Bv9ARM.ch06.html revision 1586d8cbac5d73031716561386f60758c6c332d5
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater - Copyright (C) 2000-2003 Internet Software Consortium.
59dd3b3cd954239d98ef52cd26328856cb6f2975Automatic Updater - Permission to use, copy, modify, and distribute this software for any
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater - purpose with or without fee is hereby granted, provided that the above
59dd3b3cd954239d98ef52cd26328856cb6f2975Automatic Updater - copyright notice and this permission notice appear in all copies.
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater - PERFORMANCE OF THIS SOFTWARE.
56874aef380a64a2c183b7c282c3e7a361d67fa1Automatic Updater<!-- $Id: Bv9ARM.ch06.html,v 1.116 2005/08/19 03:52:24 marka Exp $ -->
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<title>Chapter�6.�BIND 9 Configuration Reference</title>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.68.1">
04eba969cb9a54bbda2896db2067c07b2ac5ba16Automatic Updater<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<link rel="prev" href="Bv9ARM.ch05.html" title="Chapter�5.�The BIND 9 Lightweight Resolver">
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews<link rel="next" href="Bv9ARM.ch07.html" title="Chapter�7.�BIND 9 Security Considerations">
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<table width="100%" summary="Navigation header">
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<tr><th colspan="3" align="center">Chapter�6.�<span class="acronym">BIND</span> 9 Configuration Reference</th></tr>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a accesskey="p" href="Bv9ARM.ch05.html">Prev</a>�</td>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch07.html">Next</a>
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews<div class="titlepage"><div><div><h2 class="title">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<a name="Bv9ARM.ch06"></a>Chapter�6.�<span class="acronym">BIND</span> 9 Configuration Reference</h2></div></div></div>
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2543511">Comment Syntax</a></span></dt>
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2544123"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2544381"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2544674"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2544689"><span><strong class="command">include</strong></span> Statement Definition and
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2544712"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2544733"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2544805"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2544931"><span><strong class="command">logging</strong></span> Statement Definition and
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2546486"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2546560"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2546624"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
a8644ebab678a1de66cbfaabb513651a739958afAutomatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2546667"><span><strong class="command">masters</strong></span> Statement Definition and
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2546682"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2554464"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2554513"><span><strong class="command">trusted-keys</strong></span> Statement Definition
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2554583"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
96ea71632887c58a9d00f47eb318bf76b35903c3Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2555382"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2557435">Zone File</a></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2559457">Discussion of MX Records</a></span></dt>
4cda4fd158d6ded5586bacea8c388445d99611eaAutomatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
3098364bcdd7a719fbafa5fc8d2cc9e90e5a5989Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2560008">Inverse Mapping in IPv4</a></span></dt>
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2560135">Other Zone File Directives</a></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2560324"><span class="acronym">BIND</span> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span class="acronym">BIND</span> 9 configuration is broadly similar
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to <span class="acronym">BIND</span> 8; however, there are a few new
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater of configuration, such as views. <span class="acronym">BIND</span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater 8 configuration files should work with few alterations in <span class="acronym">BIND</span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater 9, although more complex configurations should be reviewed to check
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater if they can be more efficiently implemented using the new features
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater found in <span class="acronym">BIND</span> 9.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span class="acronym">BIND</span> 4 configuration files can be
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater converted to the new format
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater using the shell script
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <code class="filename">contrib/named-bootconf/named-bootconf.sh</code>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h2 class="title" style="clear: both">
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater<a name="configuration_file_elements"></a>Configuration File Elements</h2></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Following is a list of elements used throughout the <span class="acronym">BIND</span> configuration
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater file documentation:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="informaltable"><table border="1">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The name of an <code class="varname">address_match_list</code> as
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater defined by the <span><strong class="command">acl</strong></span> statement.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <code class="varname">address_match_list</code>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater A list of one or more
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <code class="varname">ip_prefix</code>, <code class="varname">key_id</code>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater or <code class="varname">acl_name</code> elements, see
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <a href="Bv9ARM.ch06.html#address_match_lists" title="Address Match Lists">the section called “Address Match Lists”</a>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington A named list of one or more <code class="varname">ip_addr</code>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater with optional <code class="varname">key_id</code> and / or
81c3cb9b921cda22a5a35fa32ca1bf35797b9a36Automatic Updater A <code class="varname">masters_list</code> may include other
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews A quoted string which will be used as
56874aef380a64a2c183b7c282c3e7a361d67fa1Automatic Updater a DNS name, for example "<code class="literal">my.test.domain</code>".
e076d0c88be69de7c190ab924d095e69d2e11f7aAndreas Gustafsson <code class="varname">dotted_decimal</code>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews One to four integers valued 0 through
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson 255 separated by dots (`.'), such as <span><strong class="command">123</strong></span>,
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <span><strong class="command">45.67</strong></span> or <span><strong class="command">89.123.45.67</strong></span>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater An IPv4 address with exactly four elements
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in <code class="varname">dotted_decimal</code> notation.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington An IPv6 address, such as <span><strong class="command">2001:db8::1234</strong></span>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington IPv6 scoped addresses that have ambiguity on their scope
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington zones must be
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington disambiguated by an appropriate zone ID with the percent
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington (`%') as delimiter.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington It is strongly recommended to use string zone names rather
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington numeric identifiers, in order to be robust against system
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington configuration changes.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington However, since there is no standard mapping for such names
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington identifier values, currently only interface names as link
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington are supported, assuming one-to-one mapping between
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington interfaces and links.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington For example, a link-local address <span><strong class="command">fe80::1</strong></span> on the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington link attached to the interface <span><strong class="command">ne0</strong></span>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington can be specified as <span><strong class="command">fe80::1%ne0</strong></span>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Note that on most systems link-local addresses always have
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington ambiguity, and need to be disambiguated.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington An <code class="varname">ip4_addr</code> or <code class="varname">ip6_addr</code>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater An IP port <code class="varname">number</code>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <code class="varname">number</code> is limited to 0
0d3490f93bb980fde704055e74c1b508987a5fe4Mark Andrews through 65535, with values
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington below 1024 typically restricted to use by processes running
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington In some cases an asterisk (`*') character can be used as a
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington placeholder to
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews select a random high-numbered port.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington An IP network specified as an <code class="varname">ip_addr</code>,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington followed by a slash (`/') and then the number of bits in the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Trailing zeros in a <code class="varname">ip_addr</code>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater For example, <span><strong class="command">127/8</strong></span> is the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater network <span><strong class="command">127.0.0.0</strong></span> with
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater netmask <span><strong class="command">255.0.0.0</strong></span> and <span><strong class="command">1.2.3.0/28</strong></span> is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater network <span><strong class="command">1.2.3.0</strong></span> with netmask <span><strong class="command">255.255.255.240</strong></span>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater A <code class="varname">domain_name</code> representing
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the name of a shared key, to be used for transaction
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington A list of one or more
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington separated by semicolons and ending with a semicolon.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater A non-negative 32 bit integer
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater (i.e., a number between 0 and 4294967295, inclusive).
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Its acceptable value might further
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington be limited by the context in which it is used.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington A quoted string which will be used as
b7aab05edae933e169d5f83c653935b17c7f0a8bMark Andrews a pathname, such as <code class="filename">zones/master/my.test.domain</code>.
bbb069be941f649228760edcc241122933c066d2Automatic Updater A number, the word <strong class="userinput"><code>unlimited</code></strong>,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington or the word <strong class="userinput"><code>default</code></strong>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington An <code class="varname">unlimited</code> <code class="varname">size_spec</code> requests unlimited
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington use, or the maximum available amount. A <code class="varname">default size_spec</code> uses
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the limit that was in force when the server was started.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington A <code class="varname">number</code> can optionally be
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater followed by a scaling factor:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>K</code></strong> or <strong class="userinput"><code>k</code></strong>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington for kilobytes,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>M</code></strong> or <strong class="userinput"><code>m</code></strong>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater for megabytes, and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>G</code></strong> or <strong class="userinput"><code>g</code></strong> for gigabytes,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater which scale by 1024, 1024*1024, and 1024*1024*1024
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The value must be representable as a 64-bit unsigned integer
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater (0 to 18446744073709551615, inclusive).
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Using <code class="varname">unlimited</code> is the best
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to safely set a really large number.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Either <strong class="userinput"><code>yes</code></strong> or <strong class="userinput"><code>no</code></strong>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The words <strong class="userinput"><code>true</code></strong> and <strong class="userinput"><code>false</code></strong> are
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington also accepted, as are the numbers <strong class="userinput"><code>1</code></strong>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington and <strong class="userinput"><code>0</code></strong>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater One of <strong class="userinput"><code>yes</code></strong>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>no</code></strong>, <strong class="userinput"><code>notify</code></strong>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>notify-passive</code></strong>, <strong class="userinput"><code>refresh</code></strong> or
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>passive</code></strong>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater When used in a zone, <strong class="userinput"><code>notify-passive</code></strong>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>refresh</code></strong>, and <strong class="userinput"><code>passive</code></strong>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater are restricted to slave and stub zones.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<div class="titlepage"><div><div><h3 class="title">
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater<a name="address_match_lists"></a>Address Match Lists</h3></div></div></div>
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater<div class="titlepage"><div><div><h4 class="title">
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater<a name="id2543308"></a>Syntax</h4></div></div></div>
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater<pre class="programlisting"><code class="varname">address_match_list</code> = address_match_list_element ;
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater [<span class="optional"> address_match_list_element; ... </span>]
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater<code class="varname">address_match_list_element</code> = [<span class="optional"> ! </span>] (ip_address [<span class="optional">/length</span>] |
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater key key_id | acl_name | { address_match_list } )
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h4 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2543336"></a>Definition and Usage</h4></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Address match lists are primarily used to determine access
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater control for various server operations. They are also used in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the <span><strong class="command">listen-on</strong></span> and <span><strong class="command">sortlist</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater statements. The elements
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater which constitute an address match list can be any of the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater a key ID, as defined by the <span><strong class="command">key</strong></span>
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater<li>the name of an address match list defined with
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the <span><strong class="command">acl</strong></span> statement
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<li>a nested address match list enclosed in braces</li>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Elements can be negated with a leading exclamation mark (`!'),
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and the match list names "any", "none", "localhost", and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater are predefined. More information on those names can be found in
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater the description of the acl statement.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The addition of the key clause made the name of this syntactic
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater element something of a misnomer, since security keys can be used
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington to validate access without regard to a host or network address.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the term "address match list" is still used throughout the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington documentation.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater When a given IP address or prefix is compared to an address
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater match list, the list is traversed in order until an element
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The interpretation of a match depends on whether the list is being
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater for access control, defining listen-on ports, or in a sortlist,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and whether the element was negated.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater When used as an access control list, a non-negated match allows
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater access and a negated match denies access. If there is no match,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater access is denied. The clauses <span><strong class="command">allow-notify</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">allow-query</strong></span>, <span><strong class="command">allow-query-cache</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">allow-transfer</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">allow-update</strong></span>, <span><strong class="command">allow-update-forwarding</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and <span><strong class="command">blackhole</strong></span> all use address match
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Similarly, the listen-on option will cause the server to not
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater queries on any of the machine's addresses which do not match the
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews Because of the first-match aspect of the algorithm, an element
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater that defines a subset of another element in the list should come
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater before the broader element, regardless of whether either is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">1.2.3/24; ! 1.2.3.13;</strong></span> the 1.2.3.13
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington completely useless because the algorithm will match any lookup for
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Using <span><strong class="command">! 1.2.3.13; 1.2.3/24</strong></span> fixes
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater that problem by having 1.2.3.13 blocked by the negation but all
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater other 1.2.3.* hosts fall through.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2543511"></a>Comment Syntax</h3></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span class="acronym">BIND</span> 9 comment syntax allows for
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater comments to appear
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater anywhere that white space may appear in a <span class="acronym">BIND</span> configuration
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater file. To appeal to programmers of all kinds, they can be written
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="titlepage"><div><div><h4 class="title">
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater<a name="id2543526"></a>Syntax</h4></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting">/* This is a <span class="acronym">BIND</span> comment as in C */</pre>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting">// This is a <span class="acronym">BIND</span> comment as in C++</pre>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting"># This is a <span class="acronym">BIND</span> comment as in common UNIX shells and perl</pre>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h4 class="title">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="id2543556"></a>Definition and Usage</h4></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Comments may appear anywhere that whitespace may appear in
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington a <span class="acronym">BIND</span> configuration file.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater C-style comments start with the two characters /* (slash,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater star) and end with */ (star, slash). Because they are completely
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater delimited with these characters, they can be used to comment only
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington a portion of a line or to span multiple lines.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater C-style comments cannot be nested. For example, the following
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater is not valid because the entire comment ends with the first */:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting">/* This is the start of a comment.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This is still part of the comment.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington/* This is an incorrect attempt at nesting a comment. */
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews This is no longer in any comment. */
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater C++-style comments start with the two characters // (slash,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater slash) and continue to the end of the physical line. They cannot
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater be continued across multiple physical lines; to have one logical
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater comment span multiple lines, each line must use the // pair.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<pre class="programlisting">// This is the start of a comment. The next line
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater// is a new comment, even though it is logically
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater// part of the previous comment.
