Bv9ARM.ch06.html revision 09d72af3e9961c210d7baa6179165b6cd81e8dd0
885f47576842cf3c569315b9a48bd9f0ca03f203Automatic Updater - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
71bd43eebd9d6e42dbcae62b730f5b6508d5acd8Automatic Updater - Copyright (C) 2000-2003 Internet Software Consortium.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater - Permission to use, copy, modify, and/or distribute this software for any
2bb3422dc683c013db7042f5736240de6b86f182Automatic Updater - purpose with or without fee is hereby granted, provided that the above
7b67cfadd077feb0ec3e6c78385ba0d845a9789bMark Andrews - copyright notice and this permission notice appear in all copies.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
90ff38a0d8deaf5f9c2aa5916d99b2e572d28738Automatic Updater - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - PERFORMANCE OF THIS SOFTWARE.
96713299d08c0735c18ebe8772dd2cc1ecd4356aAutomatic Updater<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews<title>Chapter�6.�BIND 9 Configuration Reference</title>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
96713299d08c0735c18ebe8772dd2cc1ecd4356aAutomatic Updater<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
80faf1588895fd26490f82f95a7a1b771df1c324Automatic Updater<link rel="prev" href="Bv9ARM.ch05.html" title="Chapter�5.�The BIND 9 Lightweight Resolver">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<link rel="next" href="Bv9ARM.ch07.html" title="Chapter�7.�BIND 9 Security Considerations">
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<table width="100%" summary="Navigation header">
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<tr><th colspan="3" align="center">Chapter�6.�<acronym class="acronym">BIND</acronym> 9 Configuration Reference</th></tr>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<a accesskey="p" href="Bv9ARM.ch05.html">Prev</a>�</td>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch07.html">Next</a>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<div class="titlepage"><div><div><h2 class="title">
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt<a name="Bv9ARM.ch06"></a>Chapter�6.�<acronym class="acronym">BIND</acronym> 9 Configuration Reference</h2></div></div></div>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573300">Comment Syntax</a></span></dt>
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574165"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574423"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574782"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574800"><span><strong class="command">include</strong></span> Statement Definition and
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574891"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574915"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
80faf1588895fd26490f82f95a7a1b771df1c324Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575009"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575144"><span><strong class="command">logging</strong></span> Statement Definition and
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577350"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
db5b7e2cdf150c46e8242d3e2e3ad3f5c7300258Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577447"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
80faf1588895fd26490f82f95a7a1b771df1c324Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577611"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577660"><span><strong class="command">masters</strong></span> Statement Definition and
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577682"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
db5b7e2cdf150c46e8242d3e2e3ad3f5c7300258Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#statschannels"><span><strong class="command">statistics-channels</strong></span> Statement Grammar</a></span></dt>
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593291"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#trusted-keys"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593657"><span><strong class="command">trusted-keys</strong></span> Statement Definition
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593710"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<dt><span class="sect2"><a href="Bv9ARM.ch06.html#managed-keys"><span><strong class="command">managed-keys</strong></span> Statement Definition
d145b64cacc8d9cda51f9924ec70cd4661c3e2cfAutomatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594146"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
9174e44c14b1cb91a651fa1dc29470438c246ab9Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
9174e44c14b1cb91a651fa1dc29470438c246ab9Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2596230"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2599866">Zone File</a></span></dt>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2602994">Discussion of MX Records</a></span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
52367885450d8f61d4f2d63292beb15ba8f39ac7Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2603609">Inverse Mapping in IPv4</a></span></dt>
9174e44c14b1cb91a651fa1dc29470438c246ab9Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2603804">Other Zone File Directives</a></span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2604009"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater<dt><span class="sect1"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch06.html#statistics_counters">Statistics Counters</a></span></dt></dl></dd>
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater <acronym class="acronym">BIND</acronym> 9 configuration is broadly similar
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater to <acronym class="acronym">BIND</acronym> 8; however, there are a few new
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater of configuration, such as views. <acronym class="acronym">BIND</acronym>
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater 8 configuration files should work with few alterations in <acronym class="acronym">BIND</acronym>
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater 9, although more complex configurations should be reviewed to check
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater if they can be more efficiently implemented using the new features
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews found in <acronym class="acronym">BIND</acronym> 9.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <acronym class="acronym">BIND</acronym> 4 configuration files can be
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson converted to the new format
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews using the shell script
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson <code class="filename">contrib/named-bootconf/named-bootconf.sh</code>.
0df8ead472f207020f8da22a185fe4b945248ab8Automatic Updater<div class="titlepage"><div><div><h2 class="title" style="clear: both">
e8c7dc2a5ce48f11c07a67c9923eeb8f419ff19fEvan Hunt<a name="configuration_file_elements"></a>Configuration File Elements</h2></div></div></div>
0ce87e5749aabb8eef1e0a37e4bd6e6ffa1d7196Automatic Updater Following is a list of elements used throughout the <acronym class="acronym">BIND</acronym> configuration
0df8ead472f207020f8da22a185fe4b945248ab8Automatic Updater file documentation:
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater<div class="informaltable"><table border="1">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The name of an <code class="varname">address_match_list</code> as
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater defined by the <span><strong class="command">acl</strong></span> statement.
7f94d9a8162c9a96b56e66176702b66e79d8e1a2Automatic Updater <code class="varname">address_match_list</code>
7f94d9a8162c9a96b56e66176702b66e79d8e1a2Automatic Updater A list of one or more
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <code class="varname">ip_prefix</code>, <code class="varname">key_id</code>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater or <code class="varname">acl_name</code> elements, see
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater <a href="Bv9ARM.ch06.html#address_match_lists" title="Address Match Lists">the section called “Address Match Lists”</a>.
b0d566a2ce0f5a67f537ee7f8233f82f2584cc61Automatic Updater A named list of one or more <code class="varname">ip_addr</code>
80faf1588895fd26490f82f95a7a1b771df1c324Automatic Updater with optional <code class="varname">key_id</code> and/or
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater A <code class="varname">masters_list</code> may include other
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater <code class="varname">masters_lists</code>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater A quoted string which will be used as
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater a DNS name, for example "<code class="literal">my.test.domain</code>".
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater A list of one or more <code class="varname">domain_name</code>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater One to four integers valued 0 through
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater 255 separated by dots (`.'), such as <span><strong class="command">123</strong></span>,
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <span><strong class="command">45.67</strong></span> or <span><strong class="command">89.123.45.67</strong></span>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater An IPv4 address with exactly four elements
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in <code class="varname">dotted_decimal</code> notation.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater An IPv6 address, such as <span><strong class="command">2001:db8::1234</strong></span>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater IPv6 scoped addresses that have ambiguity on their
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater scope zones must be disambiguated by an appropriate
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater zone ID with the percent character (`%') as
bc0a4c01beede169df81a3ee5b614ed9e82339dbAutomatic Updater delimiter. It is strongly recommended to use
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington string zone names rather than numeric identifiers,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in order to be robust against system configuration
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington changes. However, since there is no standard
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington mapping for such names and identifier values,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington currently only interface names as link identifiers
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington are supported, assuming one-to-one mapping between
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington interfaces and links. For example, a link-local
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington address <span><strong class="command">fe80::1</strong></span> on the link
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington attached to the interface <span><strong class="command">ne0</strong></span>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington can be specified as <span><strong class="command">fe80::1%ne0</strong></span>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Note that on most systems link-local addresses
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington always have the ambiguity, and need to be
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington disambiguated.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington An <code class="varname">ip4_addr</code> or <code class="varname">ip6_addr</code>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington A <code class="varname">number</code> between 0 and 63, used
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington to select a differentiated services code point (DSCP)
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington value for use with outgoing traffic on operating systems
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington that support DSCP.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington An IP port <code class="varname">number</code>.
a26b22914b7bf25f065afb8cdef983766dcd672bAutomatic Updater The <code class="varname">number</code> is limited to 0
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater through 65535, with values
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater below 1024 typically restricted to use by processes running
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater In some cases, an asterisk (`*') character can be used as a
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater placeholder to
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater select a random high-numbered port.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington An IP network specified as an <code class="varname">ip_addr</code>,
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington followed by a slash (`/') and then the number of bits in the
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington Trailing zeros in a <code class="varname">ip_addr</code>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews may omitted.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews For example, <span><strong class="command">127/8</strong></span> is the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington network <span><strong class="command">127.0.0.0</strong></span> with
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews netmask <span><strong class="command">255.0.0.0</strong></span> and <span><strong class="command">1.2.3.0/28</strong></span> is
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington network <span><strong class="command">1.2.3.0</strong></span> with netmask <span><strong class="command">255.255.255.240</strong></span>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington When specifying a prefix involving a IPv6 scoped address
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater the scope may be omitted. In that case the prefix will
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater match packets from any scope.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater A <code class="varname">domain_name</code> representing
c01dec514a81ecf8c17ca3ef8c3ba95e437295ebAutomatic Updater the name of a shared key, to be used for transaction
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington A list of one or more
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington separated by semicolons and ending with a semicolon.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews A non-negative 32-bit integer
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews (i.e., a number between 0 and 4294967295, inclusive).
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Its acceptable value might further
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington be limited by the context in which it is used.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews A quoted string which will be used as
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews a pathname, such as <code class="filename">zones/master/my.test.domain</code>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington A list of an <code class="varname">ip_port</code> or a port
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews A port range is specified in the form of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <strong class="userinput"><code>range</code></strong> followed by
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <code class="varname">port_high</code>, which represents
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington port numbers from <code class="varname">port_low</code> through
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <code class="varname">port_high</code>, inclusive.
a26b22914b7bf25f065afb8cdef983766dcd672bAutomatic Updater <code class="varname">port_low</code> must not be larger than
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <strong class="userinput"><code>range 1024 65535</code></strong> represents
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington ports from 1024 through 65535.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington In either case an asterisk (`*') character is not
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington allowed as a valid <code class="varname">ip_port</code>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater A 64-bit unsigned integer, or the keywords
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater <strong class="userinput"><code>unlimited</code></strong> or
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>default</code></strong>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Integers may take values
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater 0 <= value <= 18446744073709551615, though
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington certain parameters
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews (such as <span><strong class="command">max-journal-size</strong></span>) may
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington use a more limited range within these extremes.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews In most cases, setting a value to 0 does not
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington literally mean zero; it means "undefined" or
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews "as big as possible", depending on the context.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews See the explanations of particular parameters
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews that use <code class="varname">size_spec</code>
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews for details on how they interpret its use.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Numeric values can optionally be followed by a
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington scaling factor:
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <strong class="userinput"><code>K</code></strong> or <strong class="userinput"><code>k</code></strong>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington for kilobytes,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <strong class="userinput"><code>M</code></strong> or <strong class="userinput"><code>m</code></strong>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington for megabytes, and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <strong class="userinput"><code>G</code></strong> or <strong class="userinput"><code>g</code></strong>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington for gigabytes, which scale by 1024, 1024*1024, and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington 1024*1024*1024 respectively.
a26b22914b7bf25f065afb8cdef983766dcd672bAutomatic Updater <code class="varname">unlimited</code> generally means
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater "as big as possible", and is usually the best
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington way to safely set a very large number.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater uses the limit that was in force when the server was started.
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater Either <strong class="userinput"><code>yes</code></strong> or <strong class="userinput"><code>no</code></strong>.
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater The words <strong class="userinput"><code>true</code></strong> and <strong class="userinput"><code>false</code></strong> are
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater also accepted, as are the numbers <strong class="userinput"><code>1</code></strong>
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater and <strong class="userinput"><code>0</code></strong>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater One of <strong class="userinput"><code>yes</code></strong>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>no</code></strong>, <strong class="userinput"><code>notify</code></strong>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>notify-passive</code></strong>, <strong class="userinput"><code>refresh</code></strong> or
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>passive</code></strong>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater When used in a zone, <strong class="userinput"><code>notify-passive</code></strong>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>refresh</code></strong>, and <strong class="userinput"><code>passive</code></strong>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater are restricted to slave and stub zones.
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="address_match_lists"></a>Address Match Lists</h3></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h4 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2573131"></a>Syntax</h4></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting"><code class="varname">address_match_list</code> = address_match_list_element ;
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> address_match_list_element; ... </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<code class="varname">address_match_list_element</code> = [<span class="optional"> ! </span>] (ip_address [<span class="optional">/length</span>] |
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater key key_id | acl_name | { address_match_list } )
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h4 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2573159"></a>Definition and Usage</h4></div></div></div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Address match lists are primarily used to determine access
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater control for various server operations. They are also used in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the <span><strong class="command">listen-on</strong></span> and <span><strong class="command">sortlist</strong></span>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington statements. The elements which constitute an address match
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater list can be any of the following:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater a key ID, as defined by the <span><strong class="command">key</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<li>the name of an address match list defined with
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the <span><strong class="command">acl</strong></span> statement
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<li>a nested address match list enclosed in braces</li>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Elements can be negated with a leading exclamation mark (`!'),
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and the match list names "any", "none", "localhost", and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater "localnets" are predefined. More information on those names
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater can be found in the description of the acl statement.
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater The addition of the key clause made the name of this syntactic
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater element something of a misnomer, since security keys can be used
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater to validate access without regard to a host or network address.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Nonetheless, the term "address match list" is still used
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews throughout the documentation.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington When a given IP address or prefix is compared to an address
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater match list, the comparison takes place in approximately O(1)
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater time. However, key comparisons require that the list of keys
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater be traversed until a matching key is found, and therefore may
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington be somewhat slower.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The interpretation of a match depends on whether the list is being
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater used for access control, defining <span><strong class="command">listen-on</strong></span> ports, or in a
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater <span><strong class="command">sortlist</strong></span>, and whether the element was negated.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater When used as an access control list, a non-negated match
2da2220fe7af2c45724b50b0187523b1fab0cf08Rob Austein allows access and a negated match denies access. If
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater there is no match, access is denied. The clauses
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span><strong class="command">allow-notify</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">allow-recursion</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">allow-recursion-on</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">allow-query</strong></span>,
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater <span><strong class="command">allow-query-on</strong></span>,
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater <span><strong class="command">allow-query-cache</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">allow-query-cache-on</strong></span>,
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater <span><strong class="command">allow-transfer</strong></span>,
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater <span><strong class="command">allow-update</strong></span>,
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater <span><strong class="command">allow-update-forwarding</strong></span>,
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater <span><strong class="command">blackhole</strong></span>, and
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater <span><strong class="command">keep-response-order</strong></span> all use address match
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater lists. Similarly, the <span><strong class="command">listen-on</strong></span> option will cause the
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater server to refuse queries on any of the machine's
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater addresses which do not match the list.
