; <userinput>config set Dhcp4/lease-database/name "<replaceable>database-name</replaceable>"</userinput>
</screen>
      If the database is located on a different system to the DHCPv4 server, the
      database host name must also be specified (although note that this configuration
      may have a severe impact on server performance):
<screen>
&gt; <userinput>config set Dhcp4/lease-database/host "<replaceable>remote-host-name</replaceable>"</userinput>
</screen>
      The usual state of affairs will be to have the database on the same machine as the
      DHCPv4 server.  In this case, set the value to the empty string (this is the default):
<screen>
&gt; <userinput>config set Dhcp4/lease-database/host ""</userinput>
</screen>
      </para>
      <para>
      Finally, the credentials of the account under which the server will access the database
      should be set:
<screen>
&gt; <userinput>config set Dhcp4/lease-database/user "<replaceable>user-name</replaceable>"</userinput>
&gt; <userinput>config set Dhcp4/lease-database/password "<replaceable>password</replaceable>"</userinput>
</screen>
      If there is no password to the account, set the password to the empty string "". (This is also the default.)
      </para>
      <note>
      <para>The password is echoed when entered and is stored in clear text in the BIND 10 configuration
      database.  Improved password security will be added in a future version of BIND 10 DHCP</para>
      </note>
      </section>

      <section id="dhcp4-address-config">
      <title>Configuration of Address Pools</title>
      <para>
        The essential role of DHCPv4 server is address assignment. The server
        has to be configured with at least one subnet and one pool of dynamic
        addresses to be managed. For example, assume that the server
        is connected to a network segment that uses the 192.0.2.0/24
        prefix. The Administrator of that network has decided that addresses from range
        192.0.2.10 to 192.0.2.20 are going to be managed by the Dhcp4
        server. Such a configuration can be achieved in the following way:
        <screen>
&gt; <userinput>config add Dhcp4/subnet4</userinput>
&gt; <userinput>config set Dhcp4/subnet4[0]/subnet "192.0.2.0/24"</userinput>
&gt; <userinput>config set Dhcp4/subnet4[0]/pool [ "192.0.2.10 - 192.0.2.20" ]</userinput>
&gt; <userinput>config commit</userinput></screen>
        Note that subnet is defined as a simple string, but the pool parameter
        is actually a list of pools: for this reason, the pool definition is
        enclosed in square brackets, even though only one range of addresses
        is specified.</para>
        <para>It is possible to define more than one pool in a
        subnet: continuing the previous example, further assume that
        192.0.2.64/26 should be also be managed by the server. It could be written as
        192.0.2.64 to 192.0.2.127. Alternatively, it can be expressed more simply as
        192.0.2.64/26. Both formats are supported by Dhcp4 and can be mixed in the pool list.
        For example, one could define the following pools:
        <screen>
&gt; <userinput>config set Dhcp4/subnet4[0]/pool [ "192.0.2.10-192.0.2.20", "192.0.2.64/26" ]</userinput>
&gt; <userinput>config commit</userinput></screen>
        The number of pools is not limited, but for performance reasons it is recommended to
        use as few as possible. Space and tabulations in pool definitions are ignored, so
        spaces before and after hyphen are optional. They can be used to improve readability.
      </para>
      <para>
         The server may be configured to serve more than one subnet. To add a second subnet,
         use a command similar to the following:
        <screen>
&gt; <userinput>config add Dhcp4/subnet4</userinput>
&gt; <userinput>config set Dhcp4/subnet4[1]/subnet "192.0.3.0/24"</userinput>
&gt; <userinput>config set Dhcp4/subnet4[1]/pool [ "192.0.3.0/24" ]</userinput>
&gt; <userinput>config commit</userinput></screen>
        Arrays are counted from 0. subnet[0] refers to the subnet defined in the
        previous example.  The <command>config add Dhcp4/subnet4</command> command adds
        another (second) subnet. It can be referred to as
        <command>Dhcp4/subnet4[1]</command>. In this example, we allow server to
        dynamically assign all addresses available in the whole subnet.
      </para>
      <para>
        When configuring a DHCPv4 server using prefix/length notation, please pay
        attention to the boundary values. When specifying that the server should use
        a given pool, it will be able to allocate also first (typically network
        address) and the last (typically broadcast address) address from that pool.
        In the aforementioned example of pool 192.0.3.0/24, both 192.0.3.0 and
        192.0.3.255 addresses may be assigned as well. This may be invalid in some
        network configurations. If you want to avoid this, please use the "min-max" notation.
      </para>
      </section>

    <section id="dhcp4-std-options">
      <title>Standard DHCPv4 options</title>
      <para>
        One of the major features of DHCPv4 server is to provide configuration
        options to clients. Although there are several options that require
        special behavior, most options are sent by the server only if the client
        explicitly requested them.  The following example shows how to
        configure DNS servers, which is one of the most frequently used
        options. Options specified in this way are considered global and apply
        to all configured subnets.

        <screen>
&gt; <userinput>config add Dhcp4/option-data</userinput>
&gt; <userinput>config set Dhcp4/option-data[0]/name "domain-name-servers"</userinput>
&gt; <userinput>config set Dhcp4/option-data[0]/code 6</userinput>
&gt; <userinput>config set Dhcp4/option-data[0]/space "dhcp4"</userinput>
&gt; <userinput>config set Dhcp4/option-data[0]/csv-format true</userinput>
&gt; <userinput>config set Dhcp4/option-data[0]/data "192.0.3.1, 192.0.3.2"</userinput>
&gt; <userinput>config commit</userinput>
</screen>
      </para>
    <para>
      The first line creates new entry in option-data table. It
      contains information on all global options that the server is
      supposed to configure in all subnets. The second line specifies
      option name. For a complete list of currently supported names,
      see <xref linkend="dhcp4-std-options-list"/> below.
      The third line specifies option code, which must match one of the
      values from that list. Line 4 specifies option space, which must always
      be set to "dhcp4" as these are standard DHCPv4 options. For
      other option spaces, including custom option spaces, see <xref
      linkend="dhcp4-option-spaces"/>. The fifth line specifies the format in
      which the data will be entered: use of CSV (comma
      separated values) is recommended. The sixth line gives the actual value to
      be sent to clients. Data is specified as a normal text, with
      values separated by commas if more than one value is
      allowed.
    </para>

    <para>
      Options can also be configured as hexadecimal values. If csv-format is
      set to false, option data must be specified as a hex string. The
      following commands configure the domain-name-servers option for all
      subnets with the following addresses: 192.0.3.1 and 192.0.3.2.
      Note that csv-format is set to false.
      <screen>
&gt; <userinput>config add Dhcp4/option-data</userinput>
&gt; <userinput>config set Dhcp4/option-data[0]/name "domain-name-servers"</userinput>
&gt; <userinput>config set Dhcp4/option-data[0]/code 6</userinput>
&gt; <userinput>config set Dhcp4/option-data[0]/space "dhcp4"</userinput>
&gt; <userinput>config set Dhcp4/option-data[0]/csv-format false</userinput>
&gt; <userinput>config set Dhcp4/option-data[0]/data "C0 00 03 01 C0 00 03 02"</userinput>
&gt; <userinput>config commit</userinput>
        </screen>
      </para>

      <para>
        It is possible to override options on a per-subnet basis.  If
        clients connected to most of your subnets are expected to get the
        same values of a given option, you should use global options: you
        can then override specific values for a small number of subnets.
        On the other hand, if you use different values in each subnet,
        it does not make sense to specify global option values
        (Dhcp4/option-data), rather you should set only subnet-specific values
        (Dhcp4/subnet[X]/option-data[Y]).
      </para>
      <para>
        The following commands override the global
        DNS servers option for a particular subnet, setting a single DNS
        server with address 2001:db8:1::3.
        <screen>
&gt; <userinput>config add Dhcp4/subnet4[0]/option-data</userinput>
&gt; <userinput>config set Dhcp4/subnet4[0]/option-data[0]/name "domain-name-servers"</userinput>
&gt; <userinput>config set Dhcp4/subnet4[0]/option-data[0]/code 6</userinput>
&gt; <userinput>config set Dhcp4/subnet4[0]/option-data[0]/space "dhcp4"</userinput>
&gt; <userinput>config set Dhcp4/subnet4[0]/option-data[0]/csv-format true</userinput>
&gt; <userinput>config set Dhcp4/subnet4[0]/option-data[0]/data "192.0.2.3"</userinput>
&gt; <userinput>config commit</userinput></screen>
      </para>

      <note>
        <para>In a future version of Kea, it will not be necessary to specify
        the option code, space and csv-format fields as they will be set
        automatically.</para>
      </note>

      <para>
        Below is a list of currently supported standard DHCPv4 options. The "Name" and "Code"
        are the values that should be used as a name in the option-data
        structures. "Type" designates the format of the data: the meanings of
        the various types is given in <xref linkend="dhcp-types"/>.
      </para>
      <para>
        Some options are designated as arrays, which means that more than one
        value is allowed in such an option. For example the option time-servers
        allows the specification of more than one IPv4 address, so allowing
        clients to obtain the the addresses of multiple NTP servers.
      </para>
      <!-- @todo: describe record types -->