bbb069be941f649228760edcc241122933c066d2Automatic Updater Shell-style (or perl-style, if you prefer) comments start
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington with the character <code class="literal">#</code> (number sign)
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and continue to the end of the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater physical line, as in C++ comments.
e076d0c88be69de7c190ab924d095e69d2e11f7aAndreas Gustafsson<pre class="programlisting"># This is the start of a comment. The next line
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater# is a new comment, even though it is logically
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews# part of the previous comment.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater You cannot use the semicolon (`;') character
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to start a comment such as you would in a zone file. The
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater semicolon indicates the end of a configuration
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h2 class="title" style="clear: both">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="Configuration_File_Grammar"></a>Configuration File Grammar</h2></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater A <span class="acronym">BIND</span> 9 configuration consists of
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater statements and comments.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Statements end with a semicolon. Statements and comments are the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater only elements that can appear without enclosing braces. Many
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington statements contain a block of sub-statements, which are also
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater terminated with a semicolon.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The following statements are supported:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">acl</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater defines a named IP address
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington matching list, for access control and other uses.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">controls</strong></span></p>
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater declares control channels to be used
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington by the <span><strong class="command">rndc</strong></span> utility.
53aed64e0f8553762fc0c380ee41cb42f514c7d5Brian Wellington <p><span><strong class="command">include</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater includes a file.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews <p><span><strong class="command">key</strong></span></p>
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews specifies key information for use in
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews authentication and authorization using TSIG.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews <p><span><strong class="command">logging</strong></span></p>
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews specifies what the server logs, and where
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews the log messages are sent.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews <p><span><strong class="command">lwres</strong></span></p>
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews configures <span><strong class="command">named</strong></span> to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater also act as a light weight resolver daemon (<span><strong class="command">lwresd</strong></span>).
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">masters</strong></span></p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington defines a named masters list for
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater inclusion in stub and slave zone masters clauses.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">options</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater controls global server configuration
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington options and sets defaults for other statements.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">server</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater sets certain configuration options on
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington a per-server basis.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">trusted-keys</strong></span></p>
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater defines trusted DNSSEC keys.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">view</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater defines a view.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">zone</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater defines a zone.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">logging</strong></span> and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">options</strong></span> statements may only occur once
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater configuration.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="titlepage"><div><div><h3 class="title">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="id2544123"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<pre class="programlisting"><span><strong class="command">acl</strong></span> acl-name {
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater address_match_list
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="acl"></a><span><strong class="command">acl</strong></span> Statement Definition and
8227257b1c0224a7991e04bb79dc5059d5062dfbAndreas Gustafsson The <span><strong class="command">acl</strong></span> statement assigns a symbolic
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater name to an address match list. It gets its name from a primary
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater use of address match lists: Access Control Lists (ACLs).
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Note that an address match list's name must be defined
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater with <span><strong class="command">acl</strong></span> before it can be used
8227257b1c0224a7991e04bb79dc5059d5062dfbAndreas Gustafsson forward references are allowed.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The following ACLs are built-in:
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="informaltable"><table border="1">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">any</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Matches all hosts.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <p><span><strong class="command">none</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Matches no hosts.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <p><span><strong class="command">localhost</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Matches the IPv4 and IPv6 addresses of all network
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington interfaces on the system.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">localnets</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Matches any host on an IPv4 or IPv6 network
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater for which the system has an interface.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Some systems do not provide a way to determine the prefix
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater local IPv6 addresses.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater In such a case, <span><strong class="command">localnets</strong></span>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington only matches the local
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater IPv6 addresses, just like <span><strong class="command">localhost</strong></span>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="titlepage"><div><div><h3 class="title">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="id2544381"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<pre class="programlisting"><span><strong class="command">controls</strong></span> {
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [ inet ( ip_addr | * ) [ port ip_port ] allow { <em class="replaceable"><code> address_match_list </code></em> }
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater keys { <em class="replaceable"><code>key_list</code></em> }; ]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [ unix <em class="replaceable"><code>path</code></em> perm <em class="replaceable"><code>number</code></em> owner <em class="replaceable"><code>number</code></em> group <em class="replaceable"><code>number</code></em> keys { <em class="replaceable"><code>key_list</code></em> }; ]
a070512005933acaf17f635c6371e555425d9641Automatic Updater<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="controls_statement_definition_and_usage"></a><span><strong class="command">controls</strong></span> Statement Definition and
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson The <span><strong class="command">controls</strong></span> statement declares control
3341c8b653577f2f0cb8b72702ea6197035334ffMark Andrews channels to be used by system administrators to control the
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson operation of the name server. These control channels are
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson used by the <span><strong class="command">rndc</strong></span> utility to send
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson commands to and retrieve non-DNS results from a name server.
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews An <span><strong class="command">inet</strong></span> control channel is a TCP socket
9870509cb161e9c8d809ea2db41d371317ba2a35Automatic Updater listening at the specified <span><strong class="command">ip_port</strong></span> on the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater specified <span><strong class="command">ip_addr</strong></span>, which can be an IPv4 or IPv6
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews address. An <span><strong class="command">ip_addr</strong></span> of <code class="literal">*</code> is
282e38d96feb488fddbbc0b0409491094786977fMark Andrews interpreted as the IPv4 wildcard address; connections will be
9870509cb161e9c8d809ea2db41d371317ba2a35Automatic Updater accepted on any of the system's IPv4 addresses.
9870509cb161e9c8d809ea2db41d371317ba2a35Automatic Updater To listen on the IPv6 wildcard address,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater use an <span><strong class="command">ip_addr</strong></span> of <code class="literal">::</code>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If you will only use <span><strong class="command">rndc</strong></span> on the local host,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater using the loopback address (<code class="literal">127.0.0.1</code>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater or <code class="literal">::1</code>) is recommended for maximum security.
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews If no port is specified, port 953 is used.
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews "<code class="literal">*</code>" cannot be used for <span><strong class="command">ip_port</strong></span>.
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews The ability to issue commands over the control channel is
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews restricted by the <span><strong class="command">allow</strong></span> and
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews <span><strong class="command">keys</strong></span> clauses.
0ca8fddd5b5e26d8a05f0936fc4b2666a025b9c0Mark Andrews Connections to the control channel are permitted based on the
c6517a807173827b8f638d31303805ee4c1d8054Automatic Updater <span><strong class="command">address_match_list</strong></span>. This is for simple
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews IP address based filtering only; any <span><strong class="command">key_id</strong></span>
c6517a807173827b8f638d31303805ee4c1d8054Automatic Updater elements of the <span><strong class="command">address_match_list</strong></span>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews An <span><strong class="command">unix</strong></span> control channel is a UNIX domain
10b4a0c3a4eec1b22b990c0a0595fbda51f54e94Automatic Updater socket listening at the specified path in the file system.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews Access to the socket is specified by the <span><strong class="command">perm</strong></span>,
d56e188030368b835122d759ebbf8d9613c166f4Mark Andrews <span><strong class="command">owner</strong></span> and <span><strong class="command">group</strong></span> clauses.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews Note on some platforms (SunOS and Solaris) the permissions
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews (<span><strong class="command">perm</strong></span>) are applied to the parent directory
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews as the permissions on the socket itself are ignored.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews The primary authorization mechanism of the command
bf1263835e8e35421960f65088c043f42aacef13Mark Andrews channel is the <span><strong class="command">key_list</strong></span>, which
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews contains a list of <span><strong class="command">key_id</strong></span>s.
21f8d40dbd9be951555f46b0bfa23571c5a9b913Automatic Updater Each <span><strong class="command">key_id</strong></span> in the <span><strong class="command">key_list</strong></span>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews is authorized to execute commands over the control channel.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews See <a href="Bv9ARM.ch03.html#rndc">Remote Name Daemon Control application</a> in <a href="Bv9ARM.ch03.html#admin_tools" title="Administrative Tools">the section called “Administrative Tools”</a>)
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews for information about configuring keys in <span><strong class="command">rndc</strong></span>.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews If no <span><strong class="command">controls</strong></span> statement is present,
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews <span><strong class="command">named</strong></span> will set up a default
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews control channel listening on the loopback address 127.0.0.1
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews and its IPv6 counterpart ::1.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews In this case, and also when the <span><strong class="command">controls</strong></span> statement
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews is present but does not have a <span><strong class="command">keys</strong></span> clause,
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews <span><strong class="command">named</strong></span> will attempt to load the command channel key
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews from the file <code class="filename">rndc.key</code> in
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <code class="filename">/etc</code> (or whatever <code class="varname">sysconfdir</code>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews was specified as when <span class="acronym">BIND</span> was built).
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews To create a <code class="filename">rndc.key</code> file, run
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <strong class="userinput"><code>rndc-confgen -a</code></strong>.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <code class="filename">rndc.key</code> feature was created to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews ease the transition of systems from <span class="acronym">BIND</span> 8,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews which did not have digital signatures on its command channel
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews messages and thus did not have a <span><strong class="command">keys</strong></span> clause.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews It makes it possible to use an existing <span class="acronym">BIND</span> 8
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews configuration file in <span class="acronym">BIND</span> 9 unchanged,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews and still have <span><strong class="command">rndc</strong></span> work the same way
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">ndc</strong></span> worked in BIND 8, simply by executing the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews command <strong class="userinput"><code>rndc-confgen -a</code></strong> after BIND 9 is
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Since the <code class="filename">rndc.key</code> feature
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews is only intended to allow the backward-compatible usage of
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span class="acronym">BIND</span> 8 configuration files, this
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews feature does not
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews have a high degree of configurability. You cannot easily change
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews the key name or the size of the secret, so you should make a
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <code class="filename">rndc.conf</code> with your own key if you
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews wish to change
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews those things. The <code class="filename">rndc.key</code> file
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews also has its
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews permissions set such that only the owner of the file (the user that
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">named</strong></span> is running as) can access it.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews desire greater flexibility in allowing other users to access
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">rndc</strong></span> commands then you need to create
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <code class="filename">rndc.conf</code> and make it group
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews readable by a group
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews that contains the users who should have access.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews To disable the command channel, use an empty
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">controls</strong></span> statement:
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">controls { };</strong></span>.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<div class="titlepage"><div><div><h3 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="id2544674"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<pre class="programlisting">include <em class="replaceable"><code>filename</code></em>;</pre>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<div class="titlepage"><div><div><h3 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="id2544689"></a><span><strong class="command">include</strong></span> Statement Definition and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <span><strong class="command">include</strong></span> statement inserts the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews specified file at the point where the <span><strong class="command">include</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews statement is encountered. The <span><strong class="command">include</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews statement facilitates the administration of configuration
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews by permitting the reading or writing of some things but not
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews others. For example, the statement could include private keys
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews that are readable only by the name server.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<div class="titlepage"><div><div><h3 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="id2544712"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<pre class="programlisting">key <em class="replaceable"><code>key_id</code></em> {
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews algorithm <em class="replaceable"><code>string</code></em>;
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews secret <em class="replaceable"><code>string</code></em>;
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<div class="titlepage"><div><div><h3 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="id2544733"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <span><strong class="command">key</strong></span> statement defines a shared
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews secret key for use with TSIG (see <a href="Bv9ARM.ch04.html#tsig" title="TSIG">the section called “TSIG”</a>)
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews or the command channel
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews (see <a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Usage">the section called “<span><strong class="command">controls</strong></span> Statement Definition and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Usage”</a>).