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater Order of insertion is significant. If more than one element
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater in an ACL is found to match a given IP address or prefix,
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater preference will be given to the one that came
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater <span class="emphasis"><em>first</em></span> in the ACL definition.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Because of this first-match behavior, an element that
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater defines a subset of another element in the list should
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington come before the broader element, regardless of whether
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater either is negated. For example, in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">1.2.3/24; ! 1.2.3.13;</strong></span>
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater the 1.2.3.13 element is completely useless because the
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater algorithm will match any lookup for 1.2.3.13 to the 1.2.3/24
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater element. Using <span><strong class="command">! 1.2.3.13; 1.2.3/24</strong></span> fixes
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater that problem by having 1.2.3.13 blocked by the negation, but
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater all other 1.2.3.* hosts fall through.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h3 class="title">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="id2573300"></a>Comment Syntax</h3></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <acronym class="acronym">BIND</acronym> 9 comment syntax allows for
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater comments to appear
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington anywhere that whitespace may appear in a <acronym class="acronym">BIND</acronym> configuration
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater file. To appeal to programmers of all kinds, they can be written
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h4 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2573383"></a>Syntax</h4></div></div></div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<pre class="programlisting">/* This is a <acronym class="acronym">BIND</acronym> comment as in C */</pre>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting">// This is a <acronym class="acronym">BIND</acronym> comment as in C++</pre>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting"># This is a <acronym class="acronym">BIND</acronym> comment as in common UNIX shells
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater# and perl</pre>
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews<div class="titlepage"><div><div><h4 class="title">
f8c47598b87a5eb5ff2ceda6c81d136212d59cefAutomatic Updater<a name="id2573413"></a>Definition and Usage</h4></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Comments may appear anywhere that whitespace may appear in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater a <acronym class="acronym">BIND</acronym> configuration file.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater C-style comments start with the two characters /* (slash,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater star) and end with */ (star, slash). Because they are completely
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater delimited with these characters, they can be used to comment only
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington a portion of a line or to span multiple lines.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington C-style comments cannot be nested. For example, the following
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington is not valid because the entire comment ends with the first */:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting">/* This is the start of a comment.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington This is still part of the comment.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater/* This is an incorrect attempt at nesting a comment. */
f65d2e1c04c806a185bf9f3120e80692f5ccd5e6Automatic Updater This is no longer in any comment. */
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater C++-style comments start with the two characters // (slash,
e062b72f783cdb436a1a57a630bdff471dbb3038Mark Andrews slash) and continue to the end of the physical line. They cannot
d145b64cacc8d9cda51f9924ec70cd4661c3e2cfAutomatic Updater be continued across multiple physical lines; to have one logical
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater comment span multiple lines, each line must use the // pair.
3e79333aa37d3b88959372431a02af8a3eb7cfd9Automatic Updater<pre class="programlisting">// This is the start of a comment. The next line
e076d0c88be69de7c190ab924d095e69d2e11f7aAndreas Gustafsson// is a new comment, even though it is logically
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater// part of the previous comment.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Shell-style (or perl-style, if you prefer) comments start
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater with the character <code class="literal">#</code> (number sign)
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and continue to the end of the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater physical line, as in C++ comments.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting"># This is the start of a comment. The next line
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater# is a new comment, even though it is logically
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington# part of the previous comment.
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater You cannot use the semicolon (`;') character
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington to start a comment such as you would in a zone file. The
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater semicolon indicates the end of a configuration
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="titlepage"><div><div><h2 class="title" style="clear: both">
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater<a name="Configuration_File_Grammar"></a>Configuration File Grammar</h2></div></div></div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington A <acronym class="acronym">BIND</acronym> 9 configuration consists of
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater statements and comments.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Statements end with a semicolon. Statements and comments are the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater only elements that can appear without enclosing braces. Many
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater statements contain a block of sub-statements, which are also
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews terminated with a semicolon.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The following statements are supported:
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="informaltable"><table border="1">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <p><span><strong class="command">acl</strong></span></p>
53aed64e0f8553762fc0c380ee41cb42f514c7d5Brian Wellington defines a named IP address
6de27e27ad6056d7c049feb912df5a6b9a56d1b8Automatic Updater matching list, for access control and other uses.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">controls</strong></span></p>
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews declares control channels to be used
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews by the <span><strong class="command">rndc</strong></span> utility.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews <p><span><strong class="command">include</strong></span></p>
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews includes a file.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews <p><span><strong class="command">key</strong></span></p>
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews specifies key information for use in
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews authentication and authorization using TSIG.
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater <p><span><strong class="command">logging</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater specifies what the server logs, and where
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the log messages are sent.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">lwres</strong></span></p>
f55369d776907119cd8699a4119d9c80daa7cae4Mark Andrews configures <span><strong class="command">named</strong></span> to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater also act as a light-weight resolver daemon (<span><strong class="command">lwresd</strong></span>).
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater <p><span><strong class="command">masters</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater defines a named masters list for
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater inclusion in stub and slave zones'
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">masters</strong></span> or
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">also-notify</strong></span> lists.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <p><span><strong class="command">options</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater controls global server configuration
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater options and sets defaults for other statements.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">server</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater sets certain configuration options on
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater a per-server basis.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">statistics-channels</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater declares communication channels to get access to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">named</strong></span> statistics.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">trusted-keys</strong></span></p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington defines trusted DNSSEC keys.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <p><span><strong class="command">managed-keys</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater lists DNSSEC keys to be kept up to date
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater using RFC 5011 trust anchor maintenance.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">view</strong></span></p>
8227257b1c0224a7991e04bb79dc5059d5062dfbAndreas Gustafsson defines a view.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">zone</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater defines a zone.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">logging</strong></span> and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">options</strong></span> statements may only occur once
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater configuration.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2574165"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting"><span><strong class="command">acl</strong></span> acl-name {
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington address_match_list
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="acl"></a><span><strong class="command">acl</strong></span> Statement Definition and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">acl</strong></span> statement assigns a symbolic
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater name to an address match list. It gets its name from a primary
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater use of address match lists: Access Control Lists (ACLs).
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The following ACLs are built-in:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="informaltable"><table border="1">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">any</strong></span></p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Matches all hosts.
a26b22914b7bf25f065afb8cdef983766dcd672bAutomatic Updater <p><span><strong class="command">none</strong></span></p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Matches no hosts.
0df8ead472f207020f8da22a185fe4b945248ab8Automatic Updater <p><span><strong class="command">localhost</strong></span></p>
cab3e375b77a980a5d4b7e5e4ee90167439e7934Mark Andrews Matches the IPv4 and IPv6 addresses of all network
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater interfaces on the system. When addresses are
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater added or removed, the <span><strong class="command">localhost</strong></span>
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater ACL element is updated to reflect the changes.
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater <p><span><strong class="command">localnets</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Matches any host on an IPv4 or IPv6 network
bd40cbcd09057ddfd043291aba82a56c90ec2523Automatic Updater for which the system has an interface.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson When addresses are added or removed,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the <span><strong class="command">localnets</strong></span>
bd40cbcd09057ddfd043291aba82a56c90ec2523Automatic Updater ACL element is updated to reflect the changes.
d912d1139efa8410785f0fc88dfb7dc7fbaae6deMark Andrews Some systems do not provide a way to determine the prefix
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater local IPv6 addresses.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater In such a case, <span><strong class="command">localnets</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater only matches the local
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson IPv6 addresses, just like <span><strong class="command">localhost</strong></span>.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater<div class="titlepage"><div><div><h3 class="title">
2fd97723b2ec7fc1975672780ab0c1c9a8c369d6Automatic Updater<a name="id2574423"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
d145b64cacc8d9cda51f9924ec70cd4661c3e2cfAutomatic Updater<pre class="programlisting"><span><strong class="command">controls</strong></span> {
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews [ inet ( ip_addr | * ) [ port ip_port ]
282e38d96feb488fddbbc0b0409491094786977fMark Andrews allow { <em class="replaceable"><code> address_match_list </code></em> }
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater keys { <em class="replaceable"><code>key_list</code></em> }; ]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [ unix <em class="replaceable"><code>path</code></em> perm <em class="replaceable"><code>number</code></em> owner <em class="replaceable"><code>number</code></em> group <em class="replaceable"><code>number</code></em>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater keys { <em class="replaceable"><code>key_list</code></em> }; ]
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews<div class="titlepage"><div><div><h3 class="title">
0ca8fddd5b5e26d8a05f0936fc4b2666a025b9c0Mark Andrews<a name="controls_statement_definition_and_usage"></a><span><strong class="command">controls</strong></span> Statement Definition and
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews The <span><strong class="command">controls</strong></span> statement declares control
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews channels to be used by system administrators to control the
0ca8fddd5b5e26d8a05f0936fc4b2666a025b9c0Mark Andrews operation of the name server. These control channels are
c6517a807173827b8f638d31303805ee4c1d8054Automatic Updater used by the <span><strong class="command">rndc</strong></span> utility to send
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews commands to and retrieve non-DNS results from a name server.
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews An <span><strong class="command">inet</strong></span> control channel is a TCP socket
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews listening at the specified <span><strong class="command">ip_port</strong></span> on the
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews specified <span><strong class="command">ip_addr</strong></span>, which can be an IPv4 or IPv6
10b4a0c3a4eec1b22b990c0a0595fbda51f54e94Automatic Updater address. An <span><strong class="command">ip_addr</strong></span> of <code class="literal">*</code> (asterisk) is
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews interpreted as the IPv4 wildcard address; connections will be
4f5257ba7afbe06e949d1577581de18b22ef6c05Automatic Updater accepted on any of the system's IPv4 addresses.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews To listen on the IPv6 wildcard address,
b795291f8ea5bc2c8470cc34f82e8c570337308aAutomatic Updater use an <span><strong class="command">ip_addr</strong></span> of <code class="literal">::</code>.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews If you will only use <span><strong class="command">rndc</strong></span> on the local host,
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews using the loopback address (<code class="literal">127.0.0.1</code>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews or <code class="literal">::1</code>) is recommended for maximum security.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews If no port is specified, port 953 is used. The asterisk
21f8d40dbd9be951555f46b0bfa23571c5a9b913Automatic Updater "<code class="literal">*</code>" cannot be used for <span><strong class="command">ip_port</strong></span>.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews The ability to issue commands over the control channel is
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews restricted by the <span><strong class="command">allow</strong></span> and
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews <span><strong class="command">keys</strong></span> clauses.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews Connections to the control channel are permitted based on the
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews <span><strong class="command">address_match_list</strong></span>. This is for simple
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews IP address based filtering only; any <span><strong class="command">key_id</strong></span>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews elements of the <span><strong class="command">address_match_list</strong></span>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews are ignored.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews A <span><strong class="command">unix</strong></span> control channel is a UNIX domain
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews socket listening at the specified path in the file system.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Access to the socket is specified by the <span><strong class="command">perm</strong></span>,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">owner</strong></span> and <span><strong class="command">group</strong></span> clauses.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Note on some platforms (SunOS and Solaris) the permissions
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews (<span><strong class="command">perm</strong></span>) are applied to the parent directory
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews as the permissions on the socket itself are ignored.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The primary authorization mechanism of the command
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews channel is the <span><strong class="command">key_list</strong></span>, which
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews contains a list of <span><strong class="command">key_id</strong></span>s.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Each <span><strong class="command">key_id</strong></span> in the <span><strong class="command">key_list</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews is authorized to execute commands over the control channel.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews See <a href="Bv9ARM.ch03.html#rndc">Remote Name Daemon Control application</a> in <a href="Bv9ARM.ch03.html#admin_tools" title="Administrative Tools">the section called “Administrative Tools”</a>)
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews for information about configuring keys in <span><strong class="command">rndc</strong></span>.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews If no <span><strong class="command">controls</strong></span> statement is present,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">named</strong></span> will set up a default
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews control channel listening on the loopback address 127.0.0.1
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews and its IPv6 counterpart ::1.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews In this case, and also when the <span><strong class="command">controls</strong></span> statement
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews is present but does not have a <span><strong class="command">keys</strong></span> clause,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">named</strong></span> will attempt to load the command channel key
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews from the file <code class="filename">rndc.key</code> in
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <code class="filename">/etc</code> (or whatever <code class="varname">sysconfdir</code>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews was specified as when <acronym class="acronym">BIND</acronym> was built).
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews To create a <code class="filename">rndc.key</code> file, run
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <strong class="userinput"><code>rndc-confgen -a</code></strong>.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <code class="filename">rndc.key</code> feature was created to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews ease the transition of systems from <acronym class="acronym">BIND</acronym> 8,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews which did not have digital signatures on its command channel
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews messages and thus did not have a <span><strong class="command">keys</strong></span> clause.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews It makes it possible to use an existing <acronym class="acronym">BIND</acronym> 8
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews configuration file in <acronym class="acronym">BIND</acronym> 9 unchanged,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews and still have <span><strong class="command">rndc</strong></span> work the same way
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">ndc</strong></span> worked in BIND 8, simply by executing the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews command <strong class="userinput"><code>rndc-confgen -a</code></strong> after BIND 9 is
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Since the <code class="filename">rndc.key</code> feature
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews is only intended to allow the backward-compatible usage of
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <acronym class="acronym">BIND</acronym> 8 configuration files, this
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews feature does not
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews have a high degree of configurability. You cannot easily change
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews the key name or the size of the secret, so you should make a
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <code class="filename">rndc.conf</code> with your own key if you
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews wish to change
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews those things. The <code class="filename">rndc.key</code> file
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews also has its
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews permissions set such that only the owner of the file (the user that
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">named</strong></span> is running as) can access it.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews desire greater flexibility in allowing other users to access
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">rndc</strong></span> commands, then you need to create
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <code class="filename">rndc.conf</code> file and make it group
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews readable by a group
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews that contains the users who should have access.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews To disable the command channel, use an empty
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">controls</strong></span> statement:
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">controls { };</strong></span>.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<div class="titlepage"><div><div><h3 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="id2574782"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<pre class="programlisting"><span><strong class="command">include</strong></span> <em class="replaceable"><code>filename</code></em>;</pre>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<div class="titlepage"><div><div><h3 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="id2574800"></a><span><strong class="command">include</strong></span> Statement Definition and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <span><strong class="command">include</strong></span> statement inserts the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews specified file at the point where the <span><strong class="command">include</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews statement is encountered. The <span><strong class="command">include</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews statement facilitates the administration of configuration
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews by permitting the reading or writing of some things but not
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews others. For example, the statement could include private keys
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews that are readable only by the name server.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<div class="titlepage"><div><div><h3 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="id2574891"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<pre class="programlisting"><span><strong class="command">key</strong></span> <em class="replaceable"><code>key_id</code></em> {
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews algorithm <em class="replaceable"><code>algorithm_id</code></em>;
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews secret <em class="replaceable"><code>secret_string</code></em>;
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<div class="titlepage"><div><div><h3 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="id2574915"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <span><strong class="command">key</strong></span> statement defines a shared
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews secret key for use with TSIG (see <a href="Bv9ARM.ch04.html#tsig" title="TSIG">the section called “TSIG”</a>)
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews or the command channel
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews (see <a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Usage">the section called “<span><strong class="command">controls</strong></span> Statement Definition and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Usage”</a>).
