named.conf revision e2cf9c2db3fd484d160d3b7850f5e4d9c19945fa
/*
*/
/*
*/
# So are shell-style comments
options {
version "my version string";
directory "/tmp";
# Obsolete
named-xfer "/usr/libexec/named-xfer"; // _PATH_XFER
dump-file "named_dump.db"; // _PATH_DUMPFILE
statistics-file "named.stats"; // _PATH_STATS
memstatistics-file "named.memstats"; // _PATH_MEMSTATS
auth-nxdomain yes; // always set AA on NXDOMAIN.
# Obsolete
// memstatistics-file.
# Obsolete
# Obsolete
# Obsolete
# Obsolete
also-notify { 10.0.2.3; };
// forwarders. "first" gives the normal BIND
// forwarding behavior, i.e. ask the forwarders first, and if that
1.2.3.4;
5.6.7.8;
};
blackhole { 45/24; };
10/24;
10.0.0.3; 1:2:3:4:5:6:7:8;
};
!1.2.3.4;
1.2.3/24;
};
# Now called 'provide-ixfr'
# maintain-ixfr-base no; // If yes, keep transaction log file for IXFR
coresize 100;
datasize 101;
files 230;
stacksize 231;
topology {
10/8;
!1.2.3/24;
{ 1.2/16; 3/8; };
};
sortlist { 10/8; 11/8; };
};
/*
*/
controls {
};
// here.
// than those on the NS list for this
// zone
forward first;
forwarders { 10.0.0.3; 1:2:3:4:5:6:7:8; };
};
zone "slave.demo.zone" {
type slave; // what used to be called "secondary"
file "slave.demo.zone";
ixfr-base "slave.demo.zone.ixfr"; // File name for IXFR transaction log file
masters {
1.2.3.4; // where to zone transfer from
5.6.7.8;
};
transfer-source 10.0.0.53; // fixes multihoming problems
check-names warn;
allow-update { none; };
allow-transfer { any; };
allow-update-forwarding { any; };
allow-query { any; };
max-transfer-time-in 120; // if not set, global option is used.
max-transfer-time-out 1; // if not set, global option is used.
max-transfer-idle-in 2; // if not set, global option is used.
max-transfer-idle-out 3; // if not set, global option is used.
also-notify { 1.0.0.2; };
forward only;
forwarders { 10.45.45.45; 10.0.0.3; 1:2:3:4:5:6:7:8; };
};
key "non-viewkey" { secret "aaa" ; algorithm "zzz" ; };
view "test-view" in {
key "viewkey" { algorithm "xxx" ; secret "yyy" ; };
allow-query { 10.0.0.30;};
match-clients { 10.0.0.1 ; };
check-names master warn;
check-names slave ignore;
check-names response fail;
auth-nxdomain false;
recursion true;
provide-ixfr false;
request-ixfr true;
fetch-glue true;
notify false;
rfc2308-type1 false;
transfer-source 10.0.0.55;
transfer-source-v6 4:3:8:1:5:6:7:8;
query-source port * address 10.0.0.54 ;
query-source-v6 address 6:6:6:6:6:6:6:6 port *;
max-transfer-time-out 45;
max-transfer-idle-out 55;
cleaning-interval 100;
min-roots 3;
lame-ttl 477;
max-ncache-ttl 333;
transfer-format many-answers;
zone "view-zone.com" {
type master;
allow-update-forwarding { 10.0.0.34;};
file "view-zone-master";
};
server 5.6.7.8 {
keys "viewkey";
};
server 10.9.8.7 {
keys "non-viewkey";
};
};
zone "stub.demo.zone" {
type stub; // stub zones are like slave zones,
// except that only the NS records
// are transferred.
file "stub.demo.zone";
masters {
1.2.3.4 ; // where to zone transfer from
5.6.7.8 port 999;
};
check-names warn;
allow-update { none; };
allow-transfer { any; };
allow-query { any; };
max-transfer-time-in 120; // if not set, global option is used.