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews The <span><strong class="command">key</strong></span> statement can occur at the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews of the configuration file or inside a <span><strong class="command">view</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews statement. Keys defined in top-level <span><strong class="command">key</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews statements can be used in all views. Keys intended for use in
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews a <span><strong class="command">controls</strong></span> statement
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews (see <a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Usage">the section called “<span><strong class="command">controls</strong></span> Statement Definition and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Usage”</a>)
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews must be defined at the top level.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <em class="replaceable"><code>key_id</code></em>, also known as the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews key name, is a domain name uniquely identifying the key. It can
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews be used in a <span><strong class="command">server</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews statement to cause requests sent to that
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews server to be signed with this key, or in address match lists to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews verify that incoming requests have been signed with a key
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews matching this name, algorithm, and secret.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <em class="replaceable"><code>algorithm_id</code></em> is a string
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews that specifies a security/authentication algorithm. The only
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews algorithm currently supported with TSIG authentication is
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <em class="replaceable"><code>secret_string</code></em> is the secret
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews used by the algorithm, and is treated as a base-64 encoded
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<div class="titlepage"><div><div><h3 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="id2544805"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<pre class="programlisting"><span><strong class="command">logging</strong></span> {
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">channel</strong></span> <em class="replaceable"><code>channel_name</code></em> {
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews ( <span><strong class="command">file</strong></span> <em class="replaceable"><code>path name</code></em>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">versions</strong></span> ( <em class="replaceable"><code>number</code></em> | <span><strong class="command">unlimited</strong></span> ) ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">size</strong></span> <em class="replaceable"><code>size spec</code></em> ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews | <span><strong class="command">syslog</strong></span> <em class="replaceable"><code>syslog_facility</code></em>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews | <span><strong class="command">stderr</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews | <span><strong class="command">null</strong></span> );
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">severity</strong></span> (<code class="option">critical</code> | <code class="option">error</code> | <code class="option">warning</code> | <code class="option">notice</code> |
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <code class="option">info</code> | <code class="option">debug</code> [ <em class="replaceable"><code>level</code></em> ] | <code class="option">dynamic</code> ); ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">print-category</strong></span> <code class="option">yes</code> or <code class="option">no</code>; ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">print-severity</strong></span> <code class="option">yes</code> or <code class="option">no</code>; ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">print-time</strong></span> <code class="option">yes</code> or <code class="option">no</code>; ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [ <span><strong class="command">category</strong></span> <em class="replaceable"><code>category_name</code></em> {
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <em class="replaceable"><code>channel_name</code></em> ; [ <em class="replaceable"><code>channel_name</code></em> ; ... ]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<div class="titlepage"><div><div><h3 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="id2544931"></a><span><strong class="command">logging</strong></span> Statement Definition and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews The <span><strong class="command">logging</strong></span> statement configures a
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews variety of logging options for the name server. Its <span><strong class="command">channel</strong></span> phrase
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews associates output methods, format options and severity levels with
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews a name that can then be used with the <span><strong class="command">category</strong></span> phrase
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews to select how various classes of messages are logged.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Only one <span><strong class="command">logging</strong></span> statement is used to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews as many channels and categories as are wanted. If there is no <span><strong class="command">logging</strong></span> statement,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews the logging configuration will be:
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews category default { default_syslog; default_debug; };
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews category unmatched { null; };
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews In <span class="acronym">BIND</span> 9, the logging configuration
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews is only established when
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews the entire configuration file has been parsed. In <span class="acronym">BIND</span> 8, it was
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews established as soon as the <span><strong class="command">logging</strong></span>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews was parsed. When the server is starting up, all logging messages
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews regarding syntax errors in the configuration file go to the default
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews channels, or to standard error if the "<code class="option">-g</code>" option
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews was specified.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<div class="titlepage"><div><div><h4 class="title">
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews<a name="id2545051"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews All log output goes to one or more <span class="emphasis"><em>channels</em></span>;
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews you can make as many of them as you want.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Every channel definition must include a destination clause that
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews says whether messages selected for the channel go to a file, to a
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews particular syslog facility, to the standard error stream, or are
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews discarded. It can optionally also limit the message severity level
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews that will be accepted by the channel (the default is
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">info</strong></span>), and whether to include a
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews <span><strong class="command">named</strong></span>-generated time stamp, the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington category name
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and/or severity level (the default is not to include any).
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews The <span><strong class="command">null</strong></span> destination clause
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews causes all messages sent to the channel to be discarded;
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews in that case, other options for the channel are meaningless.
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews The <span><strong class="command">file</strong></span> destination clause directs
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews to a disk file. It can include limitations
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews both on how large the file is allowed to become, and how many
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews of the file will be saved each time the file is opened.
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews If you use the <span><strong class="command">versions</strong></span> log file
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews option, then
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews <span><strong class="command">named</strong></span> will retain that many backup
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews versions of the file by
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews renaming them when opening. For example, if you choose to keep 3
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews old versions
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews of the file <code class="filename">lamers.log</code> then just
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews before it is opened
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews <code class="filename">lamers.log.1</code> is renamed to
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews <code class="filename">lamers.log.2</code>, <code class="filename">lamers.log.0</code> is renamed
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater to <code class="filename">lamers.log.1</code>, and <code class="filename">lamers.log</code> is
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater renamed to <code class="filename">lamers.log.0</code>.
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater You can say <span><strong class="command">versions unlimited</strong></span> to
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater the number of versions.
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater If a <span><strong class="command">size</strong></span> option is associated with
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater then renaming is only done when the file being opened exceeds the
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater indicated size. No backup versions are kept by default; any
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater log file is simply appended.
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater The <span><strong class="command">size</strong></span> option for files is used
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater growth. If the file ever exceeds the size, then <span><strong class="command">named</strong></span> will
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater stop writing to the file unless it has a <span><strong class="command">versions</strong></span> option
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater associated with it. If backup versions are kept, the files are
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater described above and a new one begun. If there is no
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater <span><strong class="command">versions</strong></span> option, no more data will
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater be written to the log
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater until some out-of-band mechanism removes or truncates the log to
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater maximum size. The default behavior is not to limit the size of
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson Example usage of the <span><strong class="command">size</strong></span> and
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <span><strong class="command">versions</strong></span> options:
309b912841e8b97bf0b0df0d96c3eaf16990c080Automatic Updater<pre class="programlisting">channel an_example_channel {
56874aef380a64a2c183b7c282c3e7a361d67fa1Automatic Updater file "example.log" versions 3 size 20m;
56874aef380a64a2c183b7c282c3e7a361d67fa1Automatic Updater print-time yes;
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson print-category yes;
754ebd37e782356aedbb2987e3c1a8ab4f29574eMark Andrews The <span><strong class="command">syslog</strong></span> destination clause
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews channel to the system log. Its argument is a
5c679dbb66df92766f6a7e7bb93c18d61275d1feMark Andrews syslog facility as described in the <span><strong class="command">syslog</strong></span> man
5c679dbb66df92766f6a7e7bb93c18d61275d1feMark Andrews page. Known facilities are <span><strong class="command">kern</strong></span>, <span><strong class="command">user</strong></span>,
5c679dbb66df92766f6a7e7bb93c18d61275d1feMark Andrews <span><strong class="command">mail</strong></span>, <span><strong class="command">daemon</strong></span>, <span><strong class="command">auth</strong></span>,
5c679dbb66df92766f6a7e7bb93c18d61275d1feMark Andrews <span><strong class="command">syslog</strong></span>, <span><strong class="command">lpr</strong></span>, <span><strong class="command">news</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">uucp</strong></span>, <span><strong class="command">cron</strong></span>, <span><strong class="command">authpriv</strong></span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">ftp</strong></span>, <span><strong class="command">local0</strong></span>, <span><strong class="command">local1</strong></span>,
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <span><strong class="command">local2</strong></span>, <span><strong class="command">local3</strong></span>, <span><strong class="command">local4</strong></span>,
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <span><strong class="command">local5</strong></span>, <span><strong class="command">local6</strong></span> and
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews <span><strong class="command">local7</strong></span>, however not all facilities
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews are supported on
da93950363b307b718d156514b95b9df93a63776Mark Andrews all operating systems.
da93950363b307b718d156514b95b9df93a63776Mark Andrews How <span><strong class="command">syslog</strong></span> will handle messages
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater this facility is described in the <span><strong class="command">syslog.conf</strong></span> man
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater page. If you have a system which uses a very old version of <span><strong class="command">syslog</strong></span> that
f55369d776907119cd8699a4119d9c80daa7cae4Mark Andrews only uses two arguments to the <span><strong class="command">openlog()</strong></span> function,
f6056ad06781c95198505ae3a361e6dd98df4b91Automatic Updater then this clause is silently ignored.
f6056ad06781c95198505ae3a361e6dd98df4b91Automatic Updater The <span><strong class="command">severity</strong></span> clause works like <span><strong class="command">syslog</strong></span>'s
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater "priorities", except that they can also be used if you are writing
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater straight to a file rather than using <span><strong class="command">syslog</strong></span>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Messages which are not at least of the severity level given will
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater not be selected for the channel; messages of higher severity
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington will be accepted.
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater If you are using <span><strong class="command">syslog</strong></span>, then the <span><strong class="command">syslog.conf</strong></span> priorities
79207ee45ade44ff32f6ca93c5b60250bc482089Automatic Updater will also determine what eventually passes through. For example,
79207ee45ade44ff32f6ca93c5b60250bc482089Automatic Updater defining a channel facility and severity as <span><strong class="command">daemon</strong></span> and <span><strong class="command">debug</strong></span> but
79207ee45ade44ff32f6ca93c5b60250bc482089Automatic Updater only logging <span><strong class="command">daemon.warning</strong></span> via <span><strong class="command">syslog.conf</strong></span> will
79207ee45ade44ff32f6ca93c5b60250bc482089Automatic Updater cause messages of severity <span><strong class="command">info</strong></span> and
79207ee45ade44ff32f6ca93c5b60250bc482089Automatic Updater <span><strong class="command">notice</strong></span> to
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater be dropped. If the situation were reversed, with <span><strong class="command">named</strong></span> writing
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater messages of only <span><strong class="command">warning</strong></span> or higher,
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater then <span><strong class="command">syslogd</strong></span> would
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater print all messages it received from the channel.
c51b419ad4ebc3997e16ddb8760245fc8ebf522bAutomatic Updater The <span><strong class="command">stderr</strong></span> destination clause
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews channel to the server's standard error stream. This is intended
251227789bd26421471076f04f4e9eb7f0efb2f1Mark Andrews use when the server is running as a foreground process, for
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater when debugging a configuration.