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <span><strong class="command">key</strong></span> statement can occur at the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews of the configuration file or inside a <span><strong class="command">view</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews statement. Keys defined in top-level <span><strong class="command">key</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews statements can be used in all views. Keys intended for use in
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews a <span><strong class="command">controls</strong></span> statement
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews (see <a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Usage">the section called “<span><strong class="command">controls</strong></span> Statement Definition and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Usage”</a>)
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews must be defined at the top level.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <em class="replaceable"><code>key_id</code></em>, also known as the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews key name, is a domain name uniquely identifying the key. It can
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews be used in a <span><strong class="command">server</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews statement to cause requests sent to that
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews server to be signed with this key, or in address match lists to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews verify that incoming requests have been signed with a key
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews matching this name, algorithm, and secret.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <em class="replaceable"><code>algorithm_id</code></em> is a string
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews that specifies a security/authentication algorithm. The
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">named</strong></span> server supports <code class="literal">hmac-md5</code>,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <code class="literal">hmac-sha1</code>, <code class="literal">hmac-sha224</code>,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <code class="literal">hmac-sha256</code>, <code class="literal">hmac-sha384</code>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews and <code class="literal">hmac-sha512</code> TSIG authentication.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Truncated hashes are supported by appending the minimum
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews number of required bits preceded by a dash, e.g.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <em class="replaceable"><code>secret_string</code></em> is the secret
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews to be used by the algorithm, and is treated as a base-64
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews encoded string.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<div class="titlepage"><div><div><h3 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="id2575009"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<pre class="programlisting"><span><strong class="command">logging</strong></span> {
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">channel</strong></span> <em class="replaceable"><code>channel_name</code></em> {
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews ( <span><strong class="command">file</strong></span> <em class="replaceable"><code>path_name</code></em>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">versions</strong></span> ( <em class="replaceable"><code>number</code></em> | <span><strong class="command">unlimited</strong></span> ) ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">size</strong></span> <em class="replaceable"><code>size_spec</code></em> ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews | <span><strong class="command">syslog</strong></span> <em class="replaceable"><code>syslog_facility</code></em>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews | <span><strong class="command">stderr</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews | <span><strong class="command">null</strong></span> );
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">severity</strong></span> (<code class="option">critical</code> | <code class="option">error</code> | <code class="option">warning</code> | <code class="option">notice</code> |
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <code class="option">info</code> | <code class="option">debug</code> [ <em class="replaceable"><code>level</code></em> ] | <code class="option">dynamic</code> ); ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">print-category</strong></span> <code class="option">yes</code> or <code class="option">no</code>; ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">print-severity</strong></span> <code class="option">yes</code> or <code class="option">no</code>; ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">print-time</strong></span> <code class="option">yes</code> or <code class="option">no</code>; ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">buffered</strong></span> <code class="option">yes</code> or <code class="option">no</code>; ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">category</strong></span> <em class="replaceable"><code>category_name</code></em> {
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <em class="replaceable"><code>channel_name</code></em> ; [ <em class="replaceable"><code>channel_name</code></em> ; ... ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<div class="titlepage"><div><div><h3 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="id2575144"></a><span><strong class="command">logging</strong></span> Statement Definition and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <span><strong class="command">logging</strong></span> statement configures a
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews variety of logging options for the name server. Its <span><strong class="command">channel</strong></span> phrase
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews associates output methods, format options and severity levels with
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews a name that can then be used with the <span><strong class="command">category</strong></span> phrase
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews to select how various classes of messages are logged.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Only one <span><strong class="command">logging</strong></span> statement is used to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews as many channels and categories as are wanted. If there is no <span><strong class="command">logging</strong></span> statement,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews the logging configuration will be:
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington category default { default_syslog; default_debug; };
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater category unmatched { null; };
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews If <span><strong class="command">named</strong></span> is started with the
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <code class="option">-L</code> option, it logs to the specified file
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews at startup, instead of using syslog. In this case the logging
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews configuration will be:
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews category default { default_logfile; default_debug; };
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews category unmatched { null; };
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews In <acronym class="acronym">BIND</acronym> 9, the logging configuration
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews is only established when
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews the entire configuration file has been parsed. In <acronym class="acronym">BIND</acronym> 8, it was
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews established as soon as the <span><strong class="command">logging</strong></span>
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews was parsed. When the server is starting up, all logging messages
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews regarding syntax errors in the configuration file go to the default
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews channels, or to standard error if the <code class="option">-g</code> option
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews was specified.
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater<div class="titlepage"><div><div><h4 class="title">
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater<a name="id2575209"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater All log output goes to one or more <span class="emphasis"><em>channels</em></span>;
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater you can make as many of them as you want.
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater Every channel definition must include a destination clause that
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater says whether messages selected for the channel go to a file, to a
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater particular syslog facility, to the standard error stream, or are
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater discarded. It can optionally also limit the message severity level
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater that will be accepted by the channel (the default is
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater <span><strong class="command">info</strong></span>), and whether to include a
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater <span><strong class="command">named</strong></span>-generated time stamp, the
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater and/or severity level (the default is not to include any).
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater The <span><strong class="command">null</strong></span> destination clause
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater causes all messages sent to the channel to be discarded;
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater in that case, other options for the channel are meaningless.
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater The <span><strong class="command">file</strong></span> destination clause directs
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater to a disk file. It can include limitations
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater both on how large the file is allowed to become, and how many
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater of the file will be saved each time the file is opened.
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson If you use the <span><strong class="command">versions</strong></span> log file
56874aef380a64a2c183b7c282c3e7a361d67fa1Automatic Updater <span><strong class="command">named</strong></span> will retain that many backup
56874aef380a64a2c183b7c282c3e7a361d67fa1Automatic Updater versions of the file by
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson renaming them when opening. For example, if you choose to keep
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson three old versions
754ebd37e782356aedbb2987e3c1a8ab4f29574eMark Andrews of the file <code class="filename">lamers.log</code>, then just
754ebd37e782356aedbb2987e3c1a8ab4f29574eMark Andrews before it is opened
754ebd37e782356aedbb2987e3c1a8ab4f29574eMark Andrews <code class="filename">lamers.log.1</code> is renamed to
309b912841e8b97bf0b0df0d96c3eaf16990c080Automatic Updater <code class="filename">lamers.log.2</code>, <code class="filename">lamers.log.0</code> is renamed
94df856897945fe58f130ba78765c57308bc5400Automatic Updater to <code class="filename">lamers.log.1</code>, and <code class="filename">lamers.log</code> is
5c679dbb66df92766f6a7e7bb93c18d61275d1feMark Andrews renamed to <code class="filename">lamers.log.0</code>.
5c679dbb66df92766f6a7e7bb93c18d61275d1feMark Andrews You can say <span><strong class="command">versions unlimited</strong></span> to
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater the number of versions.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If a <span><strong class="command">size</strong></span> option is associated with
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews then renaming is only done when the file being opened exceeds the
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews indicated size. No backup versions are kept by default; any
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews log file is simply appended.
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater The <span><strong class="command">size</strong></span> option for files is used
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater growth. If the file ever exceeds the size, then <span><strong class="command">named</strong></span> will
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater stop writing to the file unless it has a <span><strong class="command">versions</strong></span> option
f6056ad06781c95198505ae3a361e6dd98df4b91Automatic Updater associated with it. If backup versions are kept, the files are
f6056ad06781c95198505ae3a361e6dd98df4b91Automatic Updater described above and a new one begun. If there is no
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater <span><strong class="command">versions</strong></span> option, no more data will
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater be written to the log
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater until some out-of-band mechanism removes or truncates the log to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater maximum size. The default behavior is not to limit the size of
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater Example usage of the <span><strong class="command">size</strong></span> and
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater <span><strong class="command">versions</strong></span> options:
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater<pre class="programlisting">channel an_example_channel {
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater file "example.log" versions 3 size 20m;
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater print-time yes;
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater print-category yes;
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater The <span><strong class="command">syslog</strong></span> destination clause
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater channel to the system log. Its argument is a
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater syslog facility as described in the <span><strong class="command">syslog</strong></span> man
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater page. Known facilities are <span><strong class="command">kern</strong></span>, <span><strong class="command">user</strong></span>,
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater <span><strong class="command">mail</strong></span>, <span><strong class="command">daemon</strong></span>, <span><strong class="command">auth</strong></span>,
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater <span><strong class="command">syslog</strong></span>, <span><strong class="command">lpr</strong></span>, <span><strong class="command">news</strong></span>,
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater <span><strong class="command">uucp</strong></span>, <span><strong class="command">cron</strong></span>, <span><strong class="command">authpriv</strong></span>,
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater <span><strong class="command">ftp</strong></span>, <span><strong class="command">local0</strong></span>, <span><strong class="command">local1</strong></span>,
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater <span><strong class="command">local2</strong></span>, <span><strong class="command">local3</strong></span>, <span><strong class="command">local4</strong></span>,
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater <span><strong class="command">local5</strong></span>, <span><strong class="command">local6</strong></span> and
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater <span><strong class="command">local7</strong></span>, however not all facilities
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater are supported on
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater all operating systems.
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater How <span><strong class="command">syslog</strong></span> will handle messages
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater this facility is described in the <span><strong class="command">syslog.conf</strong></span> man
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater page. If you have a system which uses a very old version of <span><strong class="command">syslog</strong></span> that
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater only uses two arguments to the <span><strong class="command">openlog()</strong></span> function,
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater then this clause is silently ignored.
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater On Windows machines syslog messages are directed to the EventViewer.
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater The <span><strong class="command">severity</strong></span> clause works like <span><strong class="command">syslog</strong></span>'s
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater "priorities", except that they can also be used if you are writing
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater straight to a file rather than using <span><strong class="command">syslog</strong></span>.
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater Messages which are not at least of the severity level given will
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater not be selected for the channel; messages of higher severity
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater will be accepted.
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater If you are using <span><strong class="command">syslog</strong></span>, then the <span><strong class="command">syslog.conf</strong></span> priorities
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater will also determine what eventually passes through. For example,
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater defining a channel facility and severity as <span><strong class="command">daemon</strong></span> and <span><strong class="command">debug</strong></span> but
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater only logging <span><strong class="command">daemon.warning</strong></span> via <span><strong class="command">syslog.conf</strong></span> will
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater cause messages of severity <span><strong class="command">info</strong></span> and
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater <span><strong class="command">notice</strong></span> to
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater be dropped. If the situation were reversed, with <span><strong class="command">named</strong></span> writing
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater messages of only <span><strong class="command">warning</strong></span> or higher,
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater then <span><strong class="command">syslogd</strong></span> would
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater print all messages it received from the channel.
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater The <span><strong class="command">stderr</strong></span> destination clause
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater channel to the server's standard error stream. This is intended
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater use when the server is running as a foreground process, for
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater when debugging a configuration.
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater The server can supply extensive debugging information when
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater it is in debugging mode. If the server's global debug level is
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater than zero, then debugging mode will be active. The global debug
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater level is set either by starting the <span><strong class="command">named</strong></span> server
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater with the <code class="option">-d</code> flag followed by a positive integer,
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater or by running <span><strong class="command">rndc trace</strong></span>.
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater The global debug level
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater can be set to zero, and debugging mode turned off, by running <span><strong class="command">rndc
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updaternotrace</strong></span>. All debugging messages in the server have a debug
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater level, and higher debug levels give more detailed output. Channels
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater that specify a specific debug severity, for example:
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater<pre class="programlisting">channel specific_debug_level {
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater severity debug 3;
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater will get debugging output of level 3 or less any time the
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater server is in debugging mode, regardless of the global debugging
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater level. Channels with <span><strong class="command">dynamic</strong></span>
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater severity use the
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater server's global debug level to determine what messages to print.
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater If <span><strong class="command">print-time</strong></span> has been turned on,
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater the date and time will be logged. <span><strong class="command">print-time</strong></span> may
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater be specified for a <span><strong class="command">syslog</strong></span> channel,
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater but is usually
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater pointless since <span><strong class="command">syslog</strong></span> also logs
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater time. If <span><strong class="command">print-category</strong></span> is
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater requested, then the
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater category of the message will be logged as well. Finally, if <span><strong class="command">print-severity</strong></span> is
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater on, then the severity level of the message will be logged. The <span><strong class="command">print-</strong></span> options may
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater be used in any combination, and will always be printed in the
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater order: time, category, severity. Here is an example where all
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater three <span><strong class="command">print-</strong></span> options
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater <code class="computeroutput">28-Feb-2000 15:05:32.863 general: notice: running</code>
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater If <span><strong class="command">buffered</strong></span> has been turned on the output
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater to files will not be flushed after each log entry. By default
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater all log messages are flushed.
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater There are four predefined channels that are used for
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater <span><strong class="command">named</strong></span>'s default logging as follows.
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater If <span><strong class="command">named</strong></span> is started with the
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater fifth channel <span><strong class="command">default_logfile</strong></span> is added.
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater used is described in <a href="Bv9ARM.ch06.html#the_category_phrase" title="The category Phrase">the section called “The <span><strong class="command">category</strong></span> Phrase”</a>.
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater<pre class="programlisting">channel default_syslog {
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater // send to syslog's daemon facility
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater syslog daemon;
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater // only send priority info and higher
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater severity info;
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updaterchannel default_debug {
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater // write to named.run in the working directory
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater // Note: stderr is used instead of "named.run" if
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater // the server is started with the '-g' option.
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater // log at the server's current debug level
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater severity dynamic;
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updaterchannel default_stderr {
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater // writes to stderr
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater // only send priority info and higher
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater severity info;
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater // toss anything sent to this channel
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updaterchannel default_logfile {
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater // this channel is only present if named is
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater // started with the -L option, whose argument
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater // provides the file name
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater // log at the server's current debug level
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater severity dynamic;
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater The <span><strong class="command">default_debug</strong></span> channel has the
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater property that it only produces output when the server's debug
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater nonzero. It normally writes to a file called <code class="filename">named.run</code>
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater in the server's working directory.
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater For security reasons, when the <code class="option">-u</code>
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater command line option is used, the <code class="filename">named.run</code> file
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater is created only after <span><strong class="command">named</strong></span> has
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater changed to the
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater new UID, and any debug output generated while <span><strong class="command">named</strong></span> is
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater starting up and still running as root is discarded. If you need
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater to capture this output, you must run the server with the <code class="option">-L</code>
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater option to specify a default logfile, or the <code class="option">-g</code>
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater option to log to standard error which you can redirect to a file.