      <para>
        <table border="1" cellpadding="5%" id="dhcp4-std-options-list">
          <caption>List of standard DHCPv4 options</caption>
          <thead>
            <tr><th>Name</th><th>Code</th><th>Type</th><th>Array?</th></tr>
          </thead>
          <tbody>
<tr><td>subnet-mask</td><td>1</td><td>ipv4-address</td><td>false</td></tr>
<tr><td>time-offset</td><td>2</td><td>uint32</td><td>false</td></tr>
<tr><td>routers</td><td>3</td><td>ipv4-address</td><td>true</td></tr>
<tr><td>time-servers</td><td>4</td><td>ipv4-address</td><td>true</td></tr>
<tr><td>name-servers</td><td>5</td><td>ipv4-address</td><td>false</td></tr>
<tr><td>domain-name-servers</td><td>6</td><td>ipv4-address</td><td>true</td></tr>
<tr><td>log-servers</td><td>7</td><td>ipv4-address</td><td>true</td></tr>
<tr><td>cookie-servers</td><td>8</td><td>ipv4-address</td><td>true</td></tr>
<tr><td>lpr-servers</td><td>9</td><td>ipv4-address</td><td>true</td></tr>
<tr><td>impress-servers</td><td>10</td><td>ipv4-address</td><td>true</td></tr>
<tr><td>resource-location-servers</td><td>11</td><td>ipv4-address</td><td>true</td></tr>
<tr><td>host-name</td><td>12</td><td>string</td><td>false</td></tr>
<tr><td>boot-size</td><td>13</td><td>uint16</td><td>false</td></tr>
<tr><td>merit-dump</td><td>14</td><td>string</td><td>false</td></tr>
<tr><td>domain-name</td><td>15</td><td>fqdn</td><td>false</td></tr>
<tr><td>swap-server</td><td>16</td><td>ipv4-address</td><td>false</td></tr>
<tr><td>root-path</td><td>17</td><td>string</td><td>false</td></tr>
<tr><td>extensions-path</td><td>18</td><td>string</td><td>false</td></tr>
<tr><td>ip-forwarding</td><td>19</td><td>boolean</td><td>false</td></tr>
<tr><td>non-local-source-routing</td><td>20</td><td>boolean</td><td>false</td></tr>
<tr><td>policy-filter</td><td>21</td><td>ipv4-address</td><td>true</td></tr>
<tr><td>max-dgram-reassembly</td><td>22</td><td>uint16</td><td>false</td></tr>
<tr><td>default-ip-ttl</td><td>23</td><td>uint8</td><td>false</td></tr>
<tr><td>path-mtu-aging-timeout</td><td>24</td><td>uint32</td><td>false</td></tr>
<tr><td>path-mtu-plateau-table</td><td>25</td><td>uint16</td><td>true</td></tr>
<tr><td>interface-mtu</td><td>26</td><td>uint16</td><td>false</td></tr>
<tr><td>all-subnets-local</td><td>27</td><td>boolean</td><td>false</td></tr>
<tr><td>broadcast-address</td><td>28</td><td>ipv4-address</td><td>false</td></tr>
<tr><td>perform-mask-discovery</td><td>29</td><td>boolean</td><td>false</td></tr>
<tr><td>mask-supplier</td><td>30</td><td>boolean</td><td>false</td></tr>
<tr><td>router-discovery</td><td>31</td><td>boolean</td><td>false</td></tr>
<tr><td>router-solicitation-address</td><td>32</td><td>ipv4-address</td><td>false</td></tr>
<tr><td>static-routes</td><td>33</td><td>ipv4-address</td><td>true</td></tr>
<tr><td>trailer-encapsulation</td><td>34</td><td>boolean</td><td>false</td></tr>
<tr><td>arp-cache-timeout</td><td>35</td><td>uint32</td><td>false</td></tr>
<tr><td>ieee802-3-encapsulation</td><td>36</td><td>boolean</td><td>false</td></tr>
<tr><td>default-tcp-ttl</td><td>37</td><td>uint8</td><td>false</td></tr>
<tr><td>tcp-keepalive-internal</td><td>38</td><td>uint32</td><td>false</td></tr>
<tr><td>tcp-keepalive-garbage</td><td>39</td><td>boolean</td><td>false</td></tr>
<tr><td>nis-domain</td><td>40</td><td>string</td><td>false</td></tr>
<tr><td>nis-servers</td><td>41</td><td>ipv4-address</td><td>true</td></tr>
<tr><td>ntp-servers</td><td>42</td><td>ipv4-address</td><td>true</td></tr>
<tr><td>vendor-encapsulated-options</td><td>43</td><td>empty</td><td>false</td></tr>
<tr><td>netbios-name-servers</td><td>44</td><td>ipv4-address</td><td>true</td></tr>
<tr><td>netbios-dd-server</td><td>45</td><td>ipv4-address</td><td>true</td></tr>
<tr><td>netbios-node-type</td><td>46</td><td>uint8</td><td>false</td></tr>
<tr><td>netbios-scope</td><td>47</td><td>string</td><td>false</td></tr>
<tr><td>font-servers</td><td>48</td><td>ipv4-address</td><td>true</td></tr>
<tr><td>x-display-manager</td><td>49</td><td>ipv4-address</td><td>true</td></tr>
<tr><td>dhcp-requested-address</td><td>50</td><td>ipv4-address</td><td>false</td></tr>
<!-- Lease time should not be configured by a user.
<tr><td>dhcp-lease-time</td><td>51</td><td>uint32</td><td>false</td></tr>
-->
<tr><td>dhcp-option-overload</td><td>52</td><td>uint8</td><td>false</td></tr>
<!-- Message Type, Server Identifier and Parameter Request List should not be configured by a user.
<tr><td>dhcp-message-type</td><td>53</td><td>uint8</td><td>false</td></tr>
<tr><td>dhcp-server-identifier</td><td>54</td><td>ipv4-address</td><td>false</td></tr>
<tr><td>dhcp-parameter-request-list</td><td>55</td><td>uint8</td><td>true</td></tr>
-->
<tr><td>dhcp-message</td><td>56</td><td>string</td><td>false</td></tr>
<tr><td>dhcp-max-message-size</td><td>57</td><td>uint16</td><td>false</td></tr>
<!-- Renewal and rebinding time should not be configured by a user.
<tr><td>dhcp-renewal-time</td><td>58</td><td>uint32</td><td>false</td></tr>
<tr><td>dhcp-rebinding-time</td><td>59</td><td>uint32</td><td>false</td></tr>
-->
<tr><td>vendor-class-identifier</td><td>60</td><td>binary</td><td>false</td></tr>
<!-- Client identifier should not be configured by a user.
<tr><td>dhcp-client-identifier</td><td>61</td><td>binary</td><td>false</td></tr>
-->
<tr><td>nwip-domain-name</td><td>62</td><td>string</td><td>false</td></tr>
<tr><td>nwip-suboptions</td><td>63</td><td>binary</td><td>false</td></tr>
<tr><td>user-class</td><td>77</td><td>binary</td><td>false</td></tr>
<tr><td>fqdn</td><td>81</td><td>record</td><td>false</td></tr>
<tr><td>dhcp-agent-options</td><td>82</td><td>empty</td><td>false</td></tr>
<tr><td>authenticate</td><td>90</td><td>binary</td><td>false</td></tr>
<tr><td>client-last-transaction-time</td><td>91</td><td>uint32</td><td>false</td></tr>
<tr><td>associated-ip</td><td>92</td><td>ipv4-address</td><td>true</td></tr>
<tr><td>subnet-selection</td><td>118</td><td>ipv4-address</td><td>false</td></tr>
<tr><td>domain-search</td><td>119</td><td>binary</td><td>false</td></tr>
<tr><td>vivco-suboptions</td><td>124</td><td>binary</td><td>false</td></tr>
<tr><td>vivso-suboptions</td><td>125</td><td>binary</td><td>false</td></tr>
          </tbody>
        </table>
      </para>
      <para>
        <table border="1" cellpadding="5%" id="dhcp-types">
          <caption>List of standard DHCP option types</caption>
          <thead>
            <tr><th>Name</th><th>Meaning</th></tr>
          </thead>
          <tbody>
            <tr><td>binary</td><td>An arbitrary string of bytes, specified as a set of hexadecimal digits.</td></tr>
            <tr><td>boolean</td><td>Boolean value with allowed values true or false</td></tr>
            <tr><td>empty</td><td>No value, data is carried in suboptions</td></tr>
            <tr><td>fqdn</td><td>Fully qualified domain name (e.g. www.example.com)</td></tr>
            <tr><td>ipv4-address</td><td>IPv4 address in the usual dotted-decimal notation (e.g. 192.0.2.1)</td></tr>
            <tr><td>ipv6-address</td><td>IPv6 address in the usual colon notation (e.g. 2001:db8::1)</td></tr>
            <tr><td>record</td><td>Structured data that may comprise any types (except "record" and "empty")</td></tr>
            <tr><td>string</td><td>Any text</td></tr>
            <tr><td>uint8</td><td>8 bit unsigned integer with allowed values 0 to 255</td></tr>
            <tr><td>uint16</td><td>16 bit unsinged integer with allowed values 0 to 65535</td></tr>
            <tr><td>uint32</td><td>32 bit unsigned integer with allowed values 0 to 4294967295</td></tr>
          </tbody>
       </table>
      </para>
    </section>

    <section id="dhcp4-custom-options">
      <title>Custom DHCPv4 options</title>
      <para>It is also possible to define options other than the standard ones.
      Assume that we want to define a new DHCPv4 option called "foo" which will have
      code 222 and will convey a single unsigned 32 bit integer value. We can define
      such an option by using the following commands:
      <screen>
&gt; <userinput>config add Dhcp4/option-def</userinput>
&gt; <userinput>config set Dhcp4/option-def[0]/name "foo"</userinput>
&gt; <userinput>config set Dhcp4/option-def[0]/code 222</userinput>
&gt; <userinput>config set Dhcp4/option-def[0]/type "uint32"</userinput>
&gt; <userinput>config set Dhcp4/option-def[0]/array false</userinput>
&gt; <userinput>config set Dhcp4/option-def[0]/record-types ""</userinput>
&gt; <userinput>config set Dhcp4/option-def[0]/space "dhcp4"</userinput>
&gt; <userinput>config set Dhcp4/option-def[0]/encapsulate ""</userinput>
&gt; <userinput>config commit</userinput></screen>
      The "false" value of the "array" parameter determines that the option
      does NOT comprise an array of "uint32" values but rather a single value.
      Two other parameters have been left blank: "record-types" and "encapsulate".
      The former specifies the comma separated list of option data fields if the
      option comprises a record of data fields. The "record-fields" value should
      be non-empty if the "type" is set to "record". Otherwise it must be left
      blank. The latter parameter specifies the name of the option space being
      encapsulated by the particular option. If the particular option does not
      encapsulate any option space it should be left blank.
      Note that the above set of comments define the format of the new option and do not
      set its values.
      </para>
      <note>
        <para>
          In the current release the default values are not propagated to the
          parser when the new configuration is being set. Therefore, all
          parameters must be specified at all times, even if their values are
          left blank.
        </para>
      </note>

      <para>Once the new option format is defined, its value is set
      in the same way as for a standard option. For example the following
      commands set a global value that applies to all subnets.
        <screen>
&gt; <userinput>config add Dhcp4/option-data</userinput>
&gt; <userinput>config set Dhcp4/option-data[0]/name "foo"</userinput>
&gt; <userinput>config set Dhcp4/option-data[0]/code 222</userinput>
&gt; <userinput>config set Dhcp4/option-data[0]/space "dhcp4"</userinput>
&gt; <userinput>config set Dhcp4/option-data[0]/csv-format true</userinput>
&gt; <userinput>config set Dhcp4/option-data[0]/data "12345"</userinput>
&gt; <userinput>config commit</userinput></screen>
      </para>

      <para>New options can take more complex forms than simple use of
      primitives (uint8, string, ipv4-address etc): it is possible to
      define an option comprising a number of existing primitives.
      </para>
      <para>Assume we
      want to define a new option that will consist of an IPv4
      address, followed by unsigned 16 bit integer, followed by a text
      string. Such an option could be defined in the following way:
<screen>
&gt; <userinput>config add Dhcp4/option-def</userinput>
&gt; <userinput>config set Dhcp4/option-def[0]/name "bar"</userinput>
&gt; <userinput>config set Dhcp4/option-def[0]/code 223</userinput>
&gt; <userinput>config set Dhcp4/option-def[0]/space "dhcp4"</userinput>
&gt; <userinput>config set Dhcp4/option-def[0]/type "record"</userinput>
&gt; <userinput>config set Dhcp4/option-def[0]/array false</userinput>
&gt; <userinput>config set Dhcp4/option-def[0]/record-types "ipv4-address, uint16, string"</userinput>
&gt; <userinput>config set Dhcp4/option-def[0]/encapsulate ""</userinput>
</screen>
      The "type" is set to "record" to indicate that the option contains
      multiple values of different types.  These types are given as a comma-separated
      list in the "record-types" field and should be those listed in <xref linkend="dhcp-types"/>.
      </para>
      <para>
      The values of the option are set as follows:
<screen>
&gt; <userinput>config add Dhcp4/option-data</userinput>
&gt; <userinput>config set Dhcp4/option-data[0]/name "bar"</userinput>
&gt; <userinput>config set Dhcp4/option-data[0]/space "dhcp4"</userinput>
&gt; <userinput>config set Dhcp4/option-data[0]/code 223</userinput>
&gt; <userinput>config set Dhcp4/option-data[0]/csv-format true</userinput>
&gt; <userinput>config set Dhcp4/option-data[0]/data "192.0.2.100, 123, Hello World"</userinput>
&gt; <userinput>config commit</userinput></screen>
      </para>
      "csv-format" is set "true" to indicate that the "data" field comprises a command-separated
      list of values.  The values in the "data" must correspond to the types set in
      the "record-types" field of the option definition.
    </section>