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater The server can supply extensive debugging information when
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater it is in debugging mode. If the server's global debug level is
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater than zero, then debugging mode will be active. The global debug
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater level is set either by starting the <span><strong class="command">named</strong></span> server
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater with the <code class="option">-d</code> flag followed by a positive integer,
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater or by running <span><strong class="command">rndc trace</strong></span>.
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater The global debug level
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews can be set to zero, and debugging mode turned off, by running <span><strong class="command">ndc
068a66979695c77359e7a9181bb3f831c965b21cMark Andrewsnotrace</strong></span>. All debugging messages in the server have a debug
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews level, and higher debug levels give more detailed output. Channels
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews that specify a specific debug severity, for example:
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<pre class="programlisting">channel specific_debug_level {
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews severity debug 3;
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews will get debugging output of level 3 or less any time the
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews server is in debugging mode, regardless of the global debugging
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews level. Channels with <span><strong class="command">dynamic</strong></span>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews severity use the
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews server's global debug level to determine what messages to print.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews If <span><strong class="command">print-time</strong></span> has been turned on,
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews the date and time will be logged. <span><strong class="command">print-time</strong></span> may
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews be specified for a <span><strong class="command">syslog</strong></span> channel,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater but is usually
f459d71198c95aee14506310947bbbf495ed2553Automatic Updater pointless since <span><strong class="command">syslog</strong></span> also prints
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews the date and
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews time. If <span><strong class="command">print-category</strong></span> is
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews requested, then the
45eca3a5d46ed15aee14d81f6cb6c9fb6f365344Mark Andrews category of the message will be logged as well. Finally, if <span><strong class="command">print-severity</strong></span> is
45eca3a5d46ed15aee14d81f6cb6c9fb6f365344Mark Andrews on, then the severity level of the message will be logged. The <span><strong class="command">print-</strong></span> options may
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater be used in any combination, and will always be printed in the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater order: time, category, severity. Here is an example where all
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater three <span><strong class="command">print-</strong></span> options
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews <code class="computeroutput">28-Feb-2000 15:05:32.863 general: notice: running</code>
872a5b83f68b8058945298715b0fa53442aad52fAutomatic Updater There are four predefined channels that are used for
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews <span><strong class="command">named</strong></span>'s default logging as follows.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews used is described in <a href="Bv9ARM.ch06.html#the_category_phrase" title="The category Phrase">the section called “The <span><strong class="command">category</strong></span> Phrase”</a>.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<pre class="programlisting">channel default_syslog {
90eba8a49d580f9e718983fa39d8e5ee483558c9Automatic Updater syslog daemon; // send to syslog's daemon
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater severity info; // only send priority info
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews // and higher
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellingtonchannel default_debug {
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington // the working directory
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington // Note: stderr is used instead
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington // if the server is started
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington // with the '-f' option.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington severity dynamic; // log at the server's
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington // current debug level
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterchannel default_stderr {
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater stderr; // writes to stderr
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater severity info; // only send priority info
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrewschannel null {
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater null; // toss anything sent to
6c68e68fc550c947100581eb7b5340b81c062c94Andreas Gustafsson // this channel
bf1263835e8e35421960f65088c043f42aacef13Mark Andrews The <span><strong class="command">default_debug</strong></span> channel has the
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews property that it only produces output when the server's debug
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews nonzero. It normally writes to a file <code class="filename">named.run</code>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in the server's working directory.
7a6ad11e0185a73984410f3252f3c49c3a301dbdBrian Wellington For security reasons, when the "<code class="option">-u</code>"
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews command line option is used, the <code class="filename">named.run</code> file
8ce463bc15cde5b488f0c58699c5de7a058abcc1Automatic Updater is created only after <span><strong class="command">named</strong></span> has
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson changed to the
c01dec514a81ecf8c17ca3ef8c3ba95e437295ebAutomatic Updater new UID, and any debug output generated while <span><strong class="command">named</strong></span> is
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews starting up and still running as root is discarded. If you need
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews to capture this output, you must run the server with the "<code class="option">-g</code>"
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews option and redirect standard error to a file.
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews Once a channel is defined, it cannot be redefined. Thus you
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews cannot alter the built-in channels directly, but you can modify
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews the default logging by pointing categories at channels you have
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews<div class="titlepage"><div><div><h4 class="title">
6ceb29d4d4d6f639e50317fa6015806e80aa422aAutomatic Updater<a name="the_category_phrase"></a>The <span><strong class="command">category</strong></span> Phrase</h4></div></div></div>
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews There are many categories, so you can send the logs you want
4cda4fd158d6ded5586bacea8c388445d99611eaAutomatic Updater to see wherever you want, without seeing logs you don't want. If
063c7af445b99e88f5377d9908a63880e4c86afdAutomatic Updater you don't specify a list of channels for a category, then log
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson in that category will be sent to the <span><strong class="command">default</strong></span> category
c01dec514a81ecf8c17ca3ef8c3ba95e437295ebAutomatic Updater instead. If you don't specify a default category, the following
981fd9903a13ba8b13e181a9eee51f228c7204c1Automatic Updater "default default" is used:
3098364bcdd7a719fbafa5fc8d2cc9e90e5a5989Automatic Updater<pre class="programlisting">category default { default_syslog; default_debug; };
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews As an example, let's say you want to log security events to
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews a file, but you also want keep the default logging behavior. You'd
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson specify the following:
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<pre class="programlisting">channel my_security_channel {
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews file "my_security_file";
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews severity info;
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrewscategory security {
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews my_security_channel;
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews default_syslog;
1cfd513f9df4f1485c81c245e1292a68f74e581aAutomatic Updater default_debug;
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews To discard all messages in a category, specify the <span><strong class="command">null</strong></span> channel:
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<pre class="programlisting">category xfer-out { null; };
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrewscategory notify { null; };
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Following are the available categories and brief descriptions
6ceb29d4d4d6f639e50317fa6015806e80aa422aAutomatic Updater of the types of log information they contain. More
063c7af445b99e88f5377d9908a63880e4c86afdAutomatic Updater categories may be added in future <span class="acronym">BIND</span> releases.
289caa2d1585365e94116bdfd8818da313301d7dAutomatic Updater<div class="informaltable"><table border="1">
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">default</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews The default category defines the logging
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews options for those categories where no specific
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews configuration has been
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">general</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews The catch-all. Many things still aren't
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews classified into categories, and they all end up here.
3098364bcdd7a719fbafa5fc8d2cc9e90e5a5989Automatic Updater <p><span><strong class="command">database</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Messages relating to the databases used
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews internally by the name server to store zone and cache
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">security</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Approval and denial of requests.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">config</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Configuration file parsing and processing.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">resolver</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews DNS resolution, such as the recursive
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews lookups performed on behalf of clients by a caching name
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">xfer-in</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Zone transfers the server is receiving.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">xfer-out</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Zone transfers the server is sending.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">notify</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews The NOTIFY protocol.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">client</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Processing of client requests.
289caa2d1585365e94116bdfd8818da313301d7dAutomatic Updater <p><span><strong class="command">unmatched</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Messages that named was unable to determine the
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews class of or for which there was no matching <span><strong class="command">view</strong></span>.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews A one line summary is also logged to the <span><strong class="command">client</strong></span> category.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews This category is best sent to a file or stderr, by
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson default it is sent to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the <span><strong class="command">null</strong></span> channel.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">network</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Network operations.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">update</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Dynamic updates.
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson <p><span><strong class="command">update-security</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Approval and denial of update requests.
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews <p><span><strong class="command">queries</strong></span></p>
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews Specify where queries should be logged to.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater At startup, specifing the category <span><strong class="command">queries</strong></span> will also
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson enable query logging unless <span><strong class="command">querylog</strong></span> option has been
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The query log entry reports the client's IP address and
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson port number. The
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater query name, class and type. It also reports whether the
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Recursion Desired
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater flag was set (+ if set, - if not set), EDNS was in use
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews query was signed (S).
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <code class="computeroutput">client 127.0.0.1#62536: query: www.example.com IN AAAA +SE</code>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <code class="computeroutput">client ::1#62537: query: www.example.net IN AAAA -SE</code>
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews <p><span><strong class="command">dispatch</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Dispatching of incoming packets to the
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews server modules where they are to be processed.
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews <p><span><strong class="command">dnssec</strong></span></p>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews DNSSEC and TSIG protocol processing.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">lame-servers</strong></span></p>
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson Lame servers. These are misconfigurations
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in remote servers, discovered by BIND 9 when trying to
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews those servers during resolution.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <p><span><strong class="command">delegation-only</strong></span></p>
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson Delegation only. Logs queries that have have
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater been forced to NXDOMAIN as the result of a
1676408640d8283c9f17eec0b183e1302ea7fd70Mark Andrews delegation-only zone or
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews a <span><strong class="command">delegation-only</strong></span> in a
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews hint or stub zone declaration.
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2546486"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews This is the grammar of the <span><strong class="command">lwres</strong></span>
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews statement in the <code class="filename">named.conf</code> file:
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson<pre class="programlisting"><span><strong class="command">lwres</strong></span> {
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> listen-on { <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews [<span class="optional"> view <em class="replaceable"><code>view_name</code></em>; </span>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [<span class="optional"> search { <em class="replaceable"><code>domain_name</code></em> ; [<span class="optional"> <em class="replaceable"><code>domain_name</code></em> ; ... </span>] }; </span>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [<span class="optional"> ndots <em class="replaceable"><code>number</code></em>; </span>]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="id2546560"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">lwres</strong></span> statement configures the
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews server to also act as a lightweight resolver server, see
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <a href="Bv9ARM.ch05.html#lwresd" title="Running a Resolver Daemon">the section called “Running a Resolver Daemon”</a>. There may be be multiple
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson <span><strong class="command">lwres</strong></span> statements configuring
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater lightweight resolver servers with different properties.
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews The <span><strong class="command">listen-on</strong></span> statement specifies a
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson addresses (and ports) that this instance of a lightweight resolver
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews should accept requests on. If no port is specified, port 921 is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If this statement is omitted, requests will be accepted on
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews The <span><strong class="command">view</strong></span> statement binds this
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews instance of a
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews lightweight resolver daemon to a view in the DNS namespace, so that
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews response will be constructed in the same manner as a normal DNS
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater matching this view. If this statement is omitted, the default view
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater used, and if there is no default view, an error is triggered.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">search</strong></span> statement is equivalent to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">search</strong></span> statement in
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews <code class="filename">/etc/resolv.conf</code>. It provides a
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews list of domains
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews which are appended to relative names in queries.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">ndots</strong></span> statement is equivalent to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">ndots</strong></span> statement in
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews <code class="filename">/etc/resolv.conf</code>. It indicates the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater number of dots in a relative domain name that should result in an
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson exact match lookup before search path elements are appended.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<div class="titlepage"><div><div><h3 class="title">
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews<a name="id2546624"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson<span><strong class="command">masters</strong></span> <em class="replaceable"><code>name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> | <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] };
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<div class="titlepage"><div><div><h3 class="title">
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews<a name="id2546667"></a><span><strong class="command">masters</strong></span> Statement Definition and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<p><span><strong class="command">masters</strong></span>
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson lists allow for a common set of masters to be easily used by
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater multiple stub and slave zones.