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews Once a channel is defined, it cannot be redefined. Thus you
bc0a53583d92309bebcf93c408e2f3247ebd3d3cAutomatic Updater cannot alter the built-in channels directly, but you can modify
41ffa5503c1dc1ab99aa62ef61828e032ed470e8Automatic Updater the default logging by pointing categories at channels you have
41ffa5503c1dc1ab99aa62ef61828e032ed470e8Automatic Updater<div class="titlepage"><div><div><h4 class="title">
41ffa5503c1dc1ab99aa62ef61828e032ed470e8Automatic Updater<a name="the_category_phrase"></a>The <span><strong class="command">category</strong></span> Phrase</h4></div></div></div>
41ffa5503c1dc1ab99aa62ef61828e032ed470e8Automatic Updater There are many categories, so you can send the logs you want
41ffa5503c1dc1ab99aa62ef61828e032ed470e8Automatic Updater to see wherever you want, without seeing logs you don't want. If
41ffa5503c1dc1ab99aa62ef61828e032ed470e8Automatic Updater you don't specify a list of channels for a category, then log
0429fc942ef48b8ab07a01648b22f98174a2ae6fAutomatic Updater in that category will be sent to the <span><strong class="command">default</strong></span> category
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews instead. If you don't specify a default category, the following
251227789bd26421471076f04f4e9eb7f0efb2f1Mark Andrews "default default" is used:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting">category default { default_syslog; default_debug; };
41ffa5503c1dc1ab99aa62ef61828e032ed470e8Automatic Updater If you start <span><strong class="command">named</strong></span> with the
41ffa5503c1dc1ab99aa62ef61828e032ed470e8Automatic Updater <code class="option">-L</code> option then the default category is:
41ffa5503c1dc1ab99aa62ef61828e032ed470e8Automatic Updater<pre class="programlisting">category default { default_logfile; default_debug; };
41ffa5503c1dc1ab99aa62ef61828e032ed470e8Automatic Updater As an example, let's say you want to log security events to
41ffa5503c1dc1ab99aa62ef61828e032ed470e8Automatic Updater a file, but you also want keep the default logging behavior. You'd
41ffa5503c1dc1ab99aa62ef61828e032ed470e8Automatic Updater specify the following:
41ffa5503c1dc1ab99aa62ef61828e032ed470e8Automatic Updater<pre class="programlisting">channel my_security_channel {
41ffa5503c1dc1ab99aa62ef61828e032ed470e8Automatic Updater file "my_security_file";
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews severity info;
068a66979695c77359e7a9181bb3f831c965b21cMark Andrewscategory security {
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews my_security_channel;
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews default_syslog;
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews default_debug;
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews To discard all messages in a category, specify the <span><strong class="command">null</strong></span> channel:
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<pre class="programlisting">category xfer-out { null; };
068a66979695c77359e7a9181bb3f831c965b21cMark Andrewscategory notify { null; };
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews Following are the available categories and brief descriptions
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews of the types of log information they contain. More
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews categories may be added in future <acronym class="acronym">BIND</acronym> releases.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews <p><span><strong class="command">default</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The default category defines the logging
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater options for those categories where no specific
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater configuration has been
872a5b83f68b8058945298715b0fa53442aad52fAutomatic Updater <p><span><strong class="command">general</strong></span></p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews The catch-all. Many things still aren't
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews classified into categories, and they all end up here.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews <p><span><strong class="command">database</strong></span></p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Messages relating to the databases used
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington internally by the name server to store zone and cache
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">security</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Approval and denial of requests.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">config</strong></span></p>
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews Configuration file parsing and processing.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">resolver</strong></span></p>
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater DNS resolution, such as the recursive
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater lookups performed on behalf of clients by a caching name
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">xfer-in</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Zone transfers the server is receiving.
bf46736ab182c4663beb5a08cb2ebf7c364e0aa9Automatic Updater <p><span><strong class="command">xfer-out</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Zone transfers the server is sending.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">notify</strong></span></p>
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater The NOTIFY protocol.
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater <p><span><strong class="command">client</strong></span></p>
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater Processing of client requests.
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews <p><span><strong class="command">unmatched</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Messages that <span><strong class="command">named</strong></span> was unable to determine the
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater class of or for which there was no matching <span><strong class="command">view</strong></span>.
ca904804e43f663f08eb1ac9d6d617930b9a3cd3Automatic Updater A one line summary is also logged to the <span><strong class="command">client</strong></span> category.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This category is best sent to a file or stderr, by
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater default it is sent to
7f94d9a8162c9a96b56e66176702b66e79d8e1a2Automatic Updater the <span><strong class="command">null</strong></span> channel.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">network</strong></span></p>
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater Network operations.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater <p><span><strong class="command">update</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Dynamic updates.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater <p><span><strong class="command">update-security</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Approval and denial of update requests.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater <p><span><strong class="command">queries</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Specify where queries should be logged to.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater At startup, specifying the category <span><strong class="command">queries</strong></span> will also
bc0a53583d92309bebcf93c408e2f3247ebd3d3cAutomatic Updater enable query logging unless <span><strong class="command">querylog</strong></span> option has been
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The query log entry reports the client's IP
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater address and port number, and the query name,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater class and type. Next it reports whether the
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater Recursion Desired flag was set (+ if set, -
0ce87e5749aabb8eef1e0a37e4bd6e6ffa1d7196Automatic Updater if not set), if the query was signed (S),
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater EDNS was in used along with the EDNS version
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater number (E(#)), if TCP was used (T), if DO
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater (DNSSEC Ok) was set (D), if CD (Checking
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater Disabled) was set (C), if a valid DNS Server
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater COOKIE was received (V), or if a DNS COOKIE
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater option without a valid Server COOKIE was
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater present (K). After this the destination
71bd43eebd9d6e42dbcae62b730f5b6508d5acd8Automatic Updater address the query was sent to is reported.
71bd43eebd9d6e42dbcae62b730f5b6508d5acd8Automatic Updater <code class="computeroutput">client 127.0.0.1#62536 (www.example.com): query: www.example.com IN AAAA +SE</code>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <code class="computeroutput">client ::1#62537 (www.example.net): query: www.example.net IN AAAA -SE</code>
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater (The first part of this log message, showing the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater client address/port number and query name, is
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater repeated in all subsequent log messages related
2bb3422dc683c013db7042f5736240de6b86f182Automatic Updater to the same query.)
3e79333aa37d3b88959372431a02af8a3eb7cfd9Automatic Updater <p><span><strong class="command">query-errors</strong></span></p>
b1dc6282fe2d34975c8cb0435b4583071b6d1158Automatic Updater Information about queries that resulted in some
009a0837d51b40e33ebe1223f6c53effaa14920fAutomatic Updater <p><span><strong class="command">dispatch</strong></span></p>
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater Dispatching of incoming packets to the
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater server modules where they are to be processed.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">dnssec</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater DNSSEC and TSIG protocol processing.
3098364bcdd7a719fbafa5fc8d2cc9e90e5a5989Automatic Updater <p><span><strong class="command">lame-servers</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Lame servers. These are misconfigurations
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in remote servers, discovered by BIND 9 when trying to
3098364bcdd7a719fbafa5fc8d2cc9e90e5a5989Automatic Updater query those servers during resolution.
59b277af9d9aac08d16be63aed5ae60ac9eef0d5Automatic Updater <p><span><strong class="command">delegation-only</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Delegation only. Logs queries that have been
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater forced to NXDOMAIN as the result of a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater delegation-only zone or a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">delegation-only</strong></span> in a
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater forward, hint or stub zone declaration.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">edns-disabled</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Log queries that have been forced to use plain
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater DNS due to timeouts. This is often due to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the remote servers not being RFC 1034 compliant
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater (not always returning FORMERR or similar to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater EDNS queries and other extensions to the DNS
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater when they are not understood). In other words, this is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater targeted at servers that fail to respond to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater DNS queries that they don't understand.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater Note: the log message can also be due to
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater packet loss. Before reporting servers for
1b670d35282f1b9352692ad212be3c0aa97b0689Automatic Updater non-RFC 1034 compliance they should be re-tested
1b670d35282f1b9352692ad212be3c0aa97b0689Automatic Updater to determine the nature of the non-compliance.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This testing should prevent or reduce the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater number of false-positive reports.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Note: eventually <span><strong class="command">named</strong></span> will have to stop
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater treating such timeouts as due to RFC 1034 non
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater compliance and start treating it as plain
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater packet loss. Falsely classifying packet
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater loss as due to RFC 1034 non compliance impacts
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater on DNSSEC validation which requires EDNS for
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the DNSSEC records to be returned.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">RPZ</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Information about errors in response policy zone files,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater rewritten responses, and at the highest
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">debug</strong></span> levels, mere rewriting
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">rate-limit</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The start, periodic, and final notices of the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater rate limiting of a stream of responses are logged at
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">info</strong></span> severity in this category.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater These messages include a hash value of the domain name
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater of the response and the name itself,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater except when there is insufficient memory to record
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the name for the final notice
4cda4fd158d6ded5586bacea8c388445d99611eaAutomatic Updater The final notice is normally delayed until about one
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater minute after rate limit stops.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater A lack of memory can hurry the final notice,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in which case it starts with an asterisk (*).
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Various internal events are logged at debug 1 level
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Rate limiting of individual requests
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater is logged in the <span><strong class="command">query-errors</strong></span> category.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">cname</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Logs nameservers that are skipped due to them being
ca904804e43f663f08eb1ac9d6d617930b9a3cd3Automatic Updater a CNAME rather than A / AAAA records.
fc3576328379e813ccf6b3a6e66d9bb701a79c83Automatic Updater<div class="titlepage"><div><div><h4 class="title">
9f4f6472f976ae6fb3a42c2ac7cc383604092f80Automatic Updater<a name="id2576830"></a>The <span><strong class="command">query-errors</strong></span> Category</h4></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">query-errors</strong></span> category is
0d3490f93bb980fde704055e74c1b508987a5fe4Mark Andrews specifically intended for debugging purposes: To identify
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater why and how specific queries result in responses which
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater indicate an error.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Messages of this category are therefore only logged
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater with <span><strong class="command">debug</strong></span> levels.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater At the debug levels of 1 or higher, each response with the
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater rcode of SERVFAIL is logged as follows:
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater <code class="computeroutput">client 127.0.0.1#61502: query failed (SERVFAIL) for www.example.com/IN/AAAA at query.c:3880</code>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This means an error resulting in SERVFAIL was
7f94d9a8162c9a96b56e66176702b66e79d8e1a2Automatic Updater detected at line 3880 of source file
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson Log messages of this level will particularly
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson help identify the cause of SERVFAIL for an
992616aaf75643a0c9f84826f0a1ed5a27e84328Mark Andrews authoritative server.
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson At the debug levels of 2 or higher, detailed context
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater information of recursive resolutions that resulted in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater SERVFAIL is logged.
b0d566a2ce0f5a67f537ee7f8233f82f2584cc61Automatic Updater The log message will look like as follows:
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updaterfetch completed at resolver.c:2970 for www.example.com/A
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updaterin 30.000183: timed out/success [domain:example.com,
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updaterreferral:2,restart:7,qrysent:8,timeout:5,lame:0,neterr:0,
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updaterbadresp:1,adberr:0,findfail:0,valfail:0]
3c5dffc581c882235485cf5eaf7cd6a5e07548bfAutomatic Updater The first part before the colon shows that a recursive
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater resolution for AAAA records of www.example.com completed
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in 30.000183 seconds and the final result that led to the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater SERVFAIL was determined at line 2970 of source file
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater The following part shows the detected final result and the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater latest result of DNSSEC validation.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The latter is always success when no validation attempt
db5b7e2cdf150c46e8242d3e2e3ad3f5c7300258Automatic Updater In this example, this query resulted in SERVFAIL probably
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater because all name servers are down or unreachable, leading
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater to a timeout in 30 seconds.
b4cebdb6ccde66a8f3e397a1b90b0cf788519d69Automatic Updater DNSSEC validation was probably not attempted.
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater The last part enclosed in square brackets shows statistics
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater information collected for this particular resolution
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater The <code class="varname">domain</code> field shows the deepest zone
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater that the resolver reached;
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater it is the zone where the error was finally detected.
67f4b01f01bc7fd1ddf938be8367f6b0ce29a520Automatic Updater The meaning of the other fields is summarized in the
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews following table.
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater <p><code class="varname">referral</code></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The number of referrals the resolver received
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater throughout the resolution process.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater In the above example this is 2, which are most
b4cebdb6ccde66a8f3e397a1b90b0cf788519d69Automatic Updater <p><code class="varname">restart</code></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The number of cycles that the resolver tried
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater remote servers at the <code class="varname">domain</code>
83d29eff2912ef967596eb5ed148de7668b35564Automatic Updater In each cycle the resolver sends one query
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater (possibly resending it, depending on the response)
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to each known name server of
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the <code class="varname">domain</code> zone.
6a6965084d061016f7ba44637c7c50e096cac36aAutomatic Updater <p><code class="varname">qrysent</code></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The number of queries the resolver sent at the
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater <p><code class="varname">timeout</code></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The number of timeouts since the resolver
e705db6d5d886dc14f4a75a2046a075c0750e7eeAutomatic Updater received the last response.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The number of lame servers the resolver detected
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater at the <code class="varname">domain</code> zone.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater A server is detected to be lame either by an
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater invalid response or as a result of lookup in
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater BIND9's address database (ADB), where lame
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater servers are cached.
90ff38a0d8deaf5f9c2aa5916d99b2e572d28738Automatic Updater <p><code class="varname">neterr</code></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The number of erroneous results that the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater resolver encountered in sending queries
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater at the <code class="varname">domain</code> zone.
71bd43eebd9d6e42dbcae62b730f5b6508d5acd8Automatic Updater One common case is the remote server is
b4cebdb6ccde66a8f3e397a1b90b0cf788519d69Automatic Updater unreachable and the resolver receives an ICMP
a26b22914b7bf25f065afb8cdef983766dcd672bAutomatic Updater unreachable error message.
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater <p><code class="varname">badresp</code></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The number of unexpected responses (other than
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <code class="varname">lame</code>) to queries sent by the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater resolver at the <code class="varname">domain</code> zone.
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater <p><code class="varname">adberr</code></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Failures in finding remote server addresses
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater of the <code class="varname">domain</code> zone in the ADB.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington One common case of this is that the remote
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater server's name does not have any address records.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><code class="varname">findfail</code></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Failures of resolving remote server addresses.
681beefc668253b3e469a1de282fbc33a3752422Automatic Updater This is a total number of failures throughout
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater the resolution process.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Failures of DNSSEC validation.
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews Validation failures are counted throughout
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the resolution process (not limited to
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews the <code class="varname">domain</code> zone), but should
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater only happen in <code class="varname">domain</code>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater At the debug levels of 3 or higher, the same messages
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater as those at the debug 1 level are logged for other errors
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater than SERVFAIL.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Note that negative responses such as NXDOMAIN are not
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater regarded as errors here.
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater At the debug levels of 4 or higher, the same messages
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater as those at the debug 2 level are logged for other errors
b4cebdb6ccde66a8f3e397a1b90b0cf788519d69Automatic Updater than SERVFAIL.
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater Unlike the above case of level 3, messages are logged for
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater negative responses.
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater This is because any unexpected results can be difficult to
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater debug in the recursion case.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h3 class="title">
0ce87e5749aabb8eef1e0a37e4bd6e6ffa1d7196Automatic Updater<a name="id2577350"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This is the grammar of the <span><strong class="command">lwres</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater statement in the <code class="filename">named.conf</code> file:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting"><span><strong class="command">lwres</strong></span> {
96ea71632887c58a9d00f47eb318bf76b35903c3Mark Andrews [<span class="optional"> listen-on { <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ;
a26b22914b7bf25f065afb8cdef983766dcd672bAutomatic Updater [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; ... </span>] }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> view <em class="replaceable"><code>view_name</code></em>; </span>]
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews [<span class="optional"> search { <em class="replaceable"><code>domain_name</code></em> ; [<span class="optional"> <em class="replaceable"><code>domain_name</code></em> ; ... </span>] }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> ndots <em class="replaceable"><code>number</code></em>; </span>]
9870509cb161e9c8d809ea2db41d371317ba2a35Automatic Updater [<span class="optional"> lwres-tasks <em class="replaceable"><code>number</code></em>; </span>]
96713299d08c0735c18ebe8772dd2cc1ecd4356aAutomatic Updater [<span class="optional"> lwres-clients <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h3 class="title">
c01dec514a81ecf8c17ca3ef8c3ba95e437295ebAutomatic Updater<a name="id2577447"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">lwres</strong></span> statement configures the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater server to also act as a lightweight resolver server. (See
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews <a href="Bv9ARM.ch05.html#lwresd" title="Running a Resolver Daemon">the section called “Running a Resolver Daemon”</a>.) There may be multiple
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">lwres</strong></span> statements configuring
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater lightweight resolver servers with different properties.