    <section id="dhcp4-vendor-opts">
      <title>DHCPv4 vendor specific options</title>
      <para>
      Currently there are three option spaces defined: dhcp4 (to
      be used in DHCPv4 daemon) and dhcp6 (for the DHCPv6 daemon); there
      is also vendor-encapsulated-options-space, which is empty by default, but options
      can be defined in it. Those options are called vendor-specific
      information options. The following examples show how to define
      an option "foo" with code 1 that consists of an IPv4 address, an
      unsigned 16 bit integer and a string. The "foo" option is conveyed
      in a vendor specific information option.
      </para>
      <para>
      The first step is to define the format of the option:
<screen>
&gt; <userinput>config add Dhcp4/option-def</userinput>
&gt; <userinput>config set Dhcp4/option-def[0]/name "foo"</userinput>
&gt; <userinput>config set Dhcp4/option-def[0]/code 1</userinput>
&gt; <userinput>config set Dhcp4/option-def[0]/space "vendor-encapsulated-options-space"</userinput>
&gt; <userinput>config set Dhcp4/option-def[0]/type "record"</userinput>
&gt; <userinput>config set Dhcp4/option-def[0]/array false</userinput>
&gt; <userinput>config set Dhcp4/option-def[0]/record-types "ipv4-address, uint16, string"</userinput>
&gt; <userinput>config set Dhcp4/option-def[0]/encapsulates ""</userinput>
&gt; <userinput>config commit</userinput>
</screen>
     (Note that the option space is set to "vendor-encapsulated-options-space".)
     Once the option format is defined, the next step is to define actual values
     for that option:
     <screen>
&gt; <userinput>config add Dhcp4/option-data</userinput>
&gt; <userinput>config set Dhcp4/option-data[0]/name "foo"</userinput>
&gt; <userinput>config set Dhcp4/option-data[0]/space "vendor-encapsulated-options-space"</userinput>
&gt; <userinput>config set Dhcp4/option-data[0]/code 1</userinput>
&gt; <userinput>config set Dhcp4/option-data[0]/csv-format true</userinput>
&gt; <userinput>config set Dhcp4/option-data[0]/data "192.0.2.3, 123, Hello World"</userinput>
&gt; <userinput>config commit</userinput></screen>
    We also set up a dummy value for vendor-opts, the option that conveys our sub-option "foo".
    This is required else the option will not be included in messages sent to the client.
     <screen>
&gt; <userinput>config add Dhcp4/option-data</userinput>
&gt; <userinput>config set Dhcp4/option-data[1]/name "vendor-encapsulated-options"</userinput>
&gt; <userinput>config set Dhcp4/option-data[1]/space "dhcp4"</userinput>
&gt; <userinput>config set Dhcp4/option-data[1]/code 43</userinput>
&gt; <userinput>config set Dhcp4/option-data[1]/csv-format false</userinput>
&gt; <userinput>config set Dhcp4/option-data[1]/data ""</userinput>
&gt; <userinput>config commit</userinput></screen>
      </para>

      <note>
        <para>
          With this version of BIND 10, the "vendor-encapsulated-options" option
          must be specified in the configuration although it has no configurable
          parameters. If it is not specified, the server will assume that it is
          not configured and will not send it to a client. In the future there
          will be no need to include this option in the configuration.
        </para>
      </note>

    </section>

    <section id="dhcp4-option-spaces">

      <title>Nested DHCPv4 options (custom option spaces)</title>
      <para>It is sometimes useful to define completely new option
      space. This is the case when user creates new option in the
      standard option space ("dhcp4 or "dhcp6") and wants this option
      to convey sub-options. Thanks to being in the separate space,
      sub-option codes will have a separate numbering scheme and may
      overlap with codes of standard options.
      </para>
      <para>Note that creation of a new option space when defining
      sub-options for a standard option is not required, because it is
      created by default if the standard option is meant to convey any
      sub-options (see <xref linkend="dhcp4-vendor-opts"/>).
      </para>
      <para>
      Assume that we want to have a DHCPv4 option called "container" with
      code 222 that conveys two sub-options with codes 1 and 2.
      First we need to define the new sub-options:
<screen>
&gt; <userinput>config add Dhcp4/option-def</userinput>
&gt; <userinput>config set Dhcp4/option-def[0]/name "subopt1"</userinput>
&gt; <userinput>config set Dhcp4/option-def[0]/code 1</userinput>
&gt; <userinput>config set Dhcp4/option-def[0]/space "isc"</userinput>
&gt; <userinput>config set Dhcp4/option-def[0]/type "ipv4-address"</userinput>
&gt; <userinput>config set Dhcp4/option-def[0]/record-types ""</userinput>
&gt; <userinput>config set Dhcp4/option-def[0]/array false</userinput>
&gt; <userinput>config set Dhcp4/option-def[0]/encapsulate ""</userinput>
&gt; <userinput>config commit</userinput>

&gt; <userinput>config add Dhcp4/option-def</userinput>
&gt; <userinput>config set Dhcp4/option-def[1]/name "subopt2"</userinput>
&gt; <userinput>config set Dhcp4/option-def[1]/code 2</userinput>
&gt; <userinput>config set Dhcp4/option-def[1]/space "isc"</userinput>
&gt; <userinput>config set Dhcp4/option-def[1]/type "string"</userinput>
&gt; <userinput>config set Dhcp4/option-def[1]/record-types ""</userinput>
&gt; <userinput>config set Dhcp4/option-def[1]/array false</userinput>
&gt; <userinput>config set Dhcp4/option-def[1]/encapsulate ""</userinput>
&gt; <userinput>config commit</userinput>
</screen>
    Note that we have defined the options to belong to a new option space
    (in this case, "isc").
    </para>
    <para>
    The next step is to define a regular DHCPv4 option with our desired
    code and specify that it should include options from the new option space:
<screen>
&gt; <userinput>add Dhcp4/option-def</userinput>
&gt; <userinput>set Dhcp4/option-def[2]/name "container"</userinput>
&gt; <userinput>set Dhcp4/option-def[2]/code 222</userinput>
&gt; <userinput>set Dhcp4/option-def[2]/space "dhcp4"</userinput>
&gt; <userinput>set Dhcp4/option-def[2]/type "empty"</userinput>
&gt; <userinput>set Dhcp4/option-def[2]/array false</userinput>
&gt; <userinput>set Dhcp4/option-def[2]/record-types ""</userinput>
&gt; <userinput>set Dhcp4/option-def[2]/encapsulate "isc"</userinput>
&gt; <userinput>commit</userinput>
</screen>
    The name of the option space in which the sub-options are defined
    is set in the "encapsulate" field. The "type" field is set to "empty"
    to indicate that this option does not carry any data other than
    sub-options.
    </para>
    <para>
    Finally, we can set values for the new options:
<screen>
&gt; <userinput>config add Dhcp4/option-data</userinput>
&gt; <userinput>config set Dhcp4/option-data[0]/name "subopt1"</userinput>
&gt; <userinput>config set Dhcp4/option-data[0]/space "isc"</userinput>
&gt; <userinput>config set Dhcp4/option-data[0]/code 1</userinput>
&gt; <userinput>config set Dhcp4/option-data[0]/csv-format true</userinput>
&gt; <userinput>config set Dhcp4/option-data[0]/data "192.0.2.3"</userinput>
&gt; <userinput>config commit</userinput>
<userinput></userinput>
&gt; <userinput>config add Dhcp4/option-data</userinput>
&gt; <userinput>config set Dhcp4/option-data[1]/name "subopt2"</userinput>
&gt; <userinput>config set Dhcp4/option-data[1]/space "isc"</userinput>
&gt; <userinput>config set Dhcp4/option-data[1]/code 2</userinput>
&gt; <userinput>config set Dhcp4/option-data[1]/csv-format true</userinput>
&gt; <userinput>config set Dhcp4/option-data[1]/data "Hello world"</userinput>
&gt; <userinput>config commit</userinput>
<userinput></userinput>
&gt; <userinput>config add Dhcp4/option-data</userinput>
&gt; <userinput>config set Dhcp4/option-data[2]/name "container"</userinput>
&gt; <userinput>config set Dhcp4/option-data[2]/space "dhcp4"</userinput>
&gt; <userinput>config set Dhcp4/option-data[2]/code 222</userinput>
&gt; <userinput>config set Dhcp4/option-data[2]/csv-format true</userinput>
&gt; <userinput>config set Dhcp4/option-data[2]/data ""</userinput>
&gt; <userinput>config commit</userinput>
</screen>
    Even though the "container" option does not carry any data except
    sub-options, the "data" field must be explicitly set to an empty value.
    This is required because in the current version of BIND 10 DHCP, the
    default configuration values are not propagated to the configuration parsers:
    if the "data" is not set the parser will assume that this
    parameter is not specified and an error will be reported.
    </para>
    <para>Note that it is possible to create an option which carries some data
    in addition to the sub-options defined in the encapsulated option space.  For example,
    if the "container" option from the previous example was required to carry an uint16
    value as well as the sub-options, the "type" value would have to be set to "uint16" in
    the option definition. (Such an option would then have the following
    data structure: DHCP header, uint16 value, sub-options.) The value specified
    with the "data" parameter - which should be a valid integer enclosed in quotes,
    e.g. "123" - would then be assigned to the uint16 field in the "container" option.
    </para>
    </section>
        </section>
    <section id="dhcp4-serverid">
      <title>Server Identifier in DHCPv4</title>
      <para>
        The DHCPv4 protocol uses a "server identifier" for clients to be able
        to discriminate between several servers present on the same link: this
        value is an IPv4 address of the server. When started for the first time,
        the DHCPv4 server will choose one of its IPv4 addresses as its server-id,
        and store the chosen value to a file. That file will be read by the server
        and the contained value used whenever the server is subsequently started.
      </para>
      <para>
        It is unlikely that this parameter should ever need to be changed.
        However, if such a need arises, stop the server, edit the file and restart
        the server. (The file is named b10-dhcp4-serverid and by default is
        stored in the "var" subdirectory of the directory in which BIND 10 is installed.
        This can be changed when BIND 10 is built by using "--localstatedir"
        on the "configure" command line.)  The file is a text file that should
        contain an IPv4 address. Spaces are ignored, and no extra characters are allowed
        in this file.
      </para>
    </section>

    <section id="dhcp4-std">
      <title>Supported Standards</title>
      <para>The following standards and draft standards are currently
      supported:</para>
      <itemizedlist>
          <listitem>
            <simpara><ulink url="http://tools.ietf.org/html/rfc2131">RFC 2131</ulink>: Supported messages are DISCOVER, OFFER,
            REQUEST, RELEASE, ACK, and NAK.</simpara>
          </listitem>
          <listitem>
            <simpara><ulink url="http://tools.ietf.org/html/rfc2132">RFC 2132</ulink>: Supported options are: PAD (0),
            END(255), Message Type(53), DHCP Server Identifier (54),
            Domain Name (15), DNS Servers (6), IP Address Lease Time
            (51), Subnet mask (1), and Routers (3).</simpara>
          </listitem>
      </itemizedlist>
    </section>

    <section id="dhcp4-limit">
      <title>DHCPv4 Server Limitations</title>
      <para>These are the current limitations of the DHCPv4 server
      software. Most of them are reflections of the current stage of
      development and should be treated as <quote>not implemented
      yet</quote>, rather than actual limitations.</para>
      <itemizedlist>
          <listitem>
          <para>
            On startup, the DHCPv4 server does not get the full configuration from
            BIND 10.  To remedy this, after starting BIND 10, modify any parameter
            and commit the changes, e.g.
            <screen>
&gt; <userinput>config show Dhcp4/renew-timer</userinput>
Dhcp4/renew-timer	1000	integer	(default)
&gt; <userinput>config set Dhcp4/renew-timer 1001</userinput>
&gt; <userinput>config commit</userinput></screen>
          </para>
        </listitem>
          <listitem>
            <simpara>During the initial IPv4 node configuration, the
            server is expected to send packets to a node that does not
            have IPv4 address assigned yet. The server requires
            certain tricks (or hacks) to transmit such packets. This
            is not implemented yet, therefore DHCPv4 server supports
            relayed traffic only (that is, normal point to point
            communication).</simpara>
          </listitem>

          <listitem>
            <simpara>Upon start, the server will open sockets on all
            interfaces that are not loopback, are up and running and
            have IPv4 address.</simpara>
          </listitem>

          <listitem>
            <simpara>The DHCPv4 server does not support
            BOOTP. That is a design choice and the limitation is
            permanent. If you have legacy nodes that can't use DHCP and
            require BOOTP support, please use the latest version of ISC DHCP,
            available from <ulink url="http://www.isc.org/software/dhcp"/>.</simpara>
          </listitem>
          <listitem>
            <simpara>Interface detection is currently working on Linux
            only. See <xref linkend="iface-detect"/> for details.</simpara>
          </listitem>
          <listitem>
            <simpara>The DHCPv4 server does not  verify that
            assigned address is unused. According to <ulink url="http://tools.ietf.org/html/rfc2131">RFC 2131</ulink>, the
            allocating server should verify that address is not used by
            sending ICMP echo request.</simpara>
          </listitem>
          <listitem>
            <simpara>Address rebinding (REBIND) and duplication report (DECLINE)
            are not supported yet.</simpara>
          </listitem>
          <listitem>
          <simpara>DNS Update is not yet supported.</simpara>
          </listitem>
      </itemizedlist>
    </section>