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews<div class="titlepage"><div><div><h3 class="title">
94da7d97aecac6e3edb92aafa6b2bc8e80404e11Mark Andrews<a name="id2546682"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This is the grammar of the <span><strong class="command">options</strong></span>
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson statement in the <code class="filename">named.conf</code> file:
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [<span class="optional"> version <em class="replaceable"><code>version_string</code></em>; </span>]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews [<span class="optional"> hostname <em class="replaceable"><code>hostname_string</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> server-id <em class="replaceable"><code>server_id_string</code></em>; </span>]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson [<span class="optional"> directory <em class="replaceable"><code>path_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> key-directory <em class="replaceable"><code>path_name</code></em>; </span>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [<span class="optional"> named-xfer <em class="replaceable"><code>path_name</code></em>; </span>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [<span class="optional"> tkey-domain <em class="replaceable"><code>domainname</code></em>; </span>]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews [<span class="optional"> tkey-dhkey <em class="replaceable"><code>key_name</code></em> <em class="replaceable"><code>key_tag</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> dump-file <em class="replaceable"><code>path_name</code></em>; </span>]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson [<span class="optional"> memstatistics-file <em class="replaceable"><code>path_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> pid-file <em class="replaceable"><code>path_name</code></em>; </span>]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews [<span class="optional"> statistics-file <em class="replaceable"><code>path_name</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> zone-statistics <em class="replaceable"><code>yes_or_no</code></em>; </span>]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews [<span class="optional"> auth-nxdomain <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> deallocate-on-exit <em class="replaceable"><code>yes_or_no</code></em>; </span>]
063c7af445b99e88f5377d9908a63880e4c86afdAutomatic Updater [<span class="optional"> dialup <em class="replaceable"><code>dialup_option</code></em>; </span>]
d30cacd81fba215923a09fae58461983142efe8bAutomatic Updater [<span class="optional"> fake-iquery <em class="replaceable"><code>yes_or_no</code></em>; </span>]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson [<span class="optional"> fetch-glue <em class="replaceable"><code>yes_or_no</code></em>; </span>]
c01dec514a81ecf8c17ca3ef8c3ba95e437295ebAutomatic Updater [<span class="optional"> flush-zones-on-shutdown <em class="replaceable"><code>yes_or_no</code></em>; </span>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [<span class="optional"> has-old-clients <em class="replaceable"><code>yes_or_no</code></em>; </span>]
dd9ad704c3800e3ab07ede8595871eac79984871Mark Andrews [<span class="optional"> host-statistics <em class="replaceable"><code>yes_or_no</code></em>; </span>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [<span class="optional"> host-statistics-max <em class="replaceable"><code>number</code></em>; </span>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [<span class="optional"> minimal-responses <em class="replaceable"><code>yes_or_no</code></em>; </span>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [<span class="optional"> multiple-cnames <em class="replaceable"><code>yes_or_no</code></em>; </span>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [<span class="optional"> notify <em class="replaceable"><code>yes_or_no</code></em> | <em class="replaceable"><code>explicit</code></em> | <em class="replaceable"><code>master-only</code></em>; </span>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [<span class="optional"> recursion <em class="replaceable"><code>yes_or_no</code></em>; </span>]
a168158d5d68f0210ff2e7fe10c52257027228e0Automatic Updater [<span class="optional"> rfc2308-type1 <em class="replaceable"><code>yes_or_no</code></em>; </span>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [<span class="optional"> use-id-pool <em class="replaceable"><code>yes_or_no</code></em>; </span>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [<span class="optional"> maintain-ixfr-base <em class="replaceable"><code>yes_or_no</code></em>; </span>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [<span class="optional"> dnssec-enable <em class="replaceable"><code>yes_or_no</code></em>; </span>]
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews [<span class="optional"> dnssec-lookaside <em class="replaceable"><code>domain</code></em> trust-anchor <em class="replaceable"><code>domain</code></em>; </span>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [<span class="optional"> dnssec-must-be-secure <em class="replaceable"><code>domain yes_or_no</code></em>; </span>]
65f40aa6826be815fe71f0f71e51e1ee0e80d56bAutomatic Updater [<span class="optional"> forward ( <em class="replaceable"><code>only</code></em> | <em class="replaceable"><code>first</code></em> ); </span>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [<span class="optional"> forwarders { <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [<span class="optional"> dual-stack-servers [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] {
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews ( <em class="replaceable"><code>domain_name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] |
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ) ;
70232e6b444994979d8bab60bc9a8656ffd861e9Mark Andrews ... }; </span>]
1744a23d0f1c9928f98f1e0efb7bd6a4c7ad6250Automatic Updater [<span class="optional"> check-names ( <em class="replaceable"><code>master</code></em> | <em class="replaceable"><code>slave</code></em> | <em class="replaceable"><code>response</code></em> )
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews [<span class="optional"> check-mx ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> check-wildcard <em class="replaceable"><code>yes_or_no</code></em>; </span>]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews [<span class="optional"> integrity-checks <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-notify { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-query { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-query-cache { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-transfer { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> allow-recursion { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater [<span class="optional"> allow-update { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
10640b2e3efc7bc8034108136d7487f7407fbf37Andreas Gustafsson [<span class="optional"> allow-update-forwarding { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [<span class="optional"> allow-v6-synthesis { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
10640b2e3efc7bc8034108136d7487f7407fbf37Andreas Gustafsson [<span class="optional"> blackhole { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [<span class="optional"> avoid-v4-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> avoid-v6-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews [<span class="optional"> listen-on [<span class="optional"> port <em class="replaceable"><code>ip_port</code></em> </span>] { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater [<span class="optional"> listen-on-v6 [<span class="optional"> port <em class="replaceable"><code>ip_port</code></em> </span>] { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
bf46736ab182c4663beb5a08cb2ebf7c364e0aa9Automatic Updater [<span class="optional"> query-source ( ( <em class="replaceable"><code>ip4_addr</code></em> | <em class="replaceable"><code>*</code></em> )
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater [<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] |
bf46736ab182c4663beb5a08cb2ebf7c364e0aa9Automatic Updater [<span class="optional"> address ( <em class="replaceable"><code>ip4_addr</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]
70232e6b444994979d8bab60bc9a8656ffd861e9Mark Andrews [<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] ) ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> query-source-v6 ( ( <em class="replaceable"><code>ip6_addr</code></em> | <em class="replaceable"><code>*</code></em> )
bf46736ab182c4663beb5a08cb2ebf7c364e0aa9Automatic Updater [<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] |
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> address ( <em class="replaceable"><code>ip6_addr</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] ) ; </span>]
3e79333aa37d3b88959372431a02af8a3eb7cfd9Automatic Updater [<span class="optional"> max-transfer-time-in <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-transfer-time-out <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-transfer-idle-in <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-transfer-idle-out <em class="replaceable"><code>number</code></em>; </span>]
ea935c46e8261ea10621e5b038426539fe8a7cc5Mark Andrews [<span class="optional"> tcp-clients <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> recursive-clients <em class="replaceable"><code>number</code></em>; </span>]
a8644ebab678a1de66cbfaabb513651a739958afAutomatic Updater [<span class="optional"> serial-query-rate <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> serial-queries <em class="replaceable"><code>number</code></em>; </span>]
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater [<span class="optional"> tcp-listen-queue <em class="replaceable"><code>number</code></em>; </span>]
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater [<span class="optional"> transfer-format <em class="replaceable"><code>( one-answer | many-answers )</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> transfers-in <em class="replaceable"><code>number</code></em>; </span>]
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater [<span class="optional"> transfers-out <em class="replaceable"><code>number</code></em>; </span>]
4cda4fd158d6ded5586bacea8c388445d99611eaAutomatic Updater [<span class="optional"> transfers-per-ns <em class="replaceable"><code>number</code></em>; </span>]
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater [<span class="optional"> transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater [<span class="optional"> transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> alt-transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> alt-transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> use-alt-transfer-source <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> notify-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> notify-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
4cda4fd158d6ded5586bacea8c388445d99611eaAutomatic Updater [<span class="optional"> also-notify { <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater [<span class="optional"> max-ixfr-log-size <em class="replaceable"><code>number</code></em>; </span>]
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews [<span class="optional"> max-journal-size <em class="replaceable"><code>size_spec</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> coresize <em class="replaceable"><code>size_spec</code></em> ; </span>]
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews [<span class="optional"> datasize <em class="replaceable"><code>size_spec</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> files <em class="replaceable"><code>size_spec</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> stacksize <em class="replaceable"><code>size_spec</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> cleaning-interval <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> heartbeat-interval <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> interface-interval <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> statistics-interval <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> topology { <em class="replaceable"><code>address_match_list</code></em> }</span>];
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> sortlist { <em class="replaceable"><code>address_match_list</code></em> }</span>];
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> rrset-order { <em class="replaceable"><code>order_spec</code></em> ; [<span class="optional"> <em class="replaceable"><code>order_spec</code></em> ; ... </span>] </span>] };
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> lame-ttl <em class="replaceable"><code>number</code></em>; </span>]
3e79333aa37d3b88959372431a02af8a3eb7cfd9Automatic Updater [<span class="optional"> max-ncache-ttl <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-cache-ttl <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> sig-validity-interval <em class="replaceable"><code>number</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> min-roots <em class="replaceable"><code>number</code></em>; </span>]
ea935c46e8261ea10621e5b038426539fe8a7cc5Mark Andrews [<span class="optional"> use-ixfr <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> provide-ixfr <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> request-ixfr <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> treat-cr-as-space <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> min-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> min-retry-time <em class="replaceable"><code>number</code></em> ; </span>]
3a32066d653b39a3f602b697a0fb98a399b88f88Automatic Updater [<span class="optional"> max-retry-time <em class="replaceable"><code>number</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> port <em class="replaceable"><code>ip_port</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> additional-from-auth <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> additional-from-cache <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> random-device <em class="replaceable"><code>path_name</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-cache-size <em class="replaceable"><code>size_spec</code></em> ; </span>]
56874aef380a64a2c183b7c282c3e7a361d67fa1Automatic Updater [<span class="optional"> match-mapped-addresses <em class="replaceable"><code>yes_or_no</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> preferred-glue ( <em class="replaceable"><code>A</code></em> | <em class="replaceable"><code>AAAA</code></em> | <em class="replaceable"><code>NONE</code></em> ); </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> edns-udp-size <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>namelist</code></em> } </span>] ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> querylog <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> disable-algorithms <em class="replaceable"><code>domain</code></em> { <em class="replaceable"><code>algorithm</code></em>; [<span class="optional"> <em class="replaceable"><code>algorithm</code></em>; </span>] }; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> use-additional-cache <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> acache-cleaning-interval <em class="replaceable"><code>number</code></em>; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-acache-size <em class="replaceable"><code>size_spec</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> clients-per-query <em class="replaceable"><code>number</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> max-clients-per-query <em class="replaceable"><code>number</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> masterfile-format (<code class="constant">text</code>|<code class="constant">raw</code>) ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> empty-server <em class="replaceable"><code>name</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> empty-contact <em class="replaceable"><code>name</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> empty-zones-enable <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [<span class="optional"> disable-empty-zone <em class="replaceable"><code>zone_name</code></em> ; </span>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="titlepage"><div><div><h3 class="title">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<a name="options"></a><span><strong class="command">options</strong></span> Statement Definition and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">options</strong></span> statement sets up global
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to be used by <span class="acronym">BIND</span>. This statement
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater may appear only
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater once in a configuration file. If there is no <span><strong class="command">options</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater statement, an options block with each option set to its default will
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">directory</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The working directory of the server.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Any non-absolute pathnames in the configuration file will be
40696c4c389a780082fb77840c173b201ce696d6Automatic Updater as relative to this directory. The default location for most
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater output files (e.g. <code class="filename">named.run</code>)
04eba969cb9a54bbda2896db2067c07b2ac5ba16Automatic Updater is this directory.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If a directory is not specified, the working directory
40696c4c389a780082fb77840c173b201ce696d6Automatic Updater defaults to `<code class="filename">.</code>', the directory from
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater which the server
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater was started. The directory specified should be an absolute
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater<dt><span class="term"><span><strong class="command">key-directory</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater When performing dynamic update of secure zones, the
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater directory where the public and private key files should be
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater if different than the current working directory. The
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater directory specified
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater must be an absolute path.
56874aef380a64a2c183b7c282c3e7a361d67fa1Automatic Updater<dt><span class="term"><span><strong class="command">named-xfer</strong></span></span></dt>
bbb069be941f649228760edcc241122933c066d2Automatic Updater <span class="emphasis"><em>This option is obsolete.</em></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater It was used in <span class="acronym">BIND</span> 8 to
bbb069be941f649228760edcc241122933c066d2Automatic Updater specify the pathname to the <span><strong class="command">named-xfer</strong></span> program.