681beefc668253b3e469a1de282fbc33a3752422Automatic Updater The <span><strong class="command">listen-on</strong></span> statement specifies a
90ff38a0d8deaf5f9c2aa5916d99b2e572d28738Automatic Updater IPv4 addresses (and ports) that this instance of a lightweight
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater resolver daemon
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater should accept requests on. If no port is specified, port 921 is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If this statement is omitted, requests will be accepted on
681beefc668253b3e469a1de282fbc33a3752422Automatic Updater The <span><strong class="command">view</strong></span> statement binds this
ce0fd07045292942bfa3e755d9ce596941528a63Automatic Updater lightweight resolver daemon to a view in the DNS namespace, so that
681beefc668253b3e469a1de282fbc33a3752422Automatic Updater response will be constructed in the same manner as a normal DNS
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater matching this view. If this statement is omitted, the default view
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater used, and if there is no default view, an error is triggered.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The <span><strong class="command">search</strong></span> statement is equivalent to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">search</strong></span> statement in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <code class="filename">/etc/resolv.conf</code>. It provides a
c6517a807173827b8f638d31303805ee4c1d8054Automatic Updater list of domains
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater which are appended to relative names in queries.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">ndots</strong></span> statement is equivalent to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">ndots</strong></span> statement in
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <code class="filename">/etc/resolv.conf</code>. It indicates the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington number of dots in a relative domain name that should result in an
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater exact match lookup before search path elements are appended.
c6517a807173827b8f638d31303805ee4c1d8054Automatic Updater The <code class="option">lwres-tasks</code> statement specifies the number
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater of worker threads the lightweight resolver will dedicate to serving
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater clients. By default the number is the same as the number of CPUs on
6f046a065e5543f8cd7e2f24991c65d2372f4c8dMark Andrews the system; this can be overridden using the <code class="option">-n</code>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater command line option when starting the server.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <code class="option">lwres-clients</code> specifies
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the number of client objects per thread the lightweight
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater resolver should create to serve client queries.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater By default, if the lightweight resolver runs as a part
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater of <span><strong class="command">named</strong></span>, 256 client objects are
d145b64cacc8d9cda51f9924ec70cd4661c3e2cfAutomatic Updater created for each task; if it runs as <span><strong class="command">lwresd</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater 1024 client objects are created for each thread. The maximum
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater value is 32768; higher values will be silently ignored and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the maximum will be used instead.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Note that setting too high a value may overconsume
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater system resources.
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater The maximum number of client queries that the lightweight
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater resolver can handle at any one time equals
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <code class="option">lwres-tasks</code> times <code class="option">lwres-clients</code>.
0429fc942ef48b8ab07a01648b22f98174a2ae6fAutomatic Updater<div class="titlepage"><div><div><h3 class="title">
d145b64cacc8d9cda51f9924ec70cd4661c3e2cfAutomatic Updater<a name="id2577611"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<span><strong class="command">masters</strong></span> <em class="replaceable"><code>name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> |
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] };
71bd43eebd9d6e42dbcae62b730f5b6508d5acd8Automatic Updater<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2577660"></a><span><strong class="command">masters</strong></span> Statement Definition and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<p><span><strong class="command">masters</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater lists allow for a common set of masters to be easily used by
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater multiple stub and slave zones in their <span><strong class="command">masters</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater or <span><strong class="command">also-notify</strong></span> lists.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h3 class="title">
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater<a name="id2577682"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater This is the grammar of the <span><strong class="command">options</strong></span>
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater statement in the <code class="filename">named.conf</code> file:
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater<pre class="programlisting"><span><strong class="command">options</strong></span> {
40696c4c389a780082fb77840c173b201ce696d6Automatic Updater [<span class="optional"> attach-cache <em class="replaceable"><code>cache_name</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> version <em class="replaceable"><code>version_string</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> hostname <em class="replaceable"><code>hostname_string</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> server-id <em class="replaceable"><code>server_id_string</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> directory <em class="replaceable"><code>path_name</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> geoip-directory <em class="replaceable"><code>path_name</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> key-directory <em class="replaceable"><code>path_name</code></em>; </span>]
40696c4c389a780082fb77840c173b201ce696d6Automatic Updater [<span class="optional"> managed-keys-directory <em class="replaceable"><code>path_name</code></em>; </span>]
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington [<span class="optional"> named-xfer <em class="replaceable"><code>path_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> tkey-gssapi-keytab <em class="replaceable"><code>path_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> tkey-gssapi-credential <em class="replaceable"><code>principal</code></em>; </span>]
822df94949fc267ee9a9ab1a06c13f24522d3ac4Automatic Updater [<span class="optional"> tkey-domain <em class="replaceable"><code>domainname</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> tkey-dhkey <em class="replaceable"><code>key_name</code></em> <em class="replaceable"><code>key_tag</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> cache-file <em class="replaceable"><code>path_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dump-file <em class="replaceable"><code>path_name</code></em>; </span>]
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington [<span class="optional"> bindkeys-file <em class="replaceable"><code>path_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> lock-file <em class="replaceable"><code>path_name</code></em>; </span>]
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington [<span class="optional"> secroots-file <em class="replaceable"><code>path_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> session-keyfile <em class="replaceable"><code>path_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> session-keyname <em class="replaceable"><code>key_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> session-keyalg <em class="replaceable"><code>algorithm_id</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> memstatistics <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> memstatistics-file <em class="replaceable"><code>path_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> pid-file <em class="replaceable"><code>path_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> recursing-file <em class="replaceable"><code>path_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> statistics-file <em class="replaceable"><code>path_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> zone-statistics <em class="replaceable"><code>full</code></em> | <em class="replaceable"><code>terse</code></em> | <em class="replaceable"><code>none</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> auth-nxdomain <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> nxdomain-redirect <em class="replaceable"><code>string</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> deallocate-on-exit <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dialup <em class="replaceable"><code>dialup_option</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> fake-iquery <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> fetch-glue <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> flush-zones-on-shutdown <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> has-old-clients <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> host-statistics <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> host-statistics-max <em class="replaceable"><code>number</code></em>; </span>]
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater [<span class="optional"> minimal-responses <em class="replaceable"><code>yes_or_no</code></em>; </span>]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson [<span class="optional"> multiple-cnames <em class="replaceable"><code>yes_or_no</code></em>; </span>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [<span class="optional"> notify <em class="replaceable"><code>yes_or_no</code></em> | <em class="replaceable"><code>explicit</code></em> | <em class="replaceable"><code>master-only</code></em>; </span>]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson [<span class="optional"> recursion <em class="replaceable"><code>yes_or_no</code></em>; </span>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [<span class="optional"> send-cookie <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> require-server-cookie <em class="replaceable"><code>yes_or_no</code></em>; </span>]
be7f27304337afbf078e8bd8db0f951a33abe33bAndreas Gustafsson [<span class="optional"> cookie-algorithm <em class="replaceable"><code>secret_string</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> cookie-secret <em class="replaceable"><code>secret_string</code></em>; </span>]
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater [<span class="optional"> request-nsid <em class="replaceable"><code>yes_or_no</code></em>; </span>]
822df94949fc267ee9a9ab1a06c13f24522d3ac4Automatic Updater [<span class="optional"> rfc2308-type1 <em class="replaceable"><code>yes_or_no</code></em>; </span>]
11ba7973f989b3657cbb27447bdcdd976c71ac56Brian Wellington [<span class="optional"> use-id-pool <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> maintain-ixfr-base <em class="replaceable"><code>yes_or_no</code></em>; </span>]
11ba7973f989b3657cbb27447bdcdd976c71ac56Brian Wellington [<span class="optional"> ixfr-from-differences (<em class="replaceable"><code>yes_or_no</code></em> | <code class="constant">master</code> | <code class="constant">slave</code>); </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> auto-dnssec <code class="constant">allow</code>|<code class="constant">maintain</code>|<code class="constant">off</code>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dnssec-enable <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dnssec-validation (<em class="replaceable"><code>yes_or_no</code></em> | <code class="constant">auto</code>); </span>]
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater [<span class="optional"> dnssec-lookaside ( <em class="replaceable"><code>auto</code></em> |
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater <em class="replaceable"><code>no</code></em> |
0df8ead472f207020f8da22a185fe4b945248ab8Automatic Updater <em class="replaceable"><code>domain</code></em> trust-anchor <em class="replaceable"><code>domain</code></em> ); </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dnssec-must-be-secure <em class="replaceable"><code>domain yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dnssec-accept-expired <em class="replaceable"><code>yes_or_no</code></em>; </span>]
7f94d9a8162c9a96b56e66176702b66e79d8e1a2Automatic Updater [<span class="optional"> forward ( <em class="replaceable"><code>only</code></em> | <em class="replaceable"><code>first</code></em> ); </span>]
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater [<span class="optional"> forwarders { [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; ... </span>] }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dual-stack-servers [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] {
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater ( <em class="replaceable"><code>domain_name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] |
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>]) ;
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews ... }; </span>]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson [<span class="optional"> check-names ( <em class="replaceable"><code>master</code></em> | <em class="replaceable"><code>slave</code></em> | <em class="replaceable"><code>response</code></em> )
6de27e27ad6056d7c049feb912df5a6b9a56d1b8Automatic Updater ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> check-dup-records ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [<span class="optional"> check-mx ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> check-wildcard <em class="replaceable"><code>yes_or_no</code></em>; </span>]
822df94949fc267ee9a9ab1a06c13f24522d3ac4Automatic Updater [<span class="optional"> check-integrity <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> check-mx-cname ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
a900e4f99ff134b567b6df5ac2c841c7d0c551d3Automatic Updater [<span class="optional"> check-srv-cname ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
a900e4f99ff134b567b6df5ac2c841c7d0c551d3Automatic Updater [<span class="optional"> check-sibling <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> check-spf ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
a9638b6e8997c3c96a23a7df973aa126061ff34fAutomatic Updater [<span class="optional"> allow-new-zones { <em class="replaceable"><code>yes_or_no</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-notify { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater [<span class="optional"> allow-query { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-query-on { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-query-cache { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-query-cache-on { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [<span class="optional"> allow-transfer { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-recursion { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [<span class="optional"> allow-recursion-on { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-update { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
a900e4f99ff134b567b6df5ac2c841c7d0c551d3Automatic Updater [<span class="optional"> allow-update-forwarding { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> automatic-interface-scan { <em class="replaceable"><code>yes_or_no</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> geoip-use-ecs <em class="replaceable"><code>yes_or_no</code></em>;</span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> update-check-ksk <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dnssec-update-mode ( <em class="replaceable"><code>maintain</code></em> | <em class="replaceable"><code>no-resign</code></em> ); </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dnssec-dnskey-kskonly <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dnssec-loadkeys-interval <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dnssec-secure-to-insecure <em class="replaceable"><code>yes_or_no</code></em> ;</span>]
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater [<span class="optional"> try-tcp-refresh <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-v6-synthesis { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> blackhole { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> keep-response-order { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> no-case-compress { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> use-v4-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
a900e4f99ff134b567b6df5ac2c841c7d0c551d3Automatic Updater [<span class="optional"> avoid-v4-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> use-v6-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> avoid-v6-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> listen-on [<span class="optional"> port <em class="replaceable"><code>ip_port</code></em> </span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> listen-on-v6 [<span class="optional"> port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater{ <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> query-source ( ( <em class="replaceable"><code>ip4_addr</code></em> | <em class="replaceable"><code>*</code></em> )
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dscp <em class="replaceable"><code>ip_dscp</code></em></span>] |
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> address ( <em class="replaceable"><code>ip4_addr</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington [<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] )
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; </span>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> query-source-v6 ( ( <em class="replaceable"><code>ip6_addr</code></em> | <em class="replaceable"><code>*</code></em> )
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews [<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> dscp <em class="replaceable"><code>ip_dscp</code></em></span>] |
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> address ( <em class="replaceable"><code>ip6_addr</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews [<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] )
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; </span>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> use-queryport-pool <em class="replaceable"><code>yes_or_no</code></em>; </span>]
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews [<span class="optional"> queryport-pool-ports <em class="replaceable"><code>number</code></em>; </span>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> queryport-pool-updateinterval <em class="replaceable"><code>number</code></em>; </span>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> max-transfer-time-in <em class="replaceable"><code>number</code></em>; </span>]
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews [<span class="optional"> max-transfer-time-out <em class="replaceable"><code>number</code></em>; </span>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> max-transfer-idle-in <em class="replaceable"><code>number</code></em>; </span>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> max-transfer-idle-out <em class="replaceable"><code>number</code></em>; </span>]
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews [<span class="optional"> reserved-sockets <em class="replaceable"><code>number</code></em>; </span>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> recursive-clients <em class="replaceable"><code>number</code></em>; </span>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> tcp-clients <em class="replaceable"><code>number</code></em>; </span>]
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews [<span class="optional"> clients-per-query <em class="replaceable"><code>number</code></em> ; </span>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> max-clients-per-query <em class="replaceable"><code>number</code></em> ; </span>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> fetches-per-server <em class="replaceable"><code>number</code></em> [<span class="optional"><em class="replaceable"><code>(drop | fail)</code></em></span>]; </span>]
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews [<span class="optional"> fetch-quota-params <em class="replaceable"><code>number fixedpoint fixedpoint fixedpoint</code></em> ; </span>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> fetches-per-zone <em class="replaceable"><code>number</code></em> [<span class="optional"><em class="replaceable"><code>(drop | fail)</code></em></span>]; </span>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> notify-rate <em class="replaceable"><code>number</code></em>; </span>]