pubkey 257 255 1 "a useless key";
pubkey 257 255 1 "another useless key";
};
zone "." {
type hint; // used to be specified w/ "cache"
file "cache.db";
// pubkey 257 255 1 "AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP/rick6gvEer5VcDEkLR5Q==";
};
trusted-keys {
"." 257 255 1 "AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP/rick6gvEer5VcDEkLR5Q==";
};
acl can_query { !1.2.3/24; any; }; // network 1.2.3.0 mask 255.255.255.0
// is disallowed; rest are OK
acl can_axfr { 1.2.3.4; can_query; }; // host 1.2.3.4 and any host allowed
// by can_query are OK
zone "non-default-acl.demo.zone" {
type master;
disabled;
file "foo";
allow-query { can_query; };
allow-transfer { can_axfr; };
allow-update {
1.2.3.4;
5.6.7.8;
};
pubkey 666 665 664 "key of the beast";
// Errors trapped by parser:
// identity or name not absolute
//
// issues:
// - certain rdatatype values (such as "key") are config file keywords and
// must be quoted or a syntax error will occur.
//
update-policy {
grant root.domain. subdomain host.domain. A MX CNAME;
grant sub.root.domain. wildcard *.host.domain. A;
grant root.domain. name host.domain. a ns md mf cname soa mb mg
mr "null" wks ptr hinfo minfo mx txt rp afsdb x25
isdn rt nsap sig "key" px gpos aaaa loc nxt srv naptr kx
cert a6 dname opt unspec tkey tsig ;
grant foo.bar.com. self foo.bar.com. a;
};
};
key sample_key { // for TSIG; supported by parser
algorithm hmac-md5; // but not yet implemented in the
secret "your secret here"; // rest of the server
};
key key2 {
algorithm hmac-md5;
secret "ereh terces rouy";
};
acl key_acl { key sample_key; }; // a request signed with sample_key
server 1.2.3.4 {
request-ixfr no;
provide-ixfr no;
// server (see the description of
transfers 0; // not implemented
# Now called 'request-ixfr'
# support-ixfr yes; // for IXFR supported by server
};
logging {
/*
*/
};
/*
* the channel. In order of decreasing severity, the levels are:
*
* critical a fatal error
* error
* warning
* notice a normal, but significant event
* info an informational message
* debug 1 the least detailed debugging info
* ...
* debug 99 the most detailed debugging info
*/
/*
* Here are the built-in channels:
*
* channel default_syslog {
* syslog daemon;
* severity info;
* };
*
* channel default_debug {
* file "named.run"; // note: stderr is used instead
* // of "named.run" if the server
* // is started with the "-f"
* // option.
* severity dynamic; // this means log debugging
* // at whatever debugging level
* // the server is at, and don't
* // debugging.
* };
*
* };
*
* channel default_stderr { // writes to stderr
* // there's currently no way
* // of saying "stderr" in the
* // configuration language.
* };
*
*/
/*
* don't want. Right now the categories are
*
* default the catch-all. many things still
* aren't classified into categories, and
* don't specify any channels for a
* category, the default category is used
* instead.
* config high-level configuration file
* processing
* parser low-level configuration file processing
* queries what used to be called "query logging"
* lame-servers messages like "Lame server on ..."
* statistics
* panic if the server has to shut itself
* down due to an internal problem, it
* logs the problem here (as well as
* "Malformed response ..."
* "wrong ans. name ..."
* "unrelated additional info ..."
* "invalid RR type ..."
* "bad referral ..."
*/
default_syslog; // as you want
};
channel moderate_debug {
file "foo"; // foo
severity debug 3; // level 3 debugging to file
print-time yes; // timestamp log entries
print-category yes; // print category name
print-severity yes; // print severity level
/*
* Note that debugging must have been turned on either
* on the command line or with a signal to get debugging
* output (non-debugging output will still be written to
* this channel).
*/
};
/*
*/
};
/*
*/
};
/*
* default category will be used. It is
*
* category default { default_syslog; default_debug; };
*/
/*
*
*/
/*
*
* category eventlib { default_debug; };
*
* category packet { default_debug; };
*/
};