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater In <span class="acronym">BIND</span> 9, no separate <span><strong class="command">named-xfer</strong></span> program is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater needed; its functionality is built into the name server.
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater<dt><span class="term"><span><strong class="command">tkey-domain</strong></span></span></dt>
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater The domain appended to the names of all
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater shared keys generated with
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">TKEY</strong></span>. When a client
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater requests a <span><strong class="command">TKEY</strong></span> exchange, it
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater may or may not specify
4cda4fd158d6ded5586bacea8c388445d99611eaAutomatic Updater the desired name for the key. If present, the name of the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater key will be "<code class="varname">client specified part</code>" +
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater "<code class="varname">tkey-domain</code>".
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Otherwise, the name of the shared key will be "<code class="varname">random hex
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updaterdigits</code>" + "<code class="varname">tkey-domain</code>". In most cases,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the <span><strong class="command">domainname</strong></span> should be the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater server's domain
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">tkey-dhkey</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The Diffie-Hellman key used by the server
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to generate shared keys with clients using the Diffie-Hellman
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater of <span><strong class="command">TKEY</strong></span>. The server must be
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater able to load the
3098364bcdd7a719fbafa5fc8d2cc9e90e5a5989Automatic Updater public and private keys from files in the working directory.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater most cases, the keyname should be the server's host name.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">dump-file</strong></span></span></dt>
3098364bcdd7a719fbafa5fc8d2cc9e90e5a5989Automatic Updater The pathname of the file the server dumps
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the database to when instructed to do so with
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">rndc dumpdb</strong></span>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If not specified, the default is <code class="filename">named_dump.db</code>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">memstatistics-file</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The pathname of the file the server writes memory
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater usage statistics to on exit. If not specified,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the default is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <code class="filename">named.memstats</code>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">pid-file</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The pathname of the file the server writes its process ID
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in. If not specified, the default is <code class="filename">/var/run/named.pid</code>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The pid-file is used by programs that want to send signals to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater name server. Specifying <span><strong class="command">pid-file none</strong></span> disables the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater use of a PID file — no file will be written and any
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater existing one will be removed. Note that <span><strong class="command">none</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater is a keyword, not a file name, and therefore is not enclosed
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater double quotes.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">statistics-file</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The pathname of the file the server appends statistics
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to when instructed to do so using <span><strong class="command">rndc stats</strong></span>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If not specified, the default is <code class="filename">named.stats</code> in the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater server's current directory. The format of the file is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in <a href="Bv9ARM.ch06.html#statsfile" title="The Statistics File">the section called “The Statistics File”</a>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">port</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The UDP/TCP port number the server uses for
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater receiving and sending DNS protocol traffic.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The default is 53. This option is mainly intended for server
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater a server using a port other than 53 will not be able to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater communicate with
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the global DNS.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">random-device</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The source of entropy to be used by the server. Entropy is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater primarily needed
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater for DNSSEC operations, such as TKEY transactions and dynamic
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater update of signed
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater zones. This options specifies the device (or file) from which
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater entropy. If this is a file, operations requiring entropy will
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater file has been exhausted. If not specified, the default value
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater (or equivalent) when present, and none otherwise. The
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater <span><strong class="command">random-device</strong></span> option takes
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the initial configuration load at server startup time and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater is ignored on subsequent reloads.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">preferred-glue</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If specified the listed type (A or AAAA) will be emitted
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater before other glue
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in the additional section of a query response.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The default is not to preference any type (NONE).
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">root-delegation-only</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Turn on enforcement of delegation-only in TLDs and root zones
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater with an optional
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater Note some TLDs are NOT delegation only (e.g. "DE", "LV", "US"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and "MUSEUM").
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater root-delegation-only exclude { "de"; "lv"; "us"; "museum"; };
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">disable-algorithms</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Disable the specified DNSSEC algorithms at and below the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater specified name.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Multiple <span><strong class="command">disable-algorithms</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater statements are allowed.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Only the most specific will be applied.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">dnssec-lookaside</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater When set <span><strong class="command">dnssec-lookaside</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater validator with an alternate method to validate DNSKEY records
42e4f5af6825b3b7ea5e64e6df802394868a0546Automatic Updater top of a zone. When a DNSKEY is at or below a domain
f8448666aa53603696bea83de971a05007735d8fMark Andrews specified by the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater deepest <span><strong class="command">dnssec-lookaside</strong></span>, and
0d3490f93bb980fde704055e74c1b508987a5fe4Mark Andrews the normal dnssec validation
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater has left the key untrusted, the trust-anchor will be append to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater name and a DLV record will be looked up to see if it can
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater key. If the DLV record validates a DNSKEY (similarly to the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater record does) the DNSKEY RRset is deemed to be trusted.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">dnssec-must-be-secure</strong></span></span></dt>
5ae0e2c8b72fa44237edeb37d1945b1c3535ca39Automatic Updater Specify heirachies which must / may not be secure (signed and
bbb069be941f649228760edcc241122933c066d2Automatic Updater If <strong class="userinput"><code>yes</code></strong> then named will only accept
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater answers if they
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater If <strong class="userinput"><code>no</code></strong> then normal dnssec validation
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson allowing for insecure answers to be accepted.
992616aaf75643a0c9f84826f0a1ed5a27e84328Mark Andrews The specified domain must be under a <span><strong class="command">trusted-key</strong></span> or
59dd3b3cd954239d98ef52cd26328856cb6f2975Automatic Updater <span><strong class="command">dnssec-lookaside</strong></span> must be
dde4bc92964ec60a35212dfed59562580e3265e3Mark Andrews<div class="titlepage"><div><div><h4 class="title">
40696c4c389a780082fb77840c173b201ce696d6Automatic Updater<a name="boolean_options"></a>Boolean Options</h4></div></div></div>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">auth-nxdomain</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If <strong class="userinput"><code>yes</code></strong>, then the <span><strong class="command">AA</strong></span> bit
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater is always set on NXDOMAIN responses, even if the server is
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater authoritative. The default is <strong class="userinput"><code>no</code></strong>;
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater a change from <span class="acronym">BIND</span> 8. If you
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater are using very old DNS software, you
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater may need to set it to <strong class="userinput"><code>yes</code></strong>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">deallocate-on-exit</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This option was used in <span class="acronym">BIND</span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater 8 to enable checking
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater for memory leaks on exit. <span class="acronym">BIND</span> 9 ignores the option and always performs
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">dialup</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If <strong class="userinput"><code>yes</code></strong>, then the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater server treats all zones as if they are doing zone transfers
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater a dial on demand dialup link, which can be brought up by
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater originating from this server. This has different effects
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater to zone type and concentrates the zone maintenance so that
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater happens in a short interval, once every <span><strong class="command">heartbeat-interval</strong></span> and
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater hopefully during the one call. It also suppresses some of
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater zone maintenance traffic. The default is <strong class="userinput"><code>no</code></strong>.
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews The <span><strong class="command">dialup</strong></span> option
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater may also be specified in the <span><strong class="command">view</strong></span> and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">zone</strong></span> statements,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in which case it overrides the global <span><strong class="command">dialup</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If the zone is a master zone then the server will send out a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater request to all the slaves (default). This should trigger the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater number check in the slave (providing it supports NOTIFY)
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater allowing the slave
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to verify the zone while the connection is active.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The set of servers to which NOTIFY is sent can be controlled
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">notify</strong></span> and <span><strong class="command">also-notify</strong></span>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater zone is a slave or stub zone, then the server will suppress
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater "zone up to date" (refresh) queries and only perform them
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">heartbeat-interval</strong></span> expires in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater addition to sending
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater NOTIFY requests.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Finer control can be achieved by using
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>notify</code></strong> which only sends NOTIFY
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>notify-passive</code></strong> which sends NOTIFY
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater suppresses the normal refresh queries, <strong class="userinput"><code>refresh</code></strong>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater which suppresses normal refresh processing and sends refresh
f6056ad06781c95198505ae3a361e6dd98df4b91Automatic Updater when the <span><strong class="command">heartbeat-interval</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <strong class="userinput"><code>passive</code></strong> which just disables normal
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="informaltable"><table border="1">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater normal refresh
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater heart-beat refresh
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater heart-beat notify
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">no</strong></span> (default)</p>
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater <p><span><strong class="command">yes</strong></span></p>
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater <p><span><strong class="command">notify</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">refresh</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">passive</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <p><span><strong class="command">notify-passive</strong></span></p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Note that normal NOTIFY processing is not affected by
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">dialup</strong></span>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">fake-iquery</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater In <span class="acronym">BIND</span> 8, this option
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington enabled simulating the obsolete DNS query type
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater IQUERY. <span class="acronym">BIND</span> 9 never does
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater IQUERY simulation.
c6517a807173827b8f638d31303805ee4c1d8054Automatic Updater<dt><span class="term"><span><strong class="command">fetch-glue</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This option is obsolete.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater In BIND 8, <strong class="userinput"><code>fetch-glue yes</code></strong>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater caused the server to attempt to fetch glue resource records
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater didn't have when constructing the additional
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington data section of a response. This is now considered a bad
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington and BIND 9 never does it.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">flush-zones-on-shutdown</strong></span></span></dt>
c6517a807173827b8f638d31303805ee4c1d8054Automatic Updater When the nameserver exits due receiving SIGTERM,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater flush / do not flush any pending zone writes. The default
6f046a065e5543f8cd7e2f24991c65d2372f4c8dMark Andrews <span><strong class="command">flush-zones-on-shutdown</strong></span> <strong class="userinput"><code>no</code></strong>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">has-old-clients</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This option was incorrectly implemented
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in <span class="acronym">BIND</span> 8, and is ignored by <span class="acronym">BIND</span> 9.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater To achieve the intended effect
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">has-old-clients</strong></span> <strong class="userinput"><code>yes</code></strong>, specify
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the two separate options <span><strong class="command">auth-nxdomain</strong></span> <strong class="userinput"><code>yes</code></strong>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and <span><strong class="command">rfc2308-type1</strong></span> <strong class="userinput"><code>no</code></strong> instead.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">host-statistics</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater In BIND 8, this enables keeping of
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater statistics for every host that the name server interacts
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater Not implemented in BIND 9.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">maintain-ixfr-base</strong></span></span></dt>
00be0f9f61d4c6bf197d000bfa1a6b7e70ea0866Automatic Updater <span class="emphasis"><em>This option is obsolete</em></span>.
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson It was used in <span class="acronym">BIND</span> 8 to
00be0f9f61d4c6bf197d000bfa1a6b7e70ea0866Automatic Updater determine whether a transaction log was
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater kept for Incremental Zone Transfer. <span class="acronym">BIND</span> 9 maintains a transaction
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater log whenever possible. If you need to disable outgoing
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater incremental zone
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater transfers, use <span><strong class="command">provide-ixfr</strong></span> <strong class="userinput"><code>no</code></strong>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">minimal-responses</strong></span></span></dt>
83a97deac2c474a2e8fd60326135236fe267069cAutomatic Updater If <strong class="userinput"><code>yes</code></strong>, then when generating
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater responses the server will only add records to the authority
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and additional data sections when they are required (e.g.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater delegations, negative responses). This may improve the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater performance of the server.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The default is <strong class="userinput"><code>no</code></strong>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">multiple-cnames</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This option was used in <span class="acronym">BIND</span> 8 to allow
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater a domain name to have multiple CNAME records in violation of
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater the DNS standards. <span class="acronym">BIND</span> 9.2 onwards
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater always strictly enforces the CNAME rules both in master
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater files and dynamic updates.