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews [<span class="optional"> startup-notify-rate <em class="replaceable"><code>number</code></em>; </span>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> serial-query-rate <em class="replaceable"><code>number</code></em>; </span>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> serial-queries <em class="replaceable"><code>number</code></em>; </span>]
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews [<span class="optional"> tcp-listen-queue <em class="replaceable"><code>number</code></em>; </span>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> transfer-format <em class="replaceable"><code>( one-answer | many-answers )</code></em>; </span>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> transfers-in <em class="replaceable"><code>number</code></em>; </span>]
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews [<span class="optional"> transfers-out <em class="replaceable"><code>number</code></em>; </span>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> transfers-per-ns <em class="replaceable"><code>number</code></em>; </span>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; </span>]
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews [<span class="optional"> transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; </span>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> alt-transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; </span>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> alt-transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; </span>]
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews [<span class="optional"> use-alt-transfer-source <em class="replaceable"><code>yes_or_no</code></em>; </span>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> notify-delay <em class="replaceable"><code>seconds</code></em> ; </span>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> notify-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; </span>]
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews [<span class="optional"> notify-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; </span>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> notify-to-soa <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> also-notify { <em class="replaceable"><code>ip_addr</code></em>
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] [<span class="optional">key <em class="replaceable"><code>keyname</code></em></span>] ;
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] [<span class="optional">key <em class="replaceable"><code>keyname</code></em></span>] ; ... </span>] }; </span>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> max-ixfr-log-size <em class="replaceable"><code>number</code></em>; </span>]
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews [<span class="optional"> max-journal-size <em class="replaceable"><code>size_spec</code></em>; </span>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> coresize <em class="replaceable"><code>size_spec</code></em> ; </span>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> datasize <em class="replaceable"><code>size_spec</code></em> ; </span>]
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews [<span class="optional"> files <em class="replaceable"><code>size_spec</code></em> ; </span>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> stacksize <em class="replaceable"><code>size_spec</code></em> ; </span>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> cleaning-interval <em class="replaceable"><code>number</code></em>; </span>]
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews [<span class="optional"> heartbeat-interval <em class="replaceable"><code>number</code></em>; </span>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [<span class="optional"> interface-interval <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> statistics-interval <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> topology { <em class="replaceable"><code>address_match_list</code></em> }</span>];
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> sortlist { <em class="replaceable"><code>address_match_list</code></em> }</span>];
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> rrset-order { <em class="replaceable"><code>order_spec</code></em> ; [<span class="optional"> <em class="replaceable"><code>order_spec</code></em> ; ... </span>] </span>] };
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson [<span class="optional"> lame-ttl <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-ncache-ttl <em class="replaceable"><code>number</code></em>; </span>]
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson [<span class="optional"> max-cache-ttl <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-zone-ttl ( <code class="constant">unlimited</code> | <em class="replaceable"><code>number</code></em> ; </span>]
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson [<span class="optional"> serial-update-method <code class="constant">increment</code>|<code class="constant">unixtime</code>|<code class="constant">date</code>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> servfail-ttl <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> sig-validity-interval <em class="replaceable"><code>number</code></em> [<span class="optional"><em class="replaceable"><code>number</code></em></span>] ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> sig-signing-nodes <em class="replaceable"><code>number</code></em> ; </span>]
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson [<span class="optional"> sig-signing-signatures <em class="replaceable"><code>number</code></em> ; </span>]
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater [<span class="optional"> sig-signing-type <em class="replaceable"><code>number</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> min-roots <em class="replaceable"><code>number</code></em>; </span>]
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson [<span class="optional"> use-ixfr <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> provide-ixfr <em class="replaceable"><code>yes_or_no</code></em>; </span>]
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson [<span class="optional"> request-ixfr <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> request-expire <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> treat-cr-as-space <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> min-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater [<span class="optional"> min-retry-time <em class="replaceable"><code>number</code></em> ; </span>]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson [<span class="optional"> max-retry-time <em class="replaceable"><code>number</code></em> ; </span>]
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater [<span class="optional"> nta-lifetime <em class="replaceable"><code>duration</code></em> ; </span>]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson [<span class="optional"> nta-recheck <em class="replaceable"><code>duration</code></em> ; </span>]
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater [<span class="optional"> port <em class="replaceable"><code>ip_port</code></em>; </span>]
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater [<span class="optional"> dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ;
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater [<span class="optional"> additional-from-auth <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> additional-from-cache <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [<span class="optional"> random-device <em class="replaceable"><code>path_name</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-cache-size <em class="replaceable"><code>size_spec</code></em> ; </span>]
713c3d5b18463f2479973e4d14f73248e60a5df7Mark Andrews [<span class="optional"> match-mapped-addresses <em class="replaceable"><code>yes_or_no</code></em>; </span>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [<span class="optional"> filter-aaaa-on-v4 ( <em class="replaceable"><code>yes_or_no</code></em> | <em class="replaceable"><code>break-dnssec</code></em> ); </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> filter-aaaa-on-v6 ( <em class="replaceable"><code>yes_or_no</code></em> | <em class="replaceable"><code>break-dnssec</code></em> ); </span>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [<span class="optional"> filter-aaaa { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dns64 <em class="replaceable"><code>ipv6-prefix</code></em> {
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> clients { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater [<span class="optional"> mapped { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> exclude { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson [<span class="optional"> suffix <em class="replaceable"><code>IPv6-address</code></em>; </span>]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson [<span class="optional"> recursive-only <em class="replaceable"><code>yes_or_no</code></em>; </span>]
992616aaf75643a0c9f84826f0a1ed5a27e84328Mark Andrews [<span class="optional"> break-dnssec <em class="replaceable"><code>yes_or_no</code></em>; </span>]
2fd97723b2ec7fc1975672780ab0c1c9a8c369d6Automatic Updater [<span class="optional"> dns64-server <em class="replaceable"><code>name</code></em> </span>]
2fd97723b2ec7fc1975672780ab0c1c9a8c369d6Automatic Updater [<span class="optional"> dns64-contact <em class="replaceable"><code>name</code></em> </span>]
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews [<span class="optional"> preferred-glue ( <em class="replaceable"><code>A</code></em> | <em class="replaceable"><code>AAAA</code></em> | <em class="replaceable"><code>NONE</code></em> ); </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> edns-udp-size <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-udp-size <em class="replaceable"><code>number</code></em>; </span>]
0d3490f93bb980fde704055e74c1b508987a5fe4Mark Andrews [<span class="optional"> max-rsa-exponent-size <em class="replaceable"><code>number</code></em>; </span>]
75b70a68aefaa17ac4e768d5ed85d2f50d471490Automatic Updater [<span class="optional"> root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>namelist</code></em> } </span>] ; </span>]
922e6a3c2ac4ef900dd9dc99f0cc137f18372583Andreas Gustafsson [<span class="optional"> querylog <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [<span class="optional"> disable-algorithms <em class="replaceable"><code>domain</code></em> { <em class="replaceable"><code>algorithm</code></em>;
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater [<span class="optional"> <em class="replaceable"><code>algorithm</code></em>; </span>] }; </span>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [<span class="optional"> disable-ds-digests <em class="replaceable"><code>domain</code></em> { <em class="replaceable"><code>digest_type</code></em>;
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater [<span class="optional"> <em class="replaceable"><code>digest_type</code></em>; </span>] }; </span>]
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater [<span class="optional"> acache-enable <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater [<span class="optional"> acache-cleaning-interval <em class="replaceable"><code>number</code></em>; </span>]
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater [<span class="optional"> max-acache-size <em class="replaceable"><code>size_spec</code></em> ; </span>]
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater [<span class="optional"> max-recursion-depth <em class="replaceable"><code>number</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-recursion-queries <em class="replaceable"><code>number</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> masterfile-format
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater (<code class="constant">text</code>|<code class="constant">raw</code>|<code class="constant">map</code>) ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater (<code class="constant">relative</code>|<code class="constant">full</code>) ; </span>]
885f47576842cf3c569315b9a48bd9f0ca03f203Automatic Updater [<span class="optional"> empty-server <em class="replaceable"><code>name</code></em> ; </span>]
0142fd71e07bc70a25b767a8ecafb90f889da00eAutomatic Updater [<span class="optional"> empty-contact <em class="replaceable"><code>name</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> empty-zones-enable <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> disable-empty-zone <em class="replaceable"><code>zone_name</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> zero-no-soa-ttl <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater [<span class="optional"> zero-no-soa-ttl-cache <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> resolver-query-timeout <em class="replaceable"><code>number</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> deny-answer-addresses { <em class="replaceable"><code>address_match_list</code></em> } [<span class="optional"> except-from { <em class="replaceable"><code>namelist</code></em> } </span>];</span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> deny-answer-aliases { <em class="replaceable"><code>namelist</code></em> } [<span class="optional"> except-from { <em class="replaceable"><code>namelist</code></em> } </span>];</span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> prefetch <em class="replaceable"><code>number</code></em> [<span class="optional"><em class="replaceable"><code>number</code></em></span>] ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> responses-per-second <em class="replaceable"><code>number</code></em> ; </span>]
195e7b7a6e0bdc80373d65085e12a2950e9a1226Mark Andrews [<span class="optional"> referrals-per-second <em class="replaceable"><code>number</code></em> ; </span>]
885f47576842cf3c569315b9a48bd9f0ca03f203Automatic Updater [<span class="optional"> nodata-per-second <em class="replaceable"><code>number</code></em> ; </span>]
9cd4b3f809a6f376c9f163a403861e22a6c2186fAutomatic Updater [<span class="optional"> nxdomains-per-second <em class="replaceable"><code>number</code></em> ; </span>]
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater [<span class="optional"> errors-per-second <em class="replaceable"><code>number</code></em> ; </span>]
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater [<span class="optional"> all-per-second <em class="replaceable"><code>number</code></em> ; </span>]
f9a89df8bd3cf6ae1a292dd6b122b4cf7d760314Automatic Updater [<span class="optional"> window <em class="replaceable"><code>number</code></em> ; </span>]
63d98873e29dee9608c27f40613cb69d130a56e7Mark Andrews [<span class="optional"> log-only <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
e2caa7536302de34de6cc04025abcd53dc3a499aAutomatic Updater [<span class="optional"> qps-scale <em class="replaceable"><code>number</code></em> ; </span>]
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews [<span class="optional"> ipv4-prefix-length <em class="replaceable"><code>number</code></em> ; </span>]
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater [<span class="optional"> ipv6-prefix-length <em class="replaceable"><code>number</code></em> ; </span>]
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater [<span class="optional"> slip <em class="replaceable"><code>number</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> exempt-clients { <em class="replaceable"><code>address_match_list</code></em> } ; </span>]
72628f51c75245fa522fc27ac982392891e7bf87Automatic Updater [<span class="optional"> max-table-size <em class="replaceable"><code>number</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> min-table-size <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> recursive-only <em class="replaceable"><code>yes_or_no</code></em> </span>]
} [<span class="optional"> recursive-only <em class="replaceable"><code>yes_or_no</code></em> </span>]
[<span class="optional"> qname-wait-recurse <em class="replaceable"><code>yes_or_no</code></em> </span>]
<a name="options"></a><span><strong class="command">options</strong></span> Statement Definition and
Usage">the section called “<span><strong class="command">acl</strong></span> Statement Definition and
<dt><span class="term"><span><strong class="command">managed-keys-directory</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">tkey-gssapi-credential</strong></span></span></dt>
of the form "<strong class="userinput"><code>DNS/</code></strong><code class="varname">server.domain</code>".
ignored if <span><strong class="command">named</strong></span> was run using the <code class="option">-X</code>
in <a href="Bv9ARM.ch06.html#statsfile" title="The Statistics File">the section called “The Statistics File”</a>.
(See <a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called “Dynamic Update Policies”</a>, and in
<a name="root_delegation_only"></a><span class="term"><span><strong class="command">root-delegation-only</strong></span></span>
Note some TLDs are not delegation only (e.g. "DE", "LV",
from <a href="https://www.isc.org/solutions/dlv/" target="_top">https://www.isc.org/solutions/dlv/</a>.
<dt><span class="term"><span><strong class="command">dnssec-must-be-secure</strong></span></span></dt>
Additionally a reverse IP6.ARPA zone will be created for
the prefix to provide a mapping from the IP6.ARPA names
to the corresponding IN-ADDR.ARPA names using synthesized
<dt><span class="term"><span><strong class="command">dnssec-loadkeys-interval</strong></span></span></dt>
(see <a href="man.dnssec-keygen.html" title="dnssec-keygen"><span class="refentrytitle"><span class="application">dnssec-keygen</span></span>(8)</a> and
<a href="man.dnssec-settime.html" title="dnssec-settime"><span class="refentrytitle"><span class="application">dnssec-settime</span></span>(8)</a>). The
<a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called “Dynamic Update Policies”</a>), and
<dt><span class="term"><span><strong class="command">serial-update-method</strong></span></span></dt>
also <a href="Bv9ARM.ch06.html#statsfile" title="The Statistics File">the section called “The Statistics File”</a>.
or <strong class="userinput"><code>no</code></strong>; <strong class="userinput"><code>yes</code></strong>
<dt><span class="term"><span><strong class="command">automatic-interface-scan</strong></span></span></dt>
If <strong class="userinput"><code>yes</code></strong>, then the <span><strong class="command">AA</strong></span> bit
for memory leaks on exit. <acronym class="acronym">BIND</acronym> 9 ignores the option and always performs
happens in a short interval, once every <span><strong class="command">heartbeat-interval</strong></span> and
<span><strong class="command">notify</strong></span> and <span><strong class="command">also-notify</strong></span>.
<dt><span class="term"><span><strong class="command">flush-zones-on-shutdown</strong></span></span></dt>
<span><strong class="command">flush-zones-on-shutdown</strong></span> <strong class="userinput"><code>no</code></strong>.
<span><strong class="command">geoip-use-ecs</strong></span> <strong class="userinput"><code>yes</code></strong>.
in <acronym class="acronym">BIND</acronym> 8, and is ignored by <acronym class="acronym">BIND</acronym> 9.
<span><strong class="command">has-old-clients</strong></span> <strong class="userinput"><code>yes</code></strong>, specify
the two separate options <span><strong class="command">auth-nxdomain</strong></span> <strong class="userinput"><code>yes</code></strong>
and <span><strong class="command">rfc2308-type1</strong></span> <strong class="userinput"><code>no</code></strong> instead.
kept for Incremental Zone Transfer. <acronym class="acronym">BIND</acronym> 9 maintains a transaction
transfers, use <span><strong class="command">provide-ixfr</strong></span> <strong class="userinput"><code>no</code></strong>.
and additional data sections when they are required (e.g.
changes, see <a href="Bv9ARM.ch04.html#notify" title="Notify">the section called “Notify”</a>. The messages are
in which case it overrides the <span><strong class="command">options notify</strong></span> statement.
<dt><span class="term"><span><strong class="command">require-server-cookie</strong></span></span></dt>
in <a href="Bv9ARM.ch06.html#server_statement_definition_and_usage" title="server Statement Definition and
Usage">the section called “<span><strong class="command">server</strong></span> Statement Definition and
<a href="Bv9ARM.ch04.html#incremental_zone_transfers" title="Incremental Zone Transfers (IXFR)">the section called “Incremental Zone Transfers (IXFR)”</a>.
<a href="Bv9ARM.ch06.html#server_statement_definition_and_usage" title="server Statement Definition and
Usage">the section called “<span><strong class="command">server</strong></span> Statement Definition and
<a href="Bv9ARM.ch06.html#server_statement_definition_and_usage" title="server Statement Definition and
Usage">the section called “<span><strong class="command">server</strong></span> Statement Definition and
<a href="Bv9ARM.ch06.html#server_statement_definition_and_usage" title="server Statement Definition and
Usage">the section called “<span><strong class="command">server</strong></span> Statement Definition and
the server treat carriage return ("<span><strong class="command">\r</strong></span>") characters the same way
on an NT or DOS machine. In <acronym class="acronym">BIND</acronym> 9, both UNIX "<span><strong class="command">\n</strong></span>"
<span class="term"><span><strong class="command">additional-from-auth</strong></span>, </span><span class="term"><span><strong class="command">additional-from-cache</strong></span></span>
For example, if a query asks for an MX record for host <code class="literal">foo.example.com</code>,
if known, even though they are not in the example.com zone.
