query, ipquery, mkhash, mkdb, mkhosts, cs, csquery, dns, dnsquery, dnsdebug, dnsgetip, inform – network database

ndb/query [ –acim ] [ –f dbfile ] [ –x netmtpt ] attr value [ rattr ]...
ndb/ipquery attr value rattr...
ndb/mkhash file attr
[ domain [ dbfile ] ]
ndb/cs [ –46n ] [ –f dbfile ] [ –x netmtpt ]
ndb/csquery [ –s ] [ /net/cs [ addr... ] ]
ndb/dns [ –FnrLR ] [ –a maxage ] [ –c cert.pem ] [ –f dbfile ] [ –N target ] [ –x netmtpt ] [ –s [ addrs... ] ]
ndb/dnsquery [ –x ] [ /net/dns ]
ndb/dnsdebug [ –crdx ] [ –f dbfile ] [ [ @server ] domain–name [ type ] ]
ndb/dnsgetip [ –ax ] domain–name
ndb/inform [ –x netmtpt ]

The network database holds administrative information used by network programs such as dhcpd(8), ipconfig(8), con(1), etc.

Ndb/query searches the network database for an attribute of type attr and value value. If a single rattr is specified, only the value of the first matching pair with attribute rattr is printed. Under –m, the values of all pairs with a rattr attribute within the first matching entry are printed. Under –a and with a single rattr, all values of pairs with a rattr attribute within all entries are printed. If none or more than one rattr where specified, all entries matched by the search are printed in ndb(6) format. When the –i flag is present, the type attribute attr and its value are relating to systems with ip= tuples, and the search will return rattr attributes inherited from their corresponding ipnet= entries. (see the ndbipinfo and csipinfo functions in ndb(2)). The –i flag requires at least one rattr and each rattr prefixed with a @ is resolved to an IP address. When –c flag is specified, instead of opening the network database files directly, the connection server mounted on netmtpt is consulted. The netmtpt can be changed using the –x option (default /net). Without the –c flag, the network database is searched directly by opening dbfile (/lib/ndb/local by default).

Ndb/ipquery uses ndbipinfo (see ndb(2)) to search for the values of the attributes rattr corresponding to the systems with entries of attribute type attr and value value.

Ndb/inform sends an RFC2136 DNS inform packet to a nameserver to associate the host's IP address with its DNS name. This is required if the domain's nameserver is a Microsoft Windows Active Directory controller. The host's domain name will be sent to the AD controller unless a tuple of the form inform=xxx is found in the host's ndb entry.

Database maintenance
Ndb/mkhash creates a hash file for all entries with attribute attr in database file file. The hash files are used by ndb/query and by the ndb library routines.

Ndb/mkdb is used in concert with awk(1) scripts to convert uucp systems files and IP host files into database files. It is very specific to the situation at Murray Hill.

When the database files change underfoot, ndb/cs and ndb/dns track them properly. Nonetheless, to keep the database searches efficient it is necessary to run ndb/mkhash whenever the files are modified. It may be profitable to control this by a frequent cron(8) job.

Ndb/mkhosts generates a BSD style hosts, hosts.txt, and hosts.equiv files from an ndb data base file specified on the command line (default /lib/ndb/local). For local reasons the files are called hosts.1127, astro.txt, and hosts.equiv.

Connection service
Ndb/cs is a server used by dial(2) to translate network names. It is started at boot time. It finds out what networks are configured by looking for /net/*/clone when it starts. It can also be told about networks by writing to /net/cs a message of the form:
add net1 net2 ...

Ndb/cs also sets the system name in /dev/sysname if it can figure it out. The options are:
4   Only look up IPv4 addresses (A records) when consulting DNS. The default is to also look up v6 addresses (AAAA records). Writing ipv4 to /net/cs will toggle IP v4 look–ups.
6   Only look up IPv6 addresses in DNS. Writing ipv6 to /net/cs toggles v6 lookups.
f   supplies the name of the data base file to use, default /lib/ndb/local.
n   causes cs to do nothing but set the system name.
x   specifies the mount point of the network.

Ndb/csquery queries ndb/cs to see how it resolves addresses. Ndb/csquery prompts for addresses and prints what ndb/cs returns. Server defaults to /net/cs. If any addrs are specified, ndb/csquery prints their translations and immediately exits. The exit status will be nil only if all addresses were successfully translated. The –s flag sets exit status without printing any results.

Domain name service
Ndb/dns serves ndb/cs and remote systems by translating Internet domain names. Ndb/dns is started at boot time. By default dns serves only requests written to /net/dns. Programs must seek to offset 0 before reading or writing /net/dns or /net/cs. The options are:
a   sets the maximum time in seconds that an unreferenced domain name will remain cached. The default is one hour (3600).
f   supplies the name of the data base file to use, default /lib/ndb/local.
n   whenever a DNS zone that we serve changes, send UDP NOTIFY messages to any dns slaves for that zone (see the dnsslave attribute below).
N   sets the goal for the number of domain names cached to target rather than the default of 8,000.
r   act as a resolver only: send `recursive' queries, asking the other servers to complete lookups. If present, /env/DNSSERVER or /env/DOTSERVER must be a space–separated list of such DNS (or DoT) servers' IP addresses, otherwise optional ndb(6) dns attributes name DNS servers to forward queries to. Note
that when DOTSERVER is specified, DNSSERVER are ignored.
R   ignore the `recursive' bit on all incoming requests. Do not complete lookups on behalf of remote systems.
L   ignore the `recursive' bit on incoming requests from non–local IP addresses. IP addresses are local when they are contained within the network prefix of an interface. This allows running as a authoritative server while also serving recursive queries for systems on local networks.
s   also answer domain requests sent to IP addrs on UDP/TCP port 53. If no IP addrs are given, listen on any interface on network mount point netmtpt.
c   When a certificate cert.pem is specified, also listen on TCP port 853 and handle DNS requests over TLS. Clients wanting to connect to this service must add the certificate or public key thumbprint into /sys/lib/tls/dns.
x   specifies the mount point of the network.

When the –r option is specified, the servers used come from the dns attribute in the database. For example, to specify a set of dns servers that will resolve requests for systems on the network mh–net:
ipnet=mh–net ip= ipmask=
dom=ns1.cs.bell– ip=
dom=ns2.cs.bell– ip=

The server for a domain is indicated by a database entry containing both a dom and a ns attribute.

The last three lines provide a mapping for the server names to their ip addresses. This is only a hint and will be superseded from whatever is learned from servers owning the domain.

Authoritative Name Servers
You can also serve a subtree of the domain name space from the local database. You indicate subtrees that you would like to serve by adding an soa= attribute to the root entry. For example, the Bell Labs CS research domain is:
dom=cs.bell– soa=
refresh=3600 ttl=3600
mx=mail.research.bell– pref=20
mx=plan9.bell– pref=10

Here, the mb entry is the mail address of the person responsible for the domain (default postmaster). The mx entries list mail exchangers for the domain name and refresh and ttl define the area refresh interval and the minimum TTL for records in this domain. The dnsslave entries specify slave DNS servers that should be notified when the domain changes. The notification also requires the –n flag.

Reverse Domains
You can also serve reverse lookups (returning the name that goes with an IP address) by adding an soa= attribute to the entry defining the root of the reverse space.

For example, to provide reverse lookup for all addresses in starting with 135.104 or fd00::, ndb must contain a record like:– soa= soa=      # special case, rfc 4193
refresh=3600 ttl=3600

Notice the form of the reverse address. For IPv4, it's the bytes of the address range you are serving reversed and expressed in decimal, and with .in– appended. For IPv6, it's the nibbles (4–bit fields) of the address range you are serving reversed and expressed in hexadecimal, and with appended. These are the standard forms for a domain name in a PTR record.

If such an soa entry exists in the database, reverse addresses will automatically be generated from any IP addresses in the database that are under this root. For example
dom=ns1.cs.bell– ip=

will automatically create both forward and reverse entries for ns1.cs.bell– Unlike other DNS servers, there's no way to generate inconsistent forward and reverse entries.

Classless reverse delegation
Following RFC 2317, it is possible to serve reverse DNS data for IPv4 subnets smaller than /24. Declare the non–/24 subnet, the reverse domain and the individual systems.

For example, this is how to serve RFC–2317 ptr records for the subnet
ipnet=our–t1 ip= ipmask=/123– soa=
refresh=3600 ttl=3600
ip= dom=router.our–

Delegating Name Service Authority
Delegation of a further subtree to another set of name servers is indicated by an soa=delegated attribute.

Nameservers within the delegated domain (as in this example) must have their IP addresses listed elsewhere in ndb files.

Wildcards, MX and CNAME records
Wild–carded domain names can also be used. For example, to specify a mail forwarder for all Bell Labs research systems:

`Cname' aliases may be established by adding a cname attribute giving the real domain name; the name attached to the dom attribute is the alias. `Cname' aliases are severely restricted; the aliases may have no other attributes than dom and are daily further restricted in their use by new RFCs.
cname=anna.cs.bell– dom=www.cs.bell–

makes www.... a synonym for the canonical name anna.....

Zone Transfers and TCP
TCP clients requesting DNS zone transfer must be listed with a dnsslave attribute for the relevant domain. A value of * means any client is accepted.

DNS Queries and Debugging
Ndb/dnsquery can be used to query ndb/dns to see how it resolves requests. Ndb/dnsquery prompts for commands of the form
[ ! ] domain–name request–type

where request–type can be ip, ipv6, mx, ns, cname, ptr.... In the case of the inverse query type, ptr, dnsquery will reverse the ip address and tack on the .in– if necessary. If the command starts with an exclamation mark ! then the response is returned in ndb(6) format. The –x option switches ndb/dnsquery to query the dns server on /net.alt instead of /net.

Ndb/dnsdebug is like ndb/dnsquery but bypasses the local server. It communicates via UDP (and sometimes TCP) with the domain name servers in the same way that the local resolver would and displays all packets received. The query can be specified on the command line or can be prompted for. The queries look like those of ndb/dnsquery with one addition. Ndb/dnsdebug can be directed to query a particular name server by the command @name–server. From that point on, all queries go to that name server rather than being resolved by dnsdebug. The @ command returns query resolution to dnsdebug. Finally, any command preceded by a @name–server sets the name server only for that command.

Normally dnsdebug uses the /net interface and the database file /lib/ndb/local. The –f option supplies the name of the data base file to use. The –r option is the same as for ndb/dns. The –x option directs dnsdebug to use the /net.alt interface and /lib/ndb/external database file. The –c option enables caching which is handy for debugging the dns code.

Ndb/dnsgetip resolves and prints A and AAAA records without consulting ndb/dns. By default, ndb/dnsgetip queries A records first and then AAAA records. As with ndb/dns, /env/DNSSERVER or ndb(6) dns attributes are used as the DNS server. The –a flag will return all records. The –x option switches ndb/dnsgetip to query the dns server through /net.alt instead of /net.

Look up helix in ndb.
% ndb/query sys helix
sys=helix dom=helix.research.bell– bootf=/mips/9powerboot
ip= ether=080069020427

Look up plan9.bell– and its IP address in the DNS.
% ndb/dnsquery
> plan9.bell– ip
plan9.bell– ip
> ptr– ptr plan9.bell–– ptr

Print the names of all systems that boot via PXE.
% ndb/query –a bootf /386/9bootpxe sys

/env/DNSSERVER        resolver's DNS servers' IP addresses
/env/DOTSERVER        resolver's DNS over TLS servers' IP addresses
/sys/lib/tls/dns      resolver's certificate / public–key thumbprints
/lib/ndb/local        first database file searched
/lib/ndb/local.*      hash files for /lib/ndb/local
service file for ndb/cs
/net/cs              where /srv/cs gets mounted
/srv/dns             service file for ndb/dns
/net/dns             where /srv/dns gets mounted


ndb(2), ndb(6)

Ndb databases are case–sensitive; ethernet addresses must be in lower–case hexadecimal.