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater<dt><span class="term"><span><strong class="command">notify</strong></span></span></dt>
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater If <strong class="userinput"><code>yes</code></strong> (the default),
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater DNS NOTIFY messages are sent when a zone the server is
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater authoritative for
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater changes, see <a href="Bv9ARM.ch04.html#notify" title="Notify">the section called “Notify”</a>. The messages are
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater servers listed in the zone's NS records (except the master
40696c4c389a780082fb77840c173b201ce696d6Automatic Updater server identified
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington in the SOA MNAME field), and to any servers listed in the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">also-notify</strong></span> option.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If <strong class="userinput"><code>master-only</code></strong>, notifies are only
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater for master zones.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington If <strong class="userinput"><code>explicit</code></strong>, notifies are sent only
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington servers explicitly listed using <span><strong class="command">also-notify</strong></span>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If <strong class="userinput"><code>no</code></strong>, no notifies are sent.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <span><strong class="command">notify</strong></span> option may also be
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater specified in the <span><strong class="command">zone</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in which case it overrides the <span><strong class="command">options notify</strong></span> statement.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater It would only be necessary to turn off this option if it
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">recursion</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If <strong class="userinput"><code>yes</code></strong>, and a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater DNS query requests recursion, then the server will attempt
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater all the work required to answer the query. If recursion is
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater and the server does not already know the answer, it will
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews referral response. The default is
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson <strong class="userinput"><code>yes</code></strong>.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Note that setting <span><strong class="command">recursion no</strong></span> does not prevent
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater clients from getting data from the server's cache; it only
be7f27304337afbf078e8bd8db0f951a33abe33bAndreas Gustafsson prevents new data from being cached as an effect of client
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Caching may still occur as an effect the server's internal
70232e6b444994979d8bab60bc9a8656ffd861e9Mark Andrews operation, such as NOTIFY address lookups.
11ba7973f989b3657cbb27447bdcdd976c71ac56Brian Wellington See also <span><strong class="command">fetch-glue</strong></span> above.
11ba7973f989b3657cbb27447bdcdd976c71ac56Brian Wellington<dt><span class="term"><span><strong class="command">rfc2308-type1</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Setting this to <strong class="userinput"><code>yes</code></strong> will
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater cause the server to send NS records along with the SOA
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater record for negative
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater answers. The default is <strong class="userinput"><code>no</code></strong>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Not yet implemented in <span class="acronym">BIND</span>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<dt><span class="term"><span><strong class="command">use-id-pool</strong></span></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span class="emphasis"><em>This option is obsolete</em></span>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span class="acronym">BIND</span> 9 always allocates query
70232e6b444994979d8bab60bc9a8656ffd861e9Mark Andrews IDs from a pool.
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater<dt><span class="term"><span><strong class="command">zone-statistics</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If <strong class="userinput"><code>yes</code></strong>, the server will collect
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater statistical data on all zones (unless specifically turned
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater on a per-zone basis by specifying <span><strong class="command">zone-statistics no</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in the <span><strong class="command">zone</strong></span> statement).
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater These statistics may be accessed
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater using <span><strong class="command">rndc stats</strong></span>, which will
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington dump them to the file listed
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in the <span><strong class="command">statistics-file</strong></span>. See
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington also <a href="Bv9ARM.ch06.html#statsfile" title="The Statistics File">the section called “The Statistics File”</a>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">use-ixfr</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span class="emphasis"><em>This option is obsolete</em></span>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If you need to disable IXFR to a particular server or
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the information on the <span><strong class="command">provide-ixfr</strong></span> option
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in <a href="Bv9ARM.ch06.html#server_statement_definition_and_usage" title="server Statement Definition and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Usage">the section called “<span><strong class="command">server</strong></span> Statement Definition and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Usage”</a>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <a href="Bv9ARM.ch04.html#incremental_zone_transfers" title="Incremental Zone Transfers (IXFR)">the section called “Incremental Zone Transfers (IXFR)”</a>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">provide-ixfr</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater See the description of
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">provide-ixfr</strong></span> in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <a href="Bv9ARM.ch06.html#server_statement_definition_and_usage" title="server Statement Definition and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Usage">the section called “<span><strong class="command">server</strong></span> Statement Definition and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Usage”</a>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">request-ixfr</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater See the description of
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">request-ixfr</strong></span> in
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington <a href="Bv9ARM.ch06.html#server_statement_definition_and_usage" title="server Statement Definition and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Usage">the section called “<span><strong class="command">server</strong></span> Statement Definition and
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Usage”</a>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="term"><span><strong class="command">treat-cr-as-space</strong></span></span></dt>
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews This option was used in <span class="acronym">BIND</span>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews the server treat carriage return ("<span><strong class="command">\r</strong></span>") characters the same way
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews as a space or tab character,
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews to facilitate loading of zone files on a UNIX system that
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews were generated
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews on an NT or DOS machine. In <span class="acronym">BIND</span> 9, both UNIX "<span><strong class="command">\n</strong></span>"
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews and NT/DOS "<span><strong class="command">\r\n</strong></span>" newlines
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews are always accepted,
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews and the option is ignored.
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews<span class="term"><span><strong class="command">additional-from-auth</strong></span>, </span><span class="term"><span><strong class="command">additional-from-cache</strong></span></span>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews These options control the behavior of an authoritative
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews answering queries which have additional data, or when
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews following CNAME
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews and DNAME chains.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews When both of these options are set to <strong class="userinput"><code>yes</code></strong>
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews (the default) and a
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews query is being answered from authoritative data (a zone
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews configured into the server), the additional data section of
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews reply will be filled in using data from other authoritative
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews and from the cache. In some situations this is undesirable,
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews as when there is concern over the correctness of the cache,
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews in servers where slave zones may be added and modified by
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews untrusted third parties. Also, avoiding
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews the search for this additional data will speed up server
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews at the possible expense of additional queries to resolve
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews otherwise be provided in the additional section.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews For example, if a query asks for an MX record for host <code class="literal">foo.example.com</code>,
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews and the record found is "<code class="literal">MX 10 mail.example.net</code>", normally the address
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews records (A and AAAA) for <code class="literal">mail.example.net</code> will be provided as well,
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews if known, even though they are not in the example.com zone.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Setting these options to <span><strong class="command">no</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater disables this behavior and makes
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the server only search for additional data in the zone it
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson These options are intended for use in authoritative-only
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater servers, or in authoritative-only views. Attempts to set
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson them to <span><strong class="command">no</strong></span> without also
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">recursion no</strong></span> will cause the
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson ignore the options and log a warning message.
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson Specifying <span><strong class="command">additional-from-cache no</strong></span> actually
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater disables the use of the cache not only for additional data
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater but also when looking up the answer. This is usually the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater behavior in an authoritative-only server where the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater correctness of
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater the cached data is an issue.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson When a name server is non-recursively queried for a name
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater below the apex of any served zone, it normally answers with
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater "upwards referral" to the root servers or the servers of
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater known parent of the query name. Since the data in an
713c3d5b18463f2479973e4d14f73248e60a5df7Mark Andrews upwards referral
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington comes from the cache, the server will not be able to provide
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington referrals when <span><strong class="command">additional-from-cache no</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater has been specified. Instead, it will respond to such
bbb069be941f649228760edcc241122933c066d2Automatic Updater with REFUSED. This should not cause any problems since
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater upwards referrals are not required for the resolution
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">match-mapped-addresses</strong></span></span></dt>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews If <strong class="userinput"><code>yes</code></strong>, then an
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews IPv4-mapped IPv6 address will match any address match
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater list entries that match the corresponding IPv4 address.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Enabling this option is sometimes useful on IPv6-enabled
6ceb29d4d4d6f639e50317fa6015806e80aa422aAutomatic Updater systems, to work around a kernel quirk that causes IPv4
922e6a3c2ac4ef900dd9dc99f0cc137f18372583Andreas Gustafsson TCP connections such as zone transfers to be accepted
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington on an IPv6 socket using mapped addresses, causing
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater address match lists designed for IPv4 to fail to match.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews The use of this option for any other purpose is discouraged.
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater<dt><span class="term"><span><strong class="command">ixfr-from-differences</strong></span></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater When 'yes' and the server loads a new version of a master
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater zone from its zone file or receives a new version of a slave
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater file by a non-incremental zone transfer, it will compare
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the new version to the previous one and calculate a set
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater of differences. The differences are then logged in the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater zone's journal file such that the changes can be transmitted
79207ee45ade44ff32f6ca93c5b60250bc482089Automatic Updater to downstream slaves as an incremental zone transfer.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater By allowing incremental zone transfers to be used for
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater non-dynamic zones, this option saves bandwidth at the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater expense of increased CPU and memory consumption at the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater In particular, if the new version of a zone is completely
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater different from the previous one, the set of differences
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater will be of a size comparable to the combined size of the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater old and new zone version, and the server will need to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater temporarily allocate memory to hold this complete
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater difference set.
2a446e8c5a832275617d73e5090128f73f7e01caAutomatic Updater<p><span><strong class="command">ixfr-from-differences</strong></span>
9870509cb161e9c8d809ea2db41d371317ba2a35Automatic Updater also accepts <span><strong class="command">master</strong></span> and
992616aaf75643a0c9f84826f0a1ed5a27e84328Mark Andrews <span><strong class="command">slave</strong></span> at the view and options
f9a89df8bd3cf6ae1a292dd6b122b4cf7d760314Automatic Updater levels which causes
f9a89df8bd3cf6ae1a292dd6b122b4cf7d760314Automatic Updater <span><strong class="command">ixfr-from-differences</strong></span> to apply to
63d98873e29dee9608c27f40613cb69d130a56e7Mark Andrews all <span><strong class="command">master</strong></span> or
6b12e2e17cc58d3abb9b232a748eac86bba0b437Automatic Updater <span><strong class="command">slave</strong></span> zones respectively.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><span><strong class="command">multi-master</strong></span></span></dt>
d8de612c8582bd51d980cb124ddfaa63774e38c9Automatic Updater This should be set when you have multiple masters for a zone
40d9598efa56a495aabe77174cdf2429f9b01764Mark Andrews addresses refer to different machines. If 'yes' named will
is determined by the presence of the logging category <span><strong class="command">queries</strong></span>.
<span><strong class="command">master</strong></span> zones the default is <span><strong class="command">fail</strong></span>.
stacked then the <span><strong class="command">dual-stack-servers</strong></span> have no effect unless
of the requesting system. See <a href="Bv9ARM.ch06.html#address_match_lists" title="Address Match Lists">the section called “Address Match Lists”</a> for
<a href="Bv9ARM.ch07.html#dynamic_update_security" title="Dynamic Update Security">the section called “Dynamic Update Security”</a> for details.
<dt><span class="term"><span><strong class="command">allow-update-forwarding</strong></span></span></dt>
access control to attacks; see <a href="Bv9ARM.ch07.html#dynamic_update_security" title="Dynamic Update Security">the section called “Dynamic Update Security”</a>
receive zone transfers from the server. <span><strong class="command">allow-transfer</strong></span> may
case it overrides the <span><strong class="command">options allow-transfer</strong></span> statement.
from may be specified using the <span><strong class="command">listen-on</strong></span> option. <span><strong class="command">listen-on</strong></span> takes
If <span><strong class="command">address</strong></span> is <span><strong class="command">*</strong></span> or is omitted,
If <span><strong class="command">port</strong></span> is <span><strong class="command">*</strong></span> or is omitted,
a random unprivileged port will be used, <span><strong class="command">avoid-v4-udp-ports</strong></span>
quickly converge on stealth servers. If an <span><strong class="command">also-notify</strong></span> list
<dt><span class="term"><span><strong class="command">max-transfer-time-in</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">max-transfer-idle-in</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">max-transfer-time-out</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">max-transfer-idle-out</strong></span></span></dt>
the load on the remote name server. <span><strong class="command">transfers-per-ns</strong></span> may
be overridden on a per-server basis by using the <span><strong class="command">transfers</strong></span> phrase
<dt><span class="term"><span><strong class="command">alt-transfer-source</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">alt-transfer-source-v6</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">use-alt-transfer-source</strong></span></span></dt>
<span><strong class="command">size_spec</strong></span> in <a href="Bv9ARM.ch06.html#configuration_file_elements" title="Configuration File Elements">the section called “Configuration File Elements”</a>.