<dt><span class="term"><span><strong class="command">match-mapped-addresses</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">ixfr-from-differences</strong></span></span></dt>
addresses refer to different machines. If <strong class="userinput"><code>yes</code></strong>, <span><strong class="command">named</strong></span> will
when the serial number on the master is less than what <span><strong class="command">named</strong></span>
(see <a href="man.dnssec-keygen.html" title="dnssec-keygen"><span class="refentrytitle"><span class="application">dnssec-keygen</span></span>(8)</a> and
<a href="man.dnssec-settime.html" title="dnssec-settime"><span class="refentrytitle"><span class="application">dnssec-settime</span></span>(8)</a>). The command
<dt><span class="term"><span><strong class="command">dnssec-accept-expired</strong></span></span></dt>
Specify whether query logging should be started when <span><strong class="command">named</strong></span>
is determined by the presence of the logging category <span><strong class="command">queries</strong></span>.
<span><strong class="command">master</strong></span> zones the default is <span><strong class="command">fail</strong></span>.
<dt><span class="term"><span><strong class="command">zero-no-soa-ttl-cache</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">dnssec-dnskey-kskonly</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">dnssec-secure-to-insecure</strong></span></span></dt>
insecure (i.e., signed to unsigned) by deleting all
stacked, then the <span><strong class="command">dual-stack-servers</strong></span> have no effect unless
of the requesting system. See <a href="Bv9ARM.ch06.html#address_match_lists" title="Address Match Lists">the section called “Address Match Lists”</a> for
<dt><span class="term"><span><strong class="command">allow-query-cache-on</strong></span></span></dt>
<a href="Bv9ARM.ch07.html#dynamic_update_security" title="Dynamic Update Security">the section called “Dynamic Update Security”</a> for details.
<dt><span class="term"><span><strong class="command">allow-update-forwarding</strong></span></span></dt>
access control to attacks; see <a href="Bv9ARM.ch07.html#dynamic_update_security" title="Dynamic Update Security">the section called “Dynamic Update Security”</a>
receive zone transfers from the server. <span><strong class="command">allow-transfer</strong></span> may
case it overrides the <span><strong class="command">options allow-transfer</strong></span> statement.
<dt><span class="term"><span><strong class="command">keep-response-order</strong></span></span></dt>
a response contains the names "example.com" and
(i.e., records of type NS, MX, CNAME, etc) will always
<dt><span class="term"><span><strong class="command">resolver-query-timeout</strong></span></span></dt>
from may be specified using the <span><strong class="command">listen-on</strong></span> option. <span><strong class="command">listen-on</strong></span> takes
If <span><strong class="command">address</strong></span> is <span><strong class="command">*</strong></span> (asterisk) or is omitted,
If <span><strong class="command">port</strong></span> is <span><strong class="command">*</strong></span> or is omitted,
<dt><span class="term"><span><strong class="command">queryport-pool-ports</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">queryport-pool-updateinterval</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">max-transfer-time-in</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">max-transfer-idle-in</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">max-transfer-time-out</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">max-transfer-idle-out</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">startup-notify-rate</strong></span></span></dt>
the load on the remote name server. <span><strong class="command">transfers-per-ns</strong></span> may
be overridden on a per-server basis by using the <span><strong class="command">transfers</strong></span> phrase
<dt><span class="term"><span><strong class="command">alt-transfer-source</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">alt-transfer-source-v6</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">use-alt-transfer-source</strong></span></span></dt>
See <a href="Bv9ARM.ch06.html#query_address" title="Query Address">the section called “Query Address”</a> about how the
to prevent <span><strong class="command">named</strong></span> from choosing as its random source port a
of <span><strong class="command">size_spec</strong></span> in <a href="Bv9ARM.ch06.html#configuration_file_elements" title="Configuration File Elements">the section called “Configuration File Elements”</a>.
(see <a href="Bv9ARM.ch04.html#journal" title="The journal file">the section called “The journal file”</a>). When the journal file
<dt><span class="term"><span><strong class="command">host-statistics-max</strong></span></span></dt>
<a name="clients-per-query"></a><span class="term"><span><strong class="command">clients-per-query</strong></span>, </span><span class="term"><span><strong class="command">max-clients-per-query</strong></span></span>
before dropping additional clients. <span><strong class="command">named</strong></span> will attempt to
If the number of queries exceed this value, <span><strong class="command">named</strong></span> will
<a name="fetches-per-zone"></a><span class="term"><span><strong class="command">fetches-per-zone</strong></span></span>
<a name="fetches-per-server"></a><span class="term"><span><strong class="command">fetches-per-server</strong></span></span>
interfaces <span><strong class="command">named</strong></span> listens on, <span><strong class="command">tcp-clients</strong></span> as well as
<dt><span class="term"><span><strong class="command">statistics-interval</strong></span></span></dt>
topologically closest to itself. The <span><strong class="command">topology</strong></span> statement
<a name="the_sortlist_statement"></a>The <span><strong class="command">sortlist</strong></span> Statement</h4></div></div></div>
statement in <a href="Bv9ARM.ch06.html#rrset_ordering" title="RRset Ordering">the section called “RRset Ordering”</a>).
does (<a href="Bv9ARM.ch06.html#topology" title="Topology">the section called “Topology”</a>).
an IP prefix, an ACL name or a nested <span><strong class="command">address_match_list</strong></span>)
to the behavior of the address sort in <acronym class="acronym">BIND</acronym> 4.9.x. Responses sent
<a href="Bv9ARM.ch06.html#the_sortlist_statement" title="The sortlist Statement">the section called “The <span><strong class="command">sortlist</strong></span> Statement”</a>.
If no name is specified, the default is "<span><strong class="command">*</strong></span>" (asterisk).
class IN type A name "host.example.com" order random;
<span><strong class="command">max-ncache-ttl</strong></span> is <code class="literal">10800</code> seconds (3 hours).
<dt><span class="term"><span><strong class="command">sig-validity-interval</strong></span></span></dt>
result of dynamic updates (<a href="Bv9ARM.ch04.html#dynamic_update" title="Dynamic Update">the section called “Dynamic Update”</a>) will expire. There
<dt><span class="term"><span><strong class="command">sig-signing-signatures</strong></span></span></dt>
a zone-signing process, i.e., whether it is still active
<span><strong class="command">rndc signing -list <em class="replaceable"><code>zone</code></em></strong></span>.
<span><strong class="command">rndc signing -clear <em class="replaceable"><code>keyid/algorithm</code></em> <em class="replaceable"><code>zone</code></em></strong></span>.
<span><strong class="command">rndc signing -clear all <em class="replaceable"><code>zone</code></em></strong></span>.
<span class="term"><span><strong class="command">min-refresh-time</strong></span>, </span><span class="term"><span><strong class="command">max-refresh-time</strong></span>, </span><span class="term"><span><strong class="command">min-retry-time</strong></span>, </span><span class="term"><span><strong class="command">max-retry-time</strong></span></span>
<a href="Bv9ARM.ch06.html#zonefile_format" title="Additional File Formats">the section called “Additional File Formats”</a>).
<a name="max-recursion-depth"></a><span class="term"><span><strong class="command">max-recursion-depth</strong></span></span>
<a name="max-recursion-queries"></a><span class="term"><span><strong class="command">max-recursion-queries</strong></span></span>
<dt><span class="term"><span><strong class="command">max-rsa-exponent-size</strong></span></span></dt>
built-in view (see <a href="Bv9ARM.ch06.html#view_statement_grammar" title="view Statement Grammar">the section called “<span><strong class="command">view</strong></span> Statement Grammar”</a>) of
with type <span><strong class="command">TXT</strong></span>, class <span><strong class="command">CHAOS</strong></span>.
with type <span><strong class="command">TXT</strong></span>, class <span><strong class="command">CHAOS</strong></span>.
<span><strong class="command">TXT</strong></span>, class <span><strong class="command">CHAOS</strong></span>.
Specifying <span><strong class="command">server-id hostname;</strong></span> will cause <span><strong class="command">named</strong></span> to
The default <span><strong class="command">server-id</strong></span> is <span><strong class="command">none</strong></span>.
<dt><span class="term"><span><strong class="command">acache-cleaning-interval</strong></span></span></dt>
name (i.e., the CNAME alias or the substituted query name
for example, even if "example.com" is specified for
returned by an "example.com" server will be accepted.
For example, if you own a domain named "example.net" and
deny-answer-aliases { "example.net"; };
network look up an IPv4 address of "attacker.example.com",
internal web server "www.example.net" and the
it will be accepted since the owner name "www.example.net"
"example.net".
IPv4 address as in IN-ADDR.ARPA.
IP6.ARPA. (Note that this representation of IPv6
address is different from IP6.ARPA where each hex
wildcard such as *.example.com.
<span class="term"><span><strong class="command">PASSTHRU</strong></span>, </span><span class="term"><span><strong class="command">DROP</strong></span>, </span><span class="term"><span><strong class="command">TCP-Only</strong></span>, </span><span class="term"><span><strong class="command">NXDOMAIN</strong></span>, </span><span class="term"><span><strong class="command">NODATA</strong></span></span>
<pre class="programlisting"> zone "badlist" {type master; file "master/badlist"; allow-query {none;}; };</pre>
@ SOA LOCALHOST. named-mgr.example.com (1 1h 15m 30d 2h)
nxdomain.domain.com CNAME . ; NXDOMAIN policy
*.nxdomain.domain.com CNAME . ; NXDOMAIN policy
nodata.domain.com CNAME *. ; NODATA policy
*.nodata.domain.com CNAME *. ; NODATA policy
bad.domain.com A 10.0.0.1 ; redirect to a walled garden
; do not rewrite (PASSTHRU) OK.DOMAIN.COM
ok.domain.com CNAME rpz-passthru.
8.0.0.0.127.rpz-ip CNAME .
32.1.0.0.127.rpz-ip CNAME rpz-passthru.
ns.domain.com.rpz-nsdname CNAME .
48.zz.2.2001.rpz-nsip CNAME .
112.zz.2001.rpz-client-ip CNAME rpz-drop.
8.0.0.0.127.rpz-client-ip CNAME rpz-drop.
; force some DNS clients and responses in the example.com zone to TCP
16.0.0.1.10.rpz-client-ip CNAME rpz-tcp-only.
example.com CNAME rpz-tcp-only.
*.example.com CNAME rpz-tcp-only.
<span><strong class="command">options</strong></span> or <span><strong class="command">view</strong></span> statement.
This controls flooding using random.wild.example.com.
<span><strong class="command">rate-limit</strong></span> statements in <span><strong class="command">view</strong></span>
<span><strong class="command">RateDropped</strong></span> and <span><strong class="command">QryDropped</strong></span>
<span><strong class="command">RateSlipped</strong></span> and <span><strong class="command">RespTruncated</strong></span>.
With a redirect zone (<span><strong class="command">zone "." { type redirect; };</strong></span>), the
<a name="server_statement_grammar"></a><span><strong class="command">server</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">server</strong></span> <em class="replaceable"><code>ip_addr[/prefixlen]</code></em> {
[<span class="optional"> provide-ixfr <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> request-ixfr <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> request-expire <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> request-nsid <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> nocookie-udp-size <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> transfer-format <em class="replaceable"><code>( one-answer | many-answers )</code></em> ; ]</span>]
[<span class="optional"> transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; </span>]
[<span class="optional"> transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; </span>]
[<span class="optional"> notify-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; </span>]
[<span class="optional"> notify-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; </span>]
[<span class="optional"> query-source [<span class="optional"> address ( <em class="replaceable"><code>ip_addr</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]
[<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; </span>]
[<span class="optional"> query-source-v6 [<span class="optional"> address ( <em class="replaceable"><code>ip_addr</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]
[<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; </span>]
[<span class="optional"> use-queryport-pool <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> queryport-pool-ports <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> queryport-pool-updateinterval <em class="replaceable"><code>number</code></em>; </span>]
<a name="server_statement_definition_and_usage"></a><span><strong class="command">server</strong></span> Statement Definition and
value of <span><strong class="command">bogus</strong></span> is <span><strong class="command">no</strong></span>.
<span><strong class="command">edns-udp-size</strong></span> in <span><strong class="command">options</strong></span>
The server supports two zone transfer methods. The first, <span><strong class="command">one-answer</strong></span>,
uses one DNS message per resource record transferred. <span><strong class="command">many-answers</strong></span> packs
as many resource records as possible into a message. <span><strong class="command">many-answers</strong></span> is
more efficient, but is only known to be understood by <acronym class="acronym">BIND</acronym> 9, <acronym class="acronym">BIND</acronym>
<span><strong class="command">key_id</strong></span> defined by the <span><strong class="command">key</strong></span> statement,
to be used for transaction security (TSIG, <a href="Bv9ARM.ch04.html#tsig" title="TSIG">the section called “TSIG”</a>)
<a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<a name="statschannels"></a><span><strong class="command">statistics-channels</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2593291"></a><span><strong class="command">statistics-channels</strong></span> Statement Definition and
<a href="http://127.0.0.1:8888/xml/v3" target="_top">http://127.0.0.1:8888/xml/v3</a> for version 3.