  </chapter>

  <chapter id="dhcp6">
    <title>The DHCPv6 Server</title>

    <section id="dhcp6-start-stop">
      <title>Starting and Stopping the DHCPv6 Server</title>

      <para>
        <command>b10-dhcp6</command> is the BIND 10 DHCPv6 server and, like other
        parts of BIND 10, is configured through the <command>bindctl</command>
        program.
      </para>
      <para>
        After starting BIND 10 and starting <command>bindctl</command>, the first step
        in configuring the server is to add <command>b10-dhcp6</command> to the list of running BIND 10 services.
<screen>
&gt; <userinput>config add Init/components b10-dhcp6</userinput>
&gt; <userinput>config set Init/components/b10-dhcp6/kind dispensable</userinput>
&gt; <userinput>config commit</userinput>
</screen>
      </para>
      <para>
         To remove <command>b10-dhcp6</command> from the set of running services,
         the <command>b10-dhcp4</command> is removed from list of Init components:
<screen>
&gt; <userinput>config remove Init/components b10-dhcp6</userinput>
&gt; <userinput>config commit</userinput>
</screen>
      </para>


      <para>
        During start-up the server will detect available network interfaces
        and will attempt to open UDP sockets on all interfaces that
        are up, running, are not loopback, are multicast-capable, and
        have IPv6 address assigned. It will then listen to incoming traffic.
      </para>


    </section>

    <section id="dhcp6-configuration">
      <title>DHCPv6 Server Configuration</title>
      <para>
        Once the server has been started, it can be configured. To view the
        current configuration, use the following command in <command>bindctl</command>:
        <screen>&gt; <userinput>config show Dhcp6</userinput></screen>
        When starting the Dhcp6 daemon for the first time, the default configuration
        will be available. It will look similar to this:
<screen>
&gt; <userinput>config show Dhcp6</userinput>
Dhcp6/interface/	list	(default)
Dhcp6/renew-timer	1000	integer	(default)
Dhcp6/rebind-timer	2000	integer	(default)
Dhcp6/preferred-lifetime	3000	integer	(default)
Dhcp6/valid-lifetime	4000	integer	(default)
Dhcp6/option-data	[]	list	(default)
Dhcp6/lease-database/type	"memfile"	string	(default)
Dhcp6/lease-database/name	""	string	(default)
Dhcp6/lease-database/user	""	string	(default)
Dhcp6/lease-database/host	""	string	(default)
Dhcp6/lease-database/password	""	string	(default)
Dhcp6/subnet6/	list
</screen>
      </para>
      <para>
        To change one of the parameters, simply follow
        the usual <command>bindctl</command> procedure. For example, to make the
        leases longer, change their valid-lifetime parameter:
        <screen>
&gt; <userinput>config set Dhcp6/valid-lifetime 7200</userinput>
&gt; <userinput>config commit</userinput></screen>
        Most Dhcp6 parameters are of global scope
        and apply to all defined subnets, unless they are overridden on a
        per-subnet basis.
      </para>
      <note>
        <para>
          With this version of BIND 10, there are a number of known limitations
          and problems in the DHCPv6 server. See <xref linkend="dhcp6-limit"/>.
        </para>
      </note>

      <section>
      <title>Database Configuration</title>
      <para>
      All leases issued by the server are stored in the lease database.  Currently,
      the only supported database is MySQL
      <footnote>
      <para>
      The server comes with an in-memory database ("memfile") configured as the default
      database. This is used for internal testing and is not supported.  In addition,
      it does not store lease information on disk: lease information will be lost if the
      server is restarted.
      </para>
      </footnote>, and so the server must be configured to
      access the correct database with the appropriate credentials.
      </para>
      <note>
        <para>
            Database access information must be configured for the DHCPv6 server, even if
            it has already been configured for the DHCPv4 server.  The servers store their
            information independently, so each server can use a separate
            database or both servers can use the same database.
          </para>
        </note>
      <para>
      Database configuration is controlled through the Dhcp6/lease-database parameters.
      The type of the database must be set to MySQL (although the string entered is "mysql"):
<screen>
&gt; <userinput>config set Dhcp6/lease-database/type "mysql"</userinput>
</screen>
      Next, the name of the database is to hold the leases must be set: this is the
      name used when the lease database was created (see <xref linkend="dhcp-database-create"/>).
<screen>
&gt; <userinput>config set Dhcp6/lease-database/name "<replaceable>database-name</replaceable>"</userinput>
</screen>
      If the database is located on a different system to the DHCPv6 server, the
      database host name must also be specified (although note that this configuration
      may have a severe impact on server performance):
<screen>
&gt; <userinput>config set Dhcp6/lease-database/host "<replaceable>remote-host-name</replaceable>"</userinput>
</screen>
      The usual state of affairs will be to have the database on the same machine as the
      DHCPv6 server.  In this case, set the value to the empty string (this is the default):
<screen>
&gt; <userinput>config set Dhcp6/lease-database/host ""</userinput>
</screen>
      </para>
      <para>
      Finally, the credentials of the account under which the server will access the database
      should be set:
<screen>
&gt; <userinput>config set Dhcp6/lease-database/user "<replaceable>user-name</replaceable>"</userinput>
&gt; <userinput>config set Dhcp6/lease-database/password "<replaceable>password</replaceable>"</userinput>
</screen>
      If there is no password to the account, set the password to the empty string "". (This is also the default.)
      </para>
      <note>
      <para>The password is echoed when entered and is stored in clear text in the BIND 10 configuration
      database.  Improved password security will be added in a future version of BIND 10 DHCP</para>
      </note>
      </section>


    <section>
      <title>Subnet and Address Pool</title>
      <para>
        The essential role of a DHCPv6 server is address assignment. For this,
        the server has to be configured with at least one subnet and one pool of dynamic
        addresses to be managed. For example, assume that the server
        is connected to a network segment that uses the 2001:db8:1::/64
        prefix. The Administrator of that network has decided that addresses from range
        2001:db8:1::1 to 2001:db8:1::ffff are going to be managed by the Dhcp6
        server. Such a configuration can be achieved in the following way:
        <screen>
&gt; <userinput>config add Dhcp6/subnet6</userinput>
&gt; <userinput>config set Dhcp6/subnet6[0]/subnet "2001:db8:1::/64"</userinput>
&gt; <userinput>config set Dhcp6/subnet6[0]/pool [ "2001:db8:1::0 - 2001:db8:1::ffff" ]</userinput>
&gt; <userinput>config commit</userinput></screen>
        Note that subnet is defined as a simple string, but the pool parameter
        is actually a list of pools: for this reason, the pool definition is
        enclosed in square brackets, even though only one range of addresses
        is specified.</para>
        <para>It is possible to define more than one pool in a
        subnet: continuing the previous example, further assume that
        2001:db8:1:0:5::/80 should be also be managed by the server. It could be written as
        2001:db8:1:0:5:: to 2001:db8:1::5:ffff:ffff:ffff, but typing so many 'f's
        is cumbersome. It can be expressed more simply as 2001:db8:1:0:5::/80. Both
        formats are supported by Dhcp6 and can be mixed in the pool list.
        For example, one could define the following pools:
        <screen>
&gt; <userinput>config set Dhcp6/subnet6[0]/pool [ "2001:db8:1::1 - 2001:db8:1::ffff", "2001:db8:1:0:5::/80" ]</userinput>
&gt; <userinput>config commit</userinput></screen>
        The number of pools is not limited, but for performance reasons it is recommended to
        use as few as possible.
      </para>
      <para>
         The server may be configured to serve more than one subnet. To add a second subnet,
         use a command similar to the following:
        <screen>
&gt; <userinput>config add Dhcp6/subnet6</userinput>
&gt; <userinput>config set Dhcp6/subnet6[1]/subnet "2001:db8:beef::/48"</userinput>
&gt; <userinput>config set Dhcp6/subnet6[1]/pool [ "2001:db8:beef::/48" ]</userinput>
&gt; <userinput>config commit</userinput></screen>
        Arrays are counted from 0. subnet[0] refers to the subnet defined in the
        previous example.  The <command>config add Dhcp6/subnet6</command> command adds
        another (second) subnet. It can be referred to as
        <command>Dhcp6/subnet6[1]</command>. In this example, we allow server to
        dynamically assign all addresses available in the whole subnet. Although
        very wasteful, it is certainly a valid configuration to dedicate the
        whole /48 subnet for that purpose.
      </para>
      <para>
        When configuring a DHCPv6 server using prefix/length notation, please pay
        attention to the boundary values. When specifying that the server should use
        a given pool, it will be able to allocate also first (typically network
        address) address from that pool. For example for pool 2001:db8::/64 the
        2001:db8:: address may be assigned as well. If you want to avoid this,
        please use the "min-max" notation.
      </para>
    </section>

    <section id="dhcp6-std-options">
      <title>Standard DHCPv6 options</title>
      <para>
        One of the major features of DHCPv6 server is to provide configuration
        options to clients. Although there are several options that require
        special behavior, most options are sent by the server only if the client
        explicitly requested them.  The following example shows how to
        configure DNS servers, which is one of the most frequently used
        options. Numbers in the first column are added for easier reference and
        will not appear on screen. Options specified in this way are considered
        global and apply to all configured subnets.

        <screen>
1. &gt; <userinput>config add Dhcp6/option-data</userinput>
2. &gt; <userinput>config set Dhcp6/option-data[0]/name "dns-servers"</userinput>
3. &gt; <userinput>config set Dhcp6/option-data[0]/code 23</userinput>
4. &gt; <userinput>config set Dhcp6/option-data[0]/space "dhcp6"</userinput>
5. &gt; <userinput>config set Dhcp6/option-data[0]/csv-format true</userinput>
6. &gt; <userinput>config set Dhcp6/option-data[0]/data "2001:db8::cafe, 2001:db8::babe"</userinput>
7. &gt; <userinput>config commit</userinput>
</screen>
      </para>
    <para>
      The first line creates new entry in option-data table. It
      contains information on all global options that the server is
      supposed to configure in all subnets. The second line specifies
      option name. For a complete list of currently supported names,
      see <xref linkend="dhcp6-std-options-list"/> below.
      The third line specifies option code, which must match one of the
      values from that
      list. Line 4 specifies option space, which must always
      be set to "dhcp6" as these are standard DHCPv6 options. For
      other name spaces, including custom option spaces, see <xref
      linkend="dhcp6-option-spaces"/>. The fifth line specifies the format in
      which the data will be entered: use of CSV (comma
      separated values) is recommended. The sixth line gives the actual value to
      be sent to clients. Data is specified as a normal text, with
      values separated by commas if more than one value is
      allowed.
    </para>

    <para>
      Options can also be configured as hexadecimal values. If csv-format is
      set to false, the option data must be specified as a string of hexadecimal
      numbers. The
      following commands configure the DNS-SERVERS option for all
      subnets with the following addresses: 2001:db8:1::cafe and
      2001:db8:1::babe.
      <screen>
&gt; <userinput>config add Dhcp6/option-data</userinput>
&gt; <userinput>config set Dhcp6/option-data[0]/name "dns-servers"</userinput>
&gt; <userinput>config set Dhcp6/option-data[0]/code 23</userinput>
&gt; <userinput>config set Dhcp6/option-data[0]/space "dhcp6"</userinput>
&gt; <userinput>config set Dhcp6/option-data[0]/csv-format false</userinput>
&gt; <userinput>config set Dhcp6/option-data[0]/data "2001 0DB8 0001 0000 0000 0000</userinput>
        <userinput>0000 CAFE 2001 0DB8 0001 0000 0000 0000 0000 BABE"</userinput>
&gt; <userinput>config commit</userinput>
        </screen>
       (The value for the setting of the "data" element is split across two
        lines in this document for clarity: when entering the command, the
        whole string should be entered on the same line.)
      </para>

    <para>
      It is possible to override options on a per-subnet basis.  If
      clients connected to most of your subnets are expected to get the
      same values of a given option, you should use global options: you
      can then override specific values for a small number of subnets.
      On the other hand, if you use different values in each subnet,
      it does not make sense to specify global option values
      (Dhcp6/option-data), rather you should set only subnet-specific values
      (Dhcp6/subnet[X]/option-data[Y]).
     </para>
     <para>
      The following commands override the global
      DNS servers option for a particular subnet, setting a single DNS
      server with address 2001:db8:1::3.
      <screen>
&gt; <userinput>config add Dhcp6/subnet6[0]/option-data</userinput>
&gt; <userinput>config set Dhcp6/subnet6[0]/option-data[0]/name "dns-servers"</userinput>
&gt; <userinput>config set Dhcp6/subnet6[0]/option-data[0]/code 23</userinput>
&gt; <userinput>config set Dhcp6/subnet6[0]/option-data[0]/space "dhcp6"</userinput>
&gt; <userinput>config set Dhcp6/subnet6[0]/option-data[0]/csv-format true</userinput>
&gt; <userinput>config set Dhcp6/subnet6[0]/option-data[0]/data "2001:db8:1::3"</userinput>
&gt; <userinput>config commit</userinput></screen>
    </para>

    <note>
      <para>
        In future versions of BIND 10 DHCP, it will not be necessary to specify
        option code, space and csv-format fields, as those fields will be set
        automatically.
      </para>
    </note>


    <para>
      Below is a list of currently supported standard DHCPv6 options. The "Name" and "Code"
      are the values that should be used as a name in the option-data
      structures. "Type" designates the format of the data: the meanings of
      the various types is given in <xref linkend="dhcp-types"/>.
    </para>
    <para>
      Some options are designated as arrays, which means that more than one
      value is allowed in such an option. For example the option dns-servers
      allows the specification of more than one IPv6 address, so allowing
      clients to obtain the the addresses of multiple DNS servers.
    </para>

<!-- @todo: describe record types -->

    <para>
      <table border="1" cellpadding="5%" id="dhcp6-std-options-list">
        <caption>List of standard DHCPv6 options</caption>
        <thead>
          <tr><th>Name</th><th>Code</th><th>Type</th><th>Array?</th></tr>
          <tr></tr>
        </thead>
        <tbody>
<!-- Our engine uses those options on its own, admin must not configure them on his own
<tr><td>clientid</td><td>1</td><td>binary</td><td>false</td></tr>
<tr><td>serverid</td><td>2</td><td>binary</td><td>false</td></tr>
<tr><td>ia-na</td><td>3</td><td>record</td><td>false</td></tr>
<tr><td>ia-ta</td><td>4</td><td>uint32</td><td>false</td></tr>
<tr><td>iaaddr</td><td>5</td><td>record</td><td>false</td></tr>
<tr><td>oro</td><td>6</td><td>uint16</td><td>true</td></tr> -->
<tr><td>preference</td><td>7</td><td>uint8</td><td>false</td></tr>

<!-- Our engine uses those options on its own, admin must not configure them on his own
<tr><td>elapsed-time</td><td>8</td><td>uint16</td><td>false</td></tr>
<tr><td>relay-msg</td><td>9</td><td>binary</td><td>false</td></tr>
<tr><td>auth</td><td>11</td><td>binary</td><td>false</td></tr>
<tr><td>unicast</td><td>12</td><td>ipv6-address</td><td>false</td></tr>
<tr><td>status-code</td><td>13</td><td>record</td><td>false</td></tr>
<tr><td>rapid-commit</td><td>14</td><td>empty</td><td>false</td></tr>
<tr><td>user-class</td><td>15</td><td>binary</td><td>false</td></tr>
<tr><td>vendor-class</td><td>16</td><td>record</td><td>false</td></tr>
<tr><td>vendor-opts</td><td>17</td><td>uint32</td><td>false</td></tr>
<tr><td>interface-id</td><td>18</td><td>binary</td><td>false</td></tr>
<tr><td>reconf-msg</td><td>19</td><td>uint8</td><td>false</td></tr>
<tr><td>reconf-accept</td><td>20</td><td>empty</td><td>false</td></tr> -->
<tr><td>sip-server-dns</td><td>21</td><td>fqdn</td><td>true</td></tr>
<tr><td>sip-server-addr</td><td>22</td><td>ipv6-address</td><td>true</td></tr>
<tr><td>dns-servers</td><td>23</td><td>ipv6-address</td><td>true</td></tr>
<tr><td>domain-search</td><td>24</td><td>fqdn</td><td>true</td></tr>
<!-- <tr><td>ia-pd</td><td>25</td><td>record</td><td>false</td></tr> -->
<!-- <tr><td>iaprefix</td><td>26</td><td>record</td><td>false</td></tr> -->
<tr><td>nis-servers</td><td>27</td><td>ipv6-address</td><td>true</td></tr>
<tr><td>nisp-servers</td><td>28</td><td>ipv6-address</td><td>true</td></tr>
<tr><td>nis-domain-name</td><td>29</td><td>fqdn</td><td>true</td></tr>
<tr><td>nisp-domain-name</td><td>30</td><td>fqdn</td><td>true</td></tr>
<tr><td>sntp-servers</td><td>31</td><td>ipv6-address</td><td>true</td></tr>
<tr><td>information-refresh-time</td><td>32</td><td>uint32</td><td>false</td></tr>
<tr><td>bcmcs-server-dns</td><td>33</td><td>fqdn</td><td>true</td></tr>
<tr><td>bcmcs-server-addr</td><td>34</td><td>ipv6-address</td><td>true</td></tr>
<tr><td>geoconf-civic</td><td>36</td><td>record</td><td>false</td></tr>
<tr><td>remote-id</td><td>37</td><td>record</td><td>false</td></tr>
<tr><td>subscriber-id</td><td>38</td><td>binary</td><td>false</td></tr>
<tr><td>client-fqdn</td><td>39</td><td>record</td><td>false</td></tr>
<tr><td>pana-agent</td><td>40</td><td>ipv6-address</td><td>true</td></tr>
<tr><td>new-posix-timezone</td><td>41</td><td>string</td><td>false</td></tr>
<tr><td>new-tzdb-timezone</td><td>42</td><td>string</td><td>false</td></tr>
<tr><td>ero</td><td>43</td><td>uint16</td><td>true</td></tr>
<tr><td>lq-query</td><td>44</td><td>record</td><td>false</td></tr>
<tr><td>client-data</td><td>45</td><td>empty</td><td>false</td></tr>
<tr><td>clt-time</td><td>46</td><td>uint32</td><td>false</td></tr>
<tr><td>lq-relay-data</td><td>47</td><td>record</td><td>false</td></tr>
<tr><td>lq-client-link</td><td>48</td><td>ipv6-address</td><td>true</td></tr>
        </tbody>
      </table>
    </para>
    </section>

    <section id="dhcp6-custom-options">
      <title>Custom DHCPv6 options</title>
      <para>It is also possible to define options other than the standard ones.
      Assume that we want to define a new DHCPv6 option called "foo" which will have
      code 100 and will convey a single unsigned 32 bit integer value. We can define
      such an option by using the following commands:
      <screen>
&gt; <userinput>config add Dhcp6/option-def</userinput>
&gt; <userinput>config set Dhcp6/option-def[0]/name "foo"</userinput>
&gt; <userinput>config set Dhcp6/option-def[0]/code 100</userinput>
&gt; <userinput>config set Dhcp6/option-def[0]/type "uint32"</userinput>
&gt; <userinput>config set Dhcp6/option-def[0]/array false</userinput>
&gt; <userinput>config set Dhcp6/option-def[0]/record-types ""</userinput>
&gt; <userinput>config set Dhcp6/option-def[0]/space "dhcp6"</userinput>
&gt; <userinput>config set Dhcp6/option-def[0]/encapsulate ""</userinput>
&gt; <userinput>config commit</userinput></screen>
      The "false" value of the "array" parameter determines that the option
      does NOT comprise an array of "uint32" values but rather a single value.
      Two other parameters have been left blank: "record-types" and "encapsulate".
      The former specifies the comma separated list of option data fields if the
      option comprises a record of data fields. The "record-fields" value should
      be non-empty if the "type" is set to "record". Otherwise it must be left
      blank. The latter parameter specifies the name of the option space being
      encapsulated by the particular option. If the particular option does not
      encapsulate any option space it should be left blank.
      Note that the above set of comments define the format of the new option and do not
      set its values.
      </para>
      <para>Once the new option format is defined, its value is set
      in the same way as for a standard option. For example the following
      commands set a global value that applies to all subnets.
        <screen>
&gt; <userinput>config add Dhcp6/option-data</userinput>
&gt; <userinput>config set Dhcp6/option-data[0]/name "foo"</userinput>
&gt; <userinput>config set Dhcp6/option-data[0]/code 100</userinput>
&gt; <userinput>config set Dhcp6/option-data[0]/space "dhcp6"</userinput>
&gt; <userinput>config set Dhcp6/option-data[0]/csv-format true</userinput>
&gt; <userinput>config set Dhcp6/option-data[0]/data "12345"</userinput>
&gt; <userinput>config commit</userinput></screen>
      </para>

      <para>New options can take more complex forms than simple use of
      primitives (uint8, string, ipv6-address etc): it is possible to
      define an option comprising a number of existing primitives.
      </para>
      <para>
      Assume we
      want to define a new option that will consist of an IPv6
      address, followed by unsigned 16 bit integer, followed by a text
      string. Such an option could be defined in the following way:
<screen>
&gt; <userinput>config add Dhcp6/option-def</userinput>
&gt; <userinput>config set Dhcp6/option-def[0]/name "bar"</userinput>
&gt; <userinput>config set Dhcp6/option-def[0]/code 101</userinput>
&gt; <userinput>config set Dhcp6/option-def[0]/space "dhcp6"</userinput>
&gt; <userinput>config set Dhcp6/option-def[0]/type "record"</userinput>
&gt; <userinput>config set Dhcp6/option-def[0]/array false</userinput>
&gt; <userinput>config set Dhcp6/option-def[0]/record-types "ipv6-address, uint16, string"</userinput>
&gt; <userinput>config set Dhcp6/option-def[0]/encapsulate ""</userinput>
</screen>
      The "type" is set to "record" to indicate that the option contains
      multiple values of different types.  These types are given as a comma-separated
      list in the "record-types" field and should be those listed in <xref linkend="dhcp-types"/>.
      </para>
      <para>
      The values of the option are set as follows:
<screen>
&gt; <userinput>config add Dhcp6/option-data</userinput>
&gt; <userinput>config set Dhcp6/option-data[0]/name "bar"</userinput>
&gt; <userinput>config set Dhcp6/option-data[0]/space "dhcp6"</userinput>
&gt; <userinput>config set Dhcp6/option-data[0]/code 101</userinput>
&gt; <userinput>config set Dhcp6/option-data[0]/csv-format true</userinput>
&gt; <userinput>config set Dhcp6/option-data[0]/data "2001:db8:1::10, 123, Hello World"</userinput>
&gt; <userinput>config commit</userinput></screen>
      </para>
      "csv-format" is set "true" to indicate that the "data" field comprises a command-separated
      list of values.  The values in the "data" must correspond to the types set in
      the "record-types" field of the option definition.
    </section>

    <section id="dhcp6-vendor-opts">
      <title>DHCPv6 vendor specific options</title>
      <para>
      Currently there are three option spaces defined: dhcp4 (to be used
      in DHCPv4 daemon) and dhcp6 (for the DHCPv6 daemon); there is also
      vendor-opts-space, which is empty by default, but options can be
      defined in it. Those options are called vendor-specific information
      options. The following examples show how to define an option "foo"
      with code 1 that consists of an IPv6 address, an unsigned 16 bit integer
      and a string. The "foo" option is conveyed in a vendor specific
      information option. This option comprises a single uint32 value
      that is set to "12345". The sub-option "foo" follows the data
      field holding this value.
      <screen>
&gt; <userinput>config add Dhcp6/option-def</userinput>
&gt; <userinput>config set Dhcp6/option-def[0]/name "foo"</userinput>
&gt; <userinput>config set Dhcp6/option-def[0]/code 1</userinput>
&gt; <userinput>config set Dhcp6/option-def[0]/space "vendor-opts-space"</userinput>
&gt; <userinput>config set Dhcp6/option-def[0]/type "record"</userinput>
&gt; <userinput>config set Dhcp6/option-def[0]/array false</userinput>
&gt; <userinput>config set Dhcp6/option-def[0]/record-types "ipv6-address, uint16, string"</userinput>
&gt; <userinput>config set Dhcp6/option-def[0]/encapsulates ""</userinput>
&gt; <userinput>config commit</userinput>
</screen>
     (Note that the option space is set to "vendor-opts-space".)
     Once the option format is defined, the next step is to define actual values
     for that option:
     <screen>
&gt; <userinput>config add Dhcp6/option-data</userinput>
&gt; <userinput>config set Dhcp6/option-data[0]/name "foo"</userinput>
&gt; <userinput>config set Dhcp6/option-data[0]/space "vendor-opts-space"</userinput>
&gt; <userinput>config set Dhcp6/option-data[0]/code 1</userinput>
&gt; <userinput>config set Dhcp6/option-data[0]/csv-format true</userinput>
&gt; <userinput>config set Dhcp6/option-data[0]/data "2001:db8:1::10, 123, Hello World"</userinput>
&gt; <userinput>config commit</userinput></screen>
    We should also define values for the vendor-opts, that will convey our option foo.
     <screen>
&gt; <userinput>config add Dhcp6/option-data</userinput>
&gt; <userinput>config set Dhcp6/option-data[1]/name "vendor-opts"</userinput>
&gt; <userinput>config set Dhcp6/option-data[1]/space "dhcp6"</userinput>
&gt; <userinput>config set Dhcp6/option-data[1]/code 17</userinput>
&gt; <userinput>config set Dhcp6/option-data[1]/csv-format true</userinput>
&gt; <userinput>config set Dhcp6/option-data[1]/data "12345"</userinput>
&gt; <userinput>config commit</userinput></screen>
      </para>
    </section>

    <section id="dhcp6-option-spaces">
      <title>Nested DHCPv6 options (custom option spaces)</title>
      <para>It is sometimes useful to define completely new option
      spaces.  This is useful if the user wants his new option to
      convey sub-options that use separate numbering scheme, for
      example sub-options with codes 1 and 2. Those option codes
      conflict with standard DHCPv6 options, so a separate option
      space must be defined.
      </para>
      <para>Note that it is not required to create new option space when
      defining sub-options for a standard option because it is by
      default created if the standard option is meant to convey
      any sub-options (see <xref linkend="dhcp6-vendor-opts"/>).
      </para>
      <para>
      Assume that we want to have a DHCPv6 option called "container"
      with code 102 that conveys two sub-options with codes 1 and 2.
      First we need to define the new sub-options:
<screen>
&gt; <userinput>config add Dhcp6/option-def</userinput>
&gt; <userinput>config set Dhcp6/option-def[0]/name "subopt1"</userinput>
&gt; <userinput>config set Dhcp6/option-def[0]/code 1</userinput>
&gt; <userinput>config set Dhcp6/option-def[0]/space "isc"</userinput>
&gt; <userinput>config set Dhcp6/option-def[0]/type "ipv6-address"</userinput>
&gt; <userinput>config set Dhcp6/option-def[0]/record-types ""</userinput>
&gt; <userinput>config set Dhcp6/option-def[0]/array false</userinput>
&gt; <userinput>config set Dhcp6/option-def[0]/encapsulate ""</userinput>
&gt; <userinput>config commit</userinput>
&gt; <userinput></userinput>
&gt; <userinput>config add Dhcp6/option-def</userinput>
&gt; <userinput>config set Dhcp6/option-def[1]/name "subopt2"</userinput>
&gt; <userinput>config set Dhcp6/option-def[1]/code 2</userinput>
&gt; <userinput>config set Dhcp6/option-def[1]/space "isc"</userinput>
&gt; <userinput>config set Dhcp6/option-def[1]/type "string"</userinput>
&gt; <userinput>config set Dhcp6/option-def[1]/record-types ""</userinput>
&gt; <userinput>config set Dhcp6/option-def[1]/array false</userinput>
&gt; <userinput>config set Dhcp6/option-def[1]/encapsulate ""</userinput>
&gt; <userinput>config commit</userinput>
</screen>
    Note that we have defined the options to belong to a new option space
    (in this case, "isc").
    </para>
    <para>
The next step is to define a regular DHCPv6 option and specify that it
should include options from the isc option space:
<screen>
&gt; <userinput>config add Dhcp6/option-def</userinput>
&gt; <userinput>config set Dhcp6/option-def[2]/name "container"</userinput>
&gt; <userinput>config set Dhcp6/option-def[2]/code 102</userinput>
&gt; <userinput>config set Dhcp6/option-def[2]/space "dhcp6"</userinput>
&gt; <userinput>config set Dhcp6/option-def[2]/type "empty"</userinput>
&gt; <userinput>config set Dhcp6/option-def[2]/array false</userinput>
&gt; <userinput>config set Dhcp6/option-def[2]/record-types ""</userinput>
&gt; <userinput>config set Dhcp6/option-def[2]/encapsulate "isc"</userinput>
&gt; <userinput>config commit</userinput>
</screen>
    The name of the option space in which the sub-options are defined
    is set in the "encapsulate" field. The "type" field is set to "empty"
    which imposes that this option does not carry any data other than
    sub-options.
    </para>
    <para>
    Finally, we can set values for the new options:
<screen>
&gt; <userinput>config add Dhcp6/option-data</userinput>
&gt; <userinput>config set Dhcp6/option-data[0]/name "subopt1"</userinput>
&gt; <userinput>config set Dhcp6/option-data[0]/space "isc"</userinput>
&gt; <userinput>config set Dhcp6/option-data[0]/code 1</userinput>
&gt; <userinput>config set Dhcp6/option-data[0]/csv-format true</userinput>
&gt; <userinput>config set Dhcp6/option-data[0]/data "2001:db8::abcd"</userinput>
&gt; <userinput>config commit</userinput>
&gt; <userinput></userinput>
&gt; <userinput>config add Dhcp6/option-data</userinput>
&gt; <userinput>config set Dhcp6/option-data[1]/name "subopt2"</userinput>
&gt; <userinput>config set Dhcp6/option-data[1]/space "isc"</userinput>
&gt; <userinput>config set Dhcp6/option-data[1]/code 2</userinput>
&gt; <userinput>config set Dhcp6/option-data[1]/csv-format true</userinput>
&gt; <userinput>config set Dhcp6/option-data[1]/data "Hello world"</userinput>
&gt; <userinput>config commit</userinput>
&gt; <userinput></userinput>
&gt; <userinput>config add Dhcp6/option-data</userinput>
&gt; <userinput>config set Dhcp6/option-data[2]/name "container"</userinput>
&gt; <userinput>config set Dhcp6/option-data[2]/space "dhcp6"</userinput>
&gt; <userinput>config set Dhcp6/option-data[2]/code 102</userinput>
&gt; <userinput>config set Dhcp6/option-data[2]/csv-format true</userinput>
&gt; <userinput>config set Dhcp6/option-data[2]/data ""</userinput>
&gt; <userinput>config commit</userinput>
</screen>
    Even though the "container" option does not carry any data except
    sub-options, the "data" field must be explicitly set to an empty value.
    This is required because in the current version of BIND 10 DHCP, the
    default configuration values are not propagated to the configuration parsers:
    if the "data" is not set the parser will assume that this
    parameter is not specified and an error will be reported.
    </para>
    <para>Note that it is possible to create an option which carries some data
    in addition to the sub-options defined in the encapsulated option space.  For example,
    if the "container" option from the previous example was required to carry an uint16
    value as well as the sub-options, the "type" value would have to be set to "uint16" in
    the option definition. (Such an option would then have the following
    data structure: DHCP header, uint16 value, sub-options.) The value specified
    with the "data" parameter - which should be a valid integer enclosed in quotes,
    e.g. "123" - would then be assigned to the uint16 field in the "container" option.
    </para>
    </section>

      <section id="dhcp6-config-subnets">
        <title>Subnet Selection</title>
          <para>
          The DHCPv6 server may receive requests from local (connected to the
          same subnet as the server) and remote (connecting via relays) clients.
          As server may have many subnet configurations defined, it must select
          appropriate subnet for a given request. To do this, the server first
          checks if there is only one subnet defined and source of the packet is
          link-local. If this is the case, the server assumes that the only
          subnet defined is local and client is indeed connected to it. This
          check simplifies small deployments.
          </para>
          <para>
          If there are two or more subnets defined, the server can not assume
          which of those (if any) subnets are local. Therefore an optional
          "interface" parameter is available within a subnet definition to
          designate that a given subnet is local, i.e. reachable directly over
          specified interface. For example the server that is intended to serve
          a local subnet over eth0 may be configured as follows:
<screen>
&gt; <userinput>config add Dhcp6/subnet6</userinput>
&gt; <userinput>config set Dhcp6/subnet6[1]/subnet "2001:db8:beef::/48"</userinput>
&gt; <userinput>config set Dhcp6/subnet6[1]/pool [ "2001:db8:beef::/48" ]</userinput>
&gt; <userinput>config set Dhcp6/subnet6[1]/interface "eth0"</userinput>
&gt; <userinput>config commit</userinput>
</screen>
        </para>
      </section>

      <section id="dhcp6-relays">
        <title>DHCPv6 Relays</title>
        <para>
          A DHCPv6 server with multiple subnets defined must select the
          appropriate subnet when it receives a request from client.  For clients
          connected via relays, two mechanisms are used:
        </para>
        <para>
          The first uses the linkaddr field in the RELAY_FORW message. The name
          of this field is somewhat misleading in that it does not contain a link-layer
          address: instead, it holds an address (typically a global address) that is
          used to identify a link. The DHCPv6 server checks if the address belongs
          to a defined subnet and, if it does, that subnet is selected for the client's
          request.
        </para>
        <para>
          The second mechanism is based on interface-id options. While forwarding a client's
          message, relays may insert an interface-id option into the message that
          identifies the interface on the relay that received the message. (Some
          relays allow configuration of that parameter, but it is sometimes
          hardcoded and may range from the very simple (e.g. "vlan100") to the very cryptic:
          one example seen on real hardware was "ISAM144|299|ipv6|nt:vp:1:110"). The
          server can use this information to select the appropriate subnet.
          The information is also returned to the relay which then knows the
          interface to use to transmit the response to the client. In order for
          this to work successfully, the relay interface IDs must be unique within
          the network and the server configuration must match those values.
        </para>
        <para>
          When configuring the DHCPv6 server, it should be noted that two
          similarly-named parameters can be configured for a subnet:
          <itemizedlist>
            <listitem><simpara>
              "interface" defines which local network interface can be used
              to access a given subnet.
            </simpara></listitem>
            <listitem><simpara>
              "interface-id" specifies the content of the interface-id option
              used by relays to identify the interface on the relay to which
              the response packet is sent.
            </simpara></listitem>
          </itemizedlist>
          The two are mutually exclusive: a subnet cannot be both reachable locally
          (direct traffic) and via relays (remote traffic). Specifying both is a
          configuration error and the DHCPv6 server will refuse such a configuration.
        </para>

        <para>
          To specify interface-id with value "vlan123", the following commands can
          be used:
          <screen>
&gt; <userinput>config add Dhcp6/subnet6</userinput>
&gt; <userinput>config set Dhcp6/subnet6[0]/subnet "2001:db8:beef::/48"</userinput>
&gt; <userinput>config set Dhcp6/subnet6[0]/pool [ "2001:db8:beef::/48" ]</userinput>
&gt; <userinput>config set Dhcp6/subnet6[0]/interface-id "vland123"</userinput>
&gt; <userinput>config commit</userinput>
</screen>
        </para>
      </section>

   </section>

    <section id="dhcp6-serverid">
      <title>Server Identifier in DHCPv6</title>
      <para>The DHCPv6 protocol uses a "server identifier" (also known
      as a DUID) for clients to be able to discriminate between several
      servers present on the same link.  There are several types of
      DUIDs defined, but <ulink url="http://tools.ietf.org/html/rfc3315">RFC 3315</ulink> instructs servers to use DUID-LLT if
      possible. This format consists of a link-layer (MAC) address and a
      timestamp. When started for the first time, the DHCPv6 server will
      automatically generate such a DUID and store the chosen value to
      a file.  That file is read by the server
      and the contained value used whenever the server is subsequently started.
      </para>
      <para>
        It is unlikely that this parameter should ever need to be changed.
        However, if such a need arises, stop the server, edit the file and restart
        the server. (The file is named b10-dhcp6-serverid and by default is
        stored in the "var" subdirectory of the directory in which BIND 10 is installed.
        This can be changed when BIND 10 is built by using "--localstatedir"
        on the "configure" command line.)  The file is a text file that contains
        double digit hexadecimal values
        separated by colons. This format is similar to typical MAC address
        format. Spaces are ignored. No extra characters are allowed in this
        file.
      </para>

    </section>

    <section id="dhcp6-std">
      <title>Supported Standards</title>
      <para>The following standards and draft standards are currently
      supported:</para>
      <itemizedlist>
          <listitem>
            <simpara><ulink url="http://tools.ietf.org/html/rfc3315">RFC 3315</ulink>: Supported messages are SOLICIT,
            ADVERTISE, REQUEST, RELEASE, RENEW, and REPLY.</simpara>
          </listitem>
          <listitem>
            <simpara><ulink url="http://tools.ietf.org/html/rfc3646">RFC 3646</ulink>: Supported option is DNS_SERVERS.</simpara>
          </listitem>
      </itemizedlist>
    </section>

    <section id="dhcp6-limit">
      <title>DHCPv6 Server Limitations</title>
      <para> These are the current limitations and known problems
      with the DHCPv6 server
      software. Most of them are reflections of the early stage of
      development and should be treated as <quote>not implemented
      yet</quote>, rather than actual limitations.</para>
      <itemizedlist>

        <listitem>
          <para>
            On startup, the DHCPv6 server does not get the full configuration from
            BIND 10.  To remedy this, after starting BIND 10, modify any parameter
            and commit the changes, e.g.
            <screen>
&gt; <userinput>config show Dhcp6/renew-timer</userinput>
Dhcp6/renew-timer	1000	integer	(default)
&gt; <userinput>config set Dhcp6/renew-timer 1001</userinput>
&gt; <userinput>config commit</userinput></screen>
          </para>
        </listitem>
        <listitem>
          <simpara>Temporary addresses are not supported.</simpara>
        </listitem>
        <listitem>
          <simpara>Prefix delegation is not supported.</simpara>
        </listitem>
        <listitem>
          <simpara>Rebinding (REBIND), confirmation (CONFIRM),
          and duplication report (DECLINE) are not yet supported.</simpara>
        </listitem>
        <listitem>
          <simpara>DNS Update is not supported.</simpara>
        </listitem>
        <listitem>
          <simpara>Interface detection is currently working on Linux
          only. See <xref linkend="iface-detect"/> for details.</simpara>
        </listitem>
      </itemizedlist>
    </section>

  </chapter>

  <chapter id="libdhcp">
    <title>libdhcp++ library</title>
    <para>
      libdhcp++ is a common library written in C++ that handles
      many DHCP-related tasks, including:
      <itemizedlist>
        <listitem>
          <simpara>DHCPv4 and DHCPv6 packets parsing, manipulation and assembly</simpara>
        </listitem>
        <listitem>
          <simpara>Option parsing, manipulation and assembly</simpara>
        </listitem>
        <listitem>
          <simpara>Network interface detection</simpara>
        </listitem>
        <listitem>
          <simpara>Socket operations such as creation, data transmission and reception and socket closing.</simpara>
        </listitem>
      </itemizedlist>
    </para>

    <para>
    While this library is currently used by BIND 10 DHCP, it is designed to
    be a portable, universal library, useful for any kind of DHCP-related software.
    </para>

<!-- TODO: point to doxygen docs -->

    <section id="iface-detect">
      <title>Interface detection</title>
      <para>Both the DHCPv4 and DHCPv6 components share network
      interface detection routines. Interface detection is
      currently only supported on Linux systems.</para>

      <para>For non-Linux systems, there is currently a stub
      implementation provided. The interface manager detects loopback
      interfaces only as their name (lo or lo0) can be easily predicted.
      Please contact the BIND 10 development team if you are interested
      in running DHCP components on systems other than Linux.</para>
    </section>

<!--
    <section id="packet-handling">
      <title>DHCPv4/DHCPv6 packet handling</title>
      <para>TODO: Describe packet handling here, with pointers to wiki</para>
    </section>
-->

  </chapter>

  <chapter id="statistics">
    <title>Statistics</title>

    <para>
      The <command>b10-stats</command> process is started by
      <command>b10-init</command>.
      It periodically collects statistics data from various modules
      and aggregates it.
<!-- TODO -->
    </para>

    <para>

       This stats daemon provides commands to identify if it is
       running, show specified or all statistics data, and show specified
       or all statistics data schema.

       For example, using <command>bindctl</command>:

       <screen>
&gt; <userinput>Stats show</userinput>
{
    "Auth": {
        "opcode.iquery": 0,
        "opcode.notify": 10,
        "opcode.query": 869617,
        ...
        "queries.tcp": 1749,
        "queries.udp": 867868
    },
    "Init": {
        "boot_time": "2011-01-20T16:59:03Z"
    },
    "Stats": {
        "boot_time": "2011-01-20T16:59:05Z",
        "last_update_time": "2011-01-20T17:04:05Z",
        "lname": "4d3869d9_a@jreed.example.net",
        "report_time": "2011-01-20T17:04:06Z",
        "timestamp": 1295543046.823504
    }
}
       </screen>
    </para>

  </chapter>

  <chapter id="logging">
    <title>Logging</title>

    <section>
      <title>Logging configuration</title>

      <para>

        The logging system in BIND 10 is configured through the
        Logging module. All BIND 10 modules will look at the
        configuration in Logging to see what should be logged and
        to where.

<!-- TODO: what is context of Logging module for readers of this guide? -->

      </para>

      <section>
        <title>Loggers</title>

        <para>

          Within BIND 10, a message is logged through a component
          called a "logger". Different parts of BIND 10 log messages
          through different loggers, and each logger can be configured
          independently of one another.

        </para>

        <para>

          In the Logging module, you can specify the configuration
          for zero or more loggers; any that are not specified will
          take appropriate default values.

        </para>

        <para>

          The three most important elements of a logger configuration
          are the <option>name</option> (the component that is
          generating the messages), the <option>severity</option>
          (what to log), and the <option>output_options</option>
          (where to log).

        </para>

        <section>
          <title>name (string)</title>

          <para>
          Each logger in the system has a name, the name being that
          of the component using it to log messages. For instance,
          if you want to configure logging for the resolver module,
          you add an entry for a logger named <quote>Resolver</quote>. This
          configuration will then be used by the loggers in the
          Resolver module, and all the libraries used by it.
              </para>

<!-- TODO: later we will have a way to know names of all modules

Right now you can only see what their names are if they are running
(a simple 'help' without anything else in bindctl for instance).

 -->

        <para>

          If you want to specify logging for one specific library
          within the module, you set the name to
          <replaceable>module.library</replaceable>.  For example, the
          logger used by the nameserver address store component
          has the full name of <quote>Resolver.nsas</quote>. If
          there is no entry in Logging for a particular library,
          it will use the configuration given for the module.

<!-- TODO: how to know these specific names?

We will either have to document them or tell the administrator to
specify module-wide logging and see what appears...

-->

        </para>

        <para>

<!-- TODO: severity has not been covered yet -->

          To illustrate this, suppose you want the cache library
          to log messages of severity DEBUG, and the rest of the
          resolver code to log messages of severity INFO. To achieve
          this you specify two loggers, one with the name
          <quote>Resolver</quote> and severity INFO, and one with
          the name <quote>Resolver.cache</quote> with severity
          DEBUG. As there are no entries for other libraries (e.g.
          the nsas), they will use the configuration for the module
          (<quote>Resolver</quote>), so giving the desired behavior.

        </para>

        <para>

          One special case is that of a module name of <quote>*</quote>
          (asterisks), which is interpreted as <emphasis>any</emphasis>
          module. You can set global logging options by using this,
          including setting the logging configuration for a library
          that is used by multiple modules (e.g. <quote>*.config</quote>
          specifies the configuration library code in whatever
          module is using it).

        </para>

        <para>

          If there are multiple logger specifications in the
          configuration that might match a particular logger, the
          specification with the more specific logger name takes
          precedence. For example, if there are entries for
          both <quote>*</quote> and <quote>Resolver</quote>, the
          resolver module &mdash; and all libraries it uses &mdash;
          will log messages according to the configuration in the
          second entry (<quote>Resolver</quote>). All other modules
          will use the configuration of the first entry
          (<quote>*</quote>). If there was also a configuration
          entry for <quote>Resolver.cache</quote>, the cache library
          within the resolver would use that in preference to the
          entry for <quote>Resolver</quote>.

        </para>

        <para>

          One final note about the naming. When specifying the
          module name within a logger, use the name of the module
          as specified in <command>bindctl</command>, e.g.
          <quote>Resolver</quote> for the resolver module,
          <quote>Xfrout</quote> for the xfrout module, etc. When
          the message is logged, the message will include the name
          of the logger generating the message, but with the module
          name replaced by the name of the process implementing
          the module (so for example, a message generated by the
          <quote>Auth.cache</quote> logger will appear in the output
          with a logger name of <quote>b10-auth.cache</quote>).

        </para>

        </section>

        <section>
          <title>severity (string)</title>

        <para>

          This specifies the category of messages logged.
          Each message is logged with an associated severity which
          may be one of the following (in descending order of
          severity):
        </para>

        <itemizedlist>
          <listitem>
            <simpara> FATAL </simpara>
          </listitem>

          <listitem>
            <simpara> ERROR </simpara>
          </listitem>

          <listitem>
            <simpara> WARN </simpara>
          </listitem>

          <listitem>
            <simpara> INFO </simpara>
          </listitem>

          <listitem>
            <simpara> DEBUG </simpara>
          </listitem>
        </itemizedlist>

        <para>

          When the severity of a logger is set to one of these
          values, it will only log messages of that severity, and
          the severities above it. The severity may also be set to
          NONE, in which case all messages from that logger are
          inhibited.

<!-- TODO: worded wrong? If I set to INFO, why would it show DEBUG which is literally below in that list? -->

        </para>

        </section>

        <section>
          <title>output_options (list)</title>

        <para>

          Each logger can have zero or more
          <option>output_options</option>. These specify where log
          messages are sent to. These are explained in detail below.

        </para>

        <para>

          The other options for a logger are:

        </para>

        </section>

        <section>
          <title>debuglevel (integer)</title>

        <para>

          When a logger's severity is set to DEBUG, this value
          specifies what debug messages should be printed. It ranges
          from 0 (least verbose) to 99 (most verbose).
        </para>


<!-- TODO: complete this sentence:

          The general classification of debug message types is

TODO; there's a ticket to determine these levels, see #1074

 -->

        <para>

          If severity for the logger is not DEBUG, this value is ignored.

        </para>

        </section>

        <section>
          <title>additive (true or false)</title>

        <para>

          If this is true, the <option>output_options</option> from
          the parent will be used. For example, if there are two
          loggers configured; <quote>Resolver</quote> and
          <quote>Resolver.cache</quote>, and <option>additive</option>
          is true in the second, it will write the log messages
          not only to the destinations specified for
          <quote>Resolver.cache</quote>, but also to the destinations
          as specified in the <option>output_options</option> in
          the logger named <quote>Resolver</quote>.

<!-- TODO: check this -->

      </para>

      </section>

      </section>

      <section>
        <title>Output Options</title>

        <para>

          The main settings for an output option are the
          <option>destination</option> and a value called
          <option>output</option>, the meaning of which depends on
          the destination that is set.

        </para>

        <section>
          <title>destination (string)</title>

          <para>

            The destination is the type of output. It can be one of:

          </para>

          <itemizedlist>

            <listitem>
              <simpara> console </simpara>
          </listitem>

            <listitem>
              <simpara> file </simpara>
          </listitem>

            <listitem>
              <simpara> syslog </simpara>
            </listitem>

          </itemizedlist>

        </section>

        <section>
          <title>output (string)</title>

        <para>

          Depending on what is set as the output destination, this
          value is interpreted as follows:

        </para>

        <variablelist>

          <varlistentry>
            <term><option>destination</option> is <quote>console</quote></term>
            <listitem>
              <para>
                 The value of output must be one of <quote>stdout</quote>
                 (messages printed to standard output) or
                 <quote>stderr</quote> (messages printed to standard
                 error).
              </para>
              <para>
                Note: if output is set to <quote>stderr</quote> and a lot of
                messages are produced in a short time (e.g. if the logging
                level is set to DEBUG), you may occasionally see some messages
                jumbled up together.  This is due to a combination of the way
                that messages are written to the screen and the unbuffered
                nature of the standard error stream.  If this occurs, it is
                recommended that output be set to <quote>stdout</quote>.
              </para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><option>destination</option> is <quote>file</quote></term>
            <listitem>
              <para>
                The value of output is interpreted as a file name;
                log messages will be appended to this file.
              </para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><option>destination</option> is <quote>syslog</quote></term>
            <listitem>
              <para>
                The value of output is interpreted as the
                <command>syslog</command> facility (e.g.
                <emphasis>local0</emphasis>) that should be used
                for log messages.
              </para>
            </listitem>
          </varlistentry>

        </variablelist>

        <para>

          The other options for <option>output_options</option> are:

        </para>

        <section>
          <title>flush (true of false)</title>

          <para>
            Flush buffers after each log message. Doing this will
            reduce performance but will ensure that if the program
            terminates abnormally, all messages up to the point of
            termination are output.
          </para>

        </section>

        <section>
          <title>maxsize (integer)</title>

          <para>
            Only relevant when destination is file, this is maximum
            file size of output files in bytes. When the maximum
            size is reached, the file is renamed and a new file opened.
            (For example, a ".1" is appended to the name &mdash;
            if a ".1" file exists, it is renamed ".2",
            etc.)
          </para>

          <para>
            If this is 0, no maximum file size is used.
          </para>

          <note>
            <simpara>
	      Due to a limitation of the underlying logging library
	      (log4cplus), rolling over the log files (from ".1" to
	      ".2", etc) may show odd results: There can be
	      multiple small files at the timing of roll over.  This
	      can happen when multiple BIND 10 processes try to roll
	      over the files simultaneously.
	      Version 1.1.0 of log4cplus solved this problem, so if
	      this or higher version of log4cplus is used to build
	      BIND 10, it shouldn't happen.  Even for older versions
	      it is normally expected to happen rarely unless the log
	      messages are produced very frequently by multiple
	      different processes.
	    </simpara>
	  </note>

        </section>

        <section>
          <title>maxver (integer)</title>

          <para>
            Maximum number of old log files to keep around when
            rolling the output file. Only relevant when
            <option>destination</option> is <quote>file</quote>.
          </para>

        </section>

      </section>

      </section>

      <section>
        <title>Example session</title>

        <para>

          In this example we want to set the global logging to
          write to the file <filename>/var/log/my_bind10.log</filename>,
          at severity WARN. We want the authoritative server to
          log at DEBUG with debuglevel 40, to a different file
          (<filename>/tmp/debug_messages</filename>).

        </para>

        <para>

          Start <command>bindctl</command>.

        </para>

        <para>

           <screen>["login success "]
&gt; <userinput>config show Logging</userinput>
Logging/loggers	[]	list
</screen>

        </para>

        <para>

          By default, no specific loggers are configured, in which
          case the severity defaults to INFO and the output is
          written to stderr.

        </para>

        <para>

          Let's first add a default logger:

        </para>

<!-- TODO: adding the empty loggers makes no sense -->
        <para>

          <screen>&gt; <userinput>config add Logging/loggers</userinput>
&gt; <userinput>config show Logging</userinput>
Logging/loggers/	list	(modified)
</screen>

        </para>

        <para>

          The loggers value line changed to indicate that it is no
          longer an empty list:

        </para>

        <para>

          <screen>&gt; <userinput>config show Logging/loggers</userinput>
Logging/loggers[0]/name	""	string	(default)
Logging/loggers[0]/severity	"INFO"	string	(default)
Logging/loggers[0]/debuglevel	0	integer	(default)
Logging/loggers[0]/additive	false	boolean	(default)
Logging/loggers[0]/output_options	[]	list	(default)
</screen>

        </para>

        <para>

          The name is mandatory, so we must set it. We will also
          change the severity as well. Let's start with the global
          logger.

        </para>

        <para>

          <screen>&gt; <userinput>config set Logging/loggers[0]/name *</userinput>
&gt; <userinput>config set Logging/loggers[0]/severity WARN</userinput>
&gt; <userinput>config show Logging/loggers</userinput>
Logging/loggers[0]/name	"*"	string	(modified)
Logging/loggers[0]/severity	"WARN"	string	(modified)
Logging/loggers[0]/debuglevel	0	integer	(default)
Logging/loggers[0]/additive	false	boolean	(default)
Logging/loggers[0]/output_options	[]	list	(default)
</screen>

        </para>

        <para>

          Of course, we need to specify where we want the log
          messages to go, so we add an entry for an output option.

        </para>

        <para>

          <screen>&gt; <userinput> config add Logging/loggers[0]/output_options</userinput>
&gt; <userinput> config show Logging/loggers[0]/output_options</userinput>
Logging/loggers[0]/output_options[0]/destination	"console"	string	(default)
Logging/loggers[0]/output_options[0]/output	"stdout"	string	(default)
Logging/loggers[0]/output_options[0]/flush	false	boolean	(default)
Logging/loggers[0]/output_options[0]/maxsize	0	integer	(default)
Logging/loggers[0]/output_options[0]/maxver	0	integer	(default)
</screen>


        </para>

        <para>

          These aren't the values we are looking for.

        </para>

        <para>

          <screen>&gt; <userinput> config set Logging/loggers[0]/output_options[0]/destination file</userinput>
&gt; <userinput> config set Logging/loggers[0]/output_options[0]/output /var/log/bind10.log</userinput>
&gt; <userinput> config set Logging/loggers[0]/output_options[0]/maxsize 204800</userinput>
&gt; <userinput> config set Logging/loggers[0]/output_options[0]/maxver 8</userinput>
</screen>

        </para>

        <para>

          Which would make the entire configuration for this logger
          look like:

        </para>

        <para>

          <screen>&gt; <userinput> config show all Logging/loggers</userinput>
Logging/loggers[0]/name	"*"	string	(modified)
Logging/loggers[0]/severity	"WARN"	string	(modified)
Logging/loggers[0]/debuglevel	0	integer	(default)
Logging/loggers[0]/additive	false	boolean	(default)
Logging/loggers[0]/output_options[0]/destination	"file"	string	(modified)
Logging/loggers[0]/output_options[0]/output	"/var/log/bind10.log"	string	(modified)
Logging/loggers[0]/output_options[0]/flush	false	boolean	(default)
Logging/loggers[0]/output_options[0]/maxsize	204800	integer	(modified)
Logging/loggers[0]/output_options[0]/maxver	8	integer	(modified)
</screen>

        </para>

        <para>

          That looks OK, so let's commit it before we add the
          configuration for the authoritative server's logger.

        </para>

        <para>

          <screen>&gt; <userinput> config commit</userinput></screen>

        </para>

        <para>

          Now that we have set it, and checked each value along
          the way, adding a second entry is quite similar.

        </para>

        <para>

          <screen>&gt; <userinput> config add Logging/loggers</userinput>
&gt; <userinput> config set Logging/loggers[1]/name Auth</userinput>
&gt; <userinput> config set Logging/loggers[1]/severity DEBUG</userinput>
&gt; <userinput> config set Logging/loggers[1]/debuglevel 40</userinput>
&gt; <userinput> config add Logging/loggers[1]/output_options</userinput>
&gt; <userinput> config set Logging/loggers[1]/output_options[0]/destination file</userinput>
&gt; <userinput> config set Logging/loggers[1]/output_options[0]/output /tmp/auth_debug.log</userinput>
&gt; <userinput> config commit</userinput>
</screen>

        </para>

        <para>

          And that's it. Once we have found whatever it was we
          needed the debug messages for, we can simply remove the
          second logger to let the authoritative server use the
          same settings as the rest.

        </para>

        <para>

          <screen>&gt; <userinput> config remove Logging/loggers[1]</userinput>
&gt; <userinput> config commit</userinput>
</screen>

        </para>

        <para>

          And every module will now be using the values from the
          logger named <quote>*</quote>.

        </para>

      </section>

    </section>

    <section>
      <title>Logging Message Format</title>

      <para>
          Each message written by BIND 10 to the configured logging
          destinations comprises a number of components that identify
          the origin of the message and, if the message indicates
          a problem, information about the problem that may be
          useful in fixing it.
      </para>

      <para>
          Consider the message below logged to a file:
          <screen>2011-06-15 13:48:22.034 ERROR [b10-resolver.asiolink]
    ASIODNS_OPENSOCK error 111 opening TCP socket to 127.0.0.1(53)</screen>
      </para>

      <para>
        Note: the layout of messages written to the system logging
        file (syslog) may be slightly different.  This message has
        been split across two lines here for display reasons; in the
        logging file, it will appear on one line.)
      </para>

      <para>
        The log message comprises a number of components:

          <variablelist>
          <varlistentry>
          <term>2011-06-15 13:48:22.034</term>
<!-- TODO: timestamp repeated even if using syslog? -->
          <listitem><para>
              The date and time at which the message was generated.
          </para></listitem>
          </varlistentry>

          <varlistentry>
          <term>ERROR</term>
          <listitem><para>
              The severity of the message.
          </para></listitem>
          </varlistentry>

          <varlistentry>
          <term>[b10-resolver.asiolink]</term>
          <listitem><para>
            The source of the message.  This comprises two components:
            the BIND 10 process generating the message (in this
            case, <command>b10-resolver</command>) and the module
            within the program from which the message originated
            (which in the example is the asynchronous I/O link
            module, asiolink).
          </para></listitem>
          </varlistentry>

          <varlistentry>
          <term>ASIODNS_OPENSOCK</term>
          <listitem><para>
            The message identification.  Every message in BIND 10
            has a unique identification, which can be used as an
            index into the <ulink
            url="bind10-messages.html"><citetitle>BIND 10 Messages
            Manual</citetitle></ulink> (<ulink
            url="http://bind10.isc.org/docs/bind10-messages.html"
            />) from which more information can be obtained.
          </para></listitem>
          </varlistentry>

          <varlistentry>
          <term>error 111 opening TCP socket to 127.0.0.1(53)</term>
          <listitem><para>
              A brief description of the cause of the problem.
              Within this text, information relating to the condition
              that caused the message to be logged will be included.
              In this example, error number 111 (an operating
              system-specific error number) was encountered when
              trying to open a TCP connection to port 53 on the
              local system (address 127.0.0.1).  The next step
              would be to find out the reason for the failure by
              consulting your system's documentation to identify
              what error number 111 means.
          </para></listitem>
          </varlistentry>
          </variablelist>
      </para>

    </section>

  </chapter>

<!-- TODO: Add bibliography section (mostly RFCs, probably) -->


<!-- TODO: how to help: run unit tests, join lists, review trac tickets -->

  <!-- <index>    <title>Index</title> </index> -->

</book>

<!--

TODO:

Overview

Getting BIND 10 Installed
  Basics
  Dependencies
  Optional
  Advanced

How Does Everything Work Together?

Need Help?

-->