(<a href="Bv9ARM.ch04.html#journal" title="The journal file">the section called “The journal file”</a>). When the journal file
<dt><span class="term"><span><strong class="command">host-statistics-max</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">statistics-interval</strong></span></span></dt>
topologically closest to itself. The <span><strong class="command">topology</strong></span> statement
<a name="the_sortlist_statement"></a>The <span><strong class="command">sortlist</strong></span> Statement</h4></div></div></div>
statement in <a href="Bv9ARM.ch06.html#rrset_ordering" title="RRset Ordering">the section called “RRset Ordering”</a>).
does (<a href="Bv9ARM.ch06.html#topology" title="Topology">the section called “Topology”</a>).
an IP prefix, an ACL name or a nested <span><strong class="command">address_match_list</strong></span>)
<a href="Bv9ARM.ch06.html#the_sortlist_statement" title="The sortlist Statement">the section called “The <span><strong class="command">sortlist</strong></span> Statement”</a>.
class IN type A name "host.example.com" order random;
<span><strong class="command">max-ncache-ttl</strong></span> is <code class="literal">10800</code> seconds (3 hours).
<dt><span class="term"><span><strong class="command">sig-validity-interval</strong></span></span></dt>
of dynamic updates (<a href="Bv9ARM.ch04.html#dynamic_update" title="Dynamic Update">the section called “Dynamic Update”</a>)
<span class="term"><span><strong class="command">min-refresh-time</strong></span>, </span><span class="term"><span><strong class="command">max-refresh-time</strong></span>, </span><span class="term"><span><strong class="command">min-retry-time</strong></span>, </span><span class="term"><span><strong class="command">max-retry-time</strong></span></span>
<a href="Bv9ARM.ch06.html#zonefile_format" title="Additional File Formats">the section called “Additional File Formats”</a>).
built-in view (see <a href="Bv9ARM.ch06.html#view_statement_grammar" title="view Statement Grammar">the section called “<span><strong class="command">view</strong></span> Statement Grammar”</a>) of
with type <span><strong class="command">TXT</strong></span>, class <span><strong class="command">CHAOS</strong></span>.
with type <span><strong class="command">TXT</strong></span>, class <span><strong class="command">CHAOS</strong></span>.
with type <span><strong class="command">TXT</strong></span>, class <span><strong class="command">CHAOS</strong></span>.
The default <span><strong class="command">server-id</strong></span> is <span><strong class="command">none</strong></span>.
with the line <span><strong class="command">--- Statistics Dump --- (973798949)</strong></span>, where the
<dt><span class="term"><span><strong class="command">use-additional-cache</strong></span></span></dt>
<dt><span class="term"><span><strong class="command">acache-cleaning-interval</strong></span></span></dt>
<a name="server_statement_grammar"></a><span><strong class="command">server</strong></span> Statement Grammar</h3></div></div></div>
[<span class="optional"> provide-ixfr <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> request-ixfr <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> transfer-format <em class="replaceable"><code>( one-answer | many-answers )</code></em> ; ]</span>]
[<span class="optional"> keys <em class="replaceable"><code>{ string ; [<span class="optional"> string ; [<span class="optional">...</span>]</span>] }</code></em> ; </span>]
[<span class="optional"> transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
<a name="server_statement_definition_and_usage"></a><span><strong class="command">server</strong></span> Statement Definition and
value of <span><strong class="command">bogus</strong></span> is <span><strong class="command">no</strong></span>.
The server supports two zone transfer methods. The first, <span><strong class="command">one-answer</strong></span>,
uses one DNS message per resource record transferred. <span><strong class="command">many-answers</strong></span> packs
as many resource records as possible into a message. <span><strong class="command">many-answers</strong></span> is
more efficient, but is only known to be understood by <span class="acronym">BIND</span> 9, <span class="acronym">BIND</span>
<span><strong class="command">key_id</strong></span> defined by the <span><strong class="command">key</strong></span> statement,
to be used for transaction security (TSIG, <a href="Bv9ARM.ch04.html#tsig" title="TSIG">the section called “TSIG”</a>)
<a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<a name="id2554464"></a><span><strong class="command">trusted-keys</strong></span> Statement Grammar</h3></div></div></div>
<em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ;
[<span class="optional"> <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; [<span class="optional">...</span>]</span>]
<a name="id2554513"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
security roots. DNSSEC is described in <a href="Bv9ARM.ch04.html#DNSSEC" title="DNSSEC">the section called “DNSSEC”</a>. A
<a name="view_statement_grammar"></a><span><strong class="command">view</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2554583"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
<span><strong class="command">match-clients</strong></span> and <span><strong class="command">match-destinations</strong></span>
<span><strong class="command">match-clients</strong></span> and <span><strong class="command">match-destinations</strong></span>
// Provide a complete view of the example.com zone
zone "example.com" {
file "example-internal.db";
// Provide a restricted view of the example.com zone
zone "example.com" {
file "example-external.db";
<pre class="programlisting">zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] [<span class="optional">{
[<span class="optional"> allow-notify { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-query { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-transfer { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-update { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> update-policy { <em class="replaceable"><code>update_policy_rule</code></em> [<span class="optional">...</span>] }; </span>]
[<span class="optional"> allow-update-forwarding { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> also-notify { <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> check-names (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; </span>]
[<span class="optional"> check-mx (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; </span>]
[<span class="optional"> check-wildcard <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> integrity-checks <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> delegation-only <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> masterfile-format (<code class="constant">text</code>|<code class="constant">raw</code>) ; </span>]
[<span class="optional"> forward (<code class="constant">only</code>|<code class="constant">first</code>) ; </span>]
[<span class="optional"> forwarders { <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> maintain-ixfr-base <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> masters [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> | <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] }; </span>]
[<span class="optional"> max-ixfr-log-size <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-idle-in <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-idle-out <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-time-in <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-transfer-time-out <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> notify <em class="replaceable"><code>yes_or_no</code></em> | <em class="replaceable"><code>explicit</code></em> | <em class="replaceable"><code>master-only</code></em> ; </span>]
[<span class="optional"> pubkey <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; </span>]
[<span class="optional"> transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> alt-transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> alt-transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> use-alt-transfer-source <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> notify-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> notify-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> zone-statistics <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> sig-validity-interval <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> min-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> multi-master <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> key-directory <em class="replaceable"><code>path_name</code></em>; </span>]
<a name="id2555382"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
status of infrastructure zones (e.g. COM, NET, ORG).
a class is not specified, class <code class="literal">IN</code> (for <code class="varname">Internet</code>),
in the mid-1970s. Zone data for it can be specified with the <code class="literal">CHAOS</code> class.
This is applicable to <span><strong class="command">master</strong></span> and <span><strong class="command">slave</strong></span> zones.
<span><strong class="command">allow-notify</strong></span> in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>
<span><strong class="command">allow-query</strong></span> in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>
in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.
in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.
<a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called “Dynamic Update Policies”</a>.
<dt><span class="term"><span><strong class="command">allow-update-forwarding</strong></span></span></dt>
in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.
network. The default varies according to zone type. For <span><strong class="command">master</strong></span> zones the default is <span><strong class="command">fail</strong></span>. For <span><strong class="command">slave</strong></span>
<span><strong class="command">check-mx</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">check-wildcard</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">integrity-check</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">dialup</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
after trying the forwarders and getting no answer, while <span><strong class="command">first</strong></span> would
<dt><span class="term"><span><strong class="command">max-transfer-time-in</strong></span></span></dt>
<span><strong class="command">max-transfer-time-in</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<dt><span class="term"><span><strong class="command">max-transfer-idle-in</strong></span></span></dt>
<span><strong class="command">max-transfer-idle-in</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<dt><span class="term"><span><strong class="command">max-transfer-time-out</strong></span></span></dt>
<span><strong class="command">max-transfer-time-out</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<dt><span class="term"><span><strong class="command">max-transfer-idle-out</strong></span></span></dt>
<span><strong class="command">max-transfer-idle-out</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<span><strong class="command">notify</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
zones when they are loaded from disk. <span class="acronym">BIND</span> 9 does not verify signatures
<dt><span class="term"><span><strong class="command">sig-validity-interval</strong></span></span></dt>
<span><strong class="command">sig-validity-interval</strong></span> in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called “Tuning”</a>.
<span><strong class="command">transfer-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>
<span><strong class="command">transfer-source-v6</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>
<dt><span class="term"><span><strong class="command">alt-transfer-source</strong></span></span></dt>
<span><strong class="command">alt-transfer-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>
<dt><span class="term"><span><strong class="command">alt-transfer-source-v6</strong></span></span></dt>
<span><strong class="command">alt-transfer-source-v6</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>
<dt><span class="term"><span><strong class="command">use-alt-transfer-source</strong></span></span></dt>
<span><strong class="command">use-alt-transfer-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>
<span><strong class="command">notify-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>
<span><strong class="command">notify-source-v6</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
<span class="term"><span><strong class="command">min-refresh-time</strong></span>, </span><span class="term"><span><strong class="command">max-refresh-time</strong></span>, </span><span class="term"><span><strong class="command">min-retry-time</strong></span>, </span><span class="term"><span><strong class="command">max-retry-time</strong></span></span>
See the description in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called “Tuning”</a>.
<dt><span class="term"><span><strong class="command">ixfr-from-differences</strong></span></span></dt>
<span><strong class="command">ixfr-from-differences</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
<span><strong class="command">key-directory</strong></span> in <a href="Bv9ARM.ch06.html#options" title="options Statement Definition and
Usage">the section called “<span><strong class="command">options</strong></span> Statement Definition and
<a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
option, and are only meaningful for master zones. When the <span><strong class="command">update-policy</strong></span> statement
is present, it is a configuration error for the <span><strong class="command">allow-update</strong></span> statement
( <span><strong class="command">grant</strong></span> | <span><strong class="command">deny</strong></span> ) <em class="replaceable"><code>identity</code></em> <em class="replaceable"><code>nametype</code></em> <em class="replaceable"><code>name</code></em> [<span class="optional"> <em class="replaceable"><code>types</code></em> </span>]
<a name="types_of_resource_records_and_when_to_use_them"></a>Types of Resource Records and When to Use Them</h3></div></div></div>
that a particular nearby server be tried first. See <a href="Bv9ARM.ch06.html#the_sortlist_statement" title="The sortlist Statement">the section called “The <span><strong class="command">sortlist</strong></span> Statement”</a> and <a href="Bv9ARM.ch06.html#rrset_ordering" title="RRset Ordering">the section called “RRset Ordering”</a>.
built-in server information zones, e.g.,
any order), and if neither of those succeed, delivery to <code class="literal">mail.backup.org</code> will
and PTR records. Entries in the in-addr.arpa domain are made in
in-addr.arpa name of
3.2.1.10.in-addr.arpa. This name should have a PTR resource record
Master File Directives include <span><strong class="command">$ORIGIN</strong></span>, <span><strong class="command">$INCLUDE</strong></span>,
<a name="id2560157"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
$ORIGIN example.com.
<a name="id2560218"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
if it were included into the file at this point. If <span><strong class="command">origin</strong></span> is
revert to the values they had prior to the <span><strong class="command">$INCLUDE</strong></span> once
<a name="id2560288"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
<a name="id2560324"></a><span class="acronym">BIND</span> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
Classless IN-ADDR.ARPA delegation.
The <span><strong class="command">$GENERATE</strong></span> directive is a <span class="acronym">BIND</span> extension
<td width="40%" align="left" valign="top">Chapter�5.�The <span class="acronym">BIND</span> 9 Lightweight Resolver�</td>