<a href="http://127.0.0.1:8888/xml/v3/traffic" target="_top">http://127.0.0.1:8888/xml/v3/traffic</a>
<a href="http://127.0.0.1:8888/json/v1/status" target="_top">http://127.0.0.1:8888/json/v1/status</a>
<a href="http://127.0.0.1:8888/json/v1/server" target="_top">http://127.0.0.1:8888/json/v1/server</a>
<a href="http://127.0.0.1:8888/json/v1/traffic" target="_top">http://127.0.0.1:8888/json/v1/traffic</a>
<a name="trusted-keys"></a><span><strong class="command">trusted-keys</strong></span> Statement Grammar</h3></div></div></div>
<em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ;
[<span class="optional"> <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; [<span class="optional">...</span>]</span>]
<a name="id2593657"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
DNSSEC security roots. DNSSEC is described in <a href="Bv9ARM.ch04.html#DNSSEC" title="DNSSEC">the section called “DNSSEC”</a>. A security root is defined when the
<a name="id2593710"></a><span><strong class="command">managed-keys</strong></span> Statement Grammar</h3></div></div></div>
<em class="replaceable"><code>name</code></em> initial-key <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key-data</code></em> ;
[<span class="optional"> <em class="replaceable"><code>name</code></em> initial-key <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key-data</code></em> ; [<span class="optional">...</span>]</span>]
<a name="managed-keys"></a><span><strong class="command">managed-keys</strong></span> Statement Definition
set to <strong class="userinput"><code>auto</code></strong>, <span><strong class="command">named</strong></span>
<a name="view_statement_grammar"></a><span><strong class="command">view</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">view</strong></span> <em class="replaceable"><code>view_name</code></em>
<a name="id2594146"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
<span><strong class="command">match-clients</strong></span> and <span><strong class="command">match-destinations</strong></span>
<span><strong class="command">match-clients</strong></span> and <span><strong class="command">match-destinations</strong></span>
// Provide a complete view of the example.com
zone "example.com" {
file "example-internal.db";
// Provide a restricted view of the example.com
zone "example.com" {
file "example-external.db";
<pre class="programlisting"><span><strong class="command">zone</strong></span> <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
[<span class="optional"> allow-query { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-query-on { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-transfer { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-update { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> update-check-ksk <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> dnssec-dnskey-kskonly <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> dnssec-loadkeys-interval <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> update-policy <em class="replaceable"><code>local</code></em> | { <em class="replaceable"><code>update_policy_rule</code></em> [<span class="optional">...</span>] }; </span>]
[<span class="optional"> also-notify { <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ;
[<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> check-names (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; </span>]
[<span class="optional"> check-mx (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; </span>]
[<span class="optional"> check-wildcard <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> check-spf ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
[<span class="optional"> check-integrity <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> masterfile-format (<code class="constant">text</code>|<code class="constant">raw</code>|<code class="constant">map</code>) ; </span>]
[<span class="optional"> max-journal-size <em class="replaceable"><code>size_spec</code></em>; </span>]
[<span class="optional"> forward (<code class="constant">only</code>|<code class="constant">first</code>) ; </span>]
[<span class="optional"> forwarders { [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> ixfr-from-differences <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> request-ixfr <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> maintain-ixfr-base <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> max-ixfr-log-size <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-idle-out <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-time-out <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> notify <em class="replaceable"><code>yes_or_no</code></em> | <em class="replaceable"><code>explicit</code></em> | <em class="replaceable"><code>master-only</code></em> ; </span>]
[<span class="optional"> notify-to-soa <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> pubkey <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; </span>]
[<span class="optional"> notify-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; </span>]
[<span class="optional"> notify-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; </span>]
[<span class="optional"> zone-statistics <em class="replaceable"><code>full</code></em> | <em class="replaceable"><code>terse</code></em> | <em class="replaceable"><code>none</code></em>; </span>]
[<span class="optional"> sig-validity-interval <em class="replaceable"><code>number</code></em> [<span class="optional"><em class="replaceable"><code>number</code></em></span>] ; </span>]
[<span class="optional"> sig-signing-nodes <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> sig-signing-signatures <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> sig-signing-type <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> min-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> key-directory <em class="replaceable"><code>path_name</code></em>; </span>]
[<span class="optional"> auto-dnssec <code class="constant">allow</code>|<code class="constant">maintain</code>|<code class="constant">off</code>; </span>]
[<span class="optional"> inline-signing <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> zero-no-soa-ttl <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> serial-update-method <code class="constant">increment</code>|<code class="constant">unixtime</code>|<code class="constant">date</code>; </span>]
zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
[<span class="optional"> allow-notify { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-query { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-query-on { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-transfer { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-update-forwarding { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> dnssec-update-mode ( <em class="replaceable"><code>maintain</code></em> | <em class="replaceable"><code>no-resign</code></em> ); </span>]
[<span class="optional"> update-check-ksk <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> dnssec-dnskey-kskonly <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> dnssec-loadkeys-interval <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> dnssec-secure-to-insecure <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> try-tcp-refresh <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> also-notify [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> | <em class="replaceable"><code>ip_addr</code></em>
[<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] }; </span>]
[<span class="optional"> check-names (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; </span>]
[<span class="optional"> masterfile-format (<code class="constant">text</code>|<code class="constant">raw</code>|<code class="constant">map</code>) ; </span>]
[<span class="optional"> max-journal-size <em class="replaceable"><code>size_spec</code></em>; </span>]
[<span class="optional"> forward (<code class="constant">only</code>|<code class="constant">first</code>) ; </span>]
[<span class="optional"> forwarders { [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> ixfr-from-differences <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> maintain-ixfr-base <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> masters [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> | <em class="replaceable"><code>ip_addr</code></em>
[<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] }; </span>]
[<span class="optional"> max-ixfr-log-size <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-idle-in <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-idle-out <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-time-in <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-time-out <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> notify <em class="replaceable"><code>yes_or_no</code></em> | <em class="replaceable"><code>explicit</code></em> | <em class="replaceable"><code>master-only</code></em> ; </span>]
[<span class="optional"> notify-to-soa <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> pubkey <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; </span>]
[<span class="optional"> transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; </span>]
[<span class="optional"> transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; </span>]
[<span class="optional"> alt-transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; </span>]
[<span class="optional"> alt-transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>)
[<span class="optional"> use-alt-transfer-source <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> notify-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; </span>]
[<span class="optional"> notify-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; </span>]
[<span class="optional"> zone-statistics <em class="replaceable"><code>full</code></em> | <em class="replaceable"><code>terse</code></em> | <em class="replaceable"><code>none</code></em>; </span>]
[<span class="optional"> sig-validity-interval <em class="replaceable"><code>number</code></em> [<span class="optional"><em class="replaceable"><code>number</code></em></span>] ; </span>]
[<span class="optional"> sig-signing-nodes <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> sig-signing-signatures <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> sig-signing-type <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> min-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> key-directory <em class="replaceable"><code>path_name</code></em>; </span>]
[<span class="optional"> auto-dnssec <code class="constant">allow</code>|<code class="constant">maintain</code>|<code class="constant">off</code>; </span>]
[<span class="optional"> inline-signing <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> multi-master <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> zero-no-soa-ttl <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
[<span class="optional"> delegation-only <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> check-names (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; </span>] // Not Implemented.
zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
[<span class="optional"> allow-query { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-query-on { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> check-names (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; </span>]
[<span class="optional"> delegation-only <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> masterfile-format (<code class="constant">text</code>|<code class="constant">raw</code>|<code class="constant">map</code>) ; </span>]
[<span class="optional"> forward (<code class="constant">only</code>|<code class="constant">first</code>) ; </span>]
[<span class="optional"> forwarders { [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> masters [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> | <em class="replaceable"><code>ip_addr</code></em>
[<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] }; </span>]
[<span class="optional"> max-transfer-idle-in <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-time-in <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> pubkey <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; </span>]
[<span class="optional"> transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; </span>]
[<span class="optional"> transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>)
[<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; </span>]
[<span class="optional"> alt-transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; </span>]
[<span class="optional"> alt-transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>)
[<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; </span>]
[<span class="optional"> use-alt-transfer-source <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> zone-statistics <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> min-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> multi-master <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
[<span class="optional"> allow-query { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> server-addresses { [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> ; ... </span>] }; </span>]
[<span class="optional"> server-names { [<span class="optional"> <em class="replaceable"><code>namelist</code></em> </span>] }; </span>]
[<span class="optional"> zone-statistics <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
[<span class="optional"> forward (<code class="constant">only</code>|<code class="constant">first</code>) ; </span>]
[<span class="optional"> forwarders { [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> delegation-only <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
zone <em class="replaceable"><code>"."</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
[<span class="optional"> masterfile-format (<code class="constant">text</code>|<code class="constant">raw</code>|<code class="constant">map</code>) ; </span>]
[<span class="optional"> allow-query { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
<a name="id2596230"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
Non recursive queries (i.e., those with the RD
commercial Spanish names (under COM.ES) one
would use wildcard entries called "*.COM.ES.".
status of infrastructure zones (e.g. COM,
See caveats in <a href="Bv9ARM.ch06.html#root_delegation_only"><span><strong class="command">root-delegation-only</strong></span></a>.
a class is not specified, class <code class="literal">IN</code> (for <code class="varname">Internet</code>),
in the mid-1970s. Zone data for it can be specified with the <code class="literal">CHAOS</code> class.
<span><strong class="command">allow-notify</strong></span> in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.
<span><strong class="command">allow-query</strong></span> in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.
<span><strong class="command">allow-query-on</strong></span> in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.
in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.
in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.
<a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called “Dynamic Update Policies”</a>.
<dt><span class="term"><span><strong class="command">allow-update-forwarding</strong></span></span></dt>
in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.
network. The default varies according to zone type. For <span><strong class="command">master</strong></span> zones the default is <span><strong class="command">fail</strong></span>. For <span><strong class="command">slave</strong></span>
<span><strong class="command">check-mx</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">check-spf</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">check-wildcard</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">check-integrity</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">check-sibling</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">zero-no-soa-ttl</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">update-check-ksk</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<dt><span class="term"><span><strong class="command">dnssec-loadkeys-interval</strong></span></span></dt>
<span><strong class="command">dnssec-loadkeys-interval</strong></span> in <a href="Bv9ARM.ch06.html#options" title="options Statement Definition and
Usage">the section called “<span><strong class="command">options</strong></span> Statement Definition and
<span><strong class="command">dnssec-update-mode</strong></span> in <a href="Bv9ARM.ch06.html#options" title="options Statement Definition and
Usage">the section called “<span><strong class="command">options</strong></span> Statement Definition and
<dt><span class="term"><span><strong class="command">dnssec-dnskey-kskonly</strong></span></span></dt>
<span><strong class="command">dnssec-dnskey-kskonly</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">try-tcp-refresh</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">dialup</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
See caveats in <a href="Bv9ARM.ch06.html#root_delegation_only"><span><strong class="command">root-delegation-only</strong></span></a>.
after trying the forwarders and getting no answer, while <span><strong class="command">first</strong></span> would
This is applicable to <span><strong class="command">master</strong></span> and <span><strong class="command">slave</strong></span> zones.
<span><strong class="command">max-journal-size</strong></span> in <a href="Bv9ARM.ch06.html#server_resource_limits" title="Server Resource Limits">the section called “Server Resource Limits”</a>.
<dt><span class="term"><span><strong class="command">max-transfer-time-in</strong></span></span></dt>
<span><strong class="command">max-transfer-time-in</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<dt><span class="term"><span><strong class="command">max-transfer-idle-in</strong></span></span></dt>
<span><strong class="command">max-transfer-idle-in</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<dt><span class="term"><span><strong class="command">max-transfer-time-out</strong></span></span></dt>
<span><strong class="command">max-transfer-time-out</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<dt><span class="term"><span><strong class="command">max-transfer-idle-out</strong></span></span></dt>
<span><strong class="command">max-transfer-idle-out</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<span><strong class="command">notify</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">notify-delay</strong></span> in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called “Tuning”</a>.
<a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
zones when they are loaded from disk. <acronym class="acronym">BIND</acronym> 9 does not verify signatures
For example, if "example.com" is configured as a
example.com. A 192.0.2.1
"www.example.com" with the RD bit on, the server
That is, when "example.net" is the origin of a
static-stub zone, "ns.example" and
"master.example.com" can be specified in the
"ns.example.net" cannot, and will be rejected by
For example, if "example.com" is configured as a
static-stub zone with "ns1.example.net" and
"www.example.com" with the RD bit on, the server
"ns2.example.net" to IP addresses, and then send
<dt><span class="term"><span><strong class="command">sig-validity-interval</strong></span></span></dt>
<span><strong class="command">sig-validity-interval</strong></span> in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called “Tuning”</a>.
<span><strong class="command">sig-signing-nodes</strong></span> in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called “Tuning”</a>.
<dt><span class="term"><span><strong class="command">sig-signing-signatures</strong></span></span></dt>
<span><strong class="command">sig-signing-signatures</strong></span> in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called “Tuning”</a>.
<span><strong class="command">sig-signing-type</strong></span> in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called “Tuning”</a>.
<span><strong class="command">transfer-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<span><strong class="command">transfer-source-v6</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<dt><span class="term"><span><strong class="command">alt-transfer-source</strong></span></span></dt>
<span><strong class="command">alt-transfer-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<dt><span class="term"><span><strong class="command">alt-transfer-source-v6</strong></span></span></dt>
<span><strong class="command">alt-transfer-source-v6</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<dt><span class="term"><span><strong class="command">use-alt-transfer-source</strong></span></span></dt>
<span><strong class="command">use-alt-transfer-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<span><strong class="command">notify-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<span><strong class="command">notify-source-v6</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<span class="term"><span><strong class="command">min-refresh-time</strong></span>, </span><span class="term"><span><strong class="command">max-refresh-time</strong></span>, </span><span class="term"><span><strong class="command">min-retry-time</strong></span>, </span><span class="term"><span><strong class="command">max-retry-time</strong></span></span>
See the description in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called “Tuning”</a>.
<dt><span class="term"><span><strong class="command">ixfr-from-differences</strong></span></span></dt>
<span><strong class="command">ixfr-from-differences</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">key-directory</strong></span> in <a href="Bv9ARM.ch06.html#options" title="options Statement Definition and
Usage">the section called “<span><strong class="command">options</strong></span> Statement Definition and
Usage">the section called “<span><strong class="command">options</strong></span> Statement Definition and
<dt><span class="term"><span><strong class="command">serial-update-method</strong></span></span></dt>
Usage">the section called “<span><strong class="command">options</strong></span> Statement Definition and
<a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
Usage">the section called “<span><strong class="command">options</strong></span> Statement Definition and
<dt><span class="term"><span><strong class="command">dnssec-secure-to-insecure</strong></span></span></dt>
<span><strong class="command">dnssec-secure-to-insecure</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
( <span><strong class="command">grant</strong></span> | <span><strong class="command">deny</strong></span> ) <em class="replaceable"><code>identity</code></em> <em class="replaceable"><code>nametype</code></em> [<span class="optional"> <em class="replaceable"><code>name</code></em> </span>] [<span class="optional"> <em class="replaceable"><code>types</code></em> </span>]
and converts it machine.realm allowing the machine
to update machine.realm. The REALM to be matched
converts it to machine.realm allowing the machine
to update subdomains of machine.realm. The REALM
and converts it machine.realm allowing the machine
to update machine.realm. The REALM to be matched
converts it to machine.realm allowing the machine
to update subdomains of machine.realm. The REALM
zone example.com {
file "example-external.db";
zone example.com {
Zone level acls (e.g. allow-query, allow-transfer) and
<a name="types_of_resource_records_and_when_to_use_them"></a>Types of Resource Records and When to Use Them</h3></div></div></div>
that a particular nearby server be tried first. See <a href="Bv9ARM.ch06.html#the_sortlist_statement" title="The sortlist Statement">the section called “The <span><strong class="command">sortlist</strong></span> Statement”</a> and <a href="Bv9ARM.ch06.html#rrset_ordering" title="RRset Ordering">the section called “RRset Ordering”</a>.
built-in server information zones, e.g.,
any order), and if neither of those succeed, delivery to <code class="literal">mail.backup.org</code> will
and PTR records. Entries in the in-addr.arpa domain are made in
in-addr.arpa name of
3.2.1.10.in-addr.arpa. This name should have a PTR resource record
Master File Directives include <span><strong class="command">$ORIGIN</strong></span>, <span><strong class="command">$INCLUDE</strong></span>,
<a name="id2603827"></a>The <span><strong class="command">@</strong></span> (at-sign)</h4></div></div></div>
<a name="id2603843"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
$ORIGIN example.com.
<a name="id2603904"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
if it were included into the file at this point. If <span><strong class="command">origin</strong></span> is
revert to the values they had prior to the <span><strong class="command">$INCLUDE</strong></span> once
<a name="id2603973"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
<a name="id2604009"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
Classless IN-ADDR.ARPA delegation.
HOST-1.EXAMPLE. MX 0 .
HOST-2.EXAMPLE. A 1.2.3.2
HOST-2.EXAMPLE. MX 0 .
HOST-3.EXAMPLE. A 1.2.3.3
HOST-3.EXAMPLE. MX 0 .
HOST-127.EXAMPLE. A 1.2.3.127
HOST-127.EXAMPLE. MX 0 .
(<span><strong class="command">n</strong></span> or <span><strong class="command">N</strong></span>\
The <span><strong class="command">$GENERATE</strong></span> directive is a <acronym class="acronym">BIND</acronym> extension
(see <a href="Bv9ARM.ch06.html#statschannels" title="statistics-channels Statement Grammar">the section called “<span><strong class="command">statistics-channels</strong></span> Statement Grammar”</a>.)
<a href="Bv9ARM.ch06.html#clients-per-query"><span><strong class="command">clients-per-query</strong></span></a>.)
<a name="id2608756"></a>Compatibility with <span class="emphasis"><em>BIND</em></span> 8 Counters</h4></div></div></div>
<td width="40%" align="left" valign="top">Chapter�5.�The <acronym class="acronym">BIND</acronym> 9 Lightweight Resolver�</td>