named.conf revision adf199832b7c9799d7ceb7d3facfa599111d232d
2N/A# So are shell-style comments additional-from-auth true; additional-from-cache false; version "my version string"; sig-validity-interval 33; auth-nxdomain yes; // always set AA on NXDOMAIN. also-
notify { 10.0.2.3; };
// forwarders. "first" gives the normal BIND // forwarding behavior, i.e. ask the forwarders first, and if that # Now called 'provide-ixfr' # maintain-ixfr-base no; // If yes, keep transaction log file for IXFR database "somedb -option1 -option2 arg1 arg2 arg3"; also-notify { 1.0.0.1; }; // don't notify any nameservers other // than those on the NS list for this forwarders { 10.0.0.3; 1:2:3:4:5:6:7:8; }; type slave; // what used to be called "secondary" 1.2.3.4 port 10 key "foo"; // where to zone transfer from transfer-source 10.0.0.53; // fixes multihoming problems allow-update-forwarding { any; }; max-transfer-time-in 120; // if not set, global option is used. max-transfer-time-out 1; // if not set, global option is used. max-transfer-idle-in 2; // if not set, global option is used. max-transfer-idle-out 3; // if not set, global option is used. also-notify { 1.0.0.2; }; forwarders { 10.45.45.45; 10.0.0.3; 1:2:3:4:5:6:7:8; }; key "non-viewkey" { secret "YWFh" ; algorithm "zzz" ; }; key "viewkey" { algorithm "xxx" ; secret "eXl5" ; }; also-notify { 10.2.2.3; }; foo.com. 4 3 2 "abdefghijklmnopqrstuvwxyz"; sig-validity-interval 45; allow-query { 10.0.0.30;}; additional-from-cache false; match-clients { 10.0.0.1 ; }; check-names slave ignore; check-names response fail; transfer-source 10.0.0.55; transfer-source-v6 4:3:8:1:5:6:7:8; query-source port * address 10.0.0.54 ; query-source-v6 address 6:6:6:6:6:6:6:6 port *; max-transfer-time-out 45; max-transfer-idle-out 55; transfer-format many-answers; allow-update-forwarding { 10.0.0.34;}; type stub; // stub zones are like slave zones, // except that only the NS records 1.2.3.4 ; // where to zone transfer from max-transfer-time-in 120; // if not set, global option is used. pubkey 257 255 1 "a useless key"; pubkey 257 255 1 "another useless key"; type hint; // used to be specified w/ "cache" acl can_query { !1.2.3/24; any; }; // network 1.2.3.0 mask 255.255.255.0 // is disallowed; rest are OK acl can_axfr { 1.2.3.4; can_query; }; // host 1.2.3.4 and any host allowed allow-query { can_query; }; allow-transfer { can_axfr; }; pubkey 666 665 664 "key of the beast"; // Errors trapped by parser: // identity or name not absolute // 'wildcard' match type and no wildcard character in name // - certain rdatatype values (such as "key") are config file keywords and // must be quoted or a syntax error will occur. mr "null" wks ptr hinfo minfo mx txt rp afsdb x25 isdn rt nsap sig "key" px gpos aaaa loc nxt srv naptr kx cert a6 dname opt unspec tkey tsig ; key sample_key { // for TSIG; supported by parser algorithm hmac-md5; // but not yet implemented in the secret "eW91ciBzZWNyZXQgaGVyZQ=="; // rest of the server secret "ZXJlaCB0ZXJjZXMgcm91eQ=="; acl key_acl { key sample_key; }; // a request signed with sample_key // 'transfer-format' above) # Now called 'request-ixfr' # support-ixfr yes; // for IXFR supported by server * the channel. In order of decreasing severity, the levels are: * notice a normal, but significant event * info an informational message * debug 1 the least detailed debugging info * debug 99 the most detailed debugging info * Here are the built-in channels: * channel default_syslog { * channel default_debug { * file "named.run"; // note: stderr is used instead * // is started with the "-f" * severity dynamic; // this means log debugging * // at whatever debugging level * // the server is at, and don't * // there's currently no way * // of saying "stderr" in the * // configuration language. * don't want. Right now the categories are * default the catch-all. many things still * don't specify any channels for a * category, the default category is used * config high-level configuration file * parser low-level configuration file processing * queries what used to be called "query logging" * lame-servers messages like "Lame server on ..." * panic if the server has to shut itself * down due to an internal problem, it * logs the problem here (as well as * "Malformed response ..." * "unrelated additional info ..." severity debug 3; // level 3 debugging to file print-time yes; // timestamp log entries print-category yes; // print category name print-severity yes; // print severity level * Note that debugging must have been turned on either * on the command line or with a signal to get debugging * output (non-debugging output will still be written to * If you don't define category default yourself, the default * default category will be used. It is * category default { default_syslog; default_debug; }; * category eventlib { default_debug; }; * category packet { default_